This is a reland of commit 2055c3b482
Original change's description:
> [infra] Enable sandbox for x64 and arm64 builders and add a set of builders with Sandbox off
>
> Bug: v8:13058
> Change-Id: If9d500f46f02ed3588d2b0e3904567c61aaddd12
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810184
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82213}
Bug: v8:13058
Change-Id: I315fd1cd5c36464b1a15c635c8f31825769c3eb0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3812042
Auto-Submit: Almothana Athamneh <almuthanna@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82221}
The "Deoptimized function count" displayed in profview tool
should be the sum of deopt-eager, deopt-lazy and deopt-soft.
Change-Id: I42252930c3685f1ca721691f983abb8adeb492e6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793469
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Jialu Zhang <jialu.zhang@intel.com>
Cr-Commit-Position: refs/heads/main@{#82220}
Introduces a CheckSymbol to guard a reference equality for values in an
equality comparison with Symbol feedback.
Bug: v8:7700
Change-Id: Ieb012b292f2d955faf76e485e6636a2d293fa007
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3811500
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82219}
If the same WebAssembly module gets compiled multiple times, the
compilation result of the first compilation gets reused for later
compilations. With streaming compilation functions get compiled before
the whole module got downloaded, so it cannot be determined if the
currently compiled module has already been compiled or not. Therefore,
to check if the WebAssembly module has already been compiled, we compare
if the hash of the header section matches the hash of any of the already
compiled modules. If so, no function gets compiled until all bytes were
received. Then a full module check can be done, and either an existing
module can be reused, or the whole module gets compiled.
While compilation is avoided after a prefix_cache_hit, decoding still has
to happen. In the existing implementation, validation for lazy
compilation also happened in addition to decoding. This lead to the
problem that validation of lazy compilation could post a foreground task
when an error was detected, and later another foreground task got posted
when all bytes were received to do the full module check. Having two
foreground tasks at the same time violates an invariant in the
AsyncCompileJob.
With this CL we avoid the initial function validation after a
prefix_cache_hit to avoid the task for the error handling. Validation
will anyways happen again if the full module check fails later, or
validation is unnecessary if the full module check succeeds, as the
module has already been validated before.
R=clemensb@chromium.org
Bug: v8:13147, v8:12852
Change-Id: Iae24c056057f3a5dfd2f61accd1f9f0d35412996
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3812038
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82218}
In the previous CL
(https://chromium-review.googlesource.com/c/v8/v8/+/3778969), we
executed i::Compiler::Compile regardless of the function has been
compiled or not. That caused DCHECK failures in the Compile function,
which allows to compile only once.
Bug: chromium:1347319
Change-Id: I240591cbec46dc4fac4028a80a8ba5ab2f05c450
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3806929
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Yoshisato Yanagisawa <yyanagisawa@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82217}
This CL fixes a crash when we build the scope chain after re-parsing
for Debugger.evaluateOnCallFrame.
The following script causes the crash:
class A {
test(){
debugger;
}
f = (x) => {}
}
let a = new A()
a.test()
The current scope search tries to be smart and descends deeper
into the scope tree based on source position. That is not a sound
approach as V8 doesn't guarantee that sibling scopes don't overlap.
In the above case V8 creates an instance initializer scope where
f is assigned (and the initializer scope is the parent scope for
the arrow function). The problem is that the initializer scope
uses the same source range as the class `A` itself, so when we
look for the scope for `test`, we descend wrongly into the
initializer scope and can't recover.
The solution is to not try and be too smart:
- First, find the closure scope with a straight-up DFS.
- Once we have that, descend from there and try to find the
closest fitting scope around the break position.
R=bmeurer@chromium.org, jarin@chromium.org
Bug: chromium:1348186
Change-Id: Ic5e20c4d12b3d768f76a17367dc0f87bcc73763b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3807594
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82216}
There are a same name field equivalence_id_ in both
BytecodeRegisterOptimizer and RegisterInfo, but one of them is int,
another one is uint32_t, it's better to change them as same type
to avoid addtional or potential type casting.
Change-Id: I509f850d82a9a0fc30168fae83a0bd6565b7000e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3811138
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Wenqin Yang <wenqin.yang@intel.com>
Cr-Commit-Position: refs/heads/main@{#82214}
Factory::CopyCode was using ProcessBlackAllocatedObject and
WriteBarrierForCode(Code) to handle write barriers for that newly
created code object. But even when used in tandem with each other they
would miss OLD_TO_NEW references in the code object header.
This CL simplifies Factory::CopyCode by letting
WriteBarrierForCode(Code) handle all outgoing pointers of that code
object (not just a subset of RelocInfos) by implementing an
ObjectVisitor. This removes the need for ProcessBlackAllocatedObject.
Since Factory::CopyCode was the only user of
ProcessBlackAllocatedObject, we can also remove all the object
revisiting logic in the main thread marker.
Bug: v8:11708
Change-Id: I7d9b12eb0a76ba41a38efc147f44556ddc941a96
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810186
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82212}
While it is not required to invoke the full barrier in this case, we
can invoke the full write barrier which improves verification but also
makes the code easier to understand by relying less on GC
implementation details.
Bug: v8:11708
Change-Id: I4d2f6640bc0efb5b763ccd5ca99e573421be3a06
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3807592
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82208}
- Update parse processor to use new async log-reader functions
- Fix some typos
- Add more desciptions to the output
- Update bytes and time formatting to use common helper.mjs functions
Bug: v8:13146
Change-Id: Idf58a394aa493b7f50ad5282533c1b6d326117be
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810233
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82206}
When calculating the GC collection rate, we assume that the start object
size (before GC) is non zero. It appears that this is not always the
case, not only because of tests that explicitly trigger GC, but also in
Chrome, when the --gc-interval flag is used with a small interval value.
Furthermore, efficiency calculation (freed bytes over GC duration)
assumes that the duration of the GC is non zero. However, if the clock
resolution is not small enough and the entire GC is very short, the
timed value appears to be zero. This again leads to NaN values showing
in metrics and CHECKs failing and has already been fixed for Oilpan
(crrev.com/c/3723499).
This CL fixes these two issues.
Change-Id: I902b2e9740d9750a2b6463a00289625500c4c0d6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810393
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82205}
It introduces GetSecondReturnedValue node, which must be added
immediately after a node that calls a builtin that expects 2
returned values.
It simply binds kReturnRegister1 to a value node. Since the previous
node must have been a builtin call, kReturnRegister1 is free in
the register allocator. No gap moves will be emitted between these
two nodes.
Bug: v8:7700
Change-Id: Iddd81ef534a6397bad5682fa1430a94d2075b746
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810183
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82204}
Resolve the TODO to avoid the push/pop of the cycle break temporary
value, by keeping track of whether the scratch register currently holds
the temporary value and spill it if the register is needed for stack
slot moves instead.
Bug: v8:7700
Change-Id: If4119e63312bdc2b89987f92328ae646a46543ee
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810185
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82203}
Pass WriteBarrierMode to the code object write barrier and DCHECK WriteBarrier::IsRequired when using SKIP_WRITE_BARRIER.
Bug: v8:11708
Change-Id: I457d0fa07e830d6831fb95a4ae9311f6066215e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810171
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82201}
Memory limits are difference on 32-bit and 64-bit systems, so foozzie
finds differences in Wasm execution.
This can be avoided by always setting the same (lower) limit.
R=machenbach@chromium.org
Bug: chromium:1348335
Change-Id: I452d257fd78730b4113bfe67120dbed2e8ba5878
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3804696
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82200}
This is a reland of commit 491de34bcc
co-authors: Ji Qiu <qiuji@iscas.ac.cn>
Alvise De Faveri Tron <elvisilde@gmail.com>
Usman Zain <uszain@gmail.com>
Zheng Quan <vitalyankh@gmail.com>
Original change's description:
> [riscv32] Add RISCV32 backend
>
> This very large changeset adds support for RISCV32.
>
> Bug: v8:13025
> Change-Id: Ieacc857131e6620f0fcfd7daa88a0f8d77056aa9
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3736732
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
> Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82053}
Bug: v8:13025
Change-Id: I220fae4b8e2679bdc111724e08817b079b373bd5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3807124
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82198}
As part of revising MinorMC, it would soon be broken and bots should
not be red because of it.
Bug: v8:12612
Change-Id: I0551d0a115ac2f4fa7fc32190458850f80b84cf5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810353
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Almothana Athamneh <almuthanna@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82197}
This is a reland of commit 4bab7a8ee6
The reland changes the way how we install the async stack tagging API
on the console object. Instead of using `v8::Object::Set`, we use
`createDataProperty` which is sufficient. With `Set`, arbitrary
JS could run via accessors, which might not be allowed depending on
when the API is installed.
Original change's description:
> [inspector] Enable async stack tagging API by default
>
> R=bmeurer@chromium.org
>
> Fixed: chromium:1334585
> Change-Id: Id79a60bac1731ea9c60654ff15c8e23f958c6e57
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3799431
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82161}
Change-Id: I9b8c8e643705f8f043acac5af14307f2dbdb5a68
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3809692
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82190}
v8::TracedReference is supposed to be used from objects allocated on
CppHeap. Such objects can be in construction during garbage
collection, meaning that they are unable to invoke
Trace(v8::TraceReference) as they have not been properly set up.
It is thus necessary to use conservative tracing to find
v8::TracedReference (backed by TracedNode in GlobalHandle) in
in-construction objects.
Change-Id: I5b4ac6e7805ff7ded33f63a405db65ea08d809ad
Bug: v8:13141, chromium:1322114
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3806439
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82188}
Implement the WebAssembly.Function-based API.
With the old API, wrapping an import and export with JS Promise
Integration looked like:
WebAssembly.returnPromiseOnSuspend(<wasm_export>);
WebAssembly.suspendOnReturnedPromise(
new WebAssembly.Function(<sig>, <js_import>));
With the new API:
new WebAssembly.Function(<sig>, <wasm_export>, {promising: 'first'})
new WebAssembly.Function(<sig>, <js_import>, {suspending: 'first'})
For details, see
https://github.com/WebAssembly/js-promise-integration/pull/8/filesR=ahaas@chromium.org
Bug: v8:12191
Change-Id: Iaefaac5304a038fc39283db165b637af7e48b009
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3804669
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82183}
With streaming compilation we delay the generation of errors until after
all bytes are received, so that potentially better error messages get
generated. With this CL we also delay the generation of errors in the
combination of lazy compilation and streaming compilation.
In particular, this CL does the following:
* It avoids the creation of a `DecodeFail` task in
`FinishAsyncCompileJobWithError`, which would create an error immediately before a potential name section arrived.
* It calls `CompilationStateImpl::SetError()` so that an error is
created once the stream finishes.
* It removes the return value of `ProcessFunctionBody` so that wire
bytes continue to be received even after a validation error.
* It adds an early exit to `ProcessFunctionBody` if
`CompilationStateImpl::failed()` is true, so that we don't continue
validation after the first detected error.
R=clemensb@chromium.org
Bug: v8:12852
Change-Id: Ie8c6be243a257ef62cbb29fea6b8e0c205060680
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3802691
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82181}
The String might be in the shared heap which is not collected during
client GCs.
Bug: v8:11708
Change-Id: I0958c46996a2aeba3a046263350617e8d177deca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3805883
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82179}
If DefaultJobState::Join is called before any worker tasks were spawned
(e.g. right after Platform::CreateJob), it should spawn the required
number of worker tasks (mimicing what Platform::PostJob followed by Join
would do, but with less context switches).
This fixes regressions we got from switching from Platform::PostJob to
Platform::CreateJob.
R=mlippautz@chromium.orgCC=etiennep@chromium.org
Bug: chromium:1348512
Change-Id: Ic7984d12a28fc67f4b2f51ddc2ba5a406e43c127
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3804600
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82178}
