This is a reland of 81abe8f7b6
It also disables ro-heap sharing in nosnap builds
Original change's description:
> [roheap] Enable shared ro-heap by default if ptr compression is disabled
>
> Shared read-only heap is currently incompatible with pointer compression.
> Enable sharing only if pointer compression is disabled.
>
> Bug: v8:7464
> Change-Id: I0866ac288a34eb92fc227e8beba57f4d72a69ef0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1635509
> Reviewed-by: Dan Elphick <delphick@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
> Cr-Commit-Position: refs/heads/master@{#61963}
Bug: v8:7464
Change-Id: I6b620152d380864db2a725c25f3c916d695d4f81
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1639298
Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62015}
Ideally, in the common case the backtracking stack should be
stack-allocated (and thus cheap). We should only switch to dynamic
allocation if needed. SmallVector implements exactly this strategy, so
switch to that as a backing store.
This improves Octane/RegExp scores (--regexp-interpret-all) by 50%.
Bug: v8:7777,v8:9330
Change-Id: I0d1b07bd8fd94483128e021390d054f483076f8d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1645318
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62013}
This section potentially contains allocations and thus gc, all object
references should be handlified.
Bug: v8:9333
Change-Id: I5814e66e8b9b75a8bd952afecae7a3a27b42a642
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1647695
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62012}
We need to hold onto the bytecode array so it doesn't get flushed.
Bug: v8:8394
Change-Id: Ia583a0a662740e369fcbc1c94041895e463be26e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1645329
Commit-Queue: Mythri Alle <mythria@chromium.org>
Auto-Submit: Mythri Alle <mythria@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62011}
This CL adds the last fields needed to stringify all stack frames from
StackFrameInfo objects instead of accessing the FrameArray directly.
Drive-by-change: The factory method that creates StackFrameInfo is
refactored to:
1. collect all values for the fields
2. allocate a StackFrameInfo
3. set all the values on the allocated info object.
This fixes undefined evaluation order bugs that GCMole failed to spot,
as well as make one factory method unnecessary.
Note: More precise types on the fields that are currently "Object"
will happen in a follow up CL.
Bug: v8:8742
Change-Id: Ia8c55fc128434f27aadeba78e8483d90296abe3a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1641242
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62010}
This reverts commit ce23fd6400.
Original change's description:
> [heap] Clean up Heap::ConfigureHeap
>
> This re-arranges the implementation of the function to make it more
> consistent. The only functional change is replacement of RoundUp with
> RoundDown, which makes more sense for the limits.
>
> Bug: v8:9306
> Change-Id: Id1d4bc6cc414e3618c3878de8cb87a9ed59711f5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1643432
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61997}
TBR=mlippautz@chromium.org,jgruber@chromium.org
Change-Id: I2352c1305ea3e617b32951e4b1aa871271800478
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1645330
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62008}
This is a reland of a04862021e.
It turns out that this gives ~2x speedup on highly parallel WebAssembly
compilation, so let's try again landing this in isolation.
Original change's description:
> [zone] Use 32kb instead of 1MB as high zone page size
>
> It seems that allocating smaller pages is actually quite a bit faster than
> larger pages, probably because they can be cached by malloc. Let's see what the
> bots say.
>
> In a follow-up I'll check whether the segment-pool is actually beneficial or
> whether we should just remove it.
>
> This also drops SegmentSize::kLarge as a way to make compilation deterministic.
> Turns out that by now we need >8mb anyway, and the previous 1mb wasn't enough.
> At the same time the compiler was fixed to not rely on virtual addresses of
> zone objects anymore, and there's a bot checking whether the snapshot is
> determistic.
>
> Change-Id: I38cbb0d209d68b3671fd38763b42714811f4223e
> Reviewed-on: https://chromium-review.googlesource.com/c/1346370
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#57683}
Change-Id: I243ba741f0968879b4cfe9f366d81ddc53a9bf27
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1645326
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62007}
ObjectIsExtensible is now a Torque builtin (previously CPP) and the Proxy path is implemented completely in Torque while everything else calls into runtime (and is thus a bit slower than previously).
Improvement in micro-benchmark
Before:
IsExtensibleWithoutTrap-Proxies(Score): 2228
IsExtensibleWithTrap-Proxies(Score): 917
After:
IsExtensibleWithoutTrap-Proxies(Score): 3683
IsExtensibleWithTrap-Proxies(Score): 3310
Bug: v8:6664
Change-Id: I1fbe1c51cb724a23d7a59fc8231bb3d1461a6add
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1637444
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62006}
This is a reland of 42fee61a97
The in-object fields of JSModuleNamespace has been excluded from torque.
It is restored back to its existing mechanism on the C++ side and rest
of the class is ported to torque.
Original change's description:
> [torque] Convert few class layout to torque.
>
> 1. Converted Module, JSModuleNameSpace, JSCollator, JSV8BreakIterator,
> TemplateList,
> JSStrictArgumentsObject to torque.
>
> Bug: v8:8952
> Change-Id: I01e88ac36acd7ba18791bec609e5ae737672c731
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619146
> Commit-Queue: Suraj Sharma <surshar@microsoft.com>
> Reviewed-by: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61671}
Bug: v8:8952
Change-Id: Ibd41000ad96ae57bd4f452f0c0c1b890e2c6fb5c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632833
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Suraj Sharma <surshar@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#62005}
During regexp execution we usually do not expect any interrupts to
exist. This optimization doubles Octane/RegExp scores with
--regexp-interpret-all.
Drive-by: Do the same for irregexp stack checks (only applicable when
called through the runtime).
Drive-by: Slightly more specific AllowHeapAllocation scopes.
Bug: v8:7777, v8:9328, v8:9330
Change-Id: I502d54d49a1267dee4b8a086dc6c2dca318a2d97
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1645313
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62000}
This reverts commit f2823886ba.
Reason for revert: Causes TSAN timeouts in RestoreHeapLimit, see https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/26812
Original change's description:
> [heap] Clean up Heap::ConfigureHeap
>
> This re-arranges the implementation of the function to make it more
> consistent. The only functional change is replacement of RoundUp with
> RoundDown, which makes more sense for the limits.
>
> Bug: v8:9306
> Change-Id: Id1d4bc6cc414e3618c3878de8cb87a9ed59711f5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1643432
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61997}
TBR=ulan@chromium.org,mlippautz@chromium.org,jgruber@chromium.org
Change-Id: I635d60fdfb332cf62ab55eb32242937ebee2f6ad
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9306
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1645323
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61999}
... as it uniquely idenifies object inside an Isolate.
This also allows comparisons between full tagged values ([Maybe]Object)
and potentially compressed tagged values ([Strong]TaggedValue).
As a side effect with this change we should generate a bit less code.
Bug: v8:7703
Change-Id: I822df24e03653fa73314e0a6f81f0fa7b5c61eba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1643433
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61998}
This re-arranges the implementation of the function to make it more
consistent. The only functional change is replacement of RoundUp with
RoundDown, which makes more sense for the limits.
Bug: v8:9306
Change-Id: Id1d4bc6cc414e3618c3878de8cb87a9ed59711f5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1643432
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61997}
This CL changes the way stack trace serialization appends numbers.
Instead of converting plain int to Handle<String>, they are converted
to char*. The reason is that appending a Handle<String> causes the
IncrementalStringBuilder to shrink the current part and create two
ConsString instances to concatenate the accumulator, the current part and
the passed in Handle<String>.
This CL improves stack trace serialization micro benchmarks by ~12%.
Bug: v8:8742
Change-Id: I174667379084381245827cb979f91db3c59ce75e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1643169
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61996}
Compile import wrappers during module compilation by introducing import
wrapper compilation units, the goal being to reduce instantiation time.
For each wrapper, we assume the imported function is going to be a
kJSFunctionArityMatchSloppy at instantiation time, which should be the
most common case. If the function turns out to have a different kind the
wrapper is going to be recompiled with the correct kind during instantiation.
R=ahaas@chromium.org, clemensh@chromium.orgCC=titzer@chromium.org
Bug: v8:9231
Change-Id: Ieb050b09d1c19f2a5a3e59132a1864dadb06775d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1630685
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61993}
With bytecode flushing and lazy feedback allocation, we need to call
%PrepareForOptimization before we call %OptimizeFunctionOnNextCall,
ideally after declaring the function.
Bug: v8:8801, v8:8394, v8:9183
Change-Id: I6bf119e726426df8527d97546b6ce806112c894d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1643167
Auto-Submit: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61988}
On Windows, long is 32-bits, so the 'L' suffix shouldn't be used if a
64-bit value is needed. This caused a test failure in 'Int64MulWithImmediate'.
Change-Id: I93c43a1f166aa0e5bcd53aaf7a860fffd006fd0b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627538
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61986}
These were only used by test-log/EquivalenceOfLoggingAndTraversal,
which itself has been marked as failing since 2013. This CL removes
the test itself as well as the TEST natives kind.
Bug: v8:7624,v8:2857
Change-Id: Iedf2b1c94e31ccd1ea885d72bf1fac5d33defa90
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1643467
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61984}
Avoid the linear lookup of function literal id when getting the shared
function info TraceID, by optionally passing through a FunctionLiteral.
Additionally, use the FunctionLiteralId helper when a FunctionLiteral is
not available, since it can also fast-path in some cases.
As a drive-by, allow using a ScriptIterator without an Isolate pointer
(e.g. manually creating a handle) to allow calling FunctionLiteralId
without an Isolate pointer.
Bug: v8:9325
Change-Id: Ibfa053f300d6d5005485c67174a848264a5d1372
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1643429
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61983}
Allow the embedder to decrement its allocated bytes count:
- The decrement will be applied to the used bytes value.
- The decrement is ignored for the total allocated bytes.
Bug: chromium:948807
Change-Id: I609ccf81017b693e0db13b499cbf8967f5f8a2c7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631428
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61982}
This fixes the assembler tests on Windows arm64, that were previously crashing.
Bug: v8:9235
Change-Id: I616e6eb00bb71d70195787f80f8b54a9ae33abe6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1634919
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61981}
As it stands most of ReadOnlySpace class's method are unusable once it
has been sealed, since all of its pages are read-only. Set owner_ to null
to ensure nothing unintentionally uses it.
This also helps with separating the ReadOnlySpace from the Heap class in
the future as ReadOnlySpace might not inherit from Space.
Bug: v8:7464
Change-Id: I3b24f20c644d6f5e23647bc1de4d256a20a0eb19
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1637800
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
Cr-Commit-Position: refs/heads/master@{#61979}
It's very helpful to know when they die.
Bug: v8:7790
Change-Id: I08a369da7eb19d46ecdc02b404b0085d6410ab4d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1643168
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61978}
- Changes functions that call OpenHandle multiple times to assign a
local and use it the second time.
Change-Id: Ibc7e881158dc6aec489e3f30690da8982014d52a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1636459
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61971}
Implemented verifiers for the following classes:
- ExternalString
- FixedArrayBase
- JSCollection
- JSCollectionIterator
- JSWeakCollection
- Name
- SeqString
- Struct
Removed the following class definitions from Torque, because they're
just JSObject instances with particular starting maps, as discussed in
https://crrev.com/c/v8/v8/+/1619146/6/src/builtins/base.tq#459 :
- JSAccessorPropertyDescriptor
- JSDataPropertyDescriptor
- JSIteratorResult
Following similar logic, removed the Torque definition of
WasmExceptionPackage because it's just an error object that happens to
have a couple of private-symbol properties.
The following classes should not be defined in Torque because they're
just a starting state for JSObject, but I'm leaving them for now because
existing Torque code requires them:
- JSArgumentsObjectWithLength
- JSProxyRevocableResult
Bug: v8:9311
Change-Id: I0336b6be7d02e48e4a8a0f660e24d2c2fa5f5e34
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1637448
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61970}