This reverts commit dac6155649.
Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20no-concurrent-marking/9288/overview
Original change's description:
> [inspector] Allow Debugger.setScriptSource to edit top-most function
>
> This CL adds a new boolean flag on the Debugger.setScriptSource CDP
> method that gets piped all the way through to the live-edit mechanism.
> The new flag enables live-editing of the top-most function while
> paused.
>
> The CL adds a couple of tests that cover the new core use cases for
> this flag.
>
> R=jarin@chromium.org
>
> Bug: chromium:1334484
> Change-Id: I12fec591b2b6550d89748714620e629548e1b9c1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695354
> Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81127}
Bug: chromium:1334484
Change-Id: I165269d6c1b001b516f10ae3716ffb57b675ab39
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3705378
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Owners-Override: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81130}
Empty blocks were skipped when performing register merges (since they
don't have a state), but we were still doing phi value injection only
when visiting the empty block. This meant that empty blocks have
inconsistent register state with the nodes they are trying to use.
Fix this by removing the skipping code, and adding a register merge
state to empty blocks.
Bug: v8:7700
Change-Id: I305b1474c1f956c5c5775c62e3cd1d0c70b5cfdc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3698553
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81129}
This CL adds a new boolean flag on the Debugger.setScriptSource CDP
method that gets piped all the way through to the live-edit mechanism.
The new flag enables live-editing of the top-most function while
paused.
The CL adds a couple of tests that cover the new core use cases for
this flag.
R=jarin@chromium.org
Bug: chromium:1334484
Change-Id: I12fec591b2b6550d89748714620e629548e1b9c1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695354
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81127}
This reverts commit c14b3e4d11.
Reason for revert: https://crbug.com/1335195
Original change's description:
> [regalloc] add hint for operands in gap moves.
>
> To eliminate unnecessary move instructions from register to fixed register. We check the fixed register hint for operands in move gaps
> when building LiveRanges. If a to_operand has a hint_operand (with fixed register), then set the hint_operand for from_operand too. This can avoid the register allocator ignore hint information about fixed register.
>
> Bug: v8:12909
> Change-Id: I17f9afa484ee08de8ac1ab42945caba2c362fc9e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3669019
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Commit-Queue: Jialu Zhang <jialu.zhang@intel.com>
> Cr-Commit-Position: refs/heads/main@{#80844}
Bug: v8:12909
Change-Id: Iedba9244a75074e448c5e85880cc202866b91e71
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3702335
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#81126}
This is a reland of commit dec4bb0629
Original change's description:
> [turbofan] Support additional operators in SLVerifier
>
> This CL extends SimplifiedLoweringVerifier by a few additional operators.
>
> It fixes the missing type on a LoadElement node generated during
> js-typed-lowering, that was detected by the verifier.
>
> Bug: v8:12619
> Change-Id: I14e3ece15f6a90e6906c140696dcd2e6b74a2527
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3557510
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#80014}
Bug: v8:12619
Change-Id: If3cb6efe2005c41118f37b39b0209195b3e63a38
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3702330
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81125}
A TracedReference handle may be moved into a slot of an already
processed object, requiring a write barrier.
Bug: chromium:1322114
Change-Id: I9c1018422df896c5753b213ebc4a7a7df79c0d80
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3703840
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81124}
In previous refactoring, the CSS files are moved to subdirectory css
Change-Id: I38e05ae1a9e56f36d5bd25131e605a93cfdb61f9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3701958
Commit-Queue: Jie Pan <jie.pan@intel.com>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81120}
Concurrent sparkplug adds functions to batches and sends those batches
off for compilation, but doesn't note what functions are currently
compiling. This means that we can spawn multiple compilation jobs for a
function, most of which will be throw away.
Add a bit to SharedFunctionInfo to note whether concurrent compilation
has been started for it.
Change-Id: Ifa442481611044713b2893488387e97f071e408a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3702336
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81116}
This should help us with various DCHECKs, maybe even with actual
branches.
Bug: v8:7700
Change-Id: I6317635b59ba9ed1ee1146f6da31abf7eb099c75
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3700072
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81115}
The CL aims to improve write-barrier filtering and thereby reduce the
current regressions. With 8MB AgeTable the card size becomes 512 bytes.
The memory overhead of the 8MB AgeTable is 0.2%.
Bug: chromium:1029379
Change-Id: I86f51361b9b9f0a1c22a1deef0b0540d1d9808bc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3700079
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81114}
This should fix unexpected regressions which occur after builtins
modifications.
This CL affects alignment of embedded builtins on all configurations
and Code header size only for non-pointer compression configuration.
Bug: v8:11708
Change-Id: I8058197c5b768a699e7f52446424013e86203b57
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3700392
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81113}
This is a reland of commit 7787ed2007
Updates since original: specified that cctest sources depend on
generated files from the inspector.
Original change's description:
> Build cctest while building V8
>
> I noticed in a recent build that C++ files from cctest didn't start
> compiling until after several slow non-parallel tasks such as running
> mksnapshot and linking v8_for_testing. I don't see any reason that
> cctest sources should wait for those tasks, so in this change I propose
> adjusting the build dependencies for more parallelism.
>
> Change-Id: I2472117c8555ac397fa1232954c8b699d6429d38
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3690170
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
> Cr-Commit-Position: refs/heads/main@{#80976}
Change-Id: I9f507c3c07bda1638b81de4b1ac82afda1168999
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3699405
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81112}
This is a reland of commit c2f254548a.
We revert to using x17 for the call target, to be compliant with CFI.
Some comments are extended to point to that requirement.
Original change's description:
> Avoid use of x18 register on arm64
>
> This causes crashes on Windows, as x18 is the "platform register",
> holding a pointer to thread-local storage.
>
> R=jkummerow@chromium.org
> CC=seth.brenith@microsoft.com
>
> Bug: v8:12959
> Change-Id: I20b8bee145d4ab3a40d8d140d98572df8300251c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695569
> Reviewed-by: Seth Brenith <seth.brenith@microsoft.com>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81090}
Bug: v8:12959
Change-Id: If4ead8f7a7aece756cef7d32bb98d7d33dfe4911
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3702331
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Seth Brenith <seth.brenith@microsoft.com>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81111}
This is a reland of commit c8c176190a
This CL includes:
- crrev.com/c/3679846 Add condition use_ic to the removing the optimized OSR code logic
- crrev.com/c/3686589 Add out of bytecode array to break condition of removing OSR code cache logic
- Add JumpLoop nesting level 0 to break condition of removing OSR code cache logic
- Change to use Deoptimizer::DeoptimizeFunction() to deoptimize OSR code
Original change's description:
> [compiler] Remove the optimized OSR code if deoptimizing at inside of loop
>
> If the optimized code is deoptimized and the deoptimized exit offset is
> inside of the optimized OSR code related loop, the optimized OSR code is
> also out of date, remove the optimized OSR code, it will avoid hit the
> optimized OSR code and soon later deoptimization of the optimized OSR
> code.
> This CL will reduce deoptimization. E.g. Deoptimization of JetStream2
> case navier-stokes function addFields is reduced from twice to once.
>
> Change-Id: I5bbf3039e916c3736b5b967d1f36b6ea90cfd40b
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3648219
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Tao Pan <tao.pan@intel.com>
> Cr-Commit-Position: refs/heads/main@{#80826}
Bug: chromium:1330444
Change-Id: I97a466ddfa764438b45f33c6ae33cb921d57278d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3690451
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Tao Pan <tao.pan@intel.com>
Cr-Commit-Position: refs/heads/main@{#81110}
A few more fixes for visiting bytecodes that are known to be dead:
* Change JumpLoop dead frame merging to remove the loop predecessor,
by moving the loop predecessor to be the last in the list and
allowing it to be dropped the same way as other predecessors.
* Remove the bytecode walk in EmitUnconditionalDeopt, opting instead
to check for null current_block in the real bytecode visitor. This
allows us to handle the case where the start of a basic block is
dead, but there's no fallthrough into it, so it wouldn't be visited
by the loop in EmitUnconditionalDeopt.
Bug: v8:7700
Change-Id: I7cf1a54c49a2affc0363c1a0919bb3d427f83f5c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3700070
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81109}
The race occurs when the write to instance_ happens after the static
thread-local initialization. The change simply moves the write into
CagedHeap's ctor.
Bug: chromium:1325007
No-Try: true
Change-Id: I55b6e286f311c9ddb4f3f89d12f7f9437b96cc58
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3702334
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81108}
We don't need to reset the entire age table, but merely the pages that
are known to contain young objects. This must improve memory use with
generational GC enabled.
The CL is a prerequisite for another CL that'll increase the size of
the age-table.
Bug: chromium:1029379
Change-Id: Ibb5b607af20380c3936b7396b3d9767f6f17c44b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695268
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81106}
Currently, young generation assumes that all the on-heap pointers are
compressed, which is currently not the case due to the backing-store
pointers in Blink. Fixing collections to have Member<> is not easy,
because the inlined collections may have the semantics that
backing_pointer_ == inlined_buffer_;
where the inlined_buffer_ can be off-heap (e.g. on stack).
The CL introduces another type of barrier specifically for uncompressed
pointers. The followup is to use that barrier from Blink.
Bug: chromium:1029379
Change-Id: If0f519220658268dbdf915235c2e5afd7887dc0c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695358
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81105}
Add a new --wasm-max-module-size flag to replace the unused and more
specific --experimental-wasm-allow-huge-modules flag.
The new flag can be used in fuzzers to reduce the maximum allowed module
size, avoiding OOM on some systems (like 32-bit ASan builds).
R=ahaas@chromium.org
Bug: chromium:1334577
Change-Id: I2830d407c5b01be21a47b21392c1210061c40b20
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695267
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81102}
This is just a minor refactoring: We include the kUnknownSectionCode in
the set of valid sections. There are only two uses of that function: The
first one already checks for kUnknownSectionCode in a separate
condition, the second one can be simplified with this refactoring.
R=ahaas@chromium.org
Bug: chromium:1335023
Change-Id: Ie1ae316db41f8111fff0af0d97a6c775f527156c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3698556
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81101}
When profiling V8 code generated with snapshot using ETW, there is a
huge difference enabling system instrumentation. This is because, for
populating the ETW tracing (when --interpreted-frames-native-stack is
enabled), we need the scripts line ends. But these are only generated if
log functions are enabled.
To prevent the problem, this CL also initializes script line ends for
the case interpreted frames native stacks are enabled.
Bug: v8:12910
Change-Id: I89eab727574a68a8b2fbc2575faf540218370e7d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3669698
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: José Dapena Paz <jdapena@igalia.com>
Cr-Commit-Position: refs/heads/main@{#81098}
This CL extends the live edit mechanism to allow editing the function
that is currently on top of the stack, as long as that call frame is
the only activation of that function.
The CL changes how we look for functions on the current JS stack:
Instead of starting at thread_local_top we start at the frame we
are currently paused in. This is possible since there can not be any
JavaScript frames above the current "break frame", only C++ frames
which are not relevant for live edit.
If the edited script modifes the top-most function, the inspector
will trigger a restart of that call frame. That is why we check
if we can actually restart the function and only allow the live
edit to go through if that is the case.
Note that this CL also adds a kill switch in the form of a runtime
flag for this feature, in case we need to pull the plug and disable
this feature again via back-merge.
R=jarin@chromium.org
Bug: chromium:1334484
Change-Id: I711913df96c8acc786ad4de28de804d2f90e1847
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695353
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81097}
... which might fail because usual operator== for tagged values compares
only lower 32 bits of the pointer.
Bug: v8:11880, v8:12958
Change-Id: I0978d6c510424aecfee2f044c40ea424b6cb3ab9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695593
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81096}
Already after enabling Liftoff, the name did not match the semantics any
more. The callback was called after top-tier finished, not after initial
compilation of the module finished.
With dynamic tiering, the name is even less fitting.
This CL renames the "OnModuleCompiled" callback in the API to
"MoreFunctionsCanBeSerialized", which makes it more obvious what the
API should be used for. It also internally renames all related typedefs
and methods accordingly.
One call of the callback in the streaming decoder was already wrong
before this CL and is being removed.
R=jkummerow@chromium.org, cbruni@chromium.org
Bug: v8:12899
Change-Id: I95c0fc9e32442383e47e4370e31277cc065bf0fe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3687689
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81093}
Deprecate the LegacyOOMErrorCallback in the 10.5 branch. Embedders are
expected to switch to OOMErrorCallback.
The deprecated LegacyOOMErrorCallback will then be removed in the 10.6
branch.
R=mlippautz@chromium.org
Bug: chromium:1323177
Change-Id: I83001bec760848ef39f0638ed5c5c9eaa7cdb6eb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3646014
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81092}
This causes crashes on Windows, as x18 is the "platform register",
holding a pointer to thread-local storage.
R=jkummerow@chromium.orgCC=seth.brenith@microsoft.com
Bug: v8:12959
Change-Id: I20b8bee145d4ab3a40d8d140d98572df8300251c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695569
Reviewed-by: Seth Brenith <seth.brenith@microsoft.com>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81090}
This is a partial reland of https://crrev.com/c/3597106
With this change, an old entry in the script compilation cache is not
completely removed by CompilationCacheScript::Age(). Instead, its value
is replaced with undefined. In that way, the Script is still accessible
from the table until the garbage collector destroys it and clears the
weak pointer.
Bug: v8:12808
Change-Id: Ib494674e67d0fec455e1fed40499c5cca3b7c0a4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3673426
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#81084}
