This is a reland of 1025bf26e3
Changes since revert:
- TSAN issue fixed by https://crrev.com/c/3475084
- Skip the shared-struct-workers test until shared GC deadlock is fixed,
being tracked in v8:12645
Original change's description:
> [shared-struct] Prototype JS shared structs
>
> Unlike the Stage 1 proposal, for simplicity the prototype does not add
> any new syntax, instead opting for exposing a SharedStructType
> constructor which takes an array of field names. This type constructor
> returns constructors for shared structs.
>
> Shared structs can be shared across Isolates, are fixed layout, have no
> prototype, have no .constructor, and can only store primitives and
> other shared structs.
>
> The initial prototype does not have TurboFan support.
>
> Bug: v8:12547
> Change-Id: I23bdd819940b42139692bcdb53d372099b0d4426
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3390643
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79156}
Bug: v8:12547
Change-Id: Ic1f5cf9fa9791ae2d5d5dc7c110614ca10b5d98e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3475078
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79215}
Port 1b437aa87d
Original Commit Message:
When we know that the value in a write barrier is a map, we know that
we are not going to have an old-to-new reference (maps are always in
old generation). Therefore we also don't really need the generational
barrier in RecordWrite. While this is technically correct, we don't
gain much from this optimization. The inline and out-of-line generated
code for the barrier is still the same as in all other cases. Which
means that outside marking we don't even reach the RecordWrite builtin.
Most write barrier executions happen outside incremental marking, hence
performance of the incremental marking barrier isn't critical. This CL
always uses the full RecordWrite builtin using a flag in order to
allow for an easy revert.
This CL is motivated by the shared heap work, which needs an additional
always-on barrier in the future (similar to OLD_TO_NEW) to keep a
OLD_TO_SHARED remembered set up-to-date. While maps are always in the
old generation, they maybe by located in the shared heap.
R=dinfuehr@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N
Change-Id: I4e763419b3b007a668073e1577cbff9127d15940
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3481263
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#79214}
Originally, the check "if (orientation == ULOC_LAYOUT_LTR)" lead dir
to be "rtl" when orientation is "ltr". Fix it to correct check
"if (orientation == ULOC_LAYOUT_RTL)"
Bug: v8:12531
Change-Id: I5fba29466c66b4fd05e31ddbe4083c16c19e9005
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3459928
Reviewed-by: Frank Tang <ftang@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79213}
This CL refactors all remembered set logic from heap-base and
explicit-management to a new class OldToNewRememberedSet.
Bug: chromium:1029379
Change-Id: Id032b9dcc01af6f9bb9e546ed9bc6324da6d9b66
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3472498
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79212}
This CL prepares WebSnapshot for skipping and re-injecting external
references in the web snapshot. External references are encoded as
separate object type and allows us to create partial snapshots at
runtime and reconnect a deserialised snapshot to an existing
object graph.
Part II will also collect all objects which cannot be serialized by the
web-snapshot serializer.
Usage:
snapshot = %WebSnapshotSerialize(root, skip_externals);
object = %eWebSnapshotDeserializ(snapshot, replaced_externals);
Drive-by-changes:
- Reduce JSObject Map size in serializer (we ended up with 4 embedder
fields)
- Avoid adding non-HeapObject to the discovery_queue_
- Split off ReadXXX handlers into separate functions
Bug: v8:11525
Change-Id: Ia6a9914259614c6c288667621b38daa0202d4d72
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3461936
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79211}
When calling `Runtime.getProperties` with `accessorPropertiesOnly` we
previously did not report any private fields at all, although it is
possible to define private accessors.
Bug: chromium:1296855
Change-Id: I18b84bfc81449d224738ba3de1f0c41c234025b2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3477112
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79210}
Similar to other external pointers, the indices into the external
pointer table are stored shifted to the left to guarantee an upper
bound.
Bug: v8:10391
Change-Id: I079dc1568f49ae349c326a8e83fc32c93bdb35cf
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3455152
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79209}
- Cache process-id as process-static variable
- Only extract the script name once per SFI
Change-Id: I4549c2a3849d57dbcfa115401719e22422cfac6a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3477113
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79206}
Calling didContinue() after having paused on an instrumentation break
clears the breakpoint reasons that were stored in the debugger agent.
This removes clearBreakDetails() from didContinue() and specifically
calls it if we need it.
Drive-by: removing left-over dead code
Bug: chromium:1229541
Change-Id: I49f598d0e97801661e003c3911967c64ea63373e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3477099
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79203}
When serialize object, error will be added to id_map as reference
by other object. Error object should be added to id_map_ when
deserialize too.
Bug: v8:12542
Change-Id: If95b4047570de9927b67e64cda762f4c4a23e711
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3468875
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79202}
The test case was fixed in c7fbac6a72
This reverts commit 34c0f0fced.
Bug: chromium:1278780
Change-Id: If04e41a7fc1f0c744fe785a834880e598f482ef8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3401592
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79201}
Migrate predictable_wrapper to py3. Run test in v8_presubmit.
R=liviurau@chromium.org, machenbach@chromium.org
Bug: chromium:1245634
Change-Id: I941e248ffcf12ce26a55a5f5889dab06ee74e66e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3448379
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Commit-Queue: Alexander Schulze <alexschulze@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79200}
The ExceptionDetails structure allows the association of requests and
issues with JavaScript errors. These are currently only reported
when an exception goes through `Runtime#exceptionThrown`, but we
also want the metadata available when the ExceptionDetails are
requested explicitly for any Error object.
R=bmeurer@chromium.org
Bug: chromium:1280141
Change-Id: I1b1514207b9e146fda3452c3f7991cd7dc9a387b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3477098
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79199}
The two jump tables (near and far jump table) are usually allocated next
to each other, so we can switch permissions for both in a single system
call.
This removes one of the three to four remaining system calls in
deserialization.
R=jkummerow@chromium.org
Bug: v8:11974, chromium:1297999
Change-Id: I68d2bd1c2e68bea46ebac4e01906915ff5a1d3bd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3472075
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79197}
This adds the missing implementation of bulk memory operations on 64-bit
memory on 32-bit systems. This is tricky because especially on ia32 we
don't have a lot of registers, so we cannot keep three 64-bit values
in registers at the same time.
Thus combine the high words into a single register early, and use a
single zero-check afterwards.
R=thibaudm@chromium.org
Bug: v8:10949, chromium:1281995
Change-Id: I017bc43989e4b6195b46b5d0738552a685362e43
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3468335
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79196}
On 32-bit platforms, we generally don't over-allocate backing stores
for Wasm memories. That leads to quadratic overall complexity of
repeated growth operations by a few pages each though. To fix that,
this patch introduces a small over-allocation factor: when we have
to reallocate to grow a memory, we now grow by at least 1/8th of the
memory's previous size.
Bug: chromium:1294262
Change-Id: I89b5e974c75aac78bece8fcd72fb7a2184345153
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3472496
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79193}
The dynamic tiering budget slot will never be used if dynamic tiering is
disabled. As it's un untagged field (never visited by GC), we can just
leave it uninitialized.
Similarly, the feedback vector slot is only used (and visited by the GC)
if --wasm-speculative-inlining is enabled.
Since both is disabled by default, we can save two spills in each
function, saving 16 bytes on x64.
Drive-by: Add code comments for both code blocks.
R=jkummerow@chromium.org
Change-Id: If325e795f6368e02ed687697c4bdac208214103b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3468348
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79192}
CpuProfiler includes logic tracing that is only relevant in
the context of TracingCpuProfiler.
Adds a setting to disable tracing for SamplingCpuProfiler.
Change-Id: Idcac03dd3f368b5fcd48a532d5cfe60966a64003
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3433219
Auto-Submit: Corentin Pescheloche <cpescheloche@fb.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79190}
- Avoid lookup if there is no template_weakmap yet
- More explicit DisallowGarbageCollection scopes
- Avoid handles when settings properties
- Speed up Object::GetSimpleHash by loading only instance_type once
Change-Id: Ib588607340a0c56dc1ba26c3e89485560222a688
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3463717
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79189}
... to reduce compilation overhead on the main thread for OSR
Bug: v8:12161
Change-Id: I54ca5fa6201405daf92dac9cf51d5de4b46577b3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3369361
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Fanchen Kong <fanchen.kong@intel.com>
Cr-Commit-Position: refs/heads/main@{#79188}
Building with Gcc-10 causes error "explicit specialization in non-namespace scope".
This change fixes it.
Bug: v8:12649
Change-Id: I36b2b042b336c2dfd32ba5541fdbbdb8dc8b4fd7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3473997
Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#79185}
Weak containers are retraced if they are found through the stack using
the conservative scanner, possibly resulting in a race with the
concurrent marker.
Bug: v8:12648
Change-Id: I0936a2953e3e2151cea4191f335a091b0e334e6b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3474678
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79184}
The CL uses GlobalHandles::IterateTraceNodes() to find back references
from V8 to cppgc.
Bug: chromium:1029379
Change-Id: I6e959ae5d591247b817386cafe26b6cd74161b63
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3467874
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79183}
Instead, open a single {CodeSpaceWriteScope} that covers all functions.
Note that the exact same thing is already done in
{InitializeLazyCompilation}.
R=thibaudm@chromium.org
Bug: v8:11974, chromium:1298552
Change-Id: I469757f0674a7b95ce56ffa4d42b5e0d9d5a0834
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3474671
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79181}
Currently the Isolate is gotten off of the object that the operation is
being performed on. GetDataProperty may end up using a per-Isolate
lookup cache, which is not threadsafe when the Isolate is shared. Plumb
the executing, non-shared Isolate through.
Bug: v8:12646, v8:12547
Change-Id: Ia08ece9a9e8cbd7eba9ea38b01caa511895f5bf4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3475084
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79180}
The tool has been unmaintained for a while and doesn't work.
We do have either the system-analyzer or profview as valid web-based
replacements. For all other use-cases we recommend using the
command-line versions.
Change-Id: I3a07e80aebfb1f8d6ba16d6bffe16d9da7b9eac4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3474677
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79178}
It has been deprecated for a couple of years and there is no evidence of
anybody still using it.
Change-Id: I454f2f718aa50c295b29faf62cd0313a5e6e97d7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3417495
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#79177}
This is a reland of 78bc785227
Original change's description:
> s390x: [baseline] enable sparkplug on s390x
>
> Change-Id: I4646bb0f3f6291c97bb4b397d6248b9bdaa2059a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3439641
> Reviewed-by: Victor Gomes <victorgomes@chromium.org>
> Commit-Queue: Junliang Yan <junyan@redhat.com>
> Cr-Commit-Position: refs/heads/main@{#78959}
Change-Id: I1f2ce6622d6a6b20c197e23beeee3ee5b0aa32f4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3471523
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#79176}
This reverts commit 1025bf26e3.
Reason for revert: https://crbug.com/v8/12645
Original change's description:
> [shared-struct] Prototype JS shared structs
>
> Unlike the Stage 1 proposal, for simplicity the prototype does not add
> any new syntax, instead opting for exposing a SharedStructType
> constructor which takes an array of field names. This type constructor
> returns constructors for shared structs.
>
> Shared structs can be shared across Isolates, are fixed layout, have no
> prototype, have no .constructor, and can only store primitives and
> other shared structs.
>
> The initial prototype does not have TurboFan support.
>
> Bug: v8:12547
> Change-Id: I23bdd819940b42139692bcdb53d372099b0d4426
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3390643
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79156}
Bug: v8:12547
Change-Id: I44f2b8bb7487b4d39ba1282585e0b2282501230f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3474676
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79170}
This CL adds handling of the BigInt types to TurbofanType to allow
verification of BigInt values in %VerifyType.
Change-Id: I1fc6dea16cbff4d22cfbb5483c5dee50fa932f75
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3256687
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79169}
This reverts commit a183895687.
Reason for revert: https://bugs.chromium.org/p/v8/issues/detail?id=12642
Original change's description:
> [heap] Allow shared references in WeakMap
>
> Shared references can also be stored in WeakMaps and during marking we
> need to be able to deal with such references. In a client GC shared
> objects are treated as live, so we don't need to update or check mark
> bits for such objects.
>
> Bug: v8:11708
> Change-Id: I0dbf797472c4779f462750dab63cc9b012aad091
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3447365
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79153}
Bug: v8:11708
Change-Id: I113672aceba0ef5aa71f6fbedda7e0df854a437d
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3474673
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Owners-Override: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79168}
Previously, V8_OS_MACOSX was, somewhat confusingly, also used for iOS.
With this CL, V8_OS_DARWIN will be set on both macOS and iOS,
V8_OS_MACOS only on macOS, and V8_OS_IOS only on iOS.
This CL also renames V8_TARGET_OS_MACOSX to V8_TARGET_OS_MACOS and
renames platform-xnu.cc to platform-darwin.cc.
Change-Id: I4bcafc7c337586662114144f6c7ccf47d978da1f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3468577
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79167}
