Rename BytecodeOperandFlag to BytecodeOperandFlag8. The methods in
interpreter-assembler were missed in https://crrev.com/c/3857561.
Change-Id: I09383531e4d16e6e428a56feb76192156211dc81
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3867515
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82869}
In preparation for the new `v`-flag, extend RegExp flags from 1-byte to
2-byte.
Bug: v8:11935
Change-Id: I2dacb5e8dba889947054aa5c155708b8d315b898
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3857561
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82863}
So far Oilpan garbage collection was only ever triggered via growing
strategies in either V8 or stand-alone heap growing. This CL
implements a fallback for GC on allocation.
- Stand-alone implementation will defer to GCInvoker which is aware of
stack support.
- CppHeap implementation will just trigger a full V8 GC.
Bug: chromium:1352649
Change-Id: If92f705b4e272290ca7022864fd7b90f0fcb809e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865148
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82844}
Test names should be separated by "." but not "/". This CL fixes all
test names which are separated by "."
Bug: v8:13240
Change-Id: I4d97b0cc4b647f28cc2af9685c35b45b7d4561e5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3864190
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82840}
Per https://github.com/WebAssembly/function-references/pull/76,
call_ref and return_call_ref should consume type immediates specifying
the signature of the funcref. This is a breaking change.
To ease the migration, this patch introduces a temporary alternative
binary encoding for call_ref:
- 0x14 continues to *not* take a type immediate for now.
- 0x17 (formerly "let") is the new call_ref *with* type immediate. Module
producers are encouraged to emit this encoding ASAP.
- After a few weeks of transitionary period, we'll update 0x14 to
take a type immediate as well. At this point, module producers will be
encouraged to switch back to 0x14.
- After a few more weeks of transitionary period, we'll drop 0x17 again.
We're not doing the same dance for return_call_ref because it currently
has no uses that we know of.
Bug: v8:7748,v8:9495
Change-Id: Id8d468be3949f84571efff713c937ffd1addff70
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3863280
Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82839}
- move cctest/test-parsing -> unittests/parser/parsing-unittest
- move common/{scope-test-helper, unicode-helper} to unittests/parser
directory because these are only be used by tests in unittests/parser
Bug: v8:12781
Change-Id: Ie0fb043d5df6178bbe088d140a76f606454bbf29
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3855313
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Feng Yu <f3n67u@gmail.com>
Cr-Commit-Position: refs/heads/main@{#82837}
...to honor the {pinned} list under all circumstances.
Drive-by: DEBUG-mode helpers to print FunctionSig and LiftoffRegList
objects to stdout.
Fixed: chromium:1356718
Change-Id: I487db12294f687790cec1d658d7a7d754f3c2f99
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3859752
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82815}
Avoid the deprecated FLAG_* syntax, access flag values via the
{v8_flags} struct instead.
R=jkummerow@chromium.org
Bug: v8:12887
Change-Id: Ieccf35730f69bcefa3740227f15e05686080d122
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3843517
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82774}
Currently the ability to create shared isolates is partially exposed to
API. Instead of fully exposing it, this CL makes shared isolate and
shared heap handling transparent to the embedder.
If a flag that requires the shared heap is true (currently
--shared-string-table and --harmony-struct), the first isolate created
in the process will create and attach to a process-wide shared isolate.
Subsequent isolates will attach to that shared isolate. When that first isolate is deleted, the shared isolate is also deleted.
Bug: v8:12547
Change-Id: Idaf2947bc354066c44f2d10243e10162b1b7e4d6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3848825
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Owners-Override: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82756}
This is a left-over of the removal of the dynamic (rtt-based)
variants.
Bug: v8:7748
Change-Id: I93bb74a72543a5697f1102d283c7d65c6be99466
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3856577
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82746}
This reverts commit aa541f1c9c.
Reason for revert: Reverting due to large regressions for motionmark on M1.
Original change's description:
> [turbofan][arm64] Emit Lsl for Int32MulWithOverflow when possible
>
> Int32MulWithOverflow on arm64 uses a cmp to set flags rather than
> the multiply instruction itself, thus we can use a left shift when
> the multiplication is by a power of two.
>
> This provides 0.15% for Speedometer2 on a Neoverse-N1 machine,
> with React being improved by 0.45%.
>
> Change-Id: Ic8db42ecc7cb14cf1ac7bbbeab0e9d8359104351
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829472
> Commit-Queue: George Wort <george.wort@arm.com>
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82499}
Change-Id: I896530a53fbdf6d397922124abddda4140144448
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3854222
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: George Wort <george.wort@arm.com>
Cr-Commit-Position: refs/heads/main@{#82696}
This CL adds a soft limit (via AllocationObserver) to run
incremental marking for MinorMC.
Once the soft limit is triggered, roots are marked.
This a stepping stone for concurrent marking
(YoungGenerationConcurrentMarkingVisitor, go/YGCMV) integration.
Bug: v8:13012
Change-Id: I5bc9aeb80511159561845deb494023ade3fb7365
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3824339
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Leon Bettscheider <bettscheider@google.com>
Cr-Commit-Position: refs/heads/main@{#82695}
Concurrent markers could add work into the worklist before the CHECK.
Bug: v8:12775, v8:13223
Change-Id: I8ac252b0fec8e5acbcfec56dad04830e596c709d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3854496
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82690}
This is a reland of commit abd0adf106
Original change's description:
> [compiler] Make ReduceWord32EqualForConstantRhs work for Word64Equal
>
> Adds reduction case in MachineOperatorReducer for when the left-hand side of a
> Word64Equals is based on a 64-bit shift-and-mask operation, as is the case
> when Torque accesses 64-bit bitfields.
>
> This improves Speedometer2 by 0.15% on a Neoverse-N1 machine, with
> React-Redux being improved by 0.4%.
>
> Change-Id: Icd0451c00c1b25f7d370e81bddcfd668a5b2523c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3834027
> Commit-Queue: George Wort <george.wort@arm.com>
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82593}
Change-Id: I62393c062b2c785a5dfa3500b80fe44ec08f6f21
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3841569
Commit-Queue: George Wort <george.wort@arm.com>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82684}
Users should rely on CppHeap which is the only supported way of using
v8::TracedReference in going forward.
Bug: v8:13207
Change-Id: Idd03f458167c74b06f285bb568e5c77ad46003fe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3849037
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82681}
... when the code range is created. This key should be more helpful
than the existing kCodeSpaceFirstPageAddress crash key, especially
for the cases when snapshot does not contain Code objects and thus
the code space is not created during Isolate initialization.
The mid-term plan is to remove the latter in favour of the former
since the default configuration does not imply creation of the code
space.
Bug: v8:11880
Change-Id: Icdea38723c7ed73605c2df6589ec01193571d55c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3849038
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82667}
IsRunning() and IsMarking() are now equivalent. So IsRunning() can be
removed in favor of IsMarking().
IsComplete() is also renamed to IsMarkingComplete().
Bug: v8:12775
Change-Id: Ife88be4d674af055590ba5178ec1e410f8fa89d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3849833
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82665}
Generate Tbz/Tbnz instead of (tst;bcc),
and Cbz/Cbnz instead of (cmp;bcc), where possible.
This improves Speedometer2 by 0.22% on a Neoverse-N1 machine.
Change-Id: Ie86bae7189a7a4bd4975f946e7413225c9023316
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3833816
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82657}
Use the `fuchsia_component` and `fuchsia_package` GN templates from the
Fuchsia SDK to package the `v8_unittests` test for Fuchsia. Give the
`v8_unittests` their own dedicated `.cmx` file, instead of depending on
`v8.cmx`.
Bug: chromium:1256503
Change-Id: I22788359bed18eb643e288ee1a0c92c24c0dc3e1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3819644
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Wez <wez@chromium.org>
Commit-Queue: Derek Gonyeo <dgonyeo@google.com>
Cr-Commit-Position: refs/heads/main@{#82656}
- Swap() was not necessary as all uses merely required Merge()
- Remove unused empty Local ctor
- Use refrence for backref as it's always supposed to be non-null
Bug: v8:13193
Change-Id: Ide0a0de15185a67d028890371ae30528fd55a058
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3846863
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82648}
This change adds support for new table element types besides the
existing support for func and extern.
The newly supported types are the generic types of the 'any' subtype
hierarchy: any, eq, data and array.
All these table types are also usable and accessible via JavaScript,
causing implicit internalization and externalization of the elements
on Table::get() and Table::set().
Bug: v8:7748
Change-Id: Ie85d8f5e1d70471360dd2fb8a39cd38efaac2c22
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3838729
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82643}
We found there are redundant load context operations in
some bytecode array.
like this:
LdaImmutableCurrentContextSlot [1]
Star0
...... (don’t edit accumulator)
LdaImmutableCurrentContextSlot [1]
Star1
Add r1
In that case, we could modify this bytecode array as:
LdaImmutableCurrentContextSlot [1]
Star0
...... (don’t edit accumulator)
Add r0
This CL will elide these redundant bytecodes
(LdaImmutableCurrentContextSlot and Star1), because there is no
side effect for loading context, and this context slot is immutable.
Change-Id: Ia26f4b934d3bd1d48c50c0c4699ba7942939991c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3816221
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82641}
Per-context mode marking segregates worklists per context. Upon doing
so, Worklist::Local's move ctor was invoked which cleared the back
pointer to worklist. This break switching to that context which
happens in rare secnarios.
Rework Local marking worklists avoiding the move ctor which is also
removed.
Bug: chromium:1355545
Change-Id: If0e8c7f08df564b2a1e27e4a3fc5a6a40e46ee46
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3845630
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82636}
This changeset include:
1. [prepare for migrate] move `cctest/compiler/value-helper.h`,
`cctest/compiler/c-signature.h`, and `cctest/compiler/call-tester.h` to
`test/common` directory because both `test-codegen` and a lot of cctest file
include it.
2. [prepare for migrate] separate the tester helper part of `test-codegen`
into a new `codegen-tester` file.
3. finally, migrate test-codegen.cc to `codegen-unittest.cc`
Bug: v8:12781
Change-Id: Ia2f52c1d3b6b62501066dc1c4308a2c09d699e92
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3831146
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82630}
This reverts commit abd0adf106.
Reason for revert: Test times out on Win64
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Win64%20-%20msvc/23024/overview
Original change's description:
> [compiler] Make ReduceWord32EqualForConstantRhs work for Word64Equal
>
> Adds reduction case in MachineOperatorReducer for when the left-hand side of a
> Word64Equals is based on a 64-bit shift-and-mask operation, as is the case
> when Torque accesses 64-bit bitfields.
>
> This improves Speedometer2 by 0.15% on a Neoverse-N1 machine, with
> React-Redux being improved by 0.4%.
>
> Change-Id: Icd0451c00c1b25f7d370e81bddcfd668a5b2523c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3834027
> Commit-Queue: George Wort <george.wort@arm.com>
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82593}
Change-Id: I26515348a3d8de58445ecddc0486d9fcc2711cec
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3839048
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Owners-Override: Shu-yu Guo <syg@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#82603}
Currently there is nothing ensuring the internal VM state of shared
objects are in a coherent state and visible to other threads when the
shared object is published.
This CL adds a store-store memory barrier when returning from Factory methods that allocate shared JSObjects that are exposed to user JS code. For primitives, there is an additional store-store memory barrier in the shared value barrier.
Bug: v8:12547
Change-Id: I4833c7ebf02cc352da9b006d2732669d6d043172
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng,v8_linux64_tsan_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3819041
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82596}
Adds reduction case in MachineOperatorReducer for when the left-hand side of a
Word64Equals is based on a 64-bit shift-and-mask operation, as is the case
when Torque accesses 64-bit bitfields.
This improves Speedometer2 by 0.15% on a Neoverse-N1 machine, with
React-Redux being improved by 0.4%.
Change-Id: Icd0451c00c1b25f7d370e81bddcfd668a5b2523c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3834027
Commit-Queue: George Wort <george.wort@arm.com>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82593}
NormalPageMemoryRegion is a span of 10 pages, all of which must belong
to the same space. This requirement imposes a fragmentation issue for virtual space, which is not ideal for the current 2GB cage
configuration.
The CL fixes this by mixing pages of different spaces inside the same
NormalPageMemoryRegion. With cage it's actually not necessary anymore
to have NormalPageMemoryRegion, but we keep it to allow the code to be
uniform for cage/non-cage configurations.
There is no type confusion across spaces, since pages (even empty) are
never shared between spaces. In addition, the shared cage puts an
additional memory constraint on the GC. So, there is no security benefit
in having NormalPageMemoryRegion assigned to a single space.
Savings in reserved address space:
cnn:2021: 14%
facebook_infinite_scroll:2018: 23%
Bug: chromium:1325007, chromium:1352649
Change-Id: I7b49032d581dd56feb8633734a1f37803e9526c6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3840749
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82584}
