On x64 we can emit more compact instructions for mov(reg, imm). However
currently this only happens when using the Set method explicitly.
This CL renames Set to Move to avoid confusion and yield better code
by default.
Also use the new Move helper for Smis as well.
Change-Id: I06558e88d1142098f77fb98870f09742d494f3dc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2874450
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74512}
Allow GC of the shared heap without any attached clients. This
CL also disables incremental marking for shared heaps for now.
Bug: v8:11708
Change-Id: I1eb47a42fe3ced0f23f679ecaae0c32e09eab461
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2886878
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74511}
This change adds support for `const` redeclaration on REPL mode with
the semantincs recommended in the design doc:
1) REPL scripts should not be able to reassign bindings to `const`
variables.
2) Re-declaring `const` variables of page scripts is not allowed in
REPL scripts.
3) Re-declearing `const` variables is not allowed in the same REPL
script.
4) `const` re-declaration is allowed across separate REPL scripts.
5) Old references to previously declared variables get updated with the
new value, even those references from within optimized functions.
Design doc: https://goo.gle/devtools-const-repl
Bug: chromium:1076427
Change-Id: Ic73d2ae7fcfbfc1f5b58f61e0c3c69e9c4d85d77
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2865721
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Luis Fernando Pardo Sixtos <lpardosixtos@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#74510}
DebugEvaluate can evaluate expressions in side-effect-free mode, where
any operation that would cause observable side effects throws an
exception. Currently, when accessors are backed by callbacks, it's
possible that ICs call those accessors directly, bypassing the
side-effect checks. This CL introduces a bailouts to runtime in those
cases.
Fixed: chromium:1201781
Also-By: ishell@chromium.org, pfaffe@chromium.org
Change-Id: Ie53bfb2bff7b3420f2b27091e8df6723382cf53c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2857634
Commit-Queue: Philip Pfaffe <pfaffe@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74507}
The deoptimization table needs to be continuously, so we need to block
trampoline pool emission during the whole process.
bug: v8:11759
Change-Id: Ie5e0ffe27dc8e6cdb18985dc2cf26bdadeff318f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2881918
Commit-Queue: Junliang Yan <junyan@redhat.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74506}
Argc and Slot are usually small and fit within a single 32bit word.
This reduces most property calls by 5 bytes.
This results in roughly 1% code reduction for sparkplug and no
measurable regression on x64.
Bug: v8:11420
Change-Id: I272c26c40b99f2dc5817f18bec113662a5bfebce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2872828
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74505}
This is the second CL in a line of two to implement PKU-based
WebAssembly code space write protection. The first CL added two
low-level PKU functions; this CL uses them to grant/withdraw writable
permissions, local to each thread that wants to modify the code space.
In particular, when {--wasm-memory-protection-keys} is enabled, we first
associate a memory protection key with all code pages, which by
default does not allow any write access. Then, before each location that
needs to modify the code space, we open
{NativeModuleModificationScope}s (which are already present for
mprotect-based write protection). When the PKU flag is given, this then
first tries to set permissions of a memory protection key (which is
fast), and otherwise when {--wasm-write-protect-code-memory} is enabled,
falls back to mprotect-based write protection (which is much more
expensive and also not thread-local, but for the whole process).
R=clemensb@chromium.org
Bug: v8:11714
Change-Id: I3527906a8d9f776ed44c8d5db52539e78e1c52fd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2882800
Commit-Queue: Daniel Lehmann <dlehmann@google.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74501}
This is the first CL in a line of two to finish PKU-based WebAssembly
code space write protection. This CL adds two low-level PKU functions,
which are essentially wrapping the functionality in glibc's
{pkey_mprotect()} and {pkey_set()}).
The added functionality is in
(1) {SetPermissionsAndMemoryProtectionKey()}: Associate a memory
protection key with a page (simultaneously with setting the page's
regular permssions). This is as costly as a regular {mprotect()}.
This call itself does not restrict permissions besides the regular page
permissions.
(2) {SetPermissionsForMemoryProtectionKey()}: Set permissions for the
key itself (now associated with a page). This can be either "all data
access disabled" (i.e., no read or write, but execution is allowed) or
"write access disabled" (which we use for code space write protection).
The permissions are added on top of the page's regular permissions. This
operation is cheap (in the order of 20 cycles) since it is roughly a
thread-local register read, some bit-masking, and register write.
See the second CL (based on this one) for how those two functions will
be used.
A note on compatability and security implications: Because the functions
which we use here were only added in glibc 2.27, and since glibc is
dynamically linked, we check at runtime (with {dlsym()}) whether
{pkey_*()} functions are available. However, calling functions via a
pointer coming from {dlsym()} is not supported by CFI so far, which is
why we disable indirect call checking for the added functions.
Potentially, the functions could hence be used as an indirect call
gadget in a ROP attack. On the other hand, they are only compiled in
currently only on Linux on x64, and disabling CFI indirect call checking
is also done in other places already.
R=clemensb@chromium.org
Bug: v8:11714
Change-Id: I0da00818f28cf1da195a5149bf11fccf87c5f8ea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2882797
Commit-Queue: Daniel Lehmann <dlehmann@google.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74498}
Member is sometimes still used from off-heap storage which prohibits
getting the heap from the Member's slot address.
Bug: v8:11756
Change-Id: I61658ce07a8b02a8c400232ff21c75f0d8b95dcb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2886879
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74496}
Isolate::UseAsSharedIsolate() was invoked after the Isolate was already
created. I think it is cleaner to have the shared-flag right when
constructing an Isolate. This way we can use that property already
when setting up the isolate.
Bug: v8:11708
Change-Id: Ibbfee09122b7b0361a5af7a1b559796594834813
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2885041
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74495}
It was never stored with a release store, so can we use the loads as
non-atomic ones.
Bug: v8:7790
Change-Id: Ife67e8650a5fb279ad808e5e68c2ab46ee3507c5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2880541
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74493}
Rolling v8/build: f8d7f9d..52ccb29
Rolling v8/third_party/aemu-linux-x64: H-kH9WxQErL_AR-Nu_ZL8hbu1D-rZmdQQUaYZYm3AOUC..pwjSs3IapHTvM0wB7z3723g8rjsQnCWikZJhQxtBetsC
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/c92267a..1fbada9
Rolling v8/third_party/depot_tools: 03dfb00..c499142
Rolling v8/third_party/google_benchmark/src: 0852c79..3b508fa
Rolling v8/third_party/zlib: eb9ce8c..618ddec
Rolling v8/tools/clang: dbcffda..e76c8f1
Rolling v8/tools/luci-go: git_revision:66f9c8541b85c7f6efc63e75e68d660d4fb30752..git_revision:1b50bbe2f93441dd227ad6e6684fa9be4ab0dec2
Rolling v8/tools/luci-go: git_revision:66f9c8541b85c7f6efc63e75e68d660d4fb30752..git_revision:1b50bbe2f93441dd227ad6e6684fa9be4ab0dec2
Rolling v8/tools/luci-go: git_revision:66f9c8541b85c7f6efc63e75e68d660d4fb30752..git_revision:1b50bbe2f93441dd227ad6e6684fa9be4ab0dec2
TBR=v8-waterfall-sheriff@grotations.appspotmail.com
Change-Id: I7c116cf19efaf2f55a7b40070a47645eb725c8d0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2886659
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74492}
- Share RemeberedSetAction and SmiCheck enums between all platforms.
- Convert to enum classes with k-prefixed values
Bug: v8:11420
Change-Id: Ib265a229f12a850ea866fd01d8022cbae5e1a9d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2885040
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74489}
After updating our bots to use GCC 7.4, we do not need to support
incomplete C++14 support any more. In particular, we can assume
complete c++14 constexpr support now.
This CL removes the V8_HAS_CXX14_CONSTEXPR and CONSTEXPR_DCHECK macros.
The CONSTEXPR_DCHECKs are replaced by DCHECK and friend, or
STATIC_ASSERT where possible.
R=jgruber@chromium.org, leszeks@chromium.org, mlippautz@chromium.org
Bug: v8:9686, v8:11384
Change-Id: I3a8769a0f54da7eb2cacc37ee23e5c97092e3051
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2876847
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74486}
The AtomicWeak wscope was nested within the AtomicMark scope. Both
should be top level scopes and should be nested within each other.
Bug: chromium:1056170
Change-Id: I1d695c1a3a24fff31aa57893739dca4b558901fb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2883663
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74485}
This reverts commit 5f0ac36cc6.
Reason for revert: Seems to be associated with multiple Sanitizer failures:
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20stress-incremental-marking/3176
Original change's description:
> [compiler] Consider IsPendingAllocation in Ref construction
>
> The logic in JSHeapBroker::TryGetOrCreateData assumes that parts
> of the object are safe to read. In particular, the instance type
> must be readable for the chain of `Is##Name()` type checks.
>
> This is guaranteed if
>
> - a global memory fence happened after object initialization and
> prior to the read by the compiler; or
> - the object was published through a release store and read through
> an acquire read.
>
> The former is protected by the new call to ObjectMayBeUninitialized
> (which internally calls IsPendingAllocation) in TryGetOrCreateData.
>
> The latter must be marked explicitly by calling the new
> MakeRefAssumeMemoryFence variant.
>
> Note that support in this CL is expected to be incomplete and will
> have to be extended in the future as more cases show up in which
> MakeRef calls must be converted to MakeRefAssumeMemoryFence or to
> TryMakeRef.
>
> Bug: v8:7790,v8:11711
> Change-Id: Ic2f7d9fc46e4bfc3f6bbe42816f73fc5ec174337
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2874663
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74474}
Bug: v8:7790
Bug: v8:11711
Change-Id: Ia736cd1143da30ca25fdc2c3c1a2056ebf18d596
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2883245
Auto-Submit: Bill Budge <bbudge@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74484}
This was missing from Ulan's implementation for
CollectCustomSpaceStatisticsAtLastGC.
Bug: chromium:1056170, chromium:1181269
Change-Id: I72354e4f04873095eac5cb39ed188ed83de0bd26
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2880219
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74483}
The FrameSummary::FunctionName() method is only used by the
FrameInspector in the debugger, so the natural place to put
the dependency on GetWasmFunctionDebugName() is in there,
rather than adding a new dependency to frames.cc. This is a
follow up cleanup as discussed in https://crrev.com/c/2878734
Bug: chromium:1159307
Change-Id: I0698adf63f88fe6a93d6e5e6235bc0c2219e9341
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2883784
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74482}
As a first step to support Fast API calls with overloads, adds a
new FunctionTemplate constructor that accepts a vector of CFunction*.
Bug: v8:11739
Change-Id: I112b1746768f52df52c893a4f1fb799b6bd90856
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2860838
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#74481}
Disable the checksum comparison for the read-only snapshot when
--stress-snapshot is used, since it's possible that it would be
corrupted. This corruption is not important as the purpose of
stress-snapshot is not to produce a useable snapshot, but to test that
the serialization/deserialization does not fail for any given objects.
Since the --stress-snapshot flag's value is now used outside of d8,
this also moves it to flag-definitions.h.
Cq-Include-Trybots: luci.v8.try:v8_linux64_gc_stress_custom_snapshot_dbg_ng
Bug: v8:11750
Change-Id: Iedcf1cfb5afa5f16ac19a76820b62b5b93948f2c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2882810
Commit-Queue: Dan Elphick <delphick@chromium.org>
Auto-Submit: Dan Elphick <delphick@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74480}
Make %PretenureAllocationSite more resilient to fuzzer inputs/configs
and allow it for fuzzing.
Bug: chromium:1200724
Change-Id: I541b1410ab1719b478c4ad9516dc350fec02fbba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2883783
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74479}
This is a partial reland of https://crrev.com/c/2850932, which was
reverted because the histogram failed Chromium integration. The V8
histogram added here uses only two values (0 = no support, 1 = support),
but is declared with 3 buckets in order not not fail a DCHECK on
Chromium's side. As soon as https://crrev.com/c/2874651 lands in
Chromium, we can properly declare the histogram here with only 2 buckets,
but for now this is good enough to get early data on PKU support in
the wild.
The other part of the original reverted CL (adding PKU alloc and free
functions, and a V8 flag for PKU) was already landed again in
https://crrev.com/c/2878738
Original change's description:
> [wasm] Add PKU alloc/free and support counter
>
> To enforce W^X for the WebAssembly code space, we want to explore using
> Intel memory protection keys for userspace, also known as MPK, PKEYs, or
> PKU. Instead of flipping page protection flags with mprotect (which
> incurs a high syscall overhead; and which switches flags for the whole
> process), this associates a key with each page once, and then changes
> the permissions of that key with a fast thread-local register write.
> That is, this gives both finger-grained permissions (per-thread) and
> more performance.
>
> This CL is starts experimenting with PKUs by
> (1) trying to allocate a protection key once per {WasmEngine} in x64
> Linux systems, and
> (2) adding a counter for recording the sucess/failure of that, to assess
> the support for PKUs on the target machine.
>
> The low-level PKU allocating functions should be moved into base/platform
> long-term, but are inside wasm/ for this CL.
>
> R=clemensb@chromium.org
> CC=jkummerow@chromium.org
>
> Bug: v8:11714
> Change-Id: Ia4858970ced4d0b84cc8c2651e86dceb532c88a7
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2850932
> Commit-Queue: Daniel Lehmann <dlehmann@google.com>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74319}
Bug: v8:11714, chromium:1207318
Change-Id: I1035ac09bd7aa04584fbc5df7a408b96dd270d0a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2871451
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Daniel Lehmann <dlehmann@google.com>
Cr-Commit-Position: refs/heads/master@{#74477}
This is moving needed stuff out of #if V8_ENABLE_WEBASSEMBLY.
Everything related to guards is still behind V8_ENABLE_WEBASSEMBLY,
since RAB / GSAB don't use guards.
Bug: v8:11111
Change-Id: I9b9fd0dbdcdc1f3c70d6e4f5eb1c70d1bab98e68
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2880221
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74476}
Checking for Smis is cheap. There is no need to put this in the
deferred code block. With this CL we will bail out earlier for
Smis.
Bug: v8:11420
Change-Id: I52e39def633d7cb8bd51ae24d56d9582f56faf41
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2872826
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74475}
The logic in JSHeapBroker::TryGetOrCreateData assumes that parts
of the object are safe to read. In particular, the instance type
must be readable for the chain of `Is##Name()` type checks.
This is guaranteed if
- a global memory fence happened after object initialization and
prior to the read by the compiler; or
- the object was published through a release store and read through
an acquire read.
The former is protected by the new call to ObjectMayBeUninitialized
(which internally calls IsPendingAllocation) in TryGetOrCreateData.
The latter must be marked explicitly by calling the new
MakeRefAssumeMemoryFence variant.
Note that support in this CL is expected to be incomplete and will
have to be extended in the future as more cases show up in which
MakeRef calls must be converted to MakeRefAssumeMemoryFence or to
TryMakeRef.
Bug: v8:7790,v8:11711
Change-Id: Ic2f7d9fc46e4bfc3f6bbe42816f73fc5ec174337
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2874663
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74474}
Only use shifts in case masking has no effects.
Change-Id: I0b8b759ce9c9689917745e81345ceb3e16e994c3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2875085
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74472}
It was never stored with a release store, so can we use the loads as
non-atomic ones.
Bug: v8:7790
Change-Id: Iaf91c0c431d557d74f80f243a0dbdaf9adc5e622
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2880540
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74471}
This CL also allows reusing slow case for API callbacks.
Bug: chromium:1201781
Change-Id: Ib5f81c510404060c888ba30c82357d6ed1a95cf5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2882809
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74470}
Ulan's CL implemented CollectCustomSpaceStatisticsAtLastGC in CppHeap.
All our other methods just delegate to internal::CppHeap. This CL moves
CollectCustomSpaceStatisticsAtLastGC as well to align it with the rest
of our methods.
Bug: chromium:1056170
Change-Id: I4b92d1779247fe26abcb8c6754f2abbc0d80adbd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2882802
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74469}
This is a reland of 7458e67c4e
Original change's description:
> cppgc: Implement basic Member and Persistent checks
>
> Adds check for
> - same heap on assignment
> - header and containment
>
> The verification state is eagerly created for on-heap Member
> references using caged heap and lazily created on first assignment for
> all others.
>
> Bug: chromium:1056170
> Change-Id: I38ee18eeb7ac489f69a46670cc5e5abe07f62dfa
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2878745
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74449}
Bug: chromium:1056170
Change-Id: I9cecfcf7ba2cb70650fd51f345fbf740b96ff6ba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2882804
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74468}
The value needs to be assembled in correct order depending
on the machine endianness.
Bug: v8:7790
Change-Id: I247ce97486721b846ea77de1f075f32c089537ed
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2878296
Reviewed-by: Junliang Yan <junyan@redhat.com>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#74467}
Similar to removing synchronized_ from the object macros[1], we can do
it for RELAXED_SMI_ACCESSORS and use the corresponding relaxed tags.
Bug: v8:7790
Change-Id: Iafc0ed9587e30df0b83565b2976522c4aa634c63
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2880535
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74465}
This change turns the previously used XOR-based type checks for external
pointers into AND-based type checks. With those, the type tag is ORed
into the top bits of an external pointer when it is written, and the
type check performed on every load is done by ANDing the value with the
inverted tag. This will later allow type checking and masking off the GC
marking bits of external pointers in a single operation.
Bug: v8:10391
Change-Id: I89f2b22588b3f7467c79c7916c11f25cd9bcc82d
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2850639
Commit-Queue: Samuel Groß <saelo@google.com>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74464}
Torque-generated relaxed/acquire/release accessors now expect an
additional Tag argument to be more consistent with handwritten
accessors.
Torque's annotations are renamed from @relaxedRead, @relaxedWrite,
@acquireRead and @releaseWrite to @cppRelaxedLoad, @cppRelaxedStore,
@cppAcquireLoad and @cppReleaseStore, repesectively. This renaming
shall better reflect the fact that those annotations just generate
corresponding synchronization on the generated C++ accessors
(not CSA code) and be more consistent with the C++ side of things
where "Load" and "Store" is used instead of "Read" and "Write".
This CL uses these new annotations on a few fields in DebugInfo and
FunctionTemplateInfo to have Torque generate accessors automatically.
Bug: v8:11122
Change-Id: Ibdf3e6b37a254605ff69ba9a50d7b1646790ea15
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2876857
Reviewed-by: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74463}
