Commit Graph

77742 Commits

Author SHA1 Message Date
Clemens Backes
f9e303e476 [wasm][pgo] Introduce a separate header and cc file
This moves the existing PGO code to a separate cc file with a separate
header. As the implementation will be further extended in follow-up CLs,
it's better to have it separated.

R=jkummerow@chromium.org

Bug: v8:13209
Change-Id: I7b7b5bf9c8d3d542dae734f3874499dccee152a9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899321
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83250}
2022-09-16 10:06:53 +00:00
Leszek Swirski
8436c0059c [runtime] Clean up dead entries in the template cache
Resolve a TODO to remove cached template objects from the template cache
which have a cleared weak pointer to the template object. Requires a
little bit of awkward code to handle the "head is dead" case, but OTOH
the implementation cleans up the second Lookup of the head.

Bug: v8:13190
Change-Id: I31a8d8ab77e04c8496a2cacb6154f2ee84d6a795
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899257
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83249}
2022-09-16 09:20:03 +00:00
Leszek Swirski
e7b9604040 [runtime] Don't update template map for existing templates
The cached template object weakmap shouldn't be updated when we update
an existing cached template object, because this update can truncate the
linked list of cached template objects.

Bug: v8:13190
Change-Id: Icea61fcbd5c05d4293a884d1872523ddcdfc3323
Fixed: chromium:1364429, chromium:1364471
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899256
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83248}
2022-09-16 08:55:23 +00:00
Clemens Backes
00a341994f [cctest] Use v8_flags for accessing flag values
Avoid the deprecated FLAG_* syntax, access flag values via the
{v8_flags} struct instead.

R=mliedtke@chromium.org

Bug: v8:12887
Change-Id: I417eee6311fadef9b60043cfc9a42926859c7ab9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899304
Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83247}
2022-09-16 08:22:03 +00:00
pthier
3cb7a8146f Reland "[strings] Fix raw hash lookup for forwarded strings"
This is a reland of commit 0a1f0e335e

Changes since revert:
- Deferred label for loading from forwarding table.
- Check if hash is computed instead of checking if it is a forwarding index.
- Retreive hash from forwarding table only if hash is assumed to be computed.

Original change's description:
> [strings] Fix raw hash lookup for forwarded strings
>
> Raw hashes may need to be looked up via the forwarding table when
> internalized strings are forwarded to external resources. Notably, the
> megamorphic ICs were not correctly fetching the raw hash.
>
> Bug: v8:12007
> Change-Id: Ibbc75de57e707788f544fbd1a0f8f0041350e29d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885379
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Reviewed-by: Patrick Thier <pthier@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83115}

Bug: v8:12007
Change-Id: Ia88ed51a49c62170bc960b8f69673bb1e59a6009
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3888057
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83246}
2022-09-16 08:15:13 +00:00
Nico Hartmann
1d693043bd Revert "[turbofan] Rematerialize BigInt64 in deopt"
This reverts commit 80fb281561.

Reason for revert: https://bugs.chromium.org/p/chromium/issues/detail?id=1364400

Original change's description:
> [turbofan] Rematerialize BigInt64 in deopt
>
> This CL introduces two MachineTypes - SignedBigInt64 and UnsignedBigInt64, which are represented as Word64 but will be rematerialized to BigInt in deoptimization. This will avoid unnecessary conversions for BigInt64s when they are passed to StateValues.
>
> Bug: v8:9407
> Change-Id: I65fdee3e028ed8f9920b1c20ff78993c7784de48
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3858238
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Commit-Queue: Qifan Pan <panq@google.com>
> Cr-Commit-Position: refs/heads/main@{#83230}

Bug: v8:9407
Change-Id: I77d278ce302621db03b787318641709780348cc8
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3901814
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#83245}
2022-09-16 07:33:08 +00:00
Michael Achenbach
2cd354073e [test] Fix analysis-based numfuzz instances
A recent refactoring changed the behavior of dropping/keeping
results after test execution. The numfuzz loop has previously
treated all results as analysis results, as it expected that others
are dropped. After keeping all results, the second round invalidated
the analysis results and the test loop stopped early.

We now add an additional safeguard that ensures the received result
is indeed associated with an analysis run and do not depend anymore
on result presence/absence.

This also adds all analysis-based instances to the test cases.

No-Try: true
Bug: v8:13295
Change-Id: Ic1ede904d279a0c2b318ec997e7c77542dbc75bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3901812
Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83244}
2022-09-16 07:24:59 +00:00
Michael Achenbach
a50854f219 [test] Add improved num-fuzzer test case
This improves the num-fuzzer system test. Previously, the test
didn't actually start up the main functionality of num-fuzz and
executed 0 tests. Now several of the production fuzzers are used to
run fake test cases. The overall timeout signal, used to
stop numfuzz, is mocked with a counter. The observer signals via the
event method that would have caused the hang fixed in:
https://crrev.com/c/3891373

No-Try: true
Bug: v8:13113
Change-Id: I47d17c1fa2099474079acaad5640228d8c454eb1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3893807
Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83243}
2022-09-16 07:22:19 +00:00
Marja Hölttä
ebc9556108 [rab/gsab] TypedArray.p.slice fix in Torque: Destination can be resizable
Bug: v8:11111,chromium:1362487
Change-Id: Ifc7649ec945a0cb13e02c52a47f8ab68fa8ab848
Fixed: chromium:1362487
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3890915
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83242}
2022-09-16 07:09:39 +00:00
Anton Bikineev
238278e4ef cppgc: young-gen: Gate cpp_heap->FinishSweeping behind runtime flag
Do it conditionally only when young-gen is enabled.

Change-Id: I1bd8ed49302b9e2aef0a60ed7831de9ec1cbe276
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899308
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83241}
2022-09-16 06:47:39 +00:00
Simon Zünd
1256fb0ab0 [liveedit] Remove dynamic programming diffing implementation
Myers algorithm for live edit diffing has been enabled since 10.6
without any reported problems, so we can safely remove the dynamic
programming approach with 10.8.

R=kimanh@chromium.org

Bug: chromium:1205288
Change-Id: I95c26c11e949b8c36a0b6abd54859b3936933e9d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3901811
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83240}
2022-09-16 06:15:50 +00:00
v8-ci-autoroll-builder
1344651e26 Update V8 DEPS (trusted)
Rolling v8/build: ccee528..b001130

Rolling v8/buildtools: 040e851..813d569

Rolling v8/buildtools/linux64: git_revision:fff29c1b3f9703ea449f720fe70fa73575ef24e5..git_revision:e70d8c3d5620bc0ddcbad23a36b1b26f815ca90a

Rolling v8/buildtools/third_party/libc++/trunk: c1e647c..e2f63a1

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/0d1854a..c067655

Rolling v8/third_party/depot_tools: 5e4d749..dca14bc

Rolling v8/third_party/fuchsia-sdk/sdk: version:9.20220914.1.1..version:9.20220915.2.1

Rolling v8/third_party/zlib: f48cb14..7d7ed92

Rolling v8/tools/clang: 12149f2..c3b78bc

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: Ie381cd91ebf11d348beed4fdcc099292aa7ef3b3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3900398
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#83239}
2022-09-16 03:52:39 +00:00
Anton Bikineev
6cbcf68db9 cppgc: Avoid IsMarking() calls in the write-barrier
Now that we have all useful flags on the API side, use to them.

Bug: chromium:1056170
Change-Id: Ia849b0925a2b2c10ace30b6c2b6871bd3572da31
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899306
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83238}
2022-09-15 22:49:08 +00:00
Adam Klein
59c070a285 Revert "[v8] Use |AllocateAtLeast| for resizing v8 zones."
This reverts commit 4444874cdf.

Reason for revert: CHECK failure under UBSan
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20UBSan%20-%20builder/5103/overview

Original change's description:
> [v8] Use |AllocateAtLeast| for resizing v8 zones.
>
> This is part of an ongoing effort to reduce fragmentation in Chrome.  Partition alloc shows v8 zones are a large user of memory in Renderer processes, and that there is fragmentation from these allocations. This CL will reduce this fragmentation by allowing v8 to use all allocated memory for its zones.
>
> Bug: v8:13193, chromium:1238858
> Change-Id: Ibeac8bdba9d0e7ff66b14a3dde10e7c87d3cf953
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3889361
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Commit-Queue: Thiabaud Engelbrecht <thiabaud@google.com>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83235}

Bug: v8:13193, chromium:1238858
Change-Id: I03c8c1ad7bb1cd20770323bffe1c42a4be47c454
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3900814
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83237}
2022-09-15 20:18:17 +00:00
Frank Tang
adc30b07c0 [Temporal] Fix timezone and calendar parsing issue
Need to reset tzi_xxx and calendar_xxx in parser state if the
post-condition of CalendarName and TimeZoneIdentifier is not met.

Bug: v8:11544
Change-Id: If2df6c8fc8cf2418ddd5443abab02066d423a0c3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3893554
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83236}
2022-09-15 20:01:58 +00:00
Thiabaud Engelbrecht
4444874cdf [v8] Use |AllocateAtLeast| for resizing v8 zones.
This is part of an ongoing effort to reduce fragmentation in Chrome.  Partition alloc shows v8 zones are a large user of memory in Renderer processes, and that there is fragmentation from these allocations. This CL will reduce this fragmentation by allowing v8 to use all allocated memory for its zones.

Bug: v8:13193, chromium:1238858
Change-Id: Ibeac8bdba9d0e7ff66b14a3dde10e7c87d3cf953
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3889361
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Thiabaud Engelbrecht <thiabaud@google.com>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83235}
2022-09-15 19:59:08 +00:00
Jakob Kummerow
116e217b5f [wasm-gc] Minimal JS interop: the basics
This CL introduces a new LookupIterator state WASM_OBJECT, and updates
all switches that need to handle it.

Bug: v8:7748
Change-Id: Ie3359aed2d37f5a6854e5577fa3799f0464391e4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865559
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83234}
2022-09-15 19:05:08 +00:00
Clemens Backes
f9bb65eb9f [unittests] Use v8_flags for accessing flag values
Avoid the deprecated FLAG_* syntax, access flag values via the
{v8_flags} struct instead.

R=mliedtke@chromium.org

Bug: v8:12887
Change-Id: I06e12314495c2d89135e58e5d3a01310f108e865
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899303
Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83233}
2022-09-15 17:51:59 +00:00
Anton Bikineev
411cd56db3 cppgc: Remove the 2GB split
The split is rudimental and now is not needed at all:
- as part of the shared-cage effort we added HeapHandle pointer to the
  BasePageHandle class (on the API side);
- for the value-full barrier we get HeapHandle from bitmasking the
  value;
- for the value-less barrier we get it from the callback provided by the
  caller.

The CL entirely removes the split and uses the single
BoundedPageAllocator. A minor note: the conservative stack scanning can
become sligthly more expensive.

Bug: chromium:1361582, chromium:1325007
Change-Id: I2a8aded3dd12037998f36341c68af8e23b0dcd88
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899320
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83232}
2022-09-15 17:04:23 +00:00
Samuel Groß
2cc1f9a3d3 [sandbox] Enable the sandbox by default in gm.py
Since enabling the sandbox is now required for example for mkgrokdump,
add it to the default gn args. Also treat non-sandbox builds as
"non-shipping" in mkgrokdump.cc

Bug: v8:13281
Change-Id: I08042aa53057e25c556e166c059373e2fdb9d2c1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899317
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83231}
2022-09-15 17:03:19 +00:00
Qifan Pan
80fb281561 [turbofan] Rematerialize BigInt64 in deopt
This CL introduces two MachineTypes - SignedBigInt64 and UnsignedBigInt64, which are represented as Word64 but will be rematerialized to BigInt in deoptimization. This will avoid unnecessary conversions for BigInt64s when they are passed to StateValues.

Bug: v8:9407
Change-Id: I65fdee3e028ed8f9920b1c20ff78993c7784de48
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3858238
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Qifan Pan <panq@google.com>
Cr-Commit-Position: refs/heads/main@{#83230}
2022-09-15 16:55:19 +00:00
Paolo Severini
8199d70fd6 [profiler][etw] Do not enable --interpreted-frames-native-stack with ETW events
When ETW Events are enabled with the --enable-etw-stack-walking flag
we should not also enable the --interpreted-frames-native-stack by
default.
Showing the interpreted frames on the native stack is quite expensive
since it involves mulltiple copies of the interpreter trampolines, and
it's not always necessary to profile JS code, so it should be enabled
when necessary with a separate flag.

Bug: v8:11043
Change-Id: Id2d779e7fcac9b626f9da2e0c77edf9c30f853df
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3893601
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83229}
2022-09-15 16:53:09 +00:00
Clemens Backes
588688f336 [profiler] Use v8_flags for accessing flag values
Avoid the deprecated FLAG_* syntax, access flag values via the
{v8_flags} struct instead.

R=cbruni@chromium.org

Bug: v8:12887
Change-Id: I7e828480e9cc919609dac69df89315c6fdc82dff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899296
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83228}
2022-09-15 16:45:08 +00:00
Manos Koukoutos
7db6d76e97 [wasm] Enable --wasm-type-canonicalization, remove old code
Bug: v8:7748
Change-Id: I74041f23ac64a3e509d82f84b4a710d23bbecbaf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3893859
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83227}
2022-09-15 16:22:18 +00:00
Nikolaos Papaspyrou
ac7edc1fdb [heap] Fix inner pointer resolution for unused young pages
Inner pointer resolution, to be used in conservative stack scanning,
assumes that all pages registered with the memory allocator are
iterable. Until this CL, this was not the case for pages that were
owned by the young generation semispaces but were unused. Such pages
are either in the "from" semispace, or in the "to" semispace but have
not yet been used.

This CL ensures that all pages owned by the young generation are iterable. It also adds tests to verify that inner pointer resolution
works correctly for unused young pages and for pointers above the
page area.

Bug: v8:13257
Change-Id: Ieff7cc216853403e01f83220b96bf8ff4cdea596
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885893
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83226}
2022-09-15 14:43:29 +00:00
Clemens Backes
cbcb05c713 [init] Use v8_flags for accessing flag values
Avoid the deprecated FLAG_* syntax, access flag values via the
{v8_flags} struct instead.

R=jkummerow@chromium.org

Bug: v8:12887
Change-Id: I5bd5faaac89185c5f40b0eabb01f9b678f791498
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3898934
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83225}
2022-09-15 14:22:02 +00:00
Clemens Backes
23d1a10d51 [d8] Use v8_flags for accessing flag values
Avoid the deprecated FLAG_* syntax, access flag values via the
{v8_flags} struct instead.

R=marja@chromium.org

Bug: v8:12887
Change-Id: Ie0106ceb521a775c7660d369cdb15763e9264149
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3898932
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83224}
2022-09-15 14:20:58 +00:00
Matthias Liedtke
604db85ec9 [ic] Inline cache: Prevent deopt loop for keyed store on undefined
Change-Id: I83b2181323b311fb6994c6d2bed731357079ec1d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3892060
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83223}
2022-09-15 13:52:28 +00:00
Leszek Swirski
caa087bb18 [runtime] Fix hash used in template cache
Also add a DCHECK to prevent this stupid mistake in the future.

Bug: v8:13190
Fixed: chromium:1363969
Change-Id: Ieb855ccfb42a1a6d84798eb09721d454c355935f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899313
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83222}
2022-09-15 13:44:58 +00:00
V8 Autoroll
78dc1fc670 Version 10.8.0
Change-Id: Ie338d4ecb1bcad09e0278dbceb2e21c7b9722d18
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899212
Reviewed-by: Lutz Vahl <vahl@chromium.org>
Commit-Queue: Lutz Vahl <vahl@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83221}
2022-09-15 13:19:28 +00:00
Leszek Swirski
5d19e724d2 [runtime] Hold cached template objects weakly
Cached template objects only need to be cached for reference identity
comparisons. If there is no strong reference to the cached template
object, then there's nothing to compare it against if it were to be
loaded from the cache, so we can hold it in the cache weakly.

Bug: v8:13190
Change-Id: I4a787eb33eab734fe9df6c424ff915d775fce70f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3898692
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83220}
2022-09-15 13:11:58 +00:00
Clemens Backes
e4c32b49db [compiler] Use v8_flags for accessing flag values
Avoid the deprecated FLAG_* syntax, access flag values via the
{v8_flags} struct instead.

R=thibaudm@chromium.org

Bug: v8:12887
Change-Id: Id2f457a1c0056d5015e2f9983d4599582d7189cd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3876185
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83219}
2022-09-15 12:54:30 +00:00
Seth Brenith
e7f0f26f5e Don't run sampling-heap-profiler-flags with stress-incremental-marking
This test observes GC behavior and needs the garbage collector to work
in a somewhat predictable way.

Bug: v8:13286
Change-Id: I24e6a4f33a644b5f1845cd34558da03fc196f7e5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3898721
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83218}
2022-09-15 12:53:28 +00:00
Clemens Backes
e9d4f79f39 [logging] Use v8_flags for accessing flag values
Avoid the deprecated FLAG_* syntax, access flag values via the
{v8_flags} struct instead.

R=mliedtke@chromium.org

Bug: v8:12887
Change-Id: I36c66465e3b6c1b27c1825e50f17f4bc8557c426
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3898936
Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83217}
2022-09-15 12:44:51 +00:00
Clemens Backes
5f2ed43ac6 [debug] Use v8_flags for accessing flag values
Avoid the deprecated FLAG_* syntax, access flag values via the
{v8_flags} struct instead.

R=szuend@chromium.org

Bug: v8:12887
Change-Id: I8123d18ae852807557bf26b1308e0061dc1ac123
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3898937
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83216}
2022-09-15 12:43:48 +00:00
Clemens Backes
bc0200cf94 [maglev] Use v8_flags for accessing flag values
Avoid the deprecated FLAG_* syntax, access flag values via the
{v8_flags} struct instead.

R=leszeks@chromium.org

Bug: v8:12887
Change-Id: I45a24a6297153f279a060079c0ee318545df6817
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3898931
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83215}
2022-09-15 12:16:47 +00:00
Clemens Backes
0d04e8440e [interpreter] Use v8_flags for accessing flag values
Avoid the deprecated FLAG_* syntax, access flag values via the
{v8_flags} struct instead.

R=jgruber@chromium.org

Bug: v8:12887
Change-Id: I0454426c664e54e9b8c8b39f903eeca1a80d4bc2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3898933
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83214}
2022-09-15 12:06:07 +00:00
Jakob Linke
e0c69483eb Revert "Disable interrupt-budget-for-maglev flag"
This reverts commit c66e6ea05f.

Reason for revert: fyi bots are green again.

Original change's description:
> Disable interrupt-budget-for-maglev flag
>
> Bug: v8:7700
> Change-Id: Ieff3e3b053f418e73699a208993c4d0771326522
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879614
> Auto-Submit: Almothana Athamneh <almuthanna@chromium.org>
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83066}

Bug: v8:7700
Change-Id: I5c09ba5f7b3dc7f67582bb2ed7b4c4451660c4c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3898938
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83213}
2022-09-15 11:57:27 +00:00
Jakob Linke
9f13a30034 [maglev] Fix clobbered register in ThrowIfNotSuperConstructor
The kContextRegister can alias allocated registers - when setting it,
take care not to unintentionally clobber.

Bug: v8:7700
Change-Id: I0635d334fb14fa15540582a4873d4186fffa2199
Fixed: chromium:1363450
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3897634
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83212}
2022-09-15 11:33:07 +00:00
Jakob Linke
fa103efb3d [maglev] Handle cleared handler.data1 values
.. in TryBuildMonomorphicLoadFromLoadHandler. If data1 is cleared,
emit an unconditional eager deopt.

Note all early-return paths must happen before any code is emitted.

Bug: v8:7700
Change-Id: I00d5ff258cc88a0cb2423267b362c05540d09839
Fixed: chromium:1359714
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3898691
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83211}
2022-09-15 10:53:58 +00:00
Leszek Swirski
e6a08cd985 [maglev] Add a checked Float64->Int32 node
This can happen when we have a load from a double field of a value that
canonicalises to a Smi, and we then use that Smi value in Smi-feedback
arithmetic.

Bug: v8:7700
Fixed: v8:13282
Change-Id: I6d8245b8393f7595c3442985087ebb8e806061eb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3890999
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83210}
2022-09-15 10:44:57 +00:00
Clemens Backes
1628c9052f [runtime] Use v8_flags for accessing flag values
Avoid the deprecated FLAG_* syntax, access flag values via the
{v8_flags} struct instead.

R=nicohartmann@chromium.org

Bug: v8:12887
Change-Id: Ibdf60bd42ed577f367eee7da4de3a7e3dd6799e6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3871205
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83209}
2022-09-15 10:35:17 +00:00
Clemens Backes
5f00755c81 [flags] Disable hard-abort when fuzzing
Running the libfuzzer fuzzers locally (with an experimental flag turned
on) found crashes, but did not produce crash files because we were
generating a software interrupt ("trap") instead of properly aborting.
Disabling the "hard-abort" feature fixes that.

This will hopefully not flush out previously missed crashes. If so,
please do manually bisect across this CL, instead of assigning to me :)

Drive-by: Move more initialization logic from {InitializeFuzzerSupport}
to the {FuzzerSupport} constructor, where other similar work is
performed.

R=thibaudm@chromium.org, saelo@chromium.org

Bug: v8:13283
Change-Id: Id8d4e92f5ab6bb27676adeae6b3b1eb042b8ba3e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3892061
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Samuel Groß <saelo@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83208}
2022-09-15 09:48:48 +00:00
Jakob Linke
647fea9c1b [maglev] Fix clobbered regs in TestUndetectable and more
Temporaries and the allocated result register may alias, thus order is
important when setting the result value.

Fixed: TestUndetectable, LogicalNot, SetPendingMessage.

Drive-by: Pass Label::kNear in a few spots I passed by.

Bug: v8:7700
Change-Id: Ice3de1d1014ad05d8fa9fb18d967887386bfed0d
Fixed: chromium:1359723
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3898530
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83207}
2022-09-15 08:13:07 +00:00
v8-ci-autoroll-builder
de243bd235 Update V8 DEPS (trusted)
Rolling v8/build: 4157fb6..ccee528

Rolling v8/buildtools: e713c13..040e851

Rolling v8/buildtools/linux64: git_revision:b4851eb2062f76a880c07f7fa0d12913beb6d79e..git_revision:fff29c1b3f9703ea449f720fe70fa73575ef24e5

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/37391a1..0d1854a

Rolling v8/third_party/depot_tools: 9ebcfa6..5e4d749

Rolling v8/third_party/fuchsia-sdk/sdk: version:9.20220913.3.1..version:9.20220914.1.1

Rolling v8/tools/clang: 02a202a..12149f2

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I4afeac189d64d4ef62599de14187f9bd2348ff5f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3897654
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#83206}
2022-09-15 03:55:58 +00:00
Frank Tang
b6f32720dd [Temporal] Fix DST handling
Correct the call the the one which take the UTC based time
instead of the one taking the local wall time.

Bug: v8:11544
Change-Id: Ib288617e8f98b21865c306ca36cd905a3e5315bd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3892639
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83205}
2022-09-14 20:50:28 +00:00
Frank Tang
c8b4b66fe9 [Temporal] Fix Instant rounding
Sync with 2210 and 2240
https://github.com/tc39/proposal-temporal/pull/2210
https://github.com/tc39/proposal-temporal/pull/2400

Add AO: RoundNumberToIncrementAsIfPositive
Change AO parameter: DifferenceInstant

Spec:
https://tc39.es/proposal-temporal/#sec-temporal-roundnumbertoincrementasifpositive
https://tc39.es/proposal-temporal/#sec-temporal-roundtemporalinstant
https://tc39.es/proposal-temporal/#sec-temporal-differenceinstant
https://tc39.es/proposal-temporal/#sec-temporal-addduration
https://tc39.es/proposal-temporal/#sec-temporal-differencetemporalinstant
https://tc39.es/proposal-temporal/#sec-temporal-differencetemporalzoneddatetime

Bug: v8:11544
Change-Id: I6b613bd19014d770852b9ba587278e714f9ac110
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3857451
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83204}
2022-09-14 19:59:32 +00:00
Samuel Groß
d7fcbba80e [sandbox] Increase ExternalPointerTable maximum capacity to 512MB
Bug: v8:10391
Change-Id: I383e11bdccf6fcaf13f29d25e1404545067d313e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3891249
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83203}
2022-09-14 19:35:38 +00:00
Seth Brenith
3d59a3c2c1 Add option to report discarded allocations in sampling heap profiler
A couple of customers have asked about using devtools to get information
about temporary allocations, with the goal of reducing GC time and/or
peak memory usage. Currently, the sampling heap profiler reports only
objects which are still alive at the end of the profiling session. In
this change, I propose adding configuration options when starting the
sampling heap profiler so that it can optionally include information
about objects which were discarded by the GC before the end of the
profiling session. A user could run the sampling heap profiler in
several different modes depending on their goals:

1. To find memory leaks or determine which functions contribute most to
   steady-state memory consumption, the current default mode is best.
2. To find functions which cause large temporary memory spikes or large
   GC pauses, the user can request data about both live objects and
   those collected by major GC.
3. To tune for minimal GC activity in latency-sensitive applications
   like real-time audio processing, the user can request data about
   every allocation, including objects collected by major or minor GC.
4. I'm not sure why anybody would want data about objects collected by
   minor GC and not objects collected by major GC, but it's also a valid
   flags combination.

Change-Id: If55d5965a1de04fed3ae640a02ca369723f64fdf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3868522
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#83202}
2022-09-14 17:39:12 +00:00
Samuel Groß
95216968f5 [sandbox] Update test/mkgrokdump/README
When regenerating v8heapconst.py, the v8 sandbox now has to be enabled
explicitly (using the v8_enabe_sandbox=true gn arg) as it is enabled by
default in Chromium builds, but not standalone v8 builds.

Bug: v8:13281
Change-Id: I1a0861b1d63f340465d7433e042b27eace706ca7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3895622
Commit-Queue: Adam Klein <adamk@chromium.org>
Auto-Submit: Samuel Groß <saelo@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83201}
2022-09-14 17:09:49 +00:00