This reverts commit 4a037f871e.
Reason for revert: Bot failures, including MSVC compilation.
Original change's description:
> [wasm][bug] Fix a couple of bugs in validation of unreachable code
>
> Changes:
> - SetBlockType now instantiates the block's start merge with values of
> the correct type in unreachable code.
> - EnsureStackArguments now keeps the existing stack values and moves
> them over the new bottom values.
> - Drop stack size validation in Drop().
> - Add new tests in unreachable-validation.js.
>
> Change-Id: Ie68b3d9abb0a41d1623d4a123fb526e71941c4e7
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2902733
> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74650}
Change-Id: Icb16af9a8ed16e593fe345ab727b992d9c9b1500
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2905597
Auto-Submit: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74657}
The logic is different for shared and non-shared memory, so it's
cleaner to have different functions for them.
Bug: v8:11111
Change-Id: I95d43b54c207b8059ea59d6d0f873623de946be3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2903152
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74656}
Our synchronization protocol for top and limit only guarantees that we
read the new limit in case we read the new top. However, it could happen
that we read the old top but the new limit. In the allocation slow path
we reset both top and limit to 0 first and then reset it to the
free list allocation boundaries.
With --no-inline-new we are changing top/limit a lot, so it could happen
that we read the old value for top (0) but a regular address for limit.
In such cases large parts of the heap would be incorrectly considered
pending. Handle these cases here by checking that top is non-zero.
This is temporary fix, we believe that it is at least theoretically
possible to read non-0 but non-consistent values for top/limit as well.
This will be addressed in a subsequent CL.
Bug: v8:11778
Change-Id: I6b581f2a6df3f24c16443717b0cde9a18c5f3f40
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2903155
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74655}
The BytecodeArray itself was fetched by using a barrier so all reads
from the constant pool are safe.
Bug: v8:7790
Change-Id: If924d43a10c7aa20b69225fab8219e7bd988419c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2903149
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74654}
Using kAssumeMemoryFence works around the fact that the graph stores
handles (and not refs). The assumption is that any handle inserted
into the graph is safe to read; but we don't preserve the reason why
it is safe to read. Thus we must over-approximate here and assume the
existence of a memory fence.
Note this is only valid if all spots that insert handles into the
graph ensure that the handle can safely be read.
In the future, we should consider having the graph store ObjectRefs or
ObjectData pointer instead, which would make new ref construction here
unnecessary.
Bug: v8:7790,chromium:1209798
Change-Id: Ic22340ea9f34a24be530a3c62c8309d25e108f3f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2902742
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74653}
Changes:
- SetBlockType now instantiates the block's start merge with values of
the correct type in unreachable code.
- EnsureStackArguments now keeps the existing stack values and moves
them over the new bottom values.
- Drop stack size validation in Drop().
- Add new tests in unreachable-validation.js.
Change-Id: Ie68b3d9abb0a41d1623d4a123fb526e71941c4e7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2902733
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74650}
We used to verify its index as if it was a function index.
Bug: chromium:1210447
Change-Id: I5e015b1b11b22b6b7e7e13dac4945f8eb6f3d846
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2903153
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74649}
Since debug-interface.h and isolate.h only uses
v8_inspector::V8Inspector as a pointer type, this removes the #includes
and forward declares the type.
Bug: v8:11384
Change-Id: Ia361fc3a028a9abf5ee42ecb3b2575bc84a81e35
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2903159
Auto-Submit: Dan Elphick <delphick@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74648}
Rolling v8/build: 30196c5..4036cf1
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/a68a003..c1e1d55
Rolling v8/third_party/depot_tools: 1fc595b..6b0a611
Rolling v8/third_party/zlib: 298d9e6..5b8d433
Rolling v8/tools/clang: 701e2be..a38f01b
Rolling v8/tools/luci-go: git_revision:bbac8f199026d706b08e53ca46d1a9560ae580d2..git_revision:22d464e2f8f3bd2bd33f69fe819326d63f881008
Rolling v8/tools/luci-go: git_revision:bbac8f199026d706b08e53ca46d1a9560ae580d2..git_revision:22d464e2f8f3bd2bd33f69fe819326d63f881008
Rolling v8/tools/luci-go: git_revision:bbac8f199026d706b08e53ca46d1a9560ae580d2..git_revision:22d464e2f8f3bd2bd33f69fe819326d63f881008
TBR=v8-waterfall-sheriff@grotations.appspotmail.com
Change-Id: Id08b26af423f65f67a64289c03a5e2eba5c6bfa4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2904925
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74647}
Marking holds the process wide mutex for synchronizing CrossThread*
references. In addition, marking may also create temporary copies of
Member references for concurrent tracing (snapshot).
Provide HeapRegistry with its own mutex to avoid a deadlock with
Member checking during marking.
Bug: chromium:1056170
Change-Id: I31d922ec1a476942e29d8d4fa7d864a015f428cc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2904211
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74646}
Drive-by fix: The file name for WATCHLISTS in the OWNERS file rule was
wrong, so fixing that too so that it's possible to modify WATCHLISTS
without eng reviewers approval in the future.
Change-Id: I0e24c5d459aab2bb346aca64125eabe0ceac8274
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2903154
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74644}
In order to support Fast API calls with overloads, store a FixedArray
of c-function addresses and a FixedArray of the corresponding
FunctionInfo*. For now keep using only the first function in the array.
Bug: v8:11739
Change-Id: If23381aa9d04c5cd830043951da9c53836a36328
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2876592
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#74643}
Using `thread_local` on AIX causes the following error during linking:
```
ld: 0711-317 ERROR: Undefined symbol: TLS init function for ...
```
To avoid the issue we can use the __thread keyword.
More on this gcc bug:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100641
Bug: v8:11755
Change-Id: Ic9738e8dfb7110b550328c5d9929f4453e545b0b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2903586
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#74642}
This was only relevant for the br_on_exn instruction, which doesn't
exist anymore.
R=clemensb@chromium.org
Change-Id: I03f85a316a8265ad1c5e1c15862d7ae98b784977
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2902734
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74641}
The early/late graph trimming phases remove dead nodes from the graph,
however these dead nodes don't have significant impact on the quality of
the codegen or the performance of the rest of the pipeline.
BUG=v8:9684
Change-Id: I1e797b520accc19ea59f2a430433e5b489c10e47
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2897889
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74640}
This is the second reland of 4683d6fe52
Initial CL: crrev.com/c/2874663
First reland: crrev.com/c/2886861
The first reland fixes Ref construction failures in:
- MapRef::instance_descriptors
- NativeContext reads (see also crrev.com/c/2891575)
The second reland (this CL):
- Adds required infrastructure (e.g. kAssumeMemoryFence) but
without enabling the IsPendingAllocation check. Enabling the check
will be done separately to avoid further revert chains.
Original change's description:
> [compiler] Consider IsPendingAllocation in Ref construction
>
> The logic in JSHeapBroker::TryGetOrCreateData assumes that parts
> of the object are safe to read. In particular, the instance type
> must be readable for the chain of `Is##Name()` type checks.
>
> This is guaranteed if
>
> - a global memory fence happened after object initialization and
> prior to the read by the compiler; or
> - the object was published through a release store and read through
> an acquire read.
>
> The former is protected by the new call to ObjectMayBeUninitialized
> (which internally calls IsPendingAllocation) in TryGetOrCreateData.
>
> The latter must be marked explicitly by calling the new
> MakeRefAssumeMemoryFence variant.
>
> Note that support in this CL is expected to be incomplete and will
> have to be extended in the future as more cases show up in which
> MakeRef calls must be converted to MakeRefAssumeMemoryFence or to
> TryMakeRef.
>
> Bug: v8:7790,v8:11711
> Change-Id: Ic2f7d9fc46e4bfc3f6bbe42816f73fc5ec174337
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2874663
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74474}
Bug: v8:7790,v8:11711,chromium:1207680,chromium:1207679
Change-Id: I123b2962df724a13dd2c7334ae949234bc3bf27a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2902738
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74638}
We compile with Sparkplug when we allocate the feedback vector with lazy
feedback vector allocation.
With --no-lazy-feedback-allocation, it doesn't make sense to run
baseline tests.
Change-Id: Ib71e8624531ba927680e83c2e813c0886c460da4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2903148
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Patrick Thier <pthier@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74637}
Different runs of the correctness fuzzer might flush the bytecode
of the function passed to d8.test.verifySourcePositions, resulting
in spurious errors. Therefore don't expose verifySourcePositions
for correctness fuzzing.
Bug: chromium:1209242
Change-Id: I0395afcd5a5e109779d7b79d9f6939899eaaf99c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2903144
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Auto-Submit: Patrick Thier <pthier@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74635}
The cycle mentioned in the comment has disappeared but we still need
to set the native context Ref twice, once when the broker mode is
kDisabled, and once when it's kSerializing (the earlier Ref is
invalid by that time).
Bug: v8:7790
Change-Id: I5778814a20c2706ca088557176aaa9ccfc3a39df
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2902741
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74634}
This header file is not used by the torque compiler but by the
torque-generated headers. (Fixes 1 gn check error currently suppressed
due to gn check exclusions).
Bug: v8:7330
Change-Id: I23c05bac814c1e9c373dadcb3f69ea76ff7c2358
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2902737
Auto-Submit: Dan Elphick <delphick@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74633}
Side-Effect-free debug evaluate is available through the CDP Runtime
domain as well, besides the Debugger domain, and does not require
debugging to be active.
Change-Id: I84af194af65cbac311d208e35af7338cb675eb36
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2902729
Commit-Queue: Philip Pfaffe <pfaffe@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Philip Pfaffe <pfaffe@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74631}
The marking verifier already traverses the whole heap using page
iteration. Add an option to allow checking that the verifier pass
finds the same amount of live bytes as the marker traversal.
Bug: chromium:1056170
Change-Id: I1dc4cd0c04147b8cd3e3eb7678276b665336e615
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2902724
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74630}
Conceptually, Oilpan uses tri-color marking even though the
implementatin only uses a single mark bit. The difference between gray
and black is represented by the fact that an objet is contained within
a worklist.
Live bytes are accounted on gray->black transition and must only
happen once. This is generally implemented when retrieving an object
from the work list and processing it.
For weak containers this CL fixes the following issues:
1. Weak containers that are strongified during stack scanning were
double accounted as they were just added to the marking worklist.
Instead, directly process them during stack scanning.
2. Accounting was missing in case of purely weak collections without
ephemeron tracing. In such a case, the backing store would not be
added to a worklist and be considered as black immediately. The fix
is to directly account the marked bytes in such a scenario.
Bug: chromium:1056170
Change-Id: I350ae1b90ad1753d024a3ce33fc3ec3126a2095d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2900661
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74629}
Most of the Map's fields are being read directly from the heap so
there's no need to serialize them with concurrent inlining on.
As an extra step, read NextFreePropertyIndex directly.
Bug: v8:7790
Change-Id: Ia0c46a3bbb673f9fdea9b4700908f00a43c28e28
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2892665
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74628}
This reverts commit 2c096b539e.
Reason for revert: speculative revert for https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20no-concurrent-marking/3838/overview
Original change's description:
> [codegen] Add TSAN support for tagged stores in generated code
>
> Mimics the kArchStoreWithWriteBarrier store in generated code by having
> a relaxed store to the same address, with the same value. This is done
> in order for TSAN to see these stores from generated code.
>
> Since it is done only for kArchStoreWithWriteBarrier TSAN will see
> tagged stores only.
>
> Bug: v8:7790, v8:11600
>
> Change-Id: I275dd46f5556b3a095c416adc03f2f0ac5bde41c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2848470
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74568}
Bug: v8:7790
Bug: v8:11600
Change-Id: Ib0c7917af2b4ba43b81a8afebd687324cd78b228
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2902930
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74627}
Reverts part of the change https://chromium-review.googlesource.com/c/v8/v8/+/2892664
to avoid using bitfields for Truncation since it causes older versions of gcc
to report a warning.
BUG=v8:9684
Change-Id: Ia807d6dbbb5ae1baae73bf5816c336b9b80ae83d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2900660
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74624}
This reverts commit 50cbeca9ac.
Reason for revert: speculative revert for https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20no-concurrent-marking/3824/overview
Original change's description:
> [codegen] Use builtin calls for TSANRelaxedStore
>
> Instead of calling the C function directly from codegen, we call a
> builtin that calls the C function. This is done to encapsulate the
> push/pop registers in the code in the builtin.
>
> Bug: v8:7790, v8:11600
> Change-Id: I4c77a80803d4eb44526b716901afe0e8ccbe077d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2892663
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74599}
Bug: v8:7790
Bug: v8:11600
Change-Id: I3a4c57a29346fe6c84ec11404d8ff64cfac51a70
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2902926
Auto-Submit: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74622}
This reverts commit 4683d6fe52.
Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN/36744/overview
Original change's description:
> Reland "[compiler] Consider IsPendingAllocation in Ref construction"
>
> This is a reland of 5f0ac36cc6
>
> Fixes Ref construction failures in:
> - MapRef::instance_descriptors
> - NativeContext reads (see also crrev.com/c/2891575)
>
> Original change's description:
> > [compiler] Consider IsPendingAllocation in Ref construction
> >
> > The logic in JSHeapBroker::TryGetOrCreateData assumes that parts
> > of the object are safe to read. In particular, the instance type
> > must be readable for the chain of `Is##Name()` type checks.
> >
> > This is guaranteed if
> >
> > - a global memory fence happened after object initialization and
> > prior to the read by the compiler; or
> > - the object was published through a release store and read through
> > an acquire read.
> >
> > The former is protected by the new call to ObjectMayBeUninitialized
> > (which internally calls IsPendingAllocation) in TryGetOrCreateData.
> >
> > The latter must be marked explicitly by calling the new
> > MakeRefAssumeMemoryFence variant.
> >
> > Note that support in this CL is expected to be incomplete and will
> > have to be extended in the future as more cases show up in which
> > MakeRef calls must be converted to MakeRefAssumeMemoryFence or to
> > TryMakeRef.
> >
> > Bug: v8:7790,v8:11711
> > Change-Id: Ic2f7d9fc46e4bfc3f6bbe42816f73fc5ec174337
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2874663
> > Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> > Reviewed-by: Georg Neis <neis@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#74474}
>
> Bug: v8:7790,v8:11711,chromium:1207680,chromium:1207679
> Change-Id: Ib3dbf59909e6982a3230dd6a67c9fb7d6ffb9ab4
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2886861
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74587}
Bug: v8:7790
Bug: v8:11711
Bug: chromium:1207680
Bug: chromium:1207679
Change-Id: I8cd45ac006b7b5f3d668d0df272bcba880c75926
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2901990
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74621}
This reverts commit 6d99f9334b.
Reason for revert: 4683d6fe52 broke TSAN, reverting all its dependencies first (including this)
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN/36744/overview
Original change's description:
> [compiler] Replace EnsureElementsTenured by IsElementsTenured
>
> We can't mutate heap state from the compiler thread; turn this into a
> predicate and emit generic code if it returns false.
>
> Bug: v8:7790
> Change-Id: I6186a87e178d0c0206b6e7659fa2a41bf65fd835
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2876845
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74596}
Bug: v8:7790
Change-Id: Ic32921a2f7d870560cd596933d6308a04d757e22
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2901986
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74617}
This reverts commit 5258364e23.
Reason for revert: 4683d6fe52 broke TSAN, reverting all its dependencies first (including this)
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN/36744/overview
Original change's description:
> [compiler] Make NativeContextRef never-serialized
>
> Most NativeContext elements are immutable after initialization;
> additionally, we now use acquire-release semantics to load/store
> elements when possible. Reading and constructing Refs for elements
> is thus possible from the background.
>
> A few notes:
>
> - A few elements are not immutable; if read from the background
> thread, these must use acquire-release semantics.
> - Elements can be stored from generated code; these are not compatible
> with bg-thread accesses.
> - While elements can be read safely from the native context, the
> elements themselves may still require serialization; this is done in
> NativeContextRef::Serialize.
>
> Bug: v8:7790
> Change-Id: I12e9611a292e7dd912438c712390731a5422407d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2897254
> Auto-Submit: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74604}
Bug: v8:7790
Change-Id: I5c26b476a25a9af0ff4e56e51b5aa35d87cf35c1
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2901985
Auto-Submit: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74616}
tldr: This adds an on-demand comparison with x64 when a difference to
a non-x64 build is detected.
Normally foozzie compares the baseline build (just ignition), with
two secondary builds. One, the default, always uses the shipping
configuration, the second passes additional flags. Both can use a
different architecture than the baseline build as well.
Differences between ignition and turbofan are then often detected
independent of the architectures used, but reported several times
(for each compared architecture).
This makes the reporting more specific, by running another build on
demand that uses the baseline architecture, but otherwise the same
configuration that showed a difference. If it shows the difference as
well, the baseline architecture is used for the report.
As a result only pure architecture differences will be reported with
an architecture other than x64.
This also adds some minor refactorings to reduce the code complexity
when looping over comparisons.
For testing this, the fake-d8s are extended with different behavior
for different flags passed. We add two test cases for testing:
x64 vs. ia32 with difference in x64 and ia32
x64 vs. ia32 with difference only in ia32
Bug: chromium:1196633
No-Try: true
Test: tools/clusterfuzz/v8_foozzie_test.py
Change-Id: Ic470ae8f0b37fb1628b32e4fafc0c39377e16f8c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2897099
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74612}
This fixes a compile error after https://crrev.com/c/2891829 if
webassembly is disabled (v8_enable_webassembly = false).
R=pfaffe@chromium.org
Change-Id: Ia425a49d3de11e7c71bb65680ac6a94acd63599e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2900231
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Philip Pfaffe <pfaffe@chromium.org>
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Philip Pfaffe <pfaffe@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74610}
Continuing the cleanups and using the tags rather than synchronized_
in the name of the accessors.
Bug: v8:7790
Change-Id: I3c2d0ccf54fa6161dbd9d12b1b9743a046534521
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2897095
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74609}
