- 19 Oct, 2020 9 commits
-
-
Salome Thirot authored
This fixes a bug that made a test fail in mjsunit/wasm/return-call.js (the CFI bot does not run the tests with --variants=extra, hence why it didn't catch it). It also introduces --sim-abort-on-bad-auth, a debug flag for the arm64 simulator that stops a program as soon as an authentication error appears, to make debugging easier. Change-Id: Ibee731ab788aff45301d268ef05256b82f5e4613 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2473833 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#70601}
-
Jakob Gruber authored
The flaky failure is three years old, let's see how it behaves today. Bug: v8:5920 Change-Id: Idaa71d274f937e3c6997b49e0acfe7cc88e64956 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2484571 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Auto-Submit: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#70600}
-
Omer Katz authored
Bug: chromium:1056170 Change-Id: I010ab2ff2c55ce54b5dcc2df6fb7bbcd14b03e2a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2480568Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/master@{#70599}
-
Jakob Gruber authored
Introduced by https://chromium-review.googlesource.com/c/v8/v8/+/2465834. No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:8661,v8:8768 Change-Id: I3414ede29e5664ea94df2210cd793264fe8fffa6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2484572 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Auto-Submit: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#70598}
-
Jakob Gruber authored
While the overall goal of this commit is to change deoptimization entries into builtins, there are multiple related things happening: - Deoptimization entries, formerly stubs (i.e. Code objects generated at runtime, guaranteed to be immovable), have been converted into builtins. The major restriction is that we now need to preserve the kRootRegister, which was formerly used on most architectures to pass the deoptimization id. The solution differs based on platform. - Renamed DEOPT_ENTRIES_OR_FOR_TESTING code kind to FOR_TESTING. - Removed heap/ support for immovable Code generation. - Removed the DeserializerData class (no longer needed). - arm64: to preserve 4-byte deopt exits, introduced a new optimization in which the final jump to the deoptimization entry is generated once per Code object, and deopt exits can continue to emit a near-call. - arm,ia32,x64: change to fixed-size deopt exits. This reduces exit sizes by 4/8, 5, and 5 bytes, respectively. On arm the deopt exit size is reduced from 12 (or 16) bytes to 8 bytes by using the same strategy as on arm64 (recalc deopt id from return address). Before: e300a002 movw r10, <id> e59fc024 ldr ip, [pc, <entry offset>] e12fff3c blx ip After: e59acb35 ldr ip, [r10, <entry offset>] e12fff3c blx ip On arm64 the deopt exit size remains 4 bytes (or 8 bytes in same cases with CFI). Additionally, up to 4 builtin jumps are emitted per Code object (max 32 bytes added overhead per Code object). Before: 9401cdae bl <entry offset> After: # eager deoptimization entry jump. f95b1f50 ldr x16, [x26, <eager entry offset>] d61f0200 br x16 # lazy deoptimization entry jump. f95b2b50 ldr x16, [x26, <lazy entry offset>] d61f0200 br x16 # the deopt exit. 97fffffc bl <eager deoptimization entry jump offset> On ia32 the deopt exit size is reduced from 10 to 5 bytes. Before: bb00000000 mov ebx,<id> e825f5372b call <entry> After: e8ea2256ba call <entry> On x64 the deopt exit size is reduced from 12 to 7 bytes. Before: 49c7c511000000 REX.W movq r13,<id> e8ea2f0700 call <entry> After: 41ff9560360000 call [r13+<entry offset>] Bug: v8:8661,v8:8768 Change-Id: I13e30aedc360474dc818fecc528ce87c3bfeed42 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2465834 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#70597}
-
Michael Lippautz authored
Change-Id: Ie0b3a41e4248fb831d76ac47417cd8cb3a1e23f9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2482823 Commit-Queue: Omer Katz <omerkatz@chromium.org> Auto-Submit: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/master@{#70596}
-
Zhao Jiazhong authored
kDoubleRegZero register is not hardwired to 0.0, we need to check it's value before using it. Change-Id: I8a64ac55294f51a9a5f96a39a3b344f7e34d508a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2479223Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Zhi An Ng <zhin@chromium.org> Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn> Cr-Commit-Position: refs/heads/master@{#70595}
-
Jakob Gruber authored
This reverts commit 1e1f9ffc. Reason for revert: https://bugs.chromium.org/p/chromium/issues/detail?id=1139304 Original change's description: > [regexp] Enable fallback to experimental engine by default > > This CL enables the functionality that was added in d4febb6b by > flipping the corresponding feature flag. > > Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel_ng > Bug: v8:10765 > Bug: v8:11021 > Change-Id: Id061a274b016c71e6a4f7d7934a9c287d3124228 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2470568 > Commit-Queue: Martin Bidlingmaier <mbid@google.com> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/master@{#70510} TBR=jgruber@chromium.org,mbid@google.com No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:10765,v8:11021,chromium:1139304 Change-Id: Ie9c38cc30d1fa81d395cc11ab1f1db5e19ba04de Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2484402 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#70594}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/67889e6..198585c Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/5d73338..89eeef5 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/4761cf5..958dc62 TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com Change-Id: I46de091a4dd60a416a5188ce2756361818038384 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2483516Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#70593}
-
- 18 Oct, 2020 2 commits
-
-
Dmitry Gozman authored
This changes remoteObjectId format from "{injectedScriptId:123,id:456}" to "<isolateId>.<contextId>.<id>". Prepending isolateId fixes the problem that remote object ids clash between processes. This is especially troubling during cross-process navigation in Chromium, see bug. We also stop producing and parsing unnecessary json for object ids. Drive-by: fixed some tests dumping object ids. Most tests avoid dumping unstable values like ids, but there were few that still did. BUG=chromium:1137143 Change-Id: Ia019757fb95704ccb718d3ea6cc54bde1a133382 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2461731 Commit-Queue: Dmitry Gozman <dgozman@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#70592}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/2802d6c..67889e6 Rolling v8/third_party/aemu-linux-x64: tytdjLRUyb_SMJiWqNv0OAYX0kPp2TMapGU9AZPFWFkC..kj9nh6CkrdEq-ctobPV7CtPMwpdU4VrQx_JgZCmejxQC Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/957c117..5d73338 TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com Change-Id: I255e88c0297084b32bc3aefe4c597ca4816d8cb8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2483084Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#70591}
-
- 17 Oct, 2020 3 commits
-
-
Dominik Inführ authored
LocalHeap can be used on main thread, however allocation might cause a GC which works differently on the main thread than on a background thread. Support collection on main thread by directly performing the GC instead of requesting the GC as done on background threads. To allow for differentiation between main and background threads, LocalHeap/LocalIsolate now require an additional argument. Change-Id: I08094ea633e303e149913f21dff395da9e046534 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2463238Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#70590}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/53ad43e..2802d6c Rolling v8/third_party/aemu-linux-x64: ZGsmd0k3ijPxG9j-pwQg-yGF3zXYYOUD1L40GuIoAjEC..tytdjLRUyb_SMJiWqNv0OAYX0kPp2TMapGU9AZPFWFkC Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/39d870e..4761cf5 Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/d4827bf..3a982ad TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com Change-Id: I3f1914077dfe2fcf0cf34be21d7e1726916b79b5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2482522Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#70589}
-
Zhao Jiazhong authored
Bug: v8:10993 Change-Id: Ic46ce5e6e2195ff8ba2e340ddba11dd25b7ddf6e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2479225Reviewed-by: Zhi An Ng <zhin@chromium.org> Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn> Cr-Commit-Position: refs/heads/master@{#70588}
-
- 16 Oct, 2020 26 commits
-
-
Ng Zhi An authored
Bug: v8:10993 Change-Id: I9b3cd1499cc9ebb93690e4940e9d94c5f445e315 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2477432Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#70587}
-
Ng Zhi An authored
Store lane loads a value from memory and replaces a single lane of a simd value. This implements store lane for x64 and interpreter. Bug: v8:10975 Change-Id: Ida79a03e0fd2bc18f2c06687311936b3cb550ed5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2473383Reviewed-by: Bill Budge <bbudge@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#70586}
-
Ng Zhi An authored
Bug: v8:10993 Change-Id: Id767016fe0ecc3357a5f5c106b82e0c1e52b9209 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2477734 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#70585}
-
Ng Zhi An authored
Decoding of three-byte opcodes were within the two-byte decoding function, separate it out, and fix an incorrect comment about us no having any three-byte opcodes (that is no longer true). Also un-nest a large if/else out into parent scope. Test: out/x64.debug/cctest test-disasm-x64/DisasmX64 --random-seed=1 Bug: v8:10933 Change-Id: I494d67ac75cc4500d5f0045f1087b856e6375f82 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2477426 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#70584}
-
Ng Zhi An authored
Implement i32x4.dot_i16x8_s for Liftoff on on ia32 and x64. ARM implementation will come later. Bug: v8:10993 Change-Id: I33b859a21b91023b40d8cf7b9fee110b0d148a7c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2477497Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#70583}
-
Ng Zhi An authored
See https://github.com/WebAssembly/bulk-memory-operations/blob/master/proposals/bulk-memory-operations/Overview.md#element-segments. Together with the changes in https://crbug.com/v8/10810, we can get these tests pasing now. Bug: v8:10810 Change-Id: Ib445e9c57f7f7e5e63c9a3b3c192323062204aa1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2477493Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#70582}
-
Ng Zhi An authored
With AVX, we don't need to force dst to be the same as first operand, this can eliminate some moves. (On the js file in linked bug, we can eliminate all movs before shifts, saving ~20 movs.) Bug: v8:10116 Change-Id: I7951b5d8e42995098ddee2a326d0fe6f183c0fb9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2477494 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#70581}
-
Zhao Jiazhong authored
Change-Id: Ie187d6ec848414d725b18b9a20be3c65f94f86ba Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2477752Reviewed-by: Zhi An Ng <zhin@chromium.org> Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn> Cr-Commit-Position: refs/heads/master@{#70580}
-
Milad Fa authored
Port 01b8b3e0 Original Commit Message: This is merged into the proposal, move it out of post-mvp flags, and remove any ifdefs guarding it. R=zhin@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com BUG= LOG=N Change-Id: I366adf8f688edbc0ab39543de576f03d4cd979b3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2480602Reviewed-by: Zhi An Ng <zhin@chromium.org> Commit-Queue: Milad Fa <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/master@{#70579}
-
Clemens Backes authored
It makes inspector tests a lot more readable if the opcode of the pause location is being printed. Since we already have a list of all opcodes available in wasm-module-builder.js, we can just reuse that to build a reverse lookup map. This CL implements this for single-byte opcodes only, which is enough for all tests that we currently have. It will have to be extended for prefixed opcodes once that is being used. R=thibaudm@chromium.org, kimanh@chromium.org Change-Id: I085fea99d2f5f2dc6cc084448e5f7444cce5c78b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2474789 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Kim-Anh Tran <kimanh@chromium.org> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/master@{#70578}
-
Michael Lippautz authored
This reverts commit fba14bde. Reland fixes: - const vector<const string> -> const vector<string> Original message: The following implements a snapshotting algorithm for C++ objects that also filters strongly-connected components (SCCs) of only "hidden" objects that are not (transitively) referencing any non-hidden objects. C++ objects come in two versions. a. Named objects that have been assigned a name through NameProvider. b. Unnamed objects, that are potentially hidden if the build configuration requires Oilpan to hide such names. Hidden objects have their name set to NameProvider::kHiddenName. The main challenge for the algorithm is to avoid blowing up the final object graph with hidden nodes that do not carry information. For that reason, the algorithm filters SCCs of only hidden objects, e.g.: ... -> (object) -> (object) -> (hidden) -> (hidden) In this case the (hidden) objects are filtered from the graph. The trickiest part is maintaining visibility state for objects referencing other objects that are currently being processed. Main algorithm idea (two passes): 1. First pass marks all non-hidden objects and those that transitively reach non-hidden objects as visible. Details: - Iterate over all objects. - If object is non-hidden mark it as visible and also mark parent as visible if needed. - If object is hidden, traverse children as DFS to find non-hidden objects. Post-order process the objects and mark those objects as visible that have child nodes that are visible themselves. - Maintain an epoch counter (StateStorage::state_count_) to allow deferring the visibility decision to other objects in the same SCC. This is similar to the "lowlink" value in Tarjan's algorithm for SCC. - After the first pass it is guaranteed that all deferred visibility decisions can be resolved. 2. Second pass adds nodes and edges for all visible objects. - Upon first checking the visibility state of an object, all deferred visibility states are resolved. For practical reasons, the recursion is transformed into an iteration. We do not use plain Tarjan's algorithm to avoid another pass over all nodes to create SCCs. Follow ups: 1. Adding wrapper nodes for cpp objects that are wrappables for V8 wrappers. 2. Adding detachedness information. Bug: chromium:1056170 Change-Id: Ib47df5c912c57d644d052f209276e9d926cece0f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2480362 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Auto-Submit: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#70577}
-
Clemens Backes authored
This reverts commit 8358ab49. Reason for revert: TSan issues: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/33730 Original change's description: > [heap] Introduce new state in CollectionBarrier > > Introduce new state kCollectionStarted in CollectionBarrier. This state > is used during Heap::PerformGarbageCollection. It stops threads from > requesting GC when the GC was already started. This happens because a > background thread only requests the GC after it parked itself - the GC > could be started in-between those two events. > > Bug: v8:10315 > Change-Id: I59cf3d4ea41c7a2c37ffce89c5b057221a2499e0 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2474858 > Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Cr-Commit-Position: refs/heads/master@{#70572} TBR=ulan@chromium.org,dinfuehr@chromium.org Change-Id: Ia67b1cbb931ce1b965876c7a1bbb09f48b8c7b43 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:10315 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2480563Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#70576}
-
Etienne Pierre-doray authored
Replaces ItemParallelJob by std::vector to hold marking items. IndexGenerator is used to iterate over evacuation items. slots_ is moved from items to YoungGenerationMarkingTask to reduce synchronisation. Change-Id: Iac7aba215e8ba545c12a9ab6c810d343234fbbbf Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440830 Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#70575}
-
Etienne Pierre-doray authored
Most code protected by compilation_scope_mutex_ is already either thread safe, or could run in parallel. Removing lock reduces contention. Note that weak_ptr::lock is atomic and thus still prevents deletion of NativeModule&CompilationStateImpl for the scope of BackgroundCompileScope. Related changes: - BackgroundCompileToken is deleted and publish_queue is moved to CompilationStateImpl. - Some of the (non thread-safe) logic in publish_results is moved into PublishCompilationResults so that it is serialized to 1 thread running publisher. - cancellation is handled by an atomic bool and is no longer synchronized. This means that compilation may be cancelled while a worker thread is still running. That thread would only stop once it reaches a new BackgroundCompileScope. Change-Id: I9651e924857c583d1a0fe5b9ffa99bfd01a8bda4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2442192Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org> Cr-Commit-Position: refs/heads/master@{#70574}
-
Ross McIlroy authored
This is a reland of cdc8d9a5 Skipped tests on gc_stress and fixed CONSTEXPR_DCHECK for gcc. Original change's description: > [TurboProp] Avoid marking the output of a call live in its catch handler > > The output of a call won't be live if an exception is thrown while the > call is on the stack and we unwind to a catch handler. > > BUG=chromium:1138075,v8:9684 > > Change-Id: I95bf535bac388940869eb213e25565d64fe96df1 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2476317 > Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#70562} Bug: chromium:1138075 Bug: v8:9684 Change-Id: I685c94ee2ffcf06658df07fcef06f58c4f01f54b Cq-Include-Trybots: luci.v8.try:v8_linux64_gcc_compile_dbg Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2479009 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Auto-Submit: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#70573}
-
Dominik Inführ authored
Introduce new state kCollectionStarted in CollectionBarrier. This state is used during Heap::PerformGarbageCollection. It stops threads from requesting GC when the GC was already started. This happens because a background thread only requests the GC after it parked itself - the GC could be started in-between those two events. Bug: v8:10315 Change-Id: I59cf3d4ea41c7a2c37ffce89c5b057221a2499e0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2474858 Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#70572}
-
Maya Lekova authored
This reverts commit 02849fd9. Reason for revert: Breaks Win64 MSVC bot and closes the tree - https://ci.chromium.org/p/v8/builders/ci/V8%20Win64%20-%20msvc/15416 Original change's description: > cppgc-js: Add snapshot for C++ objects > > The following implements a snapshotting algorithm for C++ objects that > also filters strongly-connected components (SCCs) of only "hidden" > objects that are not (transitively) referencing any non-hidden > objects. > > C++ objects come in two versions. > a. Named objects that have been assigned a name through NameProvider. > b. Unnamed objects, that are potentially hidden if the build > configuration requires Oilpan to hide such names. Hidden objects have > their name set to NameProvider::kHiddenName. > > The main challenge for the algorithm is to avoid blowing up the final > object graph with hidden nodes that do not carry information. For that > reason, the algorithm filters SCCs of only hidden objects, e.g.: > ... -> (object) -> (object) -> (hidden) -> (hidden) > In this case the (hidden) objects are filtered from the graph. The > trickiest part is maintaining visibility state for objects referencing > other objects that are currently being processed. > > Main algorithm idea (two passes): > 1. First pass marks all non-hidden objects and those that transitively > reach non-hidden objects as visible. Details: > - Iterate over all objects. > - If object is non-hidden mark it as visible and also mark parent > as visible if needed. > - If object is hidden, traverse children as DFS to find non-hidden > objects. Post-order process the objects and mark those objects as > visible that have child nodes that are visible themselves. > - Maintain an epoch counter (StateStorage::state_count_) to allow > deferring the visibility decision to other objects in the same > SCC. This is similar to the "lowlink" value in Tarjan's algorithm > for SCC. > - After the first pass it is guaranteed that all deferred > visibility decisions can be resolved. > 2. Second pass adds nodes and edges for all visible objects. > - Upon first checking the visibility state of an object, all deferred > visibility states are resolved. > > For practical reasons, the recursion is transformed into an iteration. > We do not use plain Tarjan's algorithm to avoid another pass over > all nodes to create SCCs. > > Follow ups: > 1. Adding wrapper nodes for cpp objects that are wrappables for V8 > wrappers. > 2. Adding detachedness information. > > Change-Id: I6e127d2c6d65e77defe08e39295a2594f463b962 > Bug: chromium:1056170 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2467854 > Commit-Queue: Michael Lippautz <mlippautz@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Omer Katz <omerkatz@chromium.org> > Cr-Commit-Position: refs/heads/master@{#70567} TBR=ulan@chromium.org,mlippautz@chromium.org,bikineev@chromium.org,omerkatz@chromium.org Change-Id: I64a2cf2259bdaed81f6e0f92bdcc7a1f0df4d197 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:1056170 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2479471Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#70571}
-
Igor Sheludko authored
... and add respective regression tests. This CL also adds similar regression tests for TransitionArray but it doesn't have the same issue as DescriptorArray. Bug: chromium:1133527 Change-Id: I668a90f126d76af0a39816ce8697cb29bc65d01b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2465833Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#70570}
-
Pierre Langlois authored
Executable V8 pages include 3 reserved OS pages: one for the writable header and two as guards. On systems with 64k OS pages, the amount of allocatable space left for objects can then be quite smaller than the page size, only 64k for each 256k page. This means regular code objects cannot be larger than 64k, while the maximum regular object size is fixed to 128k, half of the page size. As a result code object never reach this limit and we can end up filling regular pages with few large code objects. To fix this, we change the maximum code object size to be runtime value, set to half of the allocatable space per page. On systems with 64k OS pages, the limit will be 32k. Alternatively, we could increase the V8 page size to 512k on Arm64 linux so we wouldn't waste code space. However, systems with 4k OS pages are more common, and those with 64k pages tend to have more memory available so we should be able to live with it. Bug: v8:10808 Change-Id: I5d807e7a3df89f1e9c648899e9ba2f8e2648264c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2460809Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Pierre Langlois <pierre.langlois@arm.com> Cr-Commit-Position: refs/heads/master@{#70569}
-
Ulan Degenbaev authored
This is a reland of ff61743f Original change's description: > [heap] Refactor marking weak object worklists > > This CL extracts weak object worklist related code into separate files > and uses a macro to specify all weak object worklists in a generic way. > > The motivation of the refactoring is twofold: > 1) We can now enforce that each weak object worklist is updated after > Scavenge. (Forgetting to define the update function causes a link > time error.) > 2) The reduced boilerplate will be useful for transitioning to the > new ::heap::base::Worklist. > > Change-Id: Ic80a7ccca010c09370d6525f43d78de24192f8ea > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2442624 > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> > Commit-Queue: Ulan Degenbaev <ulan@chromium.org> > Cr-Commit-Position: refs/heads/master@{#70308} Change-Id: I8a9f39e53ef4123dd28a1da6f7992cdff341f694 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2461741Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#70568}
-
Michael Lippautz authored
The following implements a snapshotting algorithm for C++ objects that also filters strongly-connected components (SCCs) of only "hidden" objects that are not (transitively) referencing any non-hidden objects. C++ objects come in two versions. a. Named objects that have been assigned a name through NameProvider. b. Unnamed objects, that are potentially hidden if the build configuration requires Oilpan to hide such names. Hidden objects have their name set to NameProvider::kHiddenName. The main challenge for the algorithm is to avoid blowing up the final object graph with hidden nodes that do not carry information. For that reason, the algorithm filters SCCs of only hidden objects, e.g.: ... -> (object) -> (object) -> (hidden) -> (hidden) In this case the (hidden) objects are filtered from the graph. The trickiest part is maintaining visibility state for objects referencing other objects that are currently being processed. Main algorithm idea (two passes): 1. First pass marks all non-hidden objects and those that transitively reach non-hidden objects as visible. Details: - Iterate over all objects. - If object is non-hidden mark it as visible and also mark parent as visible if needed. - If object is hidden, traverse children as DFS to find non-hidden objects. Post-order process the objects and mark those objects as visible that have child nodes that are visible themselves. - Maintain an epoch counter (StateStorage::state_count_) to allow deferring the visibility decision to other objects in the same SCC. This is similar to the "lowlink" value in Tarjan's algorithm for SCC. - After the first pass it is guaranteed that all deferred visibility decisions can be resolved. 2. Second pass adds nodes and edges for all visible objects. - Upon first checking the visibility state of an object, all deferred visibility states are resolved. For practical reasons, the recursion is transformed into an iteration. We do not use plain Tarjan's algorithm to avoid another pass over all nodes to create SCCs. Follow ups: 1. Adding wrapper nodes for cpp objects that are wrappables for V8 wrappers. 2. Adding detachedness information. Change-Id: I6e127d2c6d65e77defe08e39295a2594f463b962 Bug: chromium:1056170 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2467854 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/master@{#70567}
-
Michael Achenbach authored
Fuzzers might randomly call OS methods to create or remove directories. This leads to spurious results when doing differential fuzzing, but it could be potentially harmful to the system during normal fuzzing. This drops OS methods in d8 on fuzzers. Bug: chromium:1138594 Change-Id: Ia3a8c4e3d06c76ccdc50ead1d361338e13ddf1bb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2474790Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#70566}
-
Victor Gomes authored
Change-Id: Ic54046824d4f3c98caa8381d2ece46c9985a2b98 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2475734Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Victor Gomes <victorgomes@chromium.org> Auto-Submit: Victor Gomes <victorgomes@chromium.org> Cr-Commit-Position: refs/heads/master@{#70565}
-
Michael Achenbach authored
This reverts commit cdc8d9a5. Reason for revert: The regression test is too slow: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20gc%20stress/30454 Also gcc failures: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20gcc%20-%20debug/9528 Original change's description: > [TurboProp] Avoid marking the output of a call live in its catch handler > > The output of a call won't be live if an exception is thrown while the > call is on the stack and we unwind to a catch handler. > > BUG=chromium:1138075,v8:9684 > > Change-Id: I95bf535bac388940869eb213e25565d64fe96df1 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2476317 > Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#70562} TBR=rmcilroy@chromium.org,neis@chromium.org Change-Id: I0f6b9378d516a70401fc429fb3612bbf962b0fb2 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:1138075 Bug: v8:9684 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2479007Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#70564}
-
Zhao Jiazhong authored
The sp register's value should be modified to drop all the args from the stack. Change-Id: I7410d325523427d765eb0640e14acede5589284f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2479222Reviewed-by: Victor Gomes <victorgomes@chromium.org> Commit-Queue: Victor Gomes <victorgomes@chromium.org> Cr-Commit-Position: refs/heads/master@{#70563}
-
Ross McIlroy authored
The output of a call won't be live if an exception is thrown while the call is on the stack and we unwind to a catch handler. BUG=chromium:1138075,v8:9684 Change-Id: I95bf535bac388940869eb213e25565d64fe96df1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2476317 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#70562}
-