- 02 Oct, 2020 13 commits
-
-
Jakob Kummerow authored
It only had one callsite, and that callsite was useless: %IsValidSmi(two_31) has never returned {true} on any configuration we have ever shipped. Bug: v8:10933 Change-Id: I09cdfd7bbd7960d1ec460ad4bd9f0d21e47f7393 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2434746 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Auto-Submit: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#70285}
-
Milad Fa authored
Change-Id: I5e976ba8cbecaff04a0975a3de00627cabb00f3f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2442432Reviewed-by: Milad Fa <mfarazma@redhat.com> Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Milad Fa <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/master@{#70284}
-
Omer Katz authored
We clear during sweep so that we are guaranteed the in-construction bit of newly allocated objects is always 0. The lock sweeping uses for synchronization assures no data races between clearing and concurrent marking. The only exception to that is debug builds that zap on sweep and clear on allocation. This makes it so that dangling references will most likely crash in debug builds. Bug: chromium:1056170 Change-Id: I12597ef76629ec50c6bfc39dc21b68243c4160ae Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2438530 Commit-Queue: Omer Katz <omerkatz@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#70283}
-
Omer Katz authored
In construction objects don't have anything to sync with on the allocation side since they weren't marked as fully constructed yet. This could mean the initialization of the marking bit on the mutator thread and setting the mark bit on a concurrent thread could race (potentially resulting in losing the mark bit when the gc info index overwrites it). This CL fixes this issue by using a set of in construction objects. In construction objects are no longer marked. Instead they are pushed to the set and the heap object header is marked when they are popped from the worklist. Since the set avoids duplicates, this allows us to both avoid worklist explosion (due to pushing the same in construction object multiple times) and avoid the data race on the mark bit. This CL uses an unordered_set to record objects. Synchronization uses a lock, which could be costly but is not expected to be obtained often. Bug: chromium:1056170 Change-Id: I366b59f476c166ff06e15b280df9e846034cc6cf Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2437388 Commit-Queue: Omer Katz <omerkatz@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#70282}
-
Clemens Backes authored
The lambda used to do more work, now it's just a single function call. Thus remove the lambda by inlining it into all callers. Also, get rid of an unneeded parameter on {OnCompilationStopped}. R=thibaudm@chromium.org Bug: v8:10933 Change-Id: I2c5bc8dfab7abe47a69c1c3eeb5ec8dd02f503c1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440524Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#70281}
-
Clemens Backes authored
This reverts commit c4a062a9. Reason for revert: TSan issues: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/33504 Original change's description: > Reland^2 "[serializer] Allocate during deserialization" > > This is a reland of 28a30c57 > which was a reland of 5d7a29c9 > > The crashes were from calling RegisterDeserializerFinished on a null > Isolate pointer, for a deserializer that was never initialised > (specifically, ReadOnlyDeserializer when ROHeap is shared). > > Original change's description: > > Reland "[serializer] Allocate during deserialization" > > > > This is a reland of 5d7a29c9 > > > > This reland shuffles around the order of checks in Heap::AllocateRawWith > > to not check the new space addresses until it's known that this is a new > > space allocation. This fixes an UBSan failure during read-only space > > deserialization, which happens before the new space is initialized. > > > > It also fixes some issues discovered by --stress-snapshot, around > > serializing ThinStrings (which are now elided as part of serialization), > > handle counts (I bumped the maximum handle count in that check), and > > clearing map transitions (the map backpointer field needed a Smi > > uninitialized value check). > > > > Original change's description: > > > [serializer] Allocate during deserialization > > > > > > This patch removes the concept of reservations and a specialized > > > deserializer allocator, and instead makes the deserializer allocate > > > directly with the Heap's Allocate method. > > > > > > The major consequence of this is that the GC can now run during > > > deserialization, which means that: > > > > > > a) Deserialized objects are visible to the GC, and > > > b) Objects that the deserializer/deserialized objects point to can > > > move. > > > > > > Point a) is mostly not a problem due to previous work in making > > > deserialized objects "GC valid", i.e. making sure that they have a valid > > > size before any subsequent allocation/safepoint. We now additionally > > > have to initialize the allocated space with a valid tagged value -- this > > > is a magic Smi value to keep "uninitialized" checks simple. > > > > > > Point b) is solved by Handlifying the deserializer. This involves > > > changing any vectors of objects into vectors of Handles, and any object > > > keyed map into an IdentityMap (we can't use Handles as keys because > > > the object's address is no longer a stable hash). > > > > > > Back-references can no longer be direct chunk offsets, so instead the > > > deserializer stores a Handle to each deserialized object, and the > > > backreference is an index into this handle array. This encoding could > > > be optimized in the future with e.g. a second pass over the serialized > > > array which emits a different bytecode for objects that are and aren't > > > back-referenced. > > > > > > Additionally, the slot-walk over objects to initialize them can no > > > longer use absolute slot offsets, as again an object may move and its > > > slot address would become invalid. Now, slots are walked as relative > > > offsets to a Handle to the object, or as absolute slots for the case of > > > root pointers. A concept of "slot accessor" is introduced to share the > > > code between these two modes, and writing the slot (including write > > > barriers) is abstracted into this accessor. > > > > > > Finally, the Code body walk is modified to deserialize all objects > > > referred to by RelocInfos before doing the RelocInfo walk itself. This > > > is because RelocInfoIterator uses raw pointers, so we cannot allocate > > > during a RelocInfo walk. > > > > > > As a drive-by, the VariableRawData bytecode is tweaked to use tagged > > > size rather than byte size -- the size is expected to be tagged-aligned > > > anyway, so now we get an extra few bits in the size encoding. > > > > > > Bug: chromium:1075999 > > > Change-Id: I672c42f553f2669888cc5e35d692c1b8ece1845e > > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2404451 > > > Commit-Queue: Leszek Swirski <leszeks@chromium.org> > > > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > > > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > > > Cr-Commit-Position: refs/heads/master@{#70229} > > > > Bug: chromium:1075999 > > Change-Id: Ibc77cc48b3440b4a28b09746cfc47e50c340ce54 > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440828 > > Commit-Queue: Leszek Swirski <leszeks@chromium.org> > > Auto-Submit: Leszek Swirski <leszeks@chromium.org> > > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#70267} > > Tbr: jgruber@chromium.org,ulan@chromium.org > Bug: chromium:1075999 > Change-Id: Iaa8dc54895866ada0e34a7c9e8fff9ae1cb13f2d > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2444991 > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Commit-Queue: Leszek Swirski <leszeks@chromium.org> > Cr-Commit-Position: refs/heads/master@{#70279} TBR=ulan@chromium.org,jgruber@chromium.org,leszeks@chromium.org Change-Id: Ib2f01db4cd9b55639d6a4af971bda865edb45e84 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:1075999 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2445250Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#70280}
-
Leszek Swirski authored
This is a reland of 28a30c57 which was a reland of 5d7a29c9 The crashes were from calling RegisterDeserializerFinished on a null Isolate pointer, for a deserializer that was never initialised (specifically, ReadOnlyDeserializer when ROHeap is shared). Original change's description: > Reland "[serializer] Allocate during deserialization" > > This is a reland of 5d7a29c9 > > This reland shuffles around the order of checks in Heap::AllocateRawWith > to not check the new space addresses until it's known that this is a new > space allocation. This fixes an UBSan failure during read-only space > deserialization, which happens before the new space is initialized. > > It also fixes some issues discovered by --stress-snapshot, around > serializing ThinStrings (which are now elided as part of serialization), > handle counts (I bumped the maximum handle count in that check), and > clearing map transitions (the map backpointer field needed a Smi > uninitialized value check). > > Original change's description: > > [serializer] Allocate during deserialization > > > > This patch removes the concept of reservations and a specialized > > deserializer allocator, and instead makes the deserializer allocate > > directly with the Heap's Allocate method. > > > > The major consequence of this is that the GC can now run during > > deserialization, which means that: > > > > a) Deserialized objects are visible to the GC, and > > b) Objects that the deserializer/deserialized objects point to can > > move. > > > > Point a) is mostly not a problem due to previous work in making > > deserialized objects "GC valid", i.e. making sure that they have a valid > > size before any subsequent allocation/safepoint. We now additionally > > have to initialize the allocated space with a valid tagged value -- this > > is a magic Smi value to keep "uninitialized" checks simple. > > > > Point b) is solved by Handlifying the deserializer. This involves > > changing any vectors of objects into vectors of Handles, and any object > > keyed map into an IdentityMap (we can't use Handles as keys because > > the object's address is no longer a stable hash). > > > > Back-references can no longer be direct chunk offsets, so instead the > > deserializer stores a Handle to each deserialized object, and the > > backreference is an index into this handle array. This encoding could > > be optimized in the future with e.g. a second pass over the serialized > > array which emits a different bytecode for objects that are and aren't > > back-referenced. > > > > Additionally, the slot-walk over objects to initialize them can no > > longer use absolute slot offsets, as again an object may move and its > > slot address would become invalid. Now, slots are walked as relative > > offsets to a Handle to the object, or as absolute slots for the case of > > root pointers. A concept of "slot accessor" is introduced to share the > > code between these two modes, and writing the slot (including write > > barriers) is abstracted into this accessor. > > > > Finally, the Code body walk is modified to deserialize all objects > > referred to by RelocInfos before doing the RelocInfo walk itself. This > > is because RelocInfoIterator uses raw pointers, so we cannot allocate > > during a RelocInfo walk. > > > > As a drive-by, the VariableRawData bytecode is tweaked to use tagged > > size rather than byte size -- the size is expected to be tagged-aligned > > anyway, so now we get an extra few bits in the size encoding. > > > > Bug: chromium:1075999 > > Change-Id: I672c42f553f2669888cc5e35d692c1b8ece1845e > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2404451 > > Commit-Queue: Leszek Swirski <leszeks@chromium.org> > > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#70229} > > Bug: chromium:1075999 > Change-Id: Ibc77cc48b3440b4a28b09746cfc47e50c340ce54 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440828 > Commit-Queue: Leszek Swirski <leszeks@chromium.org> > Auto-Submit: Leszek Swirski <leszeks@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/master@{#70267} Tbr: jgruber@chromium.org,ulan@chromium.org Bug: chromium:1075999 Change-Id: Iaa8dc54895866ada0e34a7c9e8fff9ae1cb13f2d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2444991Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#70279}
-
Michael Lippautz authored
The test gets miscompiled on MSVC >=19.25, see bug. Bug: v8:10658 Change-Id: I3b75fe45916fa9e59ec78b852b7bdf707f11a2cc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2443731 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Anton Bikineev <bikineev@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Auto-Submit: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Anton Bikineev <bikineev@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/master@{#70278}
-
Maya Lekova authored
This CL implements passing float parameters to fast API calls by using the existing representation conversions for double parameters and then truncating the double to a float. It also adds float/double tests for fast API calls. Bug: chromium:1052746 Change-Id: Ibb3ccd173b3807a515adbf38cebaa1cf8e2784b6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2436333Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#70277}
-
Marja Hölttä authored
BytecodeGraphBuilder::NewNode already wires up effect and control, so we don't need to do it manually. Bug: v8:10933 Change-Id: I454609b10a5748abd13e668780814a4eb6d7cdfa Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2442625Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#70276}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/3ede101..9cc0704 Rolling v8/third_party/aemu-linux-x64: oJeWXQJJ1lVY6P7l39pBV-mrbeWlw0swPZQuNmcix5AC..UABC8VAzZj56bPNLe3ou7AIlBjwHbiXOu6R9f5RbZWcC Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/0f6ed71..8c88c75 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/991ead1..69e30b2 Rolling v8/third_party/fuchsia-sdk: https://chromium.googlesource.com/chromium/src/third_party/fuchsia-sdk/+log/6a38b0e..f8df9ff Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/bd8e096..921f371 TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com Change-Id: I67490c905909fcdcfad45b25f8d5341ec743e7e6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2443592Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#70275}
-
Ng Zhi An authored
It was slightly inconsistent, the sse versions took int8_t, the avx versions took uint8_t. Consolidate into uint8_t, that allows us to remove the DCHECK inside of the assembler, and also convert callers to use uint8_t. Bug: v8:10933 Change-Id: I125f0d54533b6fde1362e63e96f50fcf2467cac5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2443494Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#70274}
-
Frank Tang authored
This is a reland of 40af6aee Change from the rollbacked version - removes the passed test fixed by this PR in test/test262/test262.status TBR=jkummerow@chromium.org Original change's description: > [intl] Impl ECMA402 PR 471 rounding behavior > > Fix awkward rounding behavior > Change Intl::SetNumberFormatDigitOptions to fix the awkward rounding > behavior in NumberFormat when formatting a currency with > "maximumFractionDigits" set to a value less than 2. > > Bug: v8:10844 > Change-Id: I2ff4afa9f747cd79cb9964fe4c77a0dd2b8977b5 > Refs: https://github.com/tc39/ecma402/pull/471 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2442191 > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> > Commit-Queue: Frank Tang <ftang@chromium.org> > Cr-Commit-Position: refs/heads/master@{#70270} Bug: v8:10844 Change-Id: Icfe7363f63d402abccc038e2b8bd78b38d0d9c49 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2444210 Commit-Queue: Frank Tang <ftang@chromium.org> Reviewed-by: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/master@{#70273}
-
- 01 Oct, 2020 27 commits
-
-
Ng Zhi An authored
Narrowing operations need to sign extend the result. E.g. for narrowing uint16 to uint8, we compare uint16 to uint8 max, 0xff. The final result should be 0xffffffff (sign extended) since we try to keep nodes in their sign extended form, to work well with the rest of the lowering operations. With this, we pass the last spec test (that is not ignored), simd_conversions. Bug: v8:10507 Change-Id: I8914fd69db9378b8244cba5dcacff98d36893649 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2436613Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#70272}
-
Zhi An Ng authored
This reverts commit 40af6aee. Reason for revert: Test262 failures, see https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20CFI/2509? Original change's description: > [intl] Impl ECMA402 PR 471 rounding behavior > > Fix awkward rounding behavior > Change Intl::SetNumberFormatDigitOptions to fix the awkward rounding > behavior in NumberFormat when formatting a currency with > "maximumFractionDigits" set to a value less than 2. > > Bug: v8:10844 > Change-Id: I2ff4afa9f747cd79cb9964fe4c77a0dd2b8977b5 > Refs: https://github.com/tc39/ecma402/pull/471 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2442191 > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> > Commit-Queue: Frank Tang <ftang@chromium.org> > Cr-Commit-Position: refs/heads/master@{#70270} TBR=jkummerow@chromium.org,ftang@chromium.org,syg@chromium.org Change-Id: I1cfc05e0e2015ad18c037003c9a9a414e2151e06 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:10844 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2441549Reviewed-by: Zhi An Ng <zhin@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#70271}
-
Frank Tang authored
Fix awkward rounding behavior Change Intl::SetNumberFormatDigitOptions to fix the awkward rounding behavior in NumberFormat when formatting a currency with "maximumFractionDigits" set to a value less than 2. Bug: v8:10844 Change-Id: I2ff4afa9f747cd79cb9964fe4c77a0dd2b8977b5 Refs: https://github.com/tc39/ecma402/pull/471 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2442191Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/master@{#70270}
-
Frank Tang authored
https://chromium.googlesource.com/external/github.com/tc39/test262/+log/639760203..ad8a5e9940 Bug: v8:7834 Change-Id: Ifb5c6601b8c0b8fb2fc60144c8f77abf0a12782d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440722Reviewed-by: Shu-yu Guo <syg@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/master@{#70269}
-
Zhi An Ng authored
This reverts commit 28a30c57. Reason for revert: Broke Test262 https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20shared/38638? Original change's description: > Reland "[serializer] Allocate during deserialization" > > This is a reland of 5d7a29c9 > > This reland shuffles around the order of checks in Heap::AllocateRawWith > to not check the new space addresses until it's known that this is a new > space allocation. This fixes an UBSan failure during read-only space > deserialization, which happens before the new space is initialized. > > It also fixes some issues discovered by --stress-snapshot, around > serializing ThinStrings (which are now elided as part of serialization), > handle counts (I bumped the maximum handle count in that check), and > clearing map transitions (the map backpointer field needed a Smi > uninitialized value check). > > Original change's description: > > [serializer] Allocate during deserialization > > > > This patch removes the concept of reservations and a specialized > > deserializer allocator, and instead makes the deserializer allocate > > directly with the Heap's Allocate method. > > > > The major consequence of this is that the GC can now run during > > deserialization, which means that: > > > > a) Deserialized objects are visible to the GC, and > > b) Objects that the deserializer/deserialized objects point to can > > move. > > > > Point a) is mostly not a problem due to previous work in making > > deserialized objects "GC valid", i.e. making sure that they have a valid > > size before any subsequent allocation/safepoint. We now additionally > > have to initialize the allocated space with a valid tagged value -- this > > is a magic Smi value to keep "uninitialized" checks simple. > > > > Point b) is solved by Handlifying the deserializer. This involves > > changing any vectors of objects into vectors of Handles, and any object > > keyed map into an IdentityMap (we can't use Handles as keys because > > the object's address is no longer a stable hash). > > > > Back-references can no longer be direct chunk offsets, so instead the > > deserializer stores a Handle to each deserialized object, and the > > backreference is an index into this handle array. This encoding could > > be optimized in the future with e.g. a second pass over the serialized > > array which emits a different bytecode for objects that are and aren't > > back-referenced. > > > > Additionally, the slot-walk over objects to initialize them can no > > longer use absolute slot offsets, as again an object may move and its > > slot address would become invalid. Now, slots are walked as relative > > offsets to a Handle to the object, or as absolute slots for the case of > > root pointers. A concept of "slot accessor" is introduced to share the > > code between these two modes, and writing the slot (including write > > barriers) is abstracted into this accessor. > > > > Finally, the Code body walk is modified to deserialize all objects > > referred to by RelocInfos before doing the RelocInfo walk itself. This > > is because RelocInfoIterator uses raw pointers, so we cannot allocate > > during a RelocInfo walk. > > > > As a drive-by, the VariableRawData bytecode is tweaked to use tagged > > size rather than byte size -- the size is expected to be tagged-aligned > > anyway, so now we get an extra few bits in the size encoding. > > > > Bug: chromium:1075999 > > Change-Id: I672c42f553f2669888cc5e35d692c1b8ece1845e > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2404451 > > Commit-Queue: Leszek Swirski <leszeks@chromium.org> > > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#70229} > > Bug: chromium:1075999 > Change-Id: Ibc77cc48b3440b4a28b09746cfc47e50c340ce54 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440828 > Commit-Queue: Leszek Swirski <leszeks@chromium.org> > Auto-Submit: Leszek Swirski <leszeks@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/master@{#70267} TBR=ulan@chromium.org,jgruber@chromium.org,leszeks@chromium.org Change-Id: Ieed68332ef6a7ad36db061e3f48be0f28673d7a2 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:1075999 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2441608Reviewed-by: Zhi An Ng <zhin@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#70268}
-
Leszek Swirski authored
This is a reland of 5d7a29c9 This reland shuffles around the order of checks in Heap::AllocateRawWith to not check the new space addresses until it's known that this is a new space allocation. This fixes an UBSan failure during read-only space deserialization, which happens before the new space is initialized. It also fixes some issues discovered by --stress-snapshot, around serializing ThinStrings (which are now elided as part of serialization), handle counts (I bumped the maximum handle count in that check), and clearing map transitions (the map backpointer field needed a Smi uninitialized value check). Original change's description: > [serializer] Allocate during deserialization > > This patch removes the concept of reservations and a specialized > deserializer allocator, and instead makes the deserializer allocate > directly with the Heap's Allocate method. > > The major consequence of this is that the GC can now run during > deserialization, which means that: > > a) Deserialized objects are visible to the GC, and > b) Objects that the deserializer/deserialized objects point to can > move. > > Point a) is mostly not a problem due to previous work in making > deserialized objects "GC valid", i.e. making sure that they have a valid > size before any subsequent allocation/safepoint. We now additionally > have to initialize the allocated space with a valid tagged value -- this > is a magic Smi value to keep "uninitialized" checks simple. > > Point b) is solved by Handlifying the deserializer. This involves > changing any vectors of objects into vectors of Handles, and any object > keyed map into an IdentityMap (we can't use Handles as keys because > the object's address is no longer a stable hash). > > Back-references can no longer be direct chunk offsets, so instead the > deserializer stores a Handle to each deserialized object, and the > backreference is an index into this handle array. This encoding could > be optimized in the future with e.g. a second pass over the serialized > array which emits a different bytecode for objects that are and aren't > back-referenced. > > Additionally, the slot-walk over objects to initialize them can no > longer use absolute slot offsets, as again an object may move and its > slot address would become invalid. Now, slots are walked as relative > offsets to a Handle to the object, or as absolute slots for the case of > root pointers. A concept of "slot accessor" is introduced to share the > code between these two modes, and writing the slot (including write > barriers) is abstracted into this accessor. > > Finally, the Code body walk is modified to deserialize all objects > referred to by RelocInfos before doing the RelocInfo walk itself. This > is because RelocInfoIterator uses raw pointers, so we cannot allocate > during a RelocInfo walk. > > As a drive-by, the VariableRawData bytecode is tweaked to use tagged > size rather than byte size -- the size is expected to be tagged-aligned > anyway, so now we get an extra few bits in the size encoding. > > Bug: chromium:1075999 > Change-Id: I672c42f553f2669888cc5e35d692c1b8ece1845e > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2404451 > Commit-Queue: Leszek Swirski <leszeks@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Cr-Commit-Position: refs/heads/master@{#70229} Bug: chromium:1075999 Change-Id: Ibc77cc48b3440b4a28b09746cfc47e50c340ce54 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440828 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#70267}
-
Andrey Kosyakov authored
This adds support for injecting binding into contexts other than main based on the context name (AKA isolated world name in Blink terms). This would simplify a common use case for addBinding in Puppeteer and other automation tools that use addBinding to expose a back-channel for extension code running in an isolated world by making bindings available to such code at an early stage and in a race-free manner (currently, we can only inject a binding into specific context after the creation of the context has been reported to the client, which typically introduces a race with other evals the client may be running in the context). Change-Id: I66454954491a47a0c9aa4864f0aace4da2e67d3a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440984Reviewed-by: Simon Zünd <szuend@chromium.org> Reviewed-by: Pavel Feldman <pfeldman@chromium.org> Commit-Queue: Andrey Kosyakov <caseq@chromium.org> Cr-Commit-Position: refs/heads/master@{#70266}
-
Clemens Backes authored
This refactors the logic for generating atomic instructions in TurboFan. Instead of duplicating code via macros, we look up all information we need from a table (via switch), and generate the respective graph from that information. This will allow to factor in changes for memory64 more easily. R=ahaas@chromium.org Bug: v8:10949 Change-Id: Ic2c78588f8ce555667f7e0220b1cc50c7074ded4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440831 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#70265}
-
Dan Elphick authored
CodeAssembler::Parameter now takes a Type template parameter and performs a checked cast to it. There is also UncheckedParameter which returns a TNode but doesn't check the cast. The original Parameter method is still there as UntypedParameter. Parameter<T>(x) in many cases replaces CAST(Parameter(x)), where the cast is performed inside Parameter. Since Parameter is not a macro, this means it cannot see the original expression or its file name and line number. So the error messages are vaguely useful, Parameter<T>() takes a SourceLocation parameter which with a default value of SourceLocation::Current(), which at least gives us the file name and line number for the error message. Bug: v8:6949, v8:10933 Change-Id: I27157bec7dc7462210c1eb9c430c0180217d25c1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2435106Reviewed-by: Bill Budge <bbudge@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org> Commit-Queue: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#70264}
-
Etienne Pierre-doray authored
Replaces ItemParallelJob by std::vector to hold work items. IndexGenerator is used to iterate over evacuation items. Change-Id: Id687f6696e74998c9d23ee2a2ee97c7687d13815 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2438631 Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#70263}
-
Leszek Swirski authored
Remove the runtime functionality allowing the Isolate to be allocated 4GB aligned in non-pointer-compressed builds. This was barely used in tests, so we can remove it to give slightly stronger compile-time guarantees about pointer-compression-only methods being used only under pointer-compression. Change-Id: I8eb990faa8f8499ecdcb70ca104ffad4be1437b2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2442790Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#70262}
-
Andrey Kosyakov authored
... when addBinding is called with contextId. Previously, due to a subtle type, we exposed bidings added with executionContextId to all contexts created after the binding was added. Also, do not persist context-specific bindings to agent state, as context ids don't make sense across the process. This also adds a test instrastructure to create additional context in given context group. Change-Id: I1b3e96cb65b756424bc7872d200bbbf41e4c30b8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440982Reviewed-by: Simon Zünd <szuend@chromium.org> Commit-Queue: Andrey Kosyakov <caseq@chromium.org> Cr-Commit-Position: refs/heads/master@{#70261}
-
Clemens Backes authored
The PC stored in each entry on the value stack and control stack is only needed for error reporting, hence avoid storing it for the {kNoValidation} and {kBooleanValidation} modes. R=thibaudm@chromium.org Bug: v8:10969 Change-Id: I14c6a6b1857545099e4a90d77d13107013f01565 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2436540 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/master@{#70260}
-
Michael Lippautz authored
For cross-thread handling we require the atomic marking pause to provide an atomically consistent view of markbits and weak references. This is ensured by locking the whole atomic pause from entering to weak processing. This CL move ProcessWeakness() into FinishMarking() which allows to nicely scope the upcomming lock from EnterAtomicPause() to LeaveAtomicPause(). The alternative is requiring the caller to ensure proper locking which is harder than ensuring that the Marker is consistent. Bug: chromium:1056170 Change-Id: Ib6028a0d76fcf9422c4a0d422fec3d568f106bf2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2442620 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/master@{#70259}
-
Michael Hablich authored
TBR=machenbach@chromium.org Change-Id: I3ea2bb7431ee9c5834e9ca58cf88511fb719a0cf Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2442623Reviewed-by: Michael Hablich <hablich@chromium.org> Commit-Queue: Michael Hablich <hablich@chromium.org> Cr-Commit-Position: refs/heads/master@{#70258}
-
Richard Townsend authored
Corrects a "Check failed: kFPParamRegisterCount == kParamRegisterCount" message when compiling v8_snapshot for Windows on Arm. Unlike x64, Windows on Arm's calling convention does not alternate between integer and float registers. Bug: chromium:1052746 Change-Id: I4c9cdafcd6e43742b94613f85b2983761cc0891a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440717 Commit-Queue: Maya Lekova <mslekova@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#70257}
-
Dominik Inführ authored
MapSpace was using a separate FreeList implementation since all maps have the save exact same size. Remove FreeListMap and use the regular free list which is also used for the old space. This will allow to use LABs in the map space. Bug: v8:10315 Change-Id: I00cfcb260edb20f044ad74a24772f810e1f93afd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2442789Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#70256}
-
Kong, Fanchen authored
With this change, a load from memory into a register can be replaced by a memory operand for floating point binops if possible. This eliminates one instruction for following pattern: vmovss xmm0, m32 vmulss xmm1, xmm1, xmm0 ===> vmulss xmm1, xmm1, m32 Change-Id: I6944287fae3b7756621fb6b3d0b3db9e0beaf080 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2411696 Commit-Queue: Fanchen Kong <fanchen.kong@intel.com> Reviewed-by: Bill Budge <bbudge@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#70255}
-
Yang Guo authored
R=szuend@chromium.org Fixed: v8:10910 Change-Id: I8706026db5dfa815ae5c1580a6ebbeb11adeb23e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2442615 Commit-Queue: Yang Guo <yangguo@chromium.org> Commit-Queue: Simon Zünd <szuend@chromium.org> Auto-Submit: Yang Guo <yangguo@chromium.org> Reviewed-by: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#70254}
-
Frank Tang authored
Roll the icu to include the fix. The roll include previously mistakenly filter out required resources. Fix "japanese" under "ja" and calendar: "chinese" under "zh" Depends on https://chromium-review.googlesource.com/c/chromium/deps/icu/+/2433166 This CL prepare for such landing: 1. Add test to show the correct result. 2. Wrap the number format static cast to DecimalFormat only if the concrete class is DecimalFormat. This is needed after the landing because the new resource enable other subclass of NumberFormat. 3. Change test to allow the additional numberingSystems. Roll the the DEPS of chromium in https://chromium-review.googlesource.com/c/chromium/src/+/2437820 Bug: v8:10960 Change-Id: Ib10b11862a093d1d487070f79556505bfc10bcc5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2432801Reviewed-by: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/master@{#70253}
-
Dominik Inführ authored
Change-Id: Ib9956fb8ad6a129bf0df0775bc1e691a059cbd27 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2442614 Auto-Submit: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#70252}
-
Leszek Swirski authored
Rather than keeping a known-sorted list of existing Code objects, and an eagerly sorted set of new Code objects, instead store a single vector which is lazily sorted when needed. We keep the distinciton between adding an existing or a new Code object, so that we only have to clear the "sorted" bit when adding the latter; plus we check if adding the new Code object would serendipitously keep the vector sorted, just in case the new Code object is allocated after all previous Code objects on that page (not unlikely given linear allocation areas), Change-Id: I70778ba624f1b437bd992616749a8cd08ad33613 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2431204 Auto-Submit: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#70251}
-
Ulan Degenbaev authored
This removes custom object iteration in MarkingVerifier. Change-Id: I2e597dab6014ff4443faa60cd3d4be20a2dc1b56 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2438067Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#70250}
-
Dominik Inführ authored
Background threads use a new mechanism to request a GC from the main thread. Previously they used MemoryPressureNotification to request the collection. However this conflicts with the embedder's usage of MemoryPressureNotification. Bug: v8:10315 Change-Id: Ib25a13a43e1f6a8785bb0d421dd056ae06a4a350 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2429270Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#70249}
-
Peter Marshall authored
Rename it to Symbolizer because it does exactly that. Change the SymbolizeTickSample method to return the symbolized state rather than pass it on to the ProfilesCollection. This makes it easier to test as now it only relies on the CodeMap provided to it. Make EntryForVMState a free-floating function as it doesn't rely on state and then we can avoid importing the StateTag definition in the header. Remove the UNREACHABLE from EntryForVMState as the compiler got smarter and doesn't need it anymore. Pass the CpuProfilesCollection to SamplingEventsProcessor instead, as it is now responsible for putting the symbolized samples into the collection to be sorted into the appropriate profiles. Change-Id: I104290eff22b7d94a1bd34ba904036badccf4e13 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440522 Commit-Queue: Peter Marshall <petermarshall@chromium.org> Reviewed-by: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#70248}
-
Leszek Swirski authored
AST reindexing has to skip visiting fields that are already in the member initializer, as they will have already been visited when visiting said initializer. This is the case for private fields and fields with computed names. However, the reindexer was incorrectly assuming that all properties with a FunctionLiteral value are methods (and thus not fields, and can safely be visited). This is not the case for fields with function expression values. Now, we correctly use the class property's "kind" when making this visitation decision. Fixed: chromium:1132111 Change-Id: Ia53d1fe713453e361b818dfb0b5f88a90cecdf21 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440519 Auto-Submit: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#70247}
-
Manos Koukoutos authored
Decoding of gc/reference type instructions assumed that popping a value from the stack would either throw an error or return a value of the expected type. This is not true in unreachable contexts, where a bottom-typed value can be returned. This CL fixes this problem, adds tests which expose it, and improves AddFunction() in the infrastructure of function-body-decoder-unittest.cc. Bug: v8:7748 Change-Id: I7e9d0caa9ba1687b68a5cdad7b99c054285d9f0e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440577 Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#70246}
-