- 13 Jan, 2022 8 commits
-
-
Yang Guo authored
R=leszeks@chromium.org Change-Id: I8e5930d9ed946ae12cad98b3456055aefcef7d18 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3386593 Commit-Queue: Yang Guo <yangguo@chromium.org> Auto-Submit: Yang Guo <yangguo@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#78601}
-
Patrick Thier authored
This CL fixes 2 issues with string internalization when the string table is shared: 1. In-place migration of a string's map to Internalized was done before it was sure that the string is going to be internalized (outside the critical section). To fix this problem StringTableKey::AsHandle() is now split into StringTableKey::PrepareForInsertion(), which is invoked outside the critical section and creates a copy if necessary, and StringTableKey::GetHandleForInsertion(), which is invoked inside the critical section only for string table misses. Migration of the map is handled by this method. 2. TryStringToIndexOrLookupExisting() didn't handle already internalized strings. So far this was impossible, as this method was only invoked for strings that were checked not to be internalized. However with a shared string table, the string could be internalized after the checks. Bug: v8:12007 Change-Id: I193d6b54dc41360eee47d21cbcaa36d2652d85dd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3368103Reviewed-by:
Shu-yu Guo <syg@chromium.org> Reviewed-by:
-
Benedikt Meurer authored
This unifies and simplifies the way we instrument async functions for the purpose of async stack traces and async stepping. It does so while retaining the observable behavior on the inspector level (for now). Previously we'd mark the implicit promise of the async function object with the async task ID, and whenever we awaited, we'd copy the async task ID to the throwaway promise that is created by the `await`. This however made things unnecessarily interesting in the following regards: 1. We'd see `DebugDidHandle` and `DebugWillHandle` events after the `AsyncFunctionFinished` events, coming from the throwaway promises, while the implicit promise is "done". This is especially confusing with rejection propagation and requires very complex stepping logic for async functions (after this CL it'll be possible to unify and simplify the stepping logic). 2. We have to thread through the "can suspend" information from the Parser all the way through AsyncFunctionReject/AsyncFunctionResolve to the async function instrumentation to decide whether to cancel the pending task when the async function finishes. This CL changes the instrumentation to only happen (non recurringly) for the throwaway promises allocated upon `await`. This solves both problems mentioned above, and works because upon the first `await` the stack captured for the throwaway promise will include the synchronous part as expected, while upon later `await`s the synchronous part will be empty and the asynchronous part will be the stack captured for the previous throwaway promise (and the V8Debugger automatically short circuits stacks with empty synchronous part). Bug: chromium:1280519, chromium:1277451, chromium:1246867 Change-Id: Id604dabc19ea133ea2e9dd63181b1fc33ccb5eda Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3383775Reviewed-by:
Maya Lekova <mslekova@chromium.org> Reviewed-by:
Simon Zünd <szuend@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/main@{#78599}
-
jiepan authored
Bug: v8:12228 Change-Id: I233efc9fc4636c25baba6a689f7038331fd1f32b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3303806Reviewed-by:
Deepti Gandluri <gdeepti@chromium.org> Commit-Queue: Jie Pan <jie.pan@intel.com> Cr-Commit-Position: refs/heads/main@{#78598}
-
Jakob Gruber authored
CompleteInobjectSlackTracking potentially shrinks multiple maps, and the relation between these maps should be preserved in a concurrent environment. Thus it is not enough to make each modification atomically, but all related map modifications must be within a critical section. We do this by locking the map_updater_access mutex CompleteInobjectSlackTracking, and hence moving the function to the MapUpdater class. Bug: chromium:1274445,v8:7990 Change-Id: If99bb8b55e03180128ee397d845fa4c269c4241e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3379819Reviewed-by:
Igor Sheludko <ishell@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/main@{#78597}
-
v8-ci-autoroll-builder authored
Rolling v8/third_party/icu: https://chromium.googlesource.com/chromium/deps/icu/+log/fbc6faf..b9f6d0a Add Latin-ASCII transliteration (Frank Tang) https://chromium.googlesource.com/chromium/deps/icu/+/b9f6d0a R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com,ftang@chromium.org Change-Id: Ic00c9e3f4aa2a14a80e33f090975c73ec1169fa1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3384678 Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#78596}
-
v8-ci-autoroll-builder authored
Rolling v8/third_party/google_benchmark/src: https://chromium.googlesource.com/external/github.com/google/benchmark/+log/0d98dba..31e7941 Add docs for `ThreadRange`. (#1318) (Dominic Hamon) https://chromium.googlesource.com/external/github.com/google/benchmark/+/31e7941 R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com,mlippautz@chromium.org Change-Id: Iffb9cb817ddef0cf1accdcb5327d4a4ef4dc548e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3384677 Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#78595}
-
Frank Tang authored
Bug: v8:11544 Change-Id: I1f8fa01ece950addac048c5ae94d8c961666f720 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3384241Reviewed-by:
-
- 12 Jan, 2022 20 commits
-
-
Milad Fa authored
Implementations are added to macro-assembler to be shared between liftoff and code generator. Change-Id: Ibe326a80f71cad41dadbb62ebbcb9b8797f1871f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3384540Reviewed-by:
Junliang Yan <junyan@redhat.com> Commit-Queue: Milad Farazmand <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/main@{#78593}
-
Eric Seckler authored
Fixes perfetto compile. Example failure: https://ci.chromium.org/ui/p/chromium/builders/try/linux-perfetto-rel/6137/overview Change-Id: Ia74f8d339ffbf1733f334043dea19872ea8c7ee4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3383778Reviewed-by:
-
Michael Lippautz authored
The field is updated on the main thread and read on threads using LocalHeap to possibly trigger GC in fuzzing configurations. Bug: chromium:1286699 Change-Id: I15330b7542358ce1a2307a1f258655126b252c03 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3383776Reviewed-by:
Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#78591}
-
Clemens Backes authored
The last update (using tools/wasm/update-wasm-fuzzers.sh) was in November 2020, thus update again to add modules from all existing tests to the corpus used by ClusterFuzz. This increases the number of files in the corpus from 47196 to 53779. R=ahaas@chromium.org Change-Id: Ie293bda0b4d5d7c34d5b7c53d8115d9d3883f1db Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3379813Reviewed-by:
Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#78590}
-
Junliang Yan authored
Change-Id: I6f0a3f813f94dc350c4dd1aa257db516b973c1c2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3383315Reviewed-by:
Milad Farazmand <mfarazma@redhat.com> Commit-Queue: Junliang Yan <junyan@redhat.com> Cr-Commit-Position: refs/heads/main@{#78589}
-
Dominik Inführ authored
We might run TRACE_GC with ThreadKind::kMain not only on each isolate's main thread but also on the shared isolate's thread during a shared GC. The DCHECK is too restrictive for the latter case. This is safe because the shared GC will stop all main threads before starting its work. Bug: v8:11708 Change-Id: I1f40140d6502b1ec797dfa783fb693ed213efb3b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3380522Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/main@{#78588}
-
gengjiawen authored
Provide a stub `third_party_heap::Heap` implementation to work around linker erors with Visual Studio. Refs: https://github.com/bnoordhuis/v8-cmake/pull/50 Bug: v8:10427 Change-Id: I435081d8cb195d1db999db699df3d3751663c81d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3366367Reviewed-by:
-
Simon Zünd authored
CDP has a "ExceptionDetails" structure that is attached to various CDP commands, e.g. "Runtime#exceptionThrown" or "Runtime#evaluate". The stack trace in the "ExceptionDetails" structure is used in various places in DevTools. The information in the "ExceptionDetails" structure is extracted from a v8::Message object. Message objects are normally created at the exception throw site and may augment the error with manually inspecting the stack (both to capture a fresh stack trace in some cases, as well as to calculate location info). The problem is that in some cases we want to get an "ExceptionDetails" structure after the fact, e.g. when logging a JS "Error" object in a catch block. This means we can't reuse Isolate::CreateMessage as the JS stack at call time is unrelated to the time when an Error object was thrown. To re-use some of the code, this CL introduces a new "CreateMessageFromException" method that is only available from the debugging interface (not public V8 API!). The new method works similar to Isolate::CreateMessage, but: 1) Does not look at the current JS stack, neither for a fresh stack trace nor for location information. 2) Only uses the "detailed" stack trace for location info. This is because the "simple" stack trace could have already been serialized by accessing Error#stack. Bug: chromium:1278650 Doc: https://bit.ly/runtime-get-exception-details Change-Id: I0144516001c71786b9f76ae4dec4442fa1468c5b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3337257Reviewed-by:Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/main@{#78586}
-
Patrick Thier authored
Strengthen the assertion in CallFunction, that only callable functions (not class constructors) are passed. Change-Id: I2dc2d061cdc9930b5b8926285f021f9772e97570 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3380529Reviewed-by:
Victor Gomes <victorgomes@chromium.org> Commit-Queue: Patrick Thier <pthier@chromium.org> Cr-Commit-Position: refs/heads/main@{#78585}
-
Manos Koukoutos authored
Bug: v8:7748 Change-Id: I5280a22240ef5e920f701e991ed13d8b8881fc6b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3377122Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/main@{#78584}
-
Dominik Inführ authored
This is a reland of 86038ecf Compared to the previous CL this one is adding a TSAN suppression for GlobalSafepoint::EnterSafepointScope. local_heaps_mutex_ of client isolates may be locked in any order. This would be detected by TSAN as a potential race. Add some additional DCHECKs to compensate for that missing test coverage. As a cleanup this CL also removes the unused methods ContainsLocalHeap() and ContainsAnyLocalHeap() from LocalHeap. Original change's description: > [heap] Optimize time to reach global safepoint > > Initial support for global safepoints kept it simple by entering a > safepoint for each of them one after another. This means > time-to-global-safepoint is the sum of all time-to-safepoint operations. > We can improve this slightly by splitting up the safepoint iteration > into two operations: > > 1) Initiate safepoint lock (locks local_heaps_mutex_, arms the barrier > and sets SafepointRequested flag for all client threads) > 2) Block until all runnning client threads reach a safepoint > > We now perform operation 1) for all clients first and only then start > with operation 2). > > Bug: v8:11708 > Change-Id: Iaafd3c6d70bcf7026f722633e9250b04148b3da6 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3310910 > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> > Cr-Commit-Position: refs/heads/main@{#78308} Bug: v8:11708, v8:12492 Change-Id: I7087ba23c08f2d4edb9b632eef3c218fc76342e7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3328786Reviewed-by:
-
Thibaud Michaud authored
- Add an ActiveSuspender root, similar to the ActiveContinuation root. - Add the missing "parent" field to the Suspender, which points to the outer Suspender when they are nested, and update that field when entering a new Suspender. - Add the missing "state" field and update it when the state of the Suspender changes. R=ahaas@chromium.org CC=fgm@chromium.org Bug: v8:12191 Change-Id: I7a95f44f81390a347c6ef252ec6184fb4f0b0455 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3345003Reviewed-by:
-
Nikolaos Papaspyrou authored
This CL contains minor refactorings to some parts of the garbage collector: - Space iterators. - Removes a redundant call to Heap::CreateFillerObjectAt. - Heap::CompleteSweepingFull now ensures that sweeping in the C++ managed heap is also completed. - Checks, comments and code cleanup. Change-Id: I14a7fe45c270c463c94c86f45b0e65757249d548 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3377125Reviewed-by:
-
Dominik Inführ authored
This CL doesn't change behavior, only refactors MemoryAllocator: * De-templatify class, MemoryAllocator is used on slow path and doesn't really need templates for performance. * Rename FreeMode names * Move methods into private section of class Change-Id: I7894fba956dcd7aa78ad0284d0924662fef4acae Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3379812Reviewed-by:
-
Igor Sheludko authored
The Isolate might not be aware that remapped builtins are used (see Code::OffHeapInstructionStart()), so always try to lookup PC in the remapped builtins if they are available. Bug: chromium:1241665, v8:11460 Change-Id: Iefc373cf0ea0110c8c002b7677e6a1fd8fd45319 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3379817Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/main@{#78579}
-
Nikolaos Papaspyrou authored
Change-Id: I8e2b0756ac2cbbb3275a9560cfab749a9009033b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3365265Reviewed-by:
Hannes Payer <hpayer@chromium.org> Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org> Cr-Commit-Position: refs/heads/main@{#78578}
-
Manos Koukoutos authored
Bug: v8:7748 Change-Id: Ieedb5bb0d6555cdf6c628f6700f7116ca142a2d2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3376963Reviewed-by:
-
Manos Koukoutos authored
We introduce {ConstantExpression}, which represents the most frequent constant expression types directly, and falls back to a {WireBytesRef} for the rest. During module decoding, we decode the most common expressions separately and store them as {ConstantExpression}, so we do not have to decode them again during module instantiation. Bug: chromium:1284557 Change-Id: Ie411bbe9811d0d9f6e750ba202bb0ccff801dfee Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3378347Reviewed-by:Clemens Backes <clemensb@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/main@{#78576}
-
JianxiaoLuIntel authored
To make sure print the correct gc_count in heap layout tracer. Change-Id: I790d9359acab188bbfd1f59b731531c58713d8f1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3361842 Auto-Submit: Jianxiao Lu <jianxiao.lu@intel.com> Reviewed-by:
-
Frank Tang authored
get Temporal.*.prototype.(calendar|timeZone|epochNanoseconds) Bug: v8:11544 Change-Id: Iede568431847f1413e018ab0766cd74f3eeafc66 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3374072Reviewed-by:
-
- 11 Jan, 2022 12 commits
-
-
Joyee Cheung authored
It is possible for KeyedDefineOwnICKind to go into ElementsTransitionAndStoreIC_Miss when a computed field key is a valid index and the lazy feedback allocation is disabled. Bug: chromium:1277863 Change-Id: If8a81384257647426607495b6e3d8f235913e8f3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3322634Reviewed-by:
-
Milad Fa authored
Vector load/store lane, splat, extend as well as load 32/64 zero have been rewritten to make use of new z15 instructions (or use older instructions if not available) in such Cls: https://crrev.com/c/3138212 https://crrev.com/c/3144373 Same has been done for PPC BE (AIX). As a result the workarounds in wasm-compiler are no longer needed. Change-Id: I1de7066fa20f6e4d9d68c1a6db77a164dc8ae2f1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3379820Reviewed-by:
-
Hannes Payer authored
Change-Id: I9a8a667733247152f8760385391e7b3379731f02 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3380982Reviewed-by:
-
Shu-yu Guo authored
This is a temporary solution so prototyping of shared structs and shared strings can be worked on in parallel. Bug: v8:12007 Change-Id: Ic849ec66da1d3824d50d695f16e4b77380afa015 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3379222Reviewed-by:
Patrick Thier <pthier@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/main@{#78570}
-
Andreas Haas authored
V8 crashed with a FATAL when memory allocation during instantiation failed. With this CL, a RangeError is thrown instead. This is not the only possible OOM that can happen during the startup of a WebAssembly app, but since the allocation of WebAssembly memory is among the biggest allocations, this change may already prevent several crashes. R=clemensb@chromium.org Bug: chromium:1268898 Change-Id: I9376830ba2fe9df62b5595b6b19c92e35a75dfda Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3380586Reviewed-by:
-
Igor Sheludko authored
Windows requires additional writable page to be allocated in front of the code range, but at the same time the code range must not cross 4 GB boundary in order to make Code pointer compression work for Code pointers. All these constraints make the logic of hint calculation too dependent on what VirtualMemoryCage::InitReservation() would do with the provided hint. This CL simplifies the hint calculation and fully relies on VirtualMemoryCage::InitReservation() to do the right thing. On Linux the implementation of OS::GetFreeMemoryRangesWithin() doesn't work when Chromium sandbox is enabled, so we use the beginning of the preferred short builtin calls region as a hint. It should be at least as good as the fallback hint but with higher chances to point to free address space location. Bug: v8:11880 Change-Id: I0b6ebec98dd0cf483f67e6ba8a919deb9ce7cc25 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3380585Reviewed-by:
-
Piotr Sikora authored
Signed-off-by:
Piotr Sikora <piotrsikora@google.com> Change-Id: Ib4dc67fcb58d7d8f7e48752c579468229c23de52 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3375469Reviewed-by:
-
Milad Fa authored
This CL takes advantage of the P9 `vector byte-reverse` instructions to add to support to BE platforms. Change-Id: Ia022e056ca61373b7f8f7754ec76e94774b80af3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3378922Reviewed-by:
-
Manos Koukoutos authored
We introduce a type arrayref, which is a supertype of all array types and a subtype of dataref. We change array.len to accept values of type (ref null array). Drive-by: Fix kEq/kData case in TypecheckJSObject. Bug: v8:7748 Change-Id: I47c6a4487ddf5e7280c1427f43abe87a97c896bd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3368105Reviewed-by:
-
Andreas Haas authored
The original CL introduced a test that does not work when it is executed concurrently on multiple isolates. This CL skips this test configuration. Original change's description: > [wasm] Lazy compilation after deserialization > > The serialization format contains one boolean flag per function which > specifies whether the function code exists in the serialized module or > not. With this CL, this boolean flag is extended to a three-value flag > which indicates whether the function exists, and if not, whether the > function was executed before serialization. This information can then be > used upon deserialization to compile only those functions that were > executed before serialization. > > Design doc: https://docs.google.com/document/d/1U3uqq4njqLqFhr1G2sU_bmpQxY-3bvfG55udSb-DvA4/edit?usp=sharing > > Bug: v8:12281 Change-Id: I36ce90b37736172aa01c47ab04e154ec8ea2d8aa Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3380590Reviewed-by:
-
JianxiaoLuIntel authored
Change-Id: I443d6e84fb3ca9d27456300b777105319ec0fe25 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3352457Reviewed-by:
Camillo Bruni <cbruni@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/main@{#78563}
-
Victor Gomes authored
No-Try: true Change-Id: If4d72836d40ee994ea5b7f7f1f2a98092d7b4079 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3380599 Auto-Submit: Victor Gomes <victorgomes@chromium.org> Reviewed-by:
-
