Float patch for SeqOneByteString support in Fast API args #8

littledivy · 2022-11-27T06:00:04Z

https://chromium-review.googlesource.com/c/v8/v8/+/4036884

This simplifies some call sites as they do not need to worry about stores to external pointer fields (especially lazily initialized ones) triggering GCs. This also keeps the sandbox and non-sandbox mode more consistent, as these stores will never trigger GC in non-sandbox builds. Since there must be millions of objects that own the external pointer table entries, the chances are quite high that GCs will anyway be scheduled. If not, we should instead see if we can introduce an API to only schedule incremental marking but not perform GC finalization. Bug: v8:13535 Cr-Commit-Position: refs/heads/main@{#84508} (cherry picked from commit 852aa18) Change-Id: I767de315ca9e672b4b5a878292da9eee1e64c213 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4062036 Reviewed-by: Michael Lippautz <[email protected]> Commit-Queue: Samuel Groß <[email protected]> Cr-Commit-Position: refs/branch-heads/10.9@{#8} Cr-Branched-From: 8ade6bf-refs/heads/10.9.194@{#1} Cr-Branched-From: 9ff2515-refs/heads/main@{#84164}

In a local debugging session, it happened to be be in frame 8, so was slighly missed. Looking through the first 10 frames instead of 7 should not hurt anyone but fixes that problem. My stack trace: #0 __pthread_kill_implementation #1 __pthread_kill_internal #2 __GI___pthread_kill #3 ?? #4 __GI_abort #5 v8::base::OS::Abort #6 V8_Fatal #7 v8::base::(anonymous namespace)::DefaultDcheckHandler #8 V8_Dcheck [email protected] No-Try: true Change-Id: I6d8bfb482fe4c926a8ecfad8757286618a98f2c3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4061894 Reviewed-by: Leszek Swirski <[email protected]> Commit-Queue: Leszek Swirski <[email protected]> Cr-Commit-Position: refs/heads/main@{#84613}

The location I added this in is wrong as it inherits the flag state from VERIFY_PREDICTABLE, which I did not intend. This patch moves the location earlier so that it doesn't pick up state from other flags. Bug=v8:13477 (cherry picked from commit 9527834) Change-Id: I23df7e778690e8b9f588cd2ce3db318c5fa22cb1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4136076 Reviewed-by: Adam Klein <[email protected]> Commit-Queue: Lutz Vahl <[email protected]> Cr-Commit-Position: refs/branch-heads/11.0@{#8} Cr-Branched-From: 06097c6-refs/heads/11.0.226@{#1} Cr-Branched-From: 6bf3344-refs/heads/main@{#84857}

Change-Id: I08ee34c7c6e82e4141bde10f72d4d06b29062a5d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4290928 Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/branch-heads/11.2@{#8} Cr-Branched-From: 755511a-refs/heads/11.2.214@{#1} Cr-Branched-From: e6b1cce-refs/heads/main@{#86014}

... by using JavaScript spec compliant JSReceiver::DefineOwnProperty. Drive-by: - cleanup comments in include/v8-object.h, insert links to respective pages of https://tc39.es/ecma262/ when referencing spec, - rename JSObject::DefineAccessor() to JSObject::DefineOwnAccessorIgnoreAttributes(). Bug: chromium:1433211 (cherry picked from commit b8020e1) Change-Id: I4a36838ef8d5c839eda25463786e0d385570234d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4502765 Commit-Queue: Igor Sheludko <[email protected]> Reviewed-by: Toon Verwaest <[email protected]> Cr-Commit-Position: refs/branch-heads/11.4@{#8} Cr-Branched-From: 8a8a1e7-refs/heads/11.4.183@{#1} Cr-Branched-From: 5483d8e-refs/heads/main@{#87241}

Fixed: chromium:1450114 (cherry picked from commit a7e2bef) Change-Id: I2c692c385def56a2ee07e5ae902200249e00d470 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4604097 Reviewed-by: Igor Sheludko <[email protected]> Cr-Commit-Position: refs/branch-heads/11.5@{#8} Cr-Branched-From: 0c4044b-refs/heads/11.5.150@{#1} Cr-Branched-From: b71d303-refs/heads/main@{#87781}

… tracking Here are the steps that lead to the bug: - main thread: map `a` was being slack-tracked - background: a compilation job serializes `a` into a MapRef `aRef` - main thread: slack tracking finished for this map. - main thread: a store to an object of map `a` created a transition from map `a` to map `b`, and the property stored was stored as the 1st item of the out-of-object properties. - background: compilation reached JSNativeContextSpecialization, which tried to optimize a JSSetNamedProperty (specifically, the same operation that lead to the map transition on the main thread). There was no feedback for this operation since it hadn't been executed before (otherwise, the map transition would have had happened before, and the MapRef would not have been out of date). JSNativeCtxtSpec inferred maps of the receiver from previous CheckMaps, and realized that the store was transitioning (from `a` to `b`). It looked at the MapRef `aRef` to see how much unused properties the object had. `aRef` still had the cached slack-tracking data, and thus thought that it still had unused properties, whereas in reality, `a` didn't have any left, and a new property backing store should have been allocated. - main thread: when executing the store generated, we tried to write to the 1st item of the out-of-object properties of an object with map `a`, which was the EmptyFixedArray root, which caused a segfault, since this is in read-only space. The fix is to add a compilation dependency for map slack-tracking when deciding to extend (or not) the property backing store of an object. At the end of compilation, if the construction_counter of the Map is 0 and the one of the MapRef is non-0, then slack tracking finished during compilation, and we discard the optimized code. While fixing this, I also found out that UnusedPropertyFields and construction_counter were sometimes incoherent in the background, because CSA was updating construction_counter without taking the map_updater_access mutex (which means that when construction_counter was 0 in the background, it wasn't always safe to look at UnusedPropertyFields, since it could contain the old value). Similarly, MapRef::IsInobjectSlackTrackingInProgress was looking at the Map rather than the cached value for construction_counter, which means that it could also be out of sync with UnusedPropertyFields. Bug: chromium:1444366 (cherry picked from commit 7effdbf) Change-Id: I186301bc5fca3836743f59ee46e3ddb35391229f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4650761 Reviewed-by: Jakob Kummerow <[email protected]> Commit-Queue: Darius Mercadier <[email protected]> Cr-Commit-Position: refs/branch-heads/11.6@{#8} Cr-Branched-From: e29c028-refs/heads/11.6.189@{#3} Cr-Branched-From: 95cbef2-refs/heads/main@{#88340}

Merged: [runtime] Recreate enum cache on map update Revision: 1c623f9 Merged: [runtime] Don't try to create empty enum cache. Revision: 5516e06 BUG=chromium:1470668,chromium:1472317 [email protected] Change-Id: I9cd54930946c55df0d960899b4a41310a7455378 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4789108 Reviewed-by: Tobias Tebbi <[email protected]> Commit-Queue: Samuel Groß <[email protected]> Cr-Commit-Position: refs/branch-heads/11.7@{#8} Cr-Branched-From: fe60869-refs/heads/11.7.439@{#1} Cr-Branched-From: aeb4552-refs/heads/main@{#89415}

Fixed: chromium:1480765 (cherry picked from commit cb9bfb5) Change-Id: Ifc69c612ee5a851ee46d403ef827cc2ff045093a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4866326 Commit-Queue: Jakob Kummerow <[email protected]> Reviewed-by: Matthias Liedtke <[email protected]> Auto-Submit: Jakob Kummerow <[email protected]> Commit-Queue: Matthias Liedtke <[email protected]> Cr-Commit-Position: refs/branch-heads/11.8@{#8} Cr-Branched-From: 935bdbf-refs/heads/11.8.172@{#1} Cr-Branched-From: b82a911-refs/heads/main@{#89779}

…int32 opcode Revision: ef567ad NOTRY=true NOPRESUBMIT=true NOTREECHECKS=true [email protected] Bug: v8:14447 Change-Id: I7646c0a3663f573cadb355a4f1e06e6910b41458 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5029175 Reviewed-by: Lutz Vahl <[email protected]> Commit-Queue: Lutz Vahl <[email protected]> Cr-Commit-Position: refs/branch-heads/12.0@{#8} Cr-Branched-From: ed7b4ca-refs/heads/12.0.267@{#1} Cr-Branched-From: 210e75b-refs/heads/main@{#90651}

Due to the reachability in the decoder influencing the assignment of feedback slots, it is required to handle reachability consistently between liftoff and the optimizing compiler. This wasn't the case for CatchException, CatchCase and CatchAll. Bug: chromium:1508213 (cherry picked from commit def7931) Change-Id: I851d34236e266c8442722313ebf35332d6d2d100 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5099464 Auto-Submit: Matthias Liedtke <[email protected]> Reviewed-by: Manos Koukoutos <[email protected]> Commit-Queue: Manos Koukoutos <[email protected]> Cr-Commit-Position: refs/branch-heads/12.1@{#8} Cr-Branched-From: b74ef6f-refs/heads/12.1.285@{#1} Cr-Branched-From: 32857fb-refs/heads/main@{#91313}

This fixes an issue in crrev.com/5180736 where an atomic memory access with a statically known index and incorrect alignment does not trap even though it should. Bug: chromium:1520780 (cherry picked from commit 499a564) Change-Id: I9f27c86a17bcffbbf9bf294e10be9e8f3098965f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5237473 Reviewed-by: Clemens Backes <[email protected]> Commit-Queue: Jakob Kummerow <[email protected]> Auto-Submit: Jakob Kummerow <[email protected]> Commit-Queue: Clemens Backes <[email protected]> Cr-Commit-Position: refs/branch-heads/12.2@{#8} Cr-Branched-From: 6eb5a96-refs/heads/12.2.281@{#1} Cr-Branched-From: 44cf56d-refs/heads/main@{#91934}

The entry index in the WasmApiFunctionRef was used to look for the given WasmApiFunctionRef in the indirect function tables, but it was not considered that the indirect function tables can have different lengths. [email protected] Bug: 325893559 (cherry picked from commit 7330f46) Change-Id: I160dce22dc468b8dc87dd71c7c24873523e3ca9c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5324391 Commit-Queue: Andreas Haas <[email protected]> Reviewed-by: Thibaud Michaud <[email protected]> Cr-Commit-Position: refs/branch-heads/12.3@{#8} Cr-Branched-From: a86e197-refs/heads/12.3.219@{#1} Cr-Branched-From: 21869f7-refs/heads/main@{#92385}

(cherry picked from commit b852ad7) Bug: chromium:330575498 Change-Id: I395f0ed6d823b7d1e139da6551486e3627d65724 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5378419 Commit-Queue: Jakob Kummerow <[email protected]> Reviewed-by: Jakob Kummerow <[email protected]> Auto-Submit: Manos Koukoutos <[email protected]> Cr-Original-Commit-Position: refs/heads/main@{#92941} Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5385871 Cr-Commit-Position: refs/branch-heads/12.4@{#8} Cr-Branched-From: 309640d-refs/heads/12.4.254@{#1} Cr-Branched-From: 5dc2470-refs/heads/main@{#92862}

In this case the ref is not the instance but a WasmApiFunctionRef, so the cast is invalid. Use the instance field instead. [email protected] Bug: 340102752 (cherry picked from commit 52d9e6d) Change-Id: I7cef578c504d6b4998b92d0a32ef4e49568d57bd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5553796 Auto-Submit: Thibaud Michaud <[email protected]> Reviewed-by: Deepti Gandluri <[email protected]> Commit-Queue: Thibaud Michaud <[email protected]> Cr-Commit-Position: refs/branch-heads/12.6@{#8} Cr-Branched-From: 3c9fa12-refs/heads/12.6.228@{#2} Cr-Branched-From: 981bb15-refs/heads/main@{#93835}

Needs some more time to iron out issues. Bug: 346835902 Bug: 346386746 (cherry picked from commit 6e8923c) Change-Id: I7950b628dfe547115adf611bb53196874fbba518 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5633594 Reviewed-by: Olivier Flückiger <[email protected]> Commit-Queue: Olivier Flückiger <[email protected]> Cr-Commit-Position: refs/branch-heads/12.7@{#8} Cr-Branched-From: 35cc908-refs/heads/12.7.224@{#1} Cr-Branched-From: 6d60e67-refs/heads/main@{#94324}

Float patch for SeqOneByteString support in Fast API args

b682a89

littledivy requested a review from bartlomieju November 27, 2022 06:00

bartlomieju approved these changes Nov 27, 2022

View reviewed changes

littledivy merged commit b14d28f into autoroll Nov 27, 2022

bartlomieju mentioned this pull request Nov 29, 2022

chore: update v8 submodule to floated patch for string support in Fast API denoland/rusty_v8#1137

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Float patch for SeqOneByteString support in Fast API args #8

Float patch for SeqOneByteString support in Fast API args #8

littledivy commented Nov 27, 2022

Float patch for SeqOneByteString support in Fast API args #8

Float patch for SeqOneByteString support in Fast API args #8

Conversation

littledivy commented Nov 27, 2022