Upgrade V8 11.9.169.6 to 13.3.206 #3

david-clang · 2024-11-30T03:06:52Z

the approach for this upgrade

git remote add google-v8 https://chromium.googlesource.com/v8/v8.git
git fetch google-v8
git checkout feat/sync-newest
git rebase google-v8/13.3.206, conflicts are resolved using google-v8/13.3.206
git push origin feat/sync-newest
git remote remove google-v8

CI succeeded

https://github.com/openwebf/v8/actions/runs/12093096526

... to match the check in TryReadBoilerplateForFastLiteral. Fixed: 379669752 Change-Id: I4b3ab00280d11b384ee3e56d467e6897e07984dd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/6037611 Auto-Submit: Victor Gomes <[email protected]> Commit-Queue: Igor Sheludko <[email protected]> Reviewed-by: Igor Sheludko <[email protected]> Cr-Commit-Position: refs/heads/main@{#97292}

All writes to JIT memory should go through the corresponding WritableJitAllocation object. Enforce this in debug mode for the WritableJumpTablePair, by unlocking the JIT memory only on the specific write instructions. Bug: 42203297 Change-Id: Ife2d52fb15909ec12cae9d3689379feb7b7c2306 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/6023135 Reviewed-by: Samuel Groß <[email protected]> Commit-Queue: Stephen Röttger <[email protected]> Cr-Commit-Position: refs/heads/main@{#97293}

to make sure that we cannot accidentally treat a ReadOnlyPageMetadata as a MutablePageMetadata object. For that, it is sufficient to check that the page's owner() is not nullptr. Bug: 379768241 Change-Id: If7818a760a9dcbb825c496bf792e65651fdc68c8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/6032624 Reviewed-by: Michael Lippautz <[email protected]> Commit-Queue: Samuel Groß <[email protected]> Cr-Commit-Position: refs/heads/main@{#97294}

Otherwise we still have the TF budget and delay reoptimization too much. We could consider making this even more aggressive... Change-Id: Ic61efd924310d02c9c26fe064727ea2281f17601 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/6037938 Auto-Submit: Toon Verwaest <[email protected]> Reviewed-by: Olivier Flückiger <[email protected]> Commit-Queue: Toon Verwaest <[email protected]> Cr-Commit-Position: refs/heads/main@{#97295}

…tions The bug is only for `I16x8MinU` instruction, but some other instructions missed it too (discovered by just manuallly checking the SSE4_INSTRUCTION_LIST for x64). This bug is similar to b/379066968 where we missed it for Liftoff. Fixed: 379811148 Change-Id: I21ccedf024e34aff2225f830900542fc19cea554 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/6037937 Commit-Queue: Eva Herencsárová <[email protected]> Reviewed-by: Matthias Liedtke <[email protected]> Cr-Commit-Position: refs/heads/main@{#97296}

[email protected] Bug: 379811144 Change-Id: Ice64e521344b88709a730abb1f7fbced1157c306 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/6037940 Commit-Queue: Andreas Haas <[email protected]> Commit-Queue: Marja Hölttä <[email protected]> Auto-Submit: Andreas Haas <[email protected]> Reviewed-by: Marja Hölttä <[email protected]> Cr-Commit-Position: refs/heads/main@{#97297}

... because std::pow seems much faster than our custom implementation. Change-Id: Ibccdeac37aabc75031fea16faf4e89caf163cfa7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/6037610 Reviewed-by: Leszek Swirski <[email protected]> Auto-Submit: Darius Mercadier <[email protected]> Commit-Queue: Darius Mercadier <[email protected]> Cr-Commit-Position: refs/heads/main@{#97298}

For a character class that corresponds to a list of disjoint character ranges, the compiler now generates a new bytecode instruction RANGE_COUNT followed by a CONSUME_RANGE for each range. In the interpreter, each range in the list is tried until one range matches. This avoids generating FORK instructions and copying threads when dealing with such disjoint character ranges. This is part of my work at the SYSTEMF lab at EPFL. Bug: 374930303 Change-Id: Ic0b46074cba17c6685f111736ccc49bb228bd7d8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5952934 Reviewed-by: Jakob Linke <[email protected]> Reviewed-by: Patrick Thier <[email protected]> Commit-Queue: Patrick Thier <[email protected]> Cr-Commit-Position: refs/heads/main@{#97299}

Bug: 42204615 Change-Id: I58a87f97811028f6e01ef899e8901f6e63cf5d6a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/6038422 Reviewed-by: Thibaud Michaud <[email protected]> Commit-Queue: Ilya Rezvov <[email protected]> Cr-Commit-Position: refs/heads/main@{#97300}

When a function is flushed and then marked for optimization we must ensure it has a feedback vector before we call into the optimizing compiler. Fixed: 379811151 Change-Id: I584738289a1b904ad6a361aa9b2451e0f5bca2e3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/6037997 Commit-Queue: Toon Verwaest <[email protected]> Auto-Submit: Olivier Flückiger <[email protected]> Reviewed-by: Toon Verwaest <[email protected]> Cr-Commit-Position: refs/heads/main@{#97301}

PatchValue for indirect handles serves the purpose of updating the handle's value in such a way that all other indirect handles with the same location are affected. This is not possible with direct handles, where the current implementation of this method is semantically equivalent to simple handle assignment. This CL removes the method PatchValue for direct handles, as its use during migration from indirect to direct handles would introduce subtle bugs that would be difficult to catch. It replaces it with a SetValue method, which serves as in-place handle assignment. To support the configuration with "fake" direct handles that is currently used in production, SetValue for such handles is implemented via PatchValue (and therefore affects all indirect handles with the same location), in order to avoid performance regressions. The CL also aligns a few differences in the implementation of "fake" direct handles and maybe-handles. It introduces the auxiliary function direct_handle, for ensuring that a handle is converted to direct. Bug: 42203211 Change-Id: Ie72d2fba7cdfdb47db094cbedea5613c58d375a2 Cq-Include-Trybots: luci.v8.try:v8_linux64_css_dbg Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/6018328 Reviewed-by: Michael Lippautz <[email protected]> Reviewed-by: Omer Katz <[email protected]> Commit-Queue: Nikolaos Papaspyrou <[email protected]> Cr-Commit-Position: refs/heads/main@{#97302}

It is possible to manually override the optimization request, thus we currently have no way of properly DCHECKING inside JSFunction::RequestOptimization if a request is valid w.r.t. our tiering machinery. Fixed: 379811150 Change-Id: Ic351889b71caaf89930d6f83529ef2e2a531871c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/6038835 Reviewed-by: Toon Verwaest <[email protected]> Auto-Submit: Olivier Flückiger <[email protected]> Commit-Queue: Toon Verwaest <[email protected]> Cr-Commit-Position: refs/heads/main@{#97303}

Maglev uses scope infos to detect if two contexts may alias. This is only correct if we are guaranteed to have unique scope infos. This in turn relies on the machinery behind `v8_flags.reuse_scope_infos`. Bug: 379758212 Change-Id: I4d65c5e1dfc492d0a812a61358998ffecb488588 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/6038339 Reviewed-by: Igor Sheludko <[email protected]> Commit-Queue: Igor Sheludko <[email protected]> Auto-Submit: Olivier Flückiger <[email protected]> Commit-Queue: Olivier Flückiger <[email protected]> Cr-Commit-Position: refs/heads/main@{#97304}

Fixed: 369739212 Change-Id: I16c33d48f8095b8d490fa2a4ee82f7266dda54f4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/6038341 Commit-Queue: Igor Sheludko <[email protected]> Commit-Queue: Leszek Swirski <[email protected]> Reviewed-by: Leszek Swirski <[email protected]> Auto-Submit: Igor Sheludko <[email protected]> Cr-Commit-Position: refs/heads/main@{#97305}

Use IsMarkedOrAlwaysLive() instead of checking markbits manually. This should now handle our new "black allocation" scheme correctly as well. This CL should also fix a data race with --shared-string-table between the main and worker isolates. In this race the worker isolate collects object stats and checks the mark bit of a shared string. Concurrently the main thread sweeps the shared space page of that shared string. I was not able to reproduce this race locally but it should be fixed because by using IsMarkedOrAlwaysLive() we are not loading markbits for shared objects on worker isolates anymore. Bug: 379805756 Change-Id: I1cc1625521c5d699eacff4f9df258781c8f065c8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/6037996 Commit-Queue: Dominik Inführ <[email protected]> Reviewed-by: Michael Lippautz <[email protected]> Cr-Commit-Position: refs/heads/main@{#97306}

Port commit 708f6fa Change-Id: Ibc65ed20d7bf81e28950301c9fc3c97b3aab5df1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/6034483 Reviewed-by: Olivier Flückiger <[email protected]> Commit-Queue: Zhao Jiazhong <[email protected]> Auto-Submit: Zhao Jiazhong <[email protected]> Cr-Commit-Position: refs/heads/main@{#97307}

Rolling third_party/fuzztest: https://chromium.googlesource.com/chromium/src/third_party/fuzztest/+log/45d1913..4e150a3 Fuzztests: cease to apply so many flags (Adrian Taylor) https://chromium.googlesource.com/chromium/src/third_party/fuzztest/+/4e150a3 Roll created at https://cr-buildbucket.appspot.com/build/8730686854402783041 Cq-Include-Trybots: luci.v8.try:v8_linux64_asan_centipede_compile_dbg Change-Id: I536b684f87f1de535620e42b299cd98da1287780 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/6039200 Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#97308}

Bug: 40276207 Change-Id: If8bbb77c9af430dc024b71af12b3a3fa43a6ae2c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/6031881 Commit-Queue: Simon Zünd <[email protected]> Auto-Submit: Alex Rudenko <[email protected]> Reviewed-by: Yang Guo <[email protected]> Reviewed-by: Simon Zünd <[email protected]> Cr-Commit-Position: refs/heads/main@{#97309}

No-Try: true Bug: 42204555 Change-Id: I4fe886a4d2a35ef889b0d4d486874caae628a37a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/6040156 Reviewed-by: Victor Gomes <[email protected]> Commit-Queue: Marja Hölttä <[email protected]> Auto-Submit: Michael Achenbach <[email protected]> Reviewed-by: Marja Hölttä <[email protected]> Cr-Commit-Position: refs/heads/main@{#97310}

Use the parameter_count from the BytecodeArray to set the formal_parameter_count of an InlinedExtraArguments frame. Fixed: 379418918 Bug: 40931165, 336140976 Change-Id: I01aff44282c8caefdea86f943a02ba21f8884b7d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/6031888 Commit-Queue: Leszek Swirski <[email protected]> Reviewed-by: Igor Sheludko <[email protected]> Auto-Submit: Leszek Swirski <[email protected]> Reviewed-by: Darius Mercadier <[email protected]> Cr-Commit-Position: refs/heads/main@{#97311}

Bug: 370536107 Change-Id: I06ab957d812e5a3767c3339ef366c732c0cf1638 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/6037707 Commit-Queue: Igor Sheludko <[email protected]> Auto-Submit: Olivier Flückiger <[email protected]> Commit-Queue: Olivier Flückiger <[email protected]> Reviewed-by: Igor Sheludko <[email protected]> Cr-Commit-Position: refs/heads/main@{#97312}

The test is failing on Android. Bug: 380011691 Change-Id: Id55412ded351fab290fc83b17fa4d4cb58bff54e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/6037708 Auto-Submit: Omer Katz <[email protected]> Commit-Queue: Omer Katz <[email protected]> Commit-Queue: Michael Achenbach <[email protected]> Reviewed-by: Michael Achenbach <[email protected]> Cr-Commit-Position: refs/heads/main@{#97313}

This removes an obsolete suppression specific to a removed optimization. It also reduces the precision of Math.pow when comparing different architectures in differential fuzzing due to 32 and 64 bit differences. Fixed: 380147861 Change-Id: If7cf575ddd09877c3a7dedf02a62c50b9ba50cc8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/6038007 Reviewed-by: Darius Mercadier <[email protected]> Commit-Queue: Michael Achenbach <[email protected]> Cr-Commit-Position: refs/heads/main@{#97314}

Context specialized and non-specialized code can be marked for optimization independently. The reason is that context specialized JSFunctions have their own dispatch_handle. If that happens both will race for who gets to start an actual compile job. Since currently we assume that only one tiering action can happen simultaneously, we should ensure who gets in second will be deferred. Fixed: 380107336 Change-Id: I45bcb1b4bad03760d51c2b23fb0c0fe34f18f65b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/6038061 Reviewed-by: Jakob Linke <[email protected]> Commit-Queue: Olivier Flückiger <[email protected]> Commit-Queue: Jakob Linke <[email protected]> Auto-Submit: Olivier Flückiger <[email protected]> Cr-Commit-Position: refs/heads/main@{#97315}

No-Try: true Bug: 375270513 Change-Id: I095c4f97266c7437968cc318b0731c662054b7f4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/6039757 Auto-Submit: Michael Achenbach <[email protected]> Commit-Queue: Clemens Backes <[email protected]> Reviewed-by: Clemens Backes <[email protected]> Cr-Commit-Position: refs/heads/main@{#97316}

Extend the lifetime of the TurbofanPipelineStatistics object to also cover the "Finalize" phase of the WasmTurboshaftWrapperCompilationJob. Plus some drive-by changes I applied while figuring out what's wrong (making some fields const and making PipelineStatisticsBase non-copyable). [email protected] Fixed: 375286252 Bug: 376153005 Change-Id: I46a2c76f3066a1d617f4203cf86928cb1794362d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/6038841 Commit-Queue: Clemens Backes <[email protected]> Reviewed-by: Nico Hartmann <[email protected]> Cr-Commit-Position: refs/heads/main@{#97317}

The test uses SABs and workers and is hence unpredictable. [email protected] Bug: 377942344 Change-Id: Iaebf6ea22798e31077f3d017091a45154f25a494 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/6035055 Reviewed-by: Jakob Linke <[email protected]> Commit-Queue: Clemens Backes <[email protected]> Cr-Commit-Position: refs/heads/main@{#97318}

The modifier reset node isn't always reached in QuickCheck graph traversal. We therefore manually reset flags after recursing in GetQuickCheckDetails(). Fixed: 377820802 Change-Id: Id2006f6fd222a2ef0755ad3a291130d1699aee21 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/6038009 Commit-Queue: Patrick Thier <[email protected]> Reviewed-by: Jakob Linke <[email protected]> Reviewed-by: Erik Corry <[email protected]> Cr-Commit-Position: refs/heads/main@{#97319}

Prepare for indirect function calls that will go through the WasmCodePointerTable (still behind a build flag) Bug: 363975785 Change-Id: I81a11fe0c1615182db8e77171212da306be03974 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5965160 Reviewed-by: Matthias Liedtke <[email protected]> Commit-Queue: Stephen Röttger <[email protected]> Cr-Commit-Position: refs/heads/main@{#97320}

With this change, we will be able to enable the debug-only enforcement of the WritableJitAllocation again that all writes need to go through the object. Bug: 42203297 Change-Id: I3794f4d18b4566da190ff6667a9b873e01e3a237 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/6041972 Commit-Queue: Stephen Röttger <[email protected]> Reviewed-by: Clemens Backes <[email protected]> Cr-Commit-Position: refs/heads/main@{#97321}

victorgomes and others added 30 commits November 20, 2024 12:55

andycall and others added 25 commits November 30, 2024 16:18

feat: add macos arm64 scripts

a88b256

fix workflows

42b4bd6

Update build-and-release.yml

345e387

fix: fix compile

fe8e13b

try build

28c1dac

fix: remove clone

6847da3

Update build-and-release.yml

1f276a6

Update build-and-release.yml

2b56126

test

e8ea818

fix: fix v8 compile

14d0e63

fix: fix v8 compile

9f7a5bd

fix: fix v8 compile

60f3a4d

Update build-and-release.yml

508b2fd

Update build-and-release.yml

81d9a8d

feat: add ios build

438e217

Update build-and-release.yml

4bb0afa

fix: fix ci

840608e

fix: fix ci

d905cd3

fix: fix ci

d2a34c4

Update build-and-release.yml

ae22909

Update build-and-release.yml

dc084d3

chore: Update ndk-version:r21e

5268fca

delete use_custom_libcxx and ndk use r16b

b33c25a

feat: update actions/upload-artifact@v3

bbdfb3d

feat: use mac_sdk_min = "14.0"

cd675ac

david-clang force-pushed the feat/sync-newest branch from bebd165 to cd675ac Compare November 30, 2024 08:20

david-clang changed the title ~~Upgrade V8 11.9.169.6 to 13.3.201~~ Upgrade V8 11.9.169.6 to 13.3.206 Nov 30, 2024

Merge branch 'main' into feat/sync-newest

b23bbbc

andycall approved these changes Nov 30, 2024

View reviewed changes

andycall merged commit 85881aa into main Nov 30, 2024
2 of 3 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Upgrade V8 11.9.169.6 to 13.3.206 #3

Upgrade V8 11.9.169.6 to 13.3.206 #3

david-clang commented Nov 30, 2024 •

edited

Loading

Upgrade V8 11.9.169.6 to 13.3.206 #3

Upgrade V8 11.9.169.6 to 13.3.206 #3

Conversation

david-clang commented Nov 30, 2024 • edited Loading

the approach for this upgrade

CI succeeded

david-clang commented Nov 30, 2024 •

edited

Loading