Reland "Embedding feedback in BytecodeArray for StrictEqual" [v8/v8 : main]
0 views
Skip to first unread message
Wei, Yuheng (Gerrit)
Nov 17, 2025, 2:04:46β―AMΒ (2 days ago)Β Nov 17
to Toon Verwaest, Nico Hartmann, Michael Lippautz, V8 LUCI CQ, Xu, Hao A, Leszek Swirski, Junliang Yan, Darius Mercadier, AyeAye, Milad Farazmand, v8-re...@googlegroups.com, dmercadi...@chromium.org, leszek...@chromium.org, verwaes...@chromium.org, v8-risc...@chromium.org, v8-mip...@googlegroups.com, victorgo...@chromium.org, v8-ppc...@googlegroups.com
Attention needed from Leszek Swirski, Michael Lippautz, Nico Hartmann, Toon Verwaest and Xu, Hao A
Wei, Yuheng added 1 comment![]( "Open in Gerrit")
File tools/sanitizers/tsan_suppressions.txt
Line 20, Patchset 3:
race:BytecodeDecoder::RacyDecodeEmbeddedFeedbackWei, Yuheng . unresolved
Leszek SwirskiThere is a [data race issue](https://issues.chromium.org/issues/460174987) flagged by fuzzer. Should we consider going back to a TSAN-friendly implementation, or mark this issue as `Intended behavior`? @les...@chromium.org
Wei, Yuhengthis sounds like the suppression is not working? maybe it doesn't handle namespaces well?
Wei, YuhengThis rule works for the `v8_linux64_tsan_rel` try bot; The clusterfuzz does consume a `tsan_suppression.txt`:
```
[Environment] TSAN_OPTIONS=...:suppressions=/mnt/scratch0/clusterfuzz/src/appengine/config/suppressions/tsan_suppressions.txt:...
```Maybe the fuzzer didn't correctly read this one? I'm not sureπ€.
Leszek Swirskimaybe it doesn't handle namespaces well?
Would changing from `race:BytecodeDecoder::RacyDecodeEmbeddedFeedback` to `race:v8::internal::interpreter::BytecodeDecoder::RacyDecodeEmbeddedFeedback` make it happy?
Wei, YuhengI don't know, you'll have to try it.
Leszek SwirskiMarked as resolved.
Wei, YuhengCan you please check before submitting?
Wei, YuhengSure. I will try it locally first.
Leszek SwirskiThe [issue provided build](https://clusterfuzz.com/testcase-detail/6014179009822720) and current suppression rule (`race:BytecodeDecoder::RacyDecodeEmbeddedFeedback`)works fine on my local machine.
Maybe the fuzzer didn't correctly read this one?
I think this is the problem.
Wei, YuhengDoes it successfully fail if you don't give it the suppression rule? If yes, then we have to adjust how our fuzzer does this suppression.
Leszek SwirskiYes, I try to remove this rule from the suppression file and the data race is reported as expected. Adding this suppression rule removes the errors
Wei, Yuhengdoes it work to annotate that function with DISABLE_TSAN instead of suppressing? It's apparently tricky to pass our suppressions to the fuzzer :/
Upload [patchset3..6](https://chromium-review.googlesource.com/c/v8/v8/+/7148333/3..6) to apply `DISABLE_TSAN`; This works for `v8_linux64_tsan_rel` tryjob, and I expect it will also works for fuzzer. Please help take a look!
Related details
Attention is currently required from:
- Leszek Swirski
- Michael Lippautz
- Nico Hartmann
- Toon Verwaest
- Xu, Hao A
Submit Requirements:
Code-Owners
Code-Review
No-Unresolved-Comments
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Toon Verwaest (Gerrit)
Nov 17, 2025, 5:50:17β―AMΒ (2 days ago)Β Nov 17
to Wei, Yuheng, Nico Hartmann, Michael Lippautz, V8 LUCI CQ, Xu, Hao A, Leszek Swirski, Junliang Yan, Darius Mercadier, AyeAye, Milad Farazmand, v8-re...@googlegroups.com, dmercadi...@chromium.org, leszek...@chromium.org, verwaes...@chromium.org, v8-risc...@chromium.org, v8-mip...@googlegroups.com, victorgo...@chromium.org, v8-ppc...@googlegroups.com
Attention needed from Leszek Swirski, Michael Lippautz, Nico Hartmann, Wei, Yuheng and Xu, Hao A
Toon Verwaest voted Code-Review+1![]( "Open in Gerrit")
Attention is currently required from:
- Leszek Swirski
- Michael Lippautz
- Nico Hartmann
- Wei, Yuheng
- Xu, Hao A
Nico Hartmann (Gerrit)
Nov 17, 2025, 7:01:32β―AMΒ (2 days ago)Β Nov 17
to Wei, Yuheng, Toon Verwaest, Michael Lippautz, V8 LUCI CQ, Xu, Hao A, Leszek Swirski, Junliang Yan, Darius Mercadier, AyeAye, Milad Farazmand, v8-re...@googlegroups.com, dmercadi...@chromium.org, leszek...@chromium.org, verwaes...@chromium.org, v8-risc...@chromium.org, v8-mip...@googlegroups.com, victorgo...@chromium.org, v8-ppc...@googlegroups.com
Attention needed from Leszek Swirski, Michael Lippautz, Wei, Yuheng and Xu, Hao A
Nico Hartmann voted Code-Review+1![]( "Open in Gerrit")
| Code-Review | +1 |
Related details
Attention is currently required from:
- Leszek Swirski
- Michael Lippautz
- Wei, Yuheng
- Xu, Hao A
Submit Requirements:
Code-Owners
Code-Review
No-Unresolved-Comments
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Xu, Hao A (Gerrit)
Nov 18, 2025, 10:24:04β―AMΒ (22 hours ago)Β Nov 18
to Wei, Yuheng, Nico Hartmann, Toon Verwaest, Michael Lippautz, V8 LUCI CQ, Leszek Swirski, Junliang Yan, Darius Mercadier, AyeAye, Milad Farazmand, v8-re...@googlegroups.com, dmercadi...@chromium.org, leszek...@chromium.org, verwaes...@chromium.org, v8-risc...@chromium.org, v8-mip...@googlegroups.com, victorgo...@chromium.org, v8-ppc...@googlegroups.com
Attention needed from Leszek Swirski, Michael Lippautz and Wei, Yuheng
Xu, Hao A added 1 comment![]( "Open in Gerrit")
File tools/sanitizers/tsan_suppressions.txt
Xu, Hao A
@leszek Could you please take a look if this solution works? Thanks!
Related details
Attention is currently required from:
- Leszek Swirski
- Michael Lippautz
- Wei, Yuheng
Leszek Swirski (Gerrit)
Nov 18, 2025, 10:33:19β―AMΒ (22 hours ago)Β Nov 18
to Wei, Yuheng, Nico Hartmann, Toon Verwaest, Michael Lippautz, V8 LUCI CQ, Xu, Hao A, Junliang Yan, Darius Mercadier, AyeAye, Milad Farazmand, v8-re...@googlegroups.com, dmercadi...@chromium.org, leszek...@chromium.org, verwaes...@chromium.org, v8-risc...@chromium.org, v8-mip...@googlegroups.com, victorgo...@chromium.org, v8-ppc...@googlegroups.com
Attention needed from Michael Lippautz, Wei, Yuheng and Xu, Hao A
Leszek Swirski voted and added 1 comment![]( "Open in Gerrit")
Votes added by Leszek Swirski
| Code-Review | +1 |
1 comment
File tools/sanitizers/tsan_suppressions.txt
Line 20, Patchset 3:
race:BytecodeDecoder::RacyDecodeEmbeddedFeedbackWei, Yuheng . resolved
Attention is currently required from:
- Michael Lippautz
- Wei, Yuheng
- Xu, Hao A
Submit Requirements:
Code-Owners
Code-Review
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Wei, Yuheng (Gerrit)
Nov 18, 2025, 9:02:22β―PMΒ (11 hours ago)Β Nov 18
to Leszek Swirski, Nico Hartmann, Toon Verwaest, Michael Lippautz, V8 LUCI CQ, Xu, Hao A, Junliang Yan, Darius Mercadier, AyeAye, Milad Farazmand, v8-re...@googlegroups.com, dmercadi...@chromium.org, leszek...@chromium.org, verwaes...@chromium.org, v8-risc...@chromium.org, v8-mip...@googlegroups.com, victorgo...@chromium.org, v8-ppc...@googlegroups.com
Attention needed from Michael Lippautz and Xu, Hao A
Wei, Yuheng voted Commit-Queue+2![]( "Open in Gerrit")
Attention is currently required from:
- Michael Lippautz
- Xu, Hao A
V8 LUCI CQ (Gerrit)
Nov 18, 2025, 9:41:19β―PMΒ (11 hours ago)Β Nov 18
to Wei, Yuheng, Leszek Swirski, Nico Hartmann, Toon Verwaest, Michael Lippautz, Xu, Hao A, Junliang Yan, Darius Mercadier, AyeAye, Milad Farazmand, v8-re...@googlegroups.com, dmercadi...@chromium.org, leszek...@chromium.org, verwaes...@chromium.org, v8-risc...@chromium.org, v8-mip...@googlegroups.com, victorgo...@chromium.org, v8-ppc...@googlegroups.com
V8 LUCI CQ submitted the change![]( "Open in Gerrit")
Change information
Commit message:
Reland "Embedding feedback in BytecodeArray for StrictEqual"
This is a reland of commit f0fed41e48b1966e3e565ae278d018da538ef123
Original change's description:
> Embedding feedback in BytecodeArray for StrictEqual
>
> This CL removes the feedback vector slot for StrictEqual and stores its feedback values directly in the BytecodeArray. Optimized compilers will now access the type feedback from the BytecodeArray.
>
> Before:
> 75 04 00 TestEqualStrict a1, [0]
>
> After:
> 75 04 00 00 TestEqualStrict a1, #0
>
> This change saves moemory by reducing FeedbackVector size, and is part of the Sparkplug+ optimization effort.
>
> Bug: chromium:429351411
> Change-Id: I24390811c12755b0a19beaefe2b0319d75ceaf6c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/6986847
> Reviewed-by: Xu, Hao A <hao....@intel.com>
> Commit-Queue: Wei, Yuheng <yuhen...@intel.com>
> Reviewed-by: Nico Hartmann <nicoha...@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#103656}
Bug: chromium:429351411
Change-Id: I77286b0e9c65f8a9e257a2125adab7f68fe09aec
Reviewed-by: Nico Hartmann <nicoha...@chromium.org>
Commit-Queue: Wei, Yuheng <yuhen...@intel.com>
Reviewed-by: Toon Verwaest <verw...@chromium.org>
Reviewed-by: Leszek Swirski <les...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#103800}
Files:
- M src/base/macros.h
- M src/baseline/baseline-compiler.cc
- M src/builtins/builtins-definitions.h
- M src/builtins/builtins-number-gen.cc
- M src/codegen/arm/interface-descriptors-arm-inl.h
- M src/codegen/arm64/interface-descriptors-arm64-inl.h
- M src/codegen/code-stub-assembler.cc
- M src/codegen/code-stub-assembler.h
- M src/codegen/ia32/interface-descriptors-ia32-inl.h
- M src/codegen/interface-descriptors.h
- M src/codegen/loong64/interface-descriptors-loong64-inl.h
- M src/codegen/mips64/interface-descriptors-mips64-inl.h
- M src/codegen/ppc/interface-descriptors-ppc-inl.h
- M src/codegen/riscv/interface-descriptors-riscv-inl.h
- M src/codegen/s390/interface-descriptors-s390-inl.h
- M src/codegen/x64/interface-descriptors-x64-inl.h
- M src/common/globals.h
- M src/compiler/backend/instruction-codes.h
- M src/compiler/backend/instruction-scheduler.cc
- M src/compiler/backend/instruction-selector.cc
- M src/compiler/backend/instruction-selector.h
- M src/compiler/backend/x64/code-generator-x64.cc
- M src/compiler/backend/x64/instruction-selector-x64.cc
- M src/compiler/bytecode-graph-builder.cc
- M src/compiler/code-assembler.cc
- M src/compiler/code-assembler.h
- M src/compiler/feedback-source.cc
- M src/compiler/feedback-source.h
- M src/compiler/js-generic-lowering.cc
- M src/compiler/js-operator.cc
- M src/compiler/js-operator.h
- M src/compiler/js-type-hint-lowering.cc
- M src/compiler/js-type-hint-lowering.h
- M src/compiler/js-typed-lowering.cc
- M src/compiler/machine-operator.cc
- M src/compiler/machine-operator.h
- M src/compiler/opcodes.h
- M src/compiler/raw-machine-assembler.cc
- M src/compiler/raw-machine-assembler.h
- M src/compiler/simplified-lowering-verifier.cc
- M src/compiler/turbofan-typer.cc
- M src/compiler/turboshaft/assembler.h
- M src/compiler/turboshaft/graph-builder.cc
- M src/compiler/turboshaft/late-load-elimination-reducer.cc
- M src/compiler/turboshaft/operations.cc
- M src/compiler/turboshaft/operations.h
- M src/compiler/verifier.cc
- M src/interpreter/bytecode-array-builder.cc
- M src/interpreter/bytecode-array-builder.h
- M src/interpreter/bytecode-array-iterator.cc
- M src/interpreter/bytecode-array-iterator.h
- M src/interpreter/bytecode-array-writer.cc
- M src/interpreter/bytecode-array-writer.h
- M src/interpreter/bytecode-decoder.cc
- M src/interpreter/bytecode-decoder.h
- M src/interpreter/bytecode-generator.cc
- M src/interpreter/bytecode-generator.h
- M src/interpreter/bytecodes.h
- M src/interpreter/interpreter-assembler.cc
- M src/interpreter/interpreter-assembler.h
- M src/interpreter/interpreter-generator.cc
- M src/interpreter/interpreter.cc
- M src/maglev/maglev-graph-builder.cc
- M src/maglev/maglev-ir.cc
- M src/maglev/maglev-ir.h
- M src/runtime/runtime-test.cc
- M src/sandbox/code-sandboxing-mode.h
- M test/cctest/compiler/test-js-typed-lowering.cc
- M test/mjsunit/turboshaft/maglev-frontend/not-initialized-let-in-switch.js
- M test/unittests/compiler/js-typed-lowering-unittest.cc
- M test/unittests/interpreter/bytecode-array-builder-unittest.cc
- M test/unittests/interpreter/bytecode_expectations/ClassDeclarations.golden
- M test/unittests/interpreter/bytecode_expectations/ElideRedundantHoleChecks.golden
- M test/unittests/interpreter/bytecode_expectations/IfConditions.golden
- M test/unittests/interpreter/bytecode_expectations/StaticClassFields.golden
- M test/unittests/interpreter/bytecode_expectations/Switch.golden
- M test/unittests/interpreter/bytecode_expectations/VariableWithHint.golden
- M test/unittests/interpreter/interpreter-tester.cc
- M test/unittests/interpreter/interpreter-tester.h
- M test/unittests/interpreter/interpreter-unittest.cc
- M tools/sanitizers/tsan_suppressions.txt
Change size: XL
Delta: 81 files changed, 1523 insertions(+), 533 deletions(-)
Branch: refs/heads/main
Submit Requirements:
Code-Review: +1 by Leszek Swirski, +1 by Toon Verwaest, +1 by Nico Hartmann
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Xu, Hao A (Gerrit)
5:28β―AMΒ (3 hours ago)Β 5:28β―AM
to Wei, Yuheng, V8 LUCI CQ, Leszek Swirski, Nico Hartmann, Toon Verwaest, Michael Lippautz, Junliang Yan, Darius Mercadier, AyeAye, Milad Farazmand, v8-re...@googlegroups.com, dmercadi...@chromium.org, leszek...@chromium.org, verwaes...@chromium.org, v8-risc...@chromium.org, v8-mip...@googlegroups.com, victorgo...@chromium.org, v8-ppc...@googlegroups.com
Xu, Hao A added 1 comment![]( "Open in Gerrit")
File tools/sanitizers/tsan_suppressions.txt
Xu, Hao A
Thanks! Let's wait for the test bots. If it doesn't work, maybe we can fix it without reverting the entire CL, since this is not the reason for reverting the original CL.
Related details
Attention set is empty
Submit Requirements:
Code-Owners
Code-Review
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Reply all
Reply to author
Forward
0 new messages