- 07 Aug, 2020 12 commits
-
-
Mythri A authored
Temporarily turnoff dynamic map checks for TurboProp to measure the impact after changing OSR heuristics. Bug: v8:10582, v8:9684 Change-Id: Ia458be139bf7c281bda40cbcd76e7a0c3fa5d60b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2343070Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Mythri Alle <mythria@chromium.org> Cr-Commit-Position: refs/heads/master@{#69294}
-
Almothana Athamneh authored
Bug: chromium:1110824 Change-Id: I77835942a81b6430ec23c16fa41dabac857e8c22 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2343079Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Almothana Athamneh <almuthanna@chromium.org> Cr-Commit-Position: refs/heads/master@{#69293}
-
Michael Achenbach authored
Bug: v8:10788 Change-Id: Iebc3f8dd892fd0f8123feaf11333eae6832589dc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2342852Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#69292}
-
Andreas Haas authored
Up until now. we only checked the size of tables defined in a module at instantiation time. For imported tables we only checked if the imported table matched the declared import in size. This causes a problem because we allocate function tables also for imported tabled before we actually look at the imported table. With this CL we first check the size of all tables, and only then start to initialize and load them. R=jkummerow@chromium.org Bug: chromium:1114006 Change-Id: Iaf194ed21fb83304fe3a7f0f7ba7b282396e3954 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339473 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#69291}
-
Marja Hölttä authored
Forgetting to add a new bytecode into the lists in serializer-in-background-compiler.cc results in a confusing CHECK failure. This moves the failure to a discoverable place. Change-Id: I3e78b4702bfa724748ec8ed3f7f49e0eedc504fc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2324246 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#69290}
-
Andreas Haas authored
The cast from uint32_t to int caused an integer overflow that let a bounds check succeed that should have failed. R=jkummerow@chromium.org Bug: chromium:1114005 Change-Id: Iea1af70af300be54c2a33d7dd10b3faa34d56eaa Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339472Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#69289}
-
Almothana Athamneh authored
Bug: chromium:1113183 Change-Id: Ic877bf392756733c2b61a834016a3d6bf7f48f2a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339103 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Almothana Athamneh <almuthanna@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#69288}
-
Marja Hölttä authored
The test have been rewritten to be more robust -> maybe they're robust enough for the GC fuzzer (DelayedTasksPlatform)? Bug: v8:10239 Change-Id: I743cc2f804357aaef888bff7985dfb68a7feec5f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2342848Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#69287}
-
Zeynep Cankara authored
This CL unifies the custom events by creating classes specialised based on the event type. Multiple entry selection causes panels to emit 'showentries' event. Single entry selection causes panels to emit 'showentrydetail' event. The events are received by the controller App class and updates the view of the panels and state of the app. Bug: v8:10644 Change-Id: Ibe26223459ba605c6d6d3f0025bf3a556dfb0578 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2335188 Commit-Queue: Zeynep Cankara <zcankara@google.com> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#69286}
-
Marja Hölttä authored
They're not valid, since the embedder is allowed to process tasks in several threads, if they do it in a thread safe manner. Bug: v8:10239 Change-Id: I6c397a8bba75ab7aec3ee8ea8de416af817d9514 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2342846Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#69285}
-
Leszek Swirski authored
This reverts commit 60ee70bb. Reason for revert: wasm-api-tests/WasmCapiTest.Serialize starts flaking: https://crbug.com/v8/10784 Original change's description: > [wasm] Ensure that only TurboFan code is serialized > > We have the implicit assumption that Liftoff code will never be > serialized, and we start relying on that when implementing new features > (debugging, dynamic tiering). > > This CL makes the serializer fail if the module contains any Liftoff > code. Existing tests are changed to ensure that we fully tiered up > before serializing a module (similar to the logic in Chromium). > The "wasm-clone-module" test needs to serialize the module before > enabling the debugger. > > Note that chrome currently only serializes a module after it fully > tiered up, so that should be fine. If other embedders need the ability > to serialize a module in an arbitrary state, we will have to fix this > later. With this CL we will be on the safe side though and (gracefully) > fail serialization instead of accidentally serializing Liftoff code. > > R=ahaas@chromium.org > > Bug: v8:10777 > Change-Id: I1245e5f7fda3447a544c1e3525e1239cde759174 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2336799 > Commit-Queue: Clemens Backes <clemensb@chromium.org> > Reviewed-by: Andreas Haas <ahaas@chromium.org> > Cr-Commit-Position: refs/heads/master@{#69276} TBR=ahaas@chromium.org,clemensb@chromium.org Change-Id: Ic1349375bd562bb0a2724c39c27ef3247461c97b No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:10777 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2342845Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#69284}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/2e78142..2943e82 Rolling v8/third_party/aemu-linux-x64: TfK3Whl6AfZifLOotcOS_jvckKztERlPvmVyZo16fN0C..xa2xI0A-kKlMVwMtJRzexwWWPSwHynmUpB0Z6C9Y7wkC Rolling v8/third_party/android_platform: https://chromium.googlesource.com/chromium/src/third_party/android_platform/+log/c1f84dc..5edcbfd Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/ac60992..5cf00e2 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/486f181..24289f2 Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/1078c41..e6863f8 Rolling v8/tools/luci-go: git_revision:56ae79476e3caf14da59d75118408aa778637936..git_revision:b022173f8069cf8001d4cf2a87ce7c5f0eae220f Rolling v8/tools/luci-go: git_revision:56ae79476e3caf14da59d75118408aa778637936..git_revision:b022173f8069cf8001d4cf2a87ce7c5f0eae220f Rolling v8/tools/luci-go: git_revision:56ae79476e3caf14da59d75118408aa778637936..git_revision:b022173f8069cf8001d4cf2a87ce7c5f0eae220f TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com Change-Id: I783e91f9c10a8c295a9df81a16f85fdbecfcc13c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2340190Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#69283}
-
- 06 Aug, 2020 28 commits
-
-
Georg Neis authored
The test relies on certain maps not dying but didn't ensure that. Bug: v8:10783 Change-Id: I708f7fc027ee0bf5656be9bb4f29130f5b924597 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2340912Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Auto-Submit: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#69282}
-
Bill Budge authored
This is a reland of ce249dbb As it's unchanged, TBR=leszeks@chromium.org,tebbi@chromium.org Original change's description: > [torque] Port some constructor builtins to Torque. > > - FastNewFunctionContextEval > - FastNewFunctionContextFunction > - CreateEmptyLiteralObject > - CreateRegExpLiteral > - CreateEmptyArrayLiteral > - CreateShallowArrayLiteral > - CreateShallowObjectLiteral > - NumberConstructor > - ObjectConstructor > - GenericLazyDeoptContinuation > > Bug: v8:9891 > > Change-Id: Idd4bf035d8dbeec03b9ef727e1bfb80eab4bc43c > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2311411 > Commit-Queue: Bill Budge <bbudge@chromium.org> > Reviewed-by: Leszek Swirski <leszeks@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/master@{#69082} Bug: v8:9891 Change-Id: I566d4167c02488ef6a9a1c73015af5e2f484a31d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2330382 Commit-Queue: Bill Budge <bbudge@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#69281}
-
Santiago Aboy Solanes authored
This will ensure that the PersistentHandles are all created, and in the OptimizedCompilationInfo before going into Exectute. Bug: v8:7790 Change-Id: I1bc4f45153113c48422371498ff2cf79a1267737 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2336803Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#69280}
-
Milad Farazmand authored
Change-Id: I0362b4123ccce5d2709b1705453a32697581e526 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339551Reviewed-by: Junliang Yan <jyan@ca.ibm.com> Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#69279}
-
Santiago Aboy Solanes authored
Now that we are using PersistentHandles, we don't need it anymore. Bug: v8:7790 Change-Id: Id0b9d555191c00fb08dc2bb9099746076c5ad1b7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2332161 Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#69278}
-
Thibaud Michaud authored
Spill registers before stack checks so that we can inspect them, similar to traps. OSR during a stack check is still unsupported and will be fixed in a follow-up CL. R=clemensb@chromium.org Bug: v8:10235 Change-Id: I22c2da6b3f79b30c3838c568f9680204afc85d36 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339467 Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#69277}
-
Clemens Backes authored
We have the implicit assumption that Liftoff code will never be serialized, and we start relying on that when implementing new features (debugging, dynamic tiering). This CL makes the serializer fail if the module contains any Liftoff code. Existing tests are changed to ensure that we fully tiered up before serializing a module (similar to the logic in Chromium). The "wasm-clone-module" test needs to serialize the module before enabling the debugger. Note that chrome currently only serializes a module after it fully tiered up, so that should be fine. If other embedders need the ability to serialize a module in an arbitrary state, we will have to fix this later. With this CL we will be on the safe side though and (gracefully) fail serialization instead of accidentally serializing Liftoff code. R=ahaas@chromium.org Bug: v8:10777 Change-Id: I1245e5f7fda3447a544c1e3525e1239cde759174 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2336799 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#69276}
-
Marja Hölttä authored
This is a reland of 28ead054 The failure is a test that is sensitive to adding a function in a FunctionTemplate in d8: https://bugs.chromium.org/p/v8/issues/detail?id=10783 Original change's description: > [Atomics.waitAsync] Fix removing multiple nodes when Isolate deinits > > RemoveNode already nullifies the next_ pointer of FutexWaitListNode, > and DeleteAsyncNode was trying to retrieve it. > > Bug: v8:10239 > Change-Id: I595885de87f433d263eeacfc825a689efd467f5e > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2332812 > Commit-Queue: Marja Hölttä <marja@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Shu-yu Guo <syg@chromium.org> > Cr-Commit-Position: refs/heads/master@{#69259} Bug: v8:10239 Tbr: leszeks@chromium.org Change-Id: Icec590354886433a0b41c8f9b7af7101b54b7690 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339469Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#69275}
-
Maya Lekova authored
TBR=cbruni@chromium.org Bug: chromium:1052746 Change-Id: Ib61b06bcc4cd7cf9cfa741899322739e807605b0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339619 Commit-Queue: Maya Lekova <mslekova@chromium.org> Auto-Submit: Maya Lekova <mslekova@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#69274}
-
Marja Hölttä authored
Bug: v8:10783 No-Try: true Change-Id: I605813842af639158909bce13e162869b3cfc6db Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339621 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#69273}
-
Z Nguyen-Huu authored
Just a fast iteration over bytes written in Torque for Smi number and non-decimal radix, also only for more than one string character result. Improve following micro-benchmark by ~75% Before toHexString toHexString-Numbers(Score): 7905000 After toHexString toHexString-Numbers(Score): 14419000 Bug: v8:10477 Change-Id: I366092d4d70156ad33830352c1122af8794bea76 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2330221 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#69272}
-
Leszek Swirski authored
This reverts commit 28ead054. Reason for revert: mjsunit/compiler/serializer-transition-propagation failure seems to bisect to this (despite looking unrelated): https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/32532 Original change's description: > [Atomics.waitAsync] Fix removing multiple nodes when Isolate deinits > > RemoveNode already nullifies the next_ pointer of FutexWaitListNode, > and DeleteAsyncNode was trying to retrieve it. > > Bug: v8:10239 > Change-Id: I595885de87f433d263eeacfc825a689efd467f5e > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2332812 > Commit-Queue: Marja Hölttä <marja@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Shu-yu Guo <syg@chromium.org> > Cr-Commit-Position: refs/heads/master@{#69259} TBR=ulan@chromium.org,marja@chromium.org,syg@chromium.org Change-Id: I5db179aec5a04f59770903b17d059a7150c7efbd No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:10239 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339466Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#69271}
-
Leszek Swirski authored
Changes the isolate's string table into an off-heap structure. This allows the string table to be resized without allocating on the V8 heap, and potentially triggering a GC. This allows existing strings to be inserted into the string table without requiring allocation. This has two important benefits: 1) It allows the deserializer to insert strings directly into the string table, rather than having to defer string insertion until deserialization completes. 2) It simplifies the concurrent string table lookup to allow resizing the table inside the write lock, therefore eliminating the race where two concurrent lookups could both resize the table. The off-heap string table has the following properties: 1) The general hashmap behaviour matches the HashTable, i.e. open addressing, power-of-two sized, quadratic probing. This could, of course, now be changed. 2) The empty and deleted sentinels are changed to Smi 0 and 1, respectively, to make those comparisons a bit cheaper and not require roots access. 3) When the HashTable is resized, the old elements array is kept alive in a linked list of previous arrays, so that concurrent lookups don't lose the data they're accessing. This linked list is cleared by the GC, as then we know that all threads are in a safepoint. 4) The GC treats the hash table entries as weak roots, and only walks them for non-live reference clearing and for evacuation. 5) Since there is no longer a FixedArray to serialize for the startup snapshot, there is now a custom serialization of the string table, and the string table root is considered unserializable during weak root iteration. As a bonus, the custom serialization is more efficient, as it skips non-string entries. As a drive-by, rename LookupStringExists_NoAllocate to TryStringToIndexOrLookupExisting, to make it clearer that it returns a non-string for the case when the string is an array index. As another drive-by, extract StringSet into a separate header. Bug: v8:10729 Change-Id: I9c990fb2d74d1fe222920408670974a70e969bca Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339104 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#69270}
-
Georg Neis authored
There were a few places where we would do such verification even without --verify-heap. The CL changes these to be in line with all the rest. Change-Id: Ia43708104c7d7818dc8d41d645a84f9b5e7446a8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2336796 Auto-Submit: Georg Neis <neis@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Commit-Queue: Hannes Payer <hpayer@chromium.org> Cr-Commit-Position: refs/heads/master@{#69269}
-
Omer Katz authored
This is a revival of https://chromium-review.googlesource.com/c/v8/v8/+/2228332 The CL establishes the following: *) Objects are marked before being pushed to the worklists. *) Live bytes are always accounted after tracing an object (i.e. move from Gray to Black below). *) Previously not fully constructed objects are traced immediately instead of pushed to the marking worklist. This establishes the following invariants for all marking worklists: 1) White = !object.is_marked() && !worklist.contains(object) 2) Gray = object.is_marked() && worklist.contains(object) 3) Black = object.is_marked() && !worklist.contains(object) Bug: chromium:1056170 Change-Id: I821573b3fbc057e6ffb836154271ff986ecb4d2b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2336797Reviewed-by: Anton Bikineev <bikineev@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/master@{#69268}
-
Andreas Haas authored
We used to check the size of tables at compile time, and threw a CompilationError if a given size exceeded the implementation-defined limit. However, the spec defines that an error should only be thrown when the implementation-defined limit is reached, which is either at instantiation time of during runtime at a table.grow. With this CL the V8 implementation becomes spec compliant in this regard. R=jkummerow@chromium.org Bug: v8:10556 Change-Id: I7d0e688b385a65e4060a569e5ab1dec68947ceea Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2326331 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#69267}
-
Marja Hölttä authored
Bug: v8:10239, v8:10775 Change-Id: I0189dd8a71ef82d7c863f26511790a1ca426f72d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2340906Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#69266}
-
Clemens Backes authored
Wasm recently switched from spawning a number of background tasks for compilation to just using a single job (via the pretty new {Platform::PostJob} API). This caused major regressions in several benchmarks running in d8, because the {DefaultPlatform} is only using half of the available worker threads for executing jobs with "user visible" priority. This CL changes this to use all available worker threads for "user blocking" or "user visible" jobs, and two threads for "best effort" jobs. The limit of two threads for best effort is identical to what chromium does with best effort *tasks*. For user blocking and user visible, chromium does not impose any limit, so we also remove the limitation to half of the threads from d8. Drive-by: Use {NewDefaultJobHandle} for constructing {DefaultJobHandle}. R=mlippautz@chromium.org CC=ahaas@chromium.org, gab@chromium.org, etiennep@chromium.org Bug: chromium:1113234, chromium:1101340 Change-Id: I9280e649a1cf3832c562ff7251e8bda0103af111 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339481Reviewed-by: Andreas Haas <ahaas@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Commit-Queue: Hannes Payer <hpayer@chromium.org> Auto-Submit: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#69265}
-
Tobias Tebbi authored
This is a reland of 408e7240 Change: Allow CSA load elimination accross code comments Original change's description: > [torque] typed context slot access > > This introduces a new type Slot<ContextType, SlotType> that is used > for enum values used to access context slots. > Together with new types for the various custom contexts used in > Torque, this results in fairly type-safe access to context slots, > including the NativeContext's slots. > > Drive-by changes: > - Introduce a new header file to specify headers needed for > generated CSA headers, to reduce the amount of includes specified > in implementation-visitor.cc > - Port AllocateSyntheticFunctionContext to Torque. > > Bug: v8:7793 > Change-Id: I509a128916ca408eeeb636a9bcc376b2cc868532 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2335064 > Commit-Queue: Tobias Tebbi <tebbi@chromium.org> > Reviewed-by: Seth Brenith <seth.brenith@microsoft.com> > Cr-Commit-Position: refs/heads/master@{#69249} Bug: v8:7793 Change-Id: I1fe100d8d62e8220524eddb8ecc4faa85219748d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339462Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#69264}
-
Zeynep Cankara authored
This CL sync the timeline-tracks positions upon receiving a horizontal scrolling event. Bug: v8:10644 Change-Id: I69bc1066a3f5da6ddc978ad71fe77820df8066bd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2336806 Commit-Queue: Zeynep Cankara <zcankara@google.com> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#69263}
-
Jakob Gruber authored
In the --turbo-nci-as-highest-tier testing mode, allow NCI codegen for OSR to increase coverage and simplify logic. Bug: v8:8888 Change-Id: I254939928f92bf675dbf2b78cdd5b5dce802d972 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339460 Auto-Submit: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#69262}
-
Dominik Inführ authored
This reverts commit 1742d256. Reason for revert: Longer safepoint can cause deadlocks with global handles. Original change's description: > [heap] Add safepoints in Heap GC methods > > Add safepoints to GC methods in Heap. There is still stuff in > Heap::CollectGarbage which might work better or more precise in a global > safepoint. Be conservative here and move everything into the safepoint, > eventually we can start to move code out that is fine to run outside > the safepoint. > > Bug: v8:10315 > Change-Id: I656dfd72f032eff6f386cec63a02777506650aa7 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2335192 > Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Cr-Commit-Position: refs/heads/master@{#69228} TBR=ulan@chromium.org,dinfuehr@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: v8:10315 Change-Id: Idaf575911b34674c16d46b41c2ebee9f56dbac6d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339617Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#69261}
-
Clemens Backes authored
The interpreter is not an execution tier in production any more. It's only used in tests. Thus, remove {ExecutionTier::kInterpreter} and instead add a {TestExecutionTier} that still has {kInterpreter}. If needed (in {TestingModuleBuilder::execution_tier()}), we translate back from {TestExecutionTier} to {ExecutionTier} (for {kLiftoff} and {kTurboFan} only). The {TraceMemoryOperation} method, which is shared between interpreter and production code, now receives a {base::Optional<ExecutionTier>}, and we will just pass en empty optional if called from the interpreter. R=thibaudm@chromium.org Bug: v8:10389 Change-Id: Ibe133b91e8dca6d6edbfaee5ffa0d7fe72ed6d64 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2335186Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#69260}
-
Marja Hölttä authored
RemoveNode already nullifies the next_ pointer of FutexWaitListNode, and DeleteAsyncNode was trying to retrieve it. Bug: v8:10239 Change-Id: I595885de87f433d263eeacfc825a689efd467f5e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2332812 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/master@{#69259}
-
Anna Henningsen authored
`Object::GetRealNamedPropertyAttributes()` can crash if an empty `Maybe` is returned by `JSReceiver::GetPropertyAttributes()` because it was not checking for that. Fix that. Refs: https://github.com/nodejs/node/issues/34606 Change-Id: Ic83f904ba7134786bcd8f786eb2ce98adb4fea1e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2335057 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#69258}
-
Marja Hölttä authored
Bug: v8:10239, v8:10775 Change-Id: Ic12f9da7f8bb10f83c9e3c00f39a26412e058943 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2340904Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#69257}
-
Jakob Gruber authored
This reverts commit 408e7240. Reason for revert: debug builds fail is_component_build = true is_debug = true use_goma = true v8_enable_backtrace = true v8_enable_debugging_features = true v8_enable_fast_mksnapshot = true v8_enable_slow_dchecks = true v8_enable_snapshot_code_comments = true v8_enable_verify_csa = true v8_optimized_debug = false v8_use_multi_snapshots = false # Fatal error in ../../src/compiler/backend/instruction-selector.cc, line 3088 # Expected Turbofan static assert to hold, but got non-true input: static_assert(nativeContext == LoadNativeContext(context)) at src/builtins/promise-resolve.tq:45:5 Original change's description: > [torque] typed context slot access > > This introduces a new type Slot<ContextType, SlotType> that is used > for enum values used to access context slots. > Together with new types for the various custom contexts used in > Torque, this results in fairly type-safe access to context slots, > including the NativeContext's slots. > > Drive-by changes: > - Introduce a new header file to specify headers needed for > generated CSA headers, to reduce the amount of includes specified > in implementation-visitor.cc > - Port AllocateSyntheticFunctionContext to Torque. > > Bug: v8:7793 > Change-Id: I509a128916ca408eeeb636a9bcc376b2cc868532 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2335064 > Commit-Queue: Tobias Tebbi <tebbi@chromium.org> > Reviewed-by: Seth Brenith <seth.brenith@microsoft.com> > Cr-Commit-Position: refs/heads/master@{#69249} TBR=tebbi@chromium.org,seth.brenith@microsoft.com Change-Id: I90c014022a808449aca4a9b9b3c3b8e036beb28e No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:7793 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2340903Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#69256}
-
Michael Achenbach authored
This reverts commit 3927c9c4. Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20NumFuzz%20-%20debug/10732 Original change's description: > Override _runner_flags for num_fuzzer.py > > This CL ensures that we add the > '--fuzzing' flag to the num_fuzzer script. > Please note that NumFuzzer does not inherit the > StandardTestRunner class but it inherits > BaseTestRunner so we had to override _runner_flags. > > Bug: v8:10755 > Change-Id: Ifb779ba402106b8f2ce4d0e13090ef2db468a6ae > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2335185 > Commit-Queue: Almothana Athamneh <almuthanna@chromium.org> > Reviewed-by: Michael Achenbach <machenbach@chromium.org> > Reviewed-by: Liviu Rau <liviurau@chromium.org> > Cr-Commit-Position: refs/heads/master@{#69241} TBR=machenbach@chromium.org,liviurau@chromium.org,almuthanna@chromium.org Change-Id: Ie39fb87a0e53c5cbbc276f8efb6e4a89ce44bb74 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:10755 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2340902Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#69255}
-