- 09 Sep, 2022 3 commits
-
-
Victor Gomes authored
Bug: v8:12445 Change-Id: Iec07b49986a6ceff3842b55af24d375149930a91 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885877 Auto-Submit: Victor Gomes <victorgomes@chromium.org> Reviewed-by:
Almothana Athamneh <almuthanna@chromium.org> Commit-Queue: Almothana Athamneh <almuthanna@chromium.org> Cr-Commit-Position: refs/heads/main@{#83099}
-
Frank Tang authored
Bug: v8:11544 Change-Id: I23435db7f625ee35f560fd84ee98d481081fb5ff Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3868513 Commit-Queue: Frank Tang <ftang@chromium.org> Reviewed-by:
Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/main@{#83092}
-
jiepan authored
Bug: v8:12716 Change-Id: I0a1e807f7b0c64afa7d259361c47314e9c9e30db Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3867140Reviewed-by:
Thibaud Michaud <thibaudm@chromium.org> Commit-Queue: Jie Pan <jie.pan@intel.com> Reviewed-by:
Deepti Gandluri <gdeepti@chromium.org> Cr-Commit-Position: refs/heads/main@{#83091}
-
- 08 Sep, 2022 17 commits
-
-
Frank Tang authored
This is a reland of commit a165e82e The reason of revert is SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../../src/objects/js-temporal-objects.cc:3837:22 which is the line "nanoseconds_mv = std::round((seconds_mv - std::floor(seconds_mv)) * 1e9);" where seconds_mv is a double and nanoseconds_mv is a int32_t In this reland, we change the type of nanoseconds_mv to double to avoid the ubsan error. Original change's description: > [Temporal] Use double/int32_t instead of int64_t for duration parsing > > Use double and int32_t instead of int64_t in duration parsing result > so we can parse very large duration fields as infinity and throw RangeError in later stages. The three fractional parts can hold up value from 0 to 999,999,999 so we use int32_t to hold it. Other part could be infinity so we use double to hold it. Also rearrange the order of the three int32_t in the struct ParsedISO8601Duration after all the double > > Bug: v8:11544 > Change-Id: I7e5b02f7c7bbb60997f1419f016aed61dd3e0d6c > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3840761 > Reviewed-by: Shu-yu Guo <syg@chromium.org> > Commit-Queue: Frank Tang <ftang@chromium.org> > Cr-Commit-Position: refs/heads/main@{#82754} Bug: v8:11544 Change-Id: If8b72cb4912d8b4fc4c286fc856ea59df5cf0bb7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3858576Reviewed-by:
Adam Klein <adamk@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/main@{#83090}
-
Samuel Groß authored
When the sandbox is disabled, object layouts are now different as ExternalPointerSlots are then 64-bit (raw pointers) instead of 32-bit (ExternalPointerHandles). Bug: v8:10391 Change-Id: Ia03d1ae9300fad96e40b77f0ed9544a1a118b74a Cq-Include-Trybots: luci.v8.try.triggered:v8_linux64_no_sandbox_dbg_ng_triggered Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3884075Reviewed-by:
Igor Sheludko <ishell@chromium.org> Auto-Submit: Samuel Groß <saelo@chromium.org> Reviewed-by:
Michael Achenbach <machenbach@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Cr-Commit-Position: refs/heads/main@{#83089}
-
Frank Tang authored
Change AddInstant to use BigInt::FromNumber(isolate, factory->NewNumber instead of BigInt::FromInt64 to convert from double to BigInt. Sync AddZonedDateTime with https://github.com/tc39/proposal-temporal/pull/2303 which call AddInstant as ? instead of ! marking. Spec Text: https://tc39.es/proposal-temporal/#sec-temporal-addinstant https://tc39.es/proposal-temporal/#sec-temporal-addzoneddatetime PR: https://github.com/tc39/proposal-temporal/pull/2303 Bug: v8:11544 Change-Id: I4bd176294780f761341c25a5f71643b437f99c82 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3859165 Commit-Queue: Frank Tang <ftang@chromium.org> Reviewed-by:
-
Samuel Groß authored
Now that all external pointers have been sandboxed, V8_SANDBOXED_EXTERNAL_POINTERS is no longer needed. This change also shrinks external pointer slots to 32 bits when the sandbox is enabled. Bug: v8:10391 Change-Id: Iccbef27ac107b988cb23fe9ef66da6fe0bae087a Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3869269Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Manos Koukoutos <manoskouk@chromium.org> Reviewed-by:
Nico Hartmann <nicohartmann@chromium.org> Reviewed-by:
-
Omer Katz authored
Inlining of bar into foo required taking allocation in foo into account as well (crrev.com/c/1021734), but this makes the test vulnerable to gc timing changes since other allocations are also inlined into foo and may die at arbitrary times (as observed when enabling MinorMC). Fix by preventing inlining of bar into foo. Bug: v8:12612 Change-Id: I2d8848d4002334d329c4b2cc8f18bff1296f5cc1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3882970Reviewed-by:
Dominik Inführ <dinfuehr@chromium.org> Auto-Submit: Omer Katz <omerkatz@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/main@{#83080}
-
Leszek Swirski authored
Change the constructor and instance registers into a single constructor_then_instance register, and add some register allocation scopes to reduce temporary register use. This also allows us to change FindNonDefaultConstructor to only need one output for both constructor and instance. Also make BuildCreateArrayLiteral a bit more friendly to the interpreter register allocation., Bug: v8:13091 Change-Id: I0b6015b0bc6810bb4607157d715b7e536efb89f3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3876386Reviewed-by:
Marja Hölttä <marja@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#83077}
-
Marja Hölttä authored
I.e., implement a baseline handler for the FindNonDefaultConstructor bytecode. Bug: v8:13091 Change-Id: If1b119ae0479e54d2a89143bf8f40faeadb1abaf Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3871206Reviewed-by:
-
Camillo authored
Skip over DCHECK in fuzzing that is always checked later by getting the value from a Maybe object. Bug: chromium:1359230, chromium:1360735 Change-Id: I9512e27fdeb1d6919e24bd631ae2caece7aed466 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3874934 Commit-Queue: Camillo Bruni <cbruni@chromium.org> Reviewed-by:
Samuel Groß <saelo@chromium.org> Cr-Commit-Position: refs/heads/main@{#83075}
-
Ilya Rezvov authored
This is a reland of commit 0a1a579a The original CL has a bag in assigning no_reg to scoped Register variable. To fix it Scoped guard was added for automated release of scoped registers. Original change's description: > Port JS-Wasm Promise Integration for arm64 > > > Port Generic JS-Wasm Wrapper for arm64 > > Change-Id: I256e6511d47af9ab04c577beb6b829dfee34a6ed > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3841074 > Commit-Queue: Ilya Rezvov <irezvov@chromium.org> > Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> > Cr-Commit-Position: refs/heads/main@{#83038} Change-Id: I7b8b355f5689e51529223f1156e74e980c3b50ea Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879492Reviewed-by:
-
Thibaud Michaud authored
Add the missing KB multiplier. Also add a flag to set the fixed stack size. R=clemensb@chromium.org Bug: v8:12191 Change-Id: I9782192d2eef1986286f726a05444a4bec49fc66 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3875902Reviewed-by:
Clemens Backes <clemensb@chromium.org> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/main@{#83065}
-
Leon Bettscheider authored
ShouldFinalize should only be called if major incremental marking is active, and can crash if minor incremental marking is active, if MajorMC's local_marking_worklists_ was reset. The only caller is IsMarkingComplete. This CL changes the IsMarking check to IsMajorMarking to solve this issue, and renames IsMarkingComplete to IsMajorMarkingComplete. Bug: v8:13012 Change-Id: Iba6bd5b7977ec8566c3ab0f047646d8cafd45038 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879485 Commit-Queue: Leon Bettscheider <bettscheider@google.com> Reviewed-by:
Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/main@{#83064}
-
Omer Katz authored
Fix broken DCHECK: When using MinorMC, new space is a paged space and only uses the TO_PAGE page flag. New large object space however still uses both TO_PAGE and FROM_PAGE page flags. With MinorMC it still possible to find reference to FROM_PAGEs, but those pages have to be large pages. Fix broken test: MinorMC may only free empty pages when shrinking. Therefore, shrink may actually not change the space capacity at all (e.g. when all pages have live objects on them). More specifically, the capacity is not guaranteed to be half the previous capacity. Bug: v8:12612 Change-Id: Ib0edcafd758828f821f82bc8c796c205f162809c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879493Reviewed-by:
-
Matthias Liedtke authored
assertEquals() compares objects by comparing each property for both objects. This was done by using Object.keys() which however only returns enumerable properties. With this change also non-enumerable properties are compared. Still, the comparison doesn't require the properties to be equal. So, if one property is marked enumerable in one object but not the other, the objects would still be considered equal. This could be adapted in a follow-up CL if desired. The prototype is still ignored for the comparison. Change-Id: I1bb9df055bfb764ac1c02d971ac6f4a50f4a98e8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3876384 Commit-Queue: Matthias Liedtke <mliedtke@chromium.org> Reviewed-by:
-
Jakob Linke authored
This is a reland of commit 24e60017 The reland changes %ClearFunctionFeedback to clear *all* feedback slot kinds including binary/compare/for-in slots. In the tests we thus no longer have to resort to tricks to restore the function to it's initial state, instead simply call %ClearFunctionFeedback. Original change's description: > [maglev] Deopt on overflow in >>> > > Re-enable the int32 fast path for ShiftRightLogical, but account for > Maglev's missing signed/unsigned representation tracking by a) > removing rhs==0 as the identity value (a shift by 0 is still a > signed-unsigned conversion) and b) deoptimizing if the result cannot > be converted to a non-negative smi. > > Note this is not a deopt loop, since a non-smi result will change the > feedback to kSignedSmallInputs (from kSignedSmall). > > To fix this properly, we should track signed/unsigned representations > and convert the result to a heap number if it doesn't fit within smi > range. > > Bug: v8:7700 > Change-Id: Ifd538d227a6f1290eb7f008d9bfad586ff91ea0f > Fixed: v8:13251 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3876366 > Reviewed-by: Leszek Swirski <leszeks@chromium.org> > Commit-Queue: Jakob Linke <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/main@{#83025} Bug: v8:7700 Change-Id: I2f607a0fb863b80e8589c9c1e86ee31fbac48c25 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879491 Auto-Submit: Jakob Linke <jgruber@chromium.org> Commit-Queue: Jakob Linke <jgruber@chromium.org> Reviewed-by:
-
Feng Yu authored
Bug: None Change-Id: I8cf2e4b651c0ccb784a5d668656cbfcd573b271d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3878450Reviewed-by:
-
Frank Tang authored
The days is passing incorrectly between calls. Spec text: https://tc39.es/proposal-temporal/#sec-temporal-differencetemporalplaindatetime Bug: v8:11544 Change-Id: If818d0f42bdd3260e68eef2c6aba1c3781632c93 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3857869 Commit-Queue: Frank Tang <ftang@chromium.org> Reviewed-by:
-
Frank Tang authored
Access the correct years, months and weeks which modified previously instead of the value from the input. Spec text: https://tc39.es/proposal-temporal/#sec-temporal-roundduration Bug: v8:11544 Change-Id: I2ffaca5545e2359bc1cc03320068424bba4c7907 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3860649Reviewed-by:
-
- 07 Sep, 2022 12 commits
-
-
Shu-yu Guo authored
This CL fixes redesigns the current API, which does not correctly manage lifetimes of the shared object conveyors. See design doc at https://docs.google.com/document/d/1TV6agY9dafVJFvdPrUAGbEvos8wL2WDnsmf84n3OJVU/edit?usp=sharing This CL also removes the incorrect behavior of serializing all shared strings by sharing instead of copying. Shared strings may be sent to another process, which should still work. Bug: v8:12547 Change-Id: I7413abd2d871fd3d52c9b433445cfa1d03e4a732 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3868713 Commit-Queue: Shu-yu Guo <syg@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#83044}
-
Michael Achenbach authored
This reverts commit 0a1a579a. Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Clusterfuzz%20Linux64%20ASAN%20arm64%20-%20debug%20builder/30617/overview Original change's description: > Port JS-Wasm Promise Integration for arm64 > > > Port Generic JS-Wasm Wrapper for arm64 > > Change-Id: I256e6511d47af9ab04c577beb6b829dfee34a6ed > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3841074 > Commit-Queue: Ilya Rezvov <irezvov@chromium.org> > Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> > Cr-Commit-Position: refs/heads/main@{#83038} Change-Id: I83b6c3596561b56d3df34ac2177aa334780dbf87 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879482 Auto-Submit: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#83041}
-
Ilya Rezvov authored
Port Generic JS-Wasm Wrapper for arm64 Change-Id: I256e6511d47af9ab04c577beb6b829dfee34a6ed Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3841074 Commit-Queue: Ilya Rezvov <irezvov@chromium.org> Reviewed-by:
-
Liu Yu authored
Port commit 8e069d62 Change-Id: Ifc21ac1bb2d2b93af07ed7b548204b634f1708b9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3875382Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Auto-Submit: Liu Yu <liuyu@loongson.cn> Cr-Commit-Position: refs/heads/main@{#83032}
-
Manos Koukoutos authored
- Remove the {ValueRepr} parameter from Wasm table and global object internals. It is now the responsibility of the user to transform to/from a JS object. This removes duplicate work in some cases (type checking in the caller, transforming in the callee). - For the reverse direction in the JS API, introduce {WasmObjectToJSReturnValue}. Bug: v8:7748 Change-Id: Ie7625cc0f08d38fe74dbe57e69004de2d93b8a11 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3876184Reviewed-by:Simon Zünd <szuend@chromium.org> Reviewed-by:
Matthias Liedtke <mliedtke@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/main@{#83031}
-
Matthias Liedtke authored
This reverts commit 24e60017. Reason for revert: Change breaks maglev GC stress tests. Original change's description: > [maglev] Deopt on overflow in >>> > > Re-enable the int32 fast path for ShiftRightLogical, but account for > Maglev's missing signed/unsigned representation tracking by a) > removing rhs==0 as the identity value (a shift by 0 is still a > signed-unsigned conversion) and b) deoptimizing if the result cannot > be converted to a non-negative smi. > > Note this is not a deopt loop, since a non-smi result will change the > feedback to kSignedSmallInputs (from kSignedSmall). > > To fix this properly, we should track signed/unsigned representations > and convert the result to a heap number if it doesn't fit within smi > range. > > Bug: v8:7700 > Change-Id: Ifd538d227a6f1290eb7f008d9bfad586ff91ea0f > Fixed: v8:13251 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3876366 > Reviewed-by: Leszek Swirski <leszeks@chromium.org> > Commit-Queue: Jakob Linke <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/main@{#83025} Bug: v8:7700 Change-Id: Ibd4c29cc57b999e1cfcd040cee3228ea27a74029 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3876374 Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Owners-Override: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Matthias Liedtke <mliedtke@chromium.org> Cr-Commit-Position: refs/heads/main@{#83029}
-
Jakob Linke authored
Re-enable the int32 fast path for ShiftRightLogical, but account for Maglev's missing signed/unsigned representation tracking by a) removing rhs==0 as the identity value (a shift by 0 is still a signed-unsigned conversion) and b) deoptimizing if the result cannot be converted to a non-negative smi. Note this is not a deopt loop, since a non-smi result will change the feedback to kSignedSmallInputs (from kSignedSmall). To fix this properly, we should track signed/unsigned representations and convert the result to a heap number if it doesn't fit within smi range. Bug: v8:7700 Change-Id: Ifd538d227a6f1290eb7f008d9bfad586ff91ea0f Fixed: v8:13251 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3876366Reviewed-by:
-
Marja Hölttä authored
Some assertEquals:s should've been assertSame. Drive-by: Coding style fixes Drive-by: Fix the parameter order of assertEquals, it should be (expected, found). Bug: v8:11525 Change-Id: I4e6db32329cbbe455853d19c20abe9d251263505 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3877148 Auto-Submit: Marja Hölttä <marja@chromium.org> Reviewed-by:
-
Camillo authored
Re-implement the --log-function-events functionality after refactoring the tiering state bits on the FeedbackVector. The new version also tries to log first-execution of non-interpreter code and will handle OSR events. Not-yet supported: - First-execution logging when OSR-ing in Sparkplug or Maglev Bug: v8:13146 Change-Id: I2059c6d8105091f20586eaf157ef19d5e65295aa Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3832375Reviewed-by:
Jakob Linke <jgruber@chromium.org> Cr-Commit-Position: refs/heads/main@{#83019}
-
Patrick Thier authored
This is a reland of commit d00c0405 Changes since revert: Use AsAtomicTagged instead of base::AsAtomicPointer to store a hash value in the forwarding table. Original change's description: > [strings] Support shared external strings> > > With this CL shared strings can be externalized and external strings can > be shared. > The StringForwardingTable is used to delay the real transition to the > next full GC. On the API side strings marked for externalization will > look like externalized strings. > > Bug: v8:12957 > Change-Id: I53b6509129bc5679c06bdf99421bdb41ea5d9082 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3849643 > Reviewed-by: Shu-yu Guo <syg@chromium.org> > Reviewed-by: Camillo Bruni <cbruni@chromium.org> > Commit-Queue: Patrick Thier <pthier@chromium.org> > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> > Reviewed-by: Victor Gomes <victorgomes@chromium.org> > Cr-Commit-Position: refs/heads/main@{#82966} Bug: v8:12957 Change-Id: I17715e927e4339240a6aa12a3c4a3c2ea50eb567 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3871211 Commit-Queue: Patrick Thier <pthier@chromium.org> Reviewed-by:
Camillo Bruni <cbruni@chromium.org> Reviewed-by:
Victor Gomes <victorgomes@chromium.org> Reviewed-by:
-
Marja Hölttä authored
Bug: v8:11111,chromium:1359991 Fixed: chromium:1359991 Change-Id: Ie150040d2831559eebb646772d9b2c494aadda98 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3874930Reviewed-by:
-
Philip Chimento authored
This test somehow ended up inside an assertThrows arrow function, after the expression that was supposed to throw -- so it never got executed (and the expectation was slightly off.) This moves the test outside the arrow function so it gets executed, and fixes the expectation. Justification for changing the expectation: rab is [0, 1, 2, 3, ... 9], and length_tracking_ta_with_offset2 has an offset of 2, so it is [2, 3, ...]. During the loop, after 2 iterations which have produced [2, 3], we resize the buffer so the array has length 0. Therefore, the iteration ends after producing [2, 3], not [3, 4]. Change-Id: Iec6024fb955102841b45f033de3fed80b7d2af34 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3878244Reviewed-by:
-
- 06 Sep, 2022 4 commits
-
-
Shu-yu Guo authored
ValueDeserializer should be lenient and not assume correct usage when deserializing shared objects. This CL makes ValueDeserializer throw if a shared object conveyor id or shared object id are not found. Bug: v8:12547, chromium:1359227 Change-Id: I429a37dfadd95e42edca5d4870eb5188cb013bc7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3872549Reviewed-by:
-
Patrick Thier authored
- Add v-flag and corresponding prototype getters. - Update RegExp builtins fuzzer to handle two-byte flags. - Update test262 status. Bug: v8:11935 Change-Id: If649ebfacf1f933f3ae5c770c2240470a8b460ee Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3868952Reviewed-by:
-
Clemens Backes authored
Avoid the deprecated FLAG_* syntax, access flag values via the {v8_flags} struct instead. R=ishell@chromium.org Bug: v8:12887 Change-Id: I457fd781f13c37ffdaa19e29c8f998ee3eaa55a5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3875085Reviewed-by: -
Manos Koukoutos authored
- i31s should not be packed in {WasmWrapperGraphBuilder::ToJS}. - anyref should be able to hold any JS value (except null if non nullable). - Restructure TypeCheckJSObject. Bug: v8:7748 Change-Id: I51ab6b84e89a70e565ce56de7a41f8693aa28e5b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3871073Reviewed-by:
-
- 05 Sep, 2022 4 commits
-
-
Feng Yu authored
Bug: v8:12781 Change-Id: Ib2d7fe959f06cb750ccf419796002efb7e569623 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865062Reviewed-by:
-
Clemens Backes authored
This adds two flags to dump "type feedback" (call targets and frequencies) to a local file, or load it from there. This is meant for experimentation only. Some implications are removed, as (speculative) inlining now does not require Liftoff any more, but can also use information from PGO. R=jkummerow@chromium.org Bug: v8:13209 Change-Id: I2d34233ce4077db61f5c237b1941136ac61d3b73 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3870470Reviewed-by:
-
Michael Lippautz authored
The test broke in https://crrev.com/c/3865148 Bug: chromium:1352649 Change-Id: I9857fd359d73a4c1f7d202feba27a3dcf56e23c6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3872275 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
-
Nikolaos Papaspyrou authored
The stack of an isolate's main thread is kept in the isolate's heap. This CL sets the stack's start address when the isolate's heap is set up; it can also be set explicitly from the embedder. The CL also fixes threaded cctests, where an isolate is shared by many "main" threads. Bug: v8:13257 Change-Id: Ie30bbbe4130882d94f23de946cbada748f32e22d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3870923Reviewed-by:
-
