- 26 Jul, 2021 15 commits
-
-
Leszek Swirski authored
This is a reland of 85e6c4b6 GC-stress issue was flushing, fixed with https://crrev.com/c/3048172. Relanding without changes. TBR=verwaest@chromium.org Original change's description: > [sparkplug] Enable sparkplug by default on desktop > > Bug: v8:11420 > Change-Id: I07ac7f30b5ffffe40170ac15d5df0d3bf8a53523 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3041418 > Auto-Submit: Leszek Swirski <leszeks@chromium.org> > Commit-Queue: Leszek Swirski <leszeks@chromium.org> > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Cr-Commit-Position: refs/heads/master@{#75868} Bug: v8:11420 Change-Id: I44ac0e4a5df07db79fa50db3134cdae3af41c88c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3053588 Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#75916}
-
Marja Hölttä authored
(No new tests since this is covered by existing tests.) Bug: v8:11111 Change-Id: I274c54faec24d414e7c99199b32a1a3b88d63aa2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3053587Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#75915}
-
Marja Hölttä authored
Bug: v8:11111 Change-Id: I7ff82d1699701dfa38af1da447f0b40a2a2c97b5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3053586Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#75914}
-
Mythri A authored
In inlined-call-polymorphic we need value numbering phase to deduce that TurbofanStaticAssert is always true. Turboprop doesn't enable this phase. So use %OptimizeFunctionTopTier so this function always tiers up to TurboFan. Bug: v8:12013 Change-Id: I803bddaca8cb0ba0ad56cbd9874d90b118698e3f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3053579 Commit-Queue: Mythri Alle <mythria@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#75913}
-
Thibaud Michaud authored
The WebAssembly.Exception constructor creates a WasmExceptionPackage, which represents an exception thrown from wasm. The first argument is a WebAssembly.Tag, and the rest are the values to encode in the exception. R=jkummerow@chromium.org Bug: v8:11992 Change-Id: I1327b2e4545159397ffe73a061aa577608167b74 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3049074Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/master@{#75912}
-
Georg Neis authored
Bug: v8:7790 Change-Id: I066e24482b94d7747c5bdc46a43db98e6bddf097 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3035094 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#75911}
-
Georg Neis authored
Bug: v8:7790 Change-Id: I7633711033c66964549cdf03255ac667569e3aee Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3035092 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#75910}
-
Georg Neis authored
R=jgruber@chromium.org Bug: v8:12010 Change-Id: Idb64bd673dd28dd3ef9103efea902413b4de7f67 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3051611Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#75909}
-
Andreas Haas authored
Chrome started to enable dcheck by default in release builds that are not official builds. Add 'dcheck_always_on = false' to release builds in V8 to allow reasonable performance measurements. NOTRY=true R=jkummerow@chromium.org Bug: v8:11879 Change-Id: I05f192fdcd5ebe5b1a82eb6f2d1648eaf6d4b527 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3048186Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#75908}
-
Jakob Gruber authored
FindFrameStateBefore can return a FrameState or Dead. Bug: chromium:1232668 Change-Id: I2a21a1cd4dce9053250c1940177834ce6d2cb55b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3053582 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Auto-Submit: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#75907}
-
Jakob Gruber authored
The stability dependency should be taken on the primitive wrapper map, not the primitive map (which is guaranteed to remain stable). Note that the primitive wrapper map itself *also* stays stable; but changing the position of the call here avoids having to think deeply about this at all in the future. Bug: v8:7790 Change-Id: I9b79b9df0d8d49f0c6249c6cd906142bda1ff5cd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3053578Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Auto-Submit: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#75906}
-
Jakob Gruber authored
The implicit ToObject operation should only be done on the receiver. The remaining prototype chain is already guaranteed to not contain primitives (besides null). Bug: v8:7790 Change-Id: I6706c7648e201e8f99a1f27f98989db96a359c4e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3041672Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#75905}
-
Victor Gomes authored
No-Try: true Change-Id: I4cfc54bb6934d7a1b93479b399ed94d9d2007bda Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3053571 Auto-Submit: Victor Gomes <victorgomes@chromium.org> Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#75904}
-
Mythri A authored
With baseline code flushing we also need to hold baseline data in IsCompiledScope. IsCompiledScope is used in places where we don't want bytecode / baseline code to be flushed. Change-Id: I692cdc5fc433dedeabcfc412d9f96d76148ddbe3 BUG: v8:12009 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3048172 Commit-Queue: Mythri Alle <mythria@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#75903}
-
Michael Achenbach authored
No-Try: true Bug: v8:12020 Change-Id: I1b6659c7017b2843a513d81331e6ac67666ef04d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3053572 Auto-Submit: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Lutz Vahl <vahl@chromium.org> Reviewed-by: Lutz Vahl <vahl@chromium.org> Cr-Commit-Position: refs/heads/master@{#75902}
-
- 24 Jul, 2021 1 commit
-
-
Clemens Backes authored
This is a reland of b99fe75c. The test is now skipped on non-SIMD hardware. Original change's description: > [liftoff][arm64] Zero-extend offsets also for SIMD > > This extends https://crrev.com/c/2917612 also for SIMD, which > (sometimes) uses the special {GetMemOpWithImmOffsetZero} method. > As part of this CL, that method is renamed to {GetEffectiveAddress} > which IMO is a better name. Also, it just returns a register to make the > semantic of that function obvious in the signature. > > Drive-by: When sign extending to 32 bit, only write to the W portion of > the register. This is a bit cleaner, and I first thought that > this would be the bug. > > R=jkummerow@chromium.org > CC=thibaudm@chromium.org > > Bug: chromium:1231950, v8:12018 > Change-Id: Ifaefe1f18e3a00534a30c99e3c37ed09d9508f6e > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3049073 > Reviewed-by: Zhi An Ng <zhin@chromium.org> > Commit-Queue: Clemens Backes <clemensb@chromium.org> > Cr-Commit-Position: refs/heads/master@{#75898} TBR=zhin@chromium.org CC=jkummerow@chromium.org, thibaudm@chromium.org Bug: chromium:1231950, v8:12018 Change-Id: I662b62fafe99389be7a6c23b970fdf3768f866cf Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3051610Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#75901}
-
- 23 Jul, 2021 24 commits
-
-
Michael Achenbach authored
This reverts commit b99fe75c. Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux/43105 Original change's description: > [liftoff][arm64] Zero-extend offsets also for SIMD > > This extends https://crrev.com/c/2917612 also for SIMD, which > (sometimes) uses the special {GetMemOpWithImmOffsetZero} method. > As part of this CL, that method is renamed to {GetEffectiveAddress} > which IMO is a better name. Also, it just returns a register to make the > semantic of that function obvious in the signature. > > Drive-by: When sign extending to 32 bit, only write to the W portion of > the register. This is a bit cleaner, and I first thought that > this would be the bug. > > R=jkummerow@chromium.org > CC=thibaudm@chromium.org > > Bug: chromium:1231950, v8:12018 > Change-Id: Ifaefe1f18e3a00534a30c99e3c37ed09d9508f6e > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3049073 > Reviewed-by: Zhi An Ng <zhin@chromium.org> > Commit-Queue: Clemens Backes <clemensb@chromium.org> > Cr-Commit-Position: refs/heads/master@{#75898} Bug: chromium:1231950, v8:12018 Change-Id: I4e7a9d6fa6809b7c4d9be919cd5698737d784849 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3049085 Auto-Submit: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#75900}
-
Junliang Yan authored
Change-Id: I8d3b2e1bc5d3e5f437bc8f1bc50299459fbc7ad9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3049084Reviewed-by: Milad Fa <mfarazma@redhat.com> Commit-Queue: Junliang Yan <junyan@redhat.com> Cr-Commit-Position: refs/heads/master@{#75899}
-
Clemens Backes authored
This extends https://crrev.com/c/2917612 also for SIMD, which (sometimes) uses the special {GetMemOpWithImmOffsetZero} method. As part of this CL, that method is renamed to {GetEffectiveAddress} which IMO is a better name. Also, it just returns a register to make the semantic of that function obvious in the signature. Drive-by: When sign extending to 32 bit, only write to the W portion of the register. This is a bit cleaner, and I first thought that this would be the bug. R=jkummerow@chromium.org CC=thibaudm@chromium.org Bug: chromium:1231950, v8:12018 Change-Id: Ifaefe1f18e3a00534a30c99e3c37ed09d9508f6e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3049073Reviewed-by: Zhi An Ng <zhin@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#75898}
-
Clemens Backes authored
Handle large frames by doing an explicit check to see if there is enough remaining stack space before the stack limit. The bailout which can be removed then is being triggered on more than 1 percent of all functions, so this is expected to improve compile time by several percent, because we avoid the costly TurboFan compilation for those >1%. R=ahaas@chromium.org Bug: v8:11235 Change-Id: I935998f7676647572598b52c989f7d41cc5239a8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3046180 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#75897}
-
Michael Achenbach authored
No-Try: true Bug: v8:11587 Change-Id: Ie7daf2f8c6ed91daa1af5e984b7a8ff500d2d156 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3038532 Auto-Submit: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#75896}
-
Michael Achenbach authored
No-Try: true Bug: chromium:1231890 Change-Id: I01ad587070b9318cdf6d5ea1032adfefb30e42c9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3048189Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#75895}
-
Michael Lippautz authored
This is a reland of 1f0b0ed0 No actual code has changed in the relands. The change was reverted due to triggering flaky failures in WebMediaPlayerImplTest which was not set up properly. The test setup has been fixed in https://crrev.com/c/3025796. Original change's description: > Reland "heap: Fix initial GC configuration for C++-only heaps" > > This is a reland of 7ef67b2e > > Manually checked that the CL was not the culprit breaking > media_blink_unittests --gtest_filter=WebMediaPlayerImplTest.MemDumpReporting > > Original change's description: > > heap: Fix initial GC configuration for C++-only heaps > > > > Heaps in V8 start with a large limit that is shrunk upon young > > generation GCs, based on some liveness estimate. This provides best > > throughput during startup while at the same time finding a reasonable > > first limit. > > > > For C++ (embedder memory) there is no estimate which is why it was > > piggy-backing on V8. This breaks in scenarios where no JS memory is > > allocated. > > > > In this fix we start a memory reducer after embedder memory has hit > > the activation threshold if no GC happened so far. As soon as a single > > Scavenger has happened, we leave it up to the JS estimate to figure > > out a limit. Memory reducing GCs will then find a regular limit based > > on the initial live size. > > > > Drive-by: Give embedders the same activiation threshold of 8MB as JS. > > > > Bug: chromium:1217076 > > Change-Id: I8469696002ac2af8d75d6b47def062d2608387a1 > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2944935 > > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> > > Commit-Queue: Michael Lippautz <mlippautz@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#75012} > > Bug: chromium:1217076 > Change-Id: I482d8525379e33095834d5b41be8bb49bdd8a5d4 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2949094 > Commit-Queue: Michael Lippautz <mlippautz@chromium.org> > Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> > Auto-Submit: Michael Lippautz <mlippautz@chromium.org> > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> > Cr-Commit-Position: refs/heads/master@{#75048} Bug: chromium:1217076 Change-Id: If920d6b2c54a0c9d67e55e276421e4694eb1414e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2960218Reviewed-by: Hannes Payer <hpayer@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#75894}
-
Vicky Kontoura authored
This CL adds support for classes with methods. More specifically: - A new ValueSerializer is added and classes are serialized separetely from functions, although the common parts are handled in the same way and abstracted away. - The function prototype is serialized as an object and any missing information is set up again during deserialization. - FunctionFlagsToFunctionKinds() is updated to allow for more function kinds. - Context serialization is updated to support serializing BlockContexts and creating ScopeInfos of type CLASS_SCOPE. - Map serialization is updated to support properties with custom attributes. Bug: v8:11525, v8:11706 Change-Id: I16ca7cbc17b1811721081cda05124ce36073f9be Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3006416 Commit-Queue: Vicky Kontoura <vkont@google.com> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#75893}
-
Junliang Yan authored
Change-Id: Ibc2756484717804f67658156b750d9bbd18266fb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3049352Reviewed-by: Milad Fa <mfarazma@redhat.com> Commit-Queue: Junliang Yan <junyan@redhat.com> Cr-Commit-Position: refs/heads/master@{#75892}
-
Leszek Swirski authored
Change the folded interrupt check to be on JumpLoop only, to avoid calling it from Return. The call from Return could cause spurious stack overflows, which interacted poorly with async functions that had already resolved their promise. Now the bytecode budget interrupt function is split into two functions, one which does the stack check and one which doesn't. The former is still called from JumpLoop, the latter is called from Return. Bug: chromium:1231952, chromium:1232105 Change-Id: I8c4e2937f64b5f8fdbd6c1fcb2a76ec5f090ae3c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3049076Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#75891}
-
Milad Fa authored
Starting with Simd Add ops which are ported to liftoff. Change-Id: I2128303accf9bc47812560f5aa38b5ccfc2e3e78 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3049070Reviewed-by: Junliang Yan <junyan@redhat.com> Commit-Queue: Milad Fa <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/master@{#75890}
-
Michael Achenbach authored
Bug: chromium:1231890 Change-Id: I5db7576542265eadb92ff8cf6cf89870719bba18 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3048180 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Liviu Rau <liviurau@chromium.org> Auto-Submit: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Liviu Rau <liviurau@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/master@{#75889}
-
Junliang Yan authored
Change-Id: I04a950d196070ce8661e95b3e2b00802a5000870 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3042044Reviewed-by: Milad Fa <mfarazma@redhat.com> Commit-Queue: Junliang Yan <junyan@redhat.com> Cr-Commit-Position: refs/heads/master@{#75888}
-
Maya Lekova authored
Bug: chromium:1052746 Change-Id: I169c4f7d9f17644ac12c234f8bde72c77e940128 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3048187 Commit-Queue: Maya Lekova <mslekova@chromium.org> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> Auto-Submit: Maya Lekova <mslekova@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/master@{#75887}
-
Paolo Severini authored
Enabling --turbo-optimize-apply breaks tests because we are passing the wrong receiver; in JSCallReducer::ReduceCallOrConstructWithArrayLikeOrSpread we create a Call node with the wrong ConvertReceiverMode, we pass kNullOrUndefined while it should be kAny. This may break calls to API or in general calls to functions that use the receiver. Bug: chromium:1231108, v8:9974 Change-Id: Ib35a1bf8746ad254b6d63274f3ae11b12aa83de8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3043690 Commit-Queue: Paolo Severini <paolosev@microsoft.com> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#75886}
-
Benedikt Meurer authored
The AsyncStackTrace had some magical self-healing where it'd try to not stitch together async stack traces when the instrumentation seemed to be broken. This silent self-healing however seems to be broken itself, and instead of papering over the problem we should fix instrumentation bugs when they are observed. Fixed: chromium:1231064 Change-Id: I2bcc85679abdbe6f4df4866cb951c5f6cefb4f67 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3048181 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Auto-Submit: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#75885}
-
Milad Fa authored
Change-Id: Ic4cb7a6c626426ec40b26adcf70ec2c7efc7b4ee Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3041619Reviewed-by: Milad Fa <mfarazma@redhat.com> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Junliang Yan <junyan@redhat.com> Commit-Queue: Milad Fa <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/master@{#75884}
-
Milad Fa authored
Change-Id: I00da20528553e4135681790998c03126931bca9a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3042719 Commit-Queue: Milad Fa <mfarazma@redhat.com> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Junliang Yan <junyan@redhat.com> Cr-Commit-Position: refs/heads/master@{#75883}
-
Maya Lekova authored
Bug: chromium:1052746 Change-Id: Ibd93c5651384e489d3c41800dfc3b1bdd397c637 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3048182 Auto-Submit: Maya Lekova <mslekova@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#75882}
-
Danil Somsikov authored
This reverts commit a5fd60e1. Reason for revert: As per crbug/1213374 this is not applied consistently. E.g. wrapping object into an array will bypass access checks. With the crrev/c/3041424 however, only accessible properties are shown in console, so logging a restricted object is no longer unsafe. Original change's description: > Calls to {console} require an access check for the provided arguments > > This CL adds an access check for the arguments to all calls to > {console} like {console.log}. This is needed since the DevTools > protocol notificiation event does not contain the context in which > the {console.log} call occurred. Only the context of the argument. > When DevTools then reads properties for the preview of the argument, > it uses arguments context, instead of the calling context, potentially > leaking objects/exceptions into the calling context. > > Bug: chromium:987502, chromium:986393 > Change-Id: I6f7682f7bee94a28ac61994bad259bd003511c39 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1741664 > Commit-Queue: Simon Zünd <szuend@chromium.org> > Reviewed-by: Yang Guo <yangguo@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63122} Bug: chromium:987502, chromium:986393, chromium:1213374 Change-Id: I92a8bb7663ff97de8831ddeb2c8560fb9fa1c12e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3046189Reviewed-by: Simon Zünd <szuend@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Danil Somsikov <dsv@chromium.org> Cr-Commit-Position: refs/heads/master@{#75881}
-
Jakob Kummerow authored
Now that we have advanced division algorithms, we can implement a divide-and-conquer strategy for toString-conversions, to make their complexity sub-quadratic. For example, this speeds up `(2n ** (2n ** 21n)).toString().length` from 9400 ms to 200 ms on my laptop. Bug: v8:11515 Change-Id: Id20f7f2928dc7308609f4c1688f32b252e04f433 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3017805Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#75880}
-
Omer Katz authored
As an optimization, RegisterWeakReferenceIfNeeded checks whether the target object is marked, and only registers it if it's not marked. The target object may still be under construction, in which case checking the mark bit will race with allocating the object. Bug: chromium:1056170, chromium:1232339 Change-Id: I0a41afba7f48f288f708441176f89509a81ebb09 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3048171 Commit-Queue: Omer Katz <omerkatz@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#75879}
-
Marja Hölttä authored
Bug: v8:11111 Change-Id: I41a318d3858e48035ae67e937420e2963a13d871 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3035091 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/master@{#75878}
-
Maya Lekova authored
This is a reland of 84d5b027 It removes support for 8-byte types which were causing unaligned reads. Original change's description: > [fastcall] Implement support for TypedArray arguments > > This CL adds TypedArrays as supported arguments for fast API calls. > It implements "exact type" matching, i.e. if Float32Array is expected > and e.g. Int32Array is passed instead, the generated code bails to the > slow callback. > > Bug: chromium:1052746, chromium:1018624 > Change-Id: I01d4e681d2b367cbb57b06effcb591c090a23295 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2999094 > Commit-Queue: Maya Lekova <mslekova@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Reviewed-by: Camillo Bruni <cbruni@chromium.org> > Cr-Commit-Position: refs/heads/master@{#75756} Bug: chromium:1052746, chromium:1018624 Change-Id: I872716d95bde8c340cf04990a3e4ae8ec8cd74a2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3035090Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#75877}
-