- 19 Aug, 2021 27 commits
-
-
Ng Zhi An authored
Fixed: v8:12095 Bug: v8:12095 Change-Id: If2021397000958ccdd058b99ce8f4d6e8d4d2836 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3097106Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/main@{#76398}
-
Ng Zhi An authored
Whenever we are adding a new AddressRegion to the CodeMap, we first remove all overlapping regions. The logic to check for overlapping region is incomplete. For example, if all existing regions are less than the region to be added, we incorrectly remove all regions, effectively deleting all JITCodeEntry we have constructed. We extract this overlapping check into a helper function, so that we can unittest this without worrying about JITCodeEvent functionality, and also without dealing with V8 internals (like Isolate and SFI). The overlapping logic is rather hard to understand, has many special cases, it will probably be much easier to just loop through all the entries, rather than using lower_bound. Ideally, we can refactor this to use some sort of sweep-line algorithm. Hopefully the unittests catch the most obvious cases. Bug: v8:11908 Change-Id: Id96975599ac59974185c3dbf64cdfceb17e98d18 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3105381 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/main@{#76397}
-
Ross McIlroy authored
Change-Id: I32fc41124c6c16efe1150d60e72dc2bba90782c7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3106745Reviewed-by: Hannes Payer <hpayer@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/main@{#76396}
-
Ross McIlroy authored
Change-Id: Ie96be7e4d1c37de92cbb6271fb0c8779ea9d4ae4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3106746Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Shu-yu Guo <syg@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/main@{#76395}
-
Nico Hartmann authored
This reverts commit faf2208a. Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20-%20arm64%20-%20sim%20-%20pointer%20compression/10870/overview Original change's description: > [compiler] Support acq/rel accesses and atomic accesses on tagged > > This CL adds an AtomicMemoryOrder parameter to the various atomic load > and store operators. Currently only acquire release (kAcqRel) and > sequentially consistent (kSeqCst) orders are supported. > > Additionally, atomic loads and stores are extended to work with tagged > values. > > This CL is a pre-requisite for supporting atomic accesses in Torque, > which is in turn a pre-requisite for prototyping shared strings. > > Bug: v8:11995 > Change-Id: Ic77d2640e2dc7e5581b1211a054c93210c219355 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3101765 > Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> > Reviewed-by: Zhi An Ng <zhin@chromium.org> > Commit-Queue: Shu-yu Guo <syg@chromium.org> > Cr-Commit-Position: refs/heads/main@{#76393} Bug: v8:11995 Change-Id: Id9936672f9e96c509b1cdf866de1ac5303996945 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3107229Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#76394}
-
Shu-yu Guo authored
This CL adds an AtomicMemoryOrder parameter to the various atomic load and store operators. Currently only acquire release (kAcqRel) and sequentially consistent (kSeqCst) orders are supported. Additionally, atomic loads and stores are extended to work with tagged values. This CL is a pre-requisite for supporting atomic accesses in Torque, which is in turn a pre-requisite for prototyping shared strings. Bug: v8:11995 Change-Id: Ic77d2640e2dc7e5581b1211a054c93210c219355 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3101765Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Reviewed-by: Zhi An Ng <zhin@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/main@{#76393}
-
Patrick Thier authored
- Introduce helper to push arguments onto the stack (Standalone this change doesn't make a lot of sense, but is in preparation for including the receiver in argc). - Introduce helper to shift arguments already on the stack to make room for new arguments (Varargs). - arm64 is not included because a) there was already a helper similar to ShiftArguments and b) PushArguments is not similar enough to make sense for arm64 because of small differences (e.g. also pushing the function) in conjunction with stack alignment. Drive-by: Use masm DropArguments in Sparkplug EmitReturn Bug: v8:11112 Change-Id: Id7a3a5f025abb19e2a52dae27b3b484fe87e9faf Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3097275Reviewed-by: Victor Gomes <victorgomes@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Patrick Thier <pthier@chromium.org> Cr-Commit-Position: refs/heads/main@{#76392}
-
Jakob Kummerow authored
It must be possible to determine an object's size on the heap without relying on the presence of any other objects. Specifically, if an object and its WasmTypeInfo die at the same time, they can be swept in any order, and the sweeper may need to know their sizes. This patch solves the problem by repurposing two bytes in the Map, where WasmStructs can store their instance size, and WasmArrays can store their element size (which can be used to compute their size). Fixed: chromium:1240670 Change-Id: Ib960fd0a409936aff1aef4daafed4c38b8497880 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3106649 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/main@{#76391}
-
Yu Yin authored
TEST: externref-globals-liftoff wasm-gc-breakpoints with --stress-incremental-marking Change-Id: Ia5956588a008155f199bad98b1aff6e593fcd7ee Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3106785 Auto-Submit: Yu Yin <xwafish@gmail.com> Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn> Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn> Cr-Commit-Position: refs/heads/main@{#76390}
-
Milad Fa authored
Passing directories to fopen is not a defined behaviour in C/C++. A new test case added by https://crrev.com/c/3098189 is trying to import directories which is expected to fail. Test however is not passing on some platforms including on S390 Linux as `fopen` is successful, size gets set to 0 and a (non-existent) empty file gets returned. This CL uses `stat` to make sure the path is valid and is not a directory. Change-Id: Ibcc762b21145d2198cba07953387a31f39f59300 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3102346Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Milad Fa <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/main@{#76389}
-
Victor Gomes authored
No-Try: true Change-Id: I429066dd039519d4195c8d8a09559a720b818976 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3106748 Auto-Submit: Victor Gomes <victorgomes@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#76388}
-
Jakob Kummerow authored
Some of the Array benchmarks were unintentionally spending a lot of time on Number-to-String conversions. This patch avoids that, by computing the dynamically-created strings only once. Bug: chromium:1240981 Change-Id: If10826813d555398b45c22c958dee27e17f35d3c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3106747Reviewed-by: Michael Stanton <mvstanton@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/main@{#76387}
-
Jakob Gruber authored
.. and decrease the include-ball size. Change-Id: Id35358a6882156f6684475b7f0b0193f8ca5eaf5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3103313 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Patrick Thier <pthier@chromium.org> Cr-Commit-Position: refs/heads/main@{#76386}
-
Jakob Kummerow authored
Operator::kEliminatable has the unfortunate consequence that depending on surrounding code, the allocating builtin call could get scheduled before the max length check, causing a crash instead of a trap. Fixed: chromium:1239954 Change-Id: Ice2e3e4f67e8fce44a886c0079e0e31f124c02b0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3103315Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Manos Koukoutos <manoskouk@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/main@{#76385}
-
Paolo Severini authored
Functions CopyAndConvertArrayToCppBufferInt32 and CopyAndConvertArrayToCppBufferFloat64 used by specializations of template functions TryCopyAndConvertArrayToCppBuffer were removed with https://chromium-review.googlesource.com/c/v8/v8/+/3056988. Bug: v8:11739 Change-Id: I495b8878780adb7d2274cc733c7d4c5938171eb7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3095651 Commit-Queue: Paolo Severini <paolosev@microsoft.com> Reviewed-by: Maya Lekova <mslekova@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/main@{#76384}
-
Camillo Bruni authored
This fix consists of 2 parts: a) Fix async hooks: - Allow initialising the promise hook properties - Do not call async hooks if we're overflowing the stack b) Avoid some more recursion when reporting the stack trace Bug: chromium:1240723 Change-Id: Icedfc8b48655bacc3f79591944e3869b85f1c4de Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3103321Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/main@{#76383}
-
Michael Lippautz authored
HAS_PROGRESS_BAR is set after page initialization at which point all flags are assumed to be immutable while a GC is running. Separating out the progress bar from flags allows setting it lazily at allocation time. Bug: v8:11915 Change-Id: I48a877e0e80d583d7a0fadef2546fc70417806e7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3085268 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Cr-Commit-Position: refs/heads/main@{#76382}
-
v8-ci-autoroll-builder authored
Rolling v8/third_party/google_benchmark/src: https://chromium.googlesource.com/external/github.com/google/benchmark/+log/990299f..c4b06e5 Set theme jekyll-theme-minimal (Dominic Hamon) https://chromium.googlesource.com/external/github.com/google/benchmark/+/c4b06e5 wrap things that look like tags but aren't with `{% raw %}` (Dominic Hamon) https://chromium.googlesource.com/external/github.com/google/benchmark/+/0fb4b75 TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com,mlippautz@chromium.org Change-Id: I54b77aef6cbfb4593e9853086c293b168b4fb503 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3105448Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#76381}
-
Samuel Groß authored
Bug: chromium:1218005 Change-Id: I533e9fccc48767f4fccc8746e182682abd36c5e5 Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3106387Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Cr-Commit-Position: refs/heads/main@{#76380}
-
Jakob Gruber authored
The JSRegExp heap object should not be the source of truth for regexp flags, which are also relevant in places that don't need or want to care about the heap object layout (e.g.: the regexp parser). Introduce RegExpFlags as a new source of truth, and base everything else on these flags. As a first change, remove the js-regexp.h dependency from the regexp parser. Other files in src/regexp/ should be updated in follow-up work. Change-Id: Id9a6706c7f09e93f743b08b647b211d0cb0b9c76 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3103306Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Patrick Thier <pthier@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/main@{#76379}
-
Al Muthanna Athamina authored
Bug: v8:12100 Change-Id: I24a562d6e448b5f422ad3c891b00e15b9283a4ae Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3106385 Auto-Submit: Almothana Athamneh <almuthanna@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/main@{#76378}
-
Omer Katz authored
This reverts commit edcc8ff5. Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Blink%20Linux%20Debug/10806/overview A prefinalizer is creating a WeakMember from a raw pointer to a dead object for checking whether it is in a set. Original change's description: > cppgc: Enable checks for assignments in prefinalizers > > Bug: v8:11749 > Change-Id: Ic027f732030fb6a2befeffeca9db2eacfd0830a5 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3099953 > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Commit-Queue: Omer Katz <omerkatz@chromium.org> > Cr-Commit-Position: refs/heads/main@{#76370} Bug: v8:11749 Change-Id: I0c90f232df9ae363f05f8b9ba26c2a7eede8a269 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3106646 Auto-Submit: Omer Katz <omerkatz@chromium.org> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#76377}
-
Al Muthanna Athamina authored
The NumFuzz fuzzers need to make use of this flag to ignore Mjsunit exceptions and other exceptions. The flag ignores the exit code 1. R=clemensb@chromium.org R=cbruni@chromium.org Bug: v8:11826 Change-Id: Ic0878078edec7292e43cdb18dd6fb32f7bbad12c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3103310 Commit-Queue: Almothana Athamneh <almuthanna@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/main@{#76376}
-
Lu Yahan authored
S10 is a Callee save register and be used in scratch_list. In cctest, could use scratch but not does't go through the JSEntry function that can save callee save reg. So cctest could be crashed due to using s10. Bug: v8:12124 Change-Id: I62c3582ad490681d5efb24e8bfe0884006d42e66 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3103425Reviewed-by: Ji Qiu <qiuji@iscas.ac.cn> Commit-Queue: Ji Qiu <qiuji@iscas.ac.cn> Auto-Submit: Yahan Lu <yahan@iscas.ac.cn> Cr-Commit-Position: refs/heads/main@{#76375}
-
Nico Weber authored
Like https://chromium-review.googlesource.com/c/v8/v8/+/2994804, but for arm and arm64. Bug: chromium:1066980 Change-Id: I5f3ac0d64a5031a62d4923d55a89f1d4e88cbc8b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3103905 Auto-Submit: Nico Weber <thakis@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/main@{#76374}
-
Ng Zhi An authored
liftoff-assembler-ia32.h can now use it. TurboFan ia32 doesn't use it because it generates different instruction codes (movlps, movhps). Bug: v8:11589 Change-Id: I07540814acff2d8ea48e06d1e00023d80b276a3d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3095009 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Cr-Commit-Position: refs/heads/main@{#76373}
-
Ng Zhi An authored
Move optimized implementation (accounts for AVX2) into shared-macro-assembler, and use it everywhere. Drive-by fix in liftoff-assembler-ia32.h to use Movss and Movsd macro-assembler functions to that they emit AVX when supported. Bug: v8:11589 Change-Id: Ibc4f2709d323d5b835bcac175a32b422d47d3355 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3095008 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Cr-Commit-Position: refs/heads/main@{#76372}
-
- 18 Aug, 2021 13 commits
-
-
Igor Sheludko authored
Bug: chromium:1240661 Change-Id: I5552d63e3a50cd7f870af4ce135dba60cd33fc0a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3103322 Commit-Queue: Igor Sheludko <ishell@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Auto-Submit: Igor Sheludko <ishell@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/main@{#76371}
-
Omer Katz authored
Bug: v8:11749 Change-Id: Ic027f732030fb6a2befeffeca9db2eacfd0830a5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3099953Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/main@{#76370}
-
Michael Achenbach authored
This adds the option to list disallowed flags for differential fuzzing directly in the harness. Flags that can crash in smoke tests shoule be added there. No-Try: true Bug: chromium:1240812 Change-Id: I57c772bedeac0ca6ba023c6b4929515b4b0e6cca Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3103314 Auto-Submit: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/main@{#76369}
-
Ng Zhi An authored
This is probably a latent bug, but since we didn't have a test that used '--gdbjit', our fuzzers weren't testing this code path. Bug: chromium:1240714 Change-Id: I6225e17b60d3a7a73a9c5502fde315207b8e721a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3101265Reviewed-by: Victor Gomes <victorgomes@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/main@{#76368}
-
Darshan Sen authored
After building V8 using Clang (./out/x64.release/v8_build_config.json says that "is_clang" is true), I could reproduce the referenced bug report locally. Replacing the getMinutes() calls with getUTCMinutes() calls fixed the test failure. Signed-off-by: Darshan Sen <raisinten@gmail.com> Bug: v8:11200 Change-Id: Ia36be481f2c8728380d550ead856ef8e51b1069c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3093362Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/main@{#76367}
-
Al Muthanna Athamina authored
Bug: v8:12100 Change-Id: I35d71d7649221febcf911010577330e1a264dc34 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3103005Reviewed-by: Liviu Rau <liviurau@chromium.org> Commit-Queue: Almothana Athamneh <almuthanna@chromium.org> Cr-Commit-Position: refs/heads/main@{#76366}
-
Jakob Gruber authored
.. instead of a FlatStringReader. This is in preparation for reusing the regexp parser directly from the JS parser, which uses different string types (AstRawString instead of heap Strings). Drive-by: Hide parser internals in the .cc file. Bug: v8:896 Change-Id: I06bd08f2ef5fd7a5e9812c123d88b89cacf5d864 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3101488 Commit-Queue: Patrick Thier <pthier@chromium.org> Auto-Submit: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Patrick Thier <pthier@chromium.org> Cr-Commit-Position: refs/heads/main@{#76365}
-
Seth Brenith authored
The heap snapshot view in the dev tools reports a lot of incorrect retaining paths involving weak references from FeedbackVectors. To fix, when IndexedReferencesExtractor encounters a weak reference, it should record a weak reference rather than a hidden reference. This way, the forward reference is still visible when exploring in the summary view, but weak references aren't reported as retainers. Bug: v8:12112 Change-Id: Ib3bafc49482fb4f515877a90bae8707483d0a7a2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3101266Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com> Cr-Commit-Position: refs/heads/main@{#76364}
-
Camillo Bruni authored
This is an internal property that should not be used publicly. The following methods are going to be deprecated: - v8::TryCatch::JSStackComparableAddress - v8::BackupIncumbentScope::JSStackComparableAddress Change-Id: Iaecfdece4660eaf1aef88121ff0f0c501c0ced5b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3097451Reviewed-by: Victor Gomes <victorgomes@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/main@{#76363}
-
Camillo Bruni authored
We see too many regressions for now in M94 (~10% more misses in some cases). This CL reverts the logic to the state before landing https://crrev.com/c/3069152 without having to revert the several refactoring CLs that landed on top of it. Bug: v8:10284, chromium:1238312, chromium:1237242 Change-Id: I57e66b9e0d58c36d2f1563b07720e3729c88ec94 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3103006 Commit-Queue: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/main@{#76362}
-
Samuel Groß authored
The heap sandbox will rely on the virtual memory cage to protect the data pointers in ArrayBuffers, TypedArrays, and DataViews. Bug: v8:10391 Change-Id: Ib0ee352e0eba07dea0fb9e0dc4957cb74d37ba3b Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3101489Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Cr-Commit-Position: refs/heads/main@{#76361}
-
Benedikt Meurer authored
This introduces a new, optional `nonIndexedPropertiesOnly` flag to the `Runtime.getProperties` inspector request, which tells the inspector to only report properties whose name is not an (typed) array index. This is to support retrieving all properties except for the indexed ones when the DevTools front-end decides to use the array bucketing mechanism. Previously the DevTools front-end had some quite complicated logic in place to simulate this via injected JavaScript, but that logic didn't pick up internal properties and was also interfering with the inherited accessor mechanism. With this new flag, it's straight-forward to implement the correct behavior in the DevTools front-end. The corresponding devtools-frontend CL is https://crrev.com/c/3099011. Before: https://imgur.com/hMX6vaV.png After: https://imgur.com/MGgiuJQ.png Bug: chromium:1199701 Change-Id: Iacbe9756ed8a2e6982efaebe1e7c606d37c05379 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3099686 Auto-Submit: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Philip Pfaffe <pfaffe@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/main@{#76360}
-
Jakob Gruber authored
In follow-up work, the parser will be refactored to take the input as raw char arrays instead of a FlatStringReader s.t. it can be reused by the V8 parser (which has AstRawStrings instead of Strings). Bug: v8:896 Change-Id: I0e0bda4b34bc23b8bc427ddf3f9516081c42bb8a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3099947Reviewed-by: Patrick Thier <pthier@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/main@{#76359}
-