- 27 Mar, 2018 9 commits
-
-
Tobias Tebbi authored
This CL changes the poisoning in the interpreter to use the infrastructure used in the JIT. This does not change the original flag semantics: --branch-load-poisoning enables JIT mitigations as before. --untrusted-code-mitigation enables the interpreter mitigations (now realized using the compiler back-end), but does not enable the back-end based mitigations for the Javascript JIT. So in effect --untrusted-code-mitigation makes the CSA pipeline for bytecode handlers use the same mechanics (including changed register allocation) that --branch-load-poisoning enables for the JIT. Bug: chromium:798964 Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel Change-Id: If7f6852ae44e32e6e0ad508e9237f24dec7e5b27 Reviewed-on: https://chromium-review.googlesource.com/928881Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#52243}
-
Camillo Bruni authored
- Allow deserializer to add entries to the StringTable without causing a gc. This is a reland of 868ed8ee Original change's description: > [runtime] Decrease StringTable shrink limit > > Given that we have not seen any regressions yet we're trying a more aggressive > limit. > > Bug: chromium:818642, v8:5443 > Change-Id: Ic45001ed6c042fc31cbba0d417d5060d2de8fb3a > Reviewed-on: https://chromium-review.googlesource.com/975126 > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Commit-Queue: Camillo Bruni <cbruni@chromium.org> > Cr-Commit-Position: refs/heads/master@{#52145} Bug: chromium:818642, v8:5443 Change-Id: I051c6a79e59ec40cf87cab5bf06c4c449f8113d0 Reviewed-on: https://chromium-review.googlesource.com/975643 Commit-Queue: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#52242}
-
Georgia Kouveli authored
The instruction scheduler is not supported on these platforms. Bug: v8:7577 Change-Id: If89494153407c6223e30d856dd0f3152eb0c5817 Reviewed-on: https://chromium-review.googlesource.com/973362Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com> Cr-Commit-Position: refs/heads/master@{#52241}
-
Igor Sheludko authored
Bug: v8:7310 Change-Id: Ic4a3c3326a1643d9a662a11ccdb75c8121587c71 Reviewed-on: https://chromium-review.googlesource.com/980943Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#52240}
-
Franziska Hinkelmann authored
--cleanup-code-caches-at-gc flag was removed in https://chromium.googlesource.com/v8/v8/+/b8b25e1c27b6634b764245671b5fcaacb19278bf, rendering the test obsolete. Change-Id: I34331d230102924899c89d3330379df51a489029 Reviewed-on: https://chromium-review.googlesource.com/980937Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Franziska Hinkelmann <franzih@chromium.org> Cr-Commit-Position: refs/heads/master@{#52239}
-
Ulan Degenbaev authored
The embedder can get notification when V8 heap size approaches the heap limit and can extend the heap limit if needed using - v8::Isolate::AddNearHeapLimitCallback - v8::Isolate::RemoveNearHeapLimitCallback This generalizes the exiting v8::debug::SetOutOfMemoryCallback API. Bug: chromium:824214 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel Change-Id: Ia444cb7efb6fe85c57fa3785e8fd1d8b654a5224 Reviewed-on: https://chromium-review.googlesource.com/979447 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#52238}
-
Victor Costan authored
Change-Id: I8db5eb77d0287d665ab2b7c41f8289d47389d0d0 Reviewed-on: https://chromium-review.googlesource.com/977579Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Victor Costan <pwnall@chromium.org> Cr-Commit-Position: refs/heads/master@{#52237}
-
Franziska Hinkelmann authored
I replaced usages in Chromium and other embedders. I think we can safely deprecate and soon remove. Drive-by fix: Fixed some typos. Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: Ia8e35adb2abebed3966403af61eda1ede319e5c3 Reviewed-on: https://chromium-review.googlesource.com/980452Reviewed-by: Peter Marshall <petermarshall@chromium.org> Commit-Queue: Franziska Hinkelmann <franzih@chromium.org> Cr-Commit-Position: refs/heads/master@{#52236}
-
v8-autoroll authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/c8fbe98..9004761 TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org Change-Id: I1943b52306afc8095b08a15ed94b7d1d43eeaae4 Reviewed-on: https://chromium-review.googlesource.com/981498Reviewed-by: v8 autoroll <v8-autoroll@chromium.org> Commit-Queue: v8 autoroll <v8-autoroll@chromium.org> Cr-Commit-Position: refs/heads/master@{#52235}
-
- 26 Mar, 2018 31 commits
-
-
Junliang Yan authored
Port d6636145 Original Commit Message: Part of ongoing work to remove the construct_stub. For non-constructable functions, don't use the non-constructable stub, instead handle non-constructables explicitly in ConstructFunction. R=petermarshall@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com BUG= LOG=N Change-Id: I2e81b03b8fbbde025881fd3b65fe2fa0604f6ff5 Reviewed-on: https://chromium-review.googlesource.com/981116 Commit-Queue: Junliang Yan <jyan@ca.ibm.com> Reviewed-by: Joran Siu <joransiu@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#52234}
-
Adam Klein authored
This reverts commit 3d7ad2e7. Reason for revert: too many regressions to handle for now. Original change's description: > Reland "[parser] Remove pretenuring of closures assigned to properties" > > The memory gains were significant, so despite the bluebird-doxbee > regression, we think it's better to have this patch than not. > See the attached Chromium bug for more discussion. > > This is a reland of 20e346bd. > > Original change's description: > > [parser] Remove pretenuring of closures assigned to properties > > > > This pretenuring was added in https://codereview.chromium.org/5220007, > > back when it was necessary in order to allow use of the closure > > as a "constant function" property. This should no longer be the case, > > and the pretenuring causes some unfortunate downstream effects. > > > > This patch removes the parser's setting of this bit. If it doesn't > > cause regressions on the perf bots, followup CLs will remove the > > rest of the support for this feature. > > > > Bug: v8:7442 > > Change-Id: I27c43dd4293ce5de921be6c78571e712778d138a > > Reviewed-on: https://chromium-review.googlesource.com/914610 > > Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> > > Commit-Queue: Adam Klein <adamk@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#51254} > > Bug: v8:7442, chromium:814182 > Change-Id: I228c59dccef3844803f115749e72ae6c5f286eda > Reviewed-on: https://chromium-review.googlesource.com/938241 > Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> > Commit-Queue: Adam Klein <adamk@chromium.org> > Cr-Commit-Position: refs/heads/master@{#51668} Tbr: gsathya@chromium.org Bug: v8:7442, v8:7524, chromium:814182, chromium:818627, chromium:818672, chromium:819994, chromium:821788 Change-Id: Ib760d63f879613f3b874889c5cb29ba2a77ba430 Reviewed-on: https://chromium-review.googlesource.com/980795 Commit-Queue: Adam Klein <adamk@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#52233}
-
Ulan Degenbaev authored
FixedDoubleArray can be left-trimmed and should be treated similar to FixedArray in concurrent marker. Bug: v8:7595 Change-Id: I4046209b66d7ed8e649355f62296607234146793 Reviewed-on: https://chromium-review.googlesource.com/980874 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#52232}
-
Gabriel Charette authored
This is done now while embedders have yet to adapt to the new API before it becomes hard to migrate. Also renamed variable/methods to use "worker threads" rather than "background" nomenclature. Extracted from https://chromium-review.googlesource.com/c/v8/v8/+/978443/7 while resolving the more contentious bits around using task runners. TBR=rmcilroy@chromium.org Bug: chromium:817421 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: Ie3ddf15a708e829c0f718d89bebf3e96d1990c16 Reviewed-on: https://chromium-review.googlesource.com/980953 Commit-Queue: Gabriel Charette <gab@chromium.org> Reviewed-by: Gabriel Charette <gab@chromium.org> Cr-Commit-Position: refs/heads/master@{#52231}
-
Ulan Degenbaev authored
Bug: chromium:825828 Change-Id: I1f27c08fa8febe521412fddb6ae964969671764b Reviewed-on: https://chromium-review.googlesource.com/980933Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#52230}
-
Yang Guo authored
This has been made possible when custom builtin constructors were removed. R=jgruber@chromium.org Bug: v8:178, v8:7518 Change-Id: I7ee064c3b899732ebe9381ea004f231fa6c0cef0 Reviewed-on: https://chromium-review.googlesource.com/975541 Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#52229}
-
Ulan Degenbaev authored
JSRegex does not have custom body descriptor and uses JSObject body descriptor, so it should just use JSObject visitor id. Bug: chromium:825828 Change-Id: Iae22315da7ab83bb4ac919586c883120621761c8 Reviewed-on: https://chromium-review.googlesource.com/980752Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#52228}
-
Yang Guo authored
We don't want to run into the situation of breaking inside of debug-evaluate. That would get even more confusing with throw-on-side-effect. R=kozyatinskiy@chromium.org Bug: v8:7592 Change-Id: I93f5de63d8943792ff000dbf7c6311df655d3793 Reviewed-on: https://chromium-review.googlesource.com/978164Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#52227}
-
Michael Achenbach authored
NOTREECHECKS=true Bug: chromium:669910 Change-Id: I16cfbb6bd6aa8eb4bad3289dfe43c1cd33c42f92 Reviewed-on: https://chromium-review.googlesource.com/980336 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org> Cr-Commit-Position: refs/heads/master@{#52226}
-
Martyn Capewell authored
Fixed register d27 wasn't used in code generation, so remove it and rename the remaining fixed registers. Also, remove some left over Crankshaft comments. Change-Id: I971069c668a597900b1a0c4b64736103a78dab14 Reviewed-on: https://chromium-review.googlesource.com/968426Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Martyn Capewell <martyn.capewell@arm.com> Cr-Commit-Position: refs/heads/master@{#52225}
-
Michael Achenbach authored
Bug: chromium:669910 Change-Id: Ib22286cdfff6cd08f68819ad80a93707ff47389f Reviewed-on: https://chromium-review.googlesource.com/980034 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org> Cr-Commit-Position: refs/heads/master@{#52224}
-
Michael Achenbach authored
Bug: chromium:669910 Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng Change-Id: Ifb8719a989a4fda48241967271ebe39037643e39 Reviewed-on: https://chromium-review.googlesource.com/980032 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org> Cr-Commit-Position: refs/heads/master@{#52223}
-
Michael Achenbach authored
Bug: chromium:669910 Change-Id: I0d9a8c7277cfcedd464db44733803ccc4693ae70 Reviewed-on: https://chromium-review.googlesource.com/979952 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org> Cr-Commit-Position: refs/heads/master@{#52222}
-
Ulan Degenbaev authored
The mutator utilizaton is computed for each mark-compact GC cycle as mutator_time / total_time, where - total_time is the time from the end of the previous GC to the end of the current GC - mutator_time = total_time - incremental_steps_duration - gc_time. Bug: chromium:824214 Change-Id: Ie1814f22f0816a3c9c579107f4950f6fc8c8a72d Reviewed-on: https://chromium-review.googlesource.com/978215 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Cr-Commit-Position: refs/heads/master@{#52221}
-
Ulan Degenbaev authored
Currently they are using a generic IterateBody(ObjectVisit*), which has an overhead of virtual table lookup for each visited pointer. Change-Id: I97268bf7fe63f8c99834d5fc31b4ce18a0fa5655 Reviewed-on: https://chromium-review.googlesource.com/979437 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#52220}
-
Michael Achenbach authored
Bug: chromium:669910 Change-Id: I35d146bbe265dfdd0059dd8d3ec4fc5ee54bb465 Reviewed-on: https://chromium-review.googlesource.com/979805 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#52219}
-
Ulan Degenbaev authored
Almost all callers of BodyDescriptor already have the map of the object and should pass it to IterateBody and IsValidSlot functions. This removes redundant load and makes the function consistent with the SizeOf function. Change-Id: Ie47a9bb05af23fbf0576dff99f2ec69625e057fc Reviewed-on: https://chromium-review.googlesource.com/979436 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#52218}
-
Sigurd Schneider authored
R=neis@chromium.org Bug: v8:7599 Change-Id: I8a1e4864800dbf76530ebbe2a9ce09dac55a1f65 Reviewed-on: https://chromium-review.googlesource.com/980055 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#52217}
-
Yang Guo authored
R=machenbach@chromium.org Change-Id: I13815463a1bd88d20dbb6f3f656cbda660b77dce Reviewed-on: https://chromium-review.googlesource.com/979809Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#52216}
-
Michael Starzinger authored
R=titzer@chromium.org BUG=v8:7549 Change-Id: I2b95a4d204dff6038b5a012b9753242f3384b886 Reviewed-on: https://chromium-review.googlesource.com/979811Reviewed-by: Ben Titzer <titzer@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#52215}
-
Sigurd Schneider authored
The optimization was replacing String.fromCharCode(x) == "y" with x == y instead of (x & 0xFFFF) == y if x was outside of uint16 range. Bug: v8:7340, v8:7531 Change-Id: I967306cc2e05c28de82e16cf1b2312fe47396a7d Reviewed-on: https://chromium-review.googlesource.com/979808Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#52214}
-
Camillo Bruni authored
Change-Id: Ifb7366334cb16201a497578776dffb2b36f32a43 Reviewed-on: https://chromium-review.googlesource.com/979802Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#52213}
-
Michael Achenbach authored
Bug: chromium:669910 Change-Id: I03f6ef3121af047ea2c4e6b83ed67634f046ce71 Reviewed-on: https://chromium-review.googlesource.com/979796 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#52212}
-
jgruber authored
This removes one level of indirection from loading external references, which can now be accesses through the root pointer with a single load: [kRootPointer + <offset from root list to desired offset in table>] Bug: v8:6666 Change-Id: I927634993920828ff48621a0e17e5f3099782917 Reviewed-on: https://chromium-review.googlesource.com/971041 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#52211}
-
Michael Achenbach authored
Bug: chromium:669910 Change-Id: Icf524095299a7d3763eeada853b2e831e39ba1e9 Reviewed-on: https://chromium-review.googlesource.com/979798 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org> Cr-Commit-Position: refs/heads/master@{#52210}
-
jgruber authored
Access to the constant pool of off-heap builtins must use Instruction{Start,Size} instead of the raw instruction_{start,size} accessors, and we need to copy the constant_pool_offset field when creating trampolines. This in turn required access to the embedded blob without an associated isolate, which is now implemented by global variable set by each isolate. Both writes and reads are relaxed, as races do not matter since each isolate will attempt to set the same value of the blob and its size. Drive-by: Support off-heap code disassembly. Bug: v8:6666,v8:7575 Change-Id: I4f203acd4dc128339cf2dd54b3253d9552616649 Reviewed-on: https://chromium-review.googlesource.com/973442 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#52209}
-
Michael Achenbach authored
This adds runtime dependencies for windows component builds to be isolated with swarming targets. Documentation for data dependencies: https://chromium.googlesource.com/chromium/src/+/master/tools/gn/docs/reference.md#data Bug: chromium:669910 Change-Id: I4817b707e3fbc4cf664be319c4dac4668e37f14a Reviewed-on: https://chromium-review.googlesource.com/979794Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#52208}
-
Michael Starzinger authored
Now that WebAssembly code has moved off the garbage collected heap, it is no longer subject to relocation and support for updating the base address for the purposes of trap handling can be removed. R=eholk@chromium.org BUG=v8:7549 Change-Id: I7a98f192e0c91274fa2ccdb59cdd106da6217948 Reviewed-on: https://chromium-review.googlesource.com/978248Reviewed-by: Eric Holk <eholk@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#52207}
-
Yang Guo authored
This reverts commit 9a0ccf4f. Reason for revert: https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20debug/builds/19794 Original change's description: > [ia32][wasm] Add F32x4AddHoriz, I32x4AddHoriz and I16x8AddHoriz > > Change-Id: Icdecfadbb1acc77d21a65d997f83c5f4db7c0780 > Reviewed-on: https://chromium-review.googlesource.com/942049 > Commit-Queue: Jing Bao <jing.bao@intel.com> > Reviewed-by: Bill Budge <bbudge@chromium.org> > Cr-Commit-Position: refs/heads/master@{#52203} TBR=bbudge@chromium.org,mtrofin@chromium.org,bmeurer@chromium.org,jing.bao@intel.com Change-Id: Iad906959b9fb1ffba02ce4286f15d51fef49b12d No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/979533Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#52206}
-
Peter Marshall authored
This param is no longer used to construct the SFI. Bug: v8:7503 Change-Id: Ic93c91ce0ad9acf84da7f382c9a170c732db7176 Reviewed-on: https://chromium-review.googlesource.com/977926Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#52205}
-
Peter Marshall authored
Change-Id: I224ab73120b8e8d9892bc560455aacb2cd9397c9 Reviewed-on: https://chromium-review.googlesource.com/978185Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#52204}
-