- 05 Oct, 2020 8 commits
-
-
Benedikt Meurer authored
Other WebAssembly tools like wabt and wasmparser ignore empty strings for local variable and parameter names, and just generate their own names for it. Update V8 to comply with this convention. Bug: chromium:1134531 Change-Id: Ic724482d93398feaf6b0797eec5a55f8ca508ca5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2448457Reviewed-by: Clemens Backes <clemensb@chromium.org> Reviewed-by: Kim-Anh Tran <kimanh@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#70305}
-
Sathya Gunasekaran authored
Instead of loading the map from the feedback vector for monomorphic access, this CL directly inlines the expected map constant as a static check. In case this static check fails, we call out to a builtin which performs additional dynamic map checks. There are several dynamic map checks performed by the builtin for various cases such as: (a) IC is monomorphic with a map that's different from the initial static map that we checked, in which case we perform another dynamic map check. (b) IC is monomorphic but incoming map is a deprecated map in which case we call out the runtime to migrate this incoming object to a new map and then try to handle it. (c) IC has now transitioned to polymorphic in which we use the old dynamic polymorphic checks to validate the map and handler. Bug: v8:10582, v8:9684 Change-Id: Id87265ed513e4aef87b8e66c826afbf10f50a1d0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2429034 Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Cr-Commit-Position: refs/heads/master@{#70304}
-
Jakob Gruber authored
Codegen timing and cache ageing are two important parameters for NCI performance. This adds runtime flags for them: --turbo-nci-cache-ageing (default: false) --turbo-nci-delayed-codegen (default: true) Note the behavioral change of disabling ageing by default for now. Bug: v8:8888 Change-Id: Id9611185566f5c4828ad48e58c42424833d3323b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2438456 Commit-Queue: Michael Stanton <mvstanton@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Auto-Submit: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#70303}
-
Zhao Jiazhong authored
The lower 32 bits of output FPURegister is undefined now, this CL copies the input FPURegister's lower 32 bits to output FPURegister. Change-Id: I10c078fafeddd5de207ced4f7c01f35d32999733 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2449153Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn> Cr-Commit-Position: refs/heads/master@{#70302}
-
Leszek Swirski authored
Rather than having repeated IsFoo checks in PostProcessNewObject, which means repeated handle accesses, map word accesses, and map pointer decompressions, cache the instance type once and check it with InstanceTypeChecker. This gives a measurable 2-3% improvement in deserialization time (in my informal local measurements). Bug: chromium:1075999 Change-Id: I3e11588ad5d1c6ee2bbf93b82fa52c66496a325c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440578 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#70301}
-
Leszek Swirski authored
Remove the pattern of calling 'Find' followed by 'Set' for IdentityMap, with a single 'FindOrInsert' that explicitly returns whether an existing entry was found, or the entry was inserted. This replaces 'Get', which would return either an initialised or uninitialised entry (and callers would rely on default initialisation to check this). Also replace 'Set' with 'Insert', which explicitly requires that the element didn't exist before. This matches expectations where it was used (where those weren't replaced wholesale with 'FindOrInsert'), and makes the naming consistent with 'FindOrInsert'. Change-Id: I8fb76f4ac14fb92b88474965aafb1ace5fb79145 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2443135 Auto-Submit: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#70300}
-
Dominik Inführ authored
Run variant stress_concurrent_allocation in debug mode and with TSAN. Failing tests will close tree and block CQ. Bug: v8:10315 Change-Id: I0ba2921a3718a08b88516f209364b52c8817c331 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2436343 Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#70299}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/bfc3ca5..1cb6993 Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/ab5ac1c..f513a0b TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com Change-Id: I744a353ec4c80ccee5b63df024002bc0e77aabc7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2448646Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#70298}
-
- 04 Oct, 2020 3 commits
-
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/0f7a5f7..bfc3ca5 Rolling v8/third_party/aemu-linux-x64: L4Yg7-xN6xRY3FEAIYBqj7hMnWwvvnPYTNQr_umZm-IC..FgthknmEoQugl3GqOyqz_RsAjIMmeLsa960mZcmhE9UC TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com Change-Id: If6ba34b7cc1e8cd00b9b331265ebc82c55e0294c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2447962Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#70297}
-
Michael Achenbach authored
The build location is now universally in out/build after infra change: https://crrev.com/c/2426643 TBR=mslekova@chromium.org Bug: chromium:1132088 Change-Id: I0d8867ed58adec79ed66f5e4dac375827e2679e3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2448451Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#70296}
-
Michael Achenbach authored
Change-Id: Ib879c4b1d473faa80863373d98631dfd67cfde9c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2448449 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#70295}
-
- 03 Oct, 2020 2 commits
-
-
Peter Marshall authored
We used to have extra data in this but now it's just an indirection to CodeEntryAndLineNumber so use that everywhere instead. Change-Id: I6dcedabc1502bc1eed25c05e23f04b996b91bae7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440829 Commit-Queue: Peter Marshall <petermarshall@chromium.org> Reviewed-by: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#70294}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/9cc0704..0f7a5f7 Rolling v8/third_party/aemu-linux-x64: UABC8VAzZj56bPNLe3ou7AIlBjwHbiXOu6R9f5RbZWcC..L4Yg7-xN6xRY3FEAIYBqj7hMnWwvvnPYTNQr_umZm-IC Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/8c88c75..d82d30d Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/69e30b2..1407cfd Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/921f371..ab5ac1c TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com Change-Id: I0aa95680425f45b63f692c7cb0e166546f0222be Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2446854Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#70293}
-
- 02 Oct, 2020 20 commits
-
-
Milad Fa authored
`vperm` indices are taken from the five least significant bits of the input byte. We need to make sure bigger values are saturated to 31 to make vperm select 0 as the output. Change-Id: I74715e909e4a50dec23f5423e53254836fe0ff8e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2446553Reviewed-by: Junliang Yan <junyan@redhat.com> Commit-Queue: Milad Fa <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/master@{#70292}
-
Thibaud Michaud authored
R=zhin@chromium.org Bug: chromium:1134324 Change-Id: Ica1f8c290ba496c7c24d8ec46f963f389ad9e8fa Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2445875Reviewed-by: Zhi An Ng <zhin@chromium.org> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/master@{#70291}
-
Dan Elphick authored
Remove a spurious assert probably introduced by a bad merge that disallowed RO_SPACE sharing when pointer compression is enabled. Change-Id: I8a59a242667252dcbb098e5be405ac67a4e01a3d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2445877 Auto-Submit: Dan Elphick <delphick@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#70290}
-
Dan Elphick authored
The TF_BUILTIN version of UntypedParameter is not used anywhere. There's still CodeAssembler::UntypedParameter which is still in use if a untyped parameter is required. Change-Id: I3580e73b781d750878d7bb1b38298d5b82d15f4c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2445876 Commit-Queue: Dan Elphick <delphick@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Auto-Submit: Dan Elphick <delphick@chromium.org> Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#70289}
-
Leszek Swirski authored
This is a reland of c4a062a9 which was a reland of 28a30c57 which was a reland of 5d7a29c9 Fixes TSAN errors from non-atomic writes in the deserializer. Now all writes are (relaxed) atomic. Original change's description: > Reland^2 "[serializer] Allocate during deserialization" > > This is a reland of 28a30c57 > which was a reland of 5d7a29c9 > > The crashes were from calling RegisterDeserializerFinished on a null > Isolate pointer, for a deserializer that was never initialised > (specifically, ReadOnlyDeserializer when ROHeap is shared). > > Original change's description: > > Reland "[serializer] Allocate during deserialization" > > > > This is a reland of 5d7a29c9 > > > > This reland shuffles around the order of checks in Heap::AllocateRawWith > > to not check the new space addresses until it's known that this is a new > > space allocation. This fixes an UBSan failure during read-only space > > deserialization, which happens before the new space is initialized. > > > > It also fixes some issues discovered by --stress-snapshot, around > > serializing ThinStrings (which are now elided as part of serialization), > > handle counts (I bumped the maximum handle count in that check), and > > clearing map transitions (the map backpointer field needed a Smi > > uninitialized value check). > > > > Original change's description: > > > [serializer] Allocate during deserialization > > > > > > This patch removes the concept of reservations and a specialized > > > deserializer allocator, and instead makes the deserializer allocate > > > directly with the Heap's Allocate method. > > > > > > The major consequence of this is that the GC can now run during > > > deserialization, which means that: > > > > > > a) Deserialized objects are visible to the GC, and > > > b) Objects that the deserializer/deserialized objects point to can > > > move. > > > > > > Point a) is mostly not a problem due to previous work in making > > > deserialized objects "GC valid", i.e. making sure that they have a valid > > > size before any subsequent allocation/safepoint. We now additionally > > > have to initialize the allocated space with a valid tagged value -- this > > > is a magic Smi value to keep "uninitialized" checks simple. > > > > > > Point b) is solved by Handlifying the deserializer. This involves > > > changing any vectors of objects into vectors of Handles, and any object > > > keyed map into an IdentityMap (we can't use Handles as keys because > > > the object's address is no longer a stable hash). > > > > > > Back-references can no longer be direct chunk offsets, so instead the > > > deserializer stores a Handle to each deserialized object, and the > > > backreference is an index into this handle array. This encoding could > > > be optimized in the future with e.g. a second pass over the serialized > > > array which emits a different bytecode for objects that are and aren't > > > back-referenced. > > > > > > Additionally, the slot-walk over objects to initialize them can no > > > longer use absolute slot offsets, as again an object may move and its > > > slot address would become invalid. Now, slots are walked as relative > > > offsets to a Handle to the object, or as absolute slots for the case of > > > root pointers. A concept of "slot accessor" is introduced to share the > > > code between these two modes, and writing the slot (including write > > > barriers) is abstracted into this accessor. > > > > > > Finally, the Code body walk is modified to deserialize all objects > > > referred to by RelocInfos before doing the RelocInfo walk itself. This > > > is because RelocInfoIterator uses raw pointers, so we cannot allocate > > > during a RelocInfo walk. > > > > > > As a drive-by, the VariableRawData bytecode is tweaked to use tagged > > > size rather than byte size -- the size is expected to be tagged-aligned > > > anyway, so now we get an extra few bits in the size encoding. > > > > > > Bug: chromium:1075999 > > > Change-Id: I672c42f553f2669888cc5e35d692c1b8ece1845e > > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2404451 > > > Commit-Queue: Leszek Swirski <leszeks@chromium.org> > > > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > > > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > > > Cr-Commit-Position: refs/heads/master@{#70229} > > > > Bug: chromium:1075999 > > Change-Id: Ibc77cc48b3440b4a28b09746cfc47e50c340ce54 > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440828 > > Commit-Queue: Leszek Swirski <leszeks@chromium.org> > > Auto-Submit: Leszek Swirski <leszeks@chromium.org> > > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#70267} > > Tbr: jgruber@chromium.org,ulan@chromium.org > Bug: chromium:1075999 > Change-Id: Iaa8dc54895866ada0e34a7c9e8fff9ae1cb13f2d > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2444991 > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Commit-Queue: Leszek Swirski <leszeks@chromium.org> > Cr-Commit-Position: refs/heads/master@{#70279} Tbr: jgruber@chromium.org,ulan@chromium.org Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng,v8_linux64_tsan_no_cm_rel_ng,v8_linux64_tsan_isolates_rel_ng Bug: chromium:1075999 Change-Id: I0b9b11644aebc4cc8b07c62a0f765b24e4d73d89 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2445872 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#70288}
-
Omer Katz authored
This resolves several races identified by concurrent marking tests. These include: (*) Several instances of not using atomic accesses. (*) Synchronizing page on page creation. Bug: chromium:1056170 Change-Id: I4a32a44b93a6995a11e3cc75c9446fb8860ae780 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2423717 Commit-Queue: Omer Katz <omerkatz@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#70287}
-
Toon Verwaest authored
Using a OneByte table allows branches to be removed if the function is inlined in a place where we statically know the character is onebyte. This adds support for line terminators. To support 2byte line terminators as well this adds a entries for the lower byte into the table so we can often take a faster path in that case as well. Change-Id: Ibd08d540e0e13047d6c1f675c187f14fda4336c5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2445471Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#70286}
-
Jakob Kummerow authored
It only had one callsite, and that callsite was useless: %IsValidSmi(two_31) has never returned {true} on any configuration we have ever shipped. Bug: v8:10933 Change-Id: I09cdfd7bbd7960d1ec460ad4bd9f0d21e47f7393 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2434746 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Auto-Submit: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#70285}
-
Milad Fa authored
Change-Id: I5e976ba8cbecaff04a0975a3de00627cabb00f3f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2442432Reviewed-by: Milad Fa <mfarazma@redhat.com> Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Milad Fa <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/master@{#70284}
-
Omer Katz authored
We clear during sweep so that we are guaranteed the in-construction bit of newly allocated objects is always 0. The lock sweeping uses for synchronization assures no data races between clearing and concurrent marking. The only exception to that is debug builds that zap on sweep and clear on allocation. This makes it so that dangling references will most likely crash in debug builds. Bug: chromium:1056170 Change-Id: I12597ef76629ec50c6bfc39dc21b68243c4160ae Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2438530 Commit-Queue: Omer Katz <omerkatz@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#70283}
-
Omer Katz authored
In construction objects don't have anything to sync with on the allocation side since they weren't marked as fully constructed yet. This could mean the initialization of the marking bit on the mutator thread and setting the mark bit on a concurrent thread could race (potentially resulting in losing the mark bit when the gc info index overwrites it). This CL fixes this issue by using a set of in construction objects. In construction objects are no longer marked. Instead they are pushed to the set and the heap object header is marked when they are popped from the worklist. Since the set avoids duplicates, this allows us to both avoid worklist explosion (due to pushing the same in construction object multiple times) and avoid the data race on the mark bit. This CL uses an unordered_set to record objects. Synchronization uses a lock, which could be costly but is not expected to be obtained often. Bug: chromium:1056170 Change-Id: I366b59f476c166ff06e15b280df9e846034cc6cf Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2437388 Commit-Queue: Omer Katz <omerkatz@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#70282}
-
Clemens Backes authored
The lambda used to do more work, now it's just a single function call. Thus remove the lambda by inlining it into all callers. Also, get rid of an unneeded parameter on {OnCompilationStopped}. R=thibaudm@chromium.org Bug: v8:10933 Change-Id: I2c5bc8dfab7abe47a69c1c3eeb5ec8dd02f503c1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440524Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#70281}
-
Clemens Backes authored
This reverts commit c4a062a9. Reason for revert: TSan issues: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/33504 Original change's description: > Reland^2 "[serializer] Allocate during deserialization" > > This is a reland of 28a30c57 > which was a reland of 5d7a29c9 > > The crashes were from calling RegisterDeserializerFinished on a null > Isolate pointer, for a deserializer that was never initialised > (specifically, ReadOnlyDeserializer when ROHeap is shared). > > Original change's description: > > Reland "[serializer] Allocate during deserialization" > > > > This is a reland of 5d7a29c9 > > > > This reland shuffles around the order of checks in Heap::AllocateRawWith > > to not check the new space addresses until it's known that this is a new > > space allocation. This fixes an UBSan failure during read-only space > > deserialization, which happens before the new space is initialized. > > > > It also fixes some issues discovered by --stress-snapshot, around > > serializing ThinStrings (which are now elided as part of serialization), > > handle counts (I bumped the maximum handle count in that check), and > > clearing map transitions (the map backpointer field needed a Smi > > uninitialized value check). > > > > Original change's description: > > > [serializer] Allocate during deserialization > > > > > > This patch removes the concept of reservations and a specialized > > > deserializer allocator, and instead makes the deserializer allocate > > > directly with the Heap's Allocate method. > > > > > > The major consequence of this is that the GC can now run during > > > deserialization, which means that: > > > > > > a) Deserialized objects are visible to the GC, and > > > b) Objects that the deserializer/deserialized objects point to can > > > move. > > > > > > Point a) is mostly not a problem due to previous work in making > > > deserialized objects "GC valid", i.e. making sure that they have a valid > > > size before any subsequent allocation/safepoint. We now additionally > > > have to initialize the allocated space with a valid tagged value -- this > > > is a magic Smi value to keep "uninitialized" checks simple. > > > > > > Point b) is solved by Handlifying the deserializer. This involves > > > changing any vectors of objects into vectors of Handles, and any object > > > keyed map into an IdentityMap (we can't use Handles as keys because > > > the object's address is no longer a stable hash). > > > > > > Back-references can no longer be direct chunk offsets, so instead the > > > deserializer stores a Handle to each deserialized object, and the > > > backreference is an index into this handle array. This encoding could > > > be optimized in the future with e.g. a second pass over the serialized > > > array which emits a different bytecode for objects that are and aren't > > > back-referenced. > > > > > > Additionally, the slot-walk over objects to initialize them can no > > > longer use absolute slot offsets, as again an object may move and its > > > slot address would become invalid. Now, slots are walked as relative > > > offsets to a Handle to the object, or as absolute slots for the case of > > > root pointers. A concept of "slot accessor" is introduced to share the > > > code between these two modes, and writing the slot (including write > > > barriers) is abstracted into this accessor. > > > > > > Finally, the Code body walk is modified to deserialize all objects > > > referred to by RelocInfos before doing the RelocInfo walk itself. This > > > is because RelocInfoIterator uses raw pointers, so we cannot allocate > > > during a RelocInfo walk. > > > > > > As a drive-by, the VariableRawData bytecode is tweaked to use tagged > > > size rather than byte size -- the size is expected to be tagged-aligned > > > anyway, so now we get an extra few bits in the size encoding. > > > > > > Bug: chromium:1075999 > > > Change-Id: I672c42f553f2669888cc5e35d692c1b8ece1845e > > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2404451 > > > Commit-Queue: Leszek Swirski <leszeks@chromium.org> > > > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > > > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > > > Cr-Commit-Position: refs/heads/master@{#70229} > > > > Bug: chromium:1075999 > > Change-Id: Ibc77cc48b3440b4a28b09746cfc47e50c340ce54 > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440828 > > Commit-Queue: Leszek Swirski <leszeks@chromium.org> > > Auto-Submit: Leszek Swirski <leszeks@chromium.org> > > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#70267} > > Tbr: jgruber@chromium.org,ulan@chromium.org > Bug: chromium:1075999 > Change-Id: Iaa8dc54895866ada0e34a7c9e8fff9ae1cb13f2d > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2444991 > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Commit-Queue: Leszek Swirski <leszeks@chromium.org> > Cr-Commit-Position: refs/heads/master@{#70279} TBR=ulan@chromium.org,jgruber@chromium.org,leszeks@chromium.org Change-Id: Ib2f01db4cd9b55639d6a4af971bda865edb45e84 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:1075999 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2445250Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#70280}
-
Leszek Swirski authored
This is a reland of 28a30c57 which was a reland of 5d7a29c9 The crashes were from calling RegisterDeserializerFinished on a null Isolate pointer, for a deserializer that was never initialised (specifically, ReadOnlyDeserializer when ROHeap is shared). Original change's description: > Reland "[serializer] Allocate during deserialization" > > This is a reland of 5d7a29c9 > > This reland shuffles around the order of checks in Heap::AllocateRawWith > to not check the new space addresses until it's known that this is a new > space allocation. This fixes an UBSan failure during read-only space > deserialization, which happens before the new space is initialized. > > It also fixes some issues discovered by --stress-snapshot, around > serializing ThinStrings (which are now elided as part of serialization), > handle counts (I bumped the maximum handle count in that check), and > clearing map transitions (the map backpointer field needed a Smi > uninitialized value check). > > Original change's description: > > [serializer] Allocate during deserialization > > > > This patch removes the concept of reservations and a specialized > > deserializer allocator, and instead makes the deserializer allocate > > directly with the Heap's Allocate method. > > > > The major consequence of this is that the GC can now run during > > deserialization, which means that: > > > > a) Deserialized objects are visible to the GC, and > > b) Objects that the deserializer/deserialized objects point to can > > move. > > > > Point a) is mostly not a problem due to previous work in making > > deserialized objects "GC valid", i.e. making sure that they have a valid > > size before any subsequent allocation/safepoint. We now additionally > > have to initialize the allocated space with a valid tagged value -- this > > is a magic Smi value to keep "uninitialized" checks simple. > > > > Point b) is solved by Handlifying the deserializer. This involves > > changing any vectors of objects into vectors of Handles, and any object > > keyed map into an IdentityMap (we can't use Handles as keys because > > the object's address is no longer a stable hash). > > > > Back-references can no longer be direct chunk offsets, so instead the > > deserializer stores a Handle to each deserialized object, and the > > backreference is an index into this handle array. This encoding could > > be optimized in the future with e.g. a second pass over the serialized > > array which emits a different bytecode for objects that are and aren't > > back-referenced. > > > > Additionally, the slot-walk over objects to initialize them can no > > longer use absolute slot offsets, as again an object may move and its > > slot address would become invalid. Now, slots are walked as relative > > offsets to a Handle to the object, or as absolute slots for the case of > > root pointers. A concept of "slot accessor" is introduced to share the > > code between these two modes, and writing the slot (including write > > barriers) is abstracted into this accessor. > > > > Finally, the Code body walk is modified to deserialize all objects > > referred to by RelocInfos before doing the RelocInfo walk itself. This > > is because RelocInfoIterator uses raw pointers, so we cannot allocate > > during a RelocInfo walk. > > > > As a drive-by, the VariableRawData bytecode is tweaked to use tagged > > size rather than byte size -- the size is expected to be tagged-aligned > > anyway, so now we get an extra few bits in the size encoding. > > > > Bug: chromium:1075999 > > Change-Id: I672c42f553f2669888cc5e35d692c1b8ece1845e > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2404451 > > Commit-Queue: Leszek Swirski <leszeks@chromium.org> > > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#70229} > > Bug: chromium:1075999 > Change-Id: Ibc77cc48b3440b4a28b09746cfc47e50c340ce54 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440828 > Commit-Queue: Leszek Swirski <leszeks@chromium.org> > Auto-Submit: Leszek Swirski <leszeks@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/master@{#70267} Tbr: jgruber@chromium.org,ulan@chromium.org Bug: chromium:1075999 Change-Id: Iaa8dc54895866ada0e34a7c9e8fff9ae1cb13f2d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2444991Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#70279}
-
Michael Lippautz authored
The test gets miscompiled on MSVC >=19.25, see bug. Bug: v8:10658 Change-Id: I3b75fe45916fa9e59ec78b852b7bdf707f11a2cc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2443731 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Anton Bikineev <bikineev@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Auto-Submit: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Anton Bikineev <bikineev@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/master@{#70278}
-
Maya Lekova authored
This CL implements passing float parameters to fast API calls by using the existing representation conversions for double parameters and then truncating the double to a float. It also adds float/double tests for fast API calls. Bug: chromium:1052746 Change-Id: Ibb3ccd173b3807a515adbf38cebaa1cf8e2784b6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2436333Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#70277}
-
Marja Hölttä authored
BytecodeGraphBuilder::NewNode already wires up effect and control, so we don't need to do it manually. Bug: v8:10933 Change-Id: I454609b10a5748abd13e668780814a4eb6d7cdfa Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2442625Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#70276}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/3ede101..9cc0704 Rolling v8/third_party/aemu-linux-x64: oJeWXQJJ1lVY6P7l39pBV-mrbeWlw0swPZQuNmcix5AC..UABC8VAzZj56bPNLe3ou7AIlBjwHbiXOu6R9f5RbZWcC Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/0f6ed71..8c88c75 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/991ead1..69e30b2 Rolling v8/third_party/fuchsia-sdk: https://chromium.googlesource.com/chromium/src/third_party/fuchsia-sdk/+log/6a38b0e..f8df9ff Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/bd8e096..921f371 TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com Change-Id: I67490c905909fcdcfad45b25f8d5341ec743e7e6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2443592Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#70275}
-
Ng Zhi An authored
It was slightly inconsistent, the sse versions took int8_t, the avx versions took uint8_t. Consolidate into uint8_t, that allows us to remove the DCHECK inside of the assembler, and also convert callers to use uint8_t. Bug: v8:10933 Change-Id: I125f0d54533b6fde1362e63e96f50fcf2467cac5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2443494Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#70274}
-
Frank Tang authored
This is a reland of 40af6aee Change from the rollbacked version - removes the passed test fixed by this PR in test/test262/test262.status TBR=jkummerow@chromium.org Original change's description: > [intl] Impl ECMA402 PR 471 rounding behavior > > Fix awkward rounding behavior > Change Intl::SetNumberFormatDigitOptions to fix the awkward rounding > behavior in NumberFormat when formatting a currency with > "maximumFractionDigits" set to a value less than 2. > > Bug: v8:10844 > Change-Id: I2ff4afa9f747cd79cb9964fe4c77a0dd2b8977b5 > Refs: https://github.com/tc39/ecma402/pull/471 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2442191 > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> > Commit-Queue: Frank Tang <ftang@chromium.org> > Cr-Commit-Position: refs/heads/master@{#70270} Bug: v8:10844 Change-Id: Icfe7363f63d402abccc038e2b8bd78b38d0d9c49 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2444210 Commit-Queue: Frank Tang <ftang@chromium.org> Reviewed-by: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/master@{#70273}
-
- 01 Oct, 2020 7 commits
-
-
Ng Zhi An authored
Narrowing operations need to sign extend the result. E.g. for narrowing uint16 to uint8, we compare uint16 to uint8 max, 0xff. The final result should be 0xffffffff (sign extended) since we try to keep nodes in their sign extended form, to work well with the rest of the lowering operations. With this, we pass the last spec test (that is not ignored), simd_conversions. Bug: v8:10507 Change-Id: I8914fd69db9378b8244cba5dcacff98d36893649 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2436613Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#70272}
-
Zhi An Ng authored
This reverts commit 40af6aee. Reason for revert: Test262 failures, see https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20CFI/2509? Original change's description: > [intl] Impl ECMA402 PR 471 rounding behavior > > Fix awkward rounding behavior > Change Intl::SetNumberFormatDigitOptions to fix the awkward rounding > behavior in NumberFormat when formatting a currency with > "maximumFractionDigits" set to a value less than 2. > > Bug: v8:10844 > Change-Id: I2ff4afa9f747cd79cb9964fe4c77a0dd2b8977b5 > Refs: https://github.com/tc39/ecma402/pull/471 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2442191 > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> > Commit-Queue: Frank Tang <ftang@chromium.org> > Cr-Commit-Position: refs/heads/master@{#70270} TBR=jkummerow@chromium.org,ftang@chromium.org,syg@chromium.org Change-Id: I1cfc05e0e2015ad18c037003c9a9a414e2151e06 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:10844 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2441549Reviewed-by: Zhi An Ng <zhin@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#70271}
-
Frank Tang authored
Fix awkward rounding behavior Change Intl::SetNumberFormatDigitOptions to fix the awkward rounding behavior in NumberFormat when formatting a currency with "maximumFractionDigits" set to a value less than 2. Bug: v8:10844 Change-Id: I2ff4afa9f747cd79cb9964fe4c77a0dd2b8977b5 Refs: https://github.com/tc39/ecma402/pull/471 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2442191Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/master@{#70270}
-
Frank Tang authored
https://chromium.googlesource.com/external/github.com/tc39/test262/+log/639760203..ad8a5e9940 Bug: v8:7834 Change-Id: Ifb5c6601b8c0b8fb2fc60144c8f77abf0a12782d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440722Reviewed-by: Shu-yu Guo <syg@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/master@{#70269}
-
Zhi An Ng authored
This reverts commit 28a30c57. Reason for revert: Broke Test262 https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20shared/38638? Original change's description: > Reland "[serializer] Allocate during deserialization" > > This is a reland of 5d7a29c9 > > This reland shuffles around the order of checks in Heap::AllocateRawWith > to not check the new space addresses until it's known that this is a new > space allocation. This fixes an UBSan failure during read-only space > deserialization, which happens before the new space is initialized. > > It also fixes some issues discovered by --stress-snapshot, around > serializing ThinStrings (which are now elided as part of serialization), > handle counts (I bumped the maximum handle count in that check), and > clearing map transitions (the map backpointer field needed a Smi > uninitialized value check). > > Original change's description: > > [serializer] Allocate during deserialization > > > > This patch removes the concept of reservations and a specialized > > deserializer allocator, and instead makes the deserializer allocate > > directly with the Heap's Allocate method. > > > > The major consequence of this is that the GC can now run during > > deserialization, which means that: > > > > a) Deserialized objects are visible to the GC, and > > b) Objects that the deserializer/deserialized objects point to can > > move. > > > > Point a) is mostly not a problem due to previous work in making > > deserialized objects "GC valid", i.e. making sure that they have a valid > > size before any subsequent allocation/safepoint. We now additionally > > have to initialize the allocated space with a valid tagged value -- this > > is a magic Smi value to keep "uninitialized" checks simple. > > > > Point b) is solved by Handlifying the deserializer. This involves > > changing any vectors of objects into vectors of Handles, and any object > > keyed map into an IdentityMap (we can't use Handles as keys because > > the object's address is no longer a stable hash). > > > > Back-references can no longer be direct chunk offsets, so instead the > > deserializer stores a Handle to each deserialized object, and the > > backreference is an index into this handle array. This encoding could > > be optimized in the future with e.g. a second pass over the serialized > > array which emits a different bytecode for objects that are and aren't > > back-referenced. > > > > Additionally, the slot-walk over objects to initialize them can no > > longer use absolute slot offsets, as again an object may move and its > > slot address would become invalid. Now, slots are walked as relative > > offsets to a Handle to the object, or as absolute slots for the case of > > root pointers. A concept of "slot accessor" is introduced to share the > > code between these two modes, and writing the slot (including write > > barriers) is abstracted into this accessor. > > > > Finally, the Code body walk is modified to deserialize all objects > > referred to by RelocInfos before doing the RelocInfo walk itself. This > > is because RelocInfoIterator uses raw pointers, so we cannot allocate > > during a RelocInfo walk. > > > > As a drive-by, the VariableRawData bytecode is tweaked to use tagged > > size rather than byte size -- the size is expected to be tagged-aligned > > anyway, so now we get an extra few bits in the size encoding. > > > > Bug: chromium:1075999 > > Change-Id: I672c42f553f2669888cc5e35d692c1b8ece1845e > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2404451 > > Commit-Queue: Leszek Swirski <leszeks@chromium.org> > > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#70229} > > Bug: chromium:1075999 > Change-Id: Ibc77cc48b3440b4a28b09746cfc47e50c340ce54 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440828 > Commit-Queue: Leszek Swirski <leszeks@chromium.org> > Auto-Submit: Leszek Swirski <leszeks@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/master@{#70267} TBR=ulan@chromium.org,jgruber@chromium.org,leszeks@chromium.org Change-Id: Ieed68332ef6a7ad36db061e3f48be0f28673d7a2 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:1075999 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2441608Reviewed-by: Zhi An Ng <zhin@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#70268}
-
Leszek Swirski authored
This is a reland of 5d7a29c9 This reland shuffles around the order of checks in Heap::AllocateRawWith to not check the new space addresses until it's known that this is a new space allocation. This fixes an UBSan failure during read-only space deserialization, which happens before the new space is initialized. It also fixes some issues discovered by --stress-snapshot, around serializing ThinStrings (which are now elided as part of serialization), handle counts (I bumped the maximum handle count in that check), and clearing map transitions (the map backpointer field needed a Smi uninitialized value check). Original change's description: > [serializer] Allocate during deserialization > > This patch removes the concept of reservations and a specialized > deserializer allocator, and instead makes the deserializer allocate > directly with the Heap's Allocate method. > > The major consequence of this is that the GC can now run during > deserialization, which means that: > > a) Deserialized objects are visible to the GC, and > b) Objects that the deserializer/deserialized objects point to can > move. > > Point a) is mostly not a problem due to previous work in making > deserialized objects "GC valid", i.e. making sure that they have a valid > size before any subsequent allocation/safepoint. We now additionally > have to initialize the allocated space with a valid tagged value -- this > is a magic Smi value to keep "uninitialized" checks simple. > > Point b) is solved by Handlifying the deserializer. This involves > changing any vectors of objects into vectors of Handles, and any object > keyed map into an IdentityMap (we can't use Handles as keys because > the object's address is no longer a stable hash). > > Back-references can no longer be direct chunk offsets, so instead the > deserializer stores a Handle to each deserialized object, and the > backreference is an index into this handle array. This encoding could > be optimized in the future with e.g. a second pass over the serialized > array which emits a different bytecode for objects that are and aren't > back-referenced. > > Additionally, the slot-walk over objects to initialize them can no > longer use absolute slot offsets, as again an object may move and its > slot address would become invalid. Now, slots are walked as relative > offsets to a Handle to the object, or as absolute slots for the case of > root pointers. A concept of "slot accessor" is introduced to share the > code between these two modes, and writing the slot (including write > barriers) is abstracted into this accessor. > > Finally, the Code body walk is modified to deserialize all objects > referred to by RelocInfos before doing the RelocInfo walk itself. This > is because RelocInfoIterator uses raw pointers, so we cannot allocate > during a RelocInfo walk. > > As a drive-by, the VariableRawData bytecode is tweaked to use tagged > size rather than byte size -- the size is expected to be tagged-aligned > anyway, so now we get an extra few bits in the size encoding. > > Bug: chromium:1075999 > Change-Id: I672c42f553f2669888cc5e35d692c1b8ece1845e > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2404451 > Commit-Queue: Leszek Swirski <leszeks@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Cr-Commit-Position: refs/heads/master@{#70229} Bug: chromium:1075999 Change-Id: Ibc77cc48b3440b4a28b09746cfc47e50c340ce54 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440828 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#70267}
-
Andrey Kosyakov authored
This adds support for injecting binding into contexts other than main based on the context name (AKA isolated world name in Blink terms). This would simplify a common use case for addBinding in Puppeteer and other automation tools that use addBinding to expose a back-channel for extension code running in an isolated world by making bindings available to such code at an early stage and in a race-free manner (currently, we can only inject a binding into specific context after the creation of the context has been reported to the client, which typically introduces a race with other evals the client may be running in the context). Change-Id: I66454954491a47a0c9aa4864f0aace4da2e67d3a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440984Reviewed-by: Simon Zünd <szuend@chromium.org> Reviewed-by: Pavel Feldman <pfeldman@chromium.org> Commit-Queue: Andrey Kosyakov <caseq@chromium.org> Cr-Commit-Position: refs/heads/master@{#70266}
-