- 13 May, 2021 9 commits
-
-
QiuJi authored
Port: d3d4a896 Bug: v8:11420 Change-Id: I995bb6f9e4f0d62d2e048fbae0d17747c301db4d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2894036 Commit-Queue: Brice Dobry <brice.dobry@futurewei.com> Reviewed-by:
Brice Dobry <brice.dobry@futurewei.com> Cr-Commit-Position: refs/heads/master@{#74555}
-
Liu Yu authored
OutputRegister does not always exist, so we add a TempRegister to store the comparison result. Change-Id: I47b2500c28be85a66cab1de669ed62401f878e1a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2885475 Auto-Submit: Liu yu <liuyu@loongson.cn> Reviewed-by:
Zhao Jiazhong <zhaojiazhong-hf@loongson.cn> Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn> Cr-Commit-Position: refs/heads/master@{#74554}
-
Wenyu Zhao authored
Change-Id: I16872f90a10702c3dcc8e556a8bc17fd63a0f858 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2881511Reviewed-by:
Clemens Backes <clemensb@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Wenyu Zhao <wenyu.zhao@anu.edu.au> Cr-Commit-Position: refs/heads/master@{#74553}
-
Liu Yu authored
Port: d3d4a896 Bug: v8:11420 Change-Id: I016981f83f347a1bafae9a72882b634a69b86c64 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2894002 Auto-Submit: Liu yu <liuyu@loongson.cn> Reviewed-by:
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/4e27ee8..80d2921 Rolling v8/buildtools: https://chromium.googlesource.com/chromium/src/buildtools/+log/e72cd45..9b15350 Rolling v8/third_party/aemu-linux-x64: pwjSs3IapHTvM0wB7z3723g8rjsQnCWikZJhQxtBetsC..KMQBSqcXw7u61OKLUonbaZeROpW1KXX9tM-8Klzxus8C Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/302ca09..52e67e7 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/b65bbfe..f5c054c Rolling v8/third_party/icu: https://chromium.googlesource.com/chromium/deps/icu/+log/cd9f9a9..f022e29 Rolling v8/third_party/zlib: https://chromium.googlesource.com/chromium/src/third_party/zlib/+log/618ddec..c830e4e Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/53a9334..06d525c Rolling v8/tools/luci-go: git_revision:37e5f238829f911f85b62d66670d2fbd88354ef1..git_revision:e03dc36a7374fdf2331886695fa8b13457e15b92 Rolling v8/tools/luci-go: git_revision:37e5f238829f911f85b62d66670d2fbd88354ef1..git_revision:e03dc36a7374fdf2331886695fa8b13457e15b92 Rolling v8/tools/luci-go: git_revision:37e5f238829f911f85b62d66670d2fbd88354ef1..git_revision:e03dc36a7374fdf2331886695fa8b13457e15b92 TBR=v8-waterfall-sheriff@grotations.appspotmail.com Change-Id: I0fc0fff630915f8fedea52785a54085a9cb7aafd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2892384Reviewed-by:
v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#74551}
-
Lu Yahan authored
In debug mode, these will currently cause a DCHECK failure or a segmentation fault. See also: https://github.com/riscv/v8/issues/490 Change-Id: I2a4b8e0c9b0fb85393b41b1016b2caa2f013bcc4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2881505 Commit-Queue: Yahan Lu <yahan@iscas.ac.cn> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#74550}
-
QiuJi authored
Bug: Change-Id: If5cb112f838e73bcec5e9971a12e1f88ab41e996 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2874399Reviewed-by:
-
Shu-yu Guo authored
This is a reland of 054ff044 Change since revert: - Remove assignment to FLAG_enable_short_builtins in test since it's write-once in CFI. Original change's description: > Reland^2 "[ptr-cage] Turn on shared pointer cage by default for arm64 and x64" > > This is a reland of 1f504c36 > > Changes since revert: > > - Removed disabling of RO heap sharing when --stress-snapshot is passed; > was fixed by f4a6c628 > - Fixed crashing tests that caused revert separately in > a61aa491 > > Original change's description: > > > [ptr-cage] Turn on shared pointer cage by default for arm64 and x64 > > > > > > Reviewed-on: > > https://chromium-review.googlesource.com/c/v8/v8/+/2873226 > > > Reviewed-by: Igor Sheludko <ishell@chromium.org> > > > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> > > > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> > > > Cr-Commit-Position: refs/heads/master@{#74422} > > > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2878855 > > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> > > Reviewed-by: Adam Klein <adamk@chromium.org> > > Reviewed-by: Igor Sheludko <ishell@chromium.org> > > Reviewed-by: Dan Elphick <delphick@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#74448} > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891460 > Reviewed-by: Adam Klein <adamk@chromium.org> > Commit-Queue: Shu-yu Guo <syg@chromium.org> > Cr-Commit-Position: refs/heads/master@{#74546} TBR=adamk@chromium.org Bug: v8:11460 Change-Id: Ib7526270d421a562cb00aec9a28b4fc2296e4a86 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2893567Reviewed-by:
Shu-yu Guo <syg@chromium.org> Reviewed-by:
Adam Klein <adamk@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/master@{#74548}
-
Bill Budge authored
This reverts commit 054ff044. Reason for revert: Breaks Arm64 build: https://ci.chromium.org/p/v8/builders/ci/V8%20Android%20Arm64%20-%20debug%20builder/18683 Original change's description: > Reland^2 "[ptr-cage] Turn on shared pointer cage by default for arm64 and x64" > > This is a reland of 1f504c36 > > Changes since revert: > > - Removed disabling of RO heap sharing when --stress-snapshot is passed; > was fixed by f4a6c628 > - Fixed crashing tests that caused revert separately in > a61aa491 > > Original change's description: > > > [ptr-cage] Turn on shared pointer cage by default for arm64 and x64 > > > > > > Reviewed-on: > > https://chromium-review.googlesource.com/c/v8/v8/+/2873226 > > > Reviewed-by: Igor Sheludko <ishell@chromium.org> > > > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> > > > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> > > > Cr-Commit-Position: refs/heads/master@{#74422} > > > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2878855 > > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> > > Reviewed-by: Adam Klein <adamk@chromium.org> > > Reviewed-by: Igor Sheludko <ishell@chromium.org> > > Reviewed-by: Dan Elphick <delphick@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#74448} > > Bug: v8:11460 > Change-Id: I4e491574437f4c832e24b29815de6bdfd8975511 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891460 > Reviewed-by: Adam Klein <adamk@chromium.org> > Commit-Queue: Shu-yu Guo <syg@chromium.org> > Cr-Commit-Position: refs/heads/master@{#74546} Bug: v8:11460 Change-Id: I772afcd100d3d92b7e3f5f060c670a5686c9a338 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2892843 Auto-Submit: Bill Budge <bbudge@chromium.org> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#74547}
-
- 12 May, 2021 31 commits
-
-
Shu-yu Guo authored
This is a reland of 1f504c36 Changes since revert: - Removed disabling of RO heap sharing when --stress-snapshot is passed; was fixed by f4a6c628 - Fixed crashing tests that caused revert separately in a61aa491 Original change's description: > > [ptr-cage] Turn on shared pointer cage by default for arm64 and x64 > > > > Reviewed-on: > https://chromium-review.googlesource.com/c/v8/v8/+/2873226 > > Reviewed-by: Igor Sheludko <ishell@chromium.org> > > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> > > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#74422} > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2878855 > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> > Reviewed-by: Adam Klein <adamk@chromium.org> > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Reviewed-by: Dan Elphick <delphick@chromium.org> > Cr-Commit-Position: refs/heads/master@{#74448} Bug: v8:11460 Change-Id: I4e491574437f4c832e24b29815de6bdfd8975511 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891460Reviewed-by:
-
Ng Zhi An authored
This is a reland of 3356078a. The fix is in PS2: - fix the DCHECK to be triggered only if dst != src, the dcheck is meant to prevent rep from being overwritten, which happens only if dst != src - fix instruction selector for f64x2.replace_lane, require SameAsFirst only for non-AVX, which makes dst == src, saving a move - on x64 we also require all registers, since the macro-assembler helper only handles registers Original change's description: > [wasm-simd][x64][ia32] Factor f64x2.replace_lane into shared code > > This pblendw/movlhps combination has lower latency and requires less > unop than pinsrq (1 v.s. 2). > > Bug: v8:11589 > Change-Id: I770b0c20a286774afefbac5ef0adffe463318f21 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2828871 > Reviewed-by: Bill Budge <bbudge@chromium.org> > Commit-Queue: Zhi An Ng <zhin@chromium.org> > Cr-Commit-Position: refs/heads/master@{#74049} Bug: v8:11589 Change-Id: I51cba0539d5241242dc4d7d971ede1940b9ac1fd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2842264 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by:
Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#74545}
-
Junliang Yan authored
Change-Id: I0c763d15f584f3b6d71f034412f736087824a2a6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2892605Reviewed-by:
Milad Fa <mfarazma@redhat.com> Commit-Queue: Junliang Yan <junyan@redhat.com> Cr-Commit-Position: refs/heads/master@{#74544}
-
QiuJi authored
Also handling kArchStackPointerGreaterThan in AssembleArchBoolean Change-Id: I253c1a6cb924364eead3b9fe58c7cf7d6f0696af Bug: v8:11737 Bug: v8:11747 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2876854Reviewed-by:
-
Junliang Yan authored
Change-Id: I8b7c63ce7438f7a7015ebd4a8d96a976f7d28704 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2892604Reviewed-by:
-
Milad Fa authored
Change-Id: I6e72c56bb71d0d227b5556139dc687a78da6fb31 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2892257Reviewed-by:
Junliang Yan <junyan@redhat.com> Commit-Queue: Milad Fa <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/master@{#74541}
-
Bill Budge authored
This reverts commit 4f4b4f74. Reason for revert: New unittest is failing on TSAN bot: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20stress-incremental-marking/3210 Original change's description: > cppgc-js: Add unittest for CollectCustomSpaceStatisticsAtLastGC > > Drive-by: fix delayed task implementation in cpp-heap.cc. > > Bug: chromium:1056170 > Change-Id: Ie92d909056532047b378ebfafeb98273997e60e9 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2883618 > Commit-Queue: Omer Katz <omerkatz@chromium.org> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Cr-Commit-Position: refs/heads/master@{#74530} Bug: chromium:1056170 Change-Id: I7e50f20178854081b6fd23aa6d31afc4b9e49850 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891462 Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Commit-Queue: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#74540}
-
Michael Lippautz authored
This CL only affects non-production code. In non-production code, test runners may invoke tasks (base::RunLoop()) with an interesting stack. V8 assumes that it can clear certain data structures when running from a non-nested task due to not having any interesting stack on top. During testing this can lead to UAF on stack as data structures are prematurely cleared. With cppgc this failure can be fixed as the information on whether test runners invoke tasks with a non-trivial stack is actually present. Example failure: https://logs.chromium.org/logs/chromium/buildbucket/cr-buildbucket.appspot.com/8847453411432681120/+/steps/webkit_unit_tests__with_patch__on_Ubuntu-18.04/0/logs/Flaky_failure:_WebSocketStreamTest.ConnectWithFailedHandshake__status_CRASH_SUCCESS_/0 Change-Id: Ib9f6fb2d8a1aa43d0b973afeb2d0a740c769e784 Bug: chromium:1056170 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891574Reviewed-by:
Omer Katz <omerkatz@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#74539}
-
Omer Katz authored
Replaces Payload* terminiology with Object* terminology. HoH::ObjectSize = just the object, without the header. HoH::AllocatedSize = both the object and the header. Payload terminology is retained only for pages. Bug: chromium:1056170 Change-Id: I568a324ae8728f098be642b024493c375ec873cb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2892079 Commit-Queue: Omer Katz <omerkatz@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#74538}
-
Michael Lippautz authored
We would use a payload size of 0 and end up walking up the stack till we crash. Bug: chromium:1056170 Change-Id: I12a69ada24697faaf05e2f4ab210045d54cf34e5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891657Reviewed-by:
-
Milad Fa authored
As mentioned in this CL https://crrev.com/c/2510070, PPC_OWNERS file is the only necessary file applied to all *-ppc* files. Change-Id: I2052186660c6d186e3ead3e8e127a9129814377f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2892602Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Milad Fa <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/master@{#74536}
-
Shu-yu Guo authored
If a shared CodeRange is already allocated when creating an Isolate in jitless mode, the CodeRange will be used. This is to better support the following use pattern: ``` FLAG_jitless = false; v8::Isolate::New(); FLAG_jitless = true; v8::Isolate::New(); ``` Note that the other direction of toggling jitless from true to false is unsupported and may have undefined behavior. Bug: v8:11460 Change-Id: I1c451c53bc160be4122056d8b309323a94d4b8b6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2890591 Commit-Queue: Shu-yu Guo <syg@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#74535}
-
Shu-yu Guo authored
The previous fix resolved the register conflict in favor of moving kInterpreterBytecodeArrayRegister instead of kSpeculationPoisonRegister, which regressed interpreter performance. This CL resolves the conflict in favor of moving kSpeculationPoisonRegister. Bug: v8:11726 Change-Id: I1975c386c758144d6ade12101957ab03ce7aa4c3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2886660Reviewed-by:
-
Clemens Backes authored
I found no way to speed up the (relaxed) atomic accesses, so the only way to get back the original performance is having a separate path for the non-shared case. R=ulan@chromium.org Bug: v8:11704, chromium:1206552, chromium:1207351 Change-Id: I2ea0ecf07583dfe24f4085533491a1d5709c9ffb Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2878750Reviewed-by:
-
Michael Lippautz authored
Reporting to V8 may trigger GCs and thus also synchronously invoke callbacks. Since such callbacks may allocate they can add to allocated bytes. If the counter is reset after the call to the GC, then those bytes are not properly recorded anywhere and can trigger an underflow in case they are explicitly freed later on. Bug: chromium:1056170 Change-Id: Id384eaeffa129e5b75f6ca16d43eb1c89e0fffec Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891838Reviewed-by:
-
Georg Neis authored
This can be reverted once TryMakeRef checks the heap predicate. I'm not reverting the previous CL because newer changes already depend on it. Tbr: jgruber@chromium.org Bug: v8:11765, v8:7790 Change-Id: Iacc6a78a70fe6f40c9421258889c2175fb400b04 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891579Reviewed-by:
Georg Neis <neis@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Auto-Submit: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#74531}
-
Omer Katz authored
Drive-by: fix delayed task implementation in cpp-heap.cc. Bug: chromium:1056170 Change-Id: Ie92d909056532047b378ebfafeb98273997e60e9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2883618 Commit-Queue: Omer Katz <omerkatz@chromium.org> Reviewed-by:
-
Shu-yu Guo authored
Rel/acq is needed to guarantee the memcpy for re-embedding builtins should be visible to all threads once embedded_blob_code_copy_ is observed to have the address of the copy. Bug: v8:11460 Change-Id: I68d0c532b7c7bba3d2cafeb0ff83533a67a1447d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2890590Reviewed-by:
-
Milad Fa authored
It's a leftover from this change: https://crrev.com/c/2486225 Change-Id: Iec7891438a6a96a374299fb488f3231c63396e42 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2892252Reviewed-by:
-
Manos Koukoutos authored
Loop unrolling did not work properly with floating control. Seeing as very few spots in the wasm compiler introduced floating control, we decided to disallow it altogether. Changes: - When lowering 64-bit rol/ror/clz/ctz in 32-bit platforms, we use a diamond operator, which used to introduce floating control. This CL adds a control edge to these operators so that the diamond can be chained to that control instead. - During loop analysis, as an additional safety check, we check that the explored loop does not have floating control. Exceptionally, floating control pointing directly do start() is allowed. - Change wasm-compiler so that generated floating projections point to start() even after stack check patch-in. Bug: chromium:1184929, v8:11298 Change-Id: I1ee063f5250037ae6c84d2f16b0bd8fff3923117 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2876851Reviewed-by:
Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/master@{#74527}
-
Dan Clark authored
The callback IsolateData::ModuleResolveCallback, used by the fuzzer, can return an empty MaybeLocal. In this case v8::internal::SourceTextModule::PrepareInstantiate expects it to have thrown an exception, and DCHECKs. The fuzzer can hit this case because it doesn't load the entire module graph before starting to tell V8 to instantiate modules. So if a module fails to compile or load, another module trying to import it will hit this DCHECK because we didn't bail out prior to module instantiation like we should have. This doesn't happen in Chromium because Blink loads the entire module graph before trying to instantiate/link modules, ensuring that the 'real' ModuleRecord::ResolveModuleCallback never fails; indeed this is mandated by the spec (see https://html.spec.whatwg.org/#fetch-the-descendants-of-and-link-a-module-script). To satisfy the fuzzer, this change makes IsolateData::ModuleResolveCallback throw if it can't find the module. Note, the bug's testcase doesn't involve import assertions. I don't think this issue is new with my change https://chromium.googlesource.com/v8/v8/+/9d72d08a8c74d48eed53f742aebd56a5076cb8dd but maybe that changed the crash stack or something in a way that caused the issue to be reported. Bug: chromium:1207078 Change-Id: I1fbc80faa099e040cdc489c965a5f2f5daafb38e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2890589Reviewed-by:
Marja Hölttä <marja@chromium.org> Commit-Queue: Dan Clark <daniec@microsoft.com> Cr-Commit-Position: refs/heads/master@{#74526}
-
Victor Gomes authored
Bug: chromium:1206453 Change-Id: I808c8dd332e92835328e51515c4da812d3a3528c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891830 Commit-Queue: Victor Gomes <victorgomes@chromium.org> Auto-Submit: Victor Gomes <victorgomes@chromium.org> Reviewed-by:
Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#74525}
-
Jakob Gruber authored
Reads from the compiler thread require either 1. the last write to happen before the compiler thread starts, or 2. acquire-release semantics. For simplicity, this CL converts all NativeContext field writes to be acq-rel. With the usual exception of writes from generated code (these are limited for NativeContexts though). The situation of context sets/gets is still somewhat complex: - Context::get/set are relaxed (but don't use the corresponding tag) - Context::get(.., kAcquireLoad) and Context::set(.., kReleaseStore) are acquire-release. - Context::set_foo (defined for all native context fields) uses kReleaseStore underneath. - Context::get_foo (defined for all native context fields) uses the default relaxed getter. The get_foo(kAcquireLoad) variant uses the acquire getter. - NativeContext hides the default relaxed setter since all NativeContext sets should be acq-rel. Ideally (future work), this should be simplified and made more explicit. For example, get/set_foo could move to the NativeContext class, and we could reevaluate whether we really need both relaxed and acq-rel semantics (the pairing non-atomic/acq-rel feels more natural lets tsan find concurrency issues). Bug: v8:7790 Change-Id: I25efd37ece758da5a11dc11c6ae913e4975f4d20 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891575Reviewed-by:
-
Benedikt Meurer authored
The HeapProfiler.startSampling method accepts a samplingInterval parameter, which is assumed to be a positive (non-zero) number, but doesn't validate the input (the renderer process just crashes hard on a CHECK instead). Fixed: chromium:1197392 Change-Id: Ib8e34f4b9881cd195214791ca0a3892e7b49bf55 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891573 Auto-Submit: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Kim-Anh Tran <kimanh@chromium.org> Reviewed-by:
Kim-Anh Tran <kimanh@chromium.org> Cr-Commit-Position: refs/heads/master@{#74523}
-
Andreas Haas authored
R=victorgomes@chromium.org Bug: v8:11384 Change-Id: I0d93340c3b58f249f61ef612192222f8bc7df337 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891649Reviewed-by:
Victor Gomes <victorgomes@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#74522}
-
Georg Neis authored
Also delete undefined ContextRef methods and make Context::set_previous private (it is only used when creating a new context). Bug: v8:7790 Change-Id: I25a701f317f0f4e82432f7537eec1d63c5ef63f4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2886860 Auto-Submit: Georg Neis <neis@chromium.org> Reviewed-by:
Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#74521}
-
Omer Katz authored
Marking on allocation was missing the top level scope. Also adding a dedicated scope for on allocation to more clearly distinguish it in traces. Bug: chromium:1056170 Change-Id: I1b7d80c9f171f81988826de0174ef5b00d6f1d34 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891572 Commit-Queue: Omer Katz <omerkatz@chromium.org> Auto-Submit: Omer Katz <omerkatz@chromium.org> Reviewed-by:
-
Maya Lekova authored
This CL enhances the fast C API in a way to allow passing the receiver to the fast callback as Local<Object> instead of Local<Value>. It also fixes documentation comments. Bug: chromium:1052746 Change-Id: I424aa83023c2e6633b9df08ee040bf170db32b3d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2887510 Commit-Queue: Maya Lekova <mslekova@chromium.org> Reviewed-by:
-
Santiago Aboy Solanes authored
We just asked if saves_fp was different than 0 two lines above. Change-Id: I8cca5206041d3436ac7b2d619ab82f5955e99aaf Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2888285 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Auto-Submit: Santiago Aboy Solanes <solanes@chromium.org> Reviewed-by:
-
Benedikt Meurer authored
The WebAssembly specification requires the "name" property of (exported) function wrappers to hold the index of the function within the module, and the default ToString algorithm for Function instances thus generates something along the lines of `function 42() { [native code] }`, which is technically correct, but not very useful to developers to diagnose (humans don't think of functions in a module in terms of their indices). With this CL, we change the description returned for Wasm (exported) functions to use the debug name of the Wasm function instead. Screenshot: https://imgur.com/a/FVPeXDU.png Doc: http://bit.ly/devtools-wasm-entities Fixed: chromium:1206620 Bug: chromium:1164241 Change-Id: I096abc287ea077556c13c71f8d71f64452ab4831 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891570 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Auto-Submit: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: -
Benedikt Meurer authored
Drive-by-fix: Remove command line API fn.toString() override, which was still in place from the early days when much of the inspector was implemented in JavaScript. Fixed: chromium:1207867 Bug: chromium:1206620 Change-Id: I8429f109da5f021f729f184fd824160a24e60897 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2887508 Auto-Submit: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by:
Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#74516}
-
