- 17 May, 2022 16 commits
-
-
Manos Koukoutos authored
Loading from/storing to the same field with incompatible mutabilities is possible in unreachable code, specifically when a value is cast to two different types with incompatible mutability for the same field offset. Therefore, we allow this pattern in CsaLoadElimination. When we detect it, we emit an Unreachable node to immediately crash the program in case this unreachable code is somehow executed. Bug: v8:7748, v8:12874 Change-Id: Ieb359d3e1b9f7bc4a91c556af2bba0507526d20e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644806 Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/main@{#80587}
-
Nikolaos Papaspyrou authored
This CL removes GCTracer::AssertMainThread and adds the more general methods Heap::IsMainThread and Heap::IsSharedMainThread, to be used in DCHECKs and elsewhere. It also introduces some const qualifiers. Bug: v8:12425 Change-Id: Ibdec39ce77be704598ca0c8b440005dc27bd6997 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3650600Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/main@{#80586}
-
Liu Yu authored
Change-Id: I5144d8315b5c1aca751d138e4d87240b703dc9e3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3650359 Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn> Auto-Submit: Yu Liu <liuyu@loongson.cn> Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn> Cr-Commit-Position: refs/heads/main@{#80585}
-
Andy Wingo authored
Bug: v8:12868 Change-Id: I955155db468b2ecd86fa6c5a73c616b0e4c66446 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644949Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Andy Wingo <wingo@igalia.com> Cr-Commit-Position: refs/heads/main@{#80584}
-
Marja Hölttä authored
Bug: v8:11111, chromium:1321013 Change-Id: Iec45b885e844ab02059470dd514f47133b0a6efe Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3650596Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Shu-yu Guo <syg@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/main@{#80583}
-
Solomon Kinard authored
Change-Id: I3d3b1f0b86714e0d654ed18c055d394002dbec2c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3650832 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#80582}
-
jameslahm authored
This Cl moves cctest/libsampler/{test-sampler, test-signals-and-mutexes} to unittests/libsampler/{sampler-unittest, signals-and-mutexes-unittest}. Bug: v8:12781 Change-Id: I106e709a66d00d23df76c6868d0843dd0ac1887e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3612666 Commit-Queue: 王澳 <wangao.james@bytedance.com> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#80581}
-
Andy Wingo authored
Bug: v8:12868 Change-Id: Ib4540352c7db4b4bdbf88b559da44b08e71dd483 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3650603Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Andy Wingo <wingo@igalia.com> Cr-Commit-Position: refs/heads/main@{#80580}
-
jameslahm authored
... /objects/roots-unittest. Bug: v8:12781 Change-Id: Id76a0e1ffaea18849866fa0f55c9a056dbdf6e2b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3612670 Commit-Queue: 王澳 <wangao.james@bytedance.com> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#80579}
-
Leszek Swirski authored
Add lazy deopts for generic operations (binops, loads, stores). Bug: v8:7700 Change-Id: I6f9abba5c57cd3d271552080927199e9dbd92322 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644799Reviewed-by: Toon Verwaest <verwaest@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#80578}
-
jameslahm authored
... api/accessor-unittest.cc. - Add IsInt32, IsString, IsUndefined matcher in testing/gmock-support.h. Bug: v8:12781 Change-Id: I764491d7643e35fb8bc1621e857873aa24f64ccd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3593573Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: 王澳 <wangao.james@bytedance.com> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#80577}
-
Marja Hölttä authored
This reverts commit 24286b8e. Reason for revert: Re-staging the experimental flag for fuzzing Original change's description: > Revert "[rab/gsab] Temporarily stage --harmony-rab-gsab to enable fuzzing" > > This reverts commit b8f88be0. > > Reason: disabling an experimental feature in release branch > > Bug: v8:11111,v8:12870 > Change-Id: I6fbd6bdb318c0d25e69c04db208a0d5f2b9ebbd7 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647357 > Auto-Submit: Marja Hölttä <marja@chromium.org> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> > Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> > Cr-Commit-Position: refs/heads/main@{#80520} Bug: v8:11111,v8:12870 Change-Id: I0a45ed5ce53010196949dda23773d152aa605846 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647836 Commit-Queue: Marja Hölttä <marja@chromium.org> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#80576}
-
Patrick Thier authored
With the flag --always-use-string-forwarding-table (only used for testing), we can have young generation strings in the StringForwardingTable. We need to update references to these strings when they are evacuated during mark compact (previously this was only done after scavenge). Bug: v8:12877, v8:12007 Change-Id: Ie108add176f71dcdf296bd94bdffa664cb75ae02 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3650719Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Patrick Thier <pthier@chromium.org> Cr-Commit-Position: refs/heads/main@{#80575}
-
Liu Yu authored
Port commit d2a8bdec Bug: v8:12284 Change-Id: Ia011008d1e7695601fce78d60018e473079e9d0f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3650332 Auto-Submit: Yu Liu <liuyu@loongson.cn> Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn> Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn> Cr-Commit-Position: refs/heads/main@{#80574}
-
Lu Yahan authored
Port commit d2a8bdec Bug: v8:12284 Change-Id: I8ec0c2270d85d8068823e241e1c326aa90caad8c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3651507 Auto-Submit: Yahan Lu <yahan@iscas.ac.cn> Commit-Queue: Yahan Lu <yahan@iscas.ac.cn> Commit-Queue: ji qiu <qiuji@iscas.ac.cn> Reviewed-by: ji qiu <qiuji@iscas.ac.cn> Cr-Commit-Position: refs/heads/main@{#80573}
-
jameslahm authored
... ,test-fast-dtoa, test-fixed-dtoa} to unittests/base/ {bignum-dtoa-unittest, dtoa-unittest, fast-dtoa-unittest, fixed-dtoa-unittest}. This CL also moves cctest/{gay-fixed, gay-precision, gay-shortest} to unittest/{gay-fixed, gay-precision, gay-shortest}. Bug: v8:12781 Change-Id: Id6072f92908ad3abfe683c69dac041227de2553f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3607114 Commit-Queue: 王澳 <wangao.james@bytedance.com> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#80572}
-
- 16 May, 2022 24 commits
-
-
Anton Bikineev authored
1) In copy/move ctors and operator=() we can just copy raw compressed value; 2) For null check we don't need to decompress the value; 3) Same for operator==(). 4) Hashing can also be optimized in a followup. Bug: chromium:1325007 Change-Id: Ic1bf2c5049802c078b3e0121dcbe62d9ecea83b3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647359Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Anton Bikineev <bikineev@chromium.org> Cr-Commit-Position: refs/heads/main@{#80571}
-
Milad Fa authored
Port d2a8bdec R=gdeepti@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com BUG= LOG=N Change-Id: I5fceb4b75529e2f24762630b4091332c56461e07 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3650606 Commit-Queue: Milad Farazmand <mfarazma@redhat.com> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Cr-Commit-Position: refs/heads/main@{#80570}
-
Solomon Kinard authored
Change-Id: Ib8ca0c771b50b712e5fd6acb470213235f69a99b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3650833Reviewed-by: Adam Klein <adamk@chromium.org> Commit-Queue: Solomon Kinard <solomonkinard@chromium.org> Cr-Commit-Position: refs/heads/main@{#80569}
-
Deepti Gandluri authored
Bug: v8:12284 Change-Id: I75d550e0cec4a4cf68296f3634329a7d97ae99fb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3646076Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Commit-Queue: Deepti Gandluri <gdeepti@chromium.org> Cr-Commit-Position: refs/heads/main@{#80568}
-
Issack John authored
Part of the improve error messages initiative. Based on a resource of JSON.parse() errors found at https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Errors/JSON_bad_parse Previously JSON.parse(NaN) would output: SyntaxError: Unexpected token N in JSON at position 0 Now the output is: SyntaxError: "NaN" is not valid JSON Previously JSON.parse("{a:1}") would output: SyntaxError: Unexpected token a in JSON at position 1 Now the output is: SyntaxError: Expected property name or '}' in JSON at position 1 Bug: v8:6551 Change-Id: Ic9fad1fdbd295e1302805b81e6603fc526121960 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3513684Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Issack John <issackjohn@microsoft.com> Cr-Commit-Position: refs/heads/main@{#80567}
-
Michael Lippautz authored
The check whether worklists are empty sits after marking the transitive closure, when it is guaranteed that no concurrent marker is running anymore. Bug: chromium:1325628 Change-Id: Ibfa7278df2181a0aa6c7e0f1d53d51e8afaa3352 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647830 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/main@{#80566}
-
Clemens Backes authored
This adds a new struct "OOMDetails" which is passed to the OOMErrorCallback. It currently holds the "is_heap_oom" bool that was also passed before, plus an optional "detail" string. The struct can later be extended without having to change the signature of the OOMErrorCallback. Removing fields will have to follow the standard deprecation rules, but this is also easily possible without the hassle for this initial change. We modify the deprecated OOMErrorCallback definition and un-deprecate it, which can be seen as removing a deprecated API and adding a new one in one CL. R=mlippautz@chromium.org, jkummerow@chromium.org Bug: chromium:1323177 Change-Id: Ic4c2cb5856906ebd664626fe463d8e96cb99b0a5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647827Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/main@{#80565}
-
Igor Sheludko authored
Return empty optional instead of optional with empty Map on failure. Bug: v8:7790, chromium:1323119 Change-Id: I1e6e9e2361d12d0f8d106a7929221d3116d0d547 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3650715 Auto-Submit: Igor Sheludko <ishell@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/main@{#80564}
-
Omer Katz authored
This includes: 1) Inline UncommintFromSpace into Shrink (always called together) 2) Replace ZapFromSpace with virtual ZapUnusedMemory 3) Replace EnsureFromSpaceIsCommited with virtual Prologue Bug: v8:12612 Change-Id: I934479761c877e10734f54e6d5896a4741b92ef7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3650738Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/main@{#80563}
-
Nikolaos Papaspyrou authored
Mostly in comments, not much to be said... Bug: v8:12425 Change-Id: Ib1e4d3913f9b91eeafefbef13330fd1388223c06 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3650597 Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#80562}
-
Omer Katz authored
Calls to Flip and ResetLinearAllocationArea of SemiSpaceNewSpace are (almost) always called together, and always at the start of evacuation. Introducing NewSpace::EvacuatePrologue, allows removing these methods from SemiSpaceNewSpace public interface and reduces future branches between the semi space and paged new space cases. Bug: v8:12612 Change-Id: Ic589a48c1e7751631603da757f4f5f7edb69e571 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3650599Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/main@{#80561}
-
Jakob Kummerow authored
This fixes a flaky crash when running with --turbo-stats or --turbo-stats-wasm. With dynamic tiering, it can happen that a compilation job is started shortly before the program/test/benchmark terminates and the main thread goes through its teardown sequence. When such a late job finishes, it still wants to report its statistics, which currently crashes due to UAF if the CompilationStats object, which is owned by the main thread, has already been deleted. Change-Id: Ie25a97299fdf40ece8f286487063feadcfa2eea9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3645410 Auto-Submit: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/main@{#80560}
-
Toon Verwaest authored
Otherwise opening a HandleScope nested in a SHS also wouldn't allow PHS. This currently happens in maglev.. Bug: v8:7700 Change-Id: Id279cf7ad8c83f68a3ba0050a0df718892636e9f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3650601Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/main@{#80559}
-
Jakob Kummerow authored
This patch adds a side table to the MachineGraph that stores the previously observed call count for the Call nodes used for Wasm direct calls. This replaces a more convoluted system that accessed processed feedback during compilation, keyed on source position. Bug: v8:12166 Change-Id: I06109918030b8f256c5f170da5853394c1a69cc2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644803Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/main@{#80558}
-
jameslahm authored
... /objects/representation-unittest. Bug: v8:12781 Change-Id: I3ae39df619ac6920c5ff722ed481bed20b5a5c6d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3612669 Commit-Queue: 王澳 <wangao.james@bytedance.com> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#80557}
-
jameslahm authored
... /base/double-unittest. Bug: v8:12781 Change-Id: I13817728735a53fbc28a4e2d1babdcbd9bbf419d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3607113 Commit-Queue: 王澳 <wangao.james@bytedance.com> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#80556}
-
Dominik Inführ authored
Record old-to-shared references in the C++ write barrier. When an old-to-shared reference is created, this particular slot will be atomically inserted into the old-to-new remembered set. We already stopped clearing the old-to-new-remembered set after a shared GC, so we already need to be able to handle such slots when invalidating objects and in the sweeper. Bug: v8:11708 Change-Id: I1b5854d58f6496228f3a3d9eb7acfd9492f09e68 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3557232Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/main@{#80555}
-
Clemens Backes authored
This uses a SparseBitVector instead of a BitVector for storing sets of blocks. As we only use the mid-tier register allocator for huge functions, this should generally be a win in both compile time and memory usage. R=mslekova@chromium.org Bug: chromium:1313379, v8:12780 Change-Id: Icf5b50c62f1c5fd69877cd54833d9dea8d1c37e1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3634781Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#80554}
-
jameslahm authored
... /objects/elements-kind-unittest. Bug: v8:12781 Change-Id: I335cec050faf584652a43041437ec0a14539cf1e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3607115Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: 王澳 <wangao.james@bytedance.com> Cr-Commit-Position: refs/heads/main@{#80553}
-
Milad Fa authored
Port 1fcfc6a6 Original Commit Message: Read only a single byte of FLAG_trace_osr in assembly builtin code to make asan happy in the simulator. R=cbruni@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com BUG= LOG=N Change-Id: I29d21bfb79999e5e73ca546368bdf812a2353eef Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3648167Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Milad Farazmand <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/main@{#80552}
-
Milad Fa authored
A few of LogTests have been crashing intermittently after they were moved to unittests in this CL: https://crrev.com/c/3616424 Will re-enable once issue is investigated. Change-Id: I53435596274c935c028a625b610c54eadda9d1de Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647092Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Milad Farazmand <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/main@{#80551}
-
Tobias Tebbi authored
This is a follow-up to https://chromium-review.googlesource.com/c/v8/v8/+/3630081 Bug: chromium:1323114 Change-Id: Ie6e3cbdecf370c5fdf9544c2f47f7b4f8f27bd70 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647826Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Auto-Submit: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/main@{#80550}
-
Omer Katz authored
SpaceWithLinearArea will holds a ref to a struct containing original_top_ and original_limit_ as well the lock used to sync them for querying IsPendingAllocation. PagedSpace is split into PagedSpaceBase (that holds all funcitonality) and PagedSpace. The actual fields are owned by PagedSpace and NewSpace. This is done in preparation for PagedNewSpace to allow PagedSpaceiBase and NewSpace to share the same original_top_ and original_limit_ fields. Bug: v8:12612 Change-Id: Iefbbd5209c5553db4ee16cb261734e6479e0f23f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644795 Commit-Queue: Omer Katz <omerkatz@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#80549}
-
Jakob Kummerow authored
The LookupIterator only handles JSReceivers, so special-case oddballs. Change-Id: I03d2875124775390c9b928fb7cfe4d938213b5d0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3645409 Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Auto-Submit: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/main@{#80548}
-