- 14 Nov, 2019 1 commit
-
-
Igor Sheludko authored
Bug: v8:4153, chromium:1024099 Change-Id: Ia7a53c710ad2e2abcfa6fbc4ea1b2229b8690308 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1914564 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#64969}
-
- 06 Nov, 2019 1 commit
-
-
Igor Sheludko authored
... in an uintptr friendly way. Drive-by-fix: 1) IsForceSlowPath() check is integrated into Cast<FastJSArray> 2) disable tests incompatible with --force-slow-path in "slow_path" variant Bug: v8:8906, v8:4153 Change-Id: I427f117073bc295120aa52fb3fe023ee04d58302 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1899988 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#64799}
-
- 09 Sep, 2019 1 commit
-
-
Ulan Degenbaev authored
This reverts commit 9da34831 Original change's description: > "Reland x4 [arraybuffer] Rearchitect backing store ownership" > > This is a reland of bc33f5ae > > Contributed by titzer@chromium.org > > Original change's description: > > [arraybuffer] Rearchitect backing store ownership > > > > This CL completely rearchitects the ownership of array buffer backing stores, > > consolidating ownership into a {BackingStore} C++ object that is tracked > > throughout V8 using unique_ptr and shared_ptr where appropriate. > > > > Overall, lifetime management is simpler and more explicit. The numerous > > ways that array buffers were initialized have been streamlined to one > > Attach() method on JSArrayBuffer. The array buffer tracker in the > > GC implementation now manages std::shared_ptr<BackingStore> pointers, > > and the construction and destruction of the BackingStore object itself > > handles the underlying page or embedder-allocated memory. > > > > The embedder API remains unchanged for now. We use the > > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to > > keep the backing store alive properly, even in the case of aliases > > from live heap objects. Thus the embedder has a lower chance of making > > a mistake. Long-term, we should move the embedder to a model where they > > manage backing stores using shared_ptr to an opaque backing store object. > > TBR=yangguo@chromium.org > > BUG=v8:9380,v8:9221,chromium:986318 > > Change-Id: If671a4a9ca0476e8f084efae46e0d2bf99ed99ef > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1731005 > Commit-Queue: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Clemens Hammacher <clemensh@chromium.org> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63041} TBR=yangguo@chromium.org Change-Id: I3cc4bb80081c662b1751234bc16a821c20e744be Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1792166 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#63617}
-
- 30 Aug, 2019 1 commit
-
-
Ulan Degenbaev authored
This reverts commit 62e16830. Reason for revert: it will be relanded after branch Original change's description: > Reland x5 [arraybuffer] Rearchitect backing store ownership > > This reverts commit 8fdb2387. > > Original change's description: > > "Reland x4 [arraybuffer] Rearchitect backing store ownership" > > > > This is a reland of bc33f5ae > > > > Contributed by titzer@chromium.org > > > > Original change's description: > > > [arraybuffer] Rearchitect backing store ownership > > > > > > This CL completely rearchitects the ownership of array buffer backing stores, > > > consolidating ownership into a {BackingStore} C++ object that is tracked > > > throughout V8 using unique_ptr and shared_ptr where appropriate. > > > > > > Overall, lifetime management is simpler and more explicit. The numerous > > > ways that array buffers were initialized have been streamlined to one > > > Attach() method on JSArrayBuffer. The array buffer tracker in the > > > GC implementation now manages std::shared_ptr<BackingStore> pointers, > > > and the construction and destruction of the BackingStore object itself > > > handles the underlying page or embedder-allocated memory. > > > > > > The embedder API remains unchanged for now. We use the > > > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to > > > keep the backing store alive properly, even in the case of aliases > > > from live heap objects. Thus the embedder has a lower chance of making > > > a mistake. Long-term, we should move the embedder to a model where they > > > manage backing stores using shared_ptr to an opaque backing store object. > > > > TBR=yangguo@chromium.org > > > > BUG=v8:9380,v8:9221,chromium:986318 > > > > Change-Id: If671a4a9ca0476e8f084efae46e0d2bf99ed99ef > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1731005 > > Commit-Queue: Ulan Degenbaev <ulan@chromium.org> > > Reviewed-by: Clemens Hammacher <clemensh@chromium.org> > > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#63041} > > TBR=yangguo@chromium.org,clemensh@chromium.org,mstarzinger@chromium.org > > Change-Id: Iba55c7ab71e5642b5cb6aeb699d6fc9cf9061486 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1771795 > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Commit-Queue: Ulan Degenbaev <ulan@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63461} TBR=ulan@chromium.org,mlippautz@chromium.org Change-Id: Id8f67a68ab398032eb2975b1b24ee125394d9c4b No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1776095Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#63471}
-
- 29 Aug, 2019 1 commit
-
-
Ulan Degenbaev authored
This reverts commit 8fdb2387. Original change's description: > "Reland x4 [arraybuffer] Rearchitect backing store ownership" > > This is a reland of bc33f5ae > > Contributed by titzer@chromium.org > > Original change's description: > > [arraybuffer] Rearchitect backing store ownership > > > > This CL completely rearchitects the ownership of array buffer backing stores, > > consolidating ownership into a {BackingStore} C++ object that is tracked > > throughout V8 using unique_ptr and shared_ptr where appropriate. > > > > Overall, lifetime management is simpler and more explicit. The numerous > > ways that array buffers were initialized have been streamlined to one > > Attach() method on JSArrayBuffer. The array buffer tracker in the > > GC implementation now manages std::shared_ptr<BackingStore> pointers, > > and the construction and destruction of the BackingStore object itself > > handles the underlying page or embedder-allocated memory. > > > > The embedder API remains unchanged for now. We use the > > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to > > keep the backing store alive properly, even in the case of aliases > > from live heap objects. Thus the embedder has a lower chance of making > > a mistake. Long-term, we should move the embedder to a model where they > > manage backing stores using shared_ptr to an opaque backing store object. > > TBR=yangguo@chromium.org > > BUG=v8:9380,v8:9221,chromium:986318 > > Change-Id: If671a4a9ca0476e8f084efae46e0d2bf99ed99ef > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1731005 > Commit-Queue: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Clemens Hammacher <clemensh@chromium.org> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63041} TBR=yangguo@chromium.org,clemensh@chromium.org,mstarzinger@chromium.org Change-Id: Iba55c7ab71e5642b5cb6aeb699d6fc9cf9061486 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1771795Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#63461}
-
- 05 Aug, 2019 1 commit
-
-
Ulan Degenbaev authored
This reverts commit 5611f70b. Reason for revert: flaky tests: v8:9588, v8:9587 Original change's description: > "Reland x4 [arraybuffer] Rearchitect backing store ownership" > > This is a reland of bc33f5ae > > Contributed by titzer@chromium.org > > Original change's description: > > [arraybuffer] Rearchitect backing store ownership > > > > This CL completely rearchitects the ownership of array buffer backing stores, > > consolidating ownership into a {BackingStore} C++ object that is tracked > > throughout V8 using unique_ptr and shared_ptr where appropriate. > > > > Overall, lifetime management is simpler and more explicit. The numerous > > ways that array buffers were initialized have been streamlined to one > > Attach() method on JSArrayBuffer. The array buffer tracker in the > > GC implementation now manages std::shared_ptr<BackingStore> pointers, > > and the construction and destruction of the BackingStore object itself > > handles the underlying page or embedder-allocated memory. > > > > The embedder API remains unchanged for now. We use the > > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to > > keep the backing store alive properly, even in the case of aliases > > from live heap objects. Thus the embedder has a lower chance of making > > a mistake. Long-term, we should move the embedder to a model where they > > manage backing stores using shared_ptr to an opaque backing store object. > > TBR=yangguo@chromium.org > > BUG=v8:9380,v8:9221,chromium:986318 > > Change-Id: If671a4a9ca0476e8f084efae46e0d2bf99ed99ef > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1731005 > Commit-Queue: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Clemens Hammacher <clemensh@chromium.org> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63041} TBR=ulan@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org,clemensh@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: v8:9380, v8:9221, chromium:986318 Change-Id: Ic7381239f4e90d0c437b7e47a5ac6e8bce60f882 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1736747Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#63081}
-
- 02 Aug, 2019 1 commit
-
-
Ulan Degenbaev authored
This is a reland of bc33f5ae Contributed by titzer@chromium.org Original change's description: > [arraybuffer] Rearchitect backing store ownership > > This CL completely rearchitects the ownership of array buffer backing stores, > consolidating ownership into a {BackingStore} C++ object that is tracked > throughout V8 using unique_ptr and shared_ptr where appropriate. > > Overall, lifetime management is simpler and more explicit. The numerous > ways that array buffers were initialized have been streamlined to one > Attach() method on JSArrayBuffer. The array buffer tracker in the > GC implementation now manages std::shared_ptr<BackingStore> pointers, > and the construction and destruction of the BackingStore object itself > handles the underlying page or embedder-allocated memory. > > The embedder API remains unchanged for now. We use the > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to > keep the backing store alive properly, even in the case of aliases > from live heap objects. Thus the embedder has a lower chance of making > a mistake. Long-term, we should move the embedder to a model where they > manage backing stores using shared_ptr to an opaque backing store object. TBR=yangguo@chromium.org BUG=v8:9380,v8:9221,chromium:986318 Change-Id: If671a4a9ca0476e8f084efae46e0d2bf99ed99ef Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1731005 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#63041}
-
- 31 Jul, 2019 2 commits
-
-
Francis McCabe authored
This reverts commit df8e6177. Reason for revert: Multiple flakes in apparently related areas: https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket.appspot.com/8906409837768155568/+/steps/Check__flakes_/0/logs/BackingStoreTest.RacyGrowWasmMem.../0 Original change's description: > "Reland x3 [arraybuffer] Rearchitect backing store ownership" > > This is a reland of bc33f5ae > > Original change's description: > > [arraybuffer] Rearchitect backing store ownership > > > > This CL completely rearchitects the ownership of array buffer backing stores, > > consolidating ownership into a {BackingStore} C++ object that is tracked > > throughout V8 using unique_ptr and shared_ptr where appropriate. > > > > Overall, lifetime management is simpler and more explicit. The numerous > > ways that array buffers were initialized have been streamlined to one > > Attach() method on JSArrayBuffer. The array buffer tracker in the > > GC implementation now manages std::shared_ptr<BackingStore> pointers, > > and the construction and destruction of the BackingStore object itself > > handles the underlying page or embedder-allocated memory. > > > > The embedder API remains unchanged for now. We use the > > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to > > keep the backing store alive properly, even in the case of aliases > > from live heap objects. Thus the embedder has a lower chance of making > > a mistake. Long-term, we should move the embedder to a model where they > > manage backing stores using shared_ptr to an opaque backing store object. > > R=mlippautz@chromium.org > BUG=v8:9380,v8:9221,chromium:986318 > TBR=ulan@chromium.org > > Change-Id: I6c49e2425029b5664ef1c68dab8b5146f4ed0ff2 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1719191 > Reviewed-by: Ben Titzer <titzer@chromium.org> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Commit-Queue: Ben Titzer <titzer@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63007} TBR=mstarzinger@chromium.org,titzer@chromium.org,mlippautz@chromium.org Change-Id: If0266e5893b1325a332d5986337fa7ece2cb6943 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:9380, v8:9221, chromium:986318 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1729549Reviewed-by: Francis McCabe <fgm@chromium.org> Commit-Queue: Francis McCabe <fgm@chromium.org> Cr-Commit-Position: refs/heads/master@{#63011}
-
Ben L. Titzer authored
This is a reland of bc33f5ae Original change's description: > [arraybuffer] Rearchitect backing store ownership > > This CL completely rearchitects the ownership of array buffer backing stores, > consolidating ownership into a {BackingStore} C++ object that is tracked > throughout V8 using unique_ptr and shared_ptr where appropriate. > > Overall, lifetime management is simpler and more explicit. The numerous > ways that array buffers were initialized have been streamlined to one > Attach() method on JSArrayBuffer. The array buffer tracker in the > GC implementation now manages std::shared_ptr<BackingStore> pointers, > and the construction and destruction of the BackingStore object itself > handles the underlying page or embedder-allocated memory. > > The embedder API remains unchanged for now. We use the > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to > keep the backing store alive properly, even in the case of aliases > from live heap objects. Thus the embedder has a lower chance of making > a mistake. Long-term, we should move the embedder to a model where they > manage backing stores using shared_ptr to an opaque backing store object. R=mlippautz@chromium.org BUG=v8:9380,v8:9221,chromium:986318 TBR=ulan@chromium.org Change-Id: I6c49e2425029b5664ef1c68dab8b5146f4ed0ff2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1719191Reviewed-by: Ben Titzer <titzer@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Ben Titzer <titzer@chromium.org> Cr-Commit-Position: refs/heads/master@{#63007}
-
- 23 Jul, 2019 1 commit
-
-
Ben L. Titzer authored
This reverts commit 306cf403. Reason for revert: performance regressions / too near branch point TBR=mslekova@chromium.org BUG=v8:9380 Change-Id: If77630b73eafbf1190c823199fe2a34361da303f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1714867Reviewed-by: Ben Titzer <titzer@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Ben Titzer <titzer@chromium.org> Cr-Commit-Position: refs/heads/master@{#62867}
-
- 22 Jul, 2019 1 commit
-
-
Ben L. Titzer authored
This is a reland of bc33f5ae Original change's description: > Reland "[arraybuffer] Rearchitect backing store ownership" > > This is a reland of 31cd5d83 > > Original change's description: > > [arraybuffer] Rearchitect backing store ownership > > > > This CL completely rearchitects the ownership of array buffer backing stores, > > consolidating ownership into a {BackingStore} C++ object that is tracked > > throughout V8 using unique_ptr and shared_ptr where appropriate. > > > > Overall, lifetime management is simpler and more explicit. The numerous > > ways that array buffers were initialized have been streamlined to one > > Attach() method on JSArrayBuffer. The array buffer tracker in the > > GC implementation now manages std::shared_ptr<BackingStore> pointers, > > and the construction and destruction of the BackingStore object itself > > handles the underlying page or embedder-allocated memory. > > > > The embedder API remains unchanged for now. We use the > > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to > > keep the backing store alive properly, even in the case of aliases > > from live heap objects. Thus the embedder has a lower chance of making > > a mistake. Long-term, we should move the embedder to a model where they > > manage backing stores using shared_ptr to an opaque backing store object. > > > > R=mlippautz@chromium.org > > BUG=v8:9380,v8:9221 > > > > Change-Id: I48fae5ac85dcf6172a83f252439e77e7c1a16ccd > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1584323 > > Commit-Queue: Ben Titzer <titzer@chromium.org> > > Reviewed-by: Ben Titzer <titzer@chromium.org> > > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > > Reviewed-by: Yang Guo <yangguo@chromium.org> > > Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> > > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#62572} > > Bug: v8:9380, v8:9221 > Change-Id: If3f72967a8ebeb067c0edcfc16ed631e36829dbc > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1691906 > Commit-Queue: Ben Titzer <titzer@chromium.org> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> > Reviewed-by: Yang Guo <yangguo@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Cr-Commit-Position: refs/heads/master@{#62809} Bug: v8:9380, v8:9221 Change-Id: I9a2525753ae2424108d074fa81df5f25d945c824 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1709409 Commit-Queue: Ben Titzer <titzer@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#62847}
-
- 18 Jul, 2019 2 commits
-
-
Clemens Hammacher authored
This reverts commit bc33f5ae. Reason for revert: Still failing (OOM on win32): https://ci.chromium.org/p/v8/builders/ci/V8%20Win32/22210 Original change's description: > Reland "[arraybuffer] Rearchitect backing store ownership" > > This is a reland of 31cd5d83 > > Original change's description: > > [arraybuffer] Rearchitect backing store ownership > > > > This CL completely rearchitects the ownership of array buffer backing stores, > > consolidating ownership into a {BackingStore} C++ object that is tracked > > throughout V8 using unique_ptr and shared_ptr where appropriate. > > > > Overall, lifetime management is simpler and more explicit. The numerous > > ways that array buffers were initialized have been streamlined to one > > Attach() method on JSArrayBuffer. The array buffer tracker in the > > GC implementation now manages std::shared_ptr<BackingStore> pointers, > > and the construction and destruction of the BackingStore object itself > > handles the underlying page or embedder-allocated memory. > > > > The embedder API remains unchanged for now. We use the > > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to > > keep the backing store alive properly, even in the case of aliases > > from live heap objects. Thus the embedder has a lower chance of making > > a mistake. Long-term, we should move the embedder to a model where they > > manage backing stores using shared_ptr to an opaque backing store object. > > > > R=mlippautz@chromium.org > > BUG=v8:9380,v8:9221 > > > > Change-Id: I48fae5ac85dcf6172a83f252439e77e7c1a16ccd > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1584323 > > Commit-Queue: Ben Titzer <titzer@chromium.org> > > Reviewed-by: Ben Titzer <titzer@chromium.org> > > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > > Reviewed-by: Yang Guo <yangguo@chromium.org> > > Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> > > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#62572} > > Bug: v8:9380, v8:9221 > Change-Id: If3f72967a8ebeb067c0edcfc16ed631e36829dbc > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1691906 > Commit-Queue: Ben Titzer <titzer@chromium.org> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> > Reviewed-by: Yang Guo <yangguo@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Cr-Commit-Position: refs/heads/master@{#62809} TBR=ulan@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org,titzer@chromium.org,gdeepti@chromium.org,mlippautz@chromium.org Change-Id: Iea755df9aaa1e95d284135bd0a6681b1340b6832 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:9380, v8:9221 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1708487Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#62811}
-
Ben L. Titzer authored
This is a reland of 31cd5d83 Original change's description: > [arraybuffer] Rearchitect backing store ownership > > This CL completely rearchitects the ownership of array buffer backing stores, > consolidating ownership into a {BackingStore} C++ object that is tracked > throughout V8 using unique_ptr and shared_ptr where appropriate. > > Overall, lifetime management is simpler and more explicit. The numerous > ways that array buffers were initialized have been streamlined to one > Attach() method on JSArrayBuffer. The array buffer tracker in the > GC implementation now manages std::shared_ptr<BackingStore> pointers, > and the construction and destruction of the BackingStore object itself > handles the underlying page or embedder-allocated memory. > > The embedder API remains unchanged for now. We use the > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to > keep the backing store alive properly, even in the case of aliases > from live heap objects. Thus the embedder has a lower chance of making > a mistake. Long-term, we should move the embedder to a model where they > manage backing stores using shared_ptr to an opaque backing store object. > > R=mlippautz@chromium.org > BUG=v8:9380,v8:9221 > > Change-Id: I48fae5ac85dcf6172a83f252439e77e7c1a16ccd > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1584323 > Commit-Queue: Ben Titzer <titzer@chromium.org> > Reviewed-by: Ben Titzer <titzer@chromium.org> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Reviewed-by: Yang Guo <yangguo@chromium.org> > Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Cr-Commit-Position: refs/heads/master@{#62572} Bug: v8:9380, v8:9221 Change-Id: If3f72967a8ebeb067c0edcfc16ed631e36829dbc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1691906 Commit-Queue: Ben Titzer <titzer@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#62809}
-
- 08 Jul, 2019 2 commits
-
-
Clemens Hammacher authored
This reverts commit 31cd5d83. Reason for revert: It breaks my heart to revert this, but it fails differently on several bots, e.g. https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20debug/26671. Original change's description: > [arraybuffer] Rearchitect backing store ownership > > This CL completely rearchitects the ownership of array buffer backing stores, > consolidating ownership into a {BackingStore} C++ object that is tracked > throughout V8 using unique_ptr and shared_ptr where appropriate. > > Overall, lifetime management is simpler and more explicit. The numerous > ways that array buffers were initialized have been streamlined to one > Attach() method on JSArrayBuffer. The array buffer tracker in the > GC implementation now manages std::shared_ptr<BackingStore> pointers, > and the construction and destruction of the BackingStore object itself > handles the underlying page or embedder-allocated memory. > > The embedder API remains unchanged for now. We use the > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to > keep the backing store alive properly, even in the case of aliases > from live heap objects. Thus the embedder has a lower chance of making > a mistake. Long-term, we should move the embedder to a model where they > manage backing stores using shared_ptr to an opaque backing store object. > > R=mlippautz@chromium.org > BUG=v8:9380,v8:9221 > > Change-Id: I48fae5ac85dcf6172a83f252439e77e7c1a16ccd > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1584323 > Commit-Queue: Ben Titzer <titzer@chromium.org> > Reviewed-by: Ben Titzer <titzer@chromium.org> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Reviewed-by: Yang Guo <yangguo@chromium.org> > Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Cr-Commit-Position: refs/heads/master@{#62572} TBR=ulan@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org,titzer@chromium.org,gdeepti@chromium.org,mlippautz@chromium.org Change-Id: Ib35788ba8c31192d90cbc72df3dbc41030f109de No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:9380, v8:9221 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1691034Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#62578}
-
Ben L. Titzer authored
This CL completely rearchitects the ownership of array buffer backing stores, consolidating ownership into a {BackingStore} C++ object that is tracked throughout V8 using unique_ptr and shared_ptr where appropriate. Overall, lifetime management is simpler and more explicit. The numerous ways that array buffers were initialized have been streamlined to one Attach() method on JSArrayBuffer. The array buffer tracker in the GC implementation now manages std::shared_ptr<BackingStore> pointers, and the construction and destruction of the BackingStore object itself handles the underlying page or embedder-allocated memory. The embedder API remains unchanged for now. We use the v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to keep the backing store alive properly, even in the case of aliases from live heap objects. Thus the embedder has a lower chance of making a mistake. Long-term, we should move the embedder to a model where they manage backing stores using shared_ptr to an opaque backing store object. R=mlippautz@chromium.org BUG=v8:9380,v8:9221 Change-Id: I48fae5ac85dcf6172a83f252439e77e7c1a16ccd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1584323 Commit-Queue: Ben Titzer <titzer@chromium.org> Reviewed-by: Ben Titzer <titzer@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#62572}
-
- 26 Jun, 2019 1 commit
-
-
Sathya Gunasekaran authored
Change-Id: I8e6f10d6a5cba981134b44fda1a8ae3a4ea0fc97 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1675959 Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#62371}
-
- 27 May, 2019 3 commits
-
-
Benedikt Meurer authored
This is a reland of 4b86fea5 with copy&paste typo in CodeStubAssembler::AllocateByteArray() fixed (bug led to holes in new space, which was crashing reproducibly on the ia32 bot). Original change's description: > [typedarray] Move external/data pointer to JSTypedArray. > > As the next step in supporting huge typed arrays in V8, this moves the > external/data pointer from the FixedTypedArrayBase backing store to the > JSTypedArray instance itself, and replaces the special backing stores > with a plain ByteArray (removing all the code for the FixedTypedArrayBase > class hierarchy). By doing so, we can drastically simplify the system > around typed arrays. > > Note: Several places in the code base used to check the instance type > of the elements backing store of a JSTypedArray instead of checking the > elements kind on the JSTypedArray map directly. Those had to be fixed, > since the backing store is now always a ByteArray. > > Drive-by-fix: Move all the typed elements access related code into the > elements.cc file to properly encapsulate the accesses. > > Doc: http://doc/1Z-wM2qwvAuxH46e9ivtkYvKzzwYZg8ymm0x0wJaomow > Bug: chromium:951196, chromium:965583, v8:4153, v8:7881, v8:9183 > Change-Id: I8cc06b190c53e34155000b4560f5f3ef40621646 > Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627535 > Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> > Reviewed-by: Peter Marshall <petermarshall@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Simon Zünd <szuend@chromium.org> > Cr-Commit-Position: refs/heads/master@{#61855} Tbr: petermarshall@chromium.org Bug: chromium:951196, chromium:965583, v8:4153, v8:7881, v8:9183 Change-Id: I87fcdb28532c5f08cc227332a4d59546cb423810 Cq-Include-Trybots: luci.chromium.try:linux-rel, win7-rel Cq-Include-Trybots: luci.v8.try:v8_linux_shared_compile_rel Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631592Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#61864}
-
Clemens Hammacher authored
This reverts commit 4b86fea5. Reason for revert: Fails on linux shared: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20shared/31045 Original change's description: > [typedarray] Move external/data pointer to JSTypedArray. > > As the next step in supporting huge typed arrays in V8, this moves the > external/data pointer from the FixedTypedArrayBase backing store to the > JSTypedArray instance itself, and replaces the special backing stores > with a plain ByteArray (removing all the code for the FixedTypedArrayBase > class hierarchy). By doing so, we can drastically simplify the system > around typed arrays. > > Note: Several places in the code base used to check the instance type > of the elements backing store of a JSTypedArray instead of checking the > elements kind on the JSTypedArray map directly. Those had to be fixed, > since the backing store is now always a ByteArray. > > Drive-by-fix: Move all the typed elements access related code into the > elements.cc file to properly encapsulate the accesses. > > Doc: http://doc/1Z-wM2qwvAuxH46e9ivtkYvKzzwYZg8ymm0x0wJaomow > Bug: chromium:951196, chromium:965583, v8:4153, v8:7881, v8:9183 > Change-Id: I8cc06b190c53e34155000b4560f5f3ef40621646 > Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627535 > Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> > Reviewed-by: Peter Marshall <petermarshall@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Simon Zünd <szuend@chromium.org> > Cr-Commit-Position: refs/heads/master@{#61855} TBR=ulan@chromium.org,yangguo@chromium.org,titzer@chromium.org,sigurds@chromium.org,petermarshall@chromium.org,bmeurer@chromium.org,szuend@chromium.org Change-Id: I0bc1f935de6063acf75a0f4bb8c0ba67428603fd No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:951196, chromium:965583, v8:4153, v8:7881, v8:9183 Cq-Include-Trybots: luci.chromium.try:linux-rel, win7-rel Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631427Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#61856}
-
Benedikt Meurer authored
As the next step in supporting huge typed arrays in V8, this moves the external/data pointer from the FixedTypedArrayBase backing store to the JSTypedArray instance itself, and replaces the special backing stores with a plain ByteArray (removing all the code for the FixedTypedArrayBase class hierarchy). By doing so, we can drastically simplify the system around typed arrays. Note: Several places in the code base used to check the instance type of the elements backing store of a JSTypedArray instead of checking the elements kind on the JSTypedArray map directly. Those had to be fixed, since the backing store is now always a ByteArray. Drive-by-fix: Move all the typed elements access related code into the elements.cc file to properly encapsulate the accesses. Doc: http://doc/1Z-wM2qwvAuxH46e9ivtkYvKzzwYZg8ymm0x0wJaomow Bug: chromium:951196, chromium:965583, v8:4153, v8:7881, v8:9183 Change-Id: I8cc06b190c53e34155000b4560f5f3ef40621646 Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627535 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Peter Marshall <petermarshall@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#61855}
-
- 23 May, 2019 2 commits
-
-
Yang Guo authored
TBR=bmeurer@chromium.org,leszeks@chromium.org Bug: v8:9247 Change-Id: I8d14d0192ea8c705f8274e8e61a162531826edb6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1624220Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#61769}
-
Clemens Hammacher authored
This CL was generated by an automatic clang AST rewriter using this matcher expression: callExpr( callee( cxxMethodDecl( hasName("operator->"), ofClass(isSameOrDerivedFrom("v8::internal::Object")) ) ), argumentCountIs(1) ) The "->" at the expression location was then rewritten to ".". R=jkummerow@chromium.org TBR=mstarzinger@chromium.org,verwaest@chromium.org,yangguo@chromium.org Bug: v8:9183, v8:3770 No-Try: true No-Tree-Checks: true Change-Id: I0a7ecabdeafe51d0cf427f5280af0c7cab96869e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1624209Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#61764}
-
- 22 May, 2019 1 commit
-
-
Yang Guo authored
Bug: v8:9247 Change-Id: I79e0553e8a0d6dac2aa16b94a6c0e05b6ccde4a1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1621934 Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#61725}
-
- 21 May, 2019 1 commit
-
-
Simon Zünd authored
This CL also removes the corresponding intrinsic lowering of IsTypedArray in TurboFan and Ignition. Drive-by: Remove unused ArrayBufferViewWasDetached runtime function. Bug: v8:9183 Change-Id: I2767b22fbdfb679cba30b9fbc555c8d41c7f4345 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617930Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Peter Marshall <petermarshall@chromium.org> Commit-Queue: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#61677}
-
- 20 May, 2019 2 commits
-
-
Yang Guo authored
TBR=verwaest@chromium.org,rmcilroy@chromium.org NOTREECHECKS=true NOPRESUBMIT=true Bug: v8:9247 Change-Id: I9ddfb6e56ca8e47c4ac186a8df5f442d26420a69 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617661 Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#61642}
-
Yang Guo authored
Code that is being moved primarily deal with layout of a JSObject, accessing properties and elements, and map transitions. NOTREECHECKS=true NOTRY=true Bug: v8:9247 Change-Id: Ibce5d5926ac4021c8d40c4dd109948775ce1da58 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1613994 Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#61638}
-
- 17 May, 2019 2 commits
-
-
Yang Guo authored
This reverts commit 5f285395. Reason for revert: presubmit failure Original change's description: > Move logging and diagnostics related source files > > This also introduces a COMMON_OWNERS file, which is derived from the > current top-level OWNERS file. It is to be used for parts of the > codebase that is not sensitive to domain-specific expertise. > > NOPRESUBMIT=true > TBR=verwaest@chromium.org > > Bug: v8:9247 > Change-Id: I34a5eaa7cb1509a80d15094a2aceedd62665b17c > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1613987 > Reviewed-by: Yang Guo <yangguo@chromium.org> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> > Commit-Queue: Yang Guo <yangguo@chromium.org> > Cr-Commit-Position: refs/heads/master@{#61600} TBR=rmcilroy@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org,verwaest@chromium.org Change-Id: I3827c3af4fd63b18aa48c49617f318a01746e813 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:9247 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617247Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#61601}
-
Yang Guo authored
This also introduces a COMMON_OWNERS file, which is derived from the current top-level OWNERS file. It is to be used for parts of the codebase that is not sensitive to domain-specific expertise. NOPRESUBMIT=true TBR=verwaest@chromium.org Bug: v8:9247 Change-Id: I34a5eaa7cb1509a80d15094a2aceedd62665b17c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1613987Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#61600}
-
- 07 May, 2019 1 commit
-
-
Peter Marshall authored
This is a reland of ad44c258 Patchset 2 is the original CL Patchset 3 fixes some misuses of FixedArrayBase::length() and adds some DCHECKS to flush out any more misuses. Patchset 4 adds the PPC/S390 port by miladfar@ca.ibm.com. Original change's description: > [typedarray] Make JSTypedArray::length authoritative. > > This is the first step towards full huge typed array support in V8. > Before this change, the JSTypedArray::length and the elements backing > store length (FixedTypedArrayBase::length) were used more or less > interchangeably to determine the number of elements in a JSTypedArray. > > With this change we disentangle these two lengths, and instead make > JSTypedArray::length authoritative. For on-heap typed arrays, the > FixedTypedArrayBase::length will remain the number of elements in the > backing store, but for the off-heap typed arrays, this length will be > set to 0 (matching the fact that the FixedTypedArrayBase instance does > not contain any elements itself). > > This also unifies the JSTypedArray::set_/length() and length_value() > methods to only have JSTypedArray::set_/length() which returns/takes > size_t values. Currently this still requires the values to be in Smi > range, but later we will extend this to allow arbitrary size_t values > (in the safe integer range). > > Bug: v8:4153, v8:7881 > Change-Id: Iff9089130bb31fa9e08e0cf913e7ab52c3dbf107 > Cq-Include-Trybots: luci.chromium.try:linux-blink-rel > Doc: http://doc/1Z-wM2qwvAuxH46e9ivtkYvKzzwYZg8ymm0x0wJaomow > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1543729 > Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> > Reviewed-by: Peter Marshall <petermarshall@chromium.org> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> > Reviewed-by: Ben Titzer <titzer@chromium.org> > Reviewed-by: Hannes Payer <hpayer@chromium.org> > Cr-Commit-Position: refs/heads/master@{#60648} Bug: v8:4153, v8:7881, v8:9105 Change-Id: Ic38f833071a723642ebc6f82a4012dbc0878ef98 Cq-Include-Trybots: luci.chromium.try:linux-blink-rel Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1594435Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#61275}
-
- 02 May, 2019 1 commit
-
-
Peter Marshall authored
This reverts commit ad44c258. Reason for revert: Missed some users: crbug.com/v8/9105 Original change's description: > [typedarray] Make JSTypedArray::length authoritative. > > This is the first step towards full huge typed array support in V8. > Before this change, the JSTypedArray::length and the elements backing > store length (FixedTypedArrayBase::length) were used more or less > interchangeably to determine the number of elements in a JSTypedArray. > > With this change we disentangle these two lengths, and instead make > JSTypedArray::length authoritative. For on-heap typed arrays, the > FixedTypedArrayBase::length will remain the number of elements in the > backing store, but for the off-heap typed arrays, this length will be > set to 0 (matching the fact that the FixedTypedArrayBase instance does > not contain any elements itself). > > This also unifies the JSTypedArray::set_/length() and length_value() > methods to only have JSTypedArray::set_/length() which returns/takes > size_t values. Currently this still requires the values to be in Smi > range, but later we will extend this to allow arbitrary size_t values > (in the safe integer range). > > Bug: v8:4153, v8:7881 > Change-Id: Iff9089130bb31fa9e08e0cf913e7ab52c3dbf107 > Cq-Include-Trybots: luci.chromium.try:linux-blink-rel > Doc: http://doc/1Z-wM2qwvAuxH46e9ivtkYvKzzwYZg8ymm0x0wJaomow > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1543729 > Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> > Reviewed-by: Peter Marshall <petermarshall@chromium.org> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> > Reviewed-by: Ben Titzer <titzer@chromium.org> > Reviewed-by: Hannes Payer <hpayer@chromium.org> > Cr-Commit-Position: refs/heads/master@{#60648} TBR=jarin@chromium.org,titzer@chromium.org,hpayer@chromium.org,petermarshall@chromium.org,bmeurer@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. TBR=jarin@chromium.org, szuend@chromium.org Bug: v8:4153, v8:7881 Change-Id: I96992bff15b4a2765ae4a557d2c37e78269c927d Cq-Include-Trybots: luci.chromium.try:linux-blink-rel Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593294 Commit-Queue: Peter Marshall <petermarshall@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#61172}
-
- 25 Apr, 2019 3 commits
-
-
Simon Zünd authored
This is a reland of 3d846115 Reland changes mjsunit.status to skip the regression test on all bots except ASAN. Original change's description: > [typedarray] Fix crash when sorting SharedArrayBuffers > > TypedArray#sort has a fast-path when the user does not provide a > comparison function. This fast-path utilizes std::sort which operates > directly on the raw data. Per spec, std::sort requires the "less than" > operation to be anti-symmetric and transitive. > > When sorting SharedArrayBuffers (SAB) that are concurrently modified during > sorting, the "less than" operator stops being consistent as the > underlying data is constantly modified. This breaks some invariants > in std::sort resulting in infinite loops or straight out segfaults. > > This CL fixes this by copying the data before sorting SABs and > writing the sorted result back. > > Note: The added regression test is tailored for ASAN bots as a > normal build would need too many iterations to consistently crash. > > R=neis@chromium.org, petermarshall@chromium.org > > Bug: v8:9161 > Change-Id: Ic089928652f75865bfdb11e7453806faa6ecb988 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1581641 > Reviewed-by: Peter Marshall <petermarshall@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Commit-Queue: Simon Zünd <szuend@chromium.org> > Cr-Commit-Position: refs/heads/master@{#61004} Bug: v8:9161 Change-Id: Idffc3fbb5f28f4966c8f1ac6770d5b5d6003a7e7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1583726Reviewed-by: Peter Marshall <petermarshall@chromium.org> Commit-Queue: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#61011}
-
Michael Achenbach authored
This reverts commit 3d846115. Reason for revert: The test hangs flakily on windows: https://ci.chromium.org/p/v8/builders/ci/V8%20Win32/20612 https://ci.chromium.org/p/v8/builders/ci/V8%20Win32%20-%20nosnap%20-%20shared/33147 https://ci.chromium.org/p/v8/builders/ci/V8%20Win32%20-%20debug/19945 Original change's description: > [typedarray] Fix crash when sorting SharedArrayBuffers > > TypedArray#sort has a fast-path when the user does not provide a > comparison function. This fast-path utilizes std::sort which operates > directly on the raw data. Per spec, std::sort requires the "less than" > operation to be anti-symmetric and transitive. > > When sorting SharedArrayBuffers (SAB) that are concurrently modified during > sorting, the "less than" operator stops being consistent as the > underlying data is constantly modified. This breaks some invariants > in std::sort resulting in infinite loops or straight out segfaults. > > This CL fixes this by copying the data before sorting SABs and > writing the sorted result back. > > Note: The added regression test is tailored for ASAN bots as a > normal build would need too many iterations to consistently crash. > > R=neis@chromium.org, petermarshall@chromium.org > > Bug: v8:9161 > Change-Id: Ic089928652f75865bfdb11e7453806faa6ecb988 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1581641 > Reviewed-by: Peter Marshall <petermarshall@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Commit-Queue: Simon Zünd <szuend@chromium.org> > Cr-Commit-Position: refs/heads/master@{#61004} TBR=neis@chromium.org,petermarshall@chromium.org,szuend@chromium.org Change-Id: I046da3e4228bb1a8a3aa89d9c9d8de11875a9273 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:9161 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1583725Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#61007}
-
Simon Zünd authored
TypedArray#sort has a fast-path when the user does not provide a comparison function. This fast-path utilizes std::sort which operates directly on the raw data. Per spec, std::sort requires the "less than" operation to be anti-symmetric and transitive. When sorting SharedArrayBuffers (SAB) that are concurrently modified during sorting, the "less than" operator stops being consistent as the underlying data is constantly modified. This breaks some invariants in std::sort resulting in infinite loops or straight out segfaults. This CL fixes this by copying the data before sorting SABs and writing the sorted result back. Note: The added regression test is tailored for ASAN bots as a normal build would need too many iterations to consistently crash. R=neis@chromium.org, petermarshall@chromium.org Bug: v8:9161 Change-Id: Ic089928652f75865bfdb11e7453806faa6ecb988 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1581641Reviewed-by: Peter Marshall <petermarshall@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#61004}
-
- 05 Apr, 2019 1 commit
-
-
Benedikt Meurer authored
This is the first step towards full huge typed array support in V8. Before this change, the JSTypedArray::length and the elements backing store length (FixedTypedArrayBase::length) were used more or less interchangeably to determine the number of elements in a JSTypedArray. With this change we disentangle these two lengths, and instead make JSTypedArray::length authoritative. For on-heap typed arrays, the FixedTypedArrayBase::length will remain the number of elements in the backing store, but for the off-heap typed arrays, this length will be set to 0 (matching the fact that the FixedTypedArrayBase instance does not contain any elements itself). This also unifies the JSTypedArray::set_/length() and length_value() methods to only have JSTypedArray::set_/length() which returns/takes size_t values. Currently this still requires the values to be in Smi range, but later we will extend this to allow arbitrary size_t values (in the safe integer range). Bug: v8:4153, v8:7881 Change-Id: Iff9089130bb31fa9e08e0cf913e7ab52c3dbf107 Cq-Include-Trybots: luci.chromium.try:linux-blink-rel Doc: http://doc/1Z-wM2qwvAuxH46e9ivtkYvKzzwYZg8ymm0x0wJaomow Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1543729 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Peter Marshall <petermarshall@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Ben Titzer <titzer@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Cr-Commit-Position: refs/heads/master@{#60648}
-
- 19 Mar, 2019 2 commits
-
-
Igor Sheludko authored
Bug: v8:7703 Change-Id: I497fe7e4ba81acbda8564142959f823c5195c5eb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1529008Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#60338}
-
Igor Sheludko authored
... which can be used with STL algorithms. When pointer compression is enabled the [u]intptr_t and double fields are only kTaggedSize aligned so in order to avoid undefined behavior in C++ code we have to access these values in an unaligned pointer friendly way although both x64 and arm64 architectures (where pointer compression is supported) allow unaligned access. These changes will be removed once v8:8875 is fixed and all the kSystemPointerSize fields are properly aligned. Bug: v8:7703 Change-Id: If581fc00d63ae759c73b2a0f115331eea336605f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1528995Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#60319}
-
- 11 Dec, 2018 1 commit
-
-
Ben L. Titzer authored
This is purely a renaming change. The ES spec uses the term 'detach' for the process of removing the backing store of a typed array, while V8 uses the historical term 'neuter'. Update our internal implementation, including method names and flag names, to match the spec. Note that some error messages still use the term 'neuter' since error messages are asserted by some embedder tests, like layout tests. R=bmeurer@chromium.org, yangguo@chromium.org, mstarzinger@chromium.org, mlippautz@chromium.org BUG=chromium:913887 Change-Id: I62f1c3ac9ae67ba01d612a5221afa3d92deae272 Reviewed-on: https://chromium-review.googlesource.com/c/1370036 Commit-Queue: Ben Titzer <titzer@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#58149}
-
- 13 Nov, 2018 1 commit
-
-
Marja Hölttä authored
This reduces the build steps after touching counters.h from 710 to 191, thus detaching counters.h from the giant include cluster. BUG=v8:7490,v8:8238 Change-Id: I0c7e707fb945e293f8a5604cc8da438cd35b3210 Reviewed-on: https://chromium-review.googlesource.com/c/1329695 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#57468}
-
- 11 Oct, 2018 1 commit
-
-
Jakob Kummerow authored
The primary purpose of this is to untangle a circular dependency objects.h -> handles.h -> objects.h. Most compilation units only need message-template.h, without the rest of messages.h. Bonus: change the enum to an enum class for improved type safety. Bug: v8:3770 Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng Change-Id: I8102c55197a450811de2588a68a08e7f99ea6b9e Reviewed-on: https://chromium-review.googlesource.com/c/1272193 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Ben Titzer <titzer@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#56583}
-
- 13 Sep, 2018 1 commit
-
-
Benedikt Meurer authored
Previously the [[ArrayBufferByteLength]] internal field was represented as a boxed number (i.e. either Smi or HeapNumber) in safe integer range. This is the first step to change the representation of all the array buffer and array buffer view length/offset fields to unboxed integers, to eventually support the full range of 4GiB (and potentially even more) for typed arrays and array buffers. This will allow WebAssembly memories with 4GiB to be usable. Tbr: yangguo@chromium.org Bug: v8:7881, v8:8015, v8:8171 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: Ic6c6c8fe087afee898254cd903e82a55bfc173a9 Reviewed-on: https://chromium-review.googlesource.com/1222309Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Ben Titzer <titzer@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#55877}
-
- 17 Aug, 2018 1 commit
-
-
Ben L. Titzer authored
JSArrays and JSArrayBuffers are very different animals. As such, split the js-array.h header into two parts. R=ulan@chromium.org,mstarzinger@chromium.org Bug: v8:5402 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: I82f987ecea3e2e1ceaf8f8962a2b88165558c57e Reviewed-on: https://chromium-review.googlesource.com/1177760Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Ben Titzer <titzer@chromium.org> Cr-Commit-Position: refs/heads/master@{#55183}
-