- 06 Apr, 2020 6 commits
-
-
Nico Hartmann authored
This reverts commit 44a1ed8f. Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20gcc/6124? Original change's description: > cppgc: Integrate conservative stack scan into GC > > With this change we support allocation of objects and keeping them alive via > conservative stack scan. > > Change-Id: Id94d7ced503ad0b1378643e0c13c2a8b65ad2327 > Bug: chromium:1056170 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2135729 > Reviewed-by: Omer Katz <omerkatz@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Anton Bikineev <bikineev@chromium.org> > Commit-Queue: Michael Lippautz <mlippautz@chromium.org> > Cr-Commit-Position: refs/heads/master@{#67008} TBR=ulan@chromium.org,hpayer@chromium.org,mlippautz@chromium.org,bikineev@chromium.org,omerkatz@chromium.org Change-Id: I71bf7a9b7f54f0ec8d64b1b1781699adb0feb138 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:1056170 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2137401Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/master@{#67009}
-
Michael Lippautz authored
With this change we support allocation of objects and keeping them alive via conservative stack scan. Change-Id: Id94d7ced503ad0b1378643e0c13c2a8b65ad2327 Bug: chromium:1056170 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2135729Reviewed-by: Omer Katz <omerkatz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Anton Bikineev <bikineev@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#67008}
-
Nico Hartmann authored
This reverts commit c9ce1b56. Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20isolates/8923 Original change's description: > Reland "[wasm] Deduplicate wasm scripts" > > This is a reland of 6ebccbd1 > > Original change's description: > > [wasm] Deduplicate wasm scripts > > > > R=clemensb@chromium.org > > > > Bug: v8:6847 > > Change-Id: I4509a7011a0d32f5bbd2eabf3d2ee6ef5304263d > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2124320 > > Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> > > Reviewed-by: Clemens Backes <clemensb@chromium.org> > > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#66981} > > Bug: v8:6847 > Change-Id: I74f51b9b15df74de800fbbf031515d26aaa70dbc > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2135735 > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Clemens Backes <clemensb@chromium.org> > Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> > Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> > Cr-Commit-Position: refs/heads/master@{#67006} TBR=ulan@chromium.org,clemensb@chromium.org,bmeurer@chromium.org,thibaudm@chromium.org Change-Id: Ie9da956519673b85262ba0cbcc80a946624d8c45 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:6847 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2135634Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/master@{#67007}
-
Thibaud Michaud authored
This is a reland of 6ebccbd1 Original change's description: > [wasm] Deduplicate wasm scripts > > R=clemensb@chromium.org > > Bug: v8:6847 > Change-Id: I4509a7011a0d32f5bbd2eabf3d2ee6ef5304263d > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2124320 > Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> > Reviewed-by: Clemens Backes <clemensb@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Cr-Commit-Position: refs/heads/master@{#66981} Bug: v8:6847 Change-Id: I74f51b9b15df74de800fbbf031515d26aaa70dbc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2135735Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/master@{#67006}
-
Marja Hölttä authored
Change-Id: I31aabfe9bdaf02da088620920bbe1e85a9f1859a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2135630 Auto-Submit: Marja Hölttä <marja@chromium.org> Reviewed-by: Victor Gomes <victorgomes@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#67005}
-
Dominik Inführ authored
Adds the PersistentHandles class, which serves as a container for handles that can be passed back and forth between threads. Allocation and deallocation of this class is thread-safe and the isolate tracks all PersistentHandles containers. Design doc: https://docs.google.com/document/d/17yKs-6apE2rGEag7tDsoyeRxg99c1dXyXQ2MfHe65tY/edit?usp=sharing Bug: v8:10315 Change-Id: I4b9c958c9a57d755ca68862197501f75274670fb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2128058 Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#67004}
-
- 05 Apr, 2020 1 commit
-
-
jing.bao authored
Bug: v8:9909 Change-Id: I954c2d48d0116e0f1fcfcb801671e320f8e4fee6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2134420Reviewed-by: Clemens Backes <clemensb@chromium.org> Reviewed-by: Zhi An Ng <zhin@chromium.org> Commit-Queue: Jing Bao <jing.bao@intel.com> Cr-Commit-Position: refs/heads/master@{#67003}
-
- 04 Apr, 2020 1 commit
-
-
Joyee Cheung authored
This is a reland of 77b24c06 Original change's description: > [class] Ship private methods and accessors > > Turns --harmony-private-methods on by default. > > Intent to ship: https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/HLpO-HC8aKc/TT32fUNPBAAJ > ChromeStatus page: https://www.chromestatus.com/feature/5700509656678400 > > Bug: v8:8330 > Change-Id: I0d9b21cddd5418be8e7059c24fa05ab98de667b9 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2110890 > Reviewed-by: Shu-yu Guo <syg@chromium.org> > Commit-Queue: Joyee Cheung <joyee@igalia.com> > Cr-Commit-Position: refs/heads/master@{#66933} Bug: v8:8330 Change-Id: I165e54982b642757b2e9ed9eb42a051ea928703b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2130451Reviewed-by: Shu-yu Guo <syg@chromium.org> Commit-Queue: Joyee Cheung <joyee@igalia.com> Cr-Commit-Position: refs/heads/master@{#67002}
-
- 03 Apr, 2020 28 commits
-
-
Anton Bikineev authored
Older gcc versions don't support constexpr source location builtins. Bug: chromium:1056170 Change-Id: I3ef26e62395b1d86f435fb433b429d62a47fa8c9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2135737Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Anton Bikineev <bikineev@chromium.org> Cr-Commit-Position: refs/heads/master@{#67001}
-
Zhi An Ng authored
This reverts commit 7d955faa. Reason for revert: Bad change, modified wrong test file https://ci.chromium.org/p/v8/builders/ci/V8%20Linux/36416 Original change's description: > [wasm-simd][x64][ia32] Do not overwrite input register > > We are ovewriting input register (contains the shift) when we are > masking it, instead, move to a temporary,then mask it. > > Bug: chromium:1065599 > Change-Id: Iab72b94581239447e444746681387350b576e24a > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2125941 > Commit-Queue: Zhi An Ng <zhin@chromium.org> > Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> > Cr-Commit-Position: refs/heads/master@{#66997} TBR=gdeepti@chromium.org,zhin@chromium.org Change-Id: I50c57906d6eb49758584b477c971179ea3c6e5d3 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:1065599 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2134655Reviewed-by: Zhi An Ng <zhin@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#67000}
-
Zhi An Ng authored
This reverts commit df204288. Reason for revert: Broke noavx https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20-%20debug/31698 Original change's description: > [wasm-simd][x64] Cleanup unnecessary CpuFeatureScope > > There are a couple more left in some i64x2 ops, but those are not in the > proposal, so I've left them as it is. > > Bug: v8:9561 > Change-Id: I3f6a4113c8054229eb6532d83ff16174a3208418 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2128849 > Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> > Commit-Queue: Zhi An Ng <zhin@chromium.org> > Cr-Commit-Position: refs/heads/master@{#66990} TBR=gdeepti@chromium.org,zhin@chromium.org Change-Id: Ib42dbf70ab8ee97ed1d2f809ea305c22213ae960 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:9561 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2134653Reviewed-by: Zhi An Ng <zhin@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#66999}
-
Shu-yu Guo authored
Bug: v8:8179 Change-Id: I443024e663ebece4465cb58687b49a37624c6bbf Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2129274 Commit-Queue: Shu-yu Guo <syg@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#66998}
-
Ng Zhi An authored
We are ovewriting input register (contains the shift) when we are masking it, instead, move to a temporary,then mask it. Bug: chromium:1065599 Change-Id: Iab72b94581239447e444746681387350b576e24a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2125941 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Cr-Commit-Position: refs/heads/master@{#66997}
-
Shu-yu Guo authored
A WeakCell's unregister_token and holdings are passed in by the user, and so should be JSAny. A FinalizationRegistry's callback function must always be Callable. Bug: v8:8179 Change-Id: I8e447ce4bfeba712594fc9a7c9923ce718adcd62 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2129273Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/master@{#66996}
-
Shu-yu Guo authored
Bug: v8:8179 Change-Id: Ic8ae1fcbfaf7d71a4f9924266670fbf1c24cd63e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2129246Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/master@{#66995}
-
Ross McIlroy authored
Effect-control-linearizer will update a basic block to connect it directly to the end node if it has an Unreachable node. Usually the block would already have been connected directly to end (via a Throw node) already, however in some cases it can be connected indirectly (via a branch, where both end in a throw node). If this happens, and the Effect-control-linearizer is maintaining the schedule (e.g., for TurboProp), it will cause the end block to have unreachable predecessor blocks, which can cause issues with the register allocator. To fix this, have the BasicBlockUpdater remove all successor blocks from the schedule, when they become Unreachable. Also add some tests to cover this in effect-control-linearizer-unittests. BUG=v8:10332,v8:9684 Change-Id: Ibce140e6d1f61751a86247e6f8c36075723a1e55 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2120537 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#66994}
-
Clemens Backes authored
If there is still Liftoff code installed on a function, we cannot reuse it when tiering down, since we don't know if it was compiled with debugging capabilities. This made the "debug-step-into-wasm" test flake. R=thibaudm@chromium.org Bug: v8:10368 Change-Id: I3672940015c85ec10ead2e33e7792410b47589d4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2135732Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#66993}
-
Ng Zhi An authored
Bug: v8:9909 Change-Id: Ie894f91107c2a6e59c121c7db581112c5340fe48 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2132709Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#66992}
-
Clemens Backes authored
Instead of two copies of the lookup code in frames.cc and wasm-debug.cc, put one lookup method on the WasmCode. This is where it belongs really, since the WasmCode is the main input to the function (besides the offset). Also refactor how source positions are computed in WasmCompiledFrame. Avoid going through the summary, which is unneccessarily complex. This also adds another {byte_offset} accessor which can be used for debugging. Bug: v8:10235 Change-Id: I5c545ee302754b86009f09bedc5ff6e39ba664f6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2135726Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#66991}
-
Ng Zhi An authored
There are a couple more left in some i64x2 ops, but those are not in the proposal, so I've left them as it is. Bug: v8:9561 Change-Id: I3f6a4113c8054229eb6532d83ff16174a3208418 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2128849Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#66990}
-
Ng Zhi An authored
Implement i8x16.bitmask, i16x8.bitmask, i32x4.bitmask on ia32. Drive by additions of disasm and disasm tests to some instructions. Bug: v8:10308 Change-Id: I3725ed6959ae55f96ee7950130776a4f08e177c9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2127314Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#66989}
-
Ulan Degenbaev authored
The new flag controls foreground incremental marking tasks and does not affect background concurent marking tasks. Change-Id: I46bda6b10c76b7a7f2ed2e123afe85bc04935624 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2135733Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#66988}
-
Andreas Haas authored
The code of kArmWord32AtomicPairStore is not self-explanatory, especially why {ldrexd} is used. This CL adds some documentation to make it more understandable. Additionally this CL changes the code generation to use {cmp} instead of {teq}. It's the preferred (idiomatic) sequence on Arm. R=v8-arm-ports@googlegroups.com Bug: v8:10155 Change-Id: I32946a333c352250045dbd8872862529a63c8772 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2129638Reviewed-by: Jacob Bramley <jacob.bramley@arm.com> Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#66987}
-
Maya Lekova authored
This commit adds a few fixes neccessary for integrating the fast C API into Blink: - added default constructor for CFunction - removed a bogus template specialization allowing void* params - extended the public Isolate class Bug: chromium:1052746 Change-Id: I4f2ba84299920e2cc9d66ec1ed59302313db6c0b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2120587 Commit-Queue: Maya Lekova <mslekova@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#66986}
-
Hannes Payer authored
Change-Id: If9252354404efcac89ab8fbbd41250a6311fdfd6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2135731Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Hannes Payer <hpayer@chromium.org> Cr-Commit-Position: refs/heads/master@{#66985}
-
Milad Farazmand authored
Port ec4ccade R=zhiguo.zhou@intel.com, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG= LOG=N Change-Id: Ide15cd0350633b5fb4f2af0ce55a334b428d1320 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2134421Reviewed-by: Junliang Yan <jyan@ca.ibm.com> Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#66984}
-
Hannes Payer authored
Change-Id: I921cdcf7a1b9dc0d5f8ddcb94c5e374b1fb1c879 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2135626Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Hannes Payer <hpayer@chromium.org> Cr-Commit-Position: refs/heads/master@{#66983}
-
Clemens Backes authored
This reverts commit 6ebccbd1. Reason for revert: Fails gc-stress: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20gc%20stress/27313 Original change's description: > [wasm] Deduplicate wasm scripts > > R=clemensb@chromium.org > > Bug: v8:6847 > Change-Id: I4509a7011a0d32f5bbd2eabf3d2ee6ef5304263d > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2124320 > Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> > Reviewed-by: Clemens Backes <clemensb@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Cr-Commit-Position: refs/heads/master@{#66981} TBR=ulan@chromium.org,clemensb@chromium.org,thibaudm@chromium.org Change-Id: I58e857d43b524115be3e29b9524794f05d631544 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:6847 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2135730 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#66982}
-
Thibaud Michaud authored
R=clemensb@chromium.org Bug: v8:6847 Change-Id: I4509a7011a0d32f5bbd2eabf3d2ee6ef5304263d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2124320 Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#66981}
-
Zhao Jiazhong authored
Port ec4ccade https://crrev.com/c/2129176 Change-Id: I6c37c6a2be4a42c440dd8c0920647a587f55e44d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2135546Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn> Cr-Commit-Position: refs/heads/master@{#66980}
-
Clemens Backes authored
Adding code can happen in parallel (it includes copying the code to the code region and relocation it). Publishing happens under one lock per native module though. We eventually want to avoid blocking on this lock for too long. This CL prepares that by splitting the actions of adding and publishing code. R=ahaas@chromium.org Bug: v8:10330, v8:10387 Change-Id: Iddbdadfe32e691bbf5e7b387ea947579bc3376f3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2134372 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#66979}
-
Clemens Backes authored
For easier debugging of Liftoff code generation issues, add code comments or out-of-line code. The name is generated from the {RuntimeStubId}. The respective name accessor is currently defined on the {NativeModule}, this CL makes it a top-level function so we can reuse it from Liftoff. R=thibaudm@chromium.org Bug: v8:10235 Change-Id: I7b99779217b9c052e34ad132eb34859b20548092 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2134307 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/master@{#66978}
-
Bruce Dawson authored
This reverts commit 10360127. Reason for revert: This fix only had moderate impact and the underlying CPU bug has now been addressed. Original change's description: > Speculative fix to crashes from a CPU bug > > For the last few months Chrome has been seeing many "impossible" crashes > on Intel Gemini Lake, family 6 model 122 stepping 1 CPUs. These crashes > only happen with 64-bit Chrome and only happen in the prologue of two > functions. The crashes come and go across different Chrome versions. > Analysis of most of the crashes shows that the address of the crashing > instruction follows some patterns: > > When crashing in GetFieldIndex() the last byte of the address is always > 1c, 5c, 9c, or dc. > > When crashing in UpdateCaches (fewer unique samples) the last byte of > the address is always 5d or 9d. > > The address of the function is 0xc or 0xd bytes earlier so the crashing > functions always start with an address that ends in 10, 50, 90, or d0. > > Those addresses are for the crashes on a load of the __security_cookie. > The crashes also occasionally happen on the two instructions that follow > the __security_cookie load in which case the crashing instruction's > address has been seen to end with 23 or a3. This corresponds to a > function start address of 10 or 90. > > Since the crash involves reading incorrect instruction bytes when > crossing a 16-byte boundary and since the crash appears to only happen > with particular 16-byte alignments it seems reasonable to force the > function's alignments to a multiple of 32 to see if this reliably > avoids the crashes. This change uses the gcc/clang __attribute__ > directive to force 32-byte alignment. I have tested this change enough to > verify that it triggers the desired alignment (with up to 31 "int 3" > instructions added for padding) but since I have never reproduced this > crash I have no way of testing its efficacy. > > Bug: chromium:968683, chromium:964273 > Change-Id: Ia6e1c6d1e044b84d274817374b25523303e78b51 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1803775 > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Commit-Queue: Bruce Dawson <brucedawson@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63804} TBR=brucedawson@chromium.org,verwaest@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: chromium:968683, chromium:964273 Change-Id: I150ecfebeff95e8f63dbba74d78491867dc17736 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2134728 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Auto-Submit: Bruce Dawson <brucedawson@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#66977}
-
Michael Lippautz authored
We cannot rely on the clang compiler to generate the trampoline entry and the right mangling because `__attribute__((naked))` does not prevent clang from generating TSAN function entry stub (`__tsan_func_entry`). Even with `__attribute__((no_sanitize_thread)` annotation clang generates the entry stub. Upstream bug: https://bugs.llvm.org/show_bug.cgi?id=45400 Bug: chromium:1056170 Change-Id: I7a2063d7d205ee071e6a41ce4d9cb2d8d6423987 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2132797Reviewed-by: Omer Katz <omerkatz@chromium.org> Reviewed-by: Anton Bikineev <bikineev@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#66976}
-
Michael Lippautz authored
Add support for ia32 Windows using clang. Change the callback function from a member function to a free function. This the compiler generating thiscall calling convention for the member function which allows for keeping the asm trampoline uniform. Bug: chromium:1056170 Change-Id: Ic8fcac27a628a0de026d8fe7d2e376c8f58a1737 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2134136Reviewed-by: Anton Bikineev <bikineev@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#66975}
-
Anton Bikineev authored
SourceLocation is needed to track Persistents. Bug: chromium:1056170 Change-Id: I4d5cf151a4d27b4c29582ff8195cdcb7453afe1c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2132790 Commit-Queue: Anton Bikineev <bikineev@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#66974}
-
- 02 Apr, 2020 4 commits
-
-
Timothy Gu authored
Remove other variants for the same functionality such as IsCallable(), TaggedIsCallable(), and !TaggedIsSmi() && IsCallable(). Change-Id: I33bcdf7699c1adf2330b3c11f482f7bbfcd927b3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2107515 Commit-Queue: Timothy Gu <timothygu@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#66973}
-
Zhou, Zhiguo authored
Bug: v8:9909 Change-Id: I11fae10593d135e007866411c61076300ac4ae7d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2129176Reviewed-by: Clemens Backes <clemensb@chromium.org> Reviewed-by: Zhi An Ng <zhin@chromium.org> Commit-Queue: Zhiguo Zhou <zhiguo.zhou@intel.com> Cr-Commit-Position: refs/heads/master@{#66972}
-
Ng Zhi An authored
i64x2 mul is more tricky, the algorithm is slightly modified: - for arm64, we can only use 2 temporaries - for arm, we only have 1 temporary, so we get another register manually, if we need it (modify lhs/rhs if they are not used) Bug: v8:9909 Change-Id: I0398e2c95348a8b49ca9773a78ccfb7af73e2eef Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2128606 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#66971}
-
Frank Tang authored
https://chromium.googlesource.com/external/github.com/tc39/test262/+log/f6b2ccdd..ae8694b4 ae8694b Copy "invalid options" test from RelativeTimeFormat to NumberFormat/DateTimeFormat by André Bargull · 2 days ago 299cd74 Promise.any: fix "invoke-then.js" test by Rick Waldron · 2 days ago 9ccd3a7 Test revoked callable [[ProxyTarget]] by Alexey Shvayka · 2 days ago 91b867b Fix non-callable [[ProxyTarget]] test by Alexey Shvayka · 2 days ago e8e3aaa Test revoked [[ProxyHandler]] by Alexey Shvayka · 2 days ago 8b610fb Test revoked [[ProxyTarget]] by Alexey Shvayka · 2 days ago 432adbb Adding case where 'static' is used as a field name by Caio Lima · 4 days ago 4bf836c Merge pull request #2533 from tc39/promise-any by Leo Balter · 5 days ago 22be03d Promise.any: lint fixes by Rick Waldron · 5 days ago d53f45d Promise.any: remove unnecessary static resolve def by Rick Waldron · 7 days ago 499b748 Promise.any: review fixes, 2 by Rick Waldron · 7 days ago b21b0c1 Promise.any: additional "resolve from rejection" tests by Rick Waldron · 7 days ago a05fb94 Promise.any: feature flags, 2 by Rick Waldron · 7 days ago 7fbce5a Promise.any: simplify promise creation by Rick Waldron · 7 days ago 5c68b60 Promise.any: cleanup in @@species tests by Rick Waldron · 7 days ago d9265df Promise.any: additional then + resolve tests by Rick Waldron · 7 days ago 1c74850 Promise.any: feature flags by Rick Waldron · 7 days ago 5d3eafc Promise.any: review fixes by Rick Waldron · 7 days ago f70e3e3 Features: remove duplicate "Promise.any" by Rick Waldron · 7 days ago 6edaba3 Promise.any: updates, corrections and new tests. by Rick Waldron · 7 days ago e0f0c78 Promise.any: empty iterable rejects with AggregateError by Rick Waldron · 7 days ago 272e9ab Promise.any: make async operation test actually async by Rick Waldron · 7 days ago 47b3858 Promise.any: expected rejection shouldn't end with error message. by Rick Waldron · 7 days ago 55b22d8 Promise.any: string iterable should not be rejected (adds error message for clarity) by Rick Waldron · 7 days ago e0abeaa Promise.any: convert sync test to async test to ensure run to completion by Rick Waldron · 7 days ago 860e02a add iter-assigned tests by chicoxyzzy · 7 days ago 9567abd Add iter-arg tests by chicoxyzzy · 7 days ago 094ddc7 add species-get-error test by chicoxyzzy · 7 days ago e3d48f2 add Invocation of the instance's `then` method test by chicoxyzzy · 7 days ago afe3f0b add reject-immed test by chicoxyzzy · 7 days ago adcd162 add is callable test by chicoxyzzy · 7 days ago 88d058b Add returns promise test by chicoxyzzy · 7 days ago be1bf63 Add Promise and Promise.any properties tests by chicoxyzzy · 7 days ago 23d7f0b add Invocation of the constructor's `resolve` method test by chicoxyzzy · 7 days ago f0fd4e0 update features.txt by chicoxyzzy · 7 days ago aca1084 Add context tests by chicoxyzzy · 7 days ago 715964b Add Capability Executor tests by chicoxyzzy · 7 days ago 96cf757 Harness: properly format negative zero by Alexey Shvayka · 7 days ago 1e63ce0 Improve String.prototype.@@replace poisoned stdlib test by Alexey Shvayka · 7 days ago 9b71a7c Fix inconsistent indentation in YAML by Alexey Shvayka · 7 days ago ad046ce Avoid using Array.isArray directly by Alexey Shvayka · 7 days ago 8fe71e1 Drop JSON.stringify stack overflow tests by Alexey Shvayka · 7 days ago dfc7ecc AggregateError: If NewTarget is undefined, let newTarget be the active function object (#2537) by Rick Waldron · 9 days ago db6f630 Adding test coverage for 'OptionalChain'.PrivateIdentifier case (#2534) by Caio Lima · 9 days ago 344612b Fix: Proxy set, if trap is undefined (#2536) by Rick Waldron · 9 days ago 79146e5 Bring back `verifyProp` param to `isWritable` by Alexey Shvayka · 9 days ago 3bf630c Add for/in test by Alexey Shvayka · 9 days ago 33b9bba Add Reflect.ownKeys test by Alexey Shvayka · 9 days ago b273aff Add Object.values test by Alexey Shvayka · 9 days ago 5874ca4 Add Object.keys test by Alexey Shvayka · 9 days ago c370276 Add Object.getOwnPropertySymbols test by Alexey Shvayka · 9 days ago 62c9541 Add Object.getOwnPropertyNames test by Alexey Shvayka · 9 days ago 021b8f2 Add Object.getOwnPropertyDescriptors test by Alexey Shvayka · 9 days ago b94190e Add Object.entries test by Alexey Shvayka · 9 days ago 2abfc8c Remove unused `verifyProp` paramter from `isWritable` by Alexey Shvayka · 9 days ago 86b9409 Increase unlikely array length by Alexey Shvayka · 9 days ago 17fc109 Fix isWritable throwing RangeError on Array "length" by Alexey Shvayka · 9 days ago 1eff480 Add toJSON stack overflow test by Alexey Shvayka · 9 days ago 2255a0f Add replacer stack overflow test by Alexey Shvayka · 9 days ago d2b5f63 Improve "info" meta of replacer with deleted property test by Alexey Shvayka · 9 days ago dc21d6b Add "lastIndex" restore test by Alexey Shvayka · 9 days ago fe2dfe9 Add "lastIndex" init test by Alexey Shvayka · 9 days ago fe4e96d Remove duplicate test regexp/u-dec-esc.js by Ross Kirsling · 9 days ago b0bb917 add dfs tests for https://github.com/tc39/ecma262/pull/1669 by Gus Caplan · 9 days ago b59d079 Add note on arbitrary large integer by Alexey Shvayka · 9 days ago 669250d RegExp: Test Quantifier with large integer by Alexey Shvayka · 9 days ago 8dccb69 Replace "\b" with "\u0008" by Alexey Shvayka · 9 days ago 2377131 Test \b escape inside CharacterClass in Unicode RegExp by Alexey Shvayka · 9 days ago 7117cdd Test astral literals within inverted CharacterClass by Alexey Shvayka · 9 days ago 2cae203 Add functional replacer with empty result test by Alexey Shvayka · 9 days ago 8e41e8b Add "lastIndex" length abrupt coercion test by Alexey Shvayka · 9 days ago 0485b83 Add "lastIndex" length coercion test by Alexey Shvayka · 9 days ago 807afd9 Make "length" coercion test more precise by Alexey Shvayka · 9 days ago 3f6b961 Make "index" integer coercion test more precise by Alexey Shvayka · 9 days ago 53d16ac Add "index" integer coercion test with functional replacer by Alexey Shvayka · 9 days ago e3e0e0f Add named capture groups abrupt lookup tests by Alexey Shvayka · 9 days ago c9e1c1c Add named capture groups abrupt coercion tests by Alexey Shvayka · 9 days ago 4d3db14 Add named capture groups coercion tests by Alexey Shvayka · 9 days ago dbbe2e7 Add "0" string coercion test with global RegExp by Alexey Shvayka · 9 days ago 50d1419 Make string coercion tests more precise by Alexey Shvayka · 9 days ago cf583c9 Add poisoned stdlib test by Alexey Shvayka · 9 days ago 67e58de Fix typo in file name by Alexey Shvayka · 9 days ago fea38b7 Remove extra operation from "info" by Alexey Shvayka · 9 days ago 13082b0 Add Array#concat test by Alexey Shvayka · 9 days ago 679ad48 Add Array#reduceRight test by Alexey Shvayka · 9 days ago 2716290 Add Array#fill test by Alexey Shvayka · 9 days ago 66913bf Add Array#lastIndexOf test by Alexey Shvayka · 9 days ago 4d91ea0 Add Array#indexOf test by Alexey Shvayka · 9 days ago 5885db1 Add Array#copyWithin test by Alexey Shvayka · 9 days ago 2724ddc Dependency: test262-harness@7.3.0 by Rick Waldron · 9 days ago f72db7e Add [[Call]] tests by Alexey Shvayka · 9 days ago 5c3ea18 Add [[Construct]] tests by Alexey Shvayka · 9 days ago aa53649 Add [[HasProperty]] tests by Alexey Shvayka · 9 days ago 6155fca Add [[Get]] tests by Alexey Shvayka · 9 days ago 2d60dc0 Add [[Set]] tests by Alexey Shvayka · 9 days ago 983b1ac Add [[OwnPropertyKeys]] tests by Alexey Shvayka · 9 days ago cc6d48d Add [[PreventExtensions]] tests by Alexey Shvayka · 9 days ago 3987d3c Add [[IsExtensible]] tests by Alexey Shvayka · 9 days ago d32db7a Add [[SetPrototypeOf]] tests by Alexey Shvayka · 9 days ago 20c2ce3 Add [[GetPrototypeOf]] tests by Alexey Shvayka · 9 days ago b9377e7 Add [[GetOwnProperty]] tests by Alexey Shvayka · 9 days ago d46e72d Add [[Delete]] tests by Alexey Shvayka · 9 days ago 6b9929a Add [[DefineOwnProperty]] tests by Alexey Shvayka · 9 days ago 2c432e3 Add coverage for EvaluateNew by Leo Balter · 2 weeks ago b29b1da Add tests for new identifier characters per Unicode version (#2532) by Mathias Bynens · 2 weeks ago 991e05d Move: AggregateError belongs in the NativeErrors directory (#2528) by Rick Waldron · 2 weeks ago 25c9e33 Update RegExp property escape tests per Unicode v13.0.0 (#2526) by Mathias Bynens · 3 weeks ago 22cd9fe Repair filter test that was testing concat (#2522) by Steven Cole · 3 weeks ago b0cb75f Repair indexOf test that was testing lastIndexOf (#2521) by Steven Cole · 3 weeks ago 36882a2 Fix: AggregateError/newtarget-proto-fallback. Closes gh-2515 (#2518) by Rick Waldron · 3 weeks ago 800870c Fix DST sensitivity in Date/parse/without-utc-offset.js. (#2523) by Ross Kirsling · 3 weeks ago 7631789 add graaljs test runner by Gus Caplan · 4 weeks ago 56ae1b9 switch to esvu to streamline engine installs by Gus Caplan · 4 weeks ago ca13f22 Fix lint.exceptions, I hope? by Ross Kirsling · 4 weeks ago 70bbce9 Add lint exception. by Ross Kirsling · 4 weeks ago df7a0b0 Remove errant LF from CR line ending test again. by Ross Kirsling · 4 weeks ago ec6239f typo (#2512) by Claude Pache · 5 weeks ago Bug: v8:7834, v8:9808, v8:10379, v8:10380, v8:10381, v8:10382, v8:10383, v8:10272 Change-Id: I9c46af4f0d72a2f1e032ec1c80d40ca096ce9af9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2133311Reviewed-by: Shu-yu Guo <syg@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/master@{#66970}
-