- 12 Oct, 2020 10 commits
-
-
Anna Henningsen authored
Fix a crash/hang that occurred when deleting a snapshot during the GC that is part of taking another one. Specifically, when deleting the only other snapshot in such a situation, the `v8::HeapSnapshot::Delete()` method sees that there is only one (complete) snapshot at that point, and decides that it is okay to perform “delete all snapshots” instead of just deleting the requested one. That resets the internal string lookup table of the heap profiler, but the new snapshot that is currently in progress still holds references to the old string lookup table, leading to a use-after-free segfault or infinite loop. Fix this by guarding against resetting the string table while another heap snapshot is being taken, and add a test that would crash before this fix. This can be triggered in Node.js by repeatedly calling `v8.getHeapSnapshot()`, which provides heap snapshots as weakly held host objects. Change-Id: If9ac3728bf79114000982f1e7bb05e8034299e3c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2464823Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#70445}
-
gengjiawen authored
See: https://github.com/nodejs/node/pull/35415 Change-Id: I5d77ae202d4bbfb0971246fe5de9c0ad17c485ff Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2459491Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Auto-Submit: Jiawen Geng <technicalcute@gmail.com> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#70444}
-
Camillo Bruni authored
This has been broken ever since we added multiple timeline-tracks. Drive-by-fix: Rename selectionMouseMove to selectTimeRange. Bug: v8:10644 Change-Id: Icff06a2d636a4a7302ac406f99e1012be4c7f25f No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2463240 Auto-Submit: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#70443}
-
Santiago Aboy Solanes authored
Clean-ups: * Remove the detaching of persistent handles from the LocalHeap if the main thread will not get the handles from the background thread. * Remove unused isolate member. * Make members private/protected as needed. Bug: v8:7790 Change-Id: I23bf4a41124bd04d4a848edfa1ef8f9e8e77182c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2463234Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#70442}
-
Jakob Gruber authored
This is a reland of e2408c25 Changes since last time: also accept CRASH test results. For some reason, the CHECK failure is detected as a CRASH on mac bots. Original change's description: > [regexp] Protect against reentrant RegExpStack use > > Irregexp, and in particular the RegExpStack, are not reentrant. > Explicitly guard against reentrancy. > > Bug: chromium:1125934 > Change-Id: I0fc295f6986a89221982e6a2ccefed46193974f6 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2460820 > Commit-Queue: Yang Guo <yangguo@chromium.org> > Auto-Submit: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Yang Guo <yangguo@chromium.org> > Cr-Commit-Position: refs/heads/master@{#70436} Tbr: yangguo@chromium.org Bug: chromium:1125934 Change-Id: I2116ca5944c49f6114228d4402847bdd426bdd7f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2465823Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#70441}
-
Santiago Aboy Solanes authored
A handful of methods were loading the same member twice in the same method. Bug: v8:7790 Change-Id: I20a1a95ed9dae2ff75bfdbf4c571d26ad02b1f94 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2454717Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#70440}
-
Ulan Degenbaev authored
This removes redundant worklist draining in the fix-point iteration. It may discover more ephemerons and break the assertion. The draining is not needed because FinishConcurrentMarking ensures that all background threads drain their worklists. Bug: chromium:1136405 Tbr: etiennep@chromium.org Change-Id: I3a311dca36dd2f88ab5006f995be235c74c1a0f6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2464933Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#70439}
-
Camillo Bruni authored
- simplify CSS in index.css - fix start-page layout - reduce timeline-track height - fix timeline-track legend layout - fix scrollbar colors in dark theme Bug: v8:10644 Change-Id: If3bb7422e6866bac766e7851f489a42ecbcf1d78 No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2463239 Auto-Submit: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#70438}
-
Nico Hartmann authored
This reverts commit e2408c25. Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Mac64/36733?1 Original change's description: > [regexp] Protect against reentrant RegExpStack use > > Irregexp, and in particular the RegExpStack, are not reentrant. > Explicitly guard against reentrancy. > > Bug: chromium:1125934 > Change-Id: I0fc295f6986a89221982e6a2ccefed46193974f6 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2460820 > Commit-Queue: Yang Guo <yangguo@chromium.org> > Auto-Submit: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Yang Guo <yangguo@chromium.org> > Cr-Commit-Position: refs/heads/master@{#70436} TBR=yangguo@chromium.org,jgruber@chromium.org Change-Id: I7b51659d21fe2d49ff343f4de0f6bb9720281b86 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:1125934 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2465822Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/master@{#70437}
-
Jakob Gruber authored
Irregexp, and in particular the RegExpStack, are not reentrant. Explicitly guard against reentrancy. Bug: chromium:1125934 Change-Id: I0fc295f6986a89221982e6a2ccefed46193974f6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2460820 Commit-Queue: Yang Guo <yangguo@chromium.org> Auto-Submit: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#70436}
-
- 09 Oct, 2020 20 commits
-
-
Ng Zhi An authored
These tests were disabled because scalar lowering wasn't fully implemented yet. Now we are at a stage when we can enable them. The only remaining tests with lowering test disabled are prototype instructions, once they are merged into the proposal proper, scalar lowering should be implemented for them, and relevant tests enabled. Bug: v8:10507 Change-Id: I4b7c8778f70e226ebda3bf5a2a7dd5efa343bc0c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2460841Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#70435}
-
Ng Zhi An authored
Lowering for f32x4 and f64x2 pmin and pmax. Bug: v8:10501,v8:10507 Change-Id: I2d92d337835a62e6adb979ed573b616cc2b86c25 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2461453Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#70434}
-
Ng Zhi An authored
Some of these functions don't need to be defined, we can directly call the same helpers defined elsewhere. Bug: v8:10933 Change-Id: I31464195b11ed14f0725d9ed9711fa72ddbb4e92 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2461478Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#70433}
-
Andreas Haas authored
A previous update got reverted due to a SIMD test,see https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket.appspot.com/8867662180901819968/+/steps/Check_-_ODROID/0/logs/simd_f32x4_pmin_pmax/0. R=zhin@chromium.org Bug: v8:10938 Change-Id: Id1e7e35112f127ccd8d5420b96f247d4fa2b52fb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2454711Reviewed-by: Zhi An Ng <zhin@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#70432}
-
Milad Fa authored
ceilf and truncf do not preserve the sign bit when its input is passed by value and the output is rounded to 0: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97086 Change-Id: I2e3e4fc8822be9da0a16d99b4173641a91fa5957 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2463505Reviewed-by: Zhi An Ng <zhin@chromium.org> Commit-Queue: Milad Fa <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/master@{#70431}
-
Samuel Groß authored
This change tags pointers in the external pointer table with a type dependent value in order to prevent type confusions between different external pointers. Bug: v8:10391 Change-Id: I5a83178e5ac46d49a99c91047816926120d801d3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2443133Reviewed-by: Andreas Haas <ahaas@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Samuel Groß <saelo@google.com> Cr-Commit-Position: refs/heads/master@{#70430}
-
Omer Katz authored
Tracing JSMembers uses the bailout mechanism. The bailout is implemented as a dynamic mechanism named DeferTraceToMutatorThreadIfConcurrent that is called from relevant Trace methods. Bug: chromium:1056170 Change-Id: I90e6feae25c4c832be256693f9e44a963a6794b7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2426613 Commit-Queue: Omer Katz <omerkatz@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Anton Bikineev <bikineev@chromium.org> Cr-Commit-Position: refs/heads/master@{#70429}
-
Michael Lippautz authored
Adds a cross-thread reference for strongly and weakly retaining objects on a thread other than the thread that owns the object. The intended use of the reference is by setting it up on the originating thread, holding the object alive from another thread, and ultimately accessing the object again on the originating thread. The reference has known caveats: - It's unsafe to use when the heap may terminate; - It's unsafe to transitively reach through the graph because of compaction; Change-Id: I84fbdde69a099eb54af5b93c34e2169915b17e64 Bug: chromium:1056170 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2436449 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Reviewed-by: Anton Bikineev <bikineev@chromium.org> Cr-Commit-Position: refs/heads/master@{#70428}
-
Ross McIlroy authored
BUG=v8:9684 Change-Id: I064b552b021597a80e57303cab3c2fbf552be6a2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2463228 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#70427}
-
Clemens Backes authored
Always install the Abort builtin first, because heap validation might get triggered while we compile the wasm-to-js wrapper, and it would find an illegal WasmJSFunctionData object otherwise. TBR=manoskouk@chromium.org Bug: v8:9495 Change-Id: I959eb3b6e9944db8b7ad7ecd0a51eefdab98c751 No-Tree-Checks: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2463230Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#70426}
-
Ulan Degenbaev authored
Since GC can now happen during deserialization, object fields may contain the Smi sentinel value instead of pointers. This adds the required guards to methods of NativeContextInferrer Bug: chromium:1136801 Change-Id: I7338f31bf6ee34b8dee8431b8250d2cc2978e0c2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2461241 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#70425}
-
Ulan Degenbaev authored
This fixes a GCC compile error Tbr: mlippautz@chromium.org Change-Id: Ia6239894c86c3131ab501128192177f30ef09d59 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2461744Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#70424}
-
Marja Hölttä authored
(Thanks jbroman@ for the strawperson fix.) Bug: chromium:1136800 Change-Id: I4aee55ef40069b460f59ef5b7ba7fc50ab7033cd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2463225 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#70423}
-
Mythri A authored
HandleBase::is_identical_to() is_identical_to in handle base is used to do the exact comparison by just comparing the locations. When the locations are different the values are compared. For Smis it compares 64 bits which might lead to incorrect behaviour. Smis loaded as a TaggedField has the root address added. It is expexted that we don't use higher order bits on Smi. Hence, is_identical_to shouldn't use these bits when comparing Smis. This cl fixes it by comparing the objects created from the given location. That takes care of correctly comparing the required bits. Change-Id: I574dfbea4c1fffc7a9e3a6a10ad7631d40c518ce Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2461743 Commit-Queue: Mythri Alle <mythria@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#70422}
-
Manos Koukoutos authored
Changes: - Add wasm-to-js wrapper field to WasmJSFunction. A WasmJSFunction might be called with call_ref without being imported to a module, and this provides a call target for this scenario. The wrapper is only compiled if --experimental-wasm-typed-funcref is set. - Add CompileWasmToJSWrapper in wasm-compiler. - Rename BuildLoadFunctionDataFromExportedFunction -> BuildLoadFunctionDataFromJSFunction to reflect its wider usage. - Rename BuildWasmImportCallWrapper -> BuildWasmToJsWrapper to reflect this function is now also used by CompileWasmToJSWrapper (unrelated to imports). - (Drive-by) Remove dead arguments from wasm-module-builder.js. Bug: v8:9495 Change-Id: I23468b69d42310cb8e96da5286ce68c701188876 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2459371Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/master@{#70421}
-
Camillo Bruni authored
Return undefined instead of hard-crashing. Bug: chromium:1130213 Change-Id: I7e573f46607fc0e7b91db62d881b4209b919028e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2456087 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#70420}
-
Michael Lippautz authored
Bug: chromium:1056170 Change-Id: I3320a0b8c740067ea1e424c37ae8db4e87753c1a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2461738 Auto-Submit: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Anton Bikineev <bikineev@chromium.org> Reviewed-by: Anton Bikineev <bikineev@chromium.org> Cr-Commit-Position: refs/heads/master@{#70419}
-
Etienne Pierre-doray authored
This is a reland of 84eec6e9 Original change's description: > [wasm] Use NumOutstandingCompilations() in BackgroundCompileJob:GetMaxConcurrency() > > This simplifies current_compile_job_ since ScheduleCompileJobForNewUnits > is only called on the main thread. > > From pinpoint: > v8:wasm:sync_instantiate:wall_time: 19.1% improvement > v8-gc-incremental-step: 20.5% improvement > https://pinpoint-dot-chromeperf.appspot.com/job/152920d8520000 > > Change-Id: Id560080937f5439cf3321ce9306c7cae49e74798 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2442383 > Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org> > Reviewed-by: Clemens Backes <clemensb@chromium.org> > Cr-Commit-Position: refs/heads/master@{#70386} Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng Change-Id: Ic989b64f130a00ce52228cdd2f57f4c1ade354f2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2458147 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#70418}
-
Ulan Degenbaev authored
The assertion states that compilation of an empty script does not add new pages. This doesn't not necessarily hold if the existing pages are almost full. Bug: v8:10988 Change-Id: I71735e6736fb94e1ccde7f6430a2c4b0d48c43f3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2461728Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#70417}
-
Etienne Pierre-doray authored
This is a reland of 4848de2a Issue 1136405: non empty ephemeron list after FinishConcurrentMarking Fix: COMPLETE_TASKS_FOR_TESTING Join()s instead of Cancel() Issue: Failing TSAN failures Fix: Safe to reland after https://chromium-review.googlesource.com/c/v8/v8/+/2461726 Original change's description: > Reland "[Heap]: Marking use Jobs." > > This is a reland of 4a2b2b2e > > Original change's description: > > [Heap]: Marking use Jobs. > > > > StopRequest is removed in favor of: > > COMPLETE_TASKS_FOR_TESTING -> JoinForTesting() > > PREEMPT_TASKS -> Pause() > > COMPLETE_ONGOING_TASKS now has the same behavior as PREEMPT_TASKS > > - we should avoid waiting on the main thread as much as possible. > > > > Change-Id: Icceeb4f0c0fda2ed234b2f26fe308b11410fcfb7 > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2376166 > > Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org> > > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#70037} > > Change-Id: I386f619501ad07997278543868bc889a60afcc8b > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2423938 > Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Cr-Commit-Position: refs/heads/master@{#70387} Bug: chromium:1136405 Change-Id: I511c3d1747ef79ed6e7066c9a5bba052f9d4cd37 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2458246 Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#70416}
-
- 08 Oct, 2020 10 commits
-
-
Ng Zhi An authored
Missed this earlier when it was merged into the proposal. f32x4 and f64x2 ceil, floor, trunc, nearestint. Also enable cctests. Bug: v8:10507,v8:10906 Change-Id: I2de00e615cd63d81303649774db2a2ab800f6f72 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2461451Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#70415}
-
Anton Bikineev authored
Bug: chromium:1056170 Change-Id: If4d4d08b4a50312b7a3cd1d11bb2cccc2272c96b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2461733Reviewed-by: Omer Katz <omerkatz@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Anton Bikineev <bikineev@chromium.org> Cr-Commit-Position: refs/heads/master@{#70414}
-
Omer Katz authored
The TraceTrait for JSMember is currently missing GetTraceDescriptor. We missed it because we don't have proper tests for JSMember, but it would fail to build if it was ever actually traced. Bug: chromium:1056170 Change-Id: I45fd2c7c666e791f866813f762b488958f65f3cf Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2460815Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/master@{#70413}
-
Omer Katz authored
Bug: chromium:1056170 Change-Id: I4214978f31ae754e4940dfca4182ada202d17c01 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2456688Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Reviewed-by: Anton Bikineev <bikineev@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/master@{#70412}
-
Leszek Swirski authored
Create a HandleScope when serializing an object's contents, to reduce the number of live handles during serialization. There's only a couple of cases where these handles have to outlive the serialized contents, and for these cases we introduce GlobalHandleVector or similar manual strong root mechanisms. In particular, backrefs don't actually need to exist as a handle vector (the object addresses are already referred to by the reference map's IdentityMap), except for DCHECKs, so this becomes a DEBUG-only global handle vector. To support this manual strong-rooting, the HotObjectList is split up into a strong-rooted find-only class in Serializer, and a Handle vector in Deserializer. Bug: chromium:1075999 Change-Id: I586eeeb543e3f6c934c168961b068f2c34e72456 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2449980Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#70411}
-
Camillo Bruni authored
This simplification helps with correctness fuzzers where Promises created during error printing are flakily handled. We might skip over certain rejected Promises that were created after finishing running the script. This seems to be a reasonable compromise in helping debugging scripts with unhandled rejections in d8. Bug: chromium:1126309 Change-Id: Ia87c80cfd390bf8c6a724dc2f0e9e5fd1599e332 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2460814Reviewed-by: Andreas Haas <ahaas@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#70410}
-
Maya Lekova authored
With this CL, fast API calls reuse the same stack slot they are using for the {fallback} parameter. This relies on the fact that the fast calls are non-reentrant, due to their inability to call into JavaScript. Bug: chromium:1052746 Change-Id: I2c56fcbe425023244a566bb39439e8e04072f316 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2461729 Commit-Queue: Maya Lekova <mslekova@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#70409}
-
Clemens Backes authored
It turns out that most LEBs are rather small (especially when used for locals). This CL adds a fast path for single-byte LEBs which is supposed to be inlined into callers. The more expensive slow path is then explicitly outlined to avoid excessive binary size growth. R=thibaudm@chromium.org Change-Id: I0dcdf597b9be3055acc2b878b6bee3fa21839758 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2449974 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/master@{#70408}
-
Ulan Degenbaev authored
Currently MockPlatform has shorter lifetime than the isolate that uses it. This leads to use-after-free races in concurrent tasks that fetch the mock platform just before it is freed. This CL ensures that MockPlatform is valid throughout the whole lifetime of the isolate Change-Id: Ib94dc7674b9f94833be3372de68209ec38577ca1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2461726 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org> Cr-Commit-Position: refs/heads/master@{#70407}
-
Georg Neis authored
Bug: v8:7790 Change-Id: I1ffb2289f613a03d0246db2d66c3caaf0e4d6d2a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2448796 Auto-Submit: Georg Neis <neis@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/master@{#70406}
-