- 19 Jul, 2019 22 commits
-
-
Frank Tang authored
Bug: v8:9523 Change-Id: Ib9d6772d2025b0452ddcd777cc777276f9038e97 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1710960Reviewed-by: Adam Klein <adamk@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/master@{#62836}
-
Sam Clegg authored
All the whitespace checks need to be disabled because we use 2-space indentation. One day this could become part of a presubmit but for now its useful simply to be able to run the flake8 tools directly on a file in the v8 repo. Change-Id: I9d7ede102aaa17a7c6e7bf29887565ea2deeb887 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1697055Reviewed-by: Adam Klein <adamk@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Sam Clegg <sbc@chromium.org> Cr-Commit-Position: refs/heads/master@{#62835}
-
Frank Tang authored
1. Sync with https://github.com/tc39/proposal-unified-intl-numberformat/pull/57 so the formatting of {style: "unit" unit: "percent"} and the formatting of {style: "percent:"} are treated different that simplified the algorithm. 2. Store style into bit flags because we need it quickly during format. 3. Add more unit tests and regression test. Bug: v8:9498 Change-Id: I75ed22fef1feb73ebf624bda70ebe45b80e7bc8b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1704948Reviewed-by: Adam Klein <adamk@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/master@{#62834}
-
Dan Elphick authored
Fix CheckBaselineExpectations returning 2 when it can't read its input file. Since this was originally just in main, convert it to std::exit. Change-Id: I70ae6fbc6e5e12b748d2ab1cc83b1deb67a8f861 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1710659 Auto-Submit: Dan Elphick <delphick@chromium.org> Commit-Queue: Mythri Alle <mythria@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Cr-Commit-Position: refs/heads/master@{#62833}
-
Dan Elphick authored
In InterpreterCollectSourcePositions tests always unset FLAG_stress_lazy_source_positions as the tests cannot work with it due to assuming that source positions won't be collected immediately after a normal compile. Bug: v8:8510 Change-Id: I194ed06c59336f5af3b7b2113a12c1a21dd6bcac Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1709425 Commit-Queue: Dan Elphick <delphick@chromium.org> Commit-Queue: Mythri Alle <mythria@chromium.org> Auto-Submit: Dan Elphick <delphick@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Cr-Commit-Position: refs/heads/master@{#62832}
-
Ulan Degenbaev authored
Bug: chromium:677883 Change-Id: Id28310da0eb8762f30927397c9eaa942ac74852a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1709417Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#62831}
-
Yang Guo authored
Adds a new out param which allows accessing the ScriptOrModule of a function, which allows an embedder such as Node.js to use the function's i::Script lifetime. Refs: https://github.com/nodejs/node-v8/issues/111 Change-Id: I34346d94d76e8f9b8377c97d948673f4b95eb9d5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1699698Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#62830}
-
Toon Verwaest authored
This is a reland of e55e0aa5 Original change's description: > [runtime] Fix protector invalidation > > Protectors trigger when special properties are modified or masked. Previously > we would check whether the property stored on the holder would invalidate the > protector. Stores to to the receiver rather than the holder, however, so this > CL changes holder for receiver, and adds additional checks that were missing. > > Bug: v8:9466 > Change-Id: I81bc3d73f91381da0d254e9eb79365ae2d25d998 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1708468 > Commit-Queue: Leszek Swirski <leszeks@chromium.org> > Reviewed-by: Leszek Swirski <leszeks@chromium.org> > Cr-Commit-Position: refs/heads/master@{#62805} Tbr: leszeks@chromium.org Bug: v8:9466 Change-Id: I693c73577ca9a35a271f509770cc1c87e5cc4b73 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1709420 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#62829}
-
Clemens Hammacher authored
Those helped investigating a surprisingly long delay in wasm code caching. R=titzer@chromium.org CC=bbudge@chromium.org Change-Id: Id5491b9cb8824f337c20f66d5ab26f94d1a53562 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1709418Reviewed-by: Ben Titzer <titzer@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#62828}
-
Michael Lippautz authored
Adds global allocation limit to the general overshoot safety net for triggering GC. Adds a check to the interrupt that is triggered by the embedder to catch cases where there's no on-heap allocation. Bug: chromium:985641, chromium:948807 Change-Id: I3bc0c30f9344b57096db7ebbd8ad8c76808548ba Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1709414Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#62827}
-
Michael Starzinger authored
This makes sure the language mode of the module is correctly propagated through the WebAssembly module, so that exported functions are allocated with the correct language mode. It extends the existing {ModuleOrigin} enum to consist of three values now. R=clemensh@chromium.org TEST=mjsunit/regress/wasm/regress-985154 BUG=chromium:985154 Change-Id: Id7b566738b1e710cc5001b894022bcd0f2c01bc3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1708484 Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#62826}
-
Dan Elphick authored
Add a new mode to generate-bytecode-expectations to be used in a coming test that tests that the bytecode expectations generated by --rebaseline match the current state. Change-Id: Ic03787cd853f9bf7d9b4412f96a767036c848c61 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1708477 Auto-Submit: Dan Elphick <delphick@chromium.org> Commit-Queue: Dan Elphick <delphick@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#62825}
-
Sathya Gunasekaran authored
This reverts commit c2ee4a79. Reason for revert: webgl_conformance_tests deqp/data/gles2/shaders/conversions.html crashes on Android FYI Release (Nexus 9) See https://bugs.chromium.org/p/chromium/issues/detail?id=985624 Original change's description: > Reland "[regexp] Call the regexp interpreter without CEntry overhead" > > This is a reland of d4d28b73 > > Original change's description: > > [regexp] Call the regexp interpreter without CEntry overhead > > > > Previously all RegExp calls went through Runtime_RegExpExec when --regexp-interpret-all was set. > > > > This CL avoids the runtime overhead by calling into the interpreter directly from the RegExpExec Builtin when the regular expression subject was already compiled to ByteCode (i.e. after the first call). > > > > Bug: v8:8954 > > Change-Id: Iae9dfcef3370b772a05b2942305335d592f6f15a > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1698391 > > Commit-Queue: Patrick Thier <pthier@google.com> > > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > > Reviewed-by: Peter Marshall <petermarshall@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#62753} > > Bug: v8:8954 > Change-Id: I1f0b6de9c6da65bcb582ddb41a37419116a5c510 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1706053 > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Commit-Queue: Patrick Thier <pthier@google.com> > Cr-Commit-Position: refs/heads/master@{#62794} TBR=jgruber@chromium.org,petermarshall@chromium.org,pthier@google.com # Not skipping CQ checks because original CL landed > 1 day ago. Bug: v8:8954, chromium:985624 Change-Id: I5bc2c397a09979f42f28670f80a5366f2a33d80f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1709411 Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#62824}
-
Dan Elphick authored
Fix a cctest/test-bytecode-generator/PrivateMethods mismatch between the PrivateMethods source string and the snippet in the golden file due to missing newline at the end of the string. Change C++ raw string back to a normal string since in this case it makes it harder to see the problem. Change-Id: I3bea8873d37fbacac65548be8261f6b04104132f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1709413 Auto-Submit: Dan Elphick <delphick@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#62823}
-
Clemens Hammacher authored
This was introduced in https://crrev.com/c/1703762. R=titzer@chromium.org CC=zhin@chromium.org Change-Id: I3f13ab1ea1e87a2615883aa441581c62166f3587 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1709412Reviewed-by: Ben Titzer <titzer@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#62822}
-
Michael Starzinger authored
This adds decoding and compilation of the "atomic.fence" operator, which is intended to preserve the synchronization guarantees of higher-level languages. Unlike other atomic operators, it does not target a particular linear memory. It may occur in modules which declare no memory, or a non-shared memory, without causing a validation error. See proposal: https://github.com/WebAssembly/threads/pull/141 See discussion: https://github.com/WebAssembly/threads/issues/140 R=clemensh@chromium.org TEST=cctest/test-run-wasm-atomics/RunWasmXXX_AtomicFence BUG=v8:9452 Change-Id: Ibf7e46227f7edfe5c81c097cfc15924c59614067 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1701856 Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Cr-Commit-Position: refs/heads/master@{#62821}
-
Clemens Hammacher authored
Every time we clang-format this list, one more element gets stripped off into its own line. Fix this by disabling clang-format for this chunk (we did the same for the chunk below). R=mstarzinger@chromium.org Change-Id: I49efdccc78eb4186cdb15513600594d539082fd0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1708478Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#62820}
-
Frank Tang authored
Sync with https://github.com/tc39/proposal-unified-intl-numberformat/pull/54 Bug: v8:9483 Change-Id: I2aec5a78be235bddd4faa568665b73b9b84d7c93 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1700426Reviewed-by: Adam Klein <adamk@chromium.org> Reviewed-by: Mathias Bynens <mathias@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/master@{#62819}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/fb75973..c986429 Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/f8c5b19..42a883d Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/9217ff8..f4e0cc6 Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/29ddc91..558ca3e TBR=machenbach@chromium.org,tmrts@chromium.org Change-Id: I6e01c52d33ed9745dcfc170d829fa31545368ec1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1709112Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#62818}
-
Ng Zhi An authored
Bug: v8:8460 Change-Id: I3e649e1398be429b8aff5b57316e320f9ca5ae8f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1703763 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Bill Budge <bbudge@chromium.org> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Cr-Commit-Position: refs/heads/master@{#62817}
-
Ng Zhi An authored
Bug: v8:8460 Change-Id: Ica8329efa9be5944037e205f371d2bc34b882e0d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1703762Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#62816}
-
Ng Zhi An authored
Bug: v8:8460 Change-Id: I132f7332d3dda572b72404ca20297c4defb5c62b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1708450Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#62815}
-
- 18 Jul, 2019 18 commits
-
-
Andreas Haas authored
R=binji@chromium.org Change-Id: I01721c708b1e40cdef4bd48a1f9ca68b31c8f49d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1708470Reviewed-by: Ben Smith <binji@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#62814}
-
Z Nguyen-Huu authored
Reflect.deleteProperty now is a Torque builtins, also containing fast path for proxy object. Bug: v8:6664 Change-Id: I76d6fba2c9d05d991132957783d987a190585ec8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1704943 Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com> Reviewed-by: Simon Zünd <szuend@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#62813}
-
Adam Klein authored
This fixes the debug code which checks that API callbacks return only valid JS values: BigInt was missing from the list of allowable types. Bug: chromium:985115 Change-Id: I8b3db409bd99e9e9b936d520d0fdbe75654e7602 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1706623Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#62812}
-
Clemens Hammacher authored
This reverts commit bc33f5ae. Reason for revert: Still failing (OOM on win32): https://ci.chromium.org/p/v8/builders/ci/V8%20Win32/22210 Original change's description: > Reland "[arraybuffer] Rearchitect backing store ownership" > > This is a reland of 31cd5d83 > > Original change's description: > > [arraybuffer] Rearchitect backing store ownership > > > > This CL completely rearchitects the ownership of array buffer backing stores, > > consolidating ownership into a {BackingStore} C++ object that is tracked > > throughout V8 using unique_ptr and shared_ptr where appropriate. > > > > Overall, lifetime management is simpler and more explicit. The numerous > > ways that array buffers were initialized have been streamlined to one > > Attach() method on JSArrayBuffer. The array buffer tracker in the > > GC implementation now manages std::shared_ptr<BackingStore> pointers, > > and the construction and destruction of the BackingStore object itself > > handles the underlying page or embedder-allocated memory. > > > > The embedder API remains unchanged for now. We use the > > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to > > keep the backing store alive properly, even in the case of aliases > > from live heap objects. Thus the embedder has a lower chance of making > > a mistake. Long-term, we should move the embedder to a model where they > > manage backing stores using shared_ptr to an opaque backing store object. > > > > R=mlippautz@chromium.org > > BUG=v8:9380,v8:9221 > > > > Change-Id: I48fae5ac85dcf6172a83f252439e77e7c1a16ccd > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1584323 > > Commit-Queue: Ben Titzer <titzer@chromium.org> > > Reviewed-by: Ben Titzer <titzer@chromium.org> > > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > > Reviewed-by: Yang Guo <yangguo@chromium.org> > > Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> > > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#62572} > > Bug: v8:9380, v8:9221 > Change-Id: If3f72967a8ebeb067c0edcfc16ed631e36829dbc > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1691906 > Commit-Queue: Ben Titzer <titzer@chromium.org> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> > Reviewed-by: Yang Guo <yangguo@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Cr-Commit-Position: refs/heads/master@{#62809} TBR=ulan@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org,titzer@chromium.org,gdeepti@chromium.org,mlippautz@chromium.org Change-Id: Iea755df9aaa1e95d284135bd0a6681b1340b6832 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:9380, v8:9221 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1708487Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#62811}
-
Peter Marshall authored
Previously both tracing implementations would be run side-by-side when perfetto was enabled with the V8_USE_PERFETTO build flag. This CL makes them run separately. Both implementations now use the trace file provided by the user in D8 or the default v8_trace.json. Add tests for perfetto events (which must be tested differently due to the proto output format). Drive-by fix: Fix pass-by non-const ref in GetJSONStrings. Remove the TraceEvent struct for testing; we can just store a copy of the protobuf directly. Bug: v8:8339 Change-Id: Id50003e0f96e44b99a63a26693da6bdaca989504 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1702619Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#62810}
-
Ben L. Titzer authored
This is a reland of 31cd5d83 Original change's description: > [arraybuffer] Rearchitect backing store ownership > > This CL completely rearchitects the ownership of array buffer backing stores, > consolidating ownership into a {BackingStore} C++ object that is tracked > throughout V8 using unique_ptr and shared_ptr where appropriate. > > Overall, lifetime management is simpler and more explicit. The numerous > ways that array buffers were initialized have been streamlined to one > Attach() method on JSArrayBuffer. The array buffer tracker in the > GC implementation now manages std::shared_ptr<BackingStore> pointers, > and the construction and destruction of the BackingStore object itself > handles the underlying page or embedder-allocated memory. > > The embedder API remains unchanged for now. We use the > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to > keep the backing store alive properly, even in the case of aliases > from live heap objects. Thus the embedder has a lower chance of making > a mistake. Long-term, we should move the embedder to a model where they > manage backing stores using shared_ptr to an opaque backing store object. > > R=mlippautz@chromium.org > BUG=v8:9380,v8:9221 > > Change-Id: I48fae5ac85dcf6172a83f252439e77e7c1a16ccd > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1584323 > Commit-Queue: Ben Titzer <titzer@chromium.org> > Reviewed-by: Ben Titzer <titzer@chromium.org> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Reviewed-by: Yang Guo <yangguo@chromium.org> > Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Cr-Commit-Position: refs/heads/master@{#62572} Bug: v8:9380, v8:9221 Change-Id: If3f72967a8ebeb067c0edcfc16ed631e36829dbc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1691906 Commit-Queue: Ben Titzer <titzer@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#62809}
-
Clemens Hammacher authored
{Assembler::Nop} currently fails if {n} is bigger than {kGap} (the destructor of {EnsureSpace} checks that not more than {kGap} bytes have been emitted). This CL fixes this by repeatedly using {EnsureSpace}, and also optimizes the implementation of {Assembler::Nop} a bit. It also removes stray cases for 10 and 11 nop bytes which have been added in https://crrev.com/8773039 without further comment, and are not documented in the Intel manual. R=mstarzinger@chromium.org Bug: v8:9477 Change-Id: I07bbe311d2daa75dc27b91a0ccb503427c52841f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1708476 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#62808}
-
Sathya Gunasekaran authored
This reverts commit e55e0aa5. Reason for revert: speculative revert for tsan breakage https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket.appspot.com/8907588363297935904/+/steps/Check__flakes_/0/logs/regress-437713/0 Original change's description: > [runtime] Fix protector invalidation > > Protectors trigger when special properties are modified or masked. Previously > we would check whether the property stored on the holder would invalidate the > protector. Stores to to the receiver rather than the holder, however, so this > CL changes holder for receiver, and adds additional checks that were missing. > > Bug: v8:9466 > Change-Id: I81bc3d73f91381da0d254e9eb79365ae2d25d998 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1708468 > Commit-Queue: Leszek Swirski <leszeks@chromium.org> > Reviewed-by: Leszek Swirski <leszeks@chromium.org> > Cr-Commit-Position: refs/heads/master@{#62805} TBR=leszeks@chromium.org,verwaest@chromium.org Change-Id: Id8fc36525b7c5631589a67073ad1fd5815ea2775 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:9466 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1708482Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#62807}
-
Yang Guo authored
R=gsathya@chromium.org Change-Id: I892b96d5749066df476ace705f45a801a795c0a0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1706060 Auto-Submit: Yang Guo <yangguo@chromium.org> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#62806}
-
Toon Verwaest authored
Protectors trigger when special properties are modified or masked. Previously we would check whether the property stored on the holder would invalidate the protector. Stores to to the receiver rather than the holder, however, so this CL changes holder for receiver, and adds additional checks that were missing. Bug: v8:9466 Change-Id: I81bc3d73f91381da0d254e9eb79365ae2d25d998 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1708468 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#62805}
-
Clemens Hammacher authored
The destructor of the {WasmGCForegroundTask} can be called immediately when scheduling that task (if the platform determines that the task can never execute anyway). In that case, we deregister the task from the wasm engine so we do not access it later (which would be UAF). This deregistration leads to recursively taking a mutex now. The only later access to the task happens to cancel the task. For this purpose, we can also use the {CancelableTaskManager} of the isolate, and avoid all code in the destructor. This should fix the reentrant mutex, which leads to a DCHECK failure in debug builds and deadlock in release builds. R=mstarzinger@chromium.org Bug: chromium:984970, v8:8217 Change-Id: I14f05a21ea961ecc391dc59af3b5eebf31e0f873 Cq-Include-Trybots: luci.v8.try:v8_linux_blink_rel Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1706480Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#62804}
-
Pierre Langlois authored
With a write barrier, stores with negative offsets would allocate a temporary register to hold the offset when the `str` instruction is able to encode it. For instance, when writing the object map: ``` ;; This could be 'str x2, [x5, #-1]' movn x4, #0x0 str x2, [x5, x4] and x16, x5, #0xfffffffffffc0000 ldr x16, [x16, #8] tbnz w16, #2, #+0xba8 ; Jump out-of-line ``` The reason behind this is that the out-of-line code uses an 'add' instruction on the offset to compute the field address, putting pressure on the instruction selector to make sure the immediate fits in both 'str' and 'add'. But, this is not necessary since the macro-assembler is able to turn the 'add' into a 'sub' or use a temporary register if needed. Change-Id: I8838e4b81a0c0c1f90aa3d67861a9da1a6dfed06 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1708471Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Pierre Langlois <pierre.langlois@arm.com> Cr-Commit-Position: refs/heads/master@{#62803}
-
Ben L. Titzer authored
This test fails in --stress-opt mode because backing stores of memories/arraybuffers that are postMessage()'d leak in d8. In normal mode, only ~16 memories are allocated, which is not enough to OOM, but in stress mode, it can be 5x that number. Should be fixed by upcoming ownership changes. BUG=v8:9380 R=clemensh@chromium.org Change-Id: Iecec07d15339cf43b23f128f13d570dfe3b32130 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1708475Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Ben Titzer <titzer@chromium.org> Cr-Commit-Position: refs/heads/master@{#62802}
-
Ulan Degenbaev authored
The multiplier should depend on the kTaggedSize. Bug: v8:7703 Change-Id: I3a13e51d06c31b70f6191b23b1913e7bc35cdb8f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1708473 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#62801}
-
Ross McIlroy authored
If we flush the bytecode from a SFI we might recompile a JSFunction while the function still has its old feedback vector. This should usually be fine since the new and old feedback vectors have the same layout, however some bugs in the parser mean that it's possible for eagerly and lazily compiled eval functions to have different bytecode and so potentially different feedback vector layouts. For now reset the feedback vector if it doesn't have the same size when we compile the JSFunction, and recreate a new one of the correct layout. This will be replaced with a CHECK once the parser bugs are fixed. BUG=chromium:984344,v8:9511 Change-Id: Ib8976f2541516f7a07e4d4ab7dc3c750dfe9b5d4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1708474 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Auto-Submit: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#62800}
-
Georg Neis authored
This is a reland of 6805395d, after resolving another issue. Original change's description: > Revert "Temporarily remove --concurrent-inlining from --future" > > This reverts commit 060b9ec4, as the > issue has been resolved. > > Bug: v8:7790 > Change-Id: Id8a56ad50a508eacd191f2777cc5afc0b838364f > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1700078 > Commit-Queue: Georg Neis <neis@chromium.org> > Commit-Queue: Michael Stanton <mvstanton@chromium.org> > Reviewed-by: Michael Stanton <mvstanton@chromium.org> > Reviewed-by: Maya Lekova <mslekova@chromium.org> > Auto-Submit: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#62713} TBR=neis@chromium.org Bug: v8:7790 Change-Id: Ibc5991787982197d08942eb067c83001d91050ec Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1708472Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#62799}
-
Ulan Degenbaev authored
When the main thread contributes to an item parallel job and runs an item parallel task, it currently emits a background GC trace event. That is confusing and may lead to incorrect accounting of main thread GC time. This patch fixes it by introducing a 'Runner' parameter to ItemParalllelJob::Task::RunInParallel and emitting a foreground GC event if the runner is the main thread. Bug: v8:9508 Change-Id: I755751bfe9eef427666d5f16fb50aa6093059e80 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1706485Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#62798}
-
Andreas Haas authored
With recent spec changes, table.copy of length 0 does not trap anymore, and we copy backwards whenever src < dst. R=binji@chromium.org Change-Id: I48e2b65083565631abc41bf4fdf4971f80fdf440 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1706471 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Ben Smith <binji@chromium.org> Cr-Commit-Position: refs/heads/master@{#62797}
-