- 27 Oct, 2020 40 commits
-
-
Zhi An Ng authored
pshufb is a SSSE3 feature and so requires the scope before using. Change-Id: I42cf252079ba9aa9b09c2197a0e20b90ebc27b5d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2500927Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#70813}
-
Ng Zhi An authored
Bug: v8:11038 Change-Id: I21dc1bd048aa4d4d7068f7eba403a531a84849e1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2501968Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#70812}
-
Ng Zhi An authored
And remove all ifdefs guarding the tests. Bug: v8:11038 Change-Id: I91487a4bd60b6f2e327d1c2348289e446d6e93d1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2501967Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#70811}
-
Zhi An Ng authored
This is a reland of dde93768 Original change's description: > Add int64_t min and max to value helpers for test > > And also fix up a truncate float to int test that was using > int list as input instead of a float list. > > Change-Id: I544e38b2d212f8d11dfb5758db4fe6b283acae0d > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2419654 > Reviewed-by: Clemens Backes <clemensb@chromium.org> > Commit-Queue: Zhi An Ng <zhin@chromium.org> > Cr-Commit-Position: refs/heads/master@{#70774} Change-Id: Id196ea40eaf616d784d644346b912f1561fd97a0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2500926Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#70810}
-
Milad Fa authored
The displacement for vlbr and vstbr is a 12-bit unsigned integer. If a greater offset is passed we must fall back to using lrvg and strvg. Change-Id: I34107b82960a4d4de99fbf8b9324b13d9a455e67 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2504190Reviewed-by: Junliang Yan <junyan@redhat.com> Reviewed-by: Joran Siu <joransiu@ca.ibm.com> Commit-Queue: Milad Fa <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/master@{#70809}
-
Nicolas Dubus authored
- Created status enum with statuses kStarted, kAlreadyStarted and kErrorTooManyProfilers, returning when StartProfiling is invoked - Tests spin up one profiler, check kStarted returned; spin up another with same name, check kAlreadyStarted returned; Spin up 99 more profilers (100 total), check each returning kStarted, and one more, expecting 101st to return kErrorTooManyProfilers R=acomminos@fb.com, petermarshall@chromium.org, ulan@chromium.org Change-Id: I64e2e6396775f90f9f49f75331a075a47efa7fca Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2486240Reviewed-by: Peter Marshall <petermarshall@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#70808}
-
Milad Fa authored
Port 965916c7 Original Commit Message: The actual number of double regs available on arm depends on the current CPU. In some cases, we care about the max count of double regs (e.g. around Save/RestoreFPRegs which always reserves spaces for the max); in others, we care about the actual count. Use DwVfpRegister::kNumRegisters to fetch the max (= 32). Use DwVfpRegister::SupportedRegisterCount() for the actual count (16 or 32). R=jgruber@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com BUG= LOG=N Change-Id: I55ef4a14b4a7676d9773f57ea66149a069c70448 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2502810Reviewed-by: Junliang Yan <junyan@redhat.com> Commit-Queue: Milad Fa <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/master@{#70807}
-
Camillo Bruni authored
Add simple log file test with processor.mjs, mostly focusing on parsing the log file correctly. Change-Id: Ie8db569b65ecd526ef4474a64d4019f00707d159 Bug: v8:10668 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2484515 Commit-Queue: Dan Elphick <delphick@chromium.org> Auto-Submit: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#70806}
-
Bill Budge authored
- Adds a method to tell V8 that the process is cross-origin-isolated under COOP+COEP. In this case, SharedArrayBuffer can be enabled. Bug: chromium:923807 Change-Id: I729093665a50d2b3667c028e05b42d21d76b12d3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2502448Reviewed-by: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Commit-Queue: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#70805}
-
Michael Lippautz authored
Wrapper nodes are merged into their corresponding C++ object nodes when the reference between C++ and JS object has a wrapper class id set. Instead of iterating all global handles and checking for those with class ids, the new algorithm discovers them while iterating C++ objects. Note: Additional wrapper nodes, e.g., those from isolated worlds in Blink are not merged. Bug: chromium:1056170 Change-Id: I6dff8992e41d7a1a2c3b99a115a53df6b6fbb64c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2499661 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/master@{#70804}
-
Mythri Alle authored
This reverts commit d7ece57e. Reason for revert: failures on NumFuzz https://ci.chromium.org/p/v8/builders/ci/V8%20NumFuzz%20-%20debug/11818? Original change's description: > [turboprop] Add a slot for optimization marker in feedback vector > > Optimization marker and the optimized code used to share the same slot > in the feedback vector as they were mutually exclusive. With turboprop > we would want to mark the function for tier up to Turbofan while holding > the optimized code for Turboprop. So this cl uses the existing padding > field to hold the optimization marker instead. > > As a driveby, removes unused JSFunction::ClearOptimizedCodeSlot function > and fixes a minor bug in Runtime_GetOptimizationStatus. > > Bug: v8:9684 > Change-Id: I18c551a69648a0837d16c5453d023c0b295b1521 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2467836 > Commit-Queue: Mythri Alle <mythria@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> > Cr-Commit-Position: refs/heads/master@{#70789} TBR=rmcilroy@chromium.org,mythria@chromium.org,jgruber@chromium.org Change-Id: Ia9894fef713a522b9c3d349bef4abcde3e1e1832 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:9684 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2502870Reviewed-by: Mythri Alle <mythria@chromium.org> Commit-Queue: Mythri Alle <mythria@chromium.org> Cr-Commit-Position: refs/heads/master@{#70803}
-
Shu-yu Guo authored
Change-Id: I7c288f4e0c1dbc9600be2ccd69faecc4d38de17e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2500413Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/master@{#70802}
-
Michael Lippautz authored
cppgc must support the same feature set as the existing unified heap system, which requires support for wrapper-specific handling (drop on Scavenge, merge in snapshot). Replace JSMember by TracedReference to support IsRootForNonTracingGC() optimizations out of the box. cppgc support for wrapper/wrappable pairs will be added as followup. Change-Id: I3c6eff2b8dce5b71b04b2bd75182eb8672079a64 Bug: chromium:1056170 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2498685 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#70801}
-
Leszek Swirski authored
Add an initializer to the Serializer::allocation_size_ field so that the array is value-initialized to zero. Change-Id: I3bd9ecae63d9083e41cce4fbbfedc36ff5f0f741 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2502868 Auto-Submit: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#70800}
-
Camillo Bruni authored
- Remove ic-processor.html since it's been fully integrated in the system-analyzer - Use new tools/system-analyzer/processor.mjs for command line ic-processor - Update tools landing page - Partially fix dependencies on web specific components in helper.mjs Bug: v8:10644 Change-Id: I0c99ff7c7859684e53aa3ab22489b1a8242e1a6e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2498606Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#70799}
-
Santiago Aboy Solanes authored
This reverts commit 7ce5dd6e. Reason for revert: Clusterfuzz saw an issue, which is an m87 blocker. Reverting and will re-assess & reland later. Bug: v8:7790, chromium:1137594 Original change's description: > Reland "[compiler] Replace Symbol with direct reads" > > This is a reland of d3b295fa > > Got speculatively reverted in https://crrev.com/c/v8/v8/+/2403256 but > doesn't seem to have been causing the TSAN failures > > Original change's description: > > [compiler] Replace Symbol with direct reads > > > > Bug: v8:7790 > > Change-Id: I49120a6349777fd992a97d697940e79b2e71dbd1 > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2400988 > > Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> > > Reviewed-by: Georg Neis <neis@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#69812} > > Bug: v8:7790 > Change-Id: I459f4bfc881c641258dcc46fc55fce21f9e03dec > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2403921 > Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> > Commit-Queue: Georg Neis <neis@chromium.org> > Auto-Submit: Santiago Aboy Solanes <solanes@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#69822} TBR=neis@chromium.org,solanes@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: v8:7790 Change-Id: Iec7d708510702a9168c6ad9a7373584f107af739 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2502333Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Commit-Queue: Michael Stanton <mvstanton@chromium.org> Auto-Submit: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#70798}
-
Mike Stanton authored
This CL provides synchronized get/set to feedback vector slots. The FeedbackNexus is set up to use order preserving reads when used on the background thread, and a lock to ensure coherent read of information for ICKinds with two slots. The main thread takes the lock on sets. This test provides patterns to be followed by concurrent TurboFan. We don't yet access the FeedbackVector on the background thread. This CL only makes it safe to do so. The next step will come when the optimizing compiler begins to query the the vector from the background thread. Currently, with --concurrent-inlining turned on this is done in bytecode serialization on the main thread. Without concurrent inlining, it's also done on the main thread, in both cases using the FeedbackNexus. Bug: v8:7790 Change-Id: I49d8b8031190f91a0da1c24f375b6b6d8a9fe038 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2276210 Commit-Queue: Michael Stanton <mvstanton@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#70797}
-
Jakob Gruber authored
The number of available double registers depends on supported CPU features on arm. Any code that applies to all double regs must be extra-careful to correctly handle either 16 or 32 registers. This was not the case for deopt entries, which were recently moved from a runtime-generated code stub to a mksnapshot-time-generated builtin. This CL fixes the issue by inspecting the runtime value of cpu features and acting on it. Bug: v8:8661,chromium:1142158 Change-Id: I6f4d2e6ee6a80217b9110194b8e1edbe8670d8d0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2498686 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#70796}
-
Jakob Gruber authored
The actual number of double regs available on arm depends on the current CPU. In some cases, we care about the max count of double regs (e.g. around Save/RestoreFPRegs which always reserves spaces for the max); in others, we care about the actual count. Use DwVfpRegister::kNumRegisters to fetch the max (= 32). Use DwVfpRegister::SupportedRegisterCount() for the actual count (16 or 32). Bug: v8:11062 Change-Id: I7d0c3f1263433ef5dc8efa69a68dff92a7168ae6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2501842Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#70795}
-
Mythri Alle authored
This reverts commit 44f46def. Reason for revert: Causes failure in linux 64 fyi bots. https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20-%20fyi/18646? Original change's description: > [turboprop] Pass required parameters as value inputs to TierUpCheck node > > TierUpCheck node tail calls interpreter entry trampoline when additional > processing is needed for tiering up. Calling IET requires target, > new_target, input count and context as parameters. Earlier these were > created as parameter nodes in effect-control-linearizer. This causes > problems with Turboprop since TurboProp doesn't use the second scheduler > and cannot reschedule these nodes to the start block. We should instead > create these parameter nodes in bytecode-graph-builder and pass them > as value inputs to TierUpCheck node. > > Bug: v8:9684 > Change-Id: Icfe5a33b4e628d5a3ba9a3121b2b0746be6aed5c > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2498695 > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> > Commit-Queue: Mythri Alle <mythria@chromium.org> > Cr-Commit-Position: refs/heads/master@{#70790} TBR=rmcilroy@chromium.org,mythria@chromium.org,jgruber@chromium.org Change-Id: I66cd8a90efb39378c99e18f35548a1490b5e413a No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:9684 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2501846Reviewed-by: Mythri Alle <mythria@chromium.org> Commit-Queue: Mythri Alle <mythria@chromium.org> Cr-Commit-Position: refs/heads/master@{#70794}
-
Jakob Gruber authored
This addresses comments from [0] by extending comments to also describe embedded builtins in code.h, and by improving language around various meaning of 'metadata': - The Code object's metadata section is still called 'metadata'. - The embedded blob's table of layout descriptions for builtins is now called 'layout descriptions'. - The embedded blob's data section (containing hashes and layout descriptions) is now called 'data' section. [0] chromium-review.googlesource.com/c/v8/v8/+/2491025 Bug: v8:11036 Change-Id: Ibe84fddb9784cc5d3b66482612dcdb7a2e8d14ae Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2501284 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#70793}
-
Peter Marshall authored
We kept the CodeMap filled with entries between profiles, even in kLazyLogging mode which will re-fill the CodeMap when profiling starts again. See the bug for more details. This fix manually clears the CodeMap after the last profile is deleted. We already call DisableLogging() when the last profile is stopped. At this point we still need the CodeMap alive because the profile object we expose via the API is backed by the CodeEntry objects in the CodeMap. Once the last profile is deleted though, we can empty the CodeMap. There is still another bug, which is that we never delete CodeEntry objects for deleted code, as there are no CodeDeleteEvents from the GC. We will work on that separately, but this fix should stop those leaks accumulating between profiles as we wipe the CodeMap entirely between profiles (at least for kLazyLogging mode). kEagerLogging mode still has this problem and will only be fixed by introducing CodeDelete events or similar. Bug: v8:11051 Change-Id: Iab9570747d17c657e6e318d434f935af8047d05f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2491033 Commit-Queue: Peter Marshall <petermarshall@chromium.org> Reviewed-by: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#70792}
-
Alfonso Castaño authored
Since V8 and Renderer CL cannot be glued a separate CL includes the changes to ThreadDebugger: https://chromium-review.googlesource.com/c/chromium/src/+/2494761 Screenshot: https://i.imgur.com/rTIchch.png, https://i.imgur.com/knMTmMm.png Bug: chromium:1048143 Change-Id: I7551303f34f83fd4f8ccd134c87d34028a3f6c4d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2494706 Commit-Queue: Alfonso Castaño <alcastano@google.com> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#70791}
-
Mythri A authored
TierUpCheck node tail calls interpreter entry trampoline when additional processing is needed for tiering up. Calling IET requires target, new_target, input count and context as parameters. Earlier these were created as parameter nodes in effect-control-linearizer. This causes problems with Turboprop since TurboProp doesn't use the second scheduler and cannot reschedule these nodes to the start block. We should instead create these parameter nodes in bytecode-graph-builder and pass them as value inputs to TierUpCheck node. Bug: v8:9684 Change-Id: Icfe5a33b4e628d5a3ba9a3121b2b0746be6aed5c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2498695Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Mythri Alle <mythria@chromium.org> Cr-Commit-Position: refs/heads/master@{#70790}
-
Mythri A authored
Optimization marker and the optimized code used to share the same slot in the feedback vector as they were mutually exclusive. With turboprop we would want to mark the function for tier up to Turbofan while holding the optimized code for Turboprop. So this cl uses the existing padding field to hold the optimization marker instead. As a driveby, removes unused JSFunction::ClearOptimizedCodeSlot function and fixes a minor bug in Runtime_GetOptimizationStatus. Bug: v8:9684 Change-Id: I18c551a69648a0837d16c5453d023c0b295b1521 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2467836 Commit-Queue: Mythri Alle <mythria@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#70789}
-
Jakob Gruber authored
This CL makes the metadata offsets stored in Code headers relative to the start of the metadata section (instead of to the start of the instructions section). In a follow-up, metadata for embedded builtins will be moved from the .text section (with r-x or --x permissions) to the .rodata section (with r-- permissions). Drive-by: Simplify invariants around section alignment. A new invariant is that the end of the instruction section is aligned to Code::kMetadataAlignment. Drive-by: Ensure trampoline Code objects contain no metadata (metadata offsets all refer to the off-heap metadata section). Tbr: dinfuehr@chromium.org Bug: v8:11036 Change-Id: Idd0980913bbde9d3d1946b558e3ca58ec6356fcc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2491036Reviewed-by: Clemens Backes <clemensb@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#70788}
-
Jakob Gruber authored
This reverts commit 3c49308a. Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Clusterfuzz%20Mac64%20ASAN%20-%20debug%20builder/18360 Original change's description: > [DEPS] Add abseil to deps > > Add a dependency on the chromium abseil-cpp subdir mirror. > > Bug: v8:11006 > Change-Id: Icaad757269d27c65bc368ed539f84c5bb79ee62d > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2464940 > Commit-Queue: Leszek Swirski <leszeks@chromium.org> > Reviewed-by: Yang Guo <yangguo@chromium.org> > Reviewed-by: Victor Gomes <victorgomes@chromium.org> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> > Cr-Commit-Position: refs/heads/master@{#70786} TBR=rmcilroy@chromium.org,adamk@chromium.org,yangguo@chromium.org,hpayer@chromium.org,leszeks@chromium.org,victorgomes@chromium.org Change-Id: Iff2ac3b0da8725ec2df69aa527e5a4255ca3009c No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:11006 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2501843Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#70787}
-
Leszek Swirski authored
Add a dependency on the chromium abseil-cpp subdir mirror. Bug: v8:11006 Change-Id: Icaad757269d27c65bc368ed539f84c5bb79ee62d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2464940 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Victor Gomes <victorgomes@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#70786}
-
Simon Zünd authored
The crash scenario is as follows: 1) Add a getter for 'then' to the Object prototype that is considered side-effecting. 2) Evaluate a simple string using 'REPL' mode with side-effect checks enabled. Note: REPL mode is not strictly necessary, but it causes a 'then' lookup as the evaluation result is not a promise. 3) Calling the 'then' getter causes a termination exception, due to the side-effect check. JSPromise::Resolve then tries to put the termination exception as the reject reason, which causes a CHECK failure. The solution is to check for termination in the "abrupt completion" case when 'then' was retrieved. Bug: chromium:1140845 Change-Id: I72b644cd49355cea40f599fcbe80264e99ed7bd6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2501283Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#70785}
-
Zhi An Ng authored
Implement v128.load32_zero and v128.load64_zero on Liftoff, for ARM and ARM64. Bug: v8:11038 Change-Id: I5f845aca23f10b1a45a7ce9d1eb5bea0c1a22a55 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2486237 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#70784}
-
Charles Kerr authored
Halve the number of lookups in ExtractLocationForJSFunction() by calling GetPositionInfo() directly instead of making separate calls for column and line number. Improve the efficiency of position lookups in slow mode. The current code does a linear walk through the source by calling String::Get() for each character. This PR also does a linear walk, but avoids the overhead of multiple Get() calls by pulling the String's flat content into a local vector and walking through that. Downstream Electron discussion of this can be found at https://github.com/electron/electron/issues/24509 Apologies in advance if I've missed anything; this is my first V8 CL... Change-Id: I22b034dc1bfe967164d2f8515a9a0c1d7f043c83 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2496065 Commit-Queue: Simon Zünd <szuend@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#70783}
-
Zhi An Ng authored
Implement v128.load32_zero and v128.load64_zero on Liftoff, only for ia32 and x64. ARM will follow. Bug: v8:11038 Change-Id: I0fad054f462e27eb60825258dad385244b5e5a95 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2486236 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#70782}
-
Jakob Gruber authored
Like all metadata areas, the cp offset must be less than the body size. (In a follow-up, this will change s.t. offsets must be less than the metadata size.) Tbr: leszeks@chromium.org Bug: v8:11036 Change-Id: I108238601f36acd8d22fa161c042d4ca82b07e87 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2501281Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#70781}
-
Zhi An Ng authored
Bug: v8:10933 Change-Id: I4a889b087b4d33111533b8b04f151c8ac0fce042 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2497397 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#70780}
-
Zhi An Ng authored
Implement these two instructions on arm. Bug: v8:11038 Change-Id: I23d9c7291f60e29415cfbebced1bff323fd2465a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2485250 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#70779}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/6da208e..929bcdb Rolling v8/buildtools: https://chromium.googlesource.com/chromium/src/buildtools/+log/4be464e..98881a1 Rolling v8/third_party/aemu-linux-x64: KsPqcAfQNpcMneTUR-X2XLHNoNCcTLmqK-CIvqJ9zSMC..q6rFFTDSZ6MexUJ2yo5-IHfI0g1sohftVPqHt-TwJtYC Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/7874beb..4f6c1bb Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/6f9b1bf..77cd4b4 Rolling v8/third_party/icu: https://chromium.googlesource.com/chromium/deps/icu/+log/715ec35..d3c1cdc Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/7371bff..cf34aa6 TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com Change-Id: I9ff0f860ce1064a3ae0fee99f46dbdc43cfb70fb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2499883Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#70778}
-
Zhi An Ng authored
This reverts commit dde93768. Reason for revert: ubsan failures https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20UBSan/13518 Original change's description: > Add int64_t min and max to value helpers for test > > And also fix up a truncate float to int test that was using > int list as input instead of a float list. > > Change-Id: I544e38b2d212f8d11dfb5758db4fe6b283acae0d > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2419654 > Reviewed-by: Clemens Backes <clemensb@chromium.org> > Commit-Queue: Zhi An Ng <zhin@chromium.org> > Cr-Commit-Position: refs/heads/master@{#70774} TBR=clemensb@chromium.org,zhin@chromium.org Change-Id: If0faa8be8c55715a529dfe777c0ad9819105fc5b No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2500925Reviewed-by: Zhi An Ng <zhin@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#70777}
-
Zhi An Ng authored
We fixed float->uint conversion checks in https://crrev.com/c/2491382, and so we can use those checks here. Bug: v8:10933 Change-Id: Ie2697aaf8fb7761541aca60d5d0a8812a8f39e41 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2497383Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#70776}
-
Zhi An Ng authored
The SpecialValue field used in the disassembler covers too wide a range, this causes some duplication in the disassembler of instructions like mov, since the SpecialValue includes a bit used for the immediate. Attempt to refactor and follow the decoding guide given in the architecture manual [0], F4.1 A32 instruction set encoding, with the eventual goal for removing the duplicated instruction disassembly. [0] ARM DDI 0487F.b ARMv8 A32 instruction set Bug: v8:10933 Change-Id: Iddf4df317f9a5b29be2544ad2f9f93180e9bcdfc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2497395 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#70775}
-
Ng Zhi An authored
And also fix up a truncate float to int test that was using int list as input instead of a float list. Change-Id: I544e38b2d212f8d11dfb5758db4fe6b283acae0d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2419654Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#70774}
-