- 16 Sep, 2022 8 commits
-
-
pthier authored
This is a reland of commit 0a1f0e33 Changes since revert: - Deferred label for loading from forwarding table. - Check if hash is computed instead of checking if it is a forwarding index. - Retreive hash from forwarding table only if hash is assumed to be computed. Original change's description: > [strings] Fix raw hash lookup for forwarded strings > > Raw hashes may need to be looked up via the forwarding table when > internalized strings are forwarded to external resources. Notably, the > megamorphic ICs were not correctly fetching the raw hash. > > Bug: v8:12007 > Change-Id: Ibbc75de57e707788f544fbd1a0f8f0041350e29d > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885379 > Reviewed-by: Leszek Swirski <leszeks@chromium.org> > Commit-Queue: Shu-yu Guo <syg@chromium.org> > Reviewed-by: Patrick Thier <pthier@chromium.org> > Cr-Commit-Position: refs/heads/main@{#83115} Bug: v8:12007 Change-Id: Ia88ed51a49c62170bc960b8f69673bb1e59a6009 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3888057 Commit-Queue: Patrick Thier <pthier@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#83246}
-
Nico Hartmann authored
This reverts commit 80fb2815. Reason for revert: https://bugs.chromium.org/p/chromium/issues/detail?id=1364400 Original change's description: > [turbofan] Rematerialize BigInt64 in deopt > > This CL introduces two MachineTypes - SignedBigInt64 and UnsignedBigInt64, which are represented as Word64 but will be rematerialized to BigInt in deoptimization. This will avoid unnecessary conversions for BigInt64s when they are passed to StateValues. > > Bug: v8:9407 > Change-Id: I65fdee3e028ed8f9920b1c20ff78993c7784de48 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3858238 > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> > Commit-Queue: Qifan Pan <panq@google.com> > Cr-Commit-Position: refs/heads/main@{#83230} Bug: v8:9407 Change-Id: I77d278ce302621db03b787318641709780348cc8 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3901814 Auto-Submit: Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#83245}
-
Michael Achenbach authored
A recent refactoring changed the behavior of dropping/keeping results after test execution. The numfuzz loop has previously treated all results as analysis results, as it expected that others are dropped. After keeping all results, the second round invalidated the analysis results and the test loop stopped early. We now add an additional safeguard that ensures the received result is indeed associated with an analysis run and do not depend anymore on result presence/absence. This also adds all analysis-based instances to the test cases. No-Try: true Bug: v8:13295 Change-Id: Ic1ede904d279a0c2b318ec997e7c77542dbc75bb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3901812Reviewed-by: Alexander Schulze <alexschulze@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/main@{#83244}
-
Michael Achenbach authored
This improves the num-fuzzer system test. Previously, the test didn't actually start up the main functionality of num-fuzz and executed 0 tests. Now several of the production fuzzers are used to run fake test cases. The overall timeout signal, used to stop numfuzz, is mocked with a counter. The observer signals via the event method that would have caused the hang fixed in: https://crrev.com/c/3891373 No-Try: true Bug: v8:13113 Change-Id: I47d17c1fa2099474079acaad5640228d8c454eb1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3893807Reviewed-by: Alexander Schulze <alexschulze@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/main@{#83243}
-
Marja Hölttä authored
Bug: v8:11111,chromium:1362487 Change-Id: Ifc7649ec945a0cb13e02c52a47f8ab68fa8ab848 Fixed: chromium:1362487 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3890915Reviewed-by: Shu-yu Guo <syg@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/main@{#83242}
-
Anton Bikineev authored
Do it conditionally only when young-gen is enabled. Change-Id: I1bd8ed49302b9e2aef0a60ed7831de9ec1cbe276 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899308 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Auto-Submit: Anton Bikineev <bikineev@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#83241}
-
Simon Zünd authored
Myers algorithm for live edit diffing has been enabled since 10.6 without any reported problems, so we can safely remove the dynamic programming approach with 10.8. R=kimanh@chromium.org Bug: chromium:1205288 Change-Id: I95c26c11e949b8c36a0b6abd54859b3936933e9d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3901811 Commit-Queue: Simon Zünd <szuend@chromium.org> Reviewed-by: Kim-Anh Tran <kimanh@chromium.org> Cr-Commit-Position: refs/heads/main@{#83240}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/ccee528..b001130 Rolling v8/buildtools: https://chromium.googlesource.com/chromium/src/buildtools/+log/040e851..813d569 Rolling v8/buildtools/linux64: git_revision:fff29c1b3f9703ea449f720fe70fa73575ef24e5..git_revision:e70d8c3d5620bc0ddcbad23a36b1b26f815ca90a Rolling v8/buildtools/third_party/libc++/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxx/+log/c1e647c..e2f63a1 Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/0d1854a..c067655 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/5e4d749..dca14bc Rolling v8/third_party/fuchsia-sdk/sdk: version:9.20220914.1.1..version:9.20220915.2.1 Rolling v8/third_party/zlib: https://chromium.googlesource.com/chromium/src/third_party/zlib/+log/f48cb14..7d7ed92 Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/12149f2..c3b78bc R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com Change-Id: Ie381cd91ebf11d348beed4fdcc099292aa7ef3b3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3900398 Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#83239}
-
- 15 Sep, 2022 32 commits
-
-
Anton Bikineev authored
Now that we have all useful flags on the API side, use to them. Bug: chromium:1056170 Change-Id: Ia849b0925a2b2c10ace30b6c2b6871bd3572da31 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899306 Commit-Queue: Anton Bikineev <bikineev@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#83238}
-
Adam Klein authored
This reverts commit 4444874c. Reason for revert: CHECK failure under UBSan https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20UBSan%20-%20builder/5103/overview Original change's description: > [v8] Use |AllocateAtLeast| for resizing v8 zones. > > This is part of an ongoing effort to reduce fragmentation in Chrome. Partition alloc shows v8 zones are a large user of memory in Renderer processes, and that there is fragmentation from these allocations. This CL will reduce this fragmentation by allowing v8 to use all allocated memory for its zones. > > Bug: v8:13193, chromium:1238858 > Change-Id: Ibeac8bdba9d0e7ff66b14a3dde10e7c87d3cf953 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3889361 > Reviewed-by: Adam Klein <adamk@chromium.org> > Commit-Queue: Thiabaud Engelbrecht <thiabaud@google.com> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Cr-Commit-Position: refs/heads/main@{#83235} Bug: v8:13193, chromium:1238858 Change-Id: I03c8c1ad7bb1cd20770323bffe1c42a4be47c454 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3900814 Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Auto-Submit: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/main@{#83237}
-
Frank Tang authored
Need to reset tzi_xxx and calendar_xxx in parser state if the post-condition of CalendarName and TimeZoneIdentifier is not met. Bug: v8:11544 Change-Id: If2df6c8fc8cf2418ddd5443abab02066d423a0c3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3893554 Commit-Queue: Frank Tang <ftang@chromium.org> Reviewed-by: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/main@{#83236}
-
Thiabaud Engelbrecht authored
This is part of an ongoing effort to reduce fragmentation in Chrome. Partition alloc shows v8 zones are a large user of memory in Renderer processes, and that there is fragmentation from these allocations. This CL will reduce this fragmentation by allowing v8 to use all allocated memory for its zones. Bug: v8:13193, chromium:1238858 Change-Id: Ibeac8bdba9d0e7ff66b14a3dde10e7c87d3cf953 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3889361Reviewed-by: Adam Klein <adamk@chromium.org> Commit-Queue: Thiabaud Engelbrecht <thiabaud@google.com> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#83235}
-
Jakob Kummerow authored
This CL introduces a new LookupIterator state WASM_OBJECT, and updates all switches that need to handle it. Bug: v8:7748 Change-Id: Ie3359aed2d37f5a6854e5577fa3799f0464391e4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865559 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/main@{#83234}
-
Clemens Backes authored
Avoid the deprecated FLAG_* syntax, access flag values via the {v8_flags} struct instead. R=mliedtke@chromium.org Bug: v8:12887 Change-Id: I06e12314495c2d89135e58e5d3a01310f108e865 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899303Reviewed-by: Matthias Liedtke <mliedtke@chromium.org> Commit-Queue: Matthias Liedtke <mliedtke@chromium.org> Cr-Commit-Position: refs/heads/main@{#83233}
-
Anton Bikineev authored
The split is rudimental and now is not needed at all: - as part of the shared-cage effort we added HeapHandle pointer to the BasePageHandle class (on the API side); - for the value-full barrier we get HeapHandle from bitmasking the value; - for the value-less barrier we get it from the callback provided by the caller. The CL entirely removes the split and uses the single BoundedPageAllocator. A minor note: the conservative stack scanning can become sligthly more expensive. Bug: chromium:1361582, chromium:1325007 Change-Id: I2a8aded3dd12037998f36341c68af8e23b0dcd88 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899320Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Anton Bikineev <bikineev@chromium.org> Cr-Commit-Position: refs/heads/main@{#83232}
-
Samuel Groß authored
Since enabling the sandbox is now required for example for mkgrokdump, add it to the default gn args. Also treat non-sandbox builds as "non-shipping" in mkgrokdump.cc Bug: v8:13281 Change-Id: I08042aa53057e25c556e166c059373e2fdb9d2c1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899317 Commit-Queue: Samuel Groß <saelo@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/main@{#83231}
-
Qifan Pan authored
This CL introduces two MachineTypes - SignedBigInt64 and UnsignedBigInt64, which are represented as Word64 but will be rematerialized to BigInt in deoptimization. This will avoid unnecessary conversions for BigInt64s when they are passed to StateValues. Bug: v8:9407 Change-Id: I65fdee3e028ed8f9920b1c20ff78993c7784de48 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3858238Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Qifan Pan <panq@google.com> Cr-Commit-Position: refs/heads/main@{#83230}
-
Paolo Severini authored
When ETW Events are enabled with the --enable-etw-stack-walking flag we should not also enable the --interpreted-frames-native-stack by default. Showing the interpreted frames on the native stack is quite expensive since it involves mulltiple copies of the interpreter trampolines, and it's not always necessary to profile JS code, so it should be enabled when necessary with a separate flag. Bug: v8:11043 Change-Id: Id2d779e7fcac9b626f9da2e0c77edf9c30f853df Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3893601 Commit-Queue: Paolo Severini <paolosev@microsoft.com> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/main@{#83229}
-
Clemens Backes authored
Avoid the deprecated FLAG_* syntax, access flag values via the {v8_flags} struct instead. R=cbruni@chromium.org Bug: v8:12887 Change-Id: I7e828480e9cc919609dac69df89315c6fdc82dff Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899296Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#83228}
-
Manos Koukoutos authored
Bug: v8:7748 Change-Id: I74041f23ac64a3e509d82f84b4a710d23bbecbaf Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3893859Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/main@{#83227}
-
Nikolaos Papaspyrou authored
Inner pointer resolution, to be used in conservative stack scanning, assumes that all pages registered with the memory allocator are iterable. Until this CL, this was not the case for pages that were owned by the young generation semispaces but were unused. Such pages are either in the "from" semispace, or in the "to" semispace but have not yet been used. This CL ensures that all pages owned by the young generation are iterable. It also adds tests to verify that inner pointer resolution works correctly for unused young pages and for pointers above the page area. Bug: v8:13257 Change-Id: Ieff7cc216853403e01f83220b96bf8ff4cdea596 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885893Reviewed-by: Omer Katz <omerkatz@chromium.org> Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/main@{#83226}
-
Clemens Backes authored
Avoid the deprecated FLAG_* syntax, access flag values via the {v8_flags} struct instead. R=jkummerow@chromium.org Bug: v8:12887 Change-Id: I5bd5faaac89185c5f40b0eabb01f9b678f791498 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3898934 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/main@{#83225}
-
Clemens Backes authored
Avoid the deprecated FLAG_* syntax, access flag values via the {v8_flags} struct instead. R=marja@chromium.org Bug: v8:12887 Change-Id: Ie0106ceb521a775c7660d369cdb15763e9264149 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3898932Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#83224}
-
Matthias Liedtke authored
Change-Id: I83b2181323b311fb6994c6d2bed731357079ec1d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3892060 Commit-Queue: Matthias Liedtke <mliedtke@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/main@{#83223}
-
Leszek Swirski authored
Also add a DCHECK to prevent this stupid mistake in the future. Bug: v8:13190 Fixed: chromium:1363969 Change-Id: Ieb855ccfb42a1a6d84798eb09721d454c355935f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899313Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#83222}
-
V8 Autoroll authored
Change-Id: Ie338d4ecb1bcad09e0278dbceb2e21c7b9722d18 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899212Reviewed-by: Lutz Vahl <vahl@chromium.org> Commit-Queue: Lutz Vahl <vahl@chromium.org> Cr-Commit-Position: refs/heads/main@{#83221}
-
Leszek Swirski authored
Cached template objects only need to be cached for reference identity comparisons. If there is no strong reference to the cached template object, then there's nothing to compare it against if it were to be loaded from the cache, so we can hold it in the cache weakly. Bug: v8:13190 Change-Id: I4a787eb33eab734fe9df6c424ff915d775fce70f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3898692 Auto-Submit: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/main@{#83220}
-
Clemens Backes authored
Avoid the deprecated FLAG_* syntax, access flag values via the {v8_flags} struct instead. R=thibaudm@chromium.org Bug: v8:12887 Change-Id: Id2f457a1c0056d5015e2f9983d4599582d7189cd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3876185Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#83219}
-
Seth Brenith authored
This test observes GC behavior and needs the garbage collector to work in a somewhat predictable way. Bug: v8:13286 Change-Id: I24e6a4f33a644b5f1845cd34558da03fc196f7e5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3898721 Commit-Queue: Seth Brenith <seth.brenith@microsoft.com> Reviewed-by: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/main@{#83218}
-
Clemens Backes authored
Avoid the deprecated FLAG_* syntax, access flag values via the {v8_flags} struct instead. R=mliedtke@chromium.org Bug: v8:12887 Change-Id: I36c66465e3b6c1b27c1825e50f17f4bc8557c426 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3898936Reviewed-by: Matthias Liedtke <mliedtke@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#83217}
-
Clemens Backes authored
Avoid the deprecated FLAG_* syntax, access flag values via the {v8_flags} struct instead. R=szuend@chromium.org Bug: v8:12887 Change-Id: I8123d18ae852807557bf26b1308e0061dc1ac123 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3898937Reviewed-by: Simon Zünd <szuend@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#83216}
-
Clemens Backes authored
Avoid the deprecated FLAG_* syntax, access flag values via the {v8_flags} struct instead. R=leszeks@chromium.org Bug: v8:12887 Change-Id: I45a24a6297153f279a060079c0ee318545df6817 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3898931Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#83215}
-
Clemens Backes authored
Avoid the deprecated FLAG_* syntax, access flag values via the {v8_flags} struct instead. R=jgruber@chromium.org Bug: v8:12887 Change-Id: I0454426c664e54e9b8c8b39f903eeca1a80d4bc2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3898933 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Jakob Linke <jgruber@chromium.org> Cr-Commit-Position: refs/heads/main@{#83214}
-
Jakob Linke authored
This reverts commit c66e6ea0. Reason for revert: fyi bots are green again. Original change's description: > Disable interrupt-budget-for-maglev flag > > Bug: v8:7700 > Change-Id: Ieff3e3b053f418e73699a208993c4d0771326522 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879614 > Auto-Submit: Almothana Athamneh <almuthanna@chromium.org> > Commit-Queue: Michael Achenbach <machenbach@chromium.org> > Reviewed-by: Michael Achenbach <machenbach@chromium.org> > Commit-Queue: Almothana Athamneh <almuthanna@chromium.org> > Cr-Commit-Position: refs/heads/main@{#83066} Bug: v8:7700 Change-Id: I5c09ba5f7b3dc7f67582bb2ed7b4c4451660c4c9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3898938Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Auto-Submit: Jakob Linke <jgruber@chromium.org> Cr-Commit-Position: refs/heads/main@{#83213}
-
Jakob Linke authored
The kContextRegister can alias allocated registers - when setting it, take care not to unintentionally clobber. Bug: v8:7700 Change-Id: I0635d334fb14fa15540582a4873d4186fffa2199 Fixed: chromium:1363450 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3897634 Auto-Submit: Jakob Linke <jgruber@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#83212}
-
Jakob Linke authored
.. in TryBuildMonomorphicLoadFromLoadHandler. If data1 is cleared, emit an unconditional eager deopt. Note all early-return paths must happen before any code is emitted. Bug: v8:7700 Change-Id: I00d5ff258cc88a0cb2423267b362c05540d09839 Fixed: chromium:1359714 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3898691Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Jakob Linke <jgruber@chromium.org> Cr-Commit-Position: refs/heads/main@{#83211}
-
Leszek Swirski authored
This can happen when we have a load from a double field of a value that canonicalises to a Smi, and we then use that Smi value in Smi-feedback arithmetic. Bug: v8:7700 Fixed: v8:13282 Change-Id: I6d8245b8393f7595c3442985087ebb8e806061eb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3890999 Auto-Submit: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Jakob Linke <jgruber@chromium.org> Cr-Commit-Position: refs/heads/main@{#83210}
-
Clemens Backes authored
Avoid the deprecated FLAG_* syntax, access flag values via the {v8_flags} struct instead. R=nicohartmann@chromium.org Bug: v8:12887 Change-Id: Ibdf60bd42ed577f367eee7da4de3a7e3dd6799e6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3871205Reviewed-by: Jakob Linke <jgruber@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#83209}
-
Clemens Backes authored
Running the libfuzzer fuzzers locally (with an experimental flag turned on) found crashes, but did not produce crash files because we were generating a software interrupt ("trap") instead of properly aborting. Disabling the "hard-abort" feature fixes that. This will hopefully not flush out previously missed crashes. If so, please do manually bisect across this CL, instead of assigning to me :) Drive-by: Move more initialization logic from {InitializeFuzzerSupport} to the {FuzzerSupport} constructor, where other similar work is performed. R=thibaudm@chromium.org, saelo@chromium.org Bug: v8:13283 Change-Id: Id8d4e92f5ab6bb27676adeae6b3b1eb042b8ba3e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3892061Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Reviewed-by: Samuel Groß <saelo@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#83208}
-
Jakob Linke authored
Temporaries and the allocated result register may alias, thus order is important when setting the result value. Fixed: TestUndetectable, LogicalNot, SetPendingMessage. Drive-by: Pass Label::kNear in a few spots I passed by. Bug: v8:7700 Change-Id: Ice3de1d1014ad05d8fa9fb18d967887386bfed0d Fixed: chromium:1359723 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3898530 Auto-Submit: Jakob Linke <jgruber@chromium.org> Commit-Queue: Jakob Linke <jgruber@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#83207}
-