- 30 Sep, 2021 27 commits
-
-
Milad Fa authored
Port b9a6301e Original Commit Message: Load instance type into a register instead of using memory operands for several checks on ia32 and x64. R=pthier@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com BUG= LOG=N Change-Id: I05ea2bd32ea2a2053b601323813c580d55094e46 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3198130Reviewed-by: Junliang Yan <junyan@redhat.com> Commit-Queue: Milad Fa <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/main@{#77179}
-
Seth Brenith authored
Currently, it is possible to declare macros, builtins, etc., without specifying a return type, in which case the return type is treated as void. This is confusing; the code is more clear if we require the return type to be specified. Aside from src/torque, this change is almost entirely just adding `: void` until the compiler is happy. However, two intrinsics in src/builtins/torque-internal.tq have been corrected to declare an appropriate return type. Those two intrinsics were only used in code generated within the compiler after the type-checking phase, so we never noticed that their return types were declared incorrectly. Bug: v8:7793 Change-Id: Ib7df88678c25393a9e3eba389a6a1c4d9233dcbb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3176502 Commit-Queue: Seth Brenith <seth.brenith@microsoft.com> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/main@{#77178}
-
Nico Hartmann authored
Bug: chromium:1254191, v8:9407 Change-Id: Ieb22063dad1ea8dfde359662d0330e689b6b2e05 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3193547Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/main@{#77177}
-
Junliang Yan authored
Change-Id: Iec020471bd8268043961c62207cc03ca8a315d33 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3197290Reviewed-by: Milad Fa <mfarazma@redhat.com> Commit-Queue: Junliang Yan <junyan@redhat.com> Cr-Commit-Position: refs/heads/main@{#77176}
-
Manos Koukoutos authored
Loop exits are only used during loop unrolling and are then removed, as they cannot be handled by later optimization stages. Since unrolling comes before inlining in the compilation pipeline, we should not emit loop exits in inlined functions. Bug: v8:12166 Change-Id: I28b3ebaf67c9e15b127eeb1a63906c4ecfd77480 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3195871Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/main@{#77175}
-
Austin Eng authored
Bug: chromium:1052746 Change-Id: I368ef855f711ca09c1a34b2be6e9bf72e6a7310c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3193873Reviewed-by: Maya Lekova <mslekova@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Austin Eng <enga@chromium.org> Auto-Submit: Austin Eng <enga@chromium.org> Cr-Commit-Position: refs/heads/main@{#77174}
-
Maya Lekova authored
This reverts commit f4099832. Reason for revert: The new test is failing on noi18n, see https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20noi18n%20-%20debug/39705/blamelist Original change's description: > [inspector] Mark `Intl` builtins as side-effect free. > > Fixed: chromium:1073804 > Change-Id: Ia8cd29323e2b1c4faa0f115b5f60bc216b7813f1 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3196175 > Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> > Commit-Queue: Simon Zünd <szuend@chromium.org> > Auto-Submit: Benedikt Meurer <bmeurer@chromium.org> > Reviewed-by: Simon Zünd <szuend@chromium.org> > Cr-Commit-Position: refs/heads/main@{#77171} Change-Id: Ibb11ba2e835992e8b2fdd374bb38e245d32a1047 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3197192 Auto-Submit: Maya Lekova <mslekova@chromium.org> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Commit-Queue: Maya Lekova <mslekova@chromium.org> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Owners-Override: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/main@{#77173}
-
Jakob Kummerow authored
The NewWasmStruct/NewWasmArray factory functions didn't take pointer compression into account; this patch fixes that. Bug: v8:7748 Change-Id: I7a77d867971aad1df6660a3b7279ca3b2819b86a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3195873Reviewed-by: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/main@{#77172}
-
Benedikt Meurer authored
Fixed: chromium:1073804 Change-Id: Ia8cd29323e2b1c4faa0f115b5f60bc216b7813f1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3196175 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Simon Zünd <szuend@chromium.org> Auto-Submit: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/main@{#77171}
-
Michael Lippautz authored
Minor MC does not support processing the specialized remembered set for ephemeron tables. Temporarily delegate to the regular write barrier for correctness until the other barrier is supported. Bug: v8:12262 Change-Id: Iad74b27f8738237dcc1e146b2df3aa6ed8c9a505 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3195895Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#77170}
-
Manos Koukoutos authored
Bug: v8:7748 Change-Id: Id6adc39af6818f5a37307f26cfe40de11a0ce3c2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3195872Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/main@{#77169}
-
Seth Brenith authored
This is a reland of 94958172 Original change's description: > [torque] Get rid of @noVerifier annotation > > As one small step toward reducing annotations, I propose that all > classes get generated verifiers unless they've opted out of C++ class > generation via @doNotGenerateCppClass, and that generated verifiers > always verify every Torque-defined field. If a generated verifier is > incorrect, such as for JSFunction or DataHandler, we can just avoid > calling it and hand-code the verification. > > Bug: v8:7793 > Change-Id: I7c0edb660574d0c688a59c7e90c41ee7ad464b42 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3171758 > Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> > Commit-Queue: Seth Brenith <seth.brenith@microsoft.com> > Cr-Commit-Position: refs/heads/main@{#77145} Bug: v8:7793 Change-Id: I3da34705bf9fc2b1886161f8f59c7275583f7fc4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3194812 Commit-Queue: Seth Brenith <seth.brenith@microsoft.com> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/main@{#77168}
-
Clemens Backes authored
We currently could produce the error message 'not enough arguments on the stack for block, expected 0 more'. This CL fixes this by printing the available number of arguments and the needed number, and adds DCHECKs to catch similar miscomputations in the future. It also adds a new test that produced the broken error before, and includes the expected failure message in a few more tests for robustness. R=manoskouk@chromium.org Change-Id: Ia08863889ae36ae0a05d96d36e92295b7159a01e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3194264Reviewed-by: Manos Koukoutos <manoskouk@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#77167}
-
Marja Hölttä authored
Bug: v8:12244, v8:12245 Change-Id: I46cc6fca7d4dda82c825ac15c97bba41ec61378a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3183347Reviewed-by: Shu-yu Guo <syg@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/main@{#77166}
-
Al Muthanna Athamina authored
Bug: v8:11826 Change-Id: I5b7f64df8bf067d85cf89bc6c5e6a6804e6b2bc1 Cq-Include-Trybots: luci.v8.try:v8_numfuzz_dbg_ng,v8_numfuzz_ng,v8_numfuzz_tsan_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3196130 Auto-Submit: Almothana Athamneh <almuthanna@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/main@{#77165}
-
Clemens Backes authored
The test allocates a lot of wasm memories. This got a low slower after https://crrev.com/c/3190476, because we can now allocate more than 102 memories, and do not explicitly trigger a GC any more to get rid of unused memories. We should figure out how to tell the GC about the external memory such that the memories get collected earlier. R=ahaas@chromium.org Bug: v8:12076, v8:12278 Change-Id: I9b8795a9999a806380d86f22e751de2727942648 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3196131Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#77164}
-
Omer Katz authored
Bug: chromium:1056170 Change-Id: I355187177d062bf7117bcbd402821f2b9dd739de Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3194267 Commit-Queue: Omer Katz <omerkatz@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#77163}
-
Omer Katz authored
Bug: chromium:1056170 Change-Id: I0876d1977694c50995a7b97145748bdb365289ad Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3194266 Commit-Queue: Omer Katz <omerkatz@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#77162}
-
Clemens Backes authored
The address space limit puts an arbitrary cap on the total reservation size, thus limiting the total number of Wasm memories to around 100 on 64-bit systems. Since the usable address space on 64 bit is much larger than the 1TB+4GB limit, this makes us reject code that we could otherwise just execute. This CL thus removes that limit completely. See the linked issue for more discussion, including security considerations. R=jkummerow@chromium.org, rsesek@chromium.org Bug: v8:12076 Change-Id: I1f61511d68efdab1f8cef4e09c0a39fc1d6fed60 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3190476Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#77161}
-
Marja Hölttä authored
It's confusing that we have CSA_CHECK and CSA_ASSERT and it's not clear from the names that the former works in release mode and the latter only in debug mode. Renaming CSA_ASSERT to CSA_DCHECK makes it clear what it does. So now we have CSA_CHECK and CSA_DCHECK and they're not confusing. This also renames assert() in Torque to dcheck(). Bug: v8:12244 Change-Id: I6f25d431ebc6eec7ebe326b6b8ad3a0ac5e9a108 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3190104Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Shu-yu Guo <syg@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/main@{#77160}
-
Maya Lekova authored
This reverts commit 6e6385a0. Reason for revert: Breaks MSAN, see https://bugs.chromium.org/p/v8/issues/detail?id=12277 Original change's description: > Update V8 DEPS. > > Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/ecb990f..28fa03f > > Rolling v8/buildtools/third_party/libc++abi/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxxabi/+log/50e90b8..31a3660 > > Rolling v8/third_party/aemu-linux-x64: e_KiIcYNB7sHa2eqRBhqVoR_Mmg2Q7nqmzRCXzegWQAC..pE8RqfOzLp5AXCDDOSrlKJ4MZInfuyxWzRSwdXBe1doC > > Rolling v8/third_party/android_platform: https://chromium.googlesource.com/chromium/src/third_party/android_platform/+log/6e5dc9a..7a11b79 > > Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/5afc365..01df326 > > Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/764c927..9c24aed > > Rolling v8/third_party/instrumented_libraries: https://chromium.googlesource.com/chromium/src/third_party/instrumented_libraries/+log/eb740e9..0aa3fcf > > TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com > > Change-Id: If86099561baf7a927d6c5109790dad7b958208d0 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3194881 > Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> > Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> > Cr-Commit-Position: refs/heads/main@{#77153} Change-Id: I40135e9ed7adfcbfca054969c729aba5d8c9c91e No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3195713 Auto-Submit: Maya Lekova <mslekova@chromium.org> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Commit-Queue: Maya Lekova <mslekova@chromium.org> Owners-Override: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/main@{#77159}
-
Jakob Gruber authored
Irregexp reentrancy (crrev.com/c/3162604) introduced a bug for global regexp execution in which each iteration would use a new stack region (i.e. we forgot to pop the regexp stack pointer when starting a new iteration). This CL fixes that by popping the stack pointer on the loop backedge. At a high level: - Initialize the backtrack_stackpointer earlier and avoid clobbering it by setup code. - Pop it on the loop backedge. - Slightly refactor Push/Pop operations to avoid unneeded memory accesses. Bug: v8:11382 Change-Id: Ibad6235767e110089a2b346034f923590b286a05 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3194251Reviewed-by: Patrick Thier <pthier@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/main@{#77158}
-
Benedikt Meurer authored
The V8 Inspector was sending an additional frame as part of async stack traces for async functions, which pointed to the first executed `await` in the async function. This is leaking an implementation detail of how (and more precisely when) the inspector decides to collect this stack trace. From the users perspective the async part of the stack trace is supposed to capture what happened _prior to the task_ - meaning in case of async functions: What lead to the execution of the async function. This is reflected by the fact that the DevTools front-end (and the V8 Inspector itself) performs post-processing on these async call stacks, removing the misleading top frame from it. But this post-processing is not applied consistently to all async stack traces (i.e. the Console message stack traces don't get this), and potentially also not applied consistently across consumers of the Chromium debugger backend. Instead the V8 Inspector now removes the top frame itself and thus reports `await` consistently with how other async tasks are reported to debugger front-ends. Note: This preserves backwards compatibility with old versions of devtools-frontend, which do post-processing (for the Call Stack) only on async stack traces marked with "async function", while we now mark these async stack traces with "await" instead (aligned with what the front-end is using as user visibile string anyways in the Call Stack section, and this matching will be updated in a separate follow up CL to look for "await" instead of "async function"). Before: https://imgur.com/kIrWcIc.png After: https://imgur.com/HvZGqiP Fixed: chromium:1254259 Bug: chromium:1229662 Change-Id: I57ce051a28892177b6b96221f083ae957f967e52 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3193535 Auto-Submit: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Kim-Anh Tran <kimanh@chromium.org> Cr-Commit-Position: refs/heads/main@{#77157}
-
Patrick Thier authored
Load instance type into a register instead of using memory operands for several checks on ia32 and x64. Drive-by: Name used registers in Generate_Call/Generate_Construct Change-Id: I289c5e420fa03ca639c9b78266560cafb166f6f7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3190099Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Patrick Thier <pthier@chromium.org> Cr-Commit-Position: refs/heads/main@{#77156}
-
Victor Gomes authored
It also updates the scripts to support Python3 Bug: chromium:1245634 Change-Id: Iffe29bacfd788575b35da6449d5830fc665da7a8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3194259 Commit-Queue: Victor Gomes <victorgomes@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/main@{#77155}
-
Zhao Jiazhong authored
Due to MIPS64 ISA feature, 32-bit values should be sign-extended in 64-bit registers, no matter it's signed or unsigned. Besides, LoongArch64 also has this feature, and a similar change has been made before loong64 port's land in V8. This CL also make a small fix for loong64. Change-Id: Ib284662931082365f727925af61781e3653debc8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3193595Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Liu yu <liuyu@loongson.cn> Cr-Commit-Position: refs/heads/main@{#77154}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/ecb990f..28fa03f Rolling v8/buildtools/third_party/libc++abi/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxxabi/+log/50e90b8..31a3660 Rolling v8/third_party/aemu-linux-x64: e_KiIcYNB7sHa2eqRBhqVoR_Mmg2Q7nqmzRCXzegWQAC..pE8RqfOzLp5AXCDDOSrlKJ4MZInfuyxWzRSwdXBe1doC Rolling v8/third_party/android_platform: https://chromium.googlesource.com/chromium/src/third_party/android_platform/+log/6e5dc9a..7a11b79 Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/5afc365..01df326 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/764c927..9c24aed Rolling v8/third_party/instrumented_libraries: https://chromium.googlesource.com/chromium/src/third_party/instrumented_libraries/+log/eb740e9..0aa3fcf TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com Change-Id: If86099561baf7a927d6c5109790dad7b958208d0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3194881Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#77153}
-
- 29 Sep, 2021 13 commits
-
-
Seth Brenith authored
I'm trying to remove annotations and make behavior more consistent. For @generatePrint, there are two options: either generate printers for every extern class, or never generate printers for extern classes. This change implements the option of always generating printers. Classes that require custom printing can easily hide the generated printer by using DECL_PRINTER. This causes the generated file gen/torque-generated/objects-printer.cc to grow to 1600 lines, including many functions that are never used, but I think the consistency benefit outweighs a little more compilation time on one file. This change also removes custom printers in cases where the generated printer includes all of the same content. If folks would prefer the option to never generate printers, I'm open to doing that instead. I like the notion that generating more code could reduce the friction of adding new classes and thereby encourage people to define precise types rather than using FixedArrays, but the current implementation of generated printers is limited, and many printers have been customized to show the data that matters the most. Unlike verifiers and body descriptors, there are no correctness or safety concerns with hand-written printers. Some bugs showed up once we start generating printers for everything, and this change fixes them: - Printers incorrectly included ungettable fields like padding - Printers called getters which might be hidden by hand-written classes - The generated getter for Map::instance_type used ReadField<InstanceType>, which is not an arithmetic type since it's an enum One more tiny drive-by fix: added a missing newline in the printers for JSMap and JSSet. Bug: v8:7793 Change-Id: Ib9e9575fbcb57879935ff18bf4db49fe276d2966 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3172190Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com> Cr-Commit-Position: refs/heads/main@{#77152}
-
Seth Brenith authored
Nobody uses the generated *_FIELDS macros anymore, so we can remove them. I also renamed the generated file to represent its content better. Bug: v8:7793 Change-Id: I49ab39e363d6961e7210cd67018b6fb83b65a162 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3192191Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com> Cr-Commit-Position: refs/heads/main@{#77151}
-
Junliang Yan authored
Port edc349db Bug: v8:11235 Change-Id: I53538b1a18d778c4580683d300bc380ee1041c40 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3194874Reviewed-by: Milad Fa <mfarazma@redhat.com> Commit-Queue: Junliang Yan <junyan@redhat.com> Cr-Commit-Position: refs/heads/main@{#77150}
-
Clemens Backes authored
This fixes a long-standing TODO to disallow importing receivers that have "toString" or "valueOf" patched. Calling those methods could have observable side effects, so allowing that would require bigger refactorings to ensure that we only call each such function exactly once per import, and in the right order. Since this use case is rare, we just forbid importing such receivers. R=jkummerow@chromium.org Bug: chromium:1248677 Change-Id: I99bbd7db950ec3c7ac9cc1f59e8c476688e7d7b6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3190475Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#77149}
-
Junliang Yan authored
Change-Id: Ida66b9c42cfb9bd5b59a83188a2dfa0d602d4036 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3192427Reviewed-by: Milad Fa <mfarazma@redhat.com> Commit-Queue: Junliang Yan <junyan@redhat.com> Cr-Commit-Position: refs/heads/main@{#77148}
-
Milad Fa authored
Port: 1cd7a582 Original Commit Message: Class Constructors are special, because they are callable but [[Call]] raises an exception. Instead of checking if a JS function is a class constructor for every JS function call, this CL adds a new instance type for class constructors. This way we can use a fast instance type range check for the common case, and only check for class constructors in the uncommon case were a class constructor is called and when we need to raise an exception. Change-Id: I578fde90d00d1e80cf36ba28205ce9bfe6830afb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3192422Reviewed-by: Junliang Yan <junyan@redhat.com> Commit-Queue: Milad Fa <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/main@{#77147}
-
Maya Lekova authored
This reverts commit 94958172. Reason for revert: Breaks arm/arm64 ports, e.g. https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim/30120/blamelist Original change's description: > [torque] Get rid of @noVerifier annotation > > As one small step toward reducing annotations, I propose that all > classes get generated verifiers unless they've opted out of C++ class > generation via @doNotGenerateCppClass, and that generated verifiers > always verify every Torque-defined field. If a generated verifier is > incorrect, such as for JSFunction or DataHandler, we can just avoid > calling it and hand-code the verification. > > Bug: v8:7793 > Change-Id: I7c0edb660574d0c688a59c7e90c41ee7ad464b42 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3171758 > Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> > Commit-Queue: Seth Brenith <seth.brenith@microsoft.com> > Cr-Commit-Position: refs/heads/main@{#77145} Bug: v8:7793 Change-Id: I56da8a9726d23470e927be1be5e7bcede1399861 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3194262 Auto-Submit: Maya Lekova <mslekova@chromium.org> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com> Owners-Override: Maya Lekova <mslekova@chromium.org> Reviewed-by: Seth Brenith <seth.brenith@microsoft.com> Cr-Commit-Position: refs/heads/main@{#77146}
-
Seth Brenith authored
As one small step toward reducing annotations, I propose that all classes get generated verifiers unless they've opted out of C++ class generation via @doNotGenerateCppClass, and that generated verifiers always verify every Torque-defined field. If a generated verifier is incorrect, such as for JSFunction or DataHandler, we can just avoid calling it and hand-code the verification. Bug: v8:7793 Change-Id: I7c0edb660574d0c688a59c7e90c41ee7ad464b42 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3171758Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com> Cr-Commit-Position: refs/heads/main@{#77145}
-
Omer Katz authored
This is a reland of e47f9200 Relanding for clang only. GCC and MSVC will not inline. Original change's description: > cppgc: Inline allocation fast path across api boundary > > Bug: chromium:1239030, chromium:1056170 > Change-Id: I4a559027e63ebbd99e51344aa659d4fb284df88f > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3190094 > Commit-Queue: Omer Katz <omerkatz@chromium.org> > Reviewed-by: Anton Bikineev <bikineev@chromium.org> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Cr-Commit-Position: refs/heads/main@{#77124} Bug: chromium:1239030, chromium:1056170 Change-Id: Iaa52118ea0e6ccd78f5e7818fa30ed163906da83 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3191211Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/main@{#77144}
-
Omer Katz authored
This is a reland of 2db50670 crrev.com/c/3182223 resolves all known issues (and should prevent additional issues in the future). Original change's description: > Reland "Reland "cppgc: Enable checks for assignments in prefinalizers"" > > This is a reland of adb6276f > > Causes for previous revert was addressed by crbug.com/3140387 and > crbug.com/3163579. > > Original change's description: > > Reland "cppgc: Enable checks for assignments in prefinalizers" > > > > This is a reland of edcc8ff5 > > > > Cause for previous revert was addressed by crbug.com/1241773. > > > > Original change's description: > > > cppgc: Enable checks for assignments in prefinalizers > > > > > > Bug: v8:11749 > > > Change-Id: Ic027f732030fb6a2befeffeca9db2eacfd0830a5 > > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3099953 > > > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > > > Commit-Queue: Omer Katz <omerkatz@chromium.org> > > > Cr-Commit-Position: refs/heads/main@{#76370} > > > > Bug: v8:11749 > > Change-Id: I57fc138ace002d41e54f7f70250e4d19bc9262b0 > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3122153 > > Auto-Submit: Omer Katz <omerkatz@chromium.org> > > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > > Commit-Queue: Omer Katz <omerkatz@chromium.org> > > Cr-Commit-Position: refs/heads/main@{#76553} > > Bug: v8:11749 > Change-Id: I138ca374314108f0f23e234a8fd90d15d912120d > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3168280 > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Commit-Queue: Omer Katz <omerkatz@chromium.org> > Cr-Commit-Position: refs/heads/main@{#76971} Bug: v8:11749 Change-Id: I8bf48cecde910e74f40cf0cd6aa8a5ed19de1584 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3182224Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/main@{#77143}
-
Al Muthanna Athamina authored
Remove infra-staging from numfuzz builders and add no-fail instead. Also remove the staging builders. Bug: v8:11826 Cq-Include-Trybots: luci.v8.try:v8_numfuzz_dbg_ng,v8_numfuzz_ng,v8_numfuzz_tsan_ng Change-Id: Icd7bc6275b5c78e38f0e75b5d133b3b7056f333e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3182233 Commit-Queue: Almothana Athamneh <almuthanna@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/main@{#77142}
-
Junliang Yan authored
Change-Id: I23f5a67a347c586fb26b99fd71fca8ea03cd83a4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3194258Reviewed-by: Milad Fa <mfarazma@redhat.com> Commit-Queue: Junliang Yan <junyan@redhat.com> Cr-Commit-Position: refs/heads/main@{#77141}
-
Patrick Thier authored
Class Constructors are special, because they are callable but [[Call]] raises an exception. Instead of checking if a JS function is a class constructor for every JS function call, this CL adds a new instance type for class constructors. This way we can use a fast instance type range check for the common case, and only check for class constructors in the uncommon case were a class constructor is called and when we need to raise an exception. Change-Id: Ic6fdd9829722d05559fdfd01f6100c61873a0872 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3186434Reviewed-by: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Patrick Thier <pthier@chromium.org> Cr-Commit-Position: refs/heads/main@{#77140}
-