- 09 Sep, 2022 4 commits
-
-
Danil Somsikov authored
Bug: chromium:1350125 Change-Id: Ia89d01420e93e110a5da22f104f5b8afbdd2f558 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3882973 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Auto-Submit: Danil Somsikov <dsv@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/main@{#83094}
-
v8-ci-autoroll-builder authored
Rolling v8/third_party/icu: https://chromium.googlesource.com/chromium/deps/icu/+log/bbdc7d8..20f8ac6 Make references to //third_party/icu relative (Filip Filmar) https://chromium.googlesource.com/chromium/deps/icu/+/20f8ac6 R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com,ftang@chromium.org Change-Id: I87063f9ec7b4ef8491c43ad8e1902e2741dd0e49 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3886397 Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#83093}
-
Frank Tang authored
Bug: v8:11544 Change-Id: I23435db7f625ee35f560fd84ee98d481081fb5ff Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3868513 Commit-Queue: Frank Tang <ftang@chromium.org> Reviewed-by: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/main@{#83092}
-
jiepan authored
Bug: v8:12716 Change-Id: I0a1e807f7b0c64afa7d259361c47314e9c9e30db Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3867140Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Commit-Queue: Jie Pan <jie.pan@intel.com> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Cr-Commit-Position: refs/heads/main@{#83091}
-
- 08 Sep, 2022 36 commits
-
-
Frank Tang authored
This is a reland of commit a165e82e The reason of revert is SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../../src/objects/js-temporal-objects.cc:3837:22 which is the line "nanoseconds_mv = std::round((seconds_mv - std::floor(seconds_mv)) * 1e9);" where seconds_mv is a double and nanoseconds_mv is a int32_t In this reland, we change the type of nanoseconds_mv to double to avoid the ubsan error. Original change's description: > [Temporal] Use double/int32_t instead of int64_t for duration parsing > > Use double and int32_t instead of int64_t in duration parsing result > so we can parse very large duration fields as infinity and throw RangeError in later stages. The three fractional parts can hold up value from 0 to 999,999,999 so we use int32_t to hold it. Other part could be infinity so we use double to hold it. Also rearrange the order of the three int32_t in the struct ParsedISO8601Duration after all the double > > Bug: v8:11544 > Change-Id: I7e5b02f7c7bbb60997f1419f016aed61dd3e0d6c > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3840761 > Reviewed-by: Shu-yu Guo <syg@chromium.org> > Commit-Queue: Frank Tang <ftang@chromium.org> > Cr-Commit-Position: refs/heads/main@{#82754} Bug: v8:11544 Change-Id: If8b72cb4912d8b4fc4c286fc856ea59df5cf0bb7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3858576Reviewed-by: Adam Klein <adamk@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/main@{#83090}
-
Samuel Groß authored
When the sandbox is disabled, object layouts are now different as ExternalPointerSlots are then 64-bit (raw pointers) instead of 32-bit (ExternalPointerHandles). Bug: v8:10391 Change-Id: Ia03d1ae9300fad96e40b77f0ed9544a1a118b74a Cq-Include-Trybots: luci.v8.try.triggered:v8_linux64_no_sandbox_dbg_ng_triggered Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3884075Reviewed-by: Igor Sheludko <ishell@chromium.org> Auto-Submit: Samuel Groß <saelo@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Cr-Commit-Position: refs/heads/main@{#83089}
-
Frank Tang authored
Change AddInstant to use BigInt::FromNumber(isolate, factory->NewNumber instead of BigInt::FromInt64 to convert from double to BigInt. Sync AddZonedDateTime with https://github.com/tc39/proposal-temporal/pull/2303 which call AddInstant as ? instead of ! marking. Spec Text: https://tc39.es/proposal-temporal/#sec-temporal-addinstant https://tc39.es/proposal-temporal/#sec-temporal-addzoneddatetime PR: https://github.com/tc39/proposal-temporal/pull/2303 Bug: v8:11544 Change-Id: I4bd176294780f761341c25a5f71643b437f99c82 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3859165 Commit-Queue: Frank Tang <ftang@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/main@{#83088}
-
Adam Klein authored
This reverts commit 50802793. Reason for revert: blocking v8 roll: https://ci.chromium.org/ui/p/chromium/builders/try/fuchsia_x64/1301026/overview Original change's description: > [fuchsia] Migrate d8 to a component framework v2 Fuchsia component > > In the process, switch to using the Fuchsia GN SDK templates for > building the component and package. > > Bug: v8:12589 > Change-Id: I9b5a82accb0da2067e83bc80d691133550ce82cd > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879501 > Auto-Submit: Greg Thompson <grt@chromium.org> > Reviewed-by: Michael Achenbach <machenbach@chromium.org> > Reviewed-by: Alexander Schulze <alexschulze@chromium.org> > Reviewed-by: Victor Gomes <victorgomes@chromium.org> > Commit-Queue: Greg Thompson <grt@chromium.org> > Cr-Commit-Position: refs/heads/main@{#83084} Bug: v8:12589 Change-Id: I94ce2ef0e7cba5d39c8d18ca7dc7264289325e99 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885079 Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Auto-Submit: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/main@{#83087}
-
Omer Katz authored
This CL includes the following changes: 1) Ignore ShouldReduceMemory for MinorMC (since it can't move objects) 2) Make FLAG_page_promotion more explicit in the condition 3) Take wasted bytes into account for MinorMC (full GC can compact and "reset" wasted bytes) Bug: v8:12612 Change-Id: I64d214e692b8ecd20189c59e2a77807f05e43817 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879606Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/main@{#83086}
-
Milad Fa authored
Change-Id: I064347b21de1eb8013754e715d99f13c6e59c192 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3876443 Commit-Queue: Milad Farazmand <mfarazma@redhat.com> Reviewed-by: Junliang Yan <junyan@redhat.com> Cr-Commit-Position: refs/heads/main@{#83085}
-
Greg Thompson authored
In the process, switch to using the Fuchsia GN SDK templates for building the component and package. Bug: v8:12589 Change-Id: I9b5a82accb0da2067e83bc80d691133550ce82cd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879501 Auto-Submit: Greg Thompson <grt@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Alexander Schulze <alexschulze@chromium.org> Reviewed-by: Victor Gomes <victorgomes@chromium.org> Commit-Queue: Greg Thompson <grt@chromium.org> Cr-Commit-Position: refs/heads/main@{#83084}
-
Samuel Groß authored
Now that all external pointers have been sandboxed, V8_SANDBOXED_EXTERNAL_POINTERS is no longer needed. This change also shrinks external pointer slots to 32 bits when the sandbox is enabled. Bug: v8:10391 Change-Id: Iccbef27ac107b988cb23fe9ef66da6fe0bae087a Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3869269Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Cr-Commit-Position: refs/heads/main@{#83083}
-
Leszek Swirski authored
Support LoadHandler::Kind::kAccessorFromPrototype, which is an accessor on the prototype and is a direct call to the accessor. Bug: v8:7700 Change-Id: I288972c027d37c8eb7c3558db4951bffdfba201f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3882975 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Victor Gomes <victorgomes@chromium.org> Commit-Queue: Victor Gomes <victorgomes@chromium.org> Cr-Commit-Position: refs/heads/main@{#83082}
-
Victor Gomes authored
This mimics Ignition, which calls AbortIfRegisterCountInvalid. This adds a --maglev-assert flag, since we do not want to emit different code per IR node for debug vs. release modes. Bug: v8:7700 Change-Id: Iddb17f0ccadf9d6009b242883b2e5d126875c844 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3876385Reviewed-by: Leszek Swirski <leszeks@chromium.org> Auto-Submit: Victor Gomes <victorgomes@chromium.org> Commit-Queue: Victor Gomes <victorgomes@chromium.org> Cr-Commit-Position: refs/heads/main@{#83081}
-
Omer Katz authored
Inlining of bar into foo required taking allocation in foo into account as well (crrev.com/c/1021734), but this makes the test vulnerable to gc timing changes since other allocations are also inlined into foo and may die at arbitrary times (as observed when enabling MinorMC). Fix by preventing inlining of bar into foo. Bug: v8:12612 Change-Id: I2d8848d4002334d329c4b2cc8f18bff1296f5cc1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3882970Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Auto-Submit: Omer Katz <omerkatz@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/main@{#83080}
-
Dominik Inführ authored
Currently this observer uses 80% of initial new space capacity as step size. But this means that after the first minor GC this will most likely decouple from the current new space size since the allocation counter isn't reset after a GC and surviving objects aren't accounted. Use 64K as step-size since this should be large enough to not cause regression but it should still work for Scavenger and Minor MC such that a step invocation will be performed close to reaching 80% of new space capacity. Bug: v8:12612 Change-Id: I4abc17eaeded90e0f72d9467a4410159ef0e6dda Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879618Reviewed-by: Omer Katz <omerkatz@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/main@{#83079}
-
Omer Katz authored
Drive-by: merge all collector choosing criteria into SelectGarbageCollector. Bug: v8:12612 Change-Id: I84d9e1aa5f658f48d5deeab1a8ef49ed1871cba5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879608Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/main@{#83078}
-
Leszek Swirski authored
Change the constructor and instance registers into a single constructor_then_instance register, and add some register allocation scopes to reduce temporary register use. This also allows us to change FindNonDefaultConstructor to only need one output for both constructor and instance. Also make BuildCreateArrayLiteral a bit more friendly to the interpreter register allocation., Bug: v8:13091 Change-Id: I0b6015b0bc6810bb4607157d715b7e536efb89f3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3876386Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#83077}
-
Marja Hölttä authored
I.e., implement a baseline handler for the FindNonDefaultConstructor bytecode. Bug: v8:13091 Change-Id: If1b119ae0479e54d2a89143bf8f40faeadb1abaf Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3871206Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/main@{#83076}
-
Camillo authored
Skip over DCHECK in fuzzing that is always checked later by getting the value from a Maybe object. Bug: chromium:1359230, chromium:1360735 Change-Id: I9512e27fdeb1d6919e24bd631ae2caece7aed466 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3874934 Commit-Queue: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Samuel Groß <saelo@chromium.org> Cr-Commit-Position: refs/heads/main@{#83075}
-
Milad Fa authored
Port b2576418 Original Commit Message: Re-implement the --log-function-events functionality after refactoring the tiering state bits on the FeedbackVector. The new version also tries to log first-execution of non-interpreter code and will handle OSR events. Not-yet supported: - First-execution logging when OSR-ing in Sparkplug or Maglev R=cbruni@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com BUG= LOG=N Change-Id: I2a99ca0976bc81e5994fa2e1c6d8045c303fc0f1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3876375Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Milad Farazmand <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/main@{#83074}
-
Dominik Inführ authored
We used to remove the page from the space in the "evacuation" phase, such that the following "update pointers" phase wouldn't try to update pointers for evacuation candidates. In this CL we move page removal to ReleaseEvacuationCandidates() which is run after the "update pointers" phase finished. In the "update pointers" we can skip evacuation candidates to not update pointers on those pages. That way PostProcessEvacuationCandidates() can be renamed to PostProcessAbortedEvacuationCandidates() since it now only handles aborted evacuation candidates. Bug: chromium:1359294, v8:12578 Change-Id: Ifc4f58d71b630c3ef72f2bd994fedeabba878945 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879486Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/main@{#83073}
-
Dominik Inführ authored
Move clearing of markbits in the evacuated area into ReRecordPage, which also resets all other metadata for that memory area. Since this case is now handled in ReRecordPage, all other use cases can delete markbits for the whole chunk and allows the VisitBlackObjects* methods to not deal with markbits anymore. Bug: chromium:1359294, v8:12578 Change-Id: Ic98debe04efb7f415cf06efb58af0f728071aa65 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879499Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/main@{#83072}
-
Teodor Dutu authored
This reverts commit f97f7d79. Reason for revert: a simpler approach will be used instead. Original change's description: > [ptr-compr-8gb] Align Turbofan allocations to 8 bytes > > In order to support a larger heap cage (8GB, 16GB), the cage offset > will take up more than 32 bits. As a consequence, for 8GB cages, the > least significant bit of the cage offset will overlap with the most > significant bit of the tagged offset. To avoid this, allocations need > to be aligned to 8 bytes to free up one bit from the offset. > > All changes are deactivated behind the build flag > `v8_enable_pointer_compression_8gb`. Allocation folding is not yet > supported. > > Bug: v8:13070 > Change-Id: I602c71232e98eac4e2701b0922704a7adc31a662 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3817741 > Commit-Queue: Teo Dutu <teodutu@google.com> > Reviewed-by: Marja Hölttä <marja@chromium.org> > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > Cr-Commit-Position: refs/heads/main@{#82331} Bug: v8:13070 Change-Id: Id2186898596847142a80aba7604e870093a26d8b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879224Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Teo Dutu <teodutu@google.com> Cr-Commit-Position: refs/heads/main@{#83071}
-
JialuZhang-intel authored
Before: 488bd6 REX.W movq rdx, rsi After: 8bd6 movl rdx, rsi This CL can save a 1-byte encoding length for move instruction. Change-Id: Ief482b4093f22ab810dbc693e8d9ed55a8c14c84 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3875397 Commit-Queue: Jialu Zhang <jialu.zhang@intel.com> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/main@{#83070}
-
Camillo authored
- Add gcert/gcertstatus support for chrome helper - Skip pprof uploading for non-googlers - Print better local results instructions for multiple chromium results files - Fix docs link in --help text - Exit silently when a keyboard interrupt ocurred Drive-by-fix: - format files - sort imports Change-Id: I88bae27102dbf3d560c4203774d9746e96fdbdc5 No-Try: True No-CQ: True Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3878166Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/main@{#83069}
-
Ilya Rezvov authored
This is a reland of commit 0a1a579a The original CL has a bag in assigning no_reg to scoped Register variable. To fix it Scoped guard was added for automated release of scoped registers. Original change's description: > Port JS-Wasm Promise Integration for arm64 > > > Port Generic JS-Wasm Wrapper for arm64 > > Change-Id: I256e6511d47af9ab04c577beb6b829dfee34a6ed > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3841074 > Commit-Queue: Ilya Rezvov <irezvov@chromium.org> > Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> > Cr-Commit-Position: refs/heads/main@{#83038} Change-Id: I7b8b355f5689e51529223f1156e74e980c3b50ea Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879492Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Commit-Queue: Ilya Rezvov <irezvov@chromium.org> Cr-Commit-Position: refs/heads/main@{#83068}
-
Leszek Swirski authored
Bug: v8:7700 Change-Id: I4efa8f8b3b7df03b3fb6b6bd35c7310b0da07d49 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879613 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Jakob Linke <jgruber@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Jakob Linke <jgruber@chromium.org> Cr-Commit-Position: refs/heads/main@{#83067}
-
Al Muthanna Athamina authored
Bug: v8:7700 Change-Id: Ieff3e3b053f418e73699a208993c4d0771326522 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879614 Auto-Submit: Almothana Athamneh <almuthanna@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Almothana Athamneh <almuthanna@chromium.org> Cr-Commit-Position: refs/heads/main@{#83066}
-
Thibaud Michaud authored
Add the missing KB multiplier. Also add a flag to set the fixed stack size. R=clemensb@chromium.org Bug: v8:12191 Change-Id: I9782192d2eef1986286f726a05444a4bec49fc66 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3875902Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/main@{#83065}
-
Leon Bettscheider authored
ShouldFinalize should only be called if major incremental marking is active, and can crash if minor incremental marking is active, if MajorMC's local_marking_worklists_ was reset. The only caller is IsMarkingComplete. This CL changes the IsMarking check to IsMajorMarking to solve this issue, and renames IsMarkingComplete to IsMajorMarkingComplete. Bug: v8:13012 Change-Id: Iba6bd5b7977ec8566c3ab0f047646d8cafd45038 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879485 Commit-Queue: Leon Bettscheider <bettscheider@google.com> Reviewed-by: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/main@{#83064}
-
Victor Gomes authored
BytecodeArray::Disassemble fails a SLOW_DCHECK when invoking from a background thread, due to the little hack to recover the handle inside the function. This CL changes the method to static with a handle as input. The old method calls the static one, since it is allowed to be called by the main thread. Change-Id: I3546f0d2b160d15386da0980efc539693672c230 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879498 Auto-Submit: Victor Gomes <victorgomes@chromium.org> Commit-Queue: Victor Gomes <victorgomes@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#83063}
-
Michael Achenbach authored
Bug: v8:13113 Change-Id: Ie42a654378660e4a2dc45d53d40683281e7343dd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879496Reviewed-by: Alexander Schulze <alexschulze@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/main@{#83062}
-
Omer Katz authored
Fix broken DCHECK: When using MinorMC, new space is a paged space and only uses the TO_PAGE page flag. New large object space however still uses both TO_PAGE and FROM_PAGE page flags. With MinorMC it still possible to find reference to FROM_PAGEs, but those pages have to be large pages. Fix broken test: MinorMC may only free empty pages when shrinking. Therefore, shrink may actually not change the space capacity at all (e.g. when all pages have live objects on them). More specifically, the capacity is not guaranteed to be half the previous capacity. Bug: v8:12612 Change-Id: Ib0edcafd758828f821f82bc8c796c205f162809c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879493Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Auto-Submit: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/main@{#83061}
-
Omer Katz authored
On allocation failure in new space we used to do at most 2 GCs before calling the near heap limits callback. The 2 GCs would empty new space, thus insuring that the current allocation can succeed. With MinorMC the 2nd GC has no effect and we should do a full GC instead to empty new space. Bug: v8:12612 Change-Id: I4f767136283b5d26fee4f4a3998359b3c1e2108b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879495Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/main@{#83060}
-
Leszek Swirski authored
For accessors, instead of storing the descriptor index + holder in the LoadHandler, store the getter directly (avoiding the map->descriptor->pair->getter hops). For the non-prototype case, where there's no LoadHandler, store the AccessorPair directly as a weak handler instead of the Smi handler. We can't store the getter here directly, because it could be in new space, and then we can't use it in the stub cache. Required some rejiggling of ic.cc method signatures, to allow ComputeHandler to return a weak ref. Change-Id: I22c0e64bec9880a3ba23c2d1eeb3a1c23179ca4b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865557Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#83059}
-
Matthias Liedtke authored
assertEquals() compares objects by comparing each property for both objects. This was done by using Object.keys() which however only returns enumerable properties. With this change also non-enumerable properties are compared. Still, the comparison doesn't require the properties to be equal. So, if one property is marked enumerable in one object but not the other, the objects would still be considered equal. This could be adapted in a follow-up CL if desired. The prototype is still ignored for the comparison. Change-Id: I1bb9df055bfb764ac1c02d971ac6f4a50f4a98e8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3876384 Commit-Queue: Matthias Liedtke <mliedtke@chromium.org> Reviewed-by: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/main@{#83058}
-
Jakob Linke authored
This is a reland of commit 24e60017 The reland changes %ClearFunctionFeedback to clear *all* feedback slot kinds including binary/compare/for-in slots. In the tests we thus no longer have to resort to tricks to restore the function to it's initial state, instead simply call %ClearFunctionFeedback. Original change's description: > [maglev] Deopt on overflow in >>> > > Re-enable the int32 fast path for ShiftRightLogical, but account for > Maglev's missing signed/unsigned representation tracking by a) > removing rhs==0 as the identity value (a shift by 0 is still a > signed-unsigned conversion) and b) deoptimizing if the result cannot > be converted to a non-negative smi. > > Note this is not a deopt loop, since a non-smi result will change the > feedback to kSignedSmallInputs (from kSignedSmall). > > To fix this properly, we should track signed/unsigned representations > and convert the result to a heap number if it doesn't fit within smi > range. > > Bug: v8:7700 > Change-Id: Ifd538d227a6f1290eb7f008d9bfad586ff91ea0f > Fixed: v8:13251 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3876366 > Reviewed-by: Leszek Swirski <leszeks@chromium.org> > Commit-Queue: Jakob Linke <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/main@{#83025} Bug: v8:7700 Change-Id: I2f607a0fb863b80e8589c9c1e86ee31fbac48c25 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879491 Auto-Submit: Jakob Linke <jgruber@chromium.org> Commit-Queue: Jakob Linke <jgruber@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#83057}
-
Michael Achenbach authored
Bug: v8:13113 Change-Id: I7cd37446d9ecbe271e0e5df96a4dcfd43b307c27 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879489Reviewed-by: Alexander Schulze <alexschulze@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/main@{#83056}
-
Leszek Swirski authored
Attempting to set a FunctionTemplate without a code handler as an accessor for a property will fail in the runtime, which expects to be able to call the handler. Add an API check that guards against this. Change-Id: I270f0ca3d20de507bc9bde2c4c8d23b2614313dd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879490Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#83055}
-