- 19 Aug, 2022 20 commits
-
-
Shu-yu Guo authored
Currently there is nothing ensuring the internal VM state of shared objects are in a coherent state and visible to other threads when the shared object is published. This CL adds a store-store memory barrier when returning from Factory methods that allocate shared JSObjects that are exposed to user JS code. For primitives, there is an additional store-store memory barrier in the shared value barrier. Bug: v8:12547 Change-Id: I4833c7ebf02cc352da9b006d2732669d6d043172 Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng,v8_linux64_tsan_rel_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3819041 Commit-Queue: Shu-yu Guo <syg@chromium.org> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/main@{#82596}
-
Leon Bettscheider authored
This CL makes concurrent MinorMC only bailout on the write barrier if the value is not in young generation. Bug: v8:13012 Change-Id: I941c6f1e676440cf69e1d4fefcf2786383c9f678 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3840296 Commit-Queue: Leon Bettscheider <bettscheider@google.com> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/main@{#82595}
-
Al Muthanna Athamina authored
Bug: v8:13206 Change-Id: I27cd34a77e15e812881a57e7e5538a0e31b34315 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3837861Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Almothana Athamneh <almuthanna@chromium.org> Cr-Commit-Position: refs/heads/main@{#82594}
-
George Wort authored
Adds reduction case in MachineOperatorReducer for when the left-hand side of a Word64Equals is based on a 64-bit shift-and-mask operation, as is the case when Torque accesses 64-bit bitfields. This improves Speedometer2 by 0.15% on a Neoverse-N1 machine, with React-Redux being improved by 0.4%. Change-Id: Icd0451c00c1b25f7d370e81bddcfd668a5b2523c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3834027 Commit-Queue: George Wort <george.wort@arm.com> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/main@{#82593}
-
Darius M authored
Before https://crrev.com/c/3829541, ReduceStringPrototypeStartsWith would not be called if the String's content wasn't safe to access in the background, because StringRef::length would fail in that case. Now that StringRef::length always succeeds, an additional check is required before calling ReduceStringPrototypeStartsWith. Note that none of the other callers of StringRef::length access the String's content later, so we shouldn't have any more bugs caused by the aforementioned CL. Bug: chromium:1354439 Change-Id: I4a590ccdb7cc4c8a85e4e6beaf6f3c3ab2d7d479 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3840938 Commit-Queue: Darius Mercadier <dmercadier@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/main@{#82592}
-
Clemens Backes authored
While working through the type feedback implementation, I left some documentation and fixed some oddities or inconsistencies. R=jkummerow@chromium.org Bug: v8:13209 Change-Id: I6ba9b77ecf30ae020a57f77435005a1a57c2fc7e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3840293Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#82591}
-
Leon Bettscheider authored
This CL bails out on the generated code write barrier when minor incremental marking is active. Currently is_minor_marking_flag_ is always false. It will be connected with incremental marking in subsequent CLs. Bug: v8:13012 Change-Id: I0f5bc4aa14e9d56adbdad305499f2ca8f951765b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3838784Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Leon Bettscheider <bettscheider@google.com> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/main@{#82590}
-
Liu Yu authored
Bug: v8:12887 Change-Id: I467335899d8f4d72f256843d5922703d3ba1f976 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3840936 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Auto-Submit: Liu Yu <liuyu@loongson.cn> Cr-Commit-Position: refs/heads/main@{#82589}
-
Clemens Backes authored
This reverts commit b3a27f22. Reason for revert: Fails 'debug-enabled-tier-down-wasm' flakily (https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Win64/48026/overview) Original change's description: > Reland "[wasm] Refactor compilation tier computations" > > This is a reland of commit e50472d6. > In {ApplyCompilationHintToInitialProgress} we would reset the baseline > tier to {kNone} if the compilation strategy is {kDefault}, which is > wrong. We would not generate code but also not install the lazy stub, > so whenever we start executing the code before top-tier is ready we > would crash. > > Original change's description: > > [wasm] Refactor compilation tier computations > > > > The way we initialized the "compilation progress" was pretty convoluted, > > with multiple levels of functions being called for initializing every > > single slot. > > > > This CL refactors this to compute one default value for the whole > > module, and only modifies those slots that need special handling (e.g. > > because of compilation hints, or lazy/eager compilation after > > deserialization). > > > > We also rename "liftoff_functions" to "eager_functions" in the > > deserialization path; the idea is that those functions should get > > eagerly compiled because we expect them to be needed during execution. > > Usually they would be Liftoff-compiled, but it's more consistent to use > > the existing logic to choose the baseline tier. In the default > > configuration, this will still use Liftoff, but if Liftoff is disabled > > we will use TurboFan instead. > > > > R=jkummerow@chromium.org, ahaas@chromium.org > > > > Bug: v8:12425 > > Change-Id: Ie58840b19efd0b1e98f1b02d5f1d4369410ed8e1 > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829606 > > Commit-Queue: Clemens Backes <clemensb@chromium.org> > > Reviewed-by: Andreas Haas <ahaas@chromium.org> > > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> > > Cr-Commit-Position: refs/heads/main@{#82521} > > Bug: v8:12425 > Change-Id: Ie41e63148bf6bd0e38fc07a3a514f1094d9d26cf > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3838409 > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> > Commit-Queue: Clemens Backes <clemensb@chromium.org> > Cr-Commit-Position: refs/heads/main@{#82585} Bug: v8:12425 Change-Id: Ic86d3f5b0e0603dae62ccead3be052d928209506 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3842208 Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Auto-Submit: Clemens Backes <clemensb@chromium.org> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#82588}
-
Samuel Groß authored
Now that V8_SANDBOXED_POINTERS is enabled by default on every platform if the sandbox is enabled, it is no longer necessary to have a separate option to enable/disable sandboxed pointers. Bug: chromium:1218005 Change-Id: I2ab4c7c758010007765a3b0595357ddecfe9f258 Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3840937Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Cr-Commit-Position: refs/heads/main@{#82587}
-
Anton Bikineev authored
Since the overall motionmark regression is minor (<0.5%), we decided to get benefits of pointer compression on M1. The CL can also slightly regress speedometer2 (~0.3%). Bug: chromium:1325007 Change-Id: Ib278f0e82e0ebde563caac79b9f32edfe2d09a53 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3840301 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Auto-Submit: Anton Bikineev <bikineev@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#82586}
-
Clemens Backes authored
This is a reland of commit e50472d6. In {ApplyCompilationHintToInitialProgress} we would reset the baseline tier to {kNone} if the compilation strategy is {kDefault}, which is wrong. We would not generate code but also not install the lazy stub, so whenever we start executing the code before top-tier is ready we would crash. Original change's description: > [wasm] Refactor compilation tier computations > > The way we initialized the "compilation progress" was pretty convoluted, > with multiple levels of functions being called for initializing every > single slot. > > This CL refactors this to compute one default value for the whole > module, and only modifies those slots that need special handling (e.g. > because of compilation hints, or lazy/eager compilation after > deserialization). > > We also rename "liftoff_functions" to "eager_functions" in the > deserialization path; the idea is that those functions should get > eagerly compiled because we expect them to be needed during execution. > Usually they would be Liftoff-compiled, but it's more consistent to use > the existing logic to choose the baseline tier. In the default > configuration, this will still use Liftoff, but if Liftoff is disabled > we will use TurboFan instead. > > R=jkummerow@chromium.org, ahaas@chromium.org > > Bug: v8:12425 > Change-Id: Ie58840b19efd0b1e98f1b02d5f1d4369410ed8e1 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829606 > Commit-Queue: Clemens Backes <clemensb@chromium.org> > Reviewed-by: Andreas Haas <ahaas@chromium.org> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> > Cr-Commit-Position: refs/heads/main@{#82521} Bug: v8:12425 Change-Id: Ie41e63148bf6bd0e38fc07a3a514f1094d9d26cf Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3838409Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#82585}
-
Anton Bikineev authored
NormalPageMemoryRegion is a span of 10 pages, all of which must belong to the same space. This requirement imposes a fragmentation issue for virtual space, which is not ideal for the current 2GB cage configuration. The CL fixes this by mixing pages of different spaces inside the same NormalPageMemoryRegion. With cage it's actually not necessary anymore to have NormalPageMemoryRegion, but we keep it to allow the code to be uniform for cage/non-cage configurations. There is no type confusion across spaces, since pages (even empty) are never shared between spaces. In addition, the shared cage puts an additional memory constraint on the GC. So, there is no security benefit in having NormalPageMemoryRegion assigned to a single space. Savings in reserved address space: cnn:2021: 14% facebook_infinite_scroll:2018: 23% Bug: chromium:1325007, chromium:1352649 Change-Id: I7b49032d581dd56feb8633734a1f37803e9526c6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3840749Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Anton Bikineev <bikineev@chromium.org> Cr-Commit-Position: refs/heads/main@{#82584}
-
Samuel Groß authored
The function is no longer used in Chromium or V8 and can therefore be deleted. This CL also simplifies V8::GetSandboxSizeInBytes, which now no longer needs to be able to deal with an uninitialized sandbox. Bug: v8:10391 Change-Id: I22d6b0e03de1fd2ba3d38c4e476fca44068b62f9 Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3769690Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#82583}
-
Michael Lippautz authored
Bug: v8:13089 Change-Id: Ic1c5a596adb822494aff490e04bd23cf84fb53f6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3840295 Commit-Queue: Anton Bikineev <bikineev@chromium.org> Reviewed-by: Anton Bikineev <bikineev@chromium.org> Auto-Submit: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#82582}
-
Dominik Inführ authored
This CL removes the COMPLETE state from incremental marking. Since then the only states left were STOPPED and MARKING, we can replace the state with an is_running_ boolean field. The state could change back-and-forth between MARKING and COMPLETE. IsMarking() was already also checking for COMPLETE. So most code already treated both states the same. IsComplete() now checks whether marking is running and a transitive closure was reached already. IncrementalMarking::Step() didn't process the marking queue when in COMPLETE. This should be relatively rare though since it only transitioned into COMPLETE when the stack guard was armed and the allocation observer ran again before reaching a stack guard check. Bug: v8:12775 Change-Id: Ied48d8c512ad3d1b3d2e29393d43b434b5fda8fe Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3835689Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/main@{#82581}
-
Nico Hartmann authored
This reverts commit c3a5c5b1. Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20-%20shared/21941/overview Original change's description: > [heap] Ensure all old-to-shared slots are recorded > > This CL adds verification of the old-to-shared remembered set to > --verify-heap. During shared GCs client heaps will be scanned for > references into the shared heap, this CL will CHECK that every found > slot is contained in the old-to-shared remembered set. After this > gets a bit more stable, the full heap iteration can be dropped and we > can fully rely on the remembered set instead. > > Bug: v8:11708 > Change-Id: I0b5c4edfe3271306e4e7af7394472534113e1953 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3792605 > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> > Cr-Commit-Position: refs/heads/main@{#82578} Bug: v8:11708 Change-Id: I26553d3b06d0e257a3425eeb884ccce57f026bde No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3841567 Owners-Override: Nico Hartmann <nicohartmann@chromium.org> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Auto-Submit: Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#82580}
-
Qifan Pan authored
`JSWasmCallData` is replaced with a flag `do_conversion` to indicate if conversions of arguments and returns are needed, which is set as false for inlined js-to-wasm call wrappers. Bug: v8:9407 Change-Id: I35244c8fc13d464d48031fb9d7d04ab277646ec5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3837858Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Qifan Pan <panq@google.com> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/main@{#82579}
-
Dominik Inführ authored
This CL adds verification of the old-to-shared remembered set to --verify-heap. During shared GCs client heaps will be scanned for references into the shared heap, this CL will CHECK that every found slot is contained in the old-to-shared remembered set. After this gets a bit more stable, the full heap iteration can be dropped and we can fully rely on the remembered set instead. Bug: v8:11708 Change-Id: I0b5c4edfe3271306e4e7af7394472534113e1953 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3792605Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/main@{#82578}
-
Lu Yahan authored
This is a reland of commit 776b9eb9 Original change's description: > [WATCHLISTS] Add riscv watch > > Change-Id: I6e4dc69d6f22d3108ae74552b72bcafc0be3db64 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793476 > Commit-Queue: Yahan Lu <yahan@iscas.ac.cn> > Reviewed-by: Victor Gomes <victorgomes@chromium.org> > Cr-Commit-Position: refs/heads/main@{#82092} Change-Id: I33ff1808de80f03fdfd7c977b29a895c8110bae0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3835293Reviewed-by: Victor Gomes <victorgomes@chromium.org> Commit-Queue: Yahan Lu <yahan@iscas.ac.cn> Cr-Commit-Position: refs/heads/main@{#82577}
-
- 18 Aug, 2022 20 commits
-
-
Frank Tang authored
Add a version of BalanceDuration which take two TimeDurationRecord and add them internally after converting to BigInt as nanoseconds so it will not overflow the double. Use "std::isinf()" instead of "!std::isfinite()" Inspired by https://github.com/tc39/proposal-temporal/issues/2380#issuecomment-1219194995 Bug: v8:11544 Change-Id: I29e06fa857ff43f2668e1e4ffd07735ff6efee42 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3837852 Commit-Queue: Frank Tang <ftang@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/main@{#82576}
-
Stephen Belanger authored
This is a reland of commit 872b7faa Original change's description: > Fix Context PromiseHook behaviour with debugger enabled > > This is a solution for https://github.com/nodejs/node/issues/43148. > > Due to differences in behaviour between code with and without the debugger enabled, some promise lifecycle events were being missed and some extra ones were being added. This change resolves this and verifies the event sequence is consistent between code with and without the debugger. > > Change-Id: I3dabf1dceb14233226b1752083d659f1c2f97966 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3779922 > Reviewed-by: Victor Gomes <victorgomes@chromium.org> > Commit-Queue: Camillo Bruni <cbruni@chromium.org> > Reviewed-by: Camillo Bruni <cbruni@chromium.org> > Cr-Commit-Position: refs/heads/main@{#82132} Change-Id: Ifdd407261c793887fbd012d5a04ba36b3744c349 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3805979Reviewed-by: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Victor Gomes <victorgomes@chromium.org> Cr-Commit-Position: refs/heads/main@{#82575}
-
Dominik Inführ authored
No need to insert into the old-to-shared remembered set for the shared isolate itself. Check whether the host object is in the shared isolate before inserting into the remembered set. Bug: v8:13208, v8:11708 Change-Id: Ic1442653f6c27c51444544cd7b31356594b712e1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3840298 Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#82574}
-
Frank Tang authored
Use SNPrintf to handle bigger unit duration fields. Spec Text: https://tc39.es/proposal-temporal/#sec-temporal-temporaldurationtostring Fix test: https://github.com/tc39/test262/blob/main/test/built-ins/Temporal/Duration/prototype/toString/precision-formatted-as-decimal-number.js Bug: v8:11544 Change-Id: I63a6e823652a0826216593cd153ef5103f94e7a9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3834437Reviewed-by: Adam Klein <adamk@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/main@{#82573}
-
Anton Bikineev authored
Pointer compression regresses binary size on Fuchsia by about 300K. However, the change improves Oilpan memory by 15-20% (2-4% of PMF), which is beneficial for memory-impoverished platforms. Bug: chromium:1325007 Fuchsia-Binary-Size: See commit description. Change-Id: Ie16fd992e45e29e264549a960e9755ec58da1691 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829313Reviewed-by: Wez <wez@chromium.org> Commit-Queue: Anton Bikineev <bikineev@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#82572}
-
Deepti Gandluri authored
Reference instruction lowerings are in the corresponding issue: https://github.com/WebAssembly/relaxed-simd/issues/40 Lowers directly to Pmulhrsw in the macro assembler as we use DefineSameAsFirst in place of the Movdqa on non-AVX hardware Bug: v8:12609, v8:12284 Change-Id: I6de45a2d8895637f895d3b0cc68f5dd1f67f77aa Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3837853Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Deepti Gandluri <gdeepti@chromium.org> Cr-Commit-Position: refs/heads/main@{#82571}
-
Frank Tang authored
Fix BalanceDuration to pass relativeTo to BalancePossiblyInfiniteDurationResult and then pass to NanosecondsToDays. The bug is introduced in https://chromium-review.googlesource.com/c/v8/v8/+/3781117 The spec text in 4-a of BalancePossiblyInfiniteDuration is "a. Let result be ? NanosecondsToDays(nanoseconds, relativeTo)." but the code wrote "a. Let result be ? NanosecondsToDays(nanoseconds, *undefined*)." Spec Text: https://tc39.es/proposal-temporal/#sec-temporal-balancepossiblyinfiniteduration Bug: v8:11544 Change-Id: I3ea9a3b71521cdcc210e9db370d6e849fcde56ee Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3834431 Commit-Queue: Frank Tang <ftang@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/main@{#82570}
-
Frank Tang authored
Spec text: https://tc39.es/proposal-temporal/#sec-temporal-parsetemporaldurationstring Bug: v8:11544 Change-Id: I2d54759c07529f95c7a27c334ee5d3fa6760b2e0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3835292Reviewed-by: Adam Klein <adamk@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/main@{#82569}
-
Shu-yu Guo authored
AcqRel barriers are currently unused and will be used by the shared value barrier in a future CL. Bug: v8:12547 Change-Id: I8ae40b9e17f007441125dfa5d0a04f46565785fd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3827319Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/main@{#82568}
-
Milad Fa authored
mksnapshot is currently failing as FlagValues are not aligned to kMinimumOSPageSize. Change-Id: Ib6e88a3bd72af874022647ff9708024902f21a50 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3838773Reviewed-by: Milad Farazmand <mfarazma@redhat.com> Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Milad Farazmand <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/main@{#82567}
-
Danylo Boiko authored
Bug: v8:7327 Change-Id: I7312ec4fb23bbf1c67fdf110de221105279bfa4a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3837859Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Danylo Boiko <danielboyko02@gmail.com> Cr-Commit-Position: refs/heads/main@{#82566}
-
Samuel Groß authored
This is a reland of commit 6ec7be21 The issues that caused the CL to be reverted appear to be unrelated to this change as they still occurred after the revert. Original change's description: > [sandbox] Sandboxify WasmExportedFunctionData::sig > > This CL changes the WasmExportedFunctionData class to store a direct > ExternalPointer to the wasm::FunctionSig instead of referencing it > through a Foreign. This in turn makes it possible to use a unique > pointer tag for that external pointer when the sandbox is enabled. > > Drive-by: move WasmInternalFunction::call_target external pointer to the > end of the object, in line with other external pointer fields. > > Bug: v8:10391, v8:12949 > Change-Id: Ic3ff622a075c9eaa2f8d8835803437466290c928 > Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829086 > Commit-Queue: Samuel Groß <saelo@chromium.org> > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> > Cr-Commit-Position: refs/heads/main@{#82523} Bug: v8:10391, v8:12949 Change-Id: I108810ce86b95289dfb6d6377535813deac79a9f Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3838109Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Cr-Commit-Position: refs/heads/main@{#82565}
-
Michael Lippautz authored
Bug: v8:13141 Change-Id: I05e905a40a572c7f85f60629b2303cd73ae06a70 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3838731 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/main@{#82564}
-
Feng Yu authored
Bug: v8:12781 Change-Id: I1bf06cd74b82e98f44e00f8d6e9049d1b92c86cb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3827121Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/main@{#82563}
-
Michael Lippautz authored
Provides a v8::base::Malloc::AllocateAtLeast() method that is also UBSan-safe and use it in the GC's worklist. Depends on https://crrev.com/c/3834601 Bug: v8:13193 Change-Id: I1bd182e613fb3c6a5a6b90bf56f12bd210d5ef8c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3833818 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Anton Bikineev <bikineev@chromium.org> Cr-Commit-Position: refs/heads/main@{#82562}
-
Camillo authored
- Force RecordError in case of a TerminationException - Remove Module::RecordErrorUsingPendingException - Use more raw objects and instance methods if possible Bug: v8:12379 Change-Id: Ia7e73715c3cdfe59d3fa324be3ce4213e454ff26 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829087Reviewed-by: Patrick Thier <pthier@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/main@{#82561}
-
Camillo authored
Add outlined StackLimitCheck::HandleInterrupt helper for the uncommon path. Change-Id: Ib13dc84ac632f3455d5933748428f9550a23d435 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829088Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/main@{#82560}
-
Michael Lippautz authored
Traced nodes were allocated black, even outside of GCs. Nodes would always survive one GC, while the objects pointed to could die. This CL removes black allocation and relies on proper write barriers (that are anyways in place) to mark the nodes and their objects. This also means that marked nodes should always point to live objects which is now verified in the atomic pause. Bug: v8:13141 Change-Id: Ie5cdc92d8fe5f57865d02b71d3fae9425ae532fa Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3820070 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/main@{#82559}
-
Matthias Liedtke authored
Also fix eqref/i31ref fromJS() handling to accept unwrapped Smis. This does not convert HeapNumbers to Smis if they fit. Bug: v8:7748 Change-Id: Ida70a826f9541b7f3fbe9eecbb2b4fe362b5ef70 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829477 Commit-Queue: Matthias Liedtke <mliedtke@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/main@{#82558}
-
Samuel Groß authored
The previous code incorrectly rounded down the number of entries to free to kBlockSize (expressed in KB) instead of kEntriesPerBlock (expressed in # of entries) to compute the start of the evacuation area. Further, depending on the block sized used, the previous heuristics does not necessarily guarantee that at least one full block would be evacuated. This CL fixes both of these issues. Bug: v8:10391 Change-Id: I5ddecd5d582bcf89e1c52df431f006889685320a Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3837860Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Cr-Commit-Position: refs/heads/main@{#82557}
-