- 02 Sep, 2020 22 commits
-
-
Jakob Gruber authored
.. to make implicit semantics of output nodes explicit. Bug: v8:8888 Change-Id: I2ea5f5fa02f3d1f51196ea1e1e46b526dd9dc7d6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2388117 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#69681}
-
Jakob Gruber authored
Pass this flag to print all generated nci code. Bug: v8:8888 Change-Id: I12a5e7433278c72da4a973c5890b2fb2d7857e70 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2388115 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Auto-Submit: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#69680}
-
Marcel Laverdet authored
The BigInt constructor has quadratic complexity while parsing strings, and the input is unbounded. Interrupts should be checked during this operation to ensure the host has control over runaway execution. Change-Id: I15db9adeeafadc7b866a395dd8263aa8c2109ce8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2384166Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#69679}
-
Jeremy Roman authored
Bug: v8:10641 Change-Id: I9248c6877ead34e622b94cd32959b6570f824e15 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2390442Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Auto-Submit: Jeremy Roman <jbroman@chromium.org> Cr-Commit-Position: refs/heads/master@{#69678}
-
HyeockJinKim authored
During spread operation, after VisitForAccumulatorValue, set the position of the current expression again Bug: chromium:929844 Change-Id: I6e9ca87587789f9cb21e939d4405414c8170b232 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2379531 Commit-Queue: HyeockJin Kim <kherootz@gmail.com> Reviewed-by: Shu-yu Guo <syg@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#69677}
-
Zeynep Cankara authored
This CL unifies the map-processor and ic-processor into a single log processing pipeline. Unified processing pipeline prevents doing 2 pass over the data. Bug: v8:10644 Change-Id: Ic0221a9bb32901f43202390b98fded4830a50f70 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2385496 Commit-Queue: Zeynep Cankara <zcankara@google.com> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#69676}
-
Jakob Gruber authored
A random grab-bag of trivial fixes I came across while working on another CL. Bug: v8:8888 Change-Id: I6e46e1fe5a547854d8afbac19f7e049f1661c406 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2388113 Auto-Submit: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#69675}
-
Camillo Bruni authored
v8::String::IsExternal is confusing since it only checks for external two byte strings. The goal is to reintroduce String::IsExternal which checks for one and two byte external strings after removing the old, misleading api method. - Add String::IsExternalTwoByte - Deprecate String::IsExternal for now since it is misleading Bug: v8:10641 Change-Id: I8989de7576c823846e0536fc1898e769b6d68c87 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2284495 Commit-Queue: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#69674}
-
Zeynep Cankara authored
This CL enables showing map details of the selected map coming from FocusEvent. It also improves UI experience of selecting a map from map transitions, highlighting selected map. Additionally, stores information about unique map/IC events in model for the timeline-track legend. Bug: v8:10644 Change-Id: Ieb8a2ac0bf1af282d55bce18130192d7178538da Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2387564Reviewed-by: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Zeynep Cankara <zcankara@google.com> Cr-Commit-Position: refs/heads/master@{#69673}
-
Ulan Degenbaev authored
The d8 shell modifies compiler flags in PrepareStressRun after isolate was already set up and has run some JS code. Updating these flags forces recomputation of implications for all flags. This causes no-op stores to some unrelated flags that are accessed from background threads leading to benign data races. Bug: v8:10315 Change-Id: I568445d4382ae392970deccbf9588c98e46a4a4e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2390140 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#69672}
-
Marja Hölttä authored
This is a follow up for https://chromium-review.googlesource.com/c/v8/v8/+/2362918 . The "slow" path in HandleLoadICSmiHandlerLoadNamedCase was using only "receiver", even though it should've considered both "receiver" and "holder". Bug: v8:9237 Change-Id: I5d7ba1f72e8bf55f9533f648054abf5d25c85533 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2387576 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#69671}
-
Michael Lippautz authored
- Avoid invoking Trace() for in-construction objects as the method may access uninitialized fields, e.g., fields that have bogus state with zeroed memory like std::list. - Conservatively scan in-construction objects for pointers. - Verify that stack scan indeed finds all in-construction objects that are present on the heap and vice versa. Bug: chromium:1056170 Change-Id: I2c68da2b8072f715b5a0dcdb1202d5f874c6c6e9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2388106Reviewed-by: Omer Katz <omerkatz@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#69670}
-
Zeynep Cankara authored
This CL adds drag handlers to the timeline panel to filter events based on the selected portion of the timeline tracks. Bug: v8:10644 Change-Id: Ic8a38493eacb62844b3fed5a027f8b1367f2bb59 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2346275 Commit-Queue: Zeynep Cankara <zcankara@google.com> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#69669}
-
Martin Bidlingmaier authored
Previously we checked whether a thread's pc IsPcProcessed before pushing to the stack of (postponed) active_threads_. This commit moves the IsPcProcessed check and corresponding MarkPcProcessed call to when the thread is actually processed, i.e. when it is popped from the active_threads_ stack again. This fixes two issues: - Consider what used to happen in the following scenario: 1. An active thread t is postponed (e.g. because it is a fork) and pushed on active_threads_. IsPcProcessed(t.pc) is false, so t is not discarded and does actually end up on active_threads_. 2. Some other thread s is executed, and at some point s.pc == t.pc, i.e. t.pc is marked as processed. 3. t is popped from active_threads_ for processing. In 3 we don't want to continue execution of t: After all, its pc is already marked as processed. But because previously we only checked for IsPcProcessed in step 1 before pushing to active_threads_, we used to continue execution in 3. I don't think this is a correctness issue, but possibly a performance problem. In any case, this commit moves the IsPcProcessed check from 1 to 3 and so fixes this. - After flushing blocked_threads_, we push them to active_threads_ again. While doing so, we used to mark these thread's pcs as processed. This meant that sometimes a (fork of a) high priority thread was cancelled by the IsPcProcessed check even though its pc was only marked as processed by a thread with lower priority during flushing. We need it to be the other way round: The low priority thread should be cancelled after its pc is processed by a thread with higher priority. With this commit we don't MarkPcProcessed during flushing, it's postponed to when we're actually processing. This was a correctness issue, and there's a new corresponding test case. Bug: v8:10765 Change-Id: Ie12682cf3f8a04222d907edd8a3ad25baa69465a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2388112 Commit-Queue: Martin Bidlingmaier <mbid@google.com> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#69668}
-
Andreas Haas authored
The test is slow and checks the limits of the WebAssembly implementation. Sanitizers are slower and therefore sometimes run into timeouts. Therefore we just disable the test for sanitizers. R=leszeks@chromium.org Change-Id: I4a0cb994dfc34097849f0dd8528dc158883fbc8a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2389980 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#69667}
-
Ulan Degenbaev authored
Garbage collection requests from background threads are ignored if the heap is tearing down. This fixes CanExpandOldGenerationBackground to check for that case. Bug: v8:10315 Change-Id: I79b6a4446bf3c9037dbca54849c87f022be76b49 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2387964 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#69666}
-
Michael Achenbach authored
The test is incompatible with --noenable-sse4-1, which is randomly added by numfuzz (and possibly other fuzzers). The "Flags" from the test files are always passed last and are often used to neuter incompatible flags. Bug: v8:10863 Change-Id: I8fd11b4d38586f25f5af63ab8ef83873dc250557 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2389982Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Auto-Submit: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#69665}
-
Cong Zuo authored
PrintRegisters() should print output to `os` argument for unification, and in case of the function would be used by other files. Bug: v8:10821 Change-Id: Ia825c4deaf89ec454b7c293367cfa362acd4cccc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2371543Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#69664}
-
Victor Gomes authored
This adds the argument count (as intptr) to the standard frame. StandardFrames are now in the same shape as OptimizedFrames. The argument count in the stack will be used to tear down the arguments when we remove the arguments adaptor frame. Change-Id: If9cc2946321bc1bb0abb776521e2d5b683ab0532 Bug: v8:10201 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2312783 Commit-Queue: Victor Gomes <victorgomes@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#69663}
-
Leszek Swirski authored
https://crrev.com/c/2369172 had a few remaining comments that accidentally weren't addressed in the final submitted patch. Tbr: jgruber@chromium.org Change-Id: If0cff18f5078f17a6f70d27c71090dcc64f23ddd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2388114Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#69662}
-
Michael Lippautz authored
Change-Id: I4e2a0ddbeba68a4cc136bb6d56383b0a7e4f1dff Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2388107 Auto-Submit: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/master@{#69661}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/482dd77..6d55754 Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/1eb42f5..156bfc1 Rolling v8/third_party/requests: https://chromium.googlesource.com/external/github.com/kennethreitz/requests/+log/refs/ta..bfb93d4 Rolling v8/third_party/zlib: https://chromium.googlesource.com/chromium/src/third_party/zlib/+log/d53accf..59187e1 Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/fcef86e..03bacc3 TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com Change-Id: Iceea7cbadbbe4e8a480517051425d1a44d76066d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2388173Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#69660}
-
- 01 Sep, 2020 18 commits
-
-
Ng Zhi An authored
We were using vqsub incorrectly (which saturates), we need vsub (wraparound). Found this issue while running spec test simd_i64x2_arith.js. Bug: v8:10835 Change-Id: Ic9d45d69e64fa5ff9ddad5de4690f3dd32d1384e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2389100Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#69659}
-
Seth Brenith authored
This reverts commit 7f054679. Reason for revert: regressions on Emscripten/Fannkuch and JetStream/richards Original change's description: > [regalloc] Run SpillPlacer on any value defined in a loop > > I previously wrote a comment that said "We haven't seen any indication > of performance improvements from seeking optimal spilling positions > except on loop-top phi values". That statement is no longer true, now > that I've looked a little harder. In the latest version of the Mono > interpreter, we can improve performance by 2.5% by enabling SpillPlacer > for any value defined within a loop. > > Bug: v8:10606 > Change-Id: I25e06458c87ad4ffcefe52be3042032e05a47b35 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2381557 > Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> > Commit-Queue: Seth Brenith <seth.brenith@microsoft.com> > Cr-Commit-Position: refs/heads/master@{#69646} TBR=rmcilroy@chromium.org,seth.brenith@microsoft.com,thibaudm@chromium.org Change-Id: Ic3e74485f42bafedfe1890c0be32a29c3455afe5 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:10606, chromium:1124028 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2388745Reviewed-by: Seth Brenith <seth.brenith@microsoft.com> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com> Cr-Commit-Position: refs/heads/master@{#69658}
-
Ng Zhi An authored
Swizzle codegen was incorrect when mask == dst, which can happen since we did not pin dst. We can simplify this by using scratch register for mask. This bug was encountered while trying to run the spec test simd-lane.js. Bug: v8:10835 Change-Id: Ie9c8f383bb6f336f9b74955fb7a9aee0e6774bf2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2388743Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#69657}
-
Bill Budge authored
- Restores the old inline code sequence, since the branching version doesn't set the NaN high bit. Bug: v8:10862 Change-Id: Iad8ee47b678cc1c6c04222dd83b2fa588ea9136c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2387557Reviewed-by: Zhi An Ng <zhin@chromium.org> Commit-Queue: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#69656}
-
Arno Renevier authored
For TypedArray, a fast path is used when using the builtin iterator, and next method has not been overriden. If we use that fast path for JSArray too, the method will be about 200x times faster on a large array. This patch also fixes a bug when a typed array is modified during the mapper execution. In that case, the modification should not be taken into account. Bug: v8:10802 Change-Id: I74e2cbcd6a654def318585b4e08745037584669a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2358749 Commit-Queue: Arnaud Renevier <arenevier@fb.com> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/master@{#69655}
-
Michael Achenbach authored
NOTRY=true TBR=leszeks@chromium.org Change-Id: I5abb432e42168484aabf04600e8e2cf6e3511630 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2388105Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#69654}
-
Michael Lippautz authored
The handle was always created empty which resulted in a DCHECK crash in debug builds and in never-cancelled tasks in release builds. Bug: chromium:1056170 Change-Id: I798ce65c37738bbe9c60b44b692ff04536f6d830 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2388101Reviewed-by: Anton Bikineev <bikineev@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#69653}
-
Ng Zhi An authored
Fuzzers use a slight variant of the sse4_1 flag, see https://source.chromium.org/chromium/chromium/src/+/master:v8/tools/testrunner/testproc/fuzzer.py;l=26;drc=9491d5eaa4e764721b5269e75af68f181bef09cf. Bug: v8:10863 Change-Id: Ifc467644f00a4f10776794c12a227f13774f48ca Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2387555Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#69652}
-
Ng Zhi An authored
There were some +/- infs hidden in that list of NaNs (and those were repeated too). Add a NaN with top bit of payload unset. This will help catch cases where we did not canonicalize results properly. Bug: v8:10862 Change-Id: I05e3e0b2351430abf3eaa859a0d828f43b44cfb6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2386483Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#69651}
-
Z Nguyen-Huu authored
Marked GetStackFrameId V8_DEPRECATED Bug: v8:10566 Change-Id: I2e225eae7d0375cff7b9f79e4c38802265940219 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2352475 Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#69650}
-
Gus Caplan authored
Allows reflection of v8::Data types, such as being able to check if a value is a v8::Module. This is useful for libraries which wrap the V8 API, such as rusty_v8. Change-Id: I4841c5f7f60885b20e1504c8562e278844ff7ec3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2382719Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Gus Caplan <snek@chromium.org> Cr-Commit-Position: refs/heads/master@{#69649}
-
Andreas Haas authored
With a recent change, we require WebAssembly code to be tiered up to serialize it, see https://crrev.com/c/2349290. In that CL tests were adjusted to set the --wasm-tier-up flag when serialization was involved. However, the test adjusted in this CL was missing, because this test used the kExprRefNull instruction, which caused a bailout to TurboFan anyways. With recent changes, Liftoff can compile kExprRefNull now, and therefore causes problems. R=thibaudm@chromium.org Bug: v8:10852 Change-Id: I9b89f37c22f17cbf046110f3ee1c98bfea73e009 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2387574Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#69648}
-
Peter Marshall authored
This adds a global counter for the various reasons we might fail to attribute a tick. The counters are cleared and printed when Profile::Print() is called, which we call in our tests, so flaky test output will now contain these stats along with the printed profile tree. Drive-by cleanup some print functions and make them const. Change-Id: Ia3a27405f5b5346adfdbb32afc7e414857969cc5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1550406 Commit-Queue: Peter Marshall <petermarshall@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#69647}
-
Seth Brenith authored
I previously wrote a comment that said "We haven't seen any indication of performance improvements from seeking optimal spilling positions except on loop-top phi values". That statement is no longer true, now that I've looked a little harder. In the latest version of the Mono interpreter, we can improve performance by 2.5% by enabling SpillPlacer for any value defined within a loop. Bug: v8:10606 Change-Id: I25e06458c87ad4ffcefe52be3042032e05a47b35 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2381557Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com> Cr-Commit-Position: refs/heads/master@{#69646}
-
evih authored
The generic wrapper can be used for Wasm functions with int32 parameters and no return values. Changed the GC scanning for the generic wrapper. Added tests for cases when all the parameters of the Wasm function fit into registers and when some of the parameters are on the top of the stack. Change-Id: I511fd04d2a4a2bdc4a6f72d72e2867a03b256f6f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2381459Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Eva Herencsárová <evih@google.com> Cr-Commit-Position: refs/heads/master@{#69645}
-
Jake Hughes authored
When enabled with the v8_enable_conservative_stack_scanning flag, a snapshot of the call stack upon entry to GC is used to determine part of the root-set. When the collector walks the stack, it looks at each value and determines whether it could be a potential on-heap object pointer. This is very experimental. For conservative stack scanning to work, direct handles must be implemented. Bug: v8:10614 Change-Id: Id4209cfbe76ef02239c903fabcb7f677b32fc977 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2375201 Commit-Queue: Anton Bikineev <bikineev@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Anton Bikineev <bikineev@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#69644}
-
Andreas Haas authored
The fuzzer function is called multiple times with libfuzzer. Trap handlers, however, should only be initialized once. With this CL we add a flag to initialize trap handlers only once. R=clemensb@chromium.org Bug: chromium:1122590 Change-Id: Ib51a50cfe9dad5e3133de3085ad147f5a069b1bd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2384769 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#69643}
-
Leszek Swirski authored
Unify the encoding/decoding of values into a ranged bytecode with a single templated class that takes the bytecode, minimum, and maximum, and provides Encode and Decode methods. This class also handles range checks on both the input and output, which (along with a few other byte cases) allows us to get rid of the PutSection method. Change-Id: Icb2cd409607ce7b650226eb8dca80c0e363a8acc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2369172 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#69642}
-