- 17 Feb, 2020 14 commits
-
-
Jakob Kummerow authored
There is a copy of the pointer decompression logic in TypedArrayBuiltinsAssembler::SetJSTypedArrayOnHeapDataPtr, which was not updated for the new ("smi-corrupting") pointer compression scheme: it erroneously used a sign-extending cast from compressed to full representation. This causes incorrect values to be computed when the heap size can grow beyond 2GB. Bug: v8:9706, chromium:1051005 Change-Id: I2220ce759df1147f255ffca93428888858929fd9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2060494Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#66293}
-
Michael Achenbach authored
Otherwise we report a spurious difference after OOM. Bug: chromium:1052849 Change-Id: I795f7393a8061ff41178295d49bdaea411d3c461 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2060307Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#66292}
-
Michael Achenbach authored
This adds 3 flags to the numfuzz fuzzer depending on a probability: --budget-for-feedback-vector-allocation=0 --interrupt-budget=100 --no-lazy-feedback-allocation No-Try: true Bug: v8:10204 Change-Id: I83dabcd0e3ca80bebe596d65d03b3e99d8ecbf03 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2060490 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#66291}
-
Michael Achenbach authored
This reduces the pointer-compression experiment by 3% as it is in production since a while. This also uses turbofan when comparing across architectures as tests run faster and likely find the same or more relevant bugs. No-Try: true Change-Id: I35ec97188a101a7cb43454903f7bf9765e57893c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2059995 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#66290}
-
Michael Achenbach authored
Pass --no-lazy-feedback-allocation in all second runs depending on a probability. Also combine with --interrupt-budget=100. This also allows adding several extra flags behind one probability. The tests are improved to ensure valid flags and configs. No-Try: true Bug: v8:10215 Change-Id: I2766ef5044cd8c7096f6b76f39b60b568f550bde Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2059991 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Tamer Tas <tmrts@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Cr-Commit-Position: refs/heads/master@{#66289}
-
Camillo Bruni authored
Make it explicit that AddShadowingKeys might allocate. Bug: chromium:1049013 Change-Id: I938531a0324fa581422b74813518f3e85c9b3fbb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2046888 Commit-Queue: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#66288}
-
Clemens Backes authored
This again improves readability and makes the code much shorter. It might also allow us to generate a scheduled graph directly in the future, for improved wrapper compile times. R=jkummerow@chromium.org Bug: v8:10123 Change-Id: I0225d685a0660adb265eedcd160dfac6b4b23c87 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2060001Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#66287}
-
Santiago Aboy Solanes authored
Bug: v8:6949, v8:10155 Change-Id: I0113efe2d4d3a462533c306a87ebee851b1cb85c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2056853Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#66286}
-
Georgia Kouveli authored
... instead of first claiming space on the stack and then storing it, which was sometimes causing the profiler to read the uninitialised frame type slot right after it was claimed, but before it was written to. Bug: v8:9907 Change-Id: I33318aec44b6083488317ec5e226a06e59c7560c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2056473Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com> Cr-Commit-Position: refs/heads/master@{#66285}
-
Victor Gomes authored
The arm/arm64 simulators debugger has a command "mem" that prints the content of the memory. It also prints a short summary for JS objects (SMI, Array, JSFunction, ...). That is very handy, but when trying to print incomplete initialized memory, it could raise an exception. It is useful to have a command that prints the content of the memory for non-initialized or bogus values without the risk of raising an exception. This CL adds the command "dump". Change-Id: I682f97afa30a8d9dc572fe5e9dd256eeebf79de9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2056468Reviewed-by: Victor Gomes <victorgomes@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Auto-Submit: Victor Gomes <victorgomes@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#66284}
-
Santiago Aboy Solanes authored
Bug: v8:6949, v8:10155 Change-Id: I5f5b78cb57776d1022f206f09242768b3dd8d9e5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2056848Reviewed-by: Dan Elphick <delphick@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#66283}
-
Santiago Aboy Solanes authored
Bug: v8:6949, v8:10155 Change-Id: Iafd6b8172a67fa1b778d163259fe8d1400b004f3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2056847Reviewed-by: Dan Elphick <delphick@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#66282}
-
Zhao Jiazhong authored
port 9d3dc6f2 https://crrev.com/c/1914218 Original Commit Message: FunctionEntry StackChecks is one of the two cases where we generate a StackCheck bytecode. In these cases, we do stack check against the js limit (not to be confused with the real js limit). Their purpose is to be able to interrupt the running code. We can omit the FunctionEntry StackCheck by embedding its code into the InterpreterEntryTrampoline builtin. We save one bytecode per interpreted function. This change has rippling effects for optimized code, as well as the deoptimizer. Change-Id: I2ad985959a3f55dfe80fabeffee3d344c1817c88 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2050055 Auto-Submit: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#66281}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/25da366..797e96a TBR=machenbach@chromium.org,tmrts@chromium.org Change-Id: I22128e2371951c6d854519fade9664ca1a0762ed Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2059592Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#66280}
-
- 15 Feb, 2020 1 commit
-
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/b3e662d..25da366 Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/0b15317..657c0f4 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/86fbe04..8515328 TBR=machenbach@chromium.org,tmrts@chromium.org Change-Id: I3346181d4d34e945230240be58f0e7c255492ea9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2058208Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#66279}
-
- 14 Feb, 2020 13 commits
-
-
Vitaly Buka authored
This variable significantly slows down indexed-getter.html of blink_perf.bindings on linux-perf https://pinpoint-dot-chromeperf.appspot.com/job/136cce54620000 V8_STACK_UNINITIALIZED macro is the same as http://crrev.com/c/1974951 Bug: chromium:977230 Change-Id: I3e7e91804e13b856d6b2ba0a5d67f0354636c510 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2046872 Commit-Queue: Vitaly Buka <vitalybuka@chromium.org> Auto-Submit: Vitaly Buka <vitalybuka@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#66278}
-
Frank Tang authored
This reverts commit a872c393. Reason for revert: break gc_stress Original change's description: > [Intl] Fix RelativeTimeFormat fatal > > Intl.RelativeTimeFormat constructor crash while the locale or > numberingSystem contains an "algorithmic" numberingSystem. > Fix by fallback to the locale without the nu > > Bug: chromium:1041319 > Change-Id: Ica520e8dec6ace21264504274b92cb2c3d16286f > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2055970 > Reviewed-by: Shu-yu Guo <syg@chromium.org> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> > Commit-Queue: Frank Tang <ftang@chromium.org> > Cr-Commit-Position: refs/heads/master@{#66276} TBR=jkummerow@chromium.org,ftang@chromium.org,syg@chromium.org Change-Id: I2ccfda197103d7de37d704494eb03fbe9e51ccea No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:1041319 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2057760Reviewed-by: Frank Tang <ftang@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/master@{#66277}
-
Frank Tang authored
Intl.RelativeTimeFormat constructor crash while the locale or numberingSystem contains an "algorithmic" numberingSystem. Fix by fallback to the locale without the nu Bug: chromium:1041319 Change-Id: Ica520e8dec6ace21264504274b92cb2c3d16286f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2055970Reviewed-by: Shu-yu Guo <syg@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/master@{#66276}
-
Santiago Aboy Solanes authored
Bug: v8:6949, v8:10155 Change-Id: Id170bafa2a5085bee6ff5b3cff8084254c67e113 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2056846Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Dan Elphick <delphick@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#66275}
-
Frank Tang authored
Find out style from skeleton instead to reduce object size. Bug: v8:10208 Change-Id: I7d26113311f51bc64ed0b259c3df81d526d5ab1b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2055660Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/master@{#66274}
-
Frank Tang authored
Use adoptSymbols(NumberingSystem *) API in Intl.NumberFormat to reduce string size Bug: v8:10207 Change-Id: I3163c524612b61cfdad51743d58ece08b437520a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2055567Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/master@{#66273}
-
Santiago Aboy Solanes authored
Bug: v8:10155 Change-Id: Ia2eee32bface83bedeb52eb2b214809b5c657702 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2056471 Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Reviewed-by: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#66272}
-
Santiago Aboy Solanes authored
It was using nullptr to signal that it was empty. Bug: v8:10155 Change-Id: I0844d6a2bfacb1fd35ba83c24307de86f77f4e40 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2056470Reviewed-by: Dan Elphick <delphick@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#66271}
-
Pengyu Chen authored
The method has been non-const since initially introduced in de070ccf. Here's a minor change to make it const, for it may/shall be, for other similar methods are, and for making it easier for future changes (accessing this method in another const method, etc.). Change-Id: I3449214fc086403fc9b24b6f502ca20ac0b1426a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2055123Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#66270}
-
Georgia Kouveli authored
Change-Id: Ied0ee7f9c343dc802dec53c3d717a0ca359b504b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2050398Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com> Cr-Commit-Position: refs/heads/master@{#66269}
-
Dan Elphick authored
Since the size of the parameters and locals inputs is already stored on the FrameStateFunctionInfo, this skips the calls to size() and just reuses the previous values. The stack parameter can only have a size of 0 or 1 depending on whether it's a InterpretedFunction frame or not. It also extends the verifier to check that the values to match those returned by StateValueAccess::size and changes a unit test that added a TypedStateValues of size 2 to the stack input. Bug: v8:10051 Change-Id: I3693c04b4677812b9f19491c198d0551df20f817 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2047045Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#66268}
-
Michael Achenbach authored
This skips gay-*.cc cctest files for lint checking. The files contain 99.9% data not structures. Alternatively, maybe the data could be moved to non-cc resource files. This speeds up v8_presubmit without caching locally from 39s to 23s. This is how it's executed on the continuous CI builder. No-Try: true Change-Id: Ide58618a0b1ecd5900b5c9633d584c59b559df32 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2056463Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#66267}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/7aa6ce1..b3e662d Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/2d81e78..0b15317 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/e9ed65a..86fbe04 Rolling v8/third_party/zlib: https://chromium.googlesource.com/chromium/src/third_party/zlib/+log/b9b9a5a..c2eb8a7 TBR=machenbach@chromium.org,tmrts@chromium.org Change-Id: I86d79945eaded4a552a946a63f55cae0b92dadc8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2054531Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#66266}
-
- 13 Feb, 2020 12 commits
-
-
Thibaud Michaud authored
The previous code was relying on {compilation_unit_builder_} to check if a section was after or before the code section. This only works for the first section after code section, since the compilation unit builder is then reset. Use an additional field to track this instead. R=clemensb@chromium.org Bug: chromium:1051912 Change-Id: Id1dfa803ecde2cf77f206ea781c007fc61168942 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2054099 Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#66265}
-
Milad Farazmand authored
LoadTransform cannot efficiently be executed on BE machines as a single operation since loaded bytes need to be reversed to match BE ordering before any operations can take place. This CL divides LoadTransform into separate "load" and "operation" nodes on BE machines. Change-Id: Idc3f66d7f17647c189c75593e8906f8645448006 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2050811 Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com> Reviewed-by: Zhi An Ng <zhin@chromium.org> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Cr-Commit-Position: refs/heads/master@{#66264}
-
Shu-yu Guo authored
Bug: v8:10155 Change-Id: Ie58924fdbdb2267ec7d7e3cc63d9cd504fd4f4d1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2053079 Auto-Submit: Shu-yu Guo <syg@chromium.org> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/master@{#66263}
-
Pengyu Chen authored
May override the global symbol_level config. Useful for debugging V8 within a release Chromium, like v8_enable_debugging_features. Change-Id: Ie081b5110dc93914cbe53fdde3cdec77822b9819 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2051959 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#66262}
-
Jakob Gruber authored
These tests are likely missing %PrepareFunctionForOptimization annotation of lambdas. Thus lambdas are no longer inlined and %DeoptimizeNow does nothing, while the entire point of these tests is to test deoptimization paths. Disabling lazy feedback allocation is a quick fix to restore coverage until we can land a more complete fix (for details see the linked bug). Bug: v8:10195 Change-Id: I4038cdc5718230253ffb5bbc57d574342c652377 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2054096 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Auto-Submit: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#66261}
-
Dominik Inführ authored
Use similar strategy to scavenger when calculating number of parallel compaction tasks. Do not add task for each page but every fourth page. Bug: chromium:1051883 Change-Id: Iaba3046de9c9a3ab63c0e7afcc6e4a9c398c5a10 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2054097Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#66260}
-
Maya Lekova authored
The GC suspect was GetAbstractPC. Fixed: v8:9990, v8:9987, chromium:1048038 Change-Id: I86a27e2098589dbf6af0808d6770c5e69987f1f7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2050394 Commit-Queue: Maya Lekova <mslekova@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#66259}
-
Georg Neis authored
The fix in b8b60750 was insufficient. The bug is that induction variable typing does not take into account that the value can become NaN through addition or subtraction of Infinities. The previous fix incorrectly assumed that this can only happen when the initial value of the loop variable is an Infinity. Bug: chromium:1051017 Change-Id: I8c9ffb2925288b80c00e18e7bc22a556bf540733 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2051957 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#66258}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/e63171f..7aa6ce1 Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/a7875df..2d81e78 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/1de518c..e9ed65a TBR=machenbach@chromium.org,tmrts@chromium.org Change-Id: I798e4ec09c8ed8fe21befc88db973e76181b733f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2053352Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#66257}
-
Jakob Kummerow authored
In the final version of our pointer compression scheme, decompression uses zero-extension of the compressed value. The API copy of that code erroneously still used a sign-extending decompression from an earlier iteration of the scheme. Bug: v8:9706, v8:10198 Change-Id: I17c3a52d26ce26bc0623627d725f686c379fbd6e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2051954 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#66256}
-
Georg Neis authored
Bug: chromium:1051017 Change-Id: I597363417d905bc65522d64ebfa2cbf9dde4b98f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2054086Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#66255}
-
Georgia Kouveli authored
This is a reland of 137bfe47 Original change's description: > [arm64] Protect return addresses stored on stack > > This change uses the Arm v8.3 pointer authentication instructions in > order to protect return addresses stored on the stack. The generated > code signs the return address before storing on the stack and > authenticates it after loading it. This also changes the stack frame > iterator in order to authenticate stored return addresses and re-sign > them when needed, as well as the deoptimizer in order to sign saved > return addresses when creating new frames. This offers a level of > protection against ROP attacks. > > This functionality is enabled with the v8_control_flow_integrity flag > that this CL introduces. > > The code size effect of this change is small for Octane (up to 2% in > some cases but mostly much lower) and negligible for larger benchmarks, > however code size measurements are rather noisy. The performance impact > on current cores (where the instructions are NOPs) is single digit, > around 1-2% for ARES-6 and Octane, and tends to be smaller for big > cores than for little cores. > > Bug: v8:10026 > Change-Id: I0081f3938c56e2f24d8227e4640032749f4f8368 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1373782 > Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#66239} Bug: v8:10026 Change-Id: Id1adfa2e6c713f6977d69aa467986e48fe67b3c2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2051958Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com> Cr-Commit-Position: refs/heads/master@{#66254}
-