Skip to content

V
V8
Switch branch/tag
  1. 02 Mar, 2021 1 commit
  3. 20 Nov, 2020 1 commit
  5. 09 Oct, 2020 1 commit
  7. 01 Oct, 2020 1 commit
    • Dan Elphick's avatar
      [CSA] Tnodify CodeAssembler::Parameter · 74a9b9c4
      Dan Elphick authored 
      CodeAssembler::Parameter now takes a Type template parameter and
performs a checked cast to it. There is also UncheckedParameter which
returns a TNode but doesn't check the cast. The original Parameter
method is still there as UntypedParameter.

Parameter<T>(x) in many cases replaces CAST(Parameter(x)), where the
cast is performed inside Parameter. Since Parameter is not a macro,
this means it cannot see the original expression or its file name and
line number. So the error messages are vaguely useful, Parameter<T>()
takes a SourceLocation parameter which with a default value of
SourceLocation::Current(), which at least gives us the file name and
line number for the error message.

Bug: v8:6949, v8:10933
Change-Id: I27157bec7dc7462210c1eb9c430c0180217d25c1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2435106Reviewed-by: 's avatarBill Budge <bbudge@chromium.org>
Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
Reviewed-by: 's avatarSantiago Aboy Solanes <solanes@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70264}
      74a9b9c4
  9. 29 Sep, 2020 1 commit
  11. 13 Aug, 2020 1 commit
  13. 12 Aug, 2020 1 commit
  15. 28 May, 2020 1 commit
  17. 04 May, 2020 1 commit
  19. 01 May, 2020 1 commit
  21. 28 Feb, 2020 1 commit
    • Seth Brenith's avatar
      Complete Torque definition of JSArrayBuffer · da900ffe
      Seth Brenith authored 
      Previously, our Torque definition of JSArrayBuffer included only the
first two fields. This allowed access to those two fields, but was
somewhat confusing and obviously didn't let Torque code access the
other fields. This change:

- Completes the JSArrayBuffer layout definition;
- Moves the associated bitfield struct definition to Torque;
- Moves a couple of JSArrayBuffer macros to Torque;
- Adds a reducer case so that the code generated using these new macros
  is not worse than what was generated previously.

Change-Id: Ib19c3ba789a33801fa9d0d064cd21d62a1e03e30
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2053769
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66503}
      da900ffe
  23. 17 Feb, 2020 2 commits
  25. 13 Jan, 2020 2 commits
  27. 06 Nov, 2019 1 commit
  29. 05 Nov, 2019 1 commit
  31. 04 Nov, 2019 1 commit
  33. 31 Oct, 2019 1 commit
  35. 30 Oct, 2019 1 commit
  37. 22 Oct, 2019 1 commit
  39. 17 Oct, 2019 1 commit
  41. 10 Oct, 2019 1 commit
  43. 01 Oct, 2019 1 commit
  45. 23 Sep, 2019 1 commit
  47. 19 Sep, 2019 2 commits
    • Igor Sheludko's avatar
      Reland "[ptr-compr] Make on-heap JSTypedArrays smi-corrupting friendly" · dc1a93b8
      Igor Sheludko authored 
      This is a reland of 6f9b2bd4

We must load JSTypedArray::base_pointer in TurboFan as tagged value otherwise
this value may become stale pointer after GC.

Original change's description:
> [ptr-compr] Make on-heap JSTypedArrays smi-corrupting friendly
>
> On-heap typed arrays contain HeapObject value in |base_pointer| field
> and an offset in |external_pointer| field. When pointer compression is
> enabled we want to combine decompression with the offset addition.
> In order to do that we add an isolate root to the external_pointer value
> and therefore the data pointer computation can is a simple addition of
> a (potentially sign-extended) |base_pointer| loaded as Tagged_t value
> and an |external_pointer| value.
>
> Bug: v8:9706
> Change-Id: Id5c546c353c81fb25e3598921bc78165d10a9c44
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1807369
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63874}

Bug: v8:9706, chromium:1005599
Cq-Include-Trybots: luci.chromium.try:gpu-fyi-try-win10-nvidia-rel-64
Change-Id: I7bbd2a439306cdd11f2bb0dab5863498624d9740
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1813744Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
Reviewed-by: 's avatarToon Verwaest <verwaest@chromium.org>
Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63898}
      dc1a93b8
    • Clemens Hammacher's avatar
      Revert "[ptr-compr] Make on-heap JSTypedArrays smi-corrupting friendly" · 815df7d2
      Clemens Hammacher authored 
      This reverts commit 6f9b2bd4.

Reason for revert: Fails on nvidia bots, blocking LKGR: https://ci.chromium.org/p/v8/builders/ci/Win%20V8%20FYI%20Release%20(NVIDIA)/5005

Original change's description:
> [ptr-compr] Make on-heap JSTypedArrays smi-corrupting friendly
> 
> On-heap typed arrays contain HeapObject value in |base_pointer| field
> and an offset in |external_pointer| field. When pointer compression is
> enabled we want to combine decompression with the offset addition.
> In order to do that we add an isolate root to the external_pointer value
> and therefore the data pointer computation can is a simple addition of
> a (potentially sign-extended) |base_pointer| loaded as Tagged_t value
> and an |external_pointer| value.
> 
> Bug: v8:9706
> Change-Id: Id5c546c353c81fb25e3598921bc78165d10a9c44
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1807369
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63874}

TBR=ulan@chromium.org,neis@chromium.org,jgruber@chromium.org,ishell@chromium.org,verwaest@chromium.org

Change-Id: I901280dd191e78d02969600f775c4f0da796921f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9706
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1813027Reviewed-by: 's avatarClemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63886}
      815df7d2
  49. 18 Sep, 2019 1 commit
  51. 16 Sep, 2019 1 commit
  53. 13 Sep, 2019 1 commit
  55. 12 Sep, 2019 2 commits
  57. 04 Sep, 2019 1 commit
  59. 27 Aug, 2019 1 commit
  61. 26 Aug, 2019 1 commit
  63. 23 Aug, 2019 1 commit
  65. 19 Jun, 2019 1 commit
  67. 18 Jun, 2019 1 commit
  69. 12 Jun, 2019 1 commit
    • Seth Brenith's avatar
      [torque] Stricter object field verification, part 1 · 3834c637
      Seth Brenith authored 
      This change adjusts object initialization order for a few classes so
that the GC can never see those objects in an invalid, partially-
initialized state.

AccessorInfo: Just zeros out a few fields upon construction. This is the
simplest case.

FunctionTemplateInfo: Slightly changes the order in which fields are
set, so that the Smi field is set ahead of the call to SetCallHandler,
which can GC. Also a pretty simple case.

JSListFormat, JSPluralRules, JSRelativeTimeFormat, JSSegmenter: The spec
requires that we start with OrdinaryCreateFromConstructor, which has
observable side effects (it fetches the prototype from the new.target).
So we split JSObject::New in half: the first half does all of the user-
visible things and returns a Map, which we can pass to the second half
when we're ready to actually allocate the object.

JSTypedArray: Extends the pattern from JSListFormat into Torque code:
start with a Map and don't allocate the object until we're ready to set
all of its properties.

Bug: v8:9311
Change-Id: Id7703e8a0727ec756c774cfbb56af787658a111a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1646844
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
Reviewed-by: 's avatarSigurd Schneider <sigurds@chromium.org>
Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
Reviewed-by: 's avatarBenedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62123}
      3834c637
  71. 27 May, 2019 1 commit
    • Tobias Tebbi's avatar
      [torque] no longer generate assemblers per namespace · 19d8bfa5
      Tobias Tebbi authored 
      Instead of generating one CodeStubAssembler-like class per namespace,
Torque-generated macros are now free-standing functions not included
from CSA code, and explicitly exported macros become part of the new
TorqueGeneratedExportedMacrosAssembler, which CodeStubAssembler
inherits from, thus making them available to all CSA code.

Structs are now defined in a new header csa-types-tq.h as free-standing
types with the prefix "TorqueStruct".

This is a preparation for generating per Torque-file instead of per
namespace.

Change-Id: I60fadc493a63f85d1d340768ec6f11ae47be0cb8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1628787
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: 's avatarSigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61865}
      19d8bfa5