- 14 Feb, 2020 7 commits
-
-
Santiago Aboy Solanes authored
Bug: v8:10155 Change-Id: Ia2eee32bface83bedeb52eb2b214809b5c657702 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2056471 Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Reviewed-by: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#66272}
-
Santiago Aboy Solanes authored
It was using nullptr to signal that it was empty. Bug: v8:10155 Change-Id: I0844d6a2bfacb1fd35ba83c24307de86f77f4e40 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2056470Reviewed-by: Dan Elphick <delphick@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#66271}
-
Pengyu Chen authored
The method has been non-const since initially introduced in de070ccf. Here's a minor change to make it const, for it may/shall be, for other similar methods are, and for making it easier for future changes (accessing this method in another const method, etc.). Change-Id: I3449214fc086403fc9b24b6f502ca20ac0b1426a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2055123Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#66270}
-
Georgia Kouveli authored
Change-Id: Ied0ee7f9c343dc802dec53c3d717a0ca359b504b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2050398Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com> Cr-Commit-Position: refs/heads/master@{#66269}
-
Dan Elphick authored
Since the size of the parameters and locals inputs is already stored on the FrameStateFunctionInfo, this skips the calls to size() and just reuses the previous values. The stack parameter can only have a size of 0 or 1 depending on whether it's a InterpretedFunction frame or not. It also extends the verifier to check that the values to match those returned by StateValueAccess::size and changes a unit test that added a TypedStateValues of size 2 to the stack input. Bug: v8:10051 Change-Id: I3693c04b4677812b9f19491c198d0551df20f817 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2047045Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#66268}
-
Michael Achenbach authored
This skips gay-*.cc cctest files for lint checking. The files contain 99.9% data not structures. Alternatively, maybe the data could be moved to non-cc resource files. This speeds up v8_presubmit without caching locally from 39s to 23s. This is how it's executed on the continuous CI builder. No-Try: true Change-Id: Ide58618a0b1ecd5900b5c9633d584c59b559df32 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2056463Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#66267}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/7aa6ce1..b3e662d Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/2d81e78..0b15317 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/e9ed65a..86fbe04 Rolling v8/third_party/zlib: https://chromium.googlesource.com/chromium/src/third_party/zlib/+log/b9b9a5a..c2eb8a7 TBR=machenbach@chromium.org,tmrts@chromium.org Change-Id: I86d79945eaded4a552a946a63f55cae0b92dadc8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2054531Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#66266}
-
- 13 Feb, 2020 13 commits
-
-
Thibaud Michaud authored
The previous code was relying on {compilation_unit_builder_} to check if a section was after or before the code section. This only works for the first section after code section, since the compilation unit builder is then reset. Use an additional field to track this instead. R=clemensb@chromium.org Bug: chromium:1051912 Change-Id: Id1dfa803ecde2cf77f206ea781c007fc61168942 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2054099 Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#66265}
-
Milad Farazmand authored
LoadTransform cannot efficiently be executed on BE machines as a single operation since loaded bytes need to be reversed to match BE ordering before any operations can take place. This CL divides LoadTransform into separate "load" and "operation" nodes on BE machines. Change-Id: Idc3f66d7f17647c189c75593e8906f8645448006 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2050811 Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com> Reviewed-by: Zhi An Ng <zhin@chromium.org> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Cr-Commit-Position: refs/heads/master@{#66264}
-
Shu-yu Guo authored
Bug: v8:10155 Change-Id: Ie58924fdbdb2267ec7d7e3cc63d9cd504fd4f4d1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2053079 Auto-Submit: Shu-yu Guo <syg@chromium.org> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/master@{#66263}
-
Pengyu Chen authored
May override the global symbol_level config. Useful for debugging V8 within a release Chromium, like v8_enable_debugging_features. Change-Id: Ie081b5110dc93914cbe53fdde3cdec77822b9819 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2051959 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#66262}
-
Jakob Gruber authored
These tests are likely missing %PrepareFunctionForOptimization annotation of lambdas. Thus lambdas are no longer inlined and %DeoptimizeNow does nothing, while the entire point of these tests is to test deoptimization paths. Disabling lazy feedback allocation is a quick fix to restore coverage until we can land a more complete fix (for details see the linked bug). Bug: v8:10195 Change-Id: I4038cdc5718230253ffb5bbc57d574342c652377 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2054096 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Auto-Submit: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#66261}
-
Dominik Inführ authored
Use similar strategy to scavenger when calculating number of parallel compaction tasks. Do not add task for each page but every fourth page. Bug: chromium:1051883 Change-Id: Iaba3046de9c9a3ab63c0e7afcc6e4a9c398c5a10 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2054097Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#66260}
-
Maya Lekova authored
The GC suspect was GetAbstractPC. Fixed: v8:9990, v8:9987, chromium:1048038 Change-Id: I86a27e2098589dbf6af0808d6770c5e69987f1f7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2050394 Commit-Queue: Maya Lekova <mslekova@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#66259}
-
Georg Neis authored
The fix in b8b60750 was insufficient. The bug is that induction variable typing does not take into account that the value can become NaN through addition or subtraction of Infinities. The previous fix incorrectly assumed that this can only happen when the initial value of the loop variable is an Infinity. Bug: chromium:1051017 Change-Id: I8c9ffb2925288b80c00e18e7bc22a556bf540733 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2051957 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#66258}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/e63171f..7aa6ce1 Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/a7875df..2d81e78 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/1de518c..e9ed65a TBR=machenbach@chromium.org,tmrts@chromium.org Change-Id: I798e4ec09c8ed8fe21befc88db973e76181b733f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2053352Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#66257}
-
Jakob Kummerow authored
In the final version of our pointer compression scheme, decompression uses zero-extension of the compressed value. The API copy of that code erroneously still used a sign-extending decompression from an earlier iteration of the scheme. Bug: v8:9706, v8:10198 Change-Id: I17c3a52d26ce26bc0623627d725f686c379fbd6e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2051954 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#66256}
-
Georg Neis authored
Bug: chromium:1051017 Change-Id: I597363417d905bc65522d64ebfa2cbf9dde4b98f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2054086Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#66255}
-
Georgia Kouveli authored
This is a reland of 137bfe47 Original change's description: > [arm64] Protect return addresses stored on stack > > This change uses the Arm v8.3 pointer authentication instructions in > order to protect return addresses stored on the stack. The generated > code signs the return address before storing on the stack and > authenticates it after loading it. This also changes the stack frame > iterator in order to authenticate stored return addresses and re-sign > them when needed, as well as the deoptimizer in order to sign saved > return addresses when creating new frames. This offers a level of > protection against ROP attacks. > > This functionality is enabled with the v8_control_flow_integrity flag > that this CL introduces. > > The code size effect of this change is small for Octane (up to 2% in > some cases but mostly much lower) and negligible for larger benchmarks, > however code size measurements are rather noisy. The performance impact > on current cores (where the instructions are NOPs) is single digit, > around 1-2% for ARES-6 and Octane, and tends to be smaller for big > cores than for little cores. > > Bug: v8:10026 > Change-Id: I0081f3938c56e2f24d8227e4640032749f4f8368 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1373782 > Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#66239} Bug: v8:10026 Change-Id: Id1adfa2e6c713f6977d69aa467986e48fe67b3c2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2051958Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com> Cr-Commit-Position: refs/heads/master@{#66254}
-
Leszek Swirski authored
This is a reland of 453e1a3b Added canonical "empty" arrays to ScannerStream::ForTesting, for the zero-length nullptr data case. Original change's description: > [offthread] Add SFI support to OffThreadFactory > > Add support for off-thread SharedFunctionInfo allocation, which > includes UncompiledData and PreparseData allocation. > > Bug: chromium:1011762 > Change-Id: Ia10f9ce762c7d7eb1108b9e71da75131dce919b7 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2050393 > Commit-Queue: Leszek Swirski <leszeks@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Cr-Commit-Position: refs/heads/master@{#66246} TBR=ulan@chromium.org Bug: chromium:1011762 Change-Id: I37d2c6b9317548922913887940a0164cc2067efb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2054085Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#66253}
-
- 12 Feb, 2020 20 commits
-
-
Shu-yu Guo authored
R=ulan@chromium.org Bug: v8:8179 Change-Id: I9626bd070453ce1b7d4b91cf78b9f75b74dfddbe Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2051605 Commit-Queue: Shu-yu Guo <syg@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#66252}
-
Shu-yu Guo authored
A FinalizationGroup that needs cleanup should not artificially prolong its lifetime by being on the dirty list. R=ulan@chromium.org Bug: v8:8179 Change-Id: I19f102d154a9ac43b549b7d833d0c3ca7e61c6d0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2051562Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/master@{#66251}
-
Shu-yu Guo authored
Though the task is never explicitly canceled, making it cancelable ensures that it is canceled on Isolate teardown. R=ulan@chromium.org Bug: v8:8179 Change-Id: Ic3912b7acc7249aed8397010c98dc407222e84be Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2049898Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/master@{#66250}
-
Shu-yu Guo authored
R=ulan@chromium.org Bug: v8:8179 Change-Id: I2ca1c0fd5f02e638b082a2283a8a0c816764c101 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2050092Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/master@{#66249}
-
Maya Lekova authored
Handle the undefined promiseOrCapability case in RejectPromiseReactionJob and FulfillPromiseReactionJob. Fixed: chromium:1046213 Change-Id: If6f51c28189a27476969c7b5b456741b5be829be Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2050399 Commit-Queue: Maya Lekova <mslekova@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#66248}
-
Maya Lekova authored
This reverts commit 453e1a3b. Reason for revert: Makes UBSan unhappy - https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20UBSan/9893 Original change's description: > [offthread] Add SFI support to OffThreadFactory > > Add support for off-thread SharedFunctionInfo allocation, which > includes UncompiledData and PreparseData allocation. > > Bug: chromium:1011762 > Change-Id: Ia10f9ce762c7d7eb1108b9e71da75131dce919b7 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2050393 > Commit-Queue: Leszek Swirski <leszeks@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Cr-Commit-Position: refs/heads/master@{#66246} TBR=ulan@chromium.org,leszeks@chromium.org,ishell@chromium.org Change-Id: I26bc40ec1c351613f19745aed83f0c3a9fdd9a20 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:1011762 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2052172Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#66247}
-
Leszek Swirski authored
Add support for off-thread SharedFunctionInfo allocation, which includes UncompiledData and PreparseData allocation. Bug: chromium:1011762 Change-Id: Ia10f9ce762c7d7eb1108b9e71da75131dce919b7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2050393 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#66246}
-
Nico Hartmann authored
Bug: v8:10197 Change-Id: Ifb2ad539e86ae7232a08ab96b587db7ff128cd11 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2051953 Auto-Submit: Nico Hartmann <nicohartmann@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#66245}
-
Wez authored
Fuchsia's SDK will soon provide GN rules include one for declaring fuchsia package targets. Since the SDK-provided rule works differently from the Chromium one but is called fuchsia_package(), we need to rename the Chromium rule to avoid them clashing. Bug: chromium:1050703 Change-Id: Ia2fcba8e32f311e6859590d9c95730ffe6875192 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2050388Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Wez <wez@chromium.org> Cr-Commit-Position: refs/heads/master@{#66244}
-
Michael Achenbach authored
This will allow sharing the configs between Python and JavaScript based fuzzers. No-Try: true Bug: chromium:1044942 Change-Id: Idd47ad31430cfed0629dbb5b9dd5fd2ef8c764f6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2051951Reviewed-by: Liviu Rau <liviurau@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#66243}
-
Nico Hartmann authored
This reverts commit 137bfe47. Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Arm%20-%20debug/13072 Original change's description: > [arm64] Protect return addresses stored on stack > > This change uses the Arm v8.3 pointer authentication instructions in > order to protect return addresses stored on the stack. The generated > code signs the return address before storing on the stack and > authenticates it after loading it. This also changes the stack frame > iterator in order to authenticate stored return addresses and re-sign > them when needed, as well as the deoptimizer in order to sign saved > return addresses when creating new frames. This offers a level of > protection against ROP attacks. > > This functionality is enabled with the v8_control_flow_integrity flag > that this CL introduces. > > The code size effect of this change is small for Octane (up to 2% in > some cases but mostly much lower) and negligible for larger benchmarks, > however code size measurements are rather noisy. The performance impact > on current cores (where the instructions are NOPs) is single digit, > around 1-2% for ARES-6 and Octane, and tends to be smaller for big > cores than for little cores. > > Bug: v8:10026 > Change-Id: I0081f3938c56e2f24d8227e4640032749f4f8368 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1373782 > Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#66239} TBR=rmcilroy@chromium.org,mstarzinger@chromium.org,neis@chromium.org,georgia.kouveli@arm.com Change-Id: I57d5928949b0d403774550b9bf7dc0b08ce4e703 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:10026 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2051952Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/master@{#66242}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/9e32f61..e63171f Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/ea794b8..a7875df Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/64c5af3..1de518c Rolling v8/third_party/fuchsia-sdk: https://chromium.googlesource.com/chromium/src/third_party/fuchsia-sdk/+log/19c8ac5..b5a25d5 TBR=machenbach@chromium.org,tmrts@chromium.org Change-Id: I914ad4bb38f867a29308d91fe8734756a82e0157 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2049873Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#66241}
-
Seth Brenith authored
The list of forward declarations required in the generated file bit-fields-tq.h is already somewhat unwieldy and will run into serious problems when we attempt to use enums that are defined within classes, such as JSDateTimeFormat::DateTimeStyle. After a brief discussion today, the cleanest solution we arrived at is to generate macros instead. Change-Id: I654e10efbab5a1a0a340fa565c51ff1da34badaa Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2050830Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com> Cr-Commit-Position: refs/heads/master@{#66240}
-
Georgia Kouveli authored
This change uses the Arm v8.3 pointer authentication instructions in order to protect return addresses stored on the stack. The generated code signs the return address before storing on the stack and authenticates it after loading it. This also changes the stack frame iterator in order to authenticate stored return addresses and re-sign them when needed, as well as the deoptimizer in order to sign saved return addresses when creating new frames. This offers a level of protection against ROP attacks. This functionality is enabled with the v8_control_flow_integrity flag that this CL introduces. The code size effect of this change is small for Octane (up to 2% in some cases but mostly much lower) and negligible for larger benchmarks, however code size measurements are rather noisy. The performance impact on current cores (where the instructions are NOPs) is single digit, around 1-2% for ARES-6 and Octane, and tends to be smaller for big cores than for little cores. Bug: v8:10026 Change-Id: I0081f3938c56e2f24d8227e4640032749f4f8368 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1373782 Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#66239}
-
Michael Achenbach authored
We ensure now that fuzzers don't produce the f.arguments pattern and instead replace it with a random variable. No-Try: true Bug: chromium:1044942, chromium:1020573 Change-Id: I899985f1a238f36d10fb22f76d93b7d5f444eab1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2051944Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#66238}
-
Michael Achenbach authored
This ports: https://crrev.com/c/2044885 TBR=nicohartmann@chromium.org Bug: chromium:1049700 Change-Id: Ib80c2a2e899a87bc7fb01961ef58946851017266 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2051945Reviewed-by: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#66237}
-
Dominik Inführ authored
Enable --always-promote-young-mc by default. This enforces that the young generation is empty after a full GC to simplify the implementation of some features. For example array buffer sweeping already assumes that this flag is enabled. Bug: v8:10064 Change-Id: I9d3873b9eb7bec4de897c5c95bdc514d165265d1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2051943Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#66236}
-
Leszek Swirski authored
Clean-up a couple of CAS loops to avoid loading after a compare_exchange (which updates the old value), and to loosen the memory ordering to acquire-release to avoid unnecessary fences. Change-Id: Ifb8e5e5136f687ca5a71417a5d131a7023add054 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2050390 Auto-Submit: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#66235}
-
Santiago Aboy Solanes authored
We were calling setup for both the setup and the run. Bug: v8:10155 Change-Id: Id60df16ad8c98f443dc1b1a9a2155000999ab815 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2039431Reviewed-by: Mythri Alle <mythria@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#66234}
-
Michael Achenbach authored
Un-ignore some files that only failed in obsolete comparisons. We don't compare eager anymore and console functions are mocked out in d8 by now. The exponentiation operator bug doesn't repro anymore. No-Try: true Bug: chromium:1044942 Change-Id: I0a572836bc9a4a6aa4736447f638a522ff8e8168 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2050400Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#66233}
-