- 20 Aug, 2020 17 commits
-
-
Maya Lekova authored
This reverts commit d7b20edc. Reason for revert: Introduces data races - https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/32898 Original change's description: > [wasm][ukm] Add tests for Wasm events > > Ensure that events are triggered when a module is decoded, compiled, > instantiated and tiered-up. > > R=clemensb@chromium.org > > Bug: chromium:1092417 > > Change-Id: I9dc87957fc03023c5ab1c4f49e865957c8324e1a > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2351676 > Commit-Queue: Emanuel Ziegler <ecmziegler@chromium.org> > Reviewed-by: Clemens Backes <clemensb@chromium.org> > Cr-Commit-Position: refs/heads/master@{#69508} TBR=clemensb@chromium.org,ecmziegler@chromium.org Change-Id: I9bcfeda1048939a8142f5003b03feab399f9de96 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:1092417 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2366785Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#69509}
-
Emanuel Ziegler authored
Ensure that events are triggered when a module is decoded, compiled, instantiated and tiered-up. R=clemensb@chromium.org Bug: chromium:1092417 Change-Id: I9dc87957fc03023c5ab1c4f49e865957c8324e1a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2351676 Commit-Queue: Emanuel Ziegler <ecmziegler@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#69508}
-
Omer Katz authored
Perform a small marking step whenever we allocate a new lab. Bug: chromium:1056170 Change-Id: I2a09480a254ddb1afc95bf5ef9a70ec27f512d79 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2366698 Commit-Queue: Omer Katz <omerkatz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#69507}
-
Omer Katz authored
This CL adds a bytes based deadline to draining of worklist. The time based deadline is also kept because: 1) Unified heap can't transition to bytes-based deadlines yet. 2) Unified heap with concurrent marking needs to flush v8 references which don't count as marked_bytes and can cause very long incremental pauses. Bug: chromium:1056170 Change-Id: I5ab57754e7ff0b5821f3acb76e1e6f59fc9d68b8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2299374Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/master@{#69506}
-
Lutz Vahl authored
TBR=vahl@chromium.org Change-Id: Ie869b55eccd0bd0d23cc62c7ec7884dbaa8e7c4d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2366701Reviewed-by: Lutz Vahl <vahl@chromium.org> Commit-Queue: Lutz Vahl <vahl@chromium.org> Cr-Commit-Position: refs/heads/master@{#69505}
-
Victor Gomes authored
Adapt GenericJSToWasmWrapper to support reversed arguments stack. Change-Id: I46f6492cd8a933a7670eb2ad436a1ac84b055e60 Bug: v8:10201 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2366702 Auto-Submit: Victor Gomes <victorgomes@chromium.org> Commit-Queue: Victor Gomes <victorgomes@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#69504}
-
Ulan Degenbaev authored
Change-Id: I328dde4ef8265fa15e2dfc7ac689e175465edebd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2366700Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#69503}
-
Milad Farazmand authored
Port 929dd374 Original Commit Message: When CFI is enabled this adds a check against this list whenever a new return address must be set in a deoptimized frame, as a mitigation for ROP attacks. The list is known at linking time so that its content and the pointer to it can be stored in a read-only memory section. The check is performed in the signing function, which is no longer generic, as well as when setting the current pc of the frame. Since the pc is now only signed when setting the caller's pc, there is no need for ReplaceContext anymore. R=salome.thirot@arm.com, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG= LOG=N Change-Id: I5005096811c289707e2d080477c60ae2ed4bf38b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2365372Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#69502}
-
Jakob Gruber authored
To properly test tier-up in the V8 test suite, change the test variant previously called --turbo-nci-as-highest-tier to --turbo-nci-as-midtier. As a midtier (between ignition and turbofan), all major parts of the NCI pipeline (codegen, caching inside the same native context, tier-up) are exercised by test suite. Bug: v8:8888 Change-Id: Ic8ee2f3e3d72768c3869f5e0b25800dd0a5f25b7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2361462 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#69501}
-
Andreas Haas authored
On x64, trap handlers are enabled as part of the default configuration. However, each embedder has to enable trap handlers explicitly, and in the wasm fuzzers, trap handlers were not enabled. This CL enables trap handlers now in all wasm fuzzers. Drive-by change: enable all staged wasm features in the wasm-async fuzzer. R=clemensb@chromium.org Change-Id: Ib7c2addb092551b5554a2b74830e5b67db077909 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2362957 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#69500}
-
Dominik Inführ authored
Heap::UnregisterStrongRoots needs to iterate the list of all strong roots to delete the given slot. This CL changes Heap::RegisterStrongRoots to return the pointer to the linked list node. Heap::UnregisterStrongRoots gets the node as argument and can directly delete it in constant time. The CL also introduces Heap::UpdateStrongRoots which can update a node without locking the mutex. Bug: v8:10315 Change-Id: I2c021517c010a659821f8c10de758bb49b28449f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2364511Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#69499}
-
Zeynep Cankara authored
This CL adds a table to the right side of the each timeline-tracks to display statistics about the log events. Double clicking on an event type notifies other panels about the selected log events with the selected type. Bug: v8:10644 Change-Id: Iae523d46da4f0b6a007b02a2beac23d9c48aca02 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2353457 Commit-Queue: Zeynep Cankara <zcankara@google.com> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#69498}
-
Victor Gomes authored
Change-Id: Idc204cffce49b564d134a93114a03939c3e75f20 Bug: v8:10201 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2307313 Commit-Queue: Victor Gomes <victorgomes@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#69497}
-
Santiago Aboy Solanes authored
This is a reland of ad68de6f Reason for reland: Reverted since another CL got reverted. This cleanup is independent though and can be relanded. Original changes description: > [compiler] Remove unused holder parameter from IF_ACCESS_FROM_HEAP(_C) > > Bug: v8:7790 > Change-Id: I44849f45d1049b8a3c794dd0558b734c1e7061fd > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2362919 > Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> > Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> > Cr-Commit-Position: refs/heads/master@{#69482} Bug: v8:7790 Change-Id: Ib650ef1701168be7a910ff51e30a90e239d5f5c8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2366774 Auto-Submit: Santiago Aboy Solanes <solanes@chromium.org> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/master@{#69496}
-
Dominik Inführ authored
With concurrent allocation background threads invoke Log::IsEnabled() as well. Fix data race here by making is_enabled_ atomic, such that IsEnabled() remains cheap. After locking the mutex in MessageBuilder, IsEnabled() needs to be checked again in case an old value was read. Otherwise we might log even though logging was already disabled on another thread. The other direction where a log message isn't logged is deemed acceptable. Bug: v8:10315 Change-Id: I32c9dd2e9879fbdb4ca94e080a16ddd875de7c30 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2362948 Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#69495}
-
Clemens Backes authored
This reverts commit f0bade97. Reason for revert: Culprit CL reverted: https://crrev.com/c/2364504 Original change's description: > [test] Disable asm-wasm regression test > > Bug: v8:10813 > Change-Id: Ib7b3949147706552a6d569ad5fcd22f2f63d7977 > No-Try: True > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2364496 > Auto-Submit: Maya Lekova <mslekova@chromium.org> > Commit-Queue: Clemens Backes <clemensb@chromium.org> > Reviewed-by: Clemens Backes <clemensb@chromium.org> > Cr-Commit-Position: refs/heads/master@{#69479} TBR=clemensb@chromium.org,mslekova@chromium.org Change-Id: I8047db66eba1e2221654d7018c661551950f2194 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:10813 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2366712Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#69494}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/04505d9..183d29c Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/abfdfbb..c244e33 Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/299e8a2..a4bb1c6 TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com Change-Id: Ifb0321f65a8d3e2e96bb216f24641aeb1e11d49a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2366273Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#69493}
-
- 19 Aug, 2020 23 commits
-
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/78b2991..04505d9 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/5cff4e3..25f1303 NOTREECHECKS=true NOPRESUBMIT=true TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com Change-Id: I76a41e93419494919d8ed64a300e2ee4d530c615 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2364933 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#69492}
-
Liviu Rau authored
This reverts commit dc36a31e. Reason for revert: to trigger builders Original change's description: > Whitespace to trigger builders > > The plan for V8 switch to Starlark: https://docs.google.com/document/d/10zEulEuM9UWMkaU8ZMGT5Nvyg1-fJ6fnGAW5jn4wyVY/edit#heading=h.ux9y8574985 > > No-Presubmit: true > No-Tree-Checks: true > No-Try: true > Bug: v8:10661 > Change-Id: I56edc347ae3adc9eba306e20268745687d7c21b8 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2364500 > Reviewed-by: Maya Lekova <mslekova@chromium.org> > Commit-Queue: Liviu Rau <liviurau@chromium.org> > Cr-Commit-Position: refs/heads/master@{#69490} TBR=clemensb@chromium.org,mslekova@chromium.org,liviurau@chromium.org Change-Id: I458560eaefacece3faab0c075e749417be1a814d No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:10661 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2365113Reviewed-by: Liviu Rau <liviurau@chromium.org> Commit-Queue: Liviu Rau <liviurau@chromium.org> Cr-Commit-Position: refs/heads/master@{#69491}
-
Liviu Rau authored
The plan for V8 switch to Starlark: https://docs.google.com/document/d/10zEulEuM9UWMkaU8ZMGT5Nvyg1-fJ6fnGAW5jn4wyVY/edit#heading=h.ux9y8574985 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:10661 Change-Id: I56edc347ae3adc9eba306e20268745687d7c21b8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2364500Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Liviu Rau <liviurau@chromium.org> Cr-Commit-Position: refs/heads/master@{#69490}
-
Ng Zhi An authored
Load extends always load 8 bytes, so the access size does not depend on MachineType of the load. The MachineType is used for classifying the lane shape of the 8-byte load. Also add cctest to load splats and load extends to test OOB. (Note that load splats access size depends on MachineType). Add regression test from clusterfuzz, minimized by ahaas@. Remove the `--no-wasm-trap-handler` flag since we have a no_wasm_traps variant that should test this flag. Bug: chromium:1116019 Change-Id: I27ba051d0536ca0f6fd75dd641ca9b78132dafed Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2363291 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#69489}
-
Dominik Inführ authored
CanonicalHandleScope is now also used on background threads. Therefore Heap::RegisterStrongRoots and Heap::UnregisterStrongRoots are not exclusively used on the main thread anymore. Simply protect this list with a mutex. Bug: v8:10315, v8:10814 Change-Id: Id08269c9f7fecae8c570ab711c522d111b06b005 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2364503Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#69488}
-
Clemens Backes authored
This reverts commit 7b9a0c20. Reason for revert: Different tests start flaking, e.g. https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20gc%20stress/29532 Original change's description: > [compiler] Replace ScopeInfoData with direct reads > > As part of this, introduce a new ObjectData kind for objects that we > want to read directly from the background thread rather than serialize. > ScopeInfoRef is the first user of that. > > For details, see: > https://docs.google.com/document/d/1U6x6Q2bpylfxS55nxSe17yyBW0bQG-ycoBhVA82VmS0/edit?usp=sharing > > Bug: v8:7790 > Change-Id: Ia3cda4f67d3922367afa4a5da2aeaae7160cf1f2 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2346405 > Auto-Submit: Georg Neis <neis@chromium.org> > Commit-Queue: Georg Neis <neis@chromium.org> > Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> > Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org> > Cr-Commit-Position: refs/heads/master@{#69473} TBR=neis@chromium.org,solanes@chromium.org,nicohartmann@chromium.org Change-Id: Ide5a4a583547b63cc9accfb93fcadb97b8100e8a No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:7790 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2364504Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#69487}
-
Clemens Backes authored
This reverts commit ad68de6f. Reason for revert: Previous CL needs to be reverted (https://crrev.com/c/2364504) Original change's description: > [compiler] Remove unused holder parameter from IF_ACCESS_FROM_HEAP(_C) > > Bug: v8:7790 > Change-Id: I44849f45d1049b8a3c794dd0558b734c1e7061fd > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2362919 > Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> > Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> > Cr-Commit-Position: refs/heads/master@{#69482} TBR=solanes@chromium.org,nicohartmann@chromium.org Change-Id: Iffc7a44faec8a03583aa968271a5d0e6317317a7 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:7790 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2364506Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#69486}
-
Clemens Backes authored
The number of constants stored in locals and the merge region can be arbitrarily big, thus generating arbitrarily long code for a single `br_if`. This happened in particular for unoptimized code. This CL solves this by materializing all constants (in registers or on the stack) before doing a conditional branch. This ensures that in a series of `br_if`s, each constant is only spilled once instead of on each single branch. For the linked bug, this reduces the total generated code size by ~36%. R=thibaudm@chromium.org Bug: chromium:1117033 Change-Id: I84ea2ea9ba4d3de9b042ceb223af15c3d73dc5b8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2364498Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#69485}
-
Jakob Gruber authored
This is part two of the implementation (part 1: heuristics in NCI code to call the runtime profiler, part 2: heuristics in the runtime profiler to mark the function for optimization, part 3: the final part, recognizing and acting upon the marked function). The runtime profiler heuristics added here remain very similar to what we have for ignition, except that we now inspect optimized frames with NCI code, and that we (currently) do not OSR from NCI to TF. Bug: v8:8888 Change-Id: Ie88b0a0dcee16334cea585c771a4b505035f2291 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2358748 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Cr-Commit-Position: refs/heads/master@{#69484}
-
Santiago Aboy Solanes authored
Bug: v8:9708, v8:6949 Change-Id: I1e06f7c87ea05ccb8c73571e9148ff0cb9f574a6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2362951Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#69483}
-
Santiago Aboy Solanes authored
Bug: v8:7790 Change-Id: I44849f45d1049b8a3c794dd0558b734c1e7061fd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2362919 Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/master@{#69482}
-
Santiago Aboy Solanes authored
Drive-by: Remove a parameter that had to be SKIP_WRITE_BARRIER. Bug: v8:9708, v8:6949 Change-Id: Ib5d0521f255a92749440a5001dab8b59eb078bf9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2362950Reviewed-by: Mythri Alle <mythria@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#69481}
-
Omer Katz authored
This CL adds a basic implementation of incremental marking for standalone GC. Followup CLs include: * Use bytes instead of time as deadline * Port incremental marking schedule from blink * Mark on allocation * Guarantees for progres/termination for standalone GC * etc... Calling StartIncrementalGarbageCollection triggers StartMarking which schedules incremental marking as non-nestable tasks. For unified heap, marking will continue running until it runs out of work but it won't finalize independently. For standalone, when incremental runs out of work it will schedule a new task in which it will finalize marking and trigger the rest of the GC. Users of standalone can also force finalization before incremental marking as finished using FinalizeIncrementalGarbageCollectionIfRunning. Calling CollectGarbage would also finalize an on-going incremental GC if one exists. Otherwise it will trigger an atomic GC. See the following doc for explanation of the various methods: https://docs.google.com/document/d/1ZhJY2fOoD8sH53ZxMh2927Zl8sXqA7azJgcQTWx-YKs/edit?usp=sharing Bug: chromium:1056170 Change-Id: I75ead414eb9da9f8b7f71c4638b9830fce7708ca Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2298009 Commit-Queue: Omer Katz <omerkatz@chromium.org> Reviewed-by: Anton Bikineev <bikineev@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#69480}
-
Maya Lekova authored
Bug: v8:10813 Change-Id: Ib7b3949147706552a6d569ad5fcd22f2f63d7977 No-Try: True Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2364496 Auto-Submit: Maya Lekova <mslekova@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#69479}
-
Salome Thirot authored
When CFI is enabled this adds a check against this list whenever a new return address must be set in a deoptimized frame, as a mitigation for ROP attacks. The list is known at linking time so that its content and the pointer to it can be stored in a read-only memory section. The check is performed in the signing function, which is no longer generic, as well as when setting the current pc of the frame. Since the pc is now only signed when setting the caller's pc, there is no need for ReplaceContext anymore. Bug: v8:10026 Change-Id: I5e85a62b94722051716fdeba476db383c702a318 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2287490Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Rodolph Perfetta <rodolph.perfetta@arm.com> Cr-Commit-Position: refs/heads/master@{#69478}
-
Jakob Kummerow authored
When running with --verify-heap, ObjectVerify() is invoked for every live object anyway, so there is no need for individual FooVerify() implementations to recursively request verification of their sub-objects. If they do, (a) it is duplicated work of O(n²) complexity, and (b) it can cause fuzzer-generated tests to crash because they run out of stack space when they trigger heap verification with very little stack space left. Fixed: chromium:1106426 Change-Id: Ib9bd444806b148fffc23d635f931dfe73fe7e4ce Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2358746 Auto-Submit: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#69477}
-
Anton Bikineev authored
The issue popped up while implementing conservative stack scanning in V8. Bug: v8:10614 Change-Id: I7edc6ca1f248f45b10be0fa45e28a98fd2b03840 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2362651 Auto-Submit: Anton Bikineev <bikineev@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#69476}
-
Maya Lekova authored
This reverts commit 7964ac86. Reason for revert: Introduces a data race - https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/32870 Original change's description: > [compiler] Replace HeapNumberData with direct reads > > Bug: v8:7790 > Change-Id: I3fbbbd36900146111f83596fd6615a2e4a4f5d33 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2362952 > Commit-Queue: Georg Neis <neis@chromium.org> > Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org> > Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> > Cr-Commit-Position: refs/heads/master@{#69474} TBR=neis@chromium.org,solanes@chromium.org,nicohartmann@chromium.org Change-Id: Idd17677b2083acf452195a88cb5c363034b43c5f No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:7790 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2364493Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#69475}
-
Georg Neis authored
Bug: v8:7790 Change-Id: I3fbbbd36900146111f83596fd6615a2e4a4f5d33 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2362952 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/master@{#69474}
-
Georg Neis authored
As part of this, introduce a new ObjectData kind for objects that we want to read directly from the background thread rather than serialize. ScopeInfoRef is the first user of that. For details, see: https://docs.google.com/document/d/1U6x6Q2bpylfxS55nxSe17yyBW0bQG-ycoBhVA82VmS0/edit?usp=sharing Bug: v8:7790 Change-Id: Ia3cda4f67d3922367afa4a5da2aeaae7160cf1f2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2346405 Auto-Submit: Georg Neis <neis@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#69473}
-
Emanuel Ziegler authored
Add an event for recording metrics related to instantiating Wasm modules. R=clemensb@chromium.org Bug: chromium:1092417 Change-Id: I5c87aba7d2cdb012951249b336684580595844cd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2351675 Commit-Queue: Emanuel Ziegler <ecmziegler@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#69472}
-
Santiago Aboy Solanes authored
We can create a new macro to skip the xxxData classes and read directly from the heap. Bug: v8:7790 Change-Id: I8de9ba0aee78c74d4c3113eb6bc4870a314de552 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2362687 Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#69471}
-
Emanuel Ziegler authored
Add an event for recording metrics related to compiling Wasm modules. This provides different events for both baseline compilation and tier-up. R=clemensb@chromium.org Bug: chromium:1092417 Change-Id: Ib5ea7f5ba9e91e2c34473e666eea1c6dc6a97037 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2351674 Commit-Queue: Emanuel Ziegler <ecmziegler@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#69470}
-