- 21 Jun, 2019 17 commits
-
-
Irina Yatsenko authored
This is a reland of 02103b27 Fix for the original build break: build android with noop crashkeys for now Original change's description: > Add Crash Keys support > > This adds crash keys containing the isolate address and addresses of > the read_only, map, and code spaces to crash report minidumps. > When not compiling V8 with Chrome, a noop implementation is used. > > Bug: v8:9323 > Change-Id: I8523630e7a4ff792855163c06bf76dab35b1b9e5 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1641326 > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> > Commit-Queue: Irina Yatsenko <irinayat@microsoft.com> > Cr-Commit-Position: refs/heads/master@{#62059} Bug: v8:9323 Change-Id: I6bb115ad14b2ce5865f4d8fb255245c38fb0cd14 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1658505 Commit-Queue: Irina Yatsenko <irinayat@microsoft.com> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#62320}
-
Ross McIlroy authored
Calling FindIndexInScript performs a linear search on the script functions and can take considerable time. With Bytecode flushing we will lose the function_literal_id and have to call FindIndexInScript if we ever recompile the flushed function. This can take a significant proportion of the recompilation time and has caused regressions in rendering times for some web applications (e.g, 395ms in FindIndexInScript for 132ms spent lazily re-compiling code). To avoid this, add function_literal_id back into the SFI and remove it from UnoptimizedCompileInfo. This will slightly regress memory usage (particularly in cases where many of the SFIs are compiled), however it means we can remove the FindIndexInScript function and avoid these long-tail regressions when bytecode is flushed. BUG=chromium:965833 Change-Id: Ia31e82eb6c871a6d698a518326a8555822a7a1d8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669700Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#62319}
-
Daniel Clark authored
Convert the new class SourceTextModuleRecord to use Torque to define its fields. Bug: v8:9292 Change-Id: Iddad3b266dd0dc122aee510cc41c69be27988c4a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1668011 Commit-Queue: Dan Clark <daniec@microsoft.com> Reviewed-by: Georg Neis <neis@chromium.org> Auto-Submit: Dan Clark <daniec@microsoft.com> Cr-Commit-Position: refs/heads/master@{#62318}
-
Sigurd Schneider authored
Rework the implementation of non-external Torque classes to use Struct machinery rather than FixedArray machinery. This allows Torque-only defined 'internal' classes to the automatically generate class verifiers and printers. As part of this change, generate C++ boilerplate accessors for internal Torque classes, since this is a pre-requisite for the verifiers, printers and other Struct-based functionality. Moreover, augment the header-generating functionality in Torque to create separate header files for field offset definitions, internal class C++ definitions and instance types. Bug: v8:7793 Change-Id: I47d5f1570040c2b44d378f23b6cf95d3d132dacc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1607645 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#62317}
-
Irina Yatsenko authored
The extensions require isolate address to be set but don't rely on calling any runtime functions, which makes them viable for post-mortem debugging, if the corresponding memory is included into the dump !set_iso(isolate_address) call this function before using !mem or other heap routines !mem or !mem(\"space1[ space2 ...]\") prints memory chunks from the 'space' owned by the heap in the isolate set by !set_iso; valid values for 'space' are: new, old, map, code, lo [large], nlo [newlarge], ro [readonly] if no 'space' specified prints memory chunks for all spaces, e.g. !mem(\"code\"), !mem(\"ro new old\") !where(address) prints name of the space and address of the MemoryChunk the 'address' is from, e.g. !where(0x235cb869f9) Output from !mem would look something like this: 0:000> !mem("old") Heap at 0x210652b8838 Im address: object area start - end (size) OldSpace (allocating at: 0x1703dae7a20): * 0x33d9a8c0000: 0x33d9a8c0138 - 0x33d9a8f1000 (0x31000) 0x1703dac0000: 0x1703dac0138 - 0x1703db00000 (0x40000) Change-Id: Iae1a217bbc5c5a88e2cf742db88ead9bb6fc904c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669744 Commit-Queue: Irina Yatsenko <irinayat@microsoft.com> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Sergiy Belozorov <sergiyb@chromium.org> Cr-Commit-Position: refs/heads/master@{#62316}
-
Andreas Haas authored
The table.copy instruction used the indirect_function_table_size field of the instance for bounds-checks. However, when Table 0 is of type anyref, this field is not set. Now we use the actual size of the table instead. R=clemensh@chromium.org Bug: chromium:977101 Change-Id: Idda9cfe228141877747ed9a824936a1232f58cf8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669695 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#62315}
-
Andreas Haas authored
The {indirect_function_table_size} field of the instance was initialized with the size of the first anyfunc table. However, this field should only be set if Table 0 is of type anyfunc. R=clemensh@chromium.org Bug: chromium:977101 Change-Id: I4729feb6b67387ccda53d17179a34d719347efed Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669697Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#62314}
-
Sigurd Schneider authored
TBR=ishell@chromium.org Change-Id: Iba69e556519a76334b9a3a1a0ece9a67f7f69cf2 Bug: v8:8855 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669696 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#62313}
-
Clemens Hammacher authored
The platform is allowed to remove the foreground task without ever executing it if the isolate is shutting down. This can happen immediately when spawning the task. This would leave a stale pointer to the deleted task in the engine, and can lead to UAF. Thus deregister the task also from the destructor. At that point, we do not need to report back any live code for that isolate. R=ahaas@chromium.org Bug: v8:8217, chromium:971293 Change-Id: I7081efde8f306649d08956e758254a8875db8271 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669694Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#62312}
-
Milad Farazmand authored
Port 20d29a36 Original Commit Message: This disallows using CSA macros from Torque that have a Node* return type instead of TNode<>. By enforcing CSA types at the boundary between CSA and Torque, we can ensure that the Torque types and the CSA types match. As a drive-by, this CL adds a bit more of CSA typing where it made sense. R=tebbi@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG= LOG=N Change-Id: I531531e9029875b7685a9d775410ec9f924f8b69 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669827Reviewed-by: Junliang Yan <jyan@ca.ibm.com> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#62311}
-
Georg Neis authored
A few are still left and made explicit with Allow* scopes. Bug: v8:7790 Change-Id: I85e78949730d046d3449e0cee70997e60a043825 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1622108 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#62310}
-
Sigurd Schneider authored
v8memory.h does not have V8 specific definitions, and having it in base makes it clear that every component may include the file. It also ensures that including it does not create spurious dependencies on v8_base. Change-Id: I565f63b25f33a9ada19d7b2ac5990863ab17f4a7 Bug: v8:9183, v8:8855 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1657923 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#62309}
-
Stephen Kyle authored
The stub cache doubles in size when switching to 64-bit. The references stored in it are not currently compressed even with ptr-compr enabled. This patch compresses those references so the table is the same size on 32- and 64-bit architectures, which is beneficial on benchmarks which utilise the stub cache heavily. Reducing the stub cache size has lead to an improvement of 0.7% in runs/minute being observed on Speedometer on a Pixel device, and 0.4% on a Pixel3 device. Also add constructors to [Strong]TaggedValue to support compression. Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng Change-Id: I3b643d674356deaa129588189df7adfc91d15db4 Bug: v8:7703 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1635694 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#62308}
-
Dan Elphick authored
Moves Bytecode::IsBytecodeEqual from objects.cc to code.cc. Bug: v8:9183 Change-Id: I1f6ff1cc388c5f22de951bc75514dd08c25e500a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1667420 Auto-Submit: Dan Elphick <delphick@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#62307}
-
Sigurd Schneider authored
Adds basic support for CompressedHeapConstants to Arm64 by moving to a ldr_w instruction and passing COMPRESSED_EMBEDDED_OBJECT as the RelocInfo. However, we still haven't made the COMPRESSED_EMBEDDED_OBJECT be actually compressed in the code-stream (they still take up a full 64-bits). Support for this will be added next. Adding a test on macro assembler that checks that the RelocInfo::COMPRESSED_EMBEDDED_OBJECT is flowing through. Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng Bug: v8:8977, v8:7703, v8:9298 Change-Id: Ibc64cdfdd85d5cdfa060ed6227b10bb47eae3a8a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1635692Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#62306}
-
Daniel Bratell authored
Right now there is both a v8::internal::RegExp class and a v8::RegExp class so when code says just "RegExp" the name lookup depends on what the compiler knows. In some jumbo builds the compiler suddenly knew about v8::internal::RegExp which made the symbol lookup choose that class instead of v8::RegExp. Bug: v8:9359 Change-Id: Ic226d187a397ef2ed4e1e7b415c4f68ba72aa0e6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669688 Auto-Submit: Daniel Bratell <bratell@opera.com> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#62305}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/7f6e669..6ccf6a3 Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/26377fc..94c77e7 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/b1a3e41..125f7cc Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/3937806..a8fe285 TBR=machenbach@chromium.org,sergiyb@chromium.org,tmrts@chromium.org Change-Id: I91d4427a4e7b3befa189144d95330ca30d602fbd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1670608Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#62304}
-
- 20 Jun, 2019 5 commits
-
-
Dan Elphick authored
Makes the order of the generated calls to the Runtime function DefineAccessorPropertyUnchecked fixed regardless of hashseed so that recompilation for lazy source positions always generates the same result. Moves AccessorTable from src/ast/ast.h to bytecode-generator.cc since that's the only place that uses it. Bug: v8:9383, v8:8510 Change-Id: I89e0aad1683a793714bfb48eca1b00abe20cad0a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669689 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#62303}
-
Maciej Goszczycki authored
This is a reland of a5fa211f des_checksum and call_once_run were undefined and unused respectively when shared read-only heap was enabled. Fixed with a copious amounts of USE. Original change's description: > [roheap] Check that ro-heap is always passed the same read-only snapshot > > Previously the ReadOnlyHeap simply discarded all but the first > ReadOnlyDeseralizer. ClearSharedHeapForTest should be called if using a > new ReadOnlyDeserializer (this might change in the future). > > Remove an obsolete 'StartupSerializerRootMapDependencies' test. It used > to test Map::WeakCellForMap which doesn't exist anymore and was > difficult to adapt to a shared read-only heap. > > Bug: v8:7464 > Change-Id: I64b8e953b0e3466e003541ec8a9321e439a01d33 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1660612 > Reviewed-by: Yang Guo <yangguo@chromium.org> > Reviewed-by: Dan Elphick <delphick@chromium.org> > Commit-Queue: Maciej Goszczycki <goszczycki@google.com> > Cr-Commit-Position: refs/heads/master@{#62250} TBR: yangguo@chromium.org Bug: v8:7464 Change-Id: Id66e781be890c5ed03d066f8c62de703d5cb435e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1667415Reviewed-by: Dan Elphick <delphick@chromium.org> Commit-Queue: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#62302}
-
Yu Yin authored
Port: 7629afdb https://crrev.com/c/1520719 Original Commit Message: Allocate feedback vectors lazily when the function's interrupt budget has reached a specified threshold. This cl introduces a new field in the ClosureFeedbackCellArray to track the interrupt budget for allocating feedback vectors. Using the interrupt budget on the bytecode array could cause problems when there are closures across native contexts and we may delay allocating feedback vectors in one of them causing unexpected performance cliffs. In the long term we may want to remove interrupt budget from bytecode array and use context specific budget for tiering up decisions as well. Change-Id: Icddceec22df3dad7861a30f0190397db130db10d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669116Reviewed-by: Mythri Alle <mythria@chromium.org> Commit-Queue: Yu Yin <xwafish@gmail.com> Cr-Commit-Position: refs/heads/master@{#62301}
-
v8-ci-autoroll-builder authored
Rolling v8/test/wasm-js/data: https://chromium.googlesource.com/external/github.com/WebAssembly/spec/+log/7940fa4..b568df7 [test] More inconsistent lengths (#1029) (Wanming Lin) https://chromium.googlesource.com/external/github.com/WebAssembly/spec/+/b568df7 [interpreter] Fix broken link (#1035) (Rikard Hjort) https://chromium.googlesource.com/external/github.com/WebAssembly/spec/+/8c8f5f1 TBR=ahaas@chromium.org,clemensh@chromium.org Change-Id: I66b322850497c17474a179c793e3aa834e2df1d3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1668769Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#62300}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/be684b6..7f6e669 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/764ec87..b1a3e41 TBR=machenbach@chromium.org,sergiyb@chromium.org,tmrts@chromium.org Change-Id: Ibbd0ce6b24afb23aef2d487e252ac2c841d14c0a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1668445Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#62299}
-
- 19 Jun, 2019 18 commits
-
-
Ng Zhi An authored
Bug: v8:6020 Change-Id: Ic33f698973edd8b6bcb8725cc86b4431374fb7b8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1666450 Auto-Submit: Zhi An Ng <zhin@chromium.org> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#62298}
-
Ben Smith authored
The debugger should be notified whenever a new Module is created so it displayed properly. Without this change, the Module is only displayed once, regardless of the number of times it is referenced (by other Workers, say). That is potentially reasonable behavior, but it doesn't match the way JavaScript does it. With this change, the debugger will display the sources like this: ``` ▼ top
▶ localhost ▼ wasm ▼ wasm-82570336 wasm-82570336-0 ▼ worker.js▶ localhost ▼ wasm▶ wasm-82570336 ``` Change-Id: I61177e8a07e36ea8e2234aa25e75b1489c9da95f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1666616Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Ben Smith <binji@chromium.org> Cr-Commit-Position: refs/heads/master@{#62297} -
Daniel Clark authored
Introduce SourceTextModule as a subclass of Module. Move all the JavaScript-module-specific code down from Module to SourceTextModule, with all code applicable to other future module types remaining in Module. With this change, Module is roughly equivalent to the spec's Abstract Module Record and SourceTextModule is roughly equivalent to Source Text Module Record. Bug: v8:9292 Change-Id: I6e9cd3ece9d0c1da57e52f8af8ed5848d87dd22d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1633154 Commit-Queue: Dan Clark <daniec@microsoft.com> Reviewed-by: Adam Klein <adamk@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#62296}
-
Adam Klein authored
This reverts commit 93b6c866. Reason for revert: Breaks on nosnap debug: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20nosnap%20-%20debug/24470 Original change's description: > [csa] add hint to CAST error message to break in mksnapshot > > Change-Id: I51a22de5d6367c38056ea91eface4f69f6651993 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664069 > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Michael Stanton <mvstanton@chromium.org> > Commit-Queue: Tobias Tebbi <tebbi@chromium.org> > Cr-Commit-Position: refs/heads/master@{#62274} TBR=ulan@chromium.org,mvstanton@chromium.org,tebbi@chromium.org Change-Id: I778b3a2c79776575efc8de43cf25e19ae301fca9 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1667484Reviewed-by: Adam Klein <adamk@chromium.org> Commit-Queue: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#62295}
-
Dan Elphick authored
This reverts commit ccf0d802. Reason for revert: Breaks https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20debug/26472 Original change's description: > Reland "Enable lazy source positions by default" > > This is a reland of 69fafb5f > after fixing the in crash with > https://chromium-review.googlesource.com/c/v8/v8/+/1664334 > > Original change's description: > > Enable lazy source positions by default > > > > Also adds a compile time flag which allows the default to be configured > > so node can disable it since it hangs the node cpu profiler tests. > > > > Bug: v8:8510 > > Change-Id: Idf4785036dc6242769410091518a67ac9179b718 > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1491491 > > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> > > Commit-Queue: Dan Elphick <delphick@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#62089} > > Bug: v8:8510 > Change-Id: I81b36dbba3cc7b9a99dc5cc4ea72040fabfec97e > Cq-Include-Trybots: luci.v8.try:v8_linux_gc_stress_dbg,v8_linux64_gc_stress_custom_snapshot_dbg_ng > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1660484 > Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> > Auto-Submit: Dan Elphick <delphick@chromium.org> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> > Cr-Commit-Position: refs/heads/master@{#62288} TBR=rmcilroy@chromium.org,delphick@chromium.org Change-Id: Icbe93550850f79d1c29bed3e8084676c453cdf06 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:8510 Cq-Include-Trybots: luci.v8.try:v8_linux_gc_stress_dbg, v8_linux64_gc_stress_custom_snapshot_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1667419Reviewed-by: Dan Elphick <delphick@chromium.org> Commit-Queue: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#62294}
-
Tobias Tebbi authored
This disallows using CSA macros from Torque that have a Node* return type instead of TNode<>. By enforcing CSA types at the boundary between CSA and Torque, we can ensure that the Torque types and the CSA types match. As a drive-by, this CL adds a bit more of CSA typing where it made sense. Bug: v8:7793, v8:6949 Change-Id: I12ea0337c628105ea3c420be747ae50d3a172547 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1660481 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#62293}
-
Joyee Cheung authored
This patch implements the access of private methods: - When building property loads, check whether it requires a brand check. If so, build the brand check and load the property (the method) from the context instead. - Throw type errors when there is an attempted write to private methods. Design: https://docs.google.com/document/d/1T-Ql6HOIH2U_8YjWkwK2rTfywwb7b3Qe8d3jkz72KwA/edit# Bug: v8:8330 Change-Id: Ic917d2a0030196c1940b0c0ba65a340af736c769 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1610383 Commit-Queue: Joyee Cheung <joyee@igalia.com> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#62292}
-
Igor Sheludko authored
... and add i::GetIsolateFromHeapObject(HeapObject, Isolate*) and i::IsReadOnlyHeapObject(HeapObject) instead. Previously the removed function was also used for checking if given heap object is a read only object. But if pointer compression is enabled the i::GetIsolateFromHeapObject() will succeed for both read only and writable heap objects. Bug: v8:9379, v8:7703 Change-Id: Ib0a9babafe32f43716dac70620b51657dfb97d7c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1667416Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#62291}
-
Maciej Goszczycki authored
Prevents potential double free if ReleaseAllocatedMemoryNeededForWritableChunk were to be called twice. Change-Id: I97f0b3e6a279297faa37d541b81f465fec68b894 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1667414Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Maciej Goszczycki <goszczycki@google.com> Cr-Commit-Position: refs/heads/master@{#62290}
-
Leszek Swirski authored
The map in the cache is the LHS, not the RHS. Change-Id: Idf6b4fafc8c62aea5b8f5f55258241939cf9829d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1667410Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#62289}
-
Dan Elphick authored
This is a reland of 69fafb5f after fixing the in crash with https://chromium-review.googlesource.com/c/v8/v8/+/1664334 Original change's description: > Enable lazy source positions by default > > Also adds a compile time flag which allows the default to be configured > so node can disable it since it hangs the node cpu profiler tests. > > Bug: v8:8510 > Change-Id: Idf4785036dc6242769410091518a67ac9179b718 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1491491 > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> > Commit-Queue: Dan Elphick <delphick@chromium.org> > Cr-Commit-Position: refs/heads/master@{#62089} Bug: v8:8510 Change-Id: I81b36dbba3cc7b9a99dc5cc4ea72040fabfec97e Cq-Include-Trybots: luci.v8.try:v8_linux_gc_stress_dbg,v8_linux64_gc_stress_custom_snapshot_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1660484 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Auto-Submit: Dan Elphick <delphick@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#62288}
-
Dan Elphick authored
Fix JSSegmentIterator::Create getting the unicode string as a raw object pointer and then performing memory allocation which then invalidates it. This changes SetTextToBreakIterator to return a handle instead. Bug: v8:6891 Change-Id: I57e175b31e78a074a0b3c5a8fc26b4af05b4a752 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1667409 Commit-Queue: Dan Elphick <delphick@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Auto-Submit: Dan Elphick <delphick@chromium.org> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#62287}
-
Leszek Swirski authored
Now that fields are always in the same order as descriptors, we can change the property scan during NextFreePropertyIndex into a faster reverse search that simply tries to find the last field. Change-Id: I24d0781cd7d7c5b15998c35f281be69cd492d5ee Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1667402Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#62286}
-
Darius Mercadier authored
This flag will be useful to analyze (and then improve) fragmentation and compaction. Bug: v8:9329 Change-Id: Ie3c5b618fa5717277cf2b9617e2d8f9dc2138056 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664333Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Darius Mercadier <dmercadier@google.com> Cr-Commit-Position: refs/heads/master@{#62285}
-
Leszek Swirski authored
Change-Id: Ie38c77aafbe75f61fc568f1013ca5815d6750364 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662289 Auto-Submit: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#62284}
-
Igor Sheludko authored
... to prepare for merging this back to stable chanel. Bug: chromium:972921 Change-Id: I04ced1c81b5f8730014ecee8935799fccc377a49 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1667006 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#62283}
-
Leszek Swirski authored
A class's fields can appear twice in the class AST, via the properties array and the synthetised initializer method. This means that the reindexer can end up visiting the same function literal twice, since the T in AST is no longer a T but rather a DAG. Now, we special case the class visitor in the reindexer to avoid these double visits where appropriate. We know what kinds of fields can be double visisted, so we don't need a visited set, but we now also have one for debug builds to verify that each function is visited exactly once. Bug: chromium:974627 Change-Id: Ib531becc6e3f3c73f420b5fb49790fe4a2022d65 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1667003Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#62282}
-
Igor Sheludko authored
Bug: chromium:974086 Change-Id: Id5a8db8c921958bfdb0b1ec8b1a50edaef6c5acf Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1667007Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#62281}
-