- 15 Sep, 2022 15 commits
-
-
Leszek Swirski authored
Cached template objects only need to be cached for reference identity comparisons. If there is no strong reference to the cached template object, then there's nothing to compare it against if it were to be loaded from the cache, so we can hold it in the cache weakly. Bug: v8:13190 Change-Id: I4a787eb33eab734fe9df6c424ff915d775fce70f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3898692 Auto-Submit: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/main@{#83220}
-
Clemens Backes authored
Avoid the deprecated FLAG_* syntax, access flag values via the {v8_flags} struct instead. R=thibaudm@chromium.org Bug: v8:12887 Change-Id: Id2f457a1c0056d5015e2f9983d4599582d7189cd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3876185Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#83219}
-
Seth Brenith authored
This test observes GC behavior and needs the garbage collector to work in a somewhat predictable way. Bug: v8:13286 Change-Id: I24e6a4f33a644b5f1845cd34558da03fc196f7e5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3898721 Commit-Queue: Seth Brenith <seth.brenith@microsoft.com> Reviewed-by: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/main@{#83218}
-
Clemens Backes authored
Avoid the deprecated FLAG_* syntax, access flag values via the {v8_flags} struct instead. R=mliedtke@chromium.org Bug: v8:12887 Change-Id: I36c66465e3b6c1b27c1825e50f17f4bc8557c426 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3898936Reviewed-by: Matthias Liedtke <mliedtke@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#83217}
-
Clemens Backes authored
Avoid the deprecated FLAG_* syntax, access flag values via the {v8_flags} struct instead. R=szuend@chromium.org Bug: v8:12887 Change-Id: I8123d18ae852807557bf26b1308e0061dc1ac123 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3898937Reviewed-by: Simon Zünd <szuend@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#83216}
-
Clemens Backes authored
Avoid the deprecated FLAG_* syntax, access flag values via the {v8_flags} struct instead. R=leszeks@chromium.org Bug: v8:12887 Change-Id: I45a24a6297153f279a060079c0ee318545df6817 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3898931Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#83215}
-
Clemens Backes authored
Avoid the deprecated FLAG_* syntax, access flag values via the {v8_flags} struct instead. R=jgruber@chromium.org Bug: v8:12887 Change-Id: I0454426c664e54e9b8c8b39f903eeca1a80d4bc2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3898933 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Jakob Linke <jgruber@chromium.org> Cr-Commit-Position: refs/heads/main@{#83214}
-
Jakob Linke authored
This reverts commit c66e6ea0. Reason for revert: fyi bots are green again. Original change's description: > Disable interrupt-budget-for-maglev flag > > Bug: v8:7700 > Change-Id: Ieff3e3b053f418e73699a208993c4d0771326522 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879614 > Auto-Submit: Almothana Athamneh <almuthanna@chromium.org> > Commit-Queue: Michael Achenbach <machenbach@chromium.org> > Reviewed-by: Michael Achenbach <machenbach@chromium.org> > Commit-Queue: Almothana Athamneh <almuthanna@chromium.org> > Cr-Commit-Position: refs/heads/main@{#83066} Bug: v8:7700 Change-Id: I5c09ba5f7b3dc7f67582bb2ed7b4c4451660c4c9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3898938Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Auto-Submit: Jakob Linke <jgruber@chromium.org> Cr-Commit-Position: refs/heads/main@{#83213}
-
Jakob Linke authored
The kContextRegister can alias allocated registers - when setting it, take care not to unintentionally clobber. Bug: v8:7700 Change-Id: I0635d334fb14fa15540582a4873d4186fffa2199 Fixed: chromium:1363450 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3897634 Auto-Submit: Jakob Linke <jgruber@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#83212}
-
Jakob Linke authored
.. in TryBuildMonomorphicLoadFromLoadHandler. If data1 is cleared, emit an unconditional eager deopt. Note all early-return paths must happen before any code is emitted. Bug: v8:7700 Change-Id: I00d5ff258cc88a0cb2423267b362c05540d09839 Fixed: chromium:1359714 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3898691Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Jakob Linke <jgruber@chromium.org> Cr-Commit-Position: refs/heads/main@{#83211}
-
Leszek Swirski authored
This can happen when we have a load from a double field of a value that canonicalises to a Smi, and we then use that Smi value in Smi-feedback arithmetic. Bug: v8:7700 Fixed: v8:13282 Change-Id: I6d8245b8393f7595c3442985087ebb8e806061eb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3890999 Auto-Submit: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Jakob Linke <jgruber@chromium.org> Cr-Commit-Position: refs/heads/main@{#83210}
-
Clemens Backes authored
Avoid the deprecated FLAG_* syntax, access flag values via the {v8_flags} struct instead. R=nicohartmann@chromium.org Bug: v8:12887 Change-Id: Ibdf60bd42ed577f367eee7da4de3a7e3dd6799e6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3871205Reviewed-by: Jakob Linke <jgruber@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#83209}
-
Clemens Backes authored
Running the libfuzzer fuzzers locally (with an experimental flag turned on) found crashes, but did not produce crash files because we were generating a software interrupt ("trap") instead of properly aborting. Disabling the "hard-abort" feature fixes that. This will hopefully not flush out previously missed crashes. If so, please do manually bisect across this CL, instead of assigning to me :) Drive-by: Move more initialization logic from {InitializeFuzzerSupport} to the {FuzzerSupport} constructor, where other similar work is performed. R=thibaudm@chromium.org, saelo@chromium.org Bug: v8:13283 Change-Id: Id8d4e92f5ab6bb27676adeae6b3b1eb042b8ba3e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3892061Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Reviewed-by: Samuel Groß <saelo@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#83208}
-
Jakob Linke authored
Temporaries and the allocated result register may alias, thus order is important when setting the result value. Fixed: TestUndetectable, LogicalNot, SetPendingMessage. Drive-by: Pass Label::kNear in a few spots I passed by. Bug: v8:7700 Change-Id: Ice3de1d1014ad05d8fa9fb18d967887386bfed0d Fixed: chromium:1359723 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3898530 Auto-Submit: Jakob Linke <jgruber@chromium.org> Commit-Queue: Jakob Linke <jgruber@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#83207}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/4157fb6..ccee528 Rolling v8/buildtools: https://chromium.googlesource.com/chromium/src/buildtools/+log/e713c13..040e851 Rolling v8/buildtools/linux64: git_revision:b4851eb2062f76a880c07f7fa0d12913beb6d79e..git_revision:fff29c1b3f9703ea449f720fe70fa73575ef24e5 Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/37391a1..0d1854a Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/9ebcfa6..5e4d749 Rolling v8/third_party/fuchsia-sdk/sdk: version:9.20220913.3.1..version:9.20220914.1.1 Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/02a202a..12149f2 R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com Change-Id: I4afeac189d64d4ef62599de14187f9bd2348ff5f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3897654 Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#83206}
-
- 14 Sep, 2022 25 commits
-
-
Frank Tang authored
Correct the call the the one which take the UTC based time instead of the one taking the local wall time. Bug: v8:11544 Change-Id: Ib288617e8f98b21865c306ca36cd905a3e5315bd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3892639 Commit-Queue: Frank Tang <ftang@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/main@{#83205}
-
Frank Tang authored
Sync with 2210 and 2240 https://github.com/tc39/proposal-temporal/pull/2210 https://github.com/tc39/proposal-temporal/pull/2400 Add AO: RoundNumberToIncrementAsIfPositive Change AO parameter: DifferenceInstant Spec: https://tc39.es/proposal-temporal/#sec-temporal-roundnumbertoincrementasifpositive https://tc39.es/proposal-temporal/#sec-temporal-roundtemporalinstant https://tc39.es/proposal-temporal/#sec-temporal-differenceinstant https://tc39.es/proposal-temporal/#sec-temporal-addduration https://tc39.es/proposal-temporal/#sec-temporal-differencetemporalinstant https://tc39.es/proposal-temporal/#sec-temporal-differencetemporalzoneddatetime Bug: v8:11544 Change-Id: I6b613bd19014d770852b9ba587278e714f9ac110 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3857451Reviewed-by: Adam Klein <adamk@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/main@{#83204}
-
Samuel Groß authored
Bug: v8:10391 Change-Id: I383e11bdccf6fcaf13f29d25e1404545067d313e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3891249Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Cr-Commit-Position: refs/heads/main@{#83203}
-
Seth Brenith authored
A couple of customers have asked about using devtools to get information about temporary allocations, with the goal of reducing GC time and/or peak memory usage. Currently, the sampling heap profiler reports only objects which are still alive at the end of the profiling session. In this change, I propose adding configuration options when starting the sampling heap profiler so that it can optionally include information about objects which were discarded by the GC before the end of the profiling session. A user could run the sampling heap profiler in several different modes depending on their goals: 1. To find memory leaks or determine which functions contribute most to steady-state memory consumption, the current default mode is best. 2. To find functions which cause large temporary memory spikes or large GC pauses, the user can request data about both live objects and those collected by major GC. 3. To tune for minimal GC activity in latency-sensitive applications like real-time audio processing, the user can request data about every allocation, including objects collected by major or minor GC. 4. I'm not sure why anybody would want data about objects collected by minor GC and not objects collected by major GC, but it's also a valid flags combination. Change-Id: If55d5965a1de04fed3ae640a02ca369723f64fdf Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3868522Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Simon Zünd <szuend@chromium.org> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com> Cr-Commit-Position: refs/heads/main@{#83202}
-
Samuel Groß authored
When regenerating v8heapconst.py, the v8 sandbox now has to be enabled explicitly (using the v8_enabe_sandbox=true gn arg) as it is enabled by default in Chromium builds, but not standalone v8 builds. Bug: v8:13281 Change-Id: I1a0861b1d63f340465d7433e042b27eace706ca7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3895622 Commit-Queue: Adam Klein <adamk@chromium.org> Auto-Submit: Samuel Groß <saelo@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/main@{#83201}
-
Milad Fa authored
Change-Id: Id691009bddafdbb5a53c234fe00995b6e0733586 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3893417 Commit-Queue: Milad Farazmand <mfarazma@redhat.com> Reviewed-by: Junliang Yan <junyan@redhat.com> Cr-Commit-Position: refs/heads/main@{#83200}
-
Simon Zünd authored
We count the calls to `createTask` to track adoption. Chromium CL: https://crrev.com/c/3894138 R=kimanh@chromium.org Bug: chromium:1334585 Change-Id: I091f738e5b0dfdbb5843cda09eed7d3f906ea681 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3892783 Commit-Queue: Simon Zünd <szuend@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Kim-Anh Tran <kimanh@chromium.org> Cr-Commit-Position: refs/heads/main@{#83199}
-
Junliang Yan authored
JumpIfTagged access the stack for 4 byte compressed ptrs so we need to add stack bias for that for big endian Change-Id: Ifefa56018cf4ddccb337704775b38937e47ac3ed Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3893419Reviewed-by: Milad Farazmand <mfarazma@redhat.com> Commit-Queue: Junliang Yan <junyan@redhat.com> Cr-Commit-Position: refs/heads/main@{#83198}
-
Leszek Swirski authored
Check whether the exception phi for the accumulator (i.e. the exception message object) is dead, and don't assign rax to it if yes. Note that maglev node liveness can differ from bytecode liveness, since the bytecode accumulator could have been considered "live" just because of a move to a (dead) register. Bug: v8:7700 Change-Id: If1384284f6f55a565e2ae94e5e7a32455fdedb93 Fixed: chromium:1359382 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3892353 Auto-Submit: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Jakob Linke <jgruber@chromium.org> Commit-Queue: Jakob Linke <jgruber@chromium.org> Cr-Commit-Position: refs/heads/main@{#83197}
-
Leszek Swirski authored
Bug: v8:7700 Change-Id: I0eaf1ffaaa2d759226b675b367a58bc0ea9a5da2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3895813Reviewed-by: Jakob Linke <jgruber@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Jakob Linke <jgruber@chromium.org> Cr-Commit-Position: refs/heads/main@{#83196}
-
Leszek Swirski authored
Use Script as the key for the template object cache, instead of the SharedFunctionInfo. This is because SharedFunctionInfos can be garbage collected and then later recompiled, which would mean that we break the spec's expectation that the template object stays constant. Now the association of cached template object with SharedFunctionInfo is via the function_literal_id of the SharedFunctionInfo, stored on the CachedTemplateObject. These are linearly searched, similar to the linear search over slot ids. Bug: v8:13190 Change-Id: I3f67811c16ea4cd39c99b2fa034aa7e1f03c171e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3892787Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#83195}
-
Michael Achenbach authored
This reverts commit 10756bea. Reason for revert: Test failures on GPU and other Chromium bots: https://ci.chromium.org/ui/p/v8/builders/ci/Linux%20V8%20FYI%20Release%20(NVIDIA)/21271/overview https://luci-milo.appspot.com/ui/inv/build-8803047917676096065/test-results?q=V8MemoryDumpProviderTest.DumpGlobalHandlesSize Original change's description: > [heap] Add shared spaces for --shared-space > > This CL adds shared spaces for regular and large objects in the shared > space isolate. Spaces aren't used for allocation yet. > > Bug: v8:13267 > Change-Id: If508144530f4c9a1b3c0567570165955b64cc200 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3876824 > Reviewed-by: Jakob Linke <jgruber@chromium.org> > Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Cr-Commit-Position: refs/heads/main@{#83178} Bug: v8:13267 Change-Id: Iefa01243ae8bebaba5cda8426a5aa0f4fd306bf3 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3892788 Owners-Override: Michael Achenbach <machenbach@chromium.org> Auto-Submit: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#83194}
-
Samuel Groß authored
This struct represents the freelist of an ExternalPointerTable and contains both the size and the head of the freelist. It is encoded and stored as a single Atomic64 field (freelist_) inside the ExternalPointerTable class. This ensures that the freelist head and size are always synchronized. Previously, the freelist size was encoded in freelist entries in the top bits. This only works as long as the maximum table size is relatively small however, as it requires both the freelist size and the index of the next entry on the list to fit into 24 bits. To allow for bigger maximum table sizes in the future, this CL moves the freelist size directly into the table as part of the freelist_ field. Bug: v8:10391 Change-Id: Id09c9b28d09d79b704ac47e6566029cfb209ecd1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3891256 Commit-Queue: Samuel Groß <saelo@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/main@{#83193}
-
Michael Achenbach authored
This reverts commit 6d342fa5. Reason for revert: Needed to land: https://crrev.com/c/3892788 Original change's description: > [heap] Use std::unique_ptr for space_ array > > Document ownership with using std::unique_ptr<Space> for the space_ > array. > > Bug: v8:13267 > Change-Id: I12861d97cd52d2a8cf9ceb43a2f90008be87b2a3 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3890913 > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> > Cr-Commit-Position: refs/heads/main@{#83187} Bug: v8:13267 Change-Id: Ieeb29454e146ee763130c0031af3f7a48b4eec94 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3895811 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Owners-Override: Michael Achenbach <machenbach@chromium.org> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Auto-Submit: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/main@{#83192}
-
Omer Katz authored
This reverts commit 7c64e5b4. Reason for revert: MinorMC passes all CQ bots again (crrev.com/c/3872266) Original change's description: > [heap] Remove MinorMC variant from bots > > As part of revising MinorMC, it would soon be broken and bots should > not be red because of it. > > Bug: v8:12612 > Change-Id: I0551d0a115ac2f4fa7fc32190458850f80b84cf5 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810353 > Commit-Queue: Omer Katz <omerkatz@chromium.org> > Reviewed-by: Almothana Athamneh <almuthanna@chromium.org> > Cr-Commit-Position: refs/heads/main@{#82197} Bug: v8:12612 Change-Id: I4a08f79efc3b5fc133a0a920a11d2af559b5bf4f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885890 Commit-Queue: Omer Katz <omerkatz@chromium.org> Reviewed-by: Almothana Athamneh <almuthanna@chromium.org> Cr-Commit-Position: refs/heads/main@{#83191}
-
Omer Katz authored
Based on bots and local testing, MinorMC has reached a stable state in terms of correctness. Enable fuzzing with MinorMC to flush out additional issues. Bug: v8:12612 Change-Id: I9cf8c5791d7256ff63c777b295863506436ee165 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3872265Reviewed-by: Almothana Athamneh <almuthanna@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/main@{#83190}
-
Jose Dapena Paz authored
Fix build error: ../../v8/src/wasm/module-compiler.cc:147:10: error: ‘unique_lock’ is not a member of ‘std’ 147 | std::unique_lock<std::shared_mutex> queues_guard{queues_mutex_}; | ^~~~~~~~~~~ Bug: chromium:957519 Change-Id: I0d14730d5b8dd76820fcc0a47d66ab0bd3e38f24 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3880498 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/main@{#83189}
-
Michael Achenbach authored
The numfuzz fuzzer.py has a loop to send a new test after receiving a result. When all test processors go into stopped state, attempts of sending new tests return False. That case wasn't handled here and we kept looping forever. Bug: v8:13113 Change-Id: Ief2686614d9703fb590400ac3e73b6ac9008c8f6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3891373Reviewed-by: Alexander Schulze <alexschulze@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/main@{#83188}
-
Dominik Inführ authored
Document ownership with using std::unique_ptr<Space> for the space_ array. Bug: v8:13267 Change-Id: I12861d97cd52d2a8cf9ceb43a2f90008be87b2a3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3890913Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/main@{#83187}
-
Omer Katz authored
SimulateFullSpace starts with no LAB, iterates over pages and allocates all free space on each page. After the first page, the LAB is empty but is no longer null. Bug: v8:12612 Change-Id: I2c00b9ba68fdd5f60eda086ea940cb6e211a986e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3891294 Commit-Queue: Omer Katz <omerkatz@chromium.org> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/main@{#83186}
-
Tobias Tebbi authored
Change-Id: I2a35ae0d07bcd5c570bcaae8ae6ef886a5b5e926 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3852484Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/main@{#83185}
-
Thibaud Michaud authored
During a stack switch, the stack state is temporarily inconsistent when the old stack is marked as "inactive" and the new stack is not yet marked as "active". Ensure that the WasmAllocateSuspender runtime function is not called in an inconsistent state. It can trigger a GC, and we need a consistent state to iterate the roots. Wait until the end of the function to mark the current stack as "inactive", so that it is still marked as "active" when it is potentially visited. R=clemensb@chromium.org Bug: v8:13272 Change-Id: I65fe76c3d222d9fa47d17b66069443ceabba47ad Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3890919Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/main@{#83184}
-
Manos Koukoutos authored
Before, import and export wrappers were cached based on their signature. This change - makes wrapper canonicalization consistent with that of types and call_indirect signatures under --wasm-type-canonicalization, - removes the last uses of signature maps, which will enable us to remove them in a future CL. Change-Id: I512bc234f0ae10e50bd94237e8e675ca47ed13c5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3891250 Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/main@{#83183}
-
Greg Thompson authored
Bug: chromium:1092804 Change-Id: I9f4385d00af464eb2b9251b7c1dcfe0d4b69cdf2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3891279 Auto-Submit: Greg Thompson <grt@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/main@{#83182}
-
Jakob Linke authored
Ignition remembers the correct context to restore when entering an exception handler by moving the context to an interpreter register when entering a try block, and restoring it from there when unwinding the frame and entering the catch block. Maglev code has to do the same by taking the context from the appropriate register for the handler's frame state. Bug: v8:7700 Change-Id: I294fcccc845c660b2289b6d7b40f49f1aa46283d Fixed: chromium:1359928 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3892352Reviewed-by: Leszek Swirski <leszeks@chromium.org> Auto-Submit: Jakob Linke <jgruber@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#83181}
-