- 17 Jun, 2022 7 commits
-
-
Tobias Tebbi authored
In addition to checking that a node is owned, CanCover() also needs to check if there are any side-effects in between the current node and the merged node. When merging inputs of inputs, this check was done with the wrong side-effect level of the in-between node. We partially fixed this before with `CanCoverTransitively`. This CL addresses the issue by always comparing to the side-effect level of the node from which we started, making `CanCoverTransitively` superfluous. Bug: chromium:1336869 Change-Id: I78479b32461ede81138f8b5d48d60058cfb5fa0a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3707277Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/main@{#81217}
-
Samuel Groß authored
Drive-by: include the right header in sandboxed-pointer-inl.h and fix missing sandbox initialization in generate-bytecode-expectations.cc. Bug: v8:10391 Change-Id: Ic39ba04b7c98eaa58ea3943189c23b297f581f5a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3630082Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Cr-Commit-Position: refs/heads/main@{#81216}
-
JianxiaoLuIntel authored
Change-Id: I9d135e2add4f6ae7b0b19b97081ec40096ff75b2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3708026Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Jianxiao Lu <jianxiao.lu@intel.com> Cr-Commit-Position: refs/heads/main@{#81215}
-
Clemens Backes authored
This enables the --freeze-flags-after-init flag globally. Note that tests, fuzzers, Node and other still explicitly disable the flag. The chrome renderer process and default d8 execution will have it enabled though. R=cbruni@chromium.org Bug: v8:12887 Change-Id: I9a15ef64227e5e6e04779d8d671a2c50d99c9097 Cq-Include-Trybots: luci.v8.try:v8_linux_blink_rel Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695264Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#81214}
-
Michael Lippautz authored
This reverts commit 8325f86d. Reason for revert: Speculative revert for chromium:1336850. Original change's description: > [heap] Sweep code pages on the background thread > > We already make code pages writable & executable for concurrent > Sparkplug. We can use the same mechanism for sweeping of code pages on > the background thread, instead of scheduling incremental tasks on the > main thread. This allows us to remove almost all special > handling for code pages in the sweeper and allows us to off-load more > work from the main thread. > > Bug: v8:12967 > Change-Id: Idb8e9f8e2eadbec26a386f2de683a80087f671f3 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695557 > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> > Cr-Commit-Position: refs/heads/main@{#81139} Bug: v8:12967, chromium:1336850 Change-Id: I1fb775892c2679984221efa7ceb682800c88cb2f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3707274 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Cr-Commit-Position: refs/heads/main@{#81213}
-
Frank Tang authored
Also add AOs: ToTemporalRoundingMode, ToSmallestTemporalUnit, ToTemporalRoundingIncrement, RoundHalfAwayFromZero, RoundNumberToIncrement, RoundTemporalInstant Spec Text: https://tc39.es/proposal-temporal/#sec-temporal.instant.prototype.round https://tc39.es/proposal-temporal/#sec-temporal-totemporalroundingmode https://tc39.es/proposal-temporal/#sec-temporal-tosmallesttemporalunit https://tc39.es/proposal-temporal/#sec-temporal-totemporalroundingincrement https://tc39.es/proposal-temporal/#sec-temporal-roundhalfawayfromzero https://tc39.es/proposal-temporal/#sec-temporal-roundnumbertoincrement https://tc39.es/proposal-temporal/#sec-temporal-roundtemporalinstant Bug: v8:11544 Change-Id: I37750f166e6b5597db16574d2ce4d5f92065a7b0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3566671 Commit-Queue: Frank Tang <ftang@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/main@{#81212}
-
Adam Klein authored
This reverts commit 035ba1d8. Reason for revert: fails on Blink Linux Debug bots: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Blink%20Linux%20Debug/14932/overview Original change's description: > [wasm] Use the API callback to resolve the wasm result promise > > This CL switches resolving and rejecting the wasm result promise from > the V8-internal API to the external API added in > https://chromium-review.googlesource.com/c/v8/v8/+/3695584. > > This CL can land once Chrome provided an implementation of the callback. > > R=jkummerow@chromium.org > > Bug: v8:12953 > Change-Id: I3ca395594b4e7b5018fdcdac8c215dd4d6bf8de0 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695589 > Commit-Queue: Andreas Haas <ahaas@chromium.org> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> > Cr-Commit-Position: refs/heads/main@{#81206} Bug: v8:12953 Change-Id: I35f85d056e2c9063f5b1280c7a3e96a20d67fcad No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3709409 Auto-Submit: Adam Klein <adamk@chromium.org> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#81211}
-
- 16 Jun, 2022 8 commits
-
-
Andreas Haas authored
This reverts commit be41754f. Reason for revert: This change breaks the GCC component build (e.g. https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20gcc%20-%20debug%20builder/1997/overview) Original change's description: > [wasm] Deprecate WasmModuleObjectBuilderSteraming > > This class is just dead code. > > Bug: v8:12926 > Change-Id: Ic780c0b1bf5b1e517aa919b820fad4ec083d9ef7 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3689581 > Reviewed-by: Adam Klein <adamk@chromium.org> > Commit-Queue: Andreas Haas <ahaas@chromium.org> > Cr-Commit-Position: refs/heads/main@{#81169} Bug: v8:12926 Change-Id: I8ef0dbd6ebaac0cbcc752338b7bfdf6049e6874c No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3707219 Owners-Override: Adam Klein <adamk@chromium.org> Auto-Submit: Andreas Haas <ahaas@chromium.org> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Commit-Queue: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/main@{#81210}
-
Junliang Yan authored
Change-Id: I8776f1a77a809dc21797dbc1673539780249cf00 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3708481 Commit-Queue: Junliang Yan <junyan@redhat.com> Reviewed-by: Milad Farazmand <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/main@{#81209}
-
Thibaud Michaud authored
Exceptions should propagate inside the logical stack, which can consist of multiple wasm stack segments. When the outermost frame of the current segment is reached, pick up the parent stack and continue the search from there, and update the state to reflect the implicit stack switch. Drive-by: cleanups. R=ahaas@chromium.org CC=fgm@chromium.org Bug: v8:12191, v8:12960 Change-Id: Ia5cb39a6ae197fb68e635f986952419dc43c7b98 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695376Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/main@{#81208}
-
Milad Fa authored
Fixing build with `v8_enable_webassembly = false`. Change-Id: Ib69e3f462f6fe9122707d1b3260262bbb83f5399 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3708474 Commit-Queue: Milad Farazmand <mfarazma@redhat.com> Reviewed-by: Junliang Yan <junyan@redhat.com> Cr-Commit-Position: refs/heads/main@{#81207}
-
Andreas Haas authored
This CL switches resolving and rejecting the wasm result promise from the V8-internal API to the external API added in https://chromium-review.googlesource.com/c/v8/v8/+/3695584. This CL can land once Chrome provided an implementation of the callback. R=jkummerow@chromium.org Bug: v8:12953 Change-Id: I3ca395594b4e7b5018fdcdac8c215dd4d6bf8de0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695589 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/main@{#81206}
-
Manos Koukoutos authored
Bug: v8:7748 Change-Id: Ib3b1d99107ad2a9c703e9dc546b522e208204d1c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3702443 Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/main@{#81205}
-
Manos Koukoutos authored
Changes: - Rename InitExpression -> ConstantExpression in places which reference the ConstantExpression type. - Move ConstantExpression to its own file, along with ValueOrError and EvaluateConstantExpression. Change-Id: Ife572d783531216b6ea3d2626e4fbf4048463253 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3702798Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/main@{#81204}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/4be7c7b..7e8d64b Rolling v8/buildtools/linux64: git_revision:2ecd43a10266bd091c98e6dcde507c64f6a0dad3..git_revision:e62d4e1938a45babc9afb6db543f388cd1802a52 Rolling v8/buildtools/third_party/libc++/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxx/+log/b126981..1a63708 Rolling v8/buildtools/third_party/libc++abi/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxxabi/+log/013bcd8..2dba7d2 Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/d854027..0eef537 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/b603090..c5c4853 Rolling v8/third_party/fuchsia-sdk/sdk: version:8.20220613.2.1..version:8.20220614.2.1 Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/30892fa..aab5788 R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com Change-Id: I97d4ae83dccc42a36734fd2ae3b047632fac8be6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3708478 Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#81203}
-
- 15 Jun, 2022 25 commits
-
-
Adam Klein authored
Bug: v8:12912 Change-Id: Ibfd8d29660ee55fa1d4cd0cac76942826ea541fc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3708852 Auto-Submit: Adam Klein <adamk@chromium.org> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#81202}
-
Adam Klein authored
This is useful for cases where we're calling a Maybe-returning function only for its side effects and possible exception-throwing. Change-Id: I64e73598d40b3565d83cb17166c762d8affd7a84 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3708022Reviewed-by: Shu-yu Guo <syg@chromium.org> Commit-Queue: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/main@{#81201}
-
Frank Tang authored
Also implement AOs: ParseTemporalZonedDateTimeString, ToTemporalZonedDateTime Spec Text: https://tc39.es/proposal-temporal/#sec-temporal.zoneddatetime.from https://tc39.es/proposal-temporal/#sec-temporal-parsetemporalzoneddatetimestring https://tc39.es/proposal-temporal/#sec-temporal-totemporalzoneddatetime Sync ToTemporalOffset and ToTemporalDisambiguation to latest spec to take undefined. https://tc39.es/proposal-temporal/#sec-temporal-totemporaloffset https://tc39.es/proposal-temporal/#sec-temporal-totemporaldisambiguation Bug: v8:11544 Change-Id: I4137725155201b025066538ce337f6ae4749dc5e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3699684 Commit-Queue: Frank Tang <ftang@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/main@{#81200}
-
Frank Tang authored
https://github.com/tc39/proposal-intl-numberformat-v3/pull/85 Also add test to show the problem while using numberingSystem with formatRange Bug: v8:12977, v8:10776 Change-Id: I09845b6f04994dc84b9a21e272d39d785db3317a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3708020 Commit-Queue: Frank Tang <ftang@chromium.org> Reviewed-by: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/main@{#81199}
-
Frank Tang authored
Stage 3 proposal flag --harmony-intl-number-format-v3 Spec: https://github.com/tc39/proposal-intl-numberformat-v3 R2T: https://groups.google.com/a/chromium.org/g/blink-dev/c/vy6rCuh3r_0/m/1Q2FHx9hBAAJ Design Doc: https://docs.google.com/document/d/19jAogPBb6W4Samt8NWGZKu47iv0_KoQhBvLgQH3xvr8/edit https://docs.google.com/document/d/14zxGub6Os6nARzH6XstOZX05w2537sZo_ZSSlGjGpBM/edit#heading=h.86ckkob9p59r https://chromestatus.com/feature/5707621009981440 Bug: v8:10776 Change-Id: I81d0385b09c283628c7c36096d26e07a817888a1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3703471Reviewed-by: Shu-yu Guo <syg@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/main@{#81198}
-
Adam Klein authored
Extend V8_OS_LINUX ifdef guards to surround PrintToStderr() helper. Change-Id: Ia27d532eef60aa162b99c6989b1312515a038110 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3708021 Commit-Queue: Adam Klein <adamk@chromium.org> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Cr-Commit-Position: refs/heads/main@{#81197}
-
Manos Koukoutos authored
This is a reland of commit 76a07814 Changes compared to original: - Add WasmArray::SetTaggedElement, which uses write barriers. - In Factory::NewWasmArrayFromElementSegment, the new array may have moved to OldSpace until it is initialized. Therefore, it needs write barriers; use the new method for that. - Small readability improvements. Original change's description: > [wasm-gc] Implement array.init_from_elem > > Bug: v8:7748 > Change-Id: I65dbb496302045820063bd0f4f9ea054e6a645bd > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695580 > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> > Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> > Cr-Commit-Position: refs/heads/main@{#81128} Bug: v8:7748 Change-Id: Ic5def1886f662bddce72b8eaea274eb5e8ec0c68 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3704513Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/main@{#81196}
-
Toon Verwaest authored
This moves constant nodes to separate data structures on the graph so they can be looked up there. Graph processors walk the constants before walking other nodes. Bug: v8:7700 Change-Id: Id4bec2c2a26011dcacf3355fe17d821451f79397 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3706625 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#81195}
-
Patrick Thier authored
In addition change DCHECKs to CHECKs in StringForwardingTable. The added CHECKs hopefully make it easier to reason about crashes on canary. Bug: chromium:1336516 Change-Id: I30bbabbc2a9186eaeac42c2963e7ae8dbb9fb527 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3707103Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Patrick Thier <pthier@chromium.org> Cr-Commit-Position: refs/heads/main@{#81194}
-
Seth Brenith authored
This is a partial reland of https://crrev.com/c/3597106 , except for the changes in compiler.cc, which are just the minimal possible changes to make the code compile. With this change, it is possible that a call to CompilationCache::LookupScript returns any of: 1. A Script and a toplevel SharedFunctionInfo (cache hit) 2. A Script but no toplevel SharedFunctionInfo (partial cache hit) 3. Nothing (cache miss) Bug: v8:12808 Change-Id: Id33a4cd0cb28562d6b862fbb113ea9d03f255b2b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3687425Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com> Cr-Commit-Position: refs/heads/main@{#81193}
-
Igor Sheludko authored
Namely the ones that might be locked for a second time by the sampling profiler while iterating the call stack. Bug: v8:12966 Change-Id: I081de804143e5ca4da4e2296919428b2c1bff1b0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3707105Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Auto-Submit: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/main@{#81192}
-
Samuel Groß authored
SIGABRT is harmless as it indicates a CHECK failure. Further, memory access violations at non-canonical addresses and memory permission violations should be ignored as well as they can legitimately be triggered from memory corruption inside the sandbox and are not directly exploitable. See code comments for more details. Bug: v8:12878 Change-Id: Idddd805f5d52c87f2b67a974716acd5d5abf11cf Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3707106Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Cr-Commit-Position: refs/heads/main@{#81191}
-
Samuel Groß authored
This is a reland of commit ae55e4d2 crrev.com/c/3706618 should fix the Android failures. Original change's description: > [sandbox] Enable sandboxed pointers on Android > > Bug: chromium:1218005 > Change-Id: Ie7c100193848544e661ee62f88be4601426a4e18 > Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3702251 > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Commit-Queue: Samuel Groß <saelo@chromium.org> > Cr-Commit-Position: refs/heads/main@{#81117} Bug: chromium:1218005 Change-Id: Ia6dbbd2c7629614391ea49f898b0784f39cf27f1 Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3702445Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Cr-Commit-Position: refs/heads/main@{#81190}
-
jameslahm authored
... ArrayBuffer and shared ArrayBuffer. Bug: v8:11525 Change-Id: I6b3f78d5cf6528123b40c49f2767ade2b6bfbed1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3706279 Commit-Queue: 王澳 <wangao.james@bytedance.com> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/main@{#81189}
-
Andy Wingo authored
Bug: v8:12868 Change-Id: I2f12858db1956a3b14b95341f1459df8abc03db0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3702797 Commit-Queue: Andy Wingo <wingo@igalia.com> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/main@{#81188}
-
Milad Fa authored
Currently getting the following errors: ``` error: suggest parentheses around comparison in operand of '!=' ``` Bug: v8:10776 Change-Id: I1c7e95470462efcc33f90bf015b37373472e32b6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3707653Reviewed-by: Shu-yu Guo <syg@chromium.org> Commit-Queue: Milad Farazmand <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/main@{#81187}
-
Junliang Yan authored
Change-Id: I10e917111acd7fd3eeaa92b2b38cf6e8b66ffeab Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3707655 Commit-Queue: Junliang Yan <junyan@redhat.com> Reviewed-by: Milad Farazmand <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/main@{#81186}
-
Camillo authored
Instead of doing multiple separate checks with branches, turn the name check into a single range check. This means that the symbols and strings for properties than can invalidate protectors need to be allocated consecutively in memory. Change-Id: Id3a2003534bab5ecf83393a60167f779d636fc4b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695360 Commit-Queue: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Anton Bikineev <bikineev@chromium.org> Cr-Commit-Position: refs/heads/main@{#81185}
-
Vasili Skurydzin authored
Related: https://chromium-review.googlesource.com/c/v8/v8/+/3696481 Change-Id: I5cfe4fc7dc6ece68aacf8afe5b069928243b0919 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3704900Reviewed-by: Milad Farazmand <mfarazma@redhat.com> Commit-Queue: Vasili Skurydzin <vasili.skurydzin@ibm.com> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#81184}
-
Leszek Swirski authored
This can happen in concurrent compilation, we should fall back to generic LoadGlobal when it's the case. Drive-by refactor the property cell load builder to return false on failure. Bug: v8:7700 Change-Id: Iad3fc4bc794e4ec8c4061f2dce1561c15593e215 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3706616Reviewed-by: Camillo Bruni <cbruni@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/main@{#81183}
-
Igor Sheludko authored
The CodeObjectSlot might contain Smi zero during CodeDataContainer/Code initialization. Bug: v8:11880, v8:12962 Change-Id: I5fba135dfa1786716f30d7c8cdad3052a967d894 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3707100 Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Auto-Submit: Igor Sheludko <ishell@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/main@{#81182}
-
jameslahm authored
... deoptimizer/deoptimization-unittest. Bug: v8:12781 Change-Id: I453d02f6ead59ee274af600197dedc01cb144a4e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3705237 Commit-Queue: 王澳 <wangao.james@bytedance.com> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#81181}
-
Anton Bikineev authored
The CL fixes PMF regressions that happend after increasing the AgeTable size. Bug: chromium:1336529 Change-Id: If1f099b43bfcb3a8c7dd4a1c229fcb08735eb744 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3707098Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Anton Bikineev <bikineev@chromium.org> Cr-Commit-Position: refs/heads/main@{#81180}
-
Clemens Backes authored
This CL explicitly disables the --freeze-flags-after-init flag for cases where we modify flags after initialization. This is only tests, fuzzers, and special options to d8, thus not security relevant. These should be the last blockers for enabling the flag globally. R=cbruni@chromium.org Bug: v8:12887 Change-Id: I1d8a03dcc20e524d30c967f6fe15f6401de77612 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3706619Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#81179}
-
Clemens Backes authored
Flags need to be set before initializing V8. R=cbruni@chromium.org Bug: v8:12887 Change-Id: Idb815a6a85ccb86c79d826da487a7bbc6fab7d1a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3707096 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/main@{#81178}
-