- 11 Feb, 2022 5 commits
-
-
Greg Thompson authored
Bug: chromium:1296220 Change-Id: I8af141dc61a7abb31b460c5e43248aaef29aaf84 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3455423 Auto-Submit: Greg Thompson <grt@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/main@{#79045}
-
Michael Lippautz authored
The flag has been turned on for a long time and we do not intend to support a mode without young LO objects. A side effect is that it removes a branch in AllocateRaw for the young generation. Drive-by: Reinstantiate the LO space verifier checking that only certain types can appear as large objects. Bug: v8:12615 Change-Id: I8c33019a04670f20459ea2faa9dc2f98b8cda40b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3450420Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#79044}
-
Nikolaos Papaspyrou authored
This CL fixes a bug in the tracing of full GC cycles that was introduced by https://crrev.com/3432211. In doing so, it refactors the tracing of cycles by introducing an explicit state in GC tracing events, which follows the phase within the GC cycle as perceived by the tracer. Two new methods, (Start|Stop)AtomicPause are introduced; together with (Start|Stop)Cycle they mark the state transitions. The existing methods (Start|Stop)ObservablePause are now disentangled from cycles and state transitions. Bug: v8:12503 Bug: chromium:1154636 Change-Id: Ie4b863bc27f81dd6858103a8988874d89e6e8517 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3440663Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org> Cr-Commit-Position: refs/heads/main@{#79043}
-
Dominik Inführ authored
Now that the map space gets compacted as well, we want to sort pages for that space when starting sweeping as well. Bug: v8:12578 Change-Id: I8f25fb05f311d70697d2f7154bd428b4c3e56c13 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3455142 Auto-Submit: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#79042}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/96cf77d..3408ba5 Rolling v8/buildtools/third_party/libc++abi/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxxabi/+log/53a6cf1..c69bde2 Rolling v8/buildtools/third_party/libunwind/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libunwind/+log/107cd56..2b08f99 Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/954eec7..7b5325d Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/ff8a62f..54e30e7 Rolling v8/third_party/googletest/src: https://chromium.googlesource.com/external/github.com/google/googletest/+log/06519ce..0e40217 Rolling v8/third_party/zlib: https://chromium.googlesource.com/chromium/src/third_party/zlib/+log/14f4303..dd9a133 Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/c7ca87f..b9894ca R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com Change-Id: I8d36950dab4270407ee2c6e460f953f1a7c40a87 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3453628 Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#79041}
-
- 10 Feb, 2022 22 commits
-
-
Dominik Inführ authored
Scavenger can promote objects into the shared heap. Since the scavenger might also run while incremental marking is on, the promoted object could already be stored in the marking worklist. When updating the worklist after the scavenger, we need to remove entries with objects promoted into the shared heap. Bug: v8:11708, v8:12582 Change-Id: I4ccad74d23de7921e02adcdb04d2b4e46d9b3a4d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3452115Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/main@{#79040}
-
Dominik Inführ authored
ExternalStrings in the shared heap currently conflicts with the sandbox project. We would need concurrent concurrent allocation in the external pointer table but also require different accessors for them. Since the shared string table doesn't really need ExternalStrings in the shared heap for now, simply keep ExternalStrings in the client heaps. Bug: v8:11708, v8:12617 Change-Id: I272e40eaec4b7f368ce44f42f7f69bf27d53f9c7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3451717Reviewed-by: Shu-yu Guo <syg@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/main@{#79039}
-
Michael Lippautz authored
The previous CLs stealth-fixed an issue where we wouldn't receive MoveEvent's even if FLAG_fuzzer_gc_analysis was true. The fix uncovered a data race which is fixed here. Bug: v8:12615 Change-Id: I646dc31918d6ebe717716290375e12eac562b4b8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3452030Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#79038}
-
Samuel Groß authored
With external code space and background compilation, external pointer table entries are now allocated on background threads. For this to work properly, the implementation must be atomic. As atomic operations are not currently available in CSA, the fast path in CSA::InitializeExternalPointerField has been removed for now. Bug: v8:10391 Change-Id: I1119a9b5f97bc8d5f48de6872b62b9ddf001e9ce Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3448381Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Cr-Commit-Position: refs/heads/main@{#79037}
-
Omer Katz authored
The build flag is on by default and the actual functionality is guarded by a runtime flag. Bug: v8:12612 Change-Id: I6adbd5b766f502400af32eeeb035edca3a3606ef Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3448383Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/main@{#79036}
-
Manos Koukoutos authored
Avoid killing the whole mutable state in the following two cases: - When we encounter a mutable object store operation, we can only kill the respective object/field pair in the mutable state. - When we encounter an immutable initialization operation, we do not have to modify the state. A DCHECK ensures we do not initialize the same field twice. Drive-by: Avoid zone-allocating data structures for frame-local variables. Bug: v8:11510 Change-Id: I1c655f619cf620923256f460b30dc7371de571de Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3452022Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/main@{#79035}
-
Manos Koukoutos authored
Bug: v8:7748 Change-Id: Ia70eeb49cd4fe142cad2cb210dae1f98ec4d076b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3450417Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/main@{#79034}
-
Michael Lippautz authored
Bug: v8:12616, v8:12615 Change-Id: I57ce784c4c9b7a9d75a6e139063b7ce0cac511ab Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3452024Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Auto-Submit: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#79033}
-
Joyee Cheung authored
Handle the case of nested super() by checking if the class scope contains a private brand. In this case the ContextScope chain is different from the actual context chain so this added back the AddPrivateBrand() runtime function but with the additional step of walking the context chain to get the correct class context that will be stored as the value of the brand property for the debugger. Bug: v8:12354 Change-Id: Ieeb9b9d6372bfbb1a39c4c2dc9e9848e9109f02a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3275137Reviewed-by: Shu-yu Guo <syg@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Joyee Cheung <joyee@igalia.com> Cr-Commit-Position: refs/heads/main@{#79032}
-
Thibaud Michaud authored
NaN detection is implemented on arm and arm64, so we can enable fuzzing with Liftoff as the reference implementation on these architectures. R=manoskouk@chromium.org Bug: v8:11856, v8:11954 Change-Id: If80c2f16f52af59705d914396cfe029cb85e7293 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3451718Reviewed-by: Manos Koukoutos <manoskouk@chromium.org> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/main@{#79031}
-
Igor Sheludko authored
This CL 1) adds relaxed version of CodeDataContainer::code_cage_base accessors and use them from relaxed CodeDataContainer::code accessors, 2) uses relaxed version of FromCodeT() in JSFunctionRef::code(). Bug: v8:11880, chromium:1293642 Change-Id: Idc9ba59a97a44a0963197cad50b5e5b440f9629e Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3450423Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Auto-Submit: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/main@{#79030}
-
Michael Achenbach authored
No-Try: true Bug: chromium:1292013 Change-Id: If2a52f19fc200d440d840ec903e053926eaeecd0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3452025 Auto-Submit: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Almothana Athamneh <almuthanna@chromium.org> Commit-Queue: Almothana Athamneh <almuthanna@chromium.org> Cr-Commit-Position: refs/heads/main@{#79029}
-
Andreas Haas authored
Change-Id: Ia3c6d3e9164b84b94ee5d6aee4c3c735df618522 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3451720Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/main@{#79028}
-
Thibaud Michaud authored
R=ahaas@chromium.org Bug: chromium:1294384 Change-Id: Iaf20d01b00966ef3dc0c8b38f520663b8ca75f8b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3451715Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/main@{#79027}
-
Dominik Inführ authored
This reverts commit 2694b75e. Reason for revert: Causes timeouts on waterfall (https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20debug/38375/overview) Original change's description: > Reland "Reland "[heap] Support client-to-shared refs in Code objects"" > > This is a reland of 4b8f1b1c > > After landing https://crrev.com/c/3447371, we can reland this CL as-is > correctness-wise. > > What's new in this CL is that we now treat references from client > objects into the shared heap as roots for the --track-retaining-path > feature. > > Original change's description: > > Reland "[heap] Support client-to-shared refs in Code objects" > > > > This is a reland of 12e46091 > > > > Original change's description: > > > [heap] Support client-to-shared refs in Code objects > > > > > > Support references from code objects in the client heaps to shared heap objects. Such references are stored in a remembered set during marking, which is later used for updating pointers. > > > > > > Bug: v8:11708 > > > Change-Id: I8aeb508ddd14514ca65fa5acf3030dd8c2040168 > > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3401588 > > > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > > > Reviewed-by: Camillo Bruni <cbruni@chromium.org> > > > Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> > > > Cr-Commit-Position: refs/heads/main@{#78819} > > > > Bug: v8:11708 > > Change-Id: I47bcf44b452fcffe8675fba03244b736ede14247 > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3422630 > > Reviewed-by: Camillo Bruni <cbruni@chromium.org> > > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > > Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> > > Cr-Commit-Position: refs/heads/main@{#78838} > > Bug: v8:11708 > Change-Id: I5b48e942fa469eabb40e797e221d06c25af16443 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3425358 > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Reviewed-by: Camillo Bruni <cbruni@chromium.org> > Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> > Cr-Commit-Position: refs/heads/main@{#79023} Bug: v8:11708 Change-Id: I3c5cb945261882122cd76a50aba5237106a25b65 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3451719 Auto-Submit: Dominik Inführ <dinfuehr@chromium.org> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/main@{#79026}
-
Dominik Inführ authored
We need to create the CodePageCollectionMemoryModificationScope *after* setting up the LocalIsolate. Otherwise the destructor of that scope will run after that thread detached from the isolate, when it isn't part of the next GC safepoint anymore. This allows two concurrent operations on the page flags: 1) The destructor of CodePageCollectionMemoryModificationScope protects the page again and accesses page flags in a DCHECK. 2) The GC unprotects the code pages for the collection and sets the the evacuation candidate flag. Bug: chromium:1295738 Change-Id: I6de626bb075f43e26d74dba18e28fe34331fdfd2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3451714 Auto-Submit: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Victor Gomes <victorgomes@chromium.org> Cr-Commit-Position: refs/heads/main@{#79025}
-
Marja Hölttä authored
Bug: v8:11111 Change-Id: Id4273832d6d48d5a516a04982afcdf92b2cf045d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3447366Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Shu-yu Guo <syg@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/main@{#79024}
-
Dominik Inführ authored
This is a reland of 4b8f1b1c After landing https://crrev.com/c/3447371, we can reland this CL as-is correctness-wise. What's new in this CL is that we now treat references from client objects into the shared heap as roots for the --track-retaining-path feature. Original change's description: > Reland "[heap] Support client-to-shared refs in Code objects" > > This is a reland of 12e46091 > > Original change's description: > > [heap] Support client-to-shared refs in Code objects > > > > Support references from code objects in the client heaps to shared heap objects. Such references are stored in a remembered set during marking, which is later used for updating pointers. > > > > Bug: v8:11708 > > Change-Id: I8aeb508ddd14514ca65fa5acf3030dd8c2040168 > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3401588 > > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > > Reviewed-by: Camillo Bruni <cbruni@chromium.org> > > Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> > > Cr-Commit-Position: refs/heads/main@{#78819} > > Bug: v8:11708 > Change-Id: I47bcf44b452fcffe8675fba03244b736ede14247 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3422630 > Reviewed-by: Camillo Bruni <cbruni@chromium.org> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> > Cr-Commit-Position: refs/heads/main@{#78838} Bug: v8:11708 Change-Id: I5b48e942fa469eabb40e797e221d06c25af16443 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3425358Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/main@{#79023}
-
Dominik Inführ authored
--shared-string-table assumes that all old strings are in the shared heap. However, when also using --expose-gc we create an external string for the GC function name. So far external strings are always allocated in the local old space though, which results in a heap verification error. This CL creates external string in the shared old heap with --shared-string-table enabled. In order to pass all the tests this CL also has to: * Stop marking into the shared heap for VisitEmbeddedPointer and VisitCodePointer. * Relax DCHECK in String::GetFlatContent: We cannot check the thread id for any shared string. Even if that string isn't really shared atm. Bug: v8:11708 Change-Id: I51fec5ba038d035be5fe5e1277ef9286efc8dc2a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3447371Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Shu-yu Guo <syg@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/main@{#79022}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/a4e7e5a..96cf77d Rolling v8/buildtools: https://chromium.googlesource.com/chromium/src/buildtools/+log/2a745cc..169eef5 Rolling v8/buildtools/third_party/libc++abi/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxxabi/+log/a18d792..53a6cf1 Rolling v8/buildtools/third_party/libunwind/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libunwind/+log/b86911d..107cd56 Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/25f38be..954eec7 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/cc0f7a5..ff8a62f Rolling v8/third_party/googletest/src: https://chromium.googlesource.com/external/github.com/google/googletest/+log/43efa0a..06519ce Rolling v8/third_party/zlib: https://chromium.googlesource.com/chromium/src/third_party/zlib/+log/3fc7923..14f4303 Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/d7bcddc..c7ca87f R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com Change-Id: I7c8070fa5f42d7a3fe22b674e73050b1c527d7e0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3450174 Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#79021}
-
Milad Fa authored
Change-Id: If7a0742b694d3dc475442a6aee3f6c967291eda1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3451360Reviewed-by: Junliang Yan <junyan@redhat.com> Commit-Queue: Milad Farazmand <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/main@{#79020}
-
Liu Yu authored
StoreArgsInStackSlot sometimes does unaligned store. Relate to commit 18469ec4. In MemoryFill, size is an 8-byte integer, but is stored into a 4-byte aligned memory; Bug: v8:10949, chromium:1281995 Change-Id: I9f18a0168432cdd6d27eacc98b980fa5b6d57d79 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3447932Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Commit-Queue: Yu Liu <liuyu@loongson.cn> Cr-Commit-Position: refs/heads/main@{#79019}
-
- 09 Feb, 2022 13 commits
-
-
Milad Fa authored
Change-Id: I346ff7d125027caeb14cbfead74eba0bd30c6f2d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3450900Reviewed-by: Junliang Yan <junyan@redhat.com> Commit-Queue: Milad Farazmand <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/main@{#79018}
-
Seth Brenith authored
When the debugger is active and a Promise begins executing, Isolate::PushPromise adds a global handle for that Promise. If the debugger is no longer attached when the Promise finishes executing, then there is no corresponding call to PopPromise which would clean up the global handle. To avoid leaking memory in that case, we should clean up the Promise stack when detaching the debugger. Bug: v8:12613 Change-Id: I47a2c37713b43b482e23e2457e96fba5f52623f4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3448949Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com> Cr-Commit-Position: refs/heads/main@{#79017}
-
Manos Koukoutos authored
Bug: v8:12607 Change-Id: I937366634f77648bb76e36934c5a2952fb0e184f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3450422Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/main@{#79016}
-
Manos Koukoutos authored
As a temporary solution to reenable wasm-gc fuzzing, we modify {WasmModuleBuilder} to optionally wrap all types in a recursive group. Bug: v8:7748 Change-Id: Ib0f8ab17c48ecbe04b51da2b1d01502be77ad35a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3450414Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/main@{#79015}
-
Michael Lippautz authored
Move on-allocation and on-move events to a designated tracker that is only installed when running with debugging flags. This eliminates a bunch of flag checks as they are all moved behind the allocation trackers. Bug: v8:12615 Change-Id: Ied6819991511328351825e2341375c36ae34916b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3450419Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#79014}
-
Tamer Tas authored
R=machenbach@chromium.org,liviurau@chromium.org,alexschulze@chromium.org Bug: v8:12610 Change-Id: I24a1af48bf7a748e06c719439fb368ad75dd0160 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3448377 Auto-Submit: Tamer Tas <tmrts@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Tamer Tas <tmrts@chromium.org> Cr-Commit-Position: refs/heads/main@{#79013}
-
Igor Sheludko authored
Bug: v8:11880, chromium:1292638 Change-Id: Ia457f391098aa2027988dae404948ab6f7fa8fab Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3450415 Commit-Queue: Igor Sheludko <ishell@chromium.org> Auto-Submit: Igor Sheludko <ishell@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/main@{#79012}
-
Manos Koukoutos authored
Bug: v8:11510 Change-Id: I15d3758532d964ce6a7203c4152ba3e34c3d9601 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3448375Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/main@{#79011}
-
Samuel Groß authored
This is required when allocating external pointer table entries from background threads through the LocalFactory interface. Bug: v8:10391 Change-Id: Ice5eee1000e1c7341bd0e58782cbb175080a5a74 Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3448376Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Cr-Commit-Position: refs/heads/main@{#79010}
-
Samuel Groß authored
We need to properly handle the case of uninitialized embedder data slots which contain the "undefined" value and thus might look like valid external pointer table indices. Bug: v8:10391 Change-Id: I169a3e42132dde223ea151c1a5d5956c72341f8d Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3448378Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Cr-Commit-Position: refs/heads/main@{#79009}
-
Manos Koukoutos authored
Bug: v8:12605 Change-Id: Ic353570757b0271279d9a00352017b0341281e05 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3448382Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/main@{#79008}
-
Michael Achenbach authored
Another encoding fix and test coverage for it. No-Try: true Bug: chromium:1292013 Change-Id: Id54f505848f93b4869710156fa77ad2e258c5dd6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3447905Reviewed-by: Liviu Rau <liviurau@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/main@{#79007}
-
Dominik Inführ authored
When iterating slots for promoted objects we now also need to visit the map word slot since maps might get compacted. If we do not do this, we risk losing the already recorded slot for the map word in case that object already got marked. Bug: v8:12578, chromium:1295239 Change-Id: I34fbf7ae4b9e36eae8e7e3df354b5fd19adcb08f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3448373Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/main@{#79006}
-