- 17 Nov, 2021 1 commit
-
-
Manos Koukoutos authored
On 32-bit architectures, we need to run Int64Lowering on the inlinee code to make it compatible with the caller code. Since Int64Lowering now runs while a GraphReducer is active, only one of them can use node marks to store node states. Therefore, we move the Int64Lowering node states to an internal map. Bug: v8:12166 Change-Id: I53b85442d503e71fa533e06568f4b9db572a4401 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3283072Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Reviewed-by:
Andreas Haas <ahaas@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/main@{#77941}
-
- 15 Nov, 2021 2 commits
-
-
Manos Koukoutos authored
The stored value might be an allocation that can be removed once the Store node is removed. We need to revisit this node manually because inputs in a node removed with ReplaceWithValue are not revisited automatically. Bug: v8:11510 Change-Id: I57cb8955a3e2f7143474ad7ced9d946e6d1cc18e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3277880Reviewed-by:
Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/main@{#77899}
-
Manos Koukoutos authored
In each wasm CallDescriptor, we store the signature of the call based on the real parameters passed to the call. This signature is more precise than the formal function signature. We use this signature in inlining to enable more optimizations. Changes: - Add wasm_sig_ field to CallDescriptor. - Construct the real signature in {DoCall} and {DoReturnCall} in graph-builder-interface, and pass it to all call-related functions in WasmGraphBuilder. - Update {ReplaceTypeInCallDescriptorWith} to use ValueType over MachineType. Construct the updated function signature. - In wasm-inlining, kill the Call node after inlining. - Add two tests. Bug: v8:11510 Change-Id: Ica711b6b4d83945ecb7201be26577eab7db3c060 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3270539Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Reviewed-by:
Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/main@{#77889}
-
- 12 Nov, 2021 1 commit
-
-
Jakob Kummerow authored
FLAG_wasm_dynamic_tiering is still off by default. When enabled, it now uses the technique previously behind --new-wasm-dynamic-tiering. Bug: v8:12281 Change-Id: I365c2c066e62418cd6abc7830f95d1fe0f950e33 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3275570 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by:
Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/main@{#77883}
-
- 11 Nov, 2021 3 commits
-
-
Seth Brenith authored
Similar to previous bug v8:11771, this test needs deterministic GC behavior so it is incompatible with concurrent inlining. Bug: v8:12374, v8:4578 Change-Id: Ib3667744d1032524a0c2e697a970876dfc1677ae Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3272882 Commit-Queue: Seth Brenith <seth.brenith@microsoft.com> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/main@{#77851}
-
Leszek Swirski authored
Loop headers in the interpreter would start a new basic block, which among other things would reset the liveness of that block. This meant that a loop created after dead code, without a check for whether the code is currently dead or not, would "resurrect" that block's liveness, making the inside of the loop live even though the loop itself is unreachable. This works fine, since the loop is still unreachable, but can breaks DCHECKs in bytecode liveness analysis for cases where a register is supposed to be initialised before the loop, in the dead code, and is then used inside the loop, in the resurrected code. Normally this wouldn't be a problem, since blocks are normally killed on the statement level and we check for deadness during statement iteration, but `foo() = x` introduces an expression-level block killer (being re-written to `foo[throw ReferenceError] = x`) and we don't check for deadness after assignment Lhs preparation. This does mean that we have to fix the InterpreterJumps test, to not try to jump into the middle of a loop (since this could revive the loop). This can only happen when manually creating bytecode, bytecode generated from JavaScript is always reducible. Bug: chromium:1230597 Change-Id: I8403ccdeae7e5450adf629026e2ca8a134c81877 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3275557 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/main@{#77846}
-
Manos Koukoutos authored
Changes: - Enable allocation folding for wasm-gc graphs. - Improve structure of wasm escape analysis code. Kill dead nodes. - Revisit object node after eliminating a load or a store to that node. - Add a couple of tests, rename one test file. Bug: v8:11510 Change-Id: I8b3c5186cd0a8827744a05eba366ff79bc7bc975 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3264215Reviewed-by:
Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/main@{#77840}
-
- 09 Nov, 2021 4 commits
-
-
Seth Brenith authored
The GC already treats some embedded object pointers in Code as weak, based on Code::IsWeakObject. If one of those embedded objects ends up unmarked during a full mark-collect GC, then the Code is marked for lazy deoptimization and the embedded objects are cleared. However, many of those same objects are often held strongly by the deoptimization literal array for the Code, which causes memory leaks. This change updates the deoptimization literals array to store those objects weakly. Any Code currently executing on the stack might need those deoptimization literals in order to deoptimize, so the deoptimization literal array is marked strongly in that case. Design document: https://docs.google.com/document/d/1gFRBYCeqz9Mysx8CVYQkldBbk3AZLo8UX0DMLZV_7qw/edit?usp=sharing Bug: v8:4578 Change-Id: I02e86683c59371e9f88ecf523750c9c6afebdb39 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3160299Reviewed-by:
Yang Guo <yangguo@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com> Cr-Commit-Position: refs/heads/main@{#77805}
-
Joyee Cheung authored
In assignments the lhs should be evaluated first and shouldn't be re-evaluated when the value of the rhs is available. Fix it by saving the receiver and the key registers into AssignmentLhsData before building the assignment and use them later, instead of visiting the AST again to retrieve the receiver. In addition, now that we save the receiver register, use it to perform the brand check even when we know for sure that it's going to fail later because it's a write to a private method or accessing the accessor in the wrong way (v8:11364), so that the brand check error always appears first if it is present, as specified in https://tc39.es/proposal-private-methods/#sec-privatefieldget Drive-by: unify the brand check error messages, and replace "Object" with "Receiver" in the messages for clarity. The instance private brand check now throws "Receiver must be an instance of class <name>" and the static private brand check now throws "Receiver must be class <name>". Also always set the expression position to the property load position, because the brand check failure comes from the load operation. Bug: v8:12352, v8:11364 Change-Id: I61a8979b2e02b561dd5b2b35f9e0b6691fe07599 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3266964 Commit-Queue: Joyee Cheung <joyee@igalia.com> Reviewed-by:
Marja Hölttä <marja@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/main@{#77797}
-
Marja Hölttä authored
In order to construct the optimal source code combination for functions (and especially the positions inside the optimal source code for each function), we need to know all functions upfront. Rewrite the d8-based snapshotter so that it discovers all objects first (+ assigns ids), then does the actual snapshotting. Bug: v8:11525 Change-Id: I4f4e5589575ee9738e8a83aa6cda2c8164803b4c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3268915Reviewed-by:
Camillo Bruni <cbruni@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/main@{#77794}
-
Al Muthanna Athamina authored
Bug: v8:12185 Change-Id: If5f07f6f7aa2d63d09bcf069fce57b124cbc9c76 No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3263974 Auto-Submit: Almothana Athamneh <almuthanna@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by:
Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/main@{#77787}
-
- 08 Nov, 2021 2 commits
-
-
Junliang Yan authored
Change-Id: I452cc4b2a25ce2d00825bf8eea7ac4073310583b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3260149Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Commit-Queue: Junliang Yan <junyan@redhat.com> Cr-Commit-Position: refs/heads/main@{#77764}
-
Jakob Gruber authored
`Equals` did not properly account for arrays with odd lengths. Bug: v8:11069 Change-Id: I3264ebef248adcecd59b902bf1521cfddbd5a69d Fixed: chromium:1267674 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3264218 Auto-Submit: Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#77756}
-
- 05 Nov, 2021 5 commits
-
-
Thibaud Michaud authored
R=ahaas@chromium.org CC=fgm@chromium.org Bug: v8:12191 Change-Id: I415c4488262a97cf04b71fd8e96071c7bff972cf Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3231337Reviewed-by:
Andreas Haas <ahaas@chromium.org> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/main@{#77740}
-
Camillo Bruni authored
Change-Id: Ie5d8ec9030df9f838522b4531205e71394a988da Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3263884 Commit-Queue: Camillo Bruni <cbruni@chromium.org> Auto-Submit: Camillo Bruni <cbruni@chromium.org> Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/main@{#77737}
-
Thibaud Michaud authored
R=ahaas@chromium.org Bug: v8:12191 Change-Id: I15a5507a7dd0f02a3bbe9d3ce200206adf4d4539 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3231075 Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Reviewed-by:
Andreas Haas <ahaas@chromium.org> Reviewed-by:
Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/main@{#77734}
-
Camillo Bruni authored
Change-Id: I5dbfe8c1e2f8474d4693dc9e9ddd57639c37c6ab Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3263885Reviewed-by:
Victor Gomes <victorgomes@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/main@{#77725}
-
Jakob Gruber authored
Capture group names were extended in https://github.com/tc39/ecma262/pull/1869/files https://github.com/tc39/ecma262/pull/1932/files RegExpIdentifierName now explicitly enables unicode (+U) for unicode escape sequences; likewise, surrogate pairs are now allowed unconditionally. The implementation simply switches on unicode temporarily while parsing a capture group name. Good news everyone, /(?<𝒜>.)/ is now a legal pattern. Bug: v8:10384 Change-Id: Ida805998eb91ed717b2e05d81d52c1ed61104e3f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3233234 Auto-Submit: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#77722}
-
- 04 Nov, 2021 7 commits
-
-
Camillo Bruni authored
This is a reland of 0446ab7c Additional fix: Manually set the host-defined options on deserialised scripts in d8. Original change's description: > [d8] Verify host-defined options > > d8 never checked what the actual value of the host-defined options are. > We now properly very that the host-defined options is a specific object > so we we don't end up accidentally ignoring a wrong options object. > > Drive-by-fix: > - Convert %AbortJS argument to string > > Bug: chromium:1244145 > Change-Id: If0ed128d215682bcf066592418420548b06eb6a1 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3259655 > Commit-Queue: Camillo Bruni <cbruni@chromium.org> > Reviewed-by: Shu-yu Guo <syg@chromium.org> > Cr-Commit-Position: refs/heads/main@{#77699} Bug: chromium:1244145 Change-Id: I8ddfdba27d84c36862323ab9e1aba14b2ff932a4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3259539 Auto-Submit: Camillo Bruni <cbruni@chromium.org> Reviewed-by:
Shu-yu Guo <syg@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/main@{#77716}
-
Andreas Haas authored
The wasm serialization format only contains TurboFan code. All other functions are only represented by placeholders. With this CL serialization fails if the serialized module does not contain any TurboFan functions and would therefore consist only of placeholders. This is a defense in depth approach, because ideally serialization only gets triggered when TurboFan code is available. However, in some scenarios like debugging it can happen that modules without TurboFan code get serialized. Bug: v8:12281 Change-Id: Ib05430ff89eb2317da80fc0d086ce1d7ab0e919d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3212510 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/main@{#77715}
-
Jakob Kummerow authored
The old "gc-safe" implementation to get the off-heap type information wasn't quite as gc-safe as it needs to be. Due to parallel compaction, we shouldn't check for forwarding pointers; instead we should rely on the old location of the Foreign, but make sure not to look at its Map (which might be a forwarding pointer). Bug: v8:12185 Change-Id: I4570b00a5300a0d7ed8c042fa21d355373e0e691 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3260513 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#77707}
-
Leszek Swirski authored
This reverts commit 0446ab7c. Reason for revert: Lots of failures https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20debug/37355/overview Original change's description: > [d8] Verify host-defined options > > d8 never checked what the actual value of the host-defined options are. > We now properly very that the host-defined options is a specific object > so we we don't end up accidentally ignoring a wrong options object. > > Drive-by-fix: > - Convert %AbortJS argument to string > > Bug: chromium:1244145 > Change-Id: If0ed128d215682bcf066592418420548b06eb6a1 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3259655 > Commit-Queue: Camillo Bruni <cbruni@chromium.org> > Reviewed-by: Shu-yu Guo <syg@chromium.org> > Cr-Commit-Position: refs/heads/main@{#77699} Bug: chromium:1244145 Change-Id: I267f4bdbd8afce81934f4e813dbe1ec09ebdc1ae No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3259538 Auto-Submit: Leszek Swirski <leszeks@chromium.org> Owners-Override: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#77705}
-
Shu-yu Guo authored
This runtime function behaves like StoreDataPropertyInLiteral, except it can throw, since it's also used for defining public class fields. Unlike the literal use case, class field can end up throwing due to field initializers doing things like freezing the instance. Bug: chromium:1264828 Change-Id: I3ea4d15ad9b906c26763f022c8e22b757fa80b6c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3252558 Commit-Queue: Igor Sheludko <ishell@chromium.org> Auto-Submit: Shu-yu Guo <syg@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/main@{#77704}
-
Camillo Bruni authored
d8 never checked what the actual value of the host-defined options are. We now properly very that the host-defined options is a specific object so we we don't end up accidentally ignoring a wrong options object. Drive-by-fix: - Convert %AbortJS argument to string Bug: chromium:1244145 Change-Id: If0ed128d215682bcf066592418420548b06eb6a1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3259655 Commit-Queue: Camillo Bruni <cbruni@chromium.org> Reviewed-by:
Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/main@{#77699}
-
Al Muthanna Athamina authored
Bug: v8:12185 Change-Id: I32518ad88d98f68934a1b3c12b1559e31f0df628 No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3259528 Auto-Submit: Almothana Athamneh <almuthanna@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by:
Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/main@{#77698}
-
- 03 Nov, 2021 3 commits
-
-
Al Muthanna Athamina authored
Bug: v8:12185 No-Try: true Change-Id: Ib8296171d8101594949deddbf0a7c2a24ee5c7f1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3257717 Auto-Submit: Almothana Athamneh <almuthanna@chromium.org> Commit-Queue: Almothana Athamneh <almuthanna@chromium.org> Reviewed-by:
Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/main@{#77684}
-
Jakob Kummerow authored
If index > JSObject::kMaxElementIndex, we have to perform a prototype chain lookup for a named property. The corresponding check was missing for string receivers. Fixed: chromium:1265043 Change-Id: Ibccd058a4bd108eeee235762bea0bc4163aaa0b3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3257704 Auto-Submit: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/main@{#77683}
-
Jakob Gruber authored
Unfortunately, CharacterRanges may use 0x10ffff as a marker value signifying 'highest possible code unit' irrespective of whether the regexp instance has the unicode flag or not. This value makes it through RegExpCharacterClass::ToNode unmodified (since no surrogate desugaring takes place without /u). Correctly mask out the 0xffff value for purposes of building our uint16_t range array. Note: It'd be better to never introduce 0x10ffff in the first place, but given the irregexp pipeline's lack of hackability I hesitate to change this - we are sure to rely on it implicitly in other spots. Drive-by: Refactors. Fixed: chromium:1264508 Bug: v8:11069 Change-Id: Ib3c5780e91f682f1a6d15f26eb4cf03636d93c25 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3256549 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Mathias Bynens <mathias@chromium.org> Cr-Commit-Position: refs/heads/main@{#77673}
-
- 02 Nov, 2021 5 commits
-
-
Leszek Swirski authored
This reverts commit 12e0978d. Reason for revert: Issues should be fixed by https://crrev.com/c/3123420 Original change's description: > Skip code flushing tests failing on NumFuzz bots > > Bug: v8:12088 > Change-Id: Ibc4db95125d44eca110829f1c043e769de5bd349 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3123416 > Commit-Queue: Mythri Alle <mythria@chromium.org> > Commit-Queue: Michael Achenbach <machenbach@chromium.org> > Auto-Submit: Mythri Alle <mythria@chromium.org> > Reviewed-by: Michael Achenbach <machenbach@chromium.org> > Cr-Commit-Position: refs/heads/main@{#76527} Bug: v8:12088 Change-Id: I5fcf0f149028d34ade3aa5aabc2e8de73631cac2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3256551Reviewed-by:
Michael Achenbach <machenbach@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#77660}
-
Jakob Kummerow authored
When a Promise-Reject handler throws an unhandled exception, we should use that promise's context for reporting the exception to the runtime. This avoids a null-pointer deref. Fixed: chromium:1263994 Change-Id: I3792a1884af4a83991249d612caf15588ea77dad Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3250912 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Auto-Submit: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by:
Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/main@{#77652}
-
Marja Hölttä authored
Bug: v8:11111 Change-Id: Icefaa3f1090f9b41dc7837e3a95bbfd633703757 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3251179Reviewed-by:
Shu-yu Guo <syg@chromium.org> Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/main@{#77650}
-
Joyee Cheung authored
In stress runs a GC may kick in before assertOptimized() is called on the optimized function, causing it to deoptimize and the test would fail even if the function is optimized as expected. Adding --no-stress-flush-code --no-flush-bytecode fixes the timing issue. Bug: v8:12332 Change-Id: If43c2a06e84c0e3b5e21f7bde160340a0fc742f4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3237326Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Commit-Queue: Joyee Cheung <joyee@igalia.com> Cr-Commit-Position: refs/heads/main@{#77645}
-
Shu-yu Guo authored
Bug: v8:12350 Change-Id: Ic4c8f11df4f0916d3fcb4b9d60b6e06bab4f3df8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3252820 Auto-Submit: Shu-yu Guo <syg@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Reviewed-by:
Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/main@{#77641}
-
- 01 Nov, 2021 1 commit
-
-
Igor Sheludko authored
Drive-by: * don't create proto handlers for DefineOwnIC and StoreOwnIC, * make sure that none of the DefineOwnIC and StoreOwnIC handlers are leaked into StoreIC's megamorphic stub cache. Bug: v8:9888, chromium:1259950 Change-Id: I9db538e6ed14bc578aa80df037ffebd9e8c3c649 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3250641 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by:
Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/main@{#77632}
-
- 29 Oct, 2021 3 commits
-
-
Ng Zhi An authored
There is a bit of a contradictory register requirement in the instruction selector for i64x2.mul. We want dst == lhs (when AVX not supported), but we also want lhs and rhs to be unique (to ensure that that they don't alias the temp). We remove the requirement for dst == lhs, since the code gen can handle both cases (dst == lhs, dst != lhs), at the expense of 1 movaps. Bug: chromium:1264462 Change-Id: Ia48572412b1f6e0da3551880d8b68a03f42fe2a3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3253661 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by:
Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#77625}
-
Tobias Tebbi authored
Bug: chromium:1264013 Change-Id: If2e504e6713617fdc1d098da3b71ffc78a4f0eb0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3251177 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by:
Nico Hartmann <nicohartmann@chromium.org> Reviewed-by:
Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/main@{#77611}
-
Victor Gomes authored
No-Try: true Change-Id: If5b38a16aad87ae4bb9e025d004f028d321ac088 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3250717 Auto-Submit: Victor Gomes <victorgomes@chromium.org> Reviewed-by:
Andreas Haas <ahaas@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/main@{#77610}
-
- 28 Oct, 2021 3 commits
-
-
Tobias Tebbi authored
This is a reland of 45227ffd Differences: - Handle one more flags conflict in variants.py. - Disallow %VerifyType without --concurrent-recompilation. Original change's description: > [turbofan] extend type asserts to cover all JS types > > Extend type assertions to all types covering JavaScript values. > This is achieved by allocating type representations on the heap using > newly defined HeapObject subclasses. To allocate these in the compiler, > we disable concurrent compilation for the --assert-types flag for now. > > Fix two type errors that came up with the existing tests: > 1. JSCreateKeyValueArray has type Array (i.e., a JSArray) instead of > OtherObject. > 2. OperationTyper::NumberToString(Type) can type the result as the > HeapConstant Factory::zero_string(). However, NumberToString does > not always produce this string. To avoid regressions, the CL keeps > the HeapConstant type and changes the runtime and builtin code to > always produce the canonical "0" string. > > A few tests were failing because they check for truncations to work > and prevent deoptimization. However, AssertType nodes destroy all > truncations (which is by design), so these tests are incompatible > and now disabled for the assert_types variant. > > Drive-by fix: a few minor Torque issues that came up. > > Change-Id: If03b7851f7e6803a2f69edead4fa91231998f764 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3234717 > Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> > Reviewed-by: Omer Katz <omerkatz@chromium.org> > Commit-Queue: Tobias Tebbi <tebbi@chromium.org> > Cr-Commit-Position: refs/heads/main@{#77565} Change-Id: I5b3c6745c6ad349ff8c2b199d9afdf0a9b5a7392 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3247035 Auto-Submit: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> Reviewed-by:
Omer Katz <omerkatz@chromium.org> Reviewed-by:
Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/main@{#77596}
-
Thibaud Michaud authored
The stack-switching test is not expected to pass yet if a GC happens in the runtime call or in the wasm call. R=ahaas@chromium.org Bug: v8:12191, v8:12344 Change-Id: Iba66be58c1abd2ffbb22bbd7d34f8df0246a2a92 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3250900Reviewed-by:
Andreas Haas <ahaas@chromium.org> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/main@{#77594}
-
Ray Wang authored
1. Skip leading zeros when parsing date string 2. Add necessary unittests Bug: v8:12256 Change-Id: Ibc1f320382a2e33175f7f57542c8fe48afd05fa8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3223239Reviewed-by:
Shu-yu Guo <syg@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/main@{#77592}
-