1. 26 Aug, 2019 1 commit
  2. 23 Aug, 2019 2 commits
  3. 01 Aug, 2019 1 commit
  4. 31 May, 2019 1 commit
    • Santiago Aboy Solanes's avatar
      [ptr-compr][turbofan][CSA] Adding the CompressedHeapConstant node · a31b36e0
      Santiago Aboy Solanes authored
      CompressedHeapConstant is used in the DecompressionElimination Reducer to
      create compressed HeapConstant values. It won't appear in the graph
      up until that point.
      
      This CL enables back the disabled tests in DecompressionElimination, as
      well as generating the CompressedHeapConstant in that reducer.
      
      The RelocInfo has already been added for x64 but not for arm64. Therefore,
      the x64 version is now doing the mov on 32 bits. The support for ARM will
      come in a following CL, and for now it is doing the mov in 64 bits.
      
      Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
      Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
      Bug: v8:8977, v8:7703, v8:9298
      Change-Id: If0ca4f937cfa60501679e66f6fd5ded2df38f605
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632236Reviewed-by: 's avatarJaroslav Sevcik <jarin@chromium.org>
      Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#61950}
      a31b36e0
  5. 24 May, 2019 1 commit
  6. 21 May, 2019 1 commit
  7. 20 May, 2019 3 commits
  8. 06 May, 2019 1 commit
  9. 01 Apr, 2019 1 commit
  10. 29 Mar, 2019 1 commit
  11. 30 Nov, 2018 1 commit
  12. 19 Sep, 2018 1 commit
  13. 17 Sep, 2018 1 commit
  14. 17 Aug, 2018 1 commit
  15. 06 Jun, 2018 1 commit
  16. 30 Apr, 2018 1 commit
    • Jaroslav Sevcik's avatar
      Replace array index masking with the poisoning approach. · f53dfd93
      Jaroslav Sevcik authored
      The idea is to mark all the branches and loads participating in array
      bounds checks, and let them contribute-to/use the poisoning register.
      In the code, the marks for array indexing operations now contain
      "Critical" in their name. By default (--untrusted-code-mitigations),
      we only instrument the "critical" operations with poisoning.
      
      With that in place, we also remove the array masking approach based
      on arithmetic.
      
      Since we do not propagate the poison through function calls,
      we introduce a node for poisoning an index that is passed through
      function call - the typical example is the bounds-checked index
      that is passed to the CharCodeAt builtin.
      
      Most of the code in this CL is threads through the three levels of
      protection (safe, critical, unsafe) for loads, branches and flags.
      
      Bug: chromium:798964
      
      Change-Id: Ief68e2329528277b3ba9156115b2a6dcc540d52b
      Reviewed-on: https://chromium-review.googlesource.com/995413
      Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
      Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#52883}
      f53dfd93
  17. 28 Apr, 2018 1 commit
  18. 06 Apr, 2018 1 commit
  19. 27 Mar, 2018 1 commit
    • Tobias Tebbi's avatar
      [turbofan] unify interpreter and JIT speculation poisoning · 1ef6c437
      Tobias Tebbi authored
      This CL changes the poisoning in the interpreter to use the
      infrastructure used in the JIT.
      
      This does not change the original flag semantics:
      
      --branch-load-poisoning enables JIT mitigations as before.
      
      --untrusted-code-mitigation enables the interpreter mitigations
        (now realized using the compiler back-end), but does not enable
        the back-end based mitigations for the Javascript JIT. So in effect
        --untrusted-code-mitigation makes the CSA pipeline for bytecode handlers
        use the same mechanics (including changed register allocation) that
        --branch-load-poisoning enables for the JIT.
      
      Bug: chromium:798964
      Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
      Change-Id: If7f6852ae44e32e6e0ad508e9237f24dec7e5b27
      Reviewed-on: https://chromium-review.googlesource.com/928881Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
      Reviewed-by: 's avatarJaroslav Sevcik <jarin@chromium.org>
      Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#52243}
      1ef6c437
  20. 21 Mar, 2018 1 commit
  21. 05 Mar, 2018 3 commits
  22. 02 Mar, 2018 3 commits
  23. 09 Feb, 2018 1 commit
  24. 02 Feb, 2018 1 commit
  25. 01 Feb, 2018 1 commit
  26. 24 Jan, 2018 1 commit
  27. 04 Jan, 2018 2 commits
  28. 03 Jan, 2018 1 commit
  29. 11 Dec, 2017 1 commit
  30. 16 Nov, 2017 1 commit
    • Tobias Tebbi's avatar
      Reland^6 "[turbofan] eagerly prune None types and deadness from the graph" · 19ac10e5
      Tobias Tebbi authored
      Reland of https://chromium-review.googlesource.com/c/v8/v8/+/727893
      The crashes should be fixed by https://chromium-review.googlesource.com/c/v8/v8/+/763531
      
      Original change's description:
      > Revert "Reland^5 "[turbofan] eagerly prune None types and deadness from the graph""
      > 
      > This reverts commit ac0661b3.
      > 
      > Reason for revert: Clusterfuzz unhappy: chromium:783019 chromium:783035
      > 
      > Original change's description:
      > > Reland^5 "[turbofan] eagerly prune None types and deadness from the graph"
      > >
      > > This gives up on earlier attempts to interpret DeadValue as a signal of
      > > unreachable code. This does not work because free-floating dead value
      > > nodes, and even pure branch nodes that use them, can get scheduled so
      > > early that they get reachable. Instead, we now eagerly remove branches
      > > that use DeadValue in DeadCodeElimination and replace DeadValue inputs
      > > to value phi nodes with dummy values.
      > >
      > > Reland of https://chromium-review.googlesource.com/715716
      > >
      > > Bug: chromium:741225 chromium:776256
      > > Change-Id: I251efd507c967d4a8882ad8fd2fd96c4185781fe
      > > Reviewed-on: https://chromium-review.googlesource.com/727893
      > > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
      > > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
      > > Cr-Commit-Position: refs/heads/master@{#49188}
      > 
      > TBR=jarin@chromium.org,tebbi@chromium.org
      > 
      > Bug: chromium:741225 chromium:776256 chromium:783019 chromium:783035
      > Change-Id: I6a8fa3a08ce2824a858ae01817688e63ed1f442e
      > Reviewed-on: https://chromium-review.googlesource.com/758770
      > Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
      > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#49262}
      
      TBR=jarin@chromium.org,tebbi@chromium.org
      
      # Not skipping CQ checks because original CL landed > 1 day ago.
      
      Bug: chromium:741225 chromium:776256 chromium:783019 chromium:783035
      Change-Id: I6c02b4beb02997ec34015ed2f6791a93c70f5e36
      Reviewed-on: https://chromium-review.googlesource.com/772150
      Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
      Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#49429}
      19ac10e5
  31. 09 Nov, 2017 1 commit
    • Tobias Tebbi's avatar
      Revert "Reland^5 "[turbofan] eagerly prune None types and deadness from the graph"" · c899637d
      Tobias Tebbi authored
      This reverts commit ac0661b3.
      
      Reason for revert: Clusterfuzz unhappy: chromium:783019 chromium:783035
      
      Original change's description:
      > Reland^5 "[turbofan] eagerly prune None types and deadness from the graph"
      >
      > This gives up on earlier attempts to interpret DeadValue as a signal of
      > unreachable code. This does not work because free-floating dead value
      > nodes, and even pure branch nodes that use them, can get scheduled so
      > early that they get reachable. Instead, we now eagerly remove branches
      > that use DeadValue in DeadCodeElimination and replace DeadValue inputs
      > to value phi nodes with dummy values.
      >
      > Reland of https://chromium-review.googlesource.com/715716
      >
      > Bug: chromium:741225 chromium:776256
      > Change-Id: I251efd507c967d4a8882ad8fd2fd96c4185781fe
      > Reviewed-on: https://chromium-review.googlesource.com/727893
      > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
      > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#49188}
      
      TBR=jarin@chromium.org,tebbi@chromium.org
      
      Bug: chromium:741225 chromium:776256 chromium:783019 chromium:783035
      Change-Id: I6a8fa3a08ce2824a858ae01817688e63ed1f442e
      Reviewed-on: https://chromium-review.googlesource.com/758770Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
      Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#49262}
      c899637d
  32. 07 Nov, 2017 1 commit