- 18 Oct, 2021 9 commits
-
-
Shu-yu Guo authored
[1] fixes the behavior of StaNamedOwnProperty to no longer do prototype lookups. This lets us revert [2] and go back to using the fast path in the clone spread object literal bytecode. The test case from [2] is kept. [1] https://chromium-review.googlesource.com/c/v8/v8/+/2795831 [2] https://chromium-review.googlesource.com/c/v8/v8/+/3178969 Bug: v8:9888, chromium:1251366 Change-Id: I9d2cb69b803c403f63365f55d27c4de20ff7dafb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3224666Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Reviewed-by:
Patrick Thier <pthier@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/main@{#77444}
-
Victor Gomes authored
This is a reland of 0c459ff5 Original change's description: > [baseline] Concurrent Sparkplug n-thread with synchronised queue > > Installation in the main thread. > Design doc: https://docs.google.com/document/d/1GmEiEt2VDmhY_Ag0PiIcGWKtvQupKgNcMZUvgpfQksk/edit?resourcekey=0-seYa-QJsx1ZbjelluPG1iQ > > Change-Id: Ifc6eccd44efdf377320c64cf9957c6060334e543 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3186831 > Commit-Queue: Victor Gomes <victorgomes@chromium.org> > Reviewed-by: Leszek Swirski <leszeks@chromium.org> > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> > Cr-Commit-Position: refs/heads/main@{#77431} Change-Id: I4ea8f3c026a0a448afcb16f57517ee75cedaf83f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3229379 Commit-Queue: Victor Gomes <victorgomes@chromium.org> Reviewed-by:
Dominik Inführ <dinfuehr@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#77437}
-
Leszek Swirski authored
This reverts commit dca83ff7. Reason for revert: Speculative revert for https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN/38914/overview Original change's description: > [snapshot] Fix two stress_snapshot failures > > 1. Stress snapshot discards code on SFIs, which breaks flushing > invariants. Add --stress-snapshot to those invariants. > 2. Another test failing on IsScript, added it to the disabled list. > > Change-Id: Ic415923a9cc96d34b74f7450b29be99c1b53d077 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3229375 > Commit-Queue: Leszek Swirski <leszeks@chromium.org> > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Auto-Submit: Leszek Swirski <leszeks@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/main@{#77430} Change-Id: Ied1bd9e10389f361cd6e39a1c985ee134f098629 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3229561 Auto-Submit: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Owners-Override: Leszek Swirski <leszeks@chromium.org> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#77434}
-
Leszek Swirski authored
This reverts commit 0c459ff5. Reason for revert: breaks build on M1 (where W^X flag is RO) https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Mac%20-%20arm64%20-%20release%20builder/6999/overview Original change's description: > [baseline] Concurrent Sparkplug n-thread with synchronised queue > > Installation in the main thread. > Design doc: https://docs.google.com/document/d/1GmEiEt2VDmhY_Ag0PiIcGWKtvQupKgNcMZUvgpfQksk/edit?resourcekey=0-seYa-QJsx1ZbjelluPG1iQ > > Change-Id: Ifc6eccd44efdf377320c64cf9957c6060334e543 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3186831 > Commit-Queue: Victor Gomes <victorgomes@chromium.org> > Reviewed-by: Leszek Swirski <leszeks@chromium.org> > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> > Cr-Commit-Position: refs/heads/main@{#77431} Change-Id: I45a952aacf0ad29ebb703a742fdc6da7b0b7c826 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3229378 Auto-Submit: Leszek Swirski <leszeks@chromium.org> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Owners-Override: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#77433}
-
Victor Gomes authored
Installation in the main thread. Design doc: https://docs.google.com/document/d/1GmEiEt2VDmhY_Ag0PiIcGWKtvQupKgNcMZUvgpfQksk/edit?resourcekey=0-seYa-QJsx1ZbjelluPG1iQ Change-Id: Ifc6eccd44efdf377320c64cf9957c6060334e543 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3186831 Commit-Queue: Victor Gomes <victorgomes@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/main@{#77431}
-
Leszek Swirski authored
1. Stress snapshot discards code on SFIs, which breaks flushing invariants. Add --stress-snapshot to those invariants. 2. Another test failing on IsScript, added it to the disabled list. Change-Id: Ic415923a9cc96d34b74f7450b29be99c1b53d077 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3229375 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/main@{#77430}
-
Joyee Cheung authored
It was missing on the slow path before. Bug: chromium:1259902, chromium:1260746, v8:10793 Change-Id: I9ae5f9efd552754a725f624307dd7caaeacd496f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3226541Reviewed-by:
Igor Sheludko <ishell@chromium.org> Commit-Queue: Joyee Cheung <joyee@igalia.com> Cr-Commit-Position: refs/heads/main@{#77429}
-
Manos Koukoutos authored
This CL improves wasm inlining heuristics in Turbofan, for an average 8,5% performance improvement in selected benchmarks. Changes: - In WasmInliner::Reduce(), only collect inlining candidates into a priority queue, according to WasmInliner::LexicographicOrdering. Move actual inlining to Finalize(). - Remove the InlineFirstFew heuristic. Add two limits to inlining: Maximum relative size increase (reversely proportional to the function size), and absolute size increase. - Pass information about call frequency from liftoff-collected feedback to the WasmInliner though the wasm module. - Run wasm inlining along other optimizations in the pipeline. - Split inlining and speculative inlining tests. Bug: v8:7748, v8:12166 Change-Id: Iccee22093db765981889a24451fb458dfce1f1a6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3222764Reviewed-by:
Nico Hartmann <nicohartmann@chromium.org> Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/main@{#77428}
-
Marja Hölttä authored
Functions affected: filter find findIndex findLast findLastIndex forEach reduce reduceRight Bug: v8:11111 Change-Id: Ifb40143e5b6ed4a3eb30cb25332e2387009e3274 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3205421 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by:
Shu-yu Guo <syg@chromium.org> Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/main@{#77422}
-
- 14 Oct, 2021 2 commits
-
-
Shu-yu Guo authored
Bug: chromium:1258603 Change-Id: Ife2284de6151c7e70592b55871875061b93bbcca Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3218193Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/main@{#77405}
-
Jakob Kummerow authored
Since we introduced `array.init` as a way to create fully initialized arrays, immutable arrays are no longer useless, and they enable certain static optimizations, so this patch allows them. Bug: v8:7748 Change-Id: I404aab60099826f4bd83cf54e5e1acbc38a3ca9b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3221151 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by:
Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/main@{#77397}
-
- 13 Oct, 2021 2 commits
-
-
Mike Stanton authored
We need to check if the index is less than zero and miss to the runtime if this is so. Bug: chromium:1257519 Change-Id: I7d22f2765232815120b8baf7b8b83d5b00024375 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3218975Reviewed-by:
Igor Sheludko <ishell@chromium.org> Commit-Queue: Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/main@{#77380}
-
Joyee Cheung authored
Introduces several new runtime mechanics for defining private fields, including: - Bytecode StaKeyedPropertyAsDefine - Builtins StoreOwnIC{Trampoline|Baseline|_NoFeedback} - Builtins KeyedDefineOwnIC{Trampoline|Baseline|_Megamorphic} - TurboFan IR opcode JSDefineProperty These new operations can reduce a runtime call per class field into a more traditional Store equivalent. In the microbenchmarks, this results in a substantial win over the status quo (~8x benchmark score for single fields with the changes, ~20x with multiple fields). The TurboFan JSDefineProperty op is lowered in JSNativeContextSpecialization, however this required some hacks. Because private fields are defined as DONT_ENUM when added to the object, we can't find a suitable transition using the typical data property (NONE) flags. I've added a mechanism to specify the required PropertyAttributes for the transition we want to look up. Details: New bytecodes: - StaKeyedPropertyAsDefine, which is essentially StaKeyedProperty but with a different IC builtin (KeyedDefineOwnIC). This is a bytecode rather than a flag for the existing StaKeyedProperty in order to avoid impacting typical keyed stores in any way due to additional branching and testing. New builtins: - StoreOwnIC{TTrampoline|Baseline|_NoFeedback} is now used for StaNamedOwnProperty. Unlike the regular StoreIC, this variant will no longer look up the property name in the prototype. In adddition, this CL changes an assumption that StoreNamedOwnProperty can't result in a map transition, as we can't rely on the property already being present in the Map due to an object literal boilerplate. In the context of class features, this replaces the runtime function %CreateDataProperty(). - KeyedDefineOwnIC{Trampoline|Baseline|_Megamorphic} is used by the new StaKeyedPropertyAsDefine bytecode. This is similar to an ordinary KeyedStoreIC, but will not check the prototype for setters, and for private fields, will take the slow path if the field already exists. In the context of class features, this replaces the runtime function %AddPrivateField(). TurboFan IR: - JSDefineProperty is introduced to represent a situation where we need to use "Define" semantics, in particular, it codifies that we do not consult the prototype chain, and the semantics relating to private fields are implied as well. R=leszeks@chromium.org, syg@chromium.org, rmcilroy@chromium.org Bug: v8:9888 Change-Id: Idcc947585c0e612f9e8533aa4e2e0f8f0df8875d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2795831Reviewed-by:
Igor Sheludko <ishell@chromium.org> Reviewed-by:
Michael Stanton <mvstanton@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Reviewed-by:
Shu-yu Guo <syg@chromium.org> Commit-Queue: Joyee Cheung <joyee@igalia.com> Cr-Commit-Position: refs/heads/main@{#77377}
-
- 12 Oct, 2021 1 commit
-
-
Frank Tang authored
Land some of the tests for Temporal.PlainDateTime All marked as FAIL at this stage. Bug: v8:11544 Change-Id: I09bf681e61f19d96607c848ddcb6bee06580aff1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3085625 Commit-Queue: Frank Tang <ftang@chromium.org> Reviewed-by:
Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/main@{#77332}
-
- 11 Oct, 2021 1 commit
-
-
Victor Gomes authored
Compiling Sparkplug on the heap saved 10% of the CompileBaseline RCS metric, but that came with too much code complexity. Since in the end that corresponds to < 1% of the entire compilation time, we decided to revert this project. This reverts: commit e29b2ae4 commit d1f2a83b commit 4666e182 commit a1147408 commit e0d4254f commit 9ab8422d commit a3b24ecc commit 1eb87706 commit fe5c9dfd commit 7ac3b55a commit 7e95f30e commit 323b5962 commit 6bf0b704 commit e82b368b commit 5020d83e commit 642a4673 commit ec7b99d5 commit fb4f89ae commit 208854bb commit 63be6dde Bug: v8:12158 Change-Id: I9f2539be6c7d80c6e243c9ab173e3c5bb0dff97d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3136453 Auto-Submit: Victor Gomes <victorgomes@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Reviewed-by:
Camillo Bruni <cbruni@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#77319}
-
- 08 Oct, 2021 1 commit
-
-
Frank Tang authored
This is a reland of 0adc1410 1. Fork out test/mjsunit/temporal/function-exist.js test to test/mjsunit/temporal/function-exist-no-i18n.js and mark function-exist FAIL in no_i18n build. Original change's description: > [Temporal] Part 1 - Skeleton > > 1. Expose all the functions to empty buildins. > 2. Wire up basic structure of classes and internal slots. > > Design Doc: https://docs.google.com/document/d/1Huu2OUlmveBh4wjgx0D7ouC9O9vSdiZWaRK3OwkQZU0/ > > This is just a CL to establish a skeleton for Temporal. > The Temporal is very big. The prototype CL is in > https://chromium-review.googlesource.com/c/v8/v8/+/2967755 > but too big to be reviewed so I break up the basic structure here first. > > Cq-Include-Trybots: luci.v8.try:v8_linux64_bazel > Bug: v8:11544 > Change-Id: I10d09e3c2530e5b1a6ba60014a2294e138879ff3 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3092561 > Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> > Reviewed-by: Shu-yu Guo <syg@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Commit-Queue: Frank Tang <ftang@chromium.org> > Cr-Commit-Position: refs/heads/main@{#76819} Bug: v8:11544 Change-Id: I60eaface94ba9b3408cb235cd1ae425151a36732 Cq-Include-Trybots: luci.v8.try:v8_linux64_bazel Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3160324Reviewed-by:
Nico Hartmann <nicohartmann@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/main@{#77303}
-
- 06 Oct, 2021 3 commits
-
-
Vasili Skurydzin authored
Change-Id: I49a4e2f05028279cd69d3909a9ca80f4c0acb1c5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3208649Reviewed-by:
Milad Fa <mfarazma@redhat.com> Reviewed-by:
Omer Katz <omerkatz@chromium.org> Commit-Queue: Vasili Skurydzin <vasili.skurydzin@ibm.com> Cr-Commit-Position: refs/heads/main@{#77266}
-
Jakob Gruber authored
The expected assertion is specific to irregexp codegen. Bug: chromium:1255368 Change-Id: I14d033285014727de2e63582ed798fc82570497d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3207892 Auto-Submit: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#77254}
-
Clemens Backes authored
When aborting code generation, we need to call {AbortedCodeGeneration} on the {MacroAssembler} contained in the {RegExpMacroAssemblerARM}. R=jgruber@chromium.org Bug: chromium:1255368 Change-Id: If37351e8f5715e23affd21ad2de8a8eaad3ea094 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3204965Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#77250}
-
- 05 Oct, 2021 3 commits
-
-
Clemens Backes authored
The error showed when printing the resulting code object, because the tier was neither TurboFan nor Liftoff, even though the code was registered as a standard wasm function (instead of an import wrapper). R=jkummerow@chromium.org Bug: chromium:1254674 Change-Id: I26482fd88d72403393428979abf08e9f60cd8c4c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3202001 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by:
Maya Lekova <mslekova@chromium.org> Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/main@{#77238}
-
Marja Hölttä authored
Bug: v8:11111 Change-Id: I784a9d347fa4a21fd38f04b4d4e3a8a4398292c0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3186438 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by:
Shu-yu Guo <syg@chromium.org> Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/main@{#77234}
-
Milad Fa authored
Change-Id: Id4336aae4e8ef8974657a28cb5e8ea66a968c60c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3202474Reviewed-by:
Clemens Backes <clemensb@chromium.org> Commit-Queue: Milad Fa <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/main@{#77233}
-
- 04 Oct, 2021 3 commits
-
-
Clemens Backes authored
This reenables a test which is passing, independent of missing accounting for shared memory. This is because we repeatedly trigger a GC explicitly in all workers. R=dinfuehr@chromium.org Bug: v8:12278 Change-Id: I73d1513d809787284af0be4956018806719acd50 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3201995Reviewed-by:
Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#77219}
-
Manos Koukoutos authored
Trying to optimize in such case breaks down the optimization, as we end up with potentially non-eliminatable nodes that depend on the dead IfTrue/IfFalse node. Drive-by: Clean up dead nodes with {Kill()}. Bug: v8:11510, chromium:1255354 Change-Id: Ia89fe6c243974c3c2abac6ad80bd4677a935f637 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3200073Reviewed-by:
Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/main@{#77211}
-
Patrick Thier authored
When scanning for capture groups, we have to consider the case that the current state is inside a character class. In that case skip everything until the end of the current character class. Otherwise we would wrongly count open brackets inside the character class as start of a capture group. Bug: chromium:1254704 Change-Id: I91d2177c464f7e507413d96216fe570253f17676 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3199871 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Mathias Bynens <mathias@chromium.org> Cr-Commit-Position: refs/heads/main@{#77204}
-
- 01 Oct, 2021 1 commit
-
-
Ng Zhi An authored
Bug: chromium:1254675 Change-Id: I8c24d3956752a367a4fa60827ee47a589c48e699 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3197700Reviewed-by:
Clemens Backes <clemensb@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/main@{#77201}
-
- 30 Sep, 2021 5 commits
-
-
Nico Hartmann authored
Bug: chromium:1254191, v8:9407 Change-Id: Ieb22063dad1ea8dfde359662d0330e689b6b2e05 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3193547Reviewed-by:
Maya Lekova <mslekova@chromium.org> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/main@{#77177}
-
Manos Koukoutos authored
Loop exits are only used during loop unrolling and are then removed, as they cannot be handled by later optimization stages. Since unrolling comes before inlining in the compilation pipeline, we should not emit loop exits in inlined functions. Bug: v8:12166 Change-Id: I28b3ebaf67c9e15b127eeb1a63906c4ecfd77480 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3195871Reviewed-by:
Clemens Backes <clemensb@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/main@{#77175}
-
Clemens Backes authored
The test allocates a lot of wasm memories. This got a low slower after https://crrev.com/c/3190476, because we can now allocate more than 102 memories, and do not explicitly trigger a GC any more to get rid of unused memories. We should figure out how to tell the GC about the external memory such that the memories get collected earlier. R=ahaas@chromium.org Bug: v8:12076, v8:12278 Change-Id: I9b8795a9999a806380d86f22e751de2727942648 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3196131Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#77164}
-
Clemens Backes authored
The address space limit puts an arbitrary cap on the total reservation size, thus limiting the total number of Wasm memories to around 100 on 64-bit systems. Since the usable address space on 64 bit is much larger than the 1TB+4GB limit, this makes us reject code that we could otherwise just execute. This CL thus removes that limit completely. See the linked issue for more discussion, including security considerations. R=jkummerow@chromium.org, rsesek@chromium.org Bug: v8:12076 Change-Id: I1f61511d68efdab1f8cef4e09c0a39fc1d6fed60 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3190476Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#77161}
-
Marja Hölttä authored
It's confusing that we have CSA_CHECK and CSA_ASSERT and it's not clear from the names that the former works in release mode and the latter only in debug mode. Renaming CSA_ASSERT to CSA_DCHECK makes it clear what it does. So now we have CSA_CHECK and CSA_DCHECK and they're not confusing. This also renames assert() in Torque to dcheck(). Bug: v8:12244 Change-Id: I6f25d431ebc6eec7ebe326b6b8ad3a0ac5e9a108 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3190104Reviewed-by:
Nico Hartmann <nicohartmann@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Reviewed-by:
Shu-yu Guo <syg@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/main@{#77160}
-
- 29 Sep, 2021 2 commits
-
-
Clemens Backes authored
This fixes a long-standing TODO to disallow importing receivers that have "toString" or "valueOf" patched. Calling those methods could have observable side effects, so allowing that would require bigger refactorings to ensure that we only call each such function exactly once per import, and in the right order. Since this use case is rare, we just forbid importing such receivers. R=jkummerow@chromium.org Bug: chromium:1248677 Change-Id: I99bbd7db950ec3c7ac9cc1f59e8c476688e7d7b6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3190475Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#77149}
-
Jakob Gruber authored
This is a reland of 7d849870 Original change's description: > [regexp] Reorganize and deduplicate in the regexp parser > > The parser is organized in a somewhat tricky way s.t. it can be > hard to map the implementation back to the specified grammar. > > In particular, the logic for CharacterClassEscape, ClassEscape, > and CharacterEscape was implemented twice - once inside a character > class, once outside. > > This CL refactors related logic to have only a single implementation. > > As a drive-by, fix one related inconsistency related to \k inside > a character class. > > Fixed: v8:10602 > Change-Id: I5858840159694fa6f8d1aa857027db80754e3dfd > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3178966 > Reviewed-by: Mathias Bynens <mathias@chromium.org> > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/main@{#77114} Fixed: v8:10602,chromium:1253976 Change-Id: I9e7cc6a34d3be06e1a68895775aa50b0eee78c57 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3193531Reviewed-by:
Mathias Bynens <mathias@chromium.org> Commit-Queue: Mathias Bynens <mathias@chromium.org> Auto-Submit: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/main@{#77135}
-
- 28 Sep, 2021 3 commits
-
-
Shu-yu Guo authored
This reverts commit 7d849870. Reason for revert: Will block roll. Broke error message tests upstream: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Blink%20Win/6635/overview Original change's description: > [regexp] Reorganize and deduplicate in the regexp parser > > The parser is organized in a somewhat tricky way s.t. it can be > hard to map the implementation back to the specified grammar. > > In particular, the logic for CharacterClassEscape, ClassEscape, > and CharacterEscape was implemented twice - once inside a character > class, once outside. > > This CL refactors related logic to have only a single implementation. > > As a drive-by, fix one related inconsistency related to \k inside > a character class. > > Fixed: v8:10602 > Change-Id: I5858840159694fa6f8d1aa857027db80754e3dfd > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3178966 > Reviewed-by: Mathias Bynens <mathias@chromium.org> > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/main@{#77114} Change-Id: Ic7404d6c9f0e6ea51e8cd8f1ab672856dca0c637 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3190692 Auto-Submit: Shu-yu Guo <syg@chromium.org> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#77125}
-
Clemens Backes authored
R=manoskouk@chromium.org Bug: chromium:1252747 Change-Id: I337d5e26015f5af8c76caebb962093d1dad42952 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3190095Reviewed-by:
Manos Koukoutos <manoskouk@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#77115}
-
Jakob Gruber authored
The parser is organized in a somewhat tricky way s.t. it can be hard to map the implementation back to the specified grammar. In particular, the logic for CharacterClassEscape, ClassEscape, and CharacterEscape was implemented twice - once inside a character class, once outside. This CL refactors related logic to have only a single implementation. As a drive-by, fix one related inconsistency related to \k inside a character class. Fixed: v8:10602 Change-Id: I5858840159694fa6f8d1aa857027db80754e3dfd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3178966Reviewed-by:
Mathias Bynens <mathias@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/main@{#77114}
-
- 27 Sep, 2021 3 commits
-
-
legendecas authored
After the parameter processing, the arraybuffer may have been detached. TypedArray copyWithin/fill should throw in that condition. TypedArray includes should return false if the search element is not undefined. Change-Id: If507d0efa1dafbe3dcefcd368e5ea27406bb3df8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3144315Reviewed-by:
Shu-yu Guo <syg@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/main@{#77103}
-
Patrick Thier authored
When cloning objects using spread and update properties (e.g. obj = {...o, x: 0}), we wrongly used the setter for the update argument if one was set. This CL changes the behaviour such that all arguments following the spread are treated as dynamic arguments. Bug: chromium:1251366 Change-Id: I76a6d02606dca0faa0a256f465834d85d3df4f6f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3178969 Commit-Queue: Patrick Thier <pthier@chromium.org> Reviewed-by:
Shu-yu Guo <syg@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Reviewed-by:
Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/main@{#77079}
-
Marja Hölttä authored
Bug: v8:11111 Change-Id: I10409756af4ba1a04c1bca21cbdab375003a7f42 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3177225 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by:
Shu-yu Guo <syg@chromium.org> Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/main@{#77077}
-
- 26 Sep, 2021 1 commit
-
-
Lu Yahan authored
Change-Id: I71bc9fd393d2f53c982b85cd1cf6729e56a62f2d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3174619Reviewed-by:
Ji Qiu <qiuji@iscas.ac.cn> Reviewed-by:
Hannes Payer <hpayer@chromium.org> Commit-Queue: Yahan Lu <yahan@iscas.ac.cn> Cr-Commit-Position: refs/heads/main@{#77071}
-