- 13 Feb, 2020 4 commits
-
-
Jakob Kummerow authored
In the final version of our pointer compression scheme, decompression uses zero-extension of the compressed value. The API copy of that code erroneously still used a sign-extending decompression from an earlier iteration of the scheme. Bug: v8:9706, v8:10198 Change-Id: I17c3a52d26ce26bc0623627d725f686c379fbd6e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2051954 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#66256}
-
Georg Neis authored
Bug: chromium:1051017 Change-Id: I597363417d905bc65522d64ebfa2cbf9dde4b98f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2054086Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#66255}
-
Georgia Kouveli authored
This is a reland of 137bfe47 Original change's description: > [arm64] Protect return addresses stored on stack > > This change uses the Arm v8.3 pointer authentication instructions in > order to protect return addresses stored on the stack. The generated > code signs the return address before storing on the stack and > authenticates it after loading it. This also changes the stack frame > iterator in order to authenticate stored return addresses and re-sign > them when needed, as well as the deoptimizer in order to sign saved > return addresses when creating new frames. This offers a level of > protection against ROP attacks. > > This functionality is enabled with the v8_control_flow_integrity flag > that this CL introduces. > > The code size effect of this change is small for Octane (up to 2% in > some cases but mostly much lower) and negligible for larger benchmarks, > however code size measurements are rather noisy. The performance impact > on current cores (where the instructions are NOPs) is single digit, > around 1-2% for ARES-6 and Octane, and tends to be smaller for big > cores than for little cores. > > Bug: v8:10026 > Change-Id: I0081f3938c56e2f24d8227e4640032749f4f8368 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1373782 > Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#66239} Bug: v8:10026 Change-Id: Id1adfa2e6c713f6977d69aa467986e48fe67b3c2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2051958Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com> Cr-Commit-Position: refs/heads/master@{#66254}
-
Leszek Swirski authored
This is a reland of 453e1a3b Added canonical "empty" arrays to ScannerStream::ForTesting, for the zero-length nullptr data case. Original change's description: > [offthread] Add SFI support to OffThreadFactory > > Add support for off-thread SharedFunctionInfo allocation, which > includes UncompiledData and PreparseData allocation. > > Bug: chromium:1011762 > Change-Id: Ia10f9ce762c7d7eb1108b9e71da75131dce919b7 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2050393 > Commit-Queue: Leszek Swirski <leszeks@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Cr-Commit-Position: refs/heads/master@{#66246} TBR=ulan@chromium.org Bug: chromium:1011762 Change-Id: I37d2c6b9317548922913887940a0164cc2067efb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2054085Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#66253}
-
- 12 Feb, 2020 25 commits
-
-
Shu-yu Guo authored
R=ulan@chromium.org Bug: v8:8179 Change-Id: I9626bd070453ce1b7d4b91cf78b9f75b74dfddbe Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2051605 Commit-Queue: Shu-yu Guo <syg@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#66252}
-
Shu-yu Guo authored
A FinalizationGroup that needs cleanup should not artificially prolong its lifetime by being on the dirty list. R=ulan@chromium.org Bug: v8:8179 Change-Id: I19f102d154a9ac43b549b7d833d0c3ca7e61c6d0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2051562Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/master@{#66251}
-
Shu-yu Guo authored
Though the task is never explicitly canceled, making it cancelable ensures that it is canceled on Isolate teardown. R=ulan@chromium.org Bug: v8:8179 Change-Id: Ic3912b7acc7249aed8397010c98dc407222e84be Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2049898Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/master@{#66250}
-
Shu-yu Guo authored
R=ulan@chromium.org Bug: v8:8179 Change-Id: I2ca1c0fd5f02e638b082a2283a8a0c816764c101 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2050092Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/master@{#66249}
-
Maya Lekova authored
Handle the undefined promiseOrCapability case in RejectPromiseReactionJob and FulfillPromiseReactionJob. Fixed: chromium:1046213 Change-Id: If6f51c28189a27476969c7b5b456741b5be829be Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2050399 Commit-Queue: Maya Lekova <mslekova@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#66248}
-
Maya Lekova authored
This reverts commit 453e1a3b. Reason for revert: Makes UBSan unhappy - https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20UBSan/9893 Original change's description: > [offthread] Add SFI support to OffThreadFactory > > Add support for off-thread SharedFunctionInfo allocation, which > includes UncompiledData and PreparseData allocation. > > Bug: chromium:1011762 > Change-Id: Ia10f9ce762c7d7eb1108b9e71da75131dce919b7 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2050393 > Commit-Queue: Leszek Swirski <leszeks@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Cr-Commit-Position: refs/heads/master@{#66246} TBR=ulan@chromium.org,leszeks@chromium.org,ishell@chromium.org Change-Id: I26bc40ec1c351613f19745aed83f0c3a9fdd9a20 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:1011762 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2052172Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#66247}
-
Leszek Swirski authored
Add support for off-thread SharedFunctionInfo allocation, which includes UncompiledData and PreparseData allocation. Bug: chromium:1011762 Change-Id: Ia10f9ce762c7d7eb1108b9e71da75131dce919b7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2050393 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#66246}
-
Nico Hartmann authored
Bug: v8:10197 Change-Id: Ifb2ad539e86ae7232a08ab96b587db7ff128cd11 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2051953 Auto-Submit: Nico Hartmann <nicohartmann@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#66245}
-
Wez authored
Fuchsia's SDK will soon provide GN rules include one for declaring fuchsia package targets. Since the SDK-provided rule works differently from the Chromium one but is called fuchsia_package(), we need to rename the Chromium rule to avoid them clashing. Bug: chromium:1050703 Change-Id: Ia2fcba8e32f311e6859590d9c95730ffe6875192 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2050388Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Wez <wez@chromium.org> Cr-Commit-Position: refs/heads/master@{#66244}
-
Michael Achenbach authored
This will allow sharing the configs between Python and JavaScript based fuzzers. No-Try: true Bug: chromium:1044942 Change-Id: Idd47ad31430cfed0629dbb5b9dd5fd2ef8c764f6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2051951Reviewed-by: Liviu Rau <liviurau@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#66243}
-
Nico Hartmann authored
This reverts commit 137bfe47. Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Arm%20-%20debug/13072 Original change's description: > [arm64] Protect return addresses stored on stack > > This change uses the Arm v8.3 pointer authentication instructions in > order to protect return addresses stored on the stack. The generated > code signs the return address before storing on the stack and > authenticates it after loading it. This also changes the stack frame > iterator in order to authenticate stored return addresses and re-sign > them when needed, as well as the deoptimizer in order to sign saved > return addresses when creating new frames. This offers a level of > protection against ROP attacks. > > This functionality is enabled with the v8_control_flow_integrity flag > that this CL introduces. > > The code size effect of this change is small for Octane (up to 2% in > some cases but mostly much lower) and negligible for larger benchmarks, > however code size measurements are rather noisy. The performance impact > on current cores (where the instructions are NOPs) is single digit, > around 1-2% for ARES-6 and Octane, and tends to be smaller for big > cores than for little cores. > > Bug: v8:10026 > Change-Id: I0081f3938c56e2f24d8227e4640032749f4f8368 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1373782 > Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#66239} TBR=rmcilroy@chromium.org,mstarzinger@chromium.org,neis@chromium.org,georgia.kouveli@arm.com Change-Id: I57d5928949b0d403774550b9bf7dc0b08ce4e703 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:10026 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2051952Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/master@{#66242}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/9e32f61..e63171f Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/ea794b8..a7875df Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/64c5af3..1de518c Rolling v8/third_party/fuchsia-sdk: https://chromium.googlesource.com/chromium/src/third_party/fuchsia-sdk/+log/19c8ac5..b5a25d5 TBR=machenbach@chromium.org,tmrts@chromium.org Change-Id: I914ad4bb38f867a29308d91fe8734756a82e0157 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2049873Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#66241}
-
Seth Brenith authored
The list of forward declarations required in the generated file bit-fields-tq.h is already somewhat unwieldy and will run into serious problems when we attempt to use enums that are defined within classes, such as JSDateTimeFormat::DateTimeStyle. After a brief discussion today, the cleanest solution we arrived at is to generate macros instead. Change-Id: I654e10efbab5a1a0a340fa565c51ff1da34badaa Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2050830Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com> Cr-Commit-Position: refs/heads/master@{#66240}
-
Georgia Kouveli authored
This change uses the Arm v8.3 pointer authentication instructions in order to protect return addresses stored on the stack. The generated code signs the return address before storing on the stack and authenticates it after loading it. This also changes the stack frame iterator in order to authenticate stored return addresses and re-sign them when needed, as well as the deoptimizer in order to sign saved return addresses when creating new frames. This offers a level of protection against ROP attacks. This functionality is enabled with the v8_control_flow_integrity flag that this CL introduces. The code size effect of this change is small for Octane (up to 2% in some cases but mostly much lower) and negligible for larger benchmarks, however code size measurements are rather noisy. The performance impact on current cores (where the instructions are NOPs) is single digit, around 1-2% for ARES-6 and Octane, and tends to be smaller for big cores than for little cores. Bug: v8:10026 Change-Id: I0081f3938c56e2f24d8227e4640032749f4f8368 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1373782 Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#66239}
-
Michael Achenbach authored
We ensure now that fuzzers don't produce the f.arguments pattern and instead replace it with a random variable. No-Try: true Bug: chromium:1044942, chromium:1020573 Change-Id: I899985f1a238f36d10fb22f76d93b7d5f444eab1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2051944Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#66238}
-
Michael Achenbach authored
This ports: https://crrev.com/c/2044885 TBR=nicohartmann@chromium.org Bug: chromium:1049700 Change-Id: Ib80c2a2e899a87bc7fb01961ef58946851017266 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2051945Reviewed-by: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#66237}
-
Dominik Inführ authored
Enable --always-promote-young-mc by default. This enforces that the young generation is empty after a full GC to simplify the implementation of some features. For example array buffer sweeping already assumes that this flag is enabled. Bug: v8:10064 Change-Id: I9d3873b9eb7bec4de897c5c95bdc514d165265d1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2051943Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#66236}
-
Leszek Swirski authored
Clean-up a couple of CAS loops to avoid loading after a compare_exchange (which updates the old value), and to loosen the memory ordering to acquire-release to avoid unnecessary fences. Change-Id: Ifb8e5e5136f687ca5a71417a5d131a7023add054 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2050390 Auto-Submit: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#66235}
-
Santiago Aboy Solanes authored
We were calling setup for both the setup and the run. Bug: v8:10155 Change-Id: Id60df16ad8c98f443dc1b1a9a2155000999ab815 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2039431Reviewed-by: Mythri Alle <mythria@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#66234}
-
Michael Achenbach authored
Un-ignore some files that only failed in obsolete comparisons. We don't compare eager anymore and console functions are mocked out in d8 by now. The exponentiation operator bug doesn't repro anymore. No-Try: true Bug: chromium:1044942 Change-Id: I0a572836bc9a4a6aa4736447f638a522ff8e8168 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2050400Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#66233}
-
Sigurd Schneider authored
Coverage updates are sent as deltas, and this means that it is very important that the consumer gets /all/ updates; otherwise, the coverage information will be wrong. Previously, we introduces the ability into the back-end to send triggered updates, i.e. updates that are triggered by the back-end at interesting points in time. These updates are delivered via an event, and any consumer must process these events. This CL introduces a flag to startPreciseCoverage that controls whether the back-end is allowed to send such triggered updates on its own initiative. The default is `false` to maintain backwards compatibility with consumers that don't yet handle the events. Bug: chromium:1022031 Change-Id: Ie36a92a3b627b19ea4041f1b8da1ec66c6b9b771 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2043798Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Dmitry Gozman <dgozman@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#66232}
-
Jakob Gruber authored
These tests rely on predictable opt & deopt timings. Also add the --opt flag to tests to force optimization even in configurations that contain the --no-opt flag. Bug: v8:9972,chromium:1049982 Change-Id: Ic161d188ebfae9aaae6a160d365413abedfee5f1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2050402Reviewed-by: Michael Achenbach <machenbach@chromium.org> Auto-Submit: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#66231}
-
Sam Maier authored
This CL introduces, and turns on by default, compression for snapshots. The compression is handled in SnapshotCompression, which is a new static helper class for producing/consuming compressed SnapshotData. To turn off snapshot compression (accomplished by removing calls of Compress/Decompress) set the GN arg: v8_disable_snapshot_compression = true Bug: chromium:833361 Change-Id: If8abc3662e8473fbd0c94e443946fbea804a305e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1846066 Commit-Queue: Sam Maier <smaier@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#66230}
-
Georg Neis authored
It's not sufficient to reset only the modules on the current DFS path. Bug: chromium:1050164 Change-Id: I00e5e12144ad70ac6371eea5e11590b72feaeecc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2049853 Auto-Submit: Georg Neis <neis@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Commit-Queue: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#66229}
-
Georg Neis authored
SourceTextModule::AddAsyncParentModule can allocate so it must be a static function. Bug: chromium:1050433 Change-Id: I86e58569d16e626ce3f85cc46ea5f376c2d06f3f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2050383 Commit-Queue: Adam Klein <adamk@chromium.org> Auto-Submit: Georg Neis <neis@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#66228}
-
- 11 Feb, 2020 11 commits
-
-
Johannes Henkel authored
"Remove ErrorSupport_.{h,cpp}.template as promised." https://chromium-review.googlesource.com/c/deps/inspector_protocol/+/2045151 https://chromium-review.googlesource.com/c/deps/inspector_protocol/+/2047663 New Rev: 1f2492b6768e8620ece36a784c8ecd7ae7091610 Change-Id: I4acc65f0aafa94e20921a3e9ff7843303034bb60 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2044951Reviewed-by: Dmitry Gozman <dgozman@chromium.org> Commit-Queue: Johannes Henkel <johannes@chromium.org> Cr-Commit-Position: refs/heads/master@{#66227}
-
Jakob Gruber authored
This fixes a bug in lazy deopts caused by calls to the callback function in Array.prototype.reduce and reduceRight. The deopt continuation expects the *next* iteration's index value but we actually passed the current iteration's value. The user-visible effect of this bug was that sometimes, an unexpected additional call to the callback function would occur. It was introduced by https://crrev.com/c/1934329. Bug: v8:9972,chromium:1049982 Change-Id: Icfd2ef076209e20602f54d4662220e1d4c5d07ee Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2049850 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#66226}
-
Nico Hartmann authored
This CL significantly reduces the size of CSA files generated from torque by introducing only those Phis at block entry that are required and otherwise uses defined values directly. To do so it does: - Define a DefinitionLocation that represents where a value is defined. - For each block compute all the definitions that reach that block and introduce a phi iff the reaching definitions for a value are not the same for all predecessor blocks. - In CSAGenerator map all DefinitionLocations to variables, such that if the same value is used in multiple blocks, it is mapped to the same variable without the need to pass it along the jump. This reduces both the arguments passed to Goto, Branch, ... and the variables that need to be passed to Bind when the block's label is bound. This reduces the number of temporary variables significantly. Temporaries are declared outside of blocks now in order to be accessible from other blocks. Drive-by changes: - Sequences of SetSourcePosition calls are merged if no output is generated between them. - Dead blocks are no longer generated in release builds. Bug: v8:9861 Change-Id: I5c30e5376e93c424c3ebfc5144a08592d77ae61f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2037444 Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#66225}
-
Leszek Swirski authored
Change-Id: I2fed918353fea7c4fe42d6aef6e064e143111057 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2050392 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#66224}
-
Maya Lekova authored
The Object::SetElement and JSObject::GetElement were the GC suspects. Fixed: v8:9995 Change-Id: Ia1f794188f08f0e2543a88eb4dc7a8b06dcb3deb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2050391Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#66223}
-
Jakob Gruber authored
This reverts commit c0fbfcd8. Reason for revert: Fix found. Original change's description: > Revert [gasm] Implement ReduceArrayPrototypeReduce using the graph assembler > > Reverting due to a nondeterministic correctness issue bisected to this > change. The intent is to reland once we fully understand and have > fixed the problem. > > The original CL landed in https://crrev.com/c/1934329. > The revert on master is https://crrev.com/c/2049763. > The revert on 8.0 is https://crrev.com/c/2049764. > > Bug: v8:9972,chromium:1049982 > Change-Id: I171624bdeb18831e70869ae806c73529c240be4a > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2049763 > Reviewed-by: Georg Neis <neis@chromium.org> > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/master@{#66215} TBR=neis@chromium.org,jgruber@chromium.org Change-Id: Id12a01dc72558639b26af58ff56cd0b11916eec2 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:9972, chromium:1049982 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2050395Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#66222}
-
Dominik Inführ authored
Before this CL array buffer counters were only decremented at the next GC. This CL makes freed_bytes_ an atomic variable which is incremented by the concurrent sweeping task. The main thread now also inspects this value when adding new JSArrayBuffers to update counters sooner. Bug: v8:10064 Change-Id: Ibcb245b541e806b95a3c2c42d3cc3affe7739e4d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2047043 Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#66221}
-
Dan Elphick authored
Adds DCHECK to Factory::AllocateRawWithImmortalMap to assert that the Map passed in is read_only_space, since it's passed in as a raw object. Bug: chromium:1049866 Change-Id: Ia7c6d5c99a4bc790ebcfb06e5ed55340964a5612 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2049846 Commit-Queue: Dan Elphick <delphick@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Auto-Submit: Dan Elphick <delphick@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#66220}
-
Dan Elphick authored
This reverts commit 14d1b9e9. Reason for revert: Increases RuntimeStats/Group-JavaScript/duration Original change's description: > [compiler] Make StateValuesAccess methods inlinable > > This moves several simple StateValuesAccess methods as well as > SparseInputMask::InputIterator::IsReal into their header files so they > can be more easily inlined. This gives about a 7% improvement to the > BackgroundSelectInstructions runtime call stat. > > Also marks some methods called by the new methods as V8_PRIVATE_EXPORT > so component build test can build. > > Bug: v8:10051 > Change-Id: I3e34977a4fa660d3f4f55fd4f2c0b2370d5d2bc2 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2023559 > Reviewed-by: Georg Neis <neis@chromium.org> > Commit-Queue: Dan Elphick <delphick@chromium.org> > Cr-Commit-Position: refs/heads/master@{#66078} TBR=neis@chromium.org,delphick@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: v8:10051 Change-Id: I9168b524bc06562906a12a6ec0e948d6f90d4a7d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2050387Reviewed-by: Dan Elphick <delphick@chromium.org> Commit-Queue: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#66219}
-
Jakob Kummerow authored
Reading an object property can allocate a HeapNumber (even with unboxed double fields turned off: we still use MutableHeapNumbers to store properties). Bug: chromium:1049859 Change-Id: I82228ccb98403b3db82671743f51b2e23f6636d1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2050385 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Auto-Submit: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#66218}
-
Michael Achenbach authored
The assumtion that V8 has no output differences within a single line before a stack overflow, didn't hold. The prefix of e.g. console.info can lead to a difference in a recursive call. This change makes foozzie's output capping before a crash work on the level of characters instead of lines to fix this. No-Try: true Bug: chromium:1050942 Change-Id: I13f747caf4f5848d40c31bd4232811285bab3c17 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2049844Reviewed-by: Liviu Rau <liviurau@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#66217}
-