- 12 May, 2021 32 commits
-
-
Junliang Yan authored
Change-Id: I0c763d15f584f3b6d71f034412f736087824a2a6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2892605Reviewed-by:
Milad Fa <mfarazma@redhat.com> Commit-Queue: Junliang Yan <junyan@redhat.com> Cr-Commit-Position: refs/heads/master@{#74544}
-
QiuJi authored
Also handling kArchStackPointerGreaterThan in AssembleArchBoolean Change-Id: I253c1a6cb924364eead3b9fe58c7cf7d6f0696af Bug: v8:11737 Bug: v8:11747 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2876854Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Brice Dobry <brice.dobry@futurewei.com> Commit-Queue: Brice Dobry <brice.dobry@futurewei.com> Cr-Commit-Position: refs/heads/master@{#74543}
-
Junliang Yan authored
Change-Id: I8b7c63ce7438f7a7015ebd4a8d96a976f7d28704 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2892604Reviewed-by:
-
Milad Fa authored
Change-Id: I6e72c56bb71d0d227b5556139dc687a78da6fb31 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2892257Reviewed-by:
Junliang Yan <junyan@redhat.com> Commit-Queue: Milad Fa <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/master@{#74541}
-
Bill Budge authored
This reverts commit 4f4b4f74. Reason for revert: New unittest is failing on TSAN bot: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20stress-incremental-marking/3210 Original change's description: > cppgc-js: Add unittest for CollectCustomSpaceStatisticsAtLastGC > > Drive-by: fix delayed task implementation in cpp-heap.cc. > > Bug: chromium:1056170 > Change-Id: Ie92d909056532047b378ebfafeb98273997e60e9 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2883618 > Commit-Queue: Omer Katz <omerkatz@chromium.org> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Cr-Commit-Position: refs/heads/master@{#74530} Bug: chromium:1056170 Change-Id: I7e50f20178854081b6fd23aa6d31afc4b9e49850 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891462 Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Commit-Queue: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#74540}
-
Michael Lippautz authored
This CL only affects non-production code. In non-production code, test runners may invoke tasks (base::RunLoop()) with an interesting stack. V8 assumes that it can clear certain data structures when running from a non-nested task due to not having any interesting stack on top. During testing this can lead to UAF on stack as data structures are prematurely cleared. With cppgc this failure can be fixed as the information on whether test runners invoke tasks with a non-trivial stack is actually present. Example failure: https://logs.chromium.org/logs/chromium/buildbucket/cr-buildbucket.appspot.com/8847453411432681120/+/steps/webkit_unit_tests__with_patch__on_Ubuntu-18.04/0/logs/Flaky_failure:_WebSocketStreamTest.ConnectWithFailedHandshake__status_CRASH_SUCCESS_/0 Change-Id: Ib9f6fb2d8a1aa43d0b973afeb2d0a740c769e784 Bug: chromium:1056170 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891574Reviewed-by:
Omer Katz <omerkatz@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#74539}
-
Omer Katz authored
Replaces Payload* terminiology with Object* terminology. HoH::ObjectSize = just the object, without the header. HoH::AllocatedSize = both the object and the header. Payload terminology is retained only for pages. Bug: chromium:1056170 Change-Id: I568a324ae8728f098be642b024493c375ec873cb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2892079 Commit-Queue: Omer Katz <omerkatz@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#74538}
-
Michael Lippautz authored
We would use a payload size of 0 and end up walking up the stack till we crash. Bug: chromium:1056170 Change-Id: I12a69ada24697faaf05e2f4ab210045d54cf34e5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891657Reviewed-by:
-
Milad Fa authored
As mentioned in this CL https://crrev.com/c/2510070, PPC_OWNERS file is the only necessary file applied to all *-ppc* files. Change-Id: I2052186660c6d186e3ead3e8e127a9129814377f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2892602Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Milad Fa <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/master@{#74536}
-
Shu-yu Guo authored
If a shared CodeRange is already allocated when creating an Isolate in jitless mode, the CodeRange will be used. This is to better support the following use pattern: ``` FLAG_jitless = false; v8::Isolate::New(); FLAG_jitless = true; v8::Isolate::New(); ``` Note that the other direction of toggling jitless from true to false is unsupported and may have undefined behavior. Bug: v8:11460 Change-Id: I1c451c53bc160be4122056d8b309323a94d4b8b6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2890591 Commit-Queue: Shu-yu Guo <syg@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#74535}
-
Shu-yu Guo authored
The previous fix resolved the register conflict in favor of moving kInterpreterBytecodeArrayRegister instead of kSpeculationPoisonRegister, which regressed interpreter performance. This CL resolves the conflict in favor of moving kSpeculationPoisonRegister. Bug: v8:11726 Change-Id: I1975c386c758144d6ade12101957ab03ce7aa4c3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2886660Reviewed-by:
-
Clemens Backes authored
I found no way to speed up the (relaxed) atomic accesses, so the only way to get back the original performance is having a separate path for the non-shared case. R=ulan@chromium.org Bug: v8:11704, chromium:1206552, chromium:1207351 Change-Id: I2ea0ecf07583dfe24f4085533491a1d5709c9ffb Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2878750Reviewed-by:
-
Michael Lippautz authored
Reporting to V8 may trigger GCs and thus also synchronously invoke callbacks. Since such callbacks may allocate they can add to allocated bytes. If the counter is reset after the call to the GC, then those bytes are not properly recorded anywhere and can trigger an underflow in case they are explicitly freed later on. Bug: chromium:1056170 Change-Id: Id384eaeffa129e5b75f6ca16d43eb1c89e0fffec Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891838Reviewed-by:
-
Georg Neis authored
This can be reverted once TryMakeRef checks the heap predicate. I'm not reverting the previous CL because newer changes already depend on it. Tbr: jgruber@chromium.org Bug: v8:11765, v8:7790 Change-Id: Iacc6a78a70fe6f40c9421258889c2175fb400b04 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891579Reviewed-by:
Georg Neis <neis@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Auto-Submit: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#74531}
-
Omer Katz authored
Drive-by: fix delayed task implementation in cpp-heap.cc. Bug: chromium:1056170 Change-Id: Ie92d909056532047b378ebfafeb98273997e60e9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2883618 Commit-Queue: Omer Katz <omerkatz@chromium.org> Reviewed-by:
-
Shu-yu Guo authored
Rel/acq is needed to guarantee the memcpy for re-embedding builtins should be visible to all threads once embedded_blob_code_copy_ is observed to have the address of the copy. Bug: v8:11460 Change-Id: I68d0c532b7c7bba3d2cafeb0ff83533a67a1447d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2890590Reviewed-by:
Adam Klein <adamk@chromium.org> Commit-Queue: Adam Klein <adamk@chromium.org> Auto-Submit: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/master@{#74529}
-
Milad Fa authored
It's a leftover from this change: https://crrev.com/c/2486225 Change-Id: Iec7891438a6a96a374299fb488f3231c63396e42 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2892252Reviewed-by:
-
Manos Koukoutos authored
Loop unrolling did not work properly with floating control. Seeing as very few spots in the wasm compiler introduced floating control, we decided to disallow it altogether. Changes: - When lowering 64-bit rol/ror/clz/ctz in 32-bit platforms, we use a diamond operator, which used to introduce floating control. This CL adds a control edge to these operators so that the diamond can be chained to that control instead. - During loop analysis, as an additional safety check, we check that the explored loop does not have floating control. Exceptionally, floating control pointing directly do start() is allowed. - Change wasm-compiler so that generated floating projections point to start() even after stack check patch-in. Bug: chromium:1184929, v8:11298 Change-Id: I1ee063f5250037ae6c84d2f16b0bd8fff3923117 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2876851Reviewed-by:
Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/master@{#74527}
-
Dan Clark authored
The callback IsolateData::ModuleResolveCallback, used by the fuzzer, can return an empty MaybeLocal. In this case v8::internal::SourceTextModule::PrepareInstantiate expects it to have thrown an exception, and DCHECKs. The fuzzer can hit this case because it doesn't load the entire module graph before starting to tell V8 to instantiate modules. So if a module fails to compile or load, another module trying to import it will hit this DCHECK because we didn't bail out prior to module instantiation like we should have. This doesn't happen in Chromium because Blink loads the entire module graph before trying to instantiate/link modules, ensuring that the 'real' ModuleRecord::ResolveModuleCallback never fails; indeed this is mandated by the spec (see https://html.spec.whatwg.org/#fetch-the-descendants-of-and-link-a-module-script). To satisfy the fuzzer, this change makes IsolateData::ModuleResolveCallback throw if it can't find the module. Note, the bug's testcase doesn't involve import assertions. I don't think this issue is new with my change https://chromium.googlesource.com/v8/v8/+/9d72d08a8c74d48eed53f742aebd56a5076cb8dd but maybe that changed the crash stack or something in a way that caused the issue to be reported. Bug: chromium:1207078 Change-Id: I1fbc80faa099e040cdc489c965a5f2f5daafb38e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2890589Reviewed-by:
Marja Hölttä <marja@chromium.org> Commit-Queue: Dan Clark <daniec@microsoft.com> Cr-Commit-Position: refs/heads/master@{#74526}
-
Victor Gomes authored
Bug: chromium:1206453 Change-Id: I808c8dd332e92835328e51515c4da812d3a3528c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891830 Commit-Queue: Victor Gomes <victorgomes@chromium.org> Auto-Submit: Victor Gomes <victorgomes@chromium.org> Reviewed-by:
Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#74525}
-
Jakob Gruber authored
Reads from the compiler thread require either 1. the last write to happen before the compiler thread starts, or 2. acquire-release semantics. For simplicity, this CL converts all NativeContext field writes to be acq-rel. With the usual exception of writes from generated code (these are limited for NativeContexts though). The situation of context sets/gets is still somewhat complex: - Context::get/set are relaxed (but don't use the corresponding tag) - Context::get(.., kAcquireLoad) and Context::set(.., kReleaseStore) are acquire-release. - Context::set_foo (defined for all native context fields) uses kReleaseStore underneath. - Context::get_foo (defined for all native context fields) uses the default relaxed getter. The get_foo(kAcquireLoad) variant uses the acquire getter. - NativeContext hides the default relaxed setter since all NativeContext sets should be acq-rel. Ideally (future work), this should be simplified and made more explicit. For example, get/set_foo could move to the NativeContext class, and we could reevaluate whether we really need both relaxed and acq-rel semantics (the pairing non-atomic/acq-rel feels more natural lets tsan find concurrency issues). Bug: v8:7790 Change-Id: I25efd37ece758da5a11dc11c6ae913e4975f4d20 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891575Reviewed-by:
-
Benedikt Meurer authored
The HeapProfiler.startSampling method accepts a samplingInterval parameter, which is assumed to be a positive (non-zero) number, but doesn't validate the input (the renderer process just crashes hard on a CHECK instead). Fixed: chromium:1197392 Change-Id: Ib8e34f4b9881cd195214791ca0a3892e7b49bf55 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891573 Auto-Submit: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Kim-Anh Tran <kimanh@chromium.org> Reviewed-by:
Kim-Anh Tran <kimanh@chromium.org> Cr-Commit-Position: refs/heads/master@{#74523}
-
Andreas Haas authored
R=victorgomes@chromium.org Bug: v8:11384 Change-Id: I0d93340c3b58f249f61ef612192222f8bc7df337 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891649Reviewed-by:
Victor Gomes <victorgomes@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#74522}
-
Georg Neis authored
Also delete undefined ContextRef methods and make Context::set_previous private (it is only used when creating a new context). Bug: v8:7790 Change-Id: I25a701f317f0f4e82432f7537eec1d63c5ef63f4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2886860 Auto-Submit: Georg Neis <neis@chromium.org> Reviewed-by:
Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#74521}
-
Omer Katz authored
Marking on allocation was missing the top level scope. Also adding a dedicated scope for on allocation to more clearly distinguish it in traces. Bug: chromium:1056170 Change-Id: I1b7d80c9f171f81988826de0174ef5b00d6f1d34 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891572 Commit-Queue: Omer Katz <omerkatz@chromium.org> Auto-Submit: Omer Katz <omerkatz@chromium.org> Reviewed-by:
-
Maya Lekova authored
This CL enhances the fast C API in a way to allow passing the receiver to the fast callback as Local<Object> instead of Local<Value>. It also fixes documentation comments. Bug: chromium:1052746 Change-Id: I424aa83023c2e6633b9df08ee040bf170db32b3d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2887510 Commit-Queue: Maya Lekova <mslekova@chromium.org> Reviewed-by:
-
Santiago Aboy Solanes authored
We just asked if saves_fp was different than 0 two lines above. Change-Id: I8cca5206041d3436ac7b2d619ab82f5955e99aaf Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2888285 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Auto-Submit: Santiago Aboy Solanes <solanes@chromium.org> Reviewed-by:
-
Benedikt Meurer authored
The WebAssembly specification requires the "name" property of (exported) function wrappers to hold the index of the function within the module, and the default ToString algorithm for Function instances thus generates something along the lines of `function 42() { [native code] }`, which is technically correct, but not very useful to developers to diagnose (humans don't think of functions in a module in terms of their indices). With this CL, we change the description returned for Wasm (exported) functions to use the debug name of the Wasm function instead. Screenshot: https://imgur.com/a/FVPeXDU.png Doc: http://bit.ly/devtools-wasm-entities Fixed: chromium:1206620 Bug: chromium:1164241 Change-Id: I096abc287ea077556c13c71f8d71f64452ab4831 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891570 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Auto-Submit: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: -
Benedikt Meurer authored
Drive-by-fix: Remove command line API fn.toString() override, which was still in place from the early days when much of the inspector was implemented in JavaScript. Fixed: chromium:1207867 Bug: chromium:1206620 Change-Id: I8429f109da5f021f729f184fd824160a24e60897 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2887508 Auto-Submit: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by:
Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#74516}
-
Maya Lekova authored
This reverts commit 0ce36e7d. Reason for revert: Speculative revert for a Chromium build breakage causing a blocked roll - https://bugs.chromium.org/p/v8/issues/detail?id=11761 Original change's description: > [ic] Fix handling of API properties with side effects > > DebugEvaluate can evaluate expressions in side-effect-free mode, where > any operation that would cause observable side effects throws an > exception. Currently, when accessors are backed by callbacks, it's > possible that ICs call those accessors directly, bypassing the > side-effect checks. This CL introduces a bailouts to runtime in those > cases. > > Fixed: chromium:1201781 > Also-By: ishell@chromium.org, pfaffe@chromium.org > Change-Id: Ie53bfb2bff7b3420f2b27091e8df6723382cf53c > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2857634 > Commit-Queue: Philip Pfaffe <pfaffe@chromium.org> > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Reviewed-by: Yang Guo <yangguo@chromium.org> > Cr-Commit-Position: refs/heads/master@{#74507} Change-Id: Ifb5c24682af29572591d436ab92b0304058e99af No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891650 Auto-Submit: Maya Lekova <mslekova@chromium.org> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#74515}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/52ccb29..4e27ee8 Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/1fbada9..302ca09 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/c499142..b65bbfe Rolling v8/third_party/google_benchmark/src: https://chromium.googlesource.com/external/github.com/google/benchmark/+log/3b508fa..7d0d906 Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/e76c8f1..53a9334 Rolling v8/tools/luci-go: git_revision:1b50bbe2f93441dd227ad6e6684fa9be4ab0dec2..git_revision:37e5f238829f911f85b62d66670d2fbd88354ef1 Rolling v8/tools/luci-go: git_revision:1b50bbe2f93441dd227ad6e6684fa9be4ab0dec2..git_revision:37e5f238829f911f85b62d66670d2fbd88354ef1 Rolling v8/tools/luci-go: git_revision:1b50bbe2f93441dd227ad6e6684fa9be4ab0dec2..git_revision:37e5f238829f911f85b62d66670d2fbd88354ef1 TBR=v8-waterfall-sheriff@grotations.appspotmail.com Change-Id: If03b514240069b576a774c574225d84a387b8b7b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2888363Reviewed-by:
v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#74514}
-
Milad Fa authored
The following bit casting method using reinterpret_cast has undefined behaviour: ``` int a = 1; float b = *reinterpret_cast<float*>(&a); ``` Above breaks the strict aliasing rule which indicates: > dereferencing pointers to objects of different types will never refer to the same memory location. More information can be found under src/base/macros.h. `bit_cast` here is implemented with `memcpy` behind the scenes. C++20 will have this feature included by default. Change-Id: I69ffdbeba6db64e24b268d838ea1d863fcd9121d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2889331Reviewed-by:
-
- 11 May, 2021 8 commits
-
-
Camillo Bruni authored
On x64 we can emit more compact instructions for mov(reg, imm). However currently this only happens when using the Set method explicitly. This CL renames Set to Move to avoid confusion and yield better code by default. Also use the new Move helper for Smis as well. Change-Id: I06558e88d1142098f77fb98870f09742d494f3dc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2874450Reviewed-by:
Zhi An Ng <zhin@chromium.org> Reviewed-by:
-
Dominik Inführ authored
Allow GC of the shared heap without any attached clients. This CL also disables incremental marking for shared heaps for now. Bug: v8:11708 Change-Id: I1eb47a42fe3ced0f23f679ecaae0c32e09eab461 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2886878Reviewed-by:
-
Luis Fernando Pardo Sixtos authored
This change adds support for `const` redeclaration on REPL mode with the semantincs recommended in the design doc: 1) REPL scripts should not be able to reassign bindings to `const` variables. 2) Re-declaring `const` variables of page scripts is not allowed in REPL scripts. 3) Re-declearing `const` variables is not allowed in the same REPL script. 4) `const` re-declaration is allowed across separate REPL scripts. 5) Old references to previously declared variables get updated with the new value, even those references from within optimized functions. Design doc: https://goo.gle/devtools-const-repl Bug: chromium:1076427 Change-Id: Ic73d2ae7fcfbfc1f5b58f61e0c3c69e9c4d85d77 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2865721Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Reviewed-by:
Mythri Alle <mythria@chromium.org> Commit-Queue: Luis Fernando Pardo Sixtos <lpardosixtos@microsoft.com> Cr-Commit-Position: refs/heads/master@{#74510}
-
QiuJi authored
Bug: v8:11757 Change-Id: Ib463eb25631b9be8fc02b8cbc9e1f5984739dac2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2887023Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#74509}
-
Milad Fa authored
Port cc06b8c7 Original Commit Message: Convert StoreOrigin, TypeOfMode, SaveFPRegsMode and ArgvMode to enum classes with k-prefixed values. R=cbruni@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com BUG= LOG=N Change-Id: I46993e6e846cf7c1f6b3d15ea0aaea3d5693bf4d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2887646Reviewed-by:
-
Philip Pfaffe authored
DebugEvaluate can evaluate expressions in side-effect-free mode, where any operation that would cause observable side effects throws an exception. Currently, when accessors are backed by callbacks, it's possible that ICs call those accessors directly, bypassing the side-effect checks. This CL introduces a bailouts to runtime in those cases. Fixed: chromium:1201781 Also-By: ishell@chromium.org, pfaffe@chromium.org Change-Id: Ie53bfb2bff7b3420f2b27091e8df6723382cf53c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2857634 Commit-Queue: Philip Pfaffe <pfaffe@chromium.org> Reviewed-by:
-
Junliang Yan authored
The deoptimization table needs to be continuously, so we need to block trampoline pool emission during the whole process. bug: v8:11759 Change-Id: Ie5e0ffe27dc8e6cdb18985dc2cf26bdadeff318f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2881918 Commit-Queue: Junliang Yan <junyan@redhat.com> Reviewed-by:
-
Camillo Bruni authored
Argc and Slot are usually small and fit within a single 32bit word. This reduces most property calls by 5 bytes. This results in roughly 1% code reduction for sparkplug and no measurable regression on x64. Bug: v8:11420 Change-Id: I272c26c40b99f2dc5817f18bec113662a5bfebce Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2872828Reviewed-by:
-
