- 17 Jun, 2020 19 commits
-
-
Zhi An Ng authored
This reverts commit e0c1a349. Reason for revert: Fails on Linux 64 cfi https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20-%20cfi/25283? TBR=omerkatz@chromium.org,mlippautz@chromium.org,bikineev@chromium.org,bikineev@chromium.org Change-Id: I2b208c4019979735925bff5e0551291fae6a14d6 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2250320Reviewed-by: Zhi An Ng <zhin@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#68396}
-
Bruce Dawson authored
If mksnapshot fails then all that is printed is "FAILED: gen/v8/embedded.S snapshot_blob.bin" and the command line. That complicates the investigation. Printing the error code in run.py can help. The printing code handles large negative numbers specially so that special Windows failure codes like 0xC0000005 are recognizable. This code was tested by adding this early-out to main in mksnapshot.cc. if (argc < 1000) return 0xc0000005; Bug: Chromium:1095767 Change-Id: I5dc81d368beaa339f0c519ce1c01bd13cdb18d93 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2249518 Auto-Submit: Bruce Dawson <brucedawson@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Jochen Eisinger <jochen@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#68395}
-
Michael Lippautz authored
The CL addresses two issues with (Weak)Persistent and WeakMember: 1. (Weak)Persistent pointers are cleared on heap teardown. Before this CL the pointers would contain stale values which could lead to UAF. 2. WeakPersistent and WeakMember are cleared using a combination of internal clearing methods and mutable fields which avoids the use of const_cast<>. Bug: chromium:1056170 Change-Id: Ibf2b0f0856771b4f6906608cde13a6d43ebf81f3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2248190Reviewed-by: Omer Katz <omerkatz@chromium.org> Reviewed-by: Anton Bikineev <bikineev@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#68394}
-
Santiago Aboy Solanes authored
Clenaups: * Encapsulated same code in methods * Inlined trace prints * Don't set as queued, we are going to visit it anyway * Moved the phi check updwards Bug: v8:10424 Change-Id: I82534399617d97d717c5c0dd1ca4bfef9df91e97 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2218037 Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/master@{#68393}
-
Thibaud Michaud authored
Inline TransferStackSlot and compare the slots first. This is redundant if they are different, but in most cases they are the same and doing this check is beneficial. Other methods of StackTransferRecipe are not called as often, and inlining them seems negligible. R=clemensb@chromium.org Bug: v8:10576 Change-Id: Ibdaa714e3e40c95a79a0da3ca3170d1da7b62cf3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2249677 Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#68392}
-
Milad Farazmand authored
Change-Id: I9a91bd41bc4429509457d73c78fc88e2cf826fb6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2248202Reviewed-by: Michael Dawson <michael_dawson@ca.ibm.com> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#68391}
-
Dan Elphick authored
Since ReadOnlySpace pages will soon not be MemoryChunks, change most uses of MemoryChunk::FromHeapObject and FromAddress to use the BasicMemoryChunk variants and which use the new MemoryChunk::cast function that takes a BasicMemoryChunk and DCHECKs !InReadOnlySpace(). To enable this, it also moves into BasicMemoryChunk several MemoryChunk functions that just require a BasicMemoryChunk. Bug: v8:10454 Change-Id: I80875b2c2446937ac2c2bc9287d36e71cc050c38 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2243216 Commit-Queue: Dan Elphick <delphick@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#68390}
-
Philip Pfaffe authored
According to the spec, the section name does not start with a dot: https://yurydelendik.github.io/webassembly-dwarf/#external-DWARF Change-Id: I4ac205332dd9612fe83c2e6322a98bdae3ffa79d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2249669Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Philip Pfaffe <pfaffe@chromium.org> Cr-Commit-Position: refs/heads/master@{#68389}
-
Georgia Kouveli authored
The SafeStackFrameIterator, used in the profiler, sometimes uses the link register instead of a return address stored on the stack, to get more accurate results. This happens in particular for bytecode handlers that do not create a stack frame. Authentication of PC for those frames would fail in the SafeStackFrameIterator, as the "PC address" would not point to a stack location with a signed return address, but instead to a member of the SafeStackFrameIterator class where the value of the link register was stored. We address this by skipping authentication of PCs in the profiler. Bug: v8:10026 Change-Id: I331c6c68e703db766be1891efffa69c2f9794e8a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2242954Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com> Cr-Commit-Position: refs/heads/master@{#68388}
-
Michael Lippautz authored
This is a reland of 539f0ed2 The reland fixes creating TimeDelta from double which requires saturated_cast<>. Improvements to this constructions are tracked in v8:10620. Original change's description: > cppgc,heap: Implement atomic unified heap GC > > Add v8::CppHeap as an implementation of a cppgc heap that > integrates with V8's existing EmbedderHeapTracer API. The > current implementation only supports non-incremental marking. > > Bug: chromium:1056170 > Change-Id: I4a09eb5ae57f5c7defe35eb3fe346627eb492473 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2245610 > Commit-Queue: Michael Lippautz <mlippautz@chromium.org> > Reviewed-by: Anton Bikineev <bikineev@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Omer Katz <omerkatz@chromium.org> > Cr-Commit-Position: refs/heads/master@{#68374} Bug: chromium:1056170,v8:10620 Change-Id: I39e15790e5cafe24da2a14d0bae6543391ebb536 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2248191Reviewed-by: Omer Katz <omerkatz@chromium.org> Reviewed-by: Anton Bikineev <bikineev@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#68387}
-
Kim-Anh Tran authored
This fixes a check in the code that recompiles Liftoff if breakpoints were removed on isolate removal. Change-Id: I969b1b027a393f48e92ef4df37f6e672d16866cc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2247648Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Kim-Anh Tran <kimanh@chromium.org> Cr-Commit-Position: refs/heads/master@{#68386}
-
Clemens Backes authored
{std::ostream} was used without including either <ostream> or <iosfwd>. R=ahaas@chromium.org Change-Id: I92facf672c81a17e2ff24658bbefd961b4f4d445 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2248196Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#68385}
-
Michael Achenbach authored
This fixes a bug when an encoded character appears in the difference string. Python3 doesn't require any encoding. TBR=tmrts@chromium.org No-Try: true Bug: chromium:1095964 Change-Id: I49c66b5b9c105ad64d3a7839d0eb5df97ff5f404 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2249660Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#68384}
-
Jakob Gruber authored
- rename to ReplaceWithBuiltinCall (stubs are no longer a thing). - add a convenience override that takes only the node and builtin id. Bug: v8:8888 Change-Id: I7e19c3676c19c3f1b7c7f9a0cbbc3306fef8fc47 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2247651 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/master@{#68383}
-
Jakob Gruber authored
Bug: v8:8888 Change-Id: I0492385023fe01f1aacbd5eae9bb5930a5484062 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2247649 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Auto-Submit: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#68382}
-
Jakob Gruber authored
... for nci code, in which several phases of the compiler are not active: LowerJSCreateCatchContext LowerJSCreateEmptyLiteralObject LowerJSCreateIterResultObject LowerJSCreateWithContext LowerJSGetIterator LowerJSGetTemplateObject With this change, the nci variant passes the test suite. Tests relying on turbofan-specific behavior (e.g. deopts) are skipped. Bug: v8:8888 Change-Id: I709178241e9b25e7480a39b4fb64bdcf576483be Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2245604 Auto-Submit: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#68381}
-
Jakob Gruber authored
The Isolate::context field doesn't track the context while JS is executing. It's updated at boundary sites when entering runtime through CEntry or returning to runtime in Invoke(). These set_context calls are unnecessary. Bug: v8:8888 Change-Id: Ifb9818b47699d2b1b37ebf0c19c2caf59fd17427 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2247772 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#68380}
-
Anton Bikineev authored
This adds the following things: - age table for 4K regions; - generational barrier for mixed 4K regions; - unmarking for major collections; - young generation flags. Bug: chromium:1029379 Change-Id: Ief1229f0dac5f90c5f06d3168c8ffb4b7d1f1b53 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2246566 Commit-Queue: Anton Bikineev <bikineev@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#68379}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/a980f85..78f36d4 Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/9253b25..fbbd9ca Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/e364dd8..3eb899a TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com Change-Id: I4087b7a65d3cb180f9eaf0670463c221733e4f2e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2249338Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#68378}
-
- 16 Jun, 2020 21 commits
-
-
Camillo Bruni authored
Change-Id: I69379880ef201f3668f54e8e3594c3933b5a6947 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2247758 Commit-Queue: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#68377}
-
Andreas Haas authored
R=ecmziegler@chromium.org Bug: v8:10556 Change-Id: Id105f2e5fa605e31ae6841062192edde10a94767 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2247650Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#68376}
-
Zhi An Ng authored
This reverts commit 539f0ed2. Reason for revert: UBSan failures https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20UBSan/11626? TBR=ulan@chromium.org,mlippautz@chromium.org,bikineev@chromium.org,bikineev@chromium.org Change-Id: I9a8c88bd5a81a55795fba077056ad1ef37287186 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2248780 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#68375}
-
Michael Lippautz authored
Add v8::CppHeap as an implementation of a cppgc heap that integrates with V8's existing EmbedderHeapTracer API. The current implementation only supports non-incremental marking. Bug: chromium:1056170 Change-Id: I4a09eb5ae57f5c7defe35eb3fe346627eb492473 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2245610 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Anton Bikineev <bikineev@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/master@{#68374}
-
Huáng Jùnliàng authored
Bug: v8:10564 Change-Id: Ibeaa43d9db087d02d8f4d3688fc1f6da41691a60 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2216931Reviewed-by: Shu-yu Guo <syg@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/master@{#68373}
-
Ng Zhi An authored
Bug: v8:9909 Change-Id: Ica96c2f373b4d90209c8d144486f423f1d8f0859 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2235548 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#68372}
-
Bill Budge authored
- Makes conversion::NonNumberToNumber, NonNumberToNumeric, and ToNumeric transitioning builtins. Otherwise, these turn into macro invocations, which made several math.tq builtins much longer. Bug: chromium:1094228 Change-Id: Iefb6821ee59f61c11029150c0de4a1bcbd18e721 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2243195 Commit-Queue: Bill Budge <bbudge@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#68371}
-
Manos Koukoutos authored
This is in anticipation of more complex type names coming from the new proposals. Change-Id: I1e5b8bd8c5b3edb5b603d36f6c5e9a787ebad504 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2243215 Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#68370}
-
Santiago Aboy Solanes authored
As a drive-by, change an if(...) else UNREACHABLE into a CHECK(...). Change-Id: I6440191c690f36444faa89ac0f7f7dde51ebba3f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2237143Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#68369}
-
Camillo Bruni authored
Bug: v8:10604 Change-Id: If66656017e53da34aa69bbe19d915df08cf6f332 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2246564 Commit-Queue: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#68368}
-
Michael Lippautz authored
Bug: chromium:1056170 Change-Id: I92b36c8ac3d31837729f2e1ce9f3c756a6270da1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2248182 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Auto-Submit: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/master@{#68367}
-
Michael Lippautz authored
- Untangles MarkingVisitor from Marker. - Adds ConservativeTracingVisitor encapsulating conservative tracing. This enables the following architecture: - Marking visitors (unified + stand-alone) inherit from MarkingVisitor; - Markers (unified + stand-alone) inherit (or directly use) Marker Bug: chromium:1056170 Change-Id: I05304c231d2983dab5611d05cf4aa8bfa3ed5e20 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2245600Reviewed-by: Anton Bikineev <bikineev@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#68366}
-
Georgia Kouveli authored
Change-Id: I3d2da18477df775b6ecc8e358a02f4e838961831 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2241522 Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#68365}
-
Manos Koukoutos authored
Changes: - Simplify and generalize ToValueTypeString. - Fix some error messages in msjunit so that they reflect the underlying error better. - Change 'exn' -> 'exnref' to match exception-handling proposal. Bug: v8:7581 Change-Id: I264f6c9aa598a57f39d5a4d01399af64db83a2b9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2243214 Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#68364}
-
Manos Koukoutos authored
This is in anticipation of more reference types from various proposals being implemented. Change-Id: I740ceeb3b6d6fc484a61f9ebee2181dbd6694440 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2243213Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/master@{#68363}
-
Clemens Backes authored
Avoid spawning low-priority tasks for tier-up, since low-priority tasks map to the BEST_EFFORT priority in chrome, which will severly delay execution of the tasks and not execute them even if background threads are idle (see linked bug). We should look into reverting this once the gin platform implementation (or task scheduling) is adjusted to execute low-priority background tasks more reliably. R=ahaas@chromium.org Bug: chromium:1094928 Change-Id: I9e84eeedc7b83bfd17edb1cd09a0084770b20eda Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2247645Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#68362}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/908ea81..a980f85 Rolling v8/buildtools: https://chromium.googlesource.com/chromium/src/buildtools/+log/574cbd5..3200e0f Rolling v8/buildtools/linux64: git_revision:9a0496a74efd13c1bb2abd866d8a227404615068..git_revision:fbe7aec770944d17c9f3006f6cbb5c19e8cd43ea Rolling v8/third_party/aemu-linux-x64: VTMne1aEixrBYfQxsfnRBgzudRPhjV-iUQeXgznyNqgC..T98d0T9VlsHV98PPahwzBa8kF94z5dghLKOTUDCTmwYC Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/b919b00..9253b25 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/03705f6..e364dd8 Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/79a0420..0d67b22 TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com Change-Id: Ibe96d7bb6c8b4b359698446a3087e4d9c1668704 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2246735Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#68361}
-
Georgia Kouveli authored
The C++ code uses the A instruction key for return address signing, which is the default for Clang and GCC when the -mbranch-protection option is used (although this can be configured to use the B key). Using the B key for JS means that it's not possible to use an A key signing gadget to replace a return address signed with the B key and vice-versa. This should offer a degree of separation from the C++ side. Bug: v8:10026 Change-Id: Ia9dcc7ae7096c96b4a271efbe25fc02940f6fc8e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2242953Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com> Cr-Commit-Position: refs/heads/master@{#68360}
-
Anton Bikineev authored
Bug: chromium:1029379 Change-Id: I9b030cd8d130793ba5b79303b71e3d60be981218 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2246567 Commit-Queue: Anton Bikineev <bikineev@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/master@{#68359}
-
Anton Bikineev authored
This also introduces CagedHeapLocalData. Bug: chromium:1029379 Change-Id: Ice04fe5ad7daa02f17ad107e78e53bdd32479737 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2246560Reviewed-by: Omer Katz <omerkatz@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Anton Bikineev <bikineev@chromium.org> Cr-Commit-Position: refs/heads/master@{#68358}
-
Marja Hölttä authored
The DCHECK is true in the current V8 / Chrome. However, an embedder can create a snapshot where the object in question has dictionary properties (by using the object as a prototype). When reading the snapshot, in the object already has dictionary properties, and adding a property to it won't change it. The erroneous DCHECK was used to assert that adding a property to an object won't turn it to dictionary mode. But now it's in the wrong place, since this part of the code is executed after reading the snapshot in. The corresponding DCHECKs which are executed when setting up the objects before snapshot creation are still valid. Fixing the behavior wrt whether the object should turn dictionary mode or whether it should turn back is beyond the scope of this CL. See https://github.com/nodejs/node-v8/issues/160 Bug: v8:10479 Change-Id: Ie62c80495d4f4494eeb3a16b5bfe02305c0cac95 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2246577Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#68357}
-