- 19 Jun, 2020 6 commits
-
-
Michael Lippautz authored
This is a reland of e0c1a349 The issue was passing SentinelPointer (== +1) through T*. The fix is disabling cfi unrelated cast diagnostic for the bottlenecks (Get()). This means that nullptr is treated the same as kSentinelPointer. The alternative would be a DCHECK that Get() does not return kSentinelPointer and adjusting all Member and Persistent logic that uses Get() to work on void*. This is quite intrusive as it involves Swap(), heterogeneous assignments, comparisons, etc. Original change's description: > cppgc: Properly clear (Weak)Peristent and WeakMember pointers > > The CL addresses two issues with (Weak)Persistent and WeakMember: > 1. (Weak)Persistent pointers are cleared on heap teardown. Before this > CL the pointers would contain stale values which could lead to UAF. > 2. WeakPersistent and WeakMember are cleared using a combination of > internal clearing methods and mutable fields which avoids the use > of const_cast<>. > > Bug: chromium:1056170 > Change-Id: Ibf2b0f0856771b4f6906608cde13a6d43ebf81f3 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2248190 > Reviewed-by: Omer Katz <omerkatz@chromium.org> > Reviewed-by: Anton Bikineev <bikineev@chromium.org> > Commit-Queue: Michael Lippautz <mlippautz@chromium.org> > Cr-Commit-Position: refs/heads/master@{#68394} Bug: chromium:1056170 Change-Id: I3d74b43464c2973df1956f51b1419d755dd9f519 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2250240Reviewed-by: Omer Katz <omerkatz@chromium.org> Reviewed-by: Anton Bikineev <bikineev@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#68426}
-
Manos Koukoutos authored
This CL introduces one-letter shorthands to HeapTypes, and fixes signatures to be in sync with the ValueType and HeapType shorthands. Bug: v8:7748 Change-Id: I4cc8e26d6523074bc36bf2d29289e63a23e80ddc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2249672 Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#68425}
-
Kim-Anh Tran authored
Increase TypedArray.kMaxLength by 1. Bug: chromium:1095721 Change-Id: Ic3668ff4e71cfd1289eda495333c4aae62c44795 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2249668Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Kim-Anh Tran <kimanh@chromium.org> Cr-Commit-Position: refs/heads/master@{#68424}
-
Manos Koukoutos authored
Bug: v8:7748 Change-Id: I6087c02aab93ba44b8029f3d1a0c99fd6a4da6f8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2250248 Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#68423}
-
Frank Tang authored
Bug: v8:10599 Change-Id: I1248d365576c0bc8c01d8ce07f0c49654fabfc52 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2251173 Commit-Queue: Frank Tang <ftang@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#68422}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/78f36d4..3591130 Rolling v8/buildtools: https://chromium.googlesource.com/chromium/src/buildtools/+log/3200e0f..1ed9957 Rolling v8/buildtools/linux64: git_revision:fbe7aec770944d17c9f3006f6cbb5c19e8cd43ea..git_revision:7d7e8deea36d126397bda2cf924682504271f0e1 Rolling v8/third_party/aemu-linux-x64: T98d0T9VlsHV98PPahwzBa8kF94z5dghLKOTUDCTmwYC..UoYLOT0X6577j70eB9nPqYQs9Z3Nh5lA4I-pRtTchO0C Rolling v8/third_party/android_sdk/public: CR25ixsRhwuRnhdgDpGFyl9S0C_0HO9SUgFrwX46zq8C..uM0XtAW9BHh8phcbhBDA9GfzP3bku2SP7AiMahhimnoC Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/fbbd9ca..4ac015d Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/3eb899a..2410c84 Rolling v8/third_party/icu: https://chromium.googlesource.com/chromium/deps/icu/+log/9e7dae8..79326ef Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/0d67b22..42b285f TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com Change-Id: I3024219a33b862fef5e7393a3e18c88f46e29dc3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2253105Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#68421}
-
- 18 Jun, 2020 22 commits
-
-
Ng Zhi An authored
This was causing issues with strict mode when combined with fuzzers. See https://crrev.com/c/2173952/7/test/mjsunit/wasm/wasm-module-builder.js#471 Change-Id: I164b24c35d7ba7c53a550dc3649eb7268dfb30e1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2252540Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#68420}
-
Ng Zhi An authored
Prototype f32x4.ceil on ARM for both ARM v7 and ARM v8. ARM v8 has support for vrintp, and for ARM v7 we fallback to runtime. Since ARM v8 uses vrintp, which is the same instruction used for F32 Ceil (scalar), wasm-compiler reuses the Float32Round check, rather than creating new F32x4Round optional operators. Implementation for vrintp (Advanced SIMD version that takes Q registers), assembler, disassembler support. Incomplete for now, but more will be added as we add other rounding modes. Bug: v8:10553 Change-Id: I4563608b9501f6f57c3a8325b17de89da7058a43 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2248779Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#68419}
-
Ng Zhi An authored
Similar to chromium side change: https://crrev.com/c/1961070. When checkout_clang_tidy is set, we will check out clang-tidy via clang/scripts/update.py. The goal is to be able to run clang-tidy using Tricium. Bug: chromium:1087565,v8:10488 Change-Id: I14ebaaca33ca20d59d9cc5e537826829608a1e6f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2242257Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#68418}
-
Ng Zhi An authored
Bug: v8:10180 Change-Id: Ic341e0de315b7d7b33dbad265c8fda9145a669da Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2243760Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#68417}
-
Ng Zhi An authored
Extend gm.py to support long flags (starting with --), which are treated as test runner flags, and passed unchanged. These flags must be as single word, '--progress=verbose' instead of '--progress verbose', as gm only does simple one-at-a-time args parsing. Change-Id: Icfa161ff231715d0b7eb3ba259fca35a65c68964 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2250875 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#68416}
-
Dan Elphick authored
When preparsing and detecting a sloppy block function redefinition then don't mark the variable as assigned to make it consistent with the eager parser. Bug: chromium:1053364 Change-Id: Iec7c24db80014bfe73ee41a4f3bb7a41a354cef2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2241511 Auto-Submit: Dan Elphick <delphick@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#68415}
-
Santiago Aboy Solanes authored
Change-Id: I2cc4126c63238ddbd4f8bd784e0f7b1322c003ab Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2238028Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#68414}
-
Clemens Backes authored
Instead of creating temporary {std::vector}s (which always allocate on the heap) create more vectors on the stack, via initializer lists. As this is "only" a fuzzer, performance is not really critical, but still has some impact on the efficiency of the whole fuzzer. That said, this CL is mostly a cleanup to replace unwanted code pattern by better code. R=jkummerow@chromium.org Change-Id: I924c15e5d64ed584fc96c85715eef1dca5aef150 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2249928 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#68413}
-
zeynepCankara authored
Change-Id: I02baea85ff93683848f2f5a4571a0d94d3821f0c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2249673 Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#68412}
-
Jakob Gruber authored
At this point in development, this is a reasonable config for the nci test variant. --turbo-nci currently disables some compiler phases and avoids embedded context-dependent constants. --turbo-collect-feedback-in-generic-lowering enables full feedback collection in generic lowering. I'm keeping the two as separate flags for now since it can be interesting to benchmark --turbo-nci both with- and without feedback collection. Bug: v8:8888 Change-Id: I678baeb0ed051b158ac0634f00de9b6a55f87e09 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2247770 Auto-Submit: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Commit-Queue: Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/master@{#68411}
-
Michael Achenbach authored
This changes PrepareFunctionForOptimization to have the same checks as OptimizeFunctionOnNextCall, as otherwise fuzzing runs into the DCHECK with a bad number of arguments. Bug: chromium:1094866 Change-Id: Ief7d428a12139c47a74607d39792276a2eae4ebf Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2250255Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#68410}
-
Santiago Aboy Solanes authored
Bug: v8:7790 Change-Id: I759ccce7fc8d0fa6742b11ce9c05a254bf0728ef Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2250256Reviewed-by: Michael Stanton <mvstanton@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#68409}
-
Manos Koukoutos authored
Motivation: Changes to the typed function references and gc proposals solidified the notion of heap type, clarified nullable vs. non-nullable reference types, and introduced rtts, which contain an integer depth field in addition to a heap type. This required us to overhaul our ValueType representation, which results in extensive changes. To keep this CL "small", we do not try to implement the binary encoding as described in the proposals, but rather devise a simpler one of our own (see below). Also, we do not try to implement additional functionality for the new types. Changes: - Introduce HeapType. Move heap types from ValueType to HeapType. - Introduce Nullability for reference types. - Rework ValueType helper methods. - Introduce rtts in ValueType with an integer depth field. Include depth in the ValueType encoding. - Make the constructor of ValueType private, instead expose static functions which explicitly state what they create. - Change every switch statement on ValueType::Kind. Sometimes, we need nested switches. - Introduce temporary constants in ValueTypeCode for nullable types, use them for decoding. - In WasmGlobalObject, split 'flags' into 'raw_type' and 'is_mutable'. - Change IsSubtypeOfRef to IsSubtypeOfHeap and implement changes in subtyping. - kWasmFuncRef initializers are now non-nullable. Initializers are only required to be subtypes of the declared global type. - Change tests and fuzzers as needed. Bug: v8:7748 Change-Id: If41f783bd4128443b07e94188cea7dd53ab0bfa5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2247657 Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#68408}
-
Dan Elphick authored
This reverts commit f78d69fa. With https://chromium-review.googlesource.com/c/v8/v8/+/2243216, incorrect MemoryChunk::FromHeapObject uses are now fixed. Original change's description: > Revert "[heap] Make ReadOnlySpace use bump pointer allocation" > > This reverts commit 81c34968 and also > 490f3580 which depends on the former. > > Reason for revert: Break CFI tests in chromium https://ci.chromium.org/p/chromium/builders/ci/Linux%20CFI/17438 > Original change's description: > > [heap] Make ReadOnlySpace use bump pointer allocation > > > > This changes ReadOnlySpace to no longer be a PagedSpace but instead it > > is now a BaseSpace. BasicSpace is a new base class that Space inherits > > from and which has no allocation methods and does not dictate how the > > pages should be held. > > > > ReadOnlySpace unlike Space holds its pages as a > > std::vector<ReadOnlyPage>, where ReadOnlyPage directly subclasses > > BasicMemoryChunk, meaning they do not have prev_ and next_ pointers and > > cannot be held in a heap::List. This is desirable since with pointer > > compression we would like to remap these pages to different memory > > addresses which would be impossible with a heap::List. > > > > Since ReadOnlySpace no longer uses most of the code from the other > > Spaces it makes sense to simplify its memory allocation to use a simple > > bump pointer and always allocate a new page whenever an allocation > > exceeds the remaining space on the final page. > > > > Change-Id: Iee6d9f96cfb174b4026ee671ee4f897909b38418 > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2209060 > > Commit-Queue: Dan Elphick <delphick@chromium.org> > > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#68137} > > TBR=ulan@chromium.org,delphick@chromium.org > > # Not skipping CQ checks because original CL landed > 1 day ago. > > Change-Id: I68c9834872e55eb833be081f8ff99b786bfa9894 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2232552 > Commit-Queue: Dan Elphick <delphick@chromium.org> > Reviewed-by: Dan Elphick <delphick@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Cr-Commit-Position: refs/heads/master@{#68211} TBR=ulan@chromium.org,delphick@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Change-Id: Id5b3cce41b5dec1dca816c05848d183790b1cc05 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2250254Reviewed-by: Dan Elphick <delphick@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#68407}
-
zeynepCankara authored
Change-Id: Icc37fc091086a3239a1b080ca2829efcda97f328 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2245601 Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#68406}
-
Ross McIlroy authored
When running in single-process mode for Webview, the stack limit is initialized from a point closer to the top of stack limit. This causes can cause crashes since the stack limit might be higher than the actual native stack limit (which is 1MB on Android). As such, use the same slightly lower stack limit on Arm64 as we do on Arm to give more slack. BUG=v8:10575 Change-Id: I0cdd0cb4b38aafcb4e158ed639ecf3bba2edb785 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2250241 Commit-Queue: Michael Stanton <mvstanton@chromium.org> Auto-Submit: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/master@{#68405}
-
Frank Tang authored
https://chromium.googlesource.com/external/github.com/tc39/test262/+log/f89ea875..8d3dd2d 8d3dd2d Sync the test w/ changes in intl-datetime-style 43 by Frank Tang · 15 hours ago master 2dcdba9 Simplify tests by Alexey Shvayka · 15 hours ago 23417d9 Test %TypedArray%.prototype.set with primitives by Alexey Shvayka · 15 hours ago Bug: v8:7834 Change-Id: I39b62aa1f4800349a009035e704bd4a93223174b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2251174Reviewed-by: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Mathias Bynens <mathias@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/master@{#68404}
-
Clemens Backes authored
Instead of having a loop with one big switch for handling the different opcodes, split the decoding into one handler per opcode and call them via an opcode handler table. The compiler will generate similar code for this new approach (the big switch is also compiled into a table lookup and an indirect jump). The main difference is that it's now calls instead of jumps. This has a slight performance impact, but allows to look at the decoding logic of individual opcodes in isolation and see optimization opportunities much easier. It also allows spot very easily in profilers on which opcodes most time is spent. The different opcode handlers are still implemented via the same switch as before, but since the opcode is a template argument (hence static) the compiler will eliminate the switch and generate the small handlers we want. I plan to actually remove the switch and break up the big generic {DecodeOp} method into one method per opcode. R=thibaudm@chromium.org Bug: v8:10576 Change-Id: Ic2c1e2fe5e98df52a7079ace305cf77340dcbf35 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2249664Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#68403}
-
Jakob Gruber authored
Introduced in https://crrev.com/c/2250243. CONSTEXPR_DCHECK(cond) replaces the longer #if V8_HAS_CXX14_CONSTEXPR DCHECK(cond); #endif pattern. Change-Id: I636e5b4b40bffb29b2e82c81285b2ef78a822745 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2250244Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#68402}
-
Michael Achenbach authored
This subsumes the old behavior of --allow-natives-for-fuzzing under --fuzzing as well. Both flags are used in a redundant way in fuzz configs. Only --allow-natives-for-fuzzing wasn't specified as a required argument, leading to the bug below. We still need the flag --allow-natives-for-differential-fuzzing to allow different functions when using differential fuzzing. Bug: chromium:1094866 Change-Id: I398791779e58ed4d80e896c1cfea343848159212 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2246568 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#68401}
-
Jakob Gruber authored
... in regexp bytecode {length,name} accessors and in peephole optimization. Bug: chromium:1095866 Change-Id: I78c89d35d796776b61eabf82b921f7582e431be7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2250243Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#68400}
-
Clemens Backes authored
The {NextInstruction} method is quite hot, since it's called for every since Wasm instruction. It currently does several checks to figure out if - a breakpoint needs to be emitted, - extra source positions are needed, or - tracing is active. The first two can only happen if we are generating debug code, hence check for that first. The last can only happen in debug mode, so it's not an issue in production. Finally, outline the emission of debug information. This leads to inlining of the {NextInstruction} method into callers, where it is a single check followed by a call to {EmitDebuggingInfo} (in release mode). R=thibaudm@chromium.org Bug: v8:10576 Change-Id: I5047406f55cd14c6c639528ef6e3422af27d16b1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2249671 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/master@{#68399}
-
- 17 Jun, 2020 12 commits
-
-
Shu-yu Guo authored
https://github.com/tc39/ecma262/pull/1776 is a normative change that reached consensus in the November 2019 TC39. It changes %AsyncFromSyncIteratorPrototype% methods to forward the absence of arguments to the underlying sync iterator. This is observable via `arguments.length` inside the underlying sync iterator. For example, .next is changed to, roughly: ``` %AsyncFromSyncIteratorPrototype%.next = function(value) { let res; if (arguments.length < 1) { res = [[SyncIteratorRecord]].[[Iterator]].next(); } else { res = [[SyncIteratorRecord]].[[Iterator]].next(value); } // ... }; ``` Bug: v8:10395 Change-Id: Ib8127d08cd78b8d502e6510241f3f13fbbaba5c7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2247041Reviewed-by: Marja Hölttä <marja@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/master@{#68398}
-
Igor Sheludko authored
... because tools/v8heapconst.py was created for default x64 release mode (with enabled pointer compression). Bug: v8:7703, v8:10621 Change-Id: I1fbcd81aac26e0b357279b7dffa97c64a5415e40 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2250238Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#68397}
-
Zhi An Ng authored
This reverts commit e0c1a349. Reason for revert: Fails on Linux 64 cfi https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20-%20cfi/25283? TBR=omerkatz@chromium.org,mlippautz@chromium.org,bikineev@chromium.org,bikineev@chromium.org Change-Id: I2b208c4019979735925bff5e0551291fae6a14d6 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2250320Reviewed-by: Zhi An Ng <zhin@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#68396}
-
Bruce Dawson authored
If mksnapshot fails then all that is printed is "FAILED: gen/v8/embedded.S snapshot_blob.bin" and the command line. That complicates the investigation. Printing the error code in run.py can help. The printing code handles large negative numbers specially so that special Windows failure codes like 0xC0000005 are recognizable. This code was tested by adding this early-out to main in mksnapshot.cc. if (argc < 1000) return 0xc0000005; Bug: Chromium:1095767 Change-Id: I5dc81d368beaa339f0c519ce1c01bd13cdb18d93 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2249518 Auto-Submit: Bruce Dawson <brucedawson@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Jochen Eisinger <jochen@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#68395}
-
Michael Lippautz authored
The CL addresses two issues with (Weak)Persistent and WeakMember: 1. (Weak)Persistent pointers are cleared on heap teardown. Before this CL the pointers would contain stale values which could lead to UAF. 2. WeakPersistent and WeakMember are cleared using a combination of internal clearing methods and mutable fields which avoids the use of const_cast<>. Bug: chromium:1056170 Change-Id: Ibf2b0f0856771b4f6906608cde13a6d43ebf81f3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2248190Reviewed-by: Omer Katz <omerkatz@chromium.org> Reviewed-by: Anton Bikineev <bikineev@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#68394}
-
Santiago Aboy Solanes authored
Clenaups: * Encapsulated same code in methods * Inlined trace prints * Don't set as queued, we are going to visit it anyway * Moved the phi check updwards Bug: v8:10424 Change-Id: I82534399617d97d717c5c0dd1ca4bfef9df91e97 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2218037 Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/master@{#68393}
-
Thibaud Michaud authored
Inline TransferStackSlot and compare the slots first. This is redundant if they are different, but in most cases they are the same and doing this check is beneficial. Other methods of StackTransferRecipe are not called as often, and inlining them seems negligible. R=clemensb@chromium.org Bug: v8:10576 Change-Id: Ibdaa714e3e40c95a79a0da3ca3170d1da7b62cf3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2249677 Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#68392}
-
Milad Farazmand authored
Change-Id: I9a91bd41bc4429509457d73c78fc88e2cf826fb6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2248202Reviewed-by: Michael Dawson <michael_dawson@ca.ibm.com> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#68391}
-
Dan Elphick authored
Since ReadOnlySpace pages will soon not be MemoryChunks, change most uses of MemoryChunk::FromHeapObject and FromAddress to use the BasicMemoryChunk variants and which use the new MemoryChunk::cast function that takes a BasicMemoryChunk and DCHECKs !InReadOnlySpace(). To enable this, it also moves into BasicMemoryChunk several MemoryChunk functions that just require a BasicMemoryChunk. Bug: v8:10454 Change-Id: I80875b2c2446937ac2c2bc9287d36e71cc050c38 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2243216 Commit-Queue: Dan Elphick <delphick@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#68390}
-
Philip Pfaffe authored
According to the spec, the section name does not start with a dot: https://yurydelendik.github.io/webassembly-dwarf/#external-DWARF Change-Id: I4ac205332dd9612fe83c2e6322a98bdae3ffa79d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2249669Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Philip Pfaffe <pfaffe@chromium.org> Cr-Commit-Position: refs/heads/master@{#68389}
-
Georgia Kouveli authored
The SafeStackFrameIterator, used in the profiler, sometimes uses the link register instead of a return address stored on the stack, to get more accurate results. This happens in particular for bytecode handlers that do not create a stack frame. Authentication of PC for those frames would fail in the SafeStackFrameIterator, as the "PC address" would not point to a stack location with a signed return address, but instead to a member of the SafeStackFrameIterator class where the value of the link register was stored. We address this by skipping authentication of PCs in the profiler. Bug: v8:10026 Change-Id: I331c6c68e703db766be1891efffa69c2f9794e8a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2242954Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com> Cr-Commit-Position: refs/heads/master@{#68388}
-
Michael Lippautz authored
This is a reland of 539f0ed2 The reland fixes creating TimeDelta from double which requires saturated_cast<>. Improvements to this constructions are tracked in v8:10620. Original change's description: > cppgc,heap: Implement atomic unified heap GC > > Add v8::CppHeap as an implementation of a cppgc heap that > integrates with V8's existing EmbedderHeapTracer API. The > current implementation only supports non-incremental marking. > > Bug: chromium:1056170 > Change-Id: I4a09eb5ae57f5c7defe35eb3fe346627eb492473 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2245610 > Commit-Queue: Michael Lippautz <mlippautz@chromium.org> > Reviewed-by: Anton Bikineev <bikineev@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Omer Katz <omerkatz@chromium.org> > Cr-Commit-Position: refs/heads/master@{#68374} Bug: chromium:1056170,v8:10620 Change-Id: I39e15790e5cafe24da2a14d0bae6543391ebb536 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2248191Reviewed-by: Omer Katz <omerkatz@chromium.org> Reviewed-by: Anton Bikineev <bikineev@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#68387}
-