- 28 Apr, 2020 40 commits
-
-
Leszek Swirski authored
When creating a filler, we pass through whether we need to clear slots in the old to new remembered set. This patch adds a verification check that, when we claim we don't need to clear slots, checks that no slots are set in the remembered set for the range of the filler. Effectively, this is a range counterpart to VerifyClearedSlot. Change-Id: Id994c56d941988cc282463304bc7307a51943e99 Bug: chromium:1075999 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2139572 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#67453}
-
Ng Zhi An authored
Bug: v8:9909 Change-Id: I7f32769ad85d05e91a39782816f1c2da042454a5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2169017Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#67452}
-
Nico Hartmann authored
Having no value argument in DataView setters (e.g. setFloat64) caused wrong behavior in compiled code. Bug: chromium:1071190 Change-Id: I37ddba8555dafad321f8d4c1352da8a501a98453 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170091Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Auto-Submit: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/master@{#67451}
-
Yang Guo authored
R=szuend@chromium.org Fixed: chromium:1075763 Change-Id: I7f67cfb9c643d8f30bec808ccb2a9e1326ad1921 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170030Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#67450}
-
Clemens Backes authored
We don't redirect to the interpreter for debugging any more, hence we can remove methods and data structures for storing and accessing information about functions redirected to the interpreter. R=thibaudm@chromium.org Bug: v8:10389 Change-Id: I31ce1ef09748eb65d62910269548bc66eb02e01c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2164795Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#67449}
-
Dan Elphick authored
base::List is only used inside of heap and has some pretty strange semantics that don't lend themselves to it being a general purpose data structure so this moves it to heap where it can be safe isolated. Bug: v8:10454 Change-Id: I7921c22286276432956005c72143b22b0364fc93 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170029 Auto-Submit: Dan Elphick <delphick@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#67448}
-
Clemens Backes authored
Redirection to the interpreter is removed from mjsunit tests. Hence the runtime function will always return 0. This CL removes the runtime function and the respective method from the interpreter. R=thibaudm@chromium.org Bug: v8:10389 Change-Id: Ia17bebf3992f42a17a9c1b385ecdc2f2e3061b65 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2164794 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/master@{#67447}
-
Milad Farazmand authored
Port 97a4b795 Port f8be9948 R=zhiguo.zhou@intel.com, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG= LOG=N Change-Id: Id72fd94459b13713d25aefbf96fd00c88e352c85 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2169841Reviewed-by: Junliang Yan <jyan@ca.ibm.com> Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#67446}
-
Andreas Haas authored
In AtomicOp64 ClearRegister is called twice to clear the registers r8 and r9. Thereby new registers may get allocated. We forgot to add the newly allocated registers to pinned after the first call to ClearRegister, which caused the same registers to be allocated again in the second ClearRegister, and thereby caused the bug. R=clemensb@chromium.org Change-Id: I0d069aea4c9438fe30c30c22406b4075ddf3e95c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170088 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#67445}
-
Victor Gomes authored
Change-Id: Idbb678e3fd8491c3568ddf7084f969368ac527cc Bug: v8:10201 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2139582 Commit-Queue: Victor Gomes <victorgomes@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#67444}
-
Victor Gomes authored
Change-Id: Ic5f703f29525ce7680249666454cf146c1f088dd Bug: v8:10201 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2116198Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Victor Gomes <victorgomes@chromium.org> Cr-Commit-Position: refs/heads/master@{#67443}
-
Victor Gomes authored
Subtracting RSP to allocate stack space is not safe on Windows, where we could subtract several pages away and the value could not be committed yet in memory yielding a segfault. We use the macro assembler AllocateStackSpace instead. Change-Id: I69ac9d96c57af57276b480a33c7cefa81fc018a7 Bug: v8:10201 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2166169 Commit-Queue: Victor Gomes <victorgomes@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#67442}
-
Iain Ireland authored
RegExpMacroAssembler::GetCode returns a Handle<Object>. However, that Handle is almost immediately dereferenced, and is stored as a bare Object in both RegExpCompiler::CompilationResult and RegExpCompileData. This makes SpiderMonkey's rooting hazard analysis somewhat antsy. While RegExpCompileData is alive on the stack, the hazard analysis will not allow any calls that might GC, because it isn't smart enough to prove that the code field can't be clobbered by a GC. As far as I can tell, there is no real hazard here, but storing a Handle in RegExpCompileData instead of a bare Object will simplify SM and prevent a future patch from accidentally breaking something. Bug: v8:10406 Change-Id: I9642dd05c591bfd23b340a89df2f2bf5c9fcac2c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2161578Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#67441}
-
Dan Elphick authored
When RO_SPACE is to be shared, this constructs SharedReadOnlySpace object (via ReadOnlySpace::DetachPagesAndAddToArtifacts) that contains the shared artifacts and the original ReadOnlySpace is destroyed. This is mostly a conceptual change and SharedReadOnlySpace behaves identically to ReadOnlySpace (and subclasses it). Also adds ReadOnlyArtifacts that contains the shared artifacts and which is stored as a std::weak_ptr in a global so it can be destroyed when all std::shared_ptrs to it are destroyed. Since this allows the ReadOnlyHeap to be reconstructed when all Isolates are destroyed, ReadOnlyHeap::ClearSharedHeapForTest is removed along with all uses since that is now done automatically. The ReadOnlyArtifacts class now owns all the shared artifacts and is responsible for deleting them on exit (mostly via unique_ptr). Bug: v8:10454 Change-Id: I2fe7110a4ab9cf8719dd198bafc1d083bee641b1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2154204 Commit-Queue: Dan Elphick <delphick@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#67440}
-
Leszek Swirski authored
Make sure to set the right page flags on pages merged from off-thread LO space have the right flags set -- in particular, the marking bit. Bug: chromium:1011762 Change-Id: I595a3afb5e40d92b8d4c26c7671a43ea8e9e94d2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2169096 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#67439}
-
Victor Gomes authored
Change-Id: I4d6ea687d78516d2bac2abc82230e0fe8379d4b9 Bug: v8:10201 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2113378 Commit-Queue: Victor Gomes <victorgomes@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#67438}
-
Georg Neis authored
... by making sure we deopt when the buffer is detached. Bug: chromium:1074736 Change-Id: I86e4e63014767766d7c079c3a3e38d947c76ef10 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2168874 Commit-Queue: Georg Neis <neis@chromium.org> Commit-Queue: Michael Stanton <mvstanton@chromium.org> Auto-Submit: Georg Neis <neis@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/master@{#67437}
-
Clemens Backes authored
This reverts commit 6a0e7224. Reason for revert: Fails noi18n: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20noi18n%20-%20debug/31513 Original change's description: > [regexp] Limit the size of inlined choice nodes > > Codegen for unicode property escapes (e.g.: /\p{L}/u) can produce huge > code objects. This effect can be further magnified through inlining, > leading to exponential code growth in the size of the pattern. > > This CL is a (fairly hacky) way to avoid exponential growth. We > recognize choice nodes with 'many' choices and disable inlining for > them. In the future we should fix this properly, either by using the > code size budget correctly, or by improving codegen for property > escapes. > > Bug: v8:10441 > Change-Id: I817f145251ec8b1b9906cc735c9e9bdb004c98ed > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170229 > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Yang Guo <yangguo@chromium.org> > Cr-Commit-Position: refs/heads/master@{#67433} TBR=yangguo@chromium.org,jgruber@chromium.org Change-Id: I503b8b2be539468d86e4ec1ac13074cd1c06a5cb No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:10441 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2169101Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#67436}
-
Tobias Tebbi authored
Bug: v8:10404, v8:7793 Change-Id: I7ed5fc790bd97af0dd3671669779e416101731ce Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2162877 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#67435}
-
Zhao Jiazhong authored
Port 97a4b795 https://crrev.com/c/2162366 Port f8be9948 https://crrev.com/c/2166959 Change-Id: Id0cebfe0761ff75fb95c9ceacf95e53fee12eb73 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2168978Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn> Cr-Commit-Position: refs/heads/master@{#67434}
-
Jakob Gruber authored
Codegen for unicode property escapes (e.g.: /\p{L}/u) can produce huge code objects. This effect can be further magnified through inlining, leading to exponential code growth in the size of the pattern. This CL is a (fairly hacky) way to avoid exponential growth. We recognize choice nodes with 'many' choices and disable inlining for them. In the future we should fix this properly, either by using the code size budget correctly, or by improving codegen for property escapes. Bug: v8:10441 Change-Id: I817f145251ec8b1b9906cc735c9e9bdb004c98ed Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170229 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#67433}
-
Camillo Bruni authored
This enables comparing single runs from the direct command line ouptut generated by --runtime-call-stats No-Try: true No-Presubmit: true Change-Id: Ieac06bbd95c2a73f8064af161fe35f6fb083648f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170093 Commit-Queue: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#67432}
-
Clemens Backes authored
This reverts commit 43b885a8. Reason for revert: Still fails on UBSan: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20UBSan/10873 Original change's description: > Reland "[turbofan][csa] optimize Smi untagging better" > > This is a reland of ff22ae80 > > Original change's description: > > [turbofan][csa] optimize Smi untagging better > > > > - Introduce new operator variants for signed right-shifts with the > > additional information that they always shift out zeros. > > - Use these new operators for Smi untagging. > > - Merge left-shifts with a preceding Smi-untagging shift. > > - Optimize comparisons of Smi-untagging shifts to operate on the > > unshifted word. > > - Optimize 64bit comparisons of values expanded from 32bit to use > > a 32bit comparison instead. > > - Change CodeStubAssembler::UntagSmi to first sign-extend and then > > right-shift to enable better address computations for Smi indices. > > > > Bug: v8:9962 > > Change-Id: If91300f365e8f01457aebf0bd43bdf88b305c460 > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2135734 > > Commit-Queue: Tobias Tebbi <tebbi@chromium.org> > > Reviewed-by: Georg Neis <neis@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#67378} > > Bug: v8:9962 > Change-Id: Ieab0755806c95fb50022eb17596fb0c95f36004c > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170001 > Commit-Queue: Tobias Tebbi <tebbi@chromium.org> > Commit-Queue: Georg Neis <neis@chromium.org> > Auto-Submit: Tobias Tebbi <tebbi@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#67430} TBR=neis@chromium.org,tebbi@chromium.org Change-Id: I49e19811ebcecb846f61291bc0c4a0d8b0bc4cff No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:9962 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2168876Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#67431}
-
Tobias Tebbi authored
This is a reland of ff22ae80 Original change's description: > [turbofan][csa] optimize Smi untagging better > > - Introduce new operator variants for signed right-shifts with the > additional information that they always shift out zeros. > - Use these new operators for Smi untagging. > - Merge left-shifts with a preceding Smi-untagging shift. > - Optimize comparisons of Smi-untagging shifts to operate on the > unshifted word. > - Optimize 64bit comparisons of values expanded from 32bit to use > a 32bit comparison instead. > - Change CodeStubAssembler::UntagSmi to first sign-extend and then > right-shift to enable better address computations for Smi indices. > > Bug: v8:9962 > Change-Id: If91300f365e8f01457aebf0bd43bdf88b305c460 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2135734 > Commit-Queue: Tobias Tebbi <tebbi@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#67378} Bug: v8:9962 Change-Id: Ieab0755806c95fb50022eb17596fb0c95f36004c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170001 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Auto-Submit: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#67430}
-
Jakob Gruber authored
SFI::DisableOptimization can only be called on certain function kinds. Update %NeverOptimizeFunction to crash/do nothing if these conditions are not fulfilled in normal/fuzzing configurations. Bug: chromium:1074689 Change-Id: I371dd539e27447ede48c69d0480a3d224071b304 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2169926Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#67429}
-
Dominik Inführ authored
Implement move semantics for the LocalAllocationBuffer as noted in the comments. Also moved Close() invocation out of the assignment operator and renamed it to CloseWithFiller(). Bug: v8:10315 Change-Id: Idc36fb7923e1f8857c05ec5d5110fa16087b07e7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170087Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#67428}
-
Clemens Backes authored
This removes the {RedirectToWasmInterpreter} runtime function and the respective method from {WasmDebugInfo}. Some tests test specifically the interaction between compiled code and the interpreter. They are irrelevant now and are deleted. R=thibaudm@chromium.org Bug: v8:10389 Change-Id: I38330fcb523f7c65968fdf03abc60af3392bdcc8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2164793 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/master@{#67427}
-
Jakob Gruber authored
This is a reland of ad5b005e Original change's description: > [snapshot] Expose the serializer through %SerializeDeserializeNow > > ... in order to exercise the snapshot/ component from mjsunit tests > and fuzzers. > > * Since the serializer and deserializer can now be called at any time > instead of only in a tightly controlled environment, several > assumptions (such as an empty execution stack, no microtasks, no > handles) no longer hold and had to be made configurable through > SerializerFlags. > > * Root iteration now skips more root categories which were previously > guaranteed to be empty (e.g. the stack, microtask queue, handles). > > * The %SerializeDeserializeNow runtime function triggers > serialization, deserialization, and heap verification on the current > isolate and native context. > > Support is not yet complete and will be extended in future work. Once > all mjsunit tests successfully run, we can add a new test mode to > stress serialization. > > Bug: v8:10416 > Change-Id: Ie7ff441a761257dd7f256d0a33e73227850074ac > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2159495 > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Dan Elphick <delphick@chromium.org> > Cr-Commit-Position: refs/heads/master@{#67423} Tbr: delphick@chromium.org,ulan@chromium.org Bug: v8:10416 Change-Id: Ibed04c0f0b72fabcf811d8b18a1479391a11568b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170090Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Dan Elphick <delphick@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#67426}
-
Anton Bikineev authored
This adds the following: 1) Heap object structure classes: RawHeap, BaseArena and BasePage. - freelist - linear allocation block 2) ObjectAllocator, a class responsible for object (and page) allocation. The design doc with UML design: https://bit.ly/2VVTcqc User defined arenas are followup. Bug: chromium:1056170 Change-Id: I69a82974bd08e3cf3da90041b1628297cc890891 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2167392 Commit-Queue: Anton Bikineev <bikineev@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#67425}
-
Nico Hartmann authored
This reverts commit ad5b005e. Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20shared/36070? Original change's description: > [snapshot] Expose the serializer through %SerializeDeserializeNow > > ... in order to exercise the snapshot/ component from mjsunit tests > and fuzzers. > > * Since the serializer and deserializer can now be called at any time > instead of only in a tightly controlled environment, several > assumptions (such as an empty execution stack, no microtasks, no > handles) no longer hold and had to be made configurable through > SerializerFlags. > > * Root iteration now skips more root categories which were previously > guaranteed to be empty (e.g. the stack, microtask queue, handles). > > * The %SerializeDeserializeNow runtime function triggers > serialization, deserialization, and heap verification on the current > isolate and native context. > > Support is not yet complete and will be extended in future work. Once > all mjsunit tests successfully run, we can add a new test mode to > stress serialization. > > Bug: v8:10416 > Change-Id: Ie7ff441a761257dd7f256d0a33e73227850074ac > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2159495 > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Dan Elphick <delphick@chromium.org> > Cr-Commit-Position: refs/heads/master@{#67423} TBR=ulan@chromium.org,jgruber@chromium.org,delphick@chromium.org Change-Id: Ie30b94c9ec6e4463bed6cc87dd6525f469fdf84a No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:10416 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170089Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/master@{#67424}
-
Jakob Gruber authored
... in order to exercise the snapshot/ component from mjsunit tests and fuzzers. * Since the serializer and deserializer can now be called at any time instead of only in a tightly controlled environment, several assumptions (such as an empty execution stack, no microtasks, no handles) no longer hold and had to be made configurable through SerializerFlags. * Root iteration now skips more root categories which were previously guaranteed to be empty (e.g. the stack, microtask queue, handles). * The %SerializeDeserializeNow runtime function triggers serialization, deserialization, and heap verification on the current isolate and native context. Support is not yet complete and will be extended in future work. Once all mjsunit tests successfully run, we can add a new test mode to stress serialization. Bug: v8:10416 Change-Id: Ie7ff441a761257dd7f256d0a33e73227850074ac Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2159495 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#67423}
-
Ulan Degenbaev authored
Upon receiving a memory pressure signal V8 performs one GC and also schedules three follow-up GCs. This may be problematic for performance if the memory pressure signals are generated periodically. This patch makes V8's memory pressure handler more lightweight by doing only one GC. Bug: chromium:1072746 Change-Id: I242534bd2c27a68188bb5e3a6b4092118c1b486c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2169930Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#67422}
-
Jakob Gruber authored
The blink use counter callback requires a current native context to exist, and will crash if that is not the case. We can fix this V8 by deferring the count. A cleaner (future) fix would be to either pass the native context to the callback, or remove the requirement in blink. Bug: v8:9496,v8:10460 Change-Id: I8832d02088ba422c3a27638cee4dacbaaf6f39b4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2167394Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#67421}
-
Anna Henningsen authored
For a zero-length BackingStore allocation, it is valid for the underlying memory to be a null pointer. However, some cleanup is still necessary, since the BackingStore may hold a reference to the allocator itself, which needs to be released when destroying the `BackingStore` instance. Change-Id: I1f168079d39e4592d2fde31fbe5f705586690e85 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2169646Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#67420}
-
Clemens Backes authored
The interpreter will be moved to be test-only, hence --wasm-interpret-all also needs to be removed. Since we don't have any non-compiling tier any more, we also remove the implication from --jitless to --wasm-lazy-compilation. Instead, we add another CHECK that we can't be in jitless mode if we trigger any wasm compilation. All tests that just ran other tests and additionally passed --wasm-interpret-all become redundant and are deleted. Also all regression tests that explicitly specify --wasm-interpret-all are not needed any more. R=thibaudm@chromium.org Bug: v8:10389 Change-Id: I5ddf20a842117a6c05e277a5308f5cfe42e6bfa5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2164792 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/master@{#67419}
-
Clemens Backes authored
This CL removes all debugging capabilities from the API provided by WasmDebugInfo: - setting and removing breakpoints - stepping - stack inspection The WasmDebugInfo is still kept, since it's used from tests to instantiate the interpreter. R=thibaudm@chromium.org, bmeurer@chromium.org Bug: v8:10389 Change-Id: I297bfc8df2104dae8b9f9f9b13078026c47698da Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2164791Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#67418}
-
Shu-yu Guo authored
Bug: v8:8179, chromium:1074621 Change-Id: I26e2e2cef7ae2b1e43526c4cfc2592cc0f6d688f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2169412 Auto-Submit: Shu-yu Guo <syg@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#67417}
-
Marja Hölttä authored
PerformPromiseAll doesn't set iteratorRecord.[[Done]] to true if Promise.resolve is not callable. This makes Promise.all call IteratorClose. BUG=v8:10452 Change-Id: Icbe17416a733f68ef09f1c610d715f544c2a3b8a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2164789Reviewed-by: Shu-yu Guo <syg@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#67416}
-
Jakob Gruber authored
This reverts the changes made in https://chromium-review.googlesource.com/c/v8/v8/+/1695465 https://chromium-review.googlesource.com/c/v8/v8/+/1776078 We originally moved this protector to the native context to avoid cross-native-context pollution of protector state. Ideally, invalidating a protector in one NC should not affect any other NC. But as it turns out, having the protector on the NC causes more problems than it solves since all affected callers now need to find the correct native context to check. Sometimes (e.g. in CSA regexp builtins) it is possible to blindly check the current NC, but the reasoning behind this optimization is tricky to understand. Sometimes, fetching the correct NC is not possible due to access restrictions. These implementation complexities outweigh the (unknown) potential performance benefits. In the future we should attempt to move away from the protector concept for these kinds of checks. Bug: chromium:1069964,v8:9463 Change-Id: I2cbb2ec7266282165dae5e4a6c8bdbda520c50a9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2157382Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#67415}
-
Kong, Fanchen authored
Bug: v8:9909 Change-Id: Ic6c26558c58630f0600ddf82e973d97f5414792b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2166959Reviewed-by: Zhi An Ng <zhin@chromium.org> Commit-Queue: Fanchen Kong <fanchen.kong@intel.com> Cr-Commit-Position: refs/heads/master@{#67414}
-