- 23 Aug, 2019 25 commits
-
-
Z Nguyen-Huu authored
StringAdd_ConvertRight and StringAdd_ConvertLeft Change-Id: I7d4c560dd53e445ad73f374824ec6fddcce6a641 Bug: v8:8996 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1756853 Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#63381}
-
Yang Guo authored
Running microtasks with exceptions scheduled violates varios invariants within the microtasks code. Bug: v8:9652 Change-Id: I78c868feed5b742e225cad19e55216f0ef250af4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1767261Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Andrey Kosyakov <caseq@chromium.org> Cr-Commit-Position: refs/heads/master@{#63380}
-
Andreas Haas authored
This reverts commit 5db04cc0. Reason for revert: <INSERT REASONING HERE> Original change's description: > Revert "[regexp] Only append to JSRegExpResult's initial map if we add descriptor" > > This reverts commit dc1cc223. > > Revert "[regexp] Implement the match indices proposal" > > This reverts commit 9460101c. > > Reason for revert: Causes confusion on Blink side, as it introduces > an object with >=2 internal fields that is not a wrapper (see bug). > > Bug: chromium:996681 > Change-Id: I5c167e9e15bfbec2aa6b843e3063ead5d52fb26c > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1768897 > Commit-Queue: Sigurd Schneider <sigurds@chromium.org> > Reviewed-by: Yang Guo <yangguo@chromium.org> > Reviewed-by: Sigurd Schneider <sigurds@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63376} TBR=yangguo@chromium.org,sigurds@chromium.org,joshualitt@chromium.org Change-Id: Ic58fc3fc83faaf86bd895da29eacb7d51c443beb No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:996681 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1768584Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#63379}
-
Maya Lekova authored
Replace all usages of VectorSlotPair with FeedbackSource. Bug: v8:7790 Change-Id: I0ac6e9cd8f5730154cc1842e267ca1ebfdebc874 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1763536 Commit-Queue: Maya Lekova <mslekova@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#63378}
-
Sigurd Schneider authored
With this Cl, a function that has been marked for deoptimization will not be reported as optimized. This protects against potential races where an mjsunit tests assertUnoptimized, and the optimized code for the function has been marked for deoptimization, but not been disposed of yet. The potential for this race has been discovered in the context of bug v8:9563, but this CL is not a fix for that bug. Change-Id: I89d8aa85f19033e6b823324b3307b95d61367147 Bug: v8:9563 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1763543Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Auto-Submit: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#63377}
-
Joshua Litt authored
This reverts commit dc1cc223. Revert "[regexp] Implement the match indices proposal" This reverts commit 9460101c. Reason for revert: Causes confusion on Blink side, as it introduces an object with >=2 internal fields that is not a wrapper (see bug). Bug: chromium:996681 Change-Id: I5c167e9e15bfbec2aa6b843e3063ead5d52fb26c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1768897 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#63376}
-
Sigurd Schneider authored
Change-Id: I9988ea2dfeccbfaa9e0197920703ab430a43acb7 Bug: v8:7327 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1674026 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Daniel Clifford <danno@chromium.org> Cr-Commit-Position: refs/heads/master@{#63375}
-
Leszek Swirski authored
With no more MutableHeapNumber, we can make Double -> Tagged transitions in-place, at the cost of an extra map check when accessing double fields to make sure they are still doubles. Bug: v8:9606 Change-Id: I74ff39ed6fba62ee223cd37dfe761f7d73020e1c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1743973Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#63374}
-
Joshua Litt authored
In order to reflect web reality, TC39 has made some slight changes to name descriptors, see https://github.com/tc39/ecma262/pull/1490 for details. V8 was mostly already in compliance with these changes, but ThrowTypeError and anonymous classes needed some slight changes. Bug: v8:9646 Change-Id: I163238954938f0c005e3adbc61b90498e01436da Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1764622Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Joshua Litt <joshualitt@chromium.org> Cr-Commit-Position: refs/heads/master@{#63373}
-
Leszek Swirski authored
Replace uses of WordEqual on two tagged representation nodes with a new TaggedEqual helper, which on pointer compressed configs only compares the bottom 32-bits of the word. We no longer allow using WordEqual on anything not known to be a WordT (i.e. Node* or TNode<Object>). In the future, this may allow us to ignore the top bits of an uncompressed Smi, and have simpler decompression, though this patch is not sufficient for such a change. As a necessary drive-by, TNodify a bunch of stuff. Bug: v8:8948 Change-Id: Ie11b70709e5d3073f12551b37b420a172a71bc99 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1763531 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#63372}
-
Sigurd Schneider authored
Bug: v8:7327 Change-Id: Ia8e5d51b12cc86734523860af88d4c3948e0f0c0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1660614 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Daniel Clifford <danno@chromium.org> Cr-Commit-Position: refs/heads/master@{#63371}
-
Ana Peško authored
Change-Id: I921a6d3b58809c71df7de3eb7e868ff64d8792cd Bug: v8:9566 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1768577Reviewed-by: Peter Marshall <petermarshall@chromium.org> Commit-Queue: Ana Pesko <anapesko@google.com> Cr-Commit-Position: refs/heads/master@{#63370}
-
Maya Lekova authored
Bug: chromium:997057 Change-Id: I821b91ff51f82e6325dae5719e1669142c82b05e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1768579 Commit-Queue: Maya Lekova <mslekova@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Auto-Submit: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#63369}
-
Michael Lippautz authored
Change-Id: Iea75626e58d60506ff54c2ab2b6ee814230fb80c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1768580 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Auto-Submit: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#63368}
-
Dominik Inführ authored
Introduce list of invalidated objects for old-to-new slots. Objects are registered as invalidated in NotifyObjectLayoutChange, however no slots are filtered right now. Slots are still deleted, so all recorded slots are valid. Bug: v8:9454 Change-Id: Ic0ea15283c4075f4051fae6a5b148721265339f7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1765528 Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#63367}
-
Thibaud Michaud authored
Out of memory should be the only reason for {FinalizeCode} to return an empty handle in wasm heap stub compilation. Crash accordingly. R=mstarzinger@chromium.org Bug: chromium:990223 Change-Id: I996721c69bfe600a7c13937a65c93d0b19b91c45 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1768578Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/master@{#63366}
-
Dan Elphick authored
This changes Compiler::CollectSourcePositions to skip finalization of the BytecodeArray, constant table, handler table, ScopeInfos as well as internalization of Ast values since only the source position table is used and the others will be collected soon after by the GC. It will also now avoid recompiling inner functions that would otherwise be eagerly compiled. BytecodeArrayWriter::ToBytecodeArray has been changed to never populate the source_position_table. Bug: v8:8510 Change-Id: I2db2f2da6b48fde11f17a20d017c1a54c0a34fc2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1763538 Commit-Queue: Dan Elphick <delphick@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#63365}
-
Georg Neis authored
While we only need to check stability of the receiver map if its inference was "unreliable", we must check stability of each prototype's map unconditionally. Bug: chromium:997100 Change-Id: I20071ac9eb74c810ad2ab1d78abfb54a1a006c29 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1768576 Commit-Queue: Maya Lekova <mslekova@chromium.org> Auto-Submit: Georg Neis <neis@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#63364}
-
Dominik Inführ authored
Do not clear old-to-new slots for the new FixedArray's map and length word on left trim because these fields are tagged. Bug: v8:9454 Change-Id: I9947a93f80efc6669498ed4c0171d728aebc782b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1767997 Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#63363}
-
Michael Lippautz authored
Avoid clearing the memory on the embedder-side of a TracedGlobal handle. When using destructors in TracedGlobal this is safe as long as the embedder reports the handle on tracing GCs. If the embedder does not report a handle it is assumed that the containing object is dead as well. Without using destructors the same argument holds for tracing GCs. In addition, embedders using the optimization of clearing references on non-tracing GCs are expected to clear the reference in ResetHandleInNonTracingGC. It is suggested that only expert embedders make use of (a) no destructors and (b) IsRootForNonTracingGC. Change-Id: Ia417c0eb0860094fcaa554e7046d38abac905714 Bug: chromium:995684 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1763539 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#63362}
-
Jakob Kummerow authored
Change-Id: Iadc6fa94ac2b77a8a8b0f1dbf3c28fc97ff13930 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1765608Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#63361}
-
Ana Peško authored
is enabled. Change-Id: Iab87b9c7a0d0600782b02537844338ff065622ab Bug: chromium:996234 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1765531Reviewed-by: Peter Marshall <petermarshall@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Ana Pesko <anapesko@google.com> Cr-Commit-Position: refs/heads/master@{#63360}
-
Dominik Inführ authored
Get rid of deletion entries in the store buffer. Clearing a slot now first empties the store buffer and then directly deletes the slot from the remembered set. Bug: v8:9454 Change-Id: I656db593a0478db3fa63324d7f3c6862b4b5e776 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1766130Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#63359}
-
Yang Guo authored
This reverts commit 0bd19ddb. TBR=szuend@chromium.org Change-Id: I86bc9409cb809ff978a1104be79bbbe4b87f85e5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1767996Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Simon Zünd <szuend@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#63358}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/127a048..8528a36 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/7f90416..940c282 TBR=machenbach@chromium.org,tmrts@chromium.org Change-Id: I96542c62d864df98232070366d7db0948295c944 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1767223Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#63357}
-
- 22 Aug, 2019 15 commits
-
-
Jakob Gruber authored
This is a reland of 1e472c42 No change, this was a speculative revert to unblock the roll. TBR=jgruber Original change's description: > [compiler] Track the maximal unoptimized frame size > > This is another step towards considering the unoptimized frame size in > stack checks within optimized code. > > With the changes in this CL, we now keep track of the maximal > unoptimized frame size of the function that is currently being > compiled. An optimized function may inline multiple unoptimized > functions, so a single optimized frame can deopt to multiple > frames. The real frame size thus differs in different parts of the > optimized function. > > We only care about the maximal frame size, which we calculate > conservatively as an over-approximation, and track in > InstructionSelector::max_unoptimized_frame_height_ for now. In future > work, this value will be passed on to codegen, where it will be > applied as an offset to the stack pointer during the stack check. > > (The motivation behind this is to avoid stack overflows through deopts, > caused by size differences between optimized and unoptimized frames.) > > Note that this offset only ensure that the topmost optimized frame can > deopt without overflowing the stack limit. That's fine, because we only > deopt optimized frames one at a time. Other (non-topmost) frames are > only deoptimized once they are returned to. > > Drive-by: Print variable and total frame height in --trace-deopt. > > Bug: v8:9534 > Change-Id: I821684a9da93bff59c20c8ab226105e7e12d93eb > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1762024 > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Auto-Submit: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Sigurd Schneider <sigurds@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63330} Bug: v8:9534 Change-Id: I686f200e7be1f419e23e50789e11607a0b2886d9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1766645 Commit-Queue: Bill Budge <bbudge@chromium.org> Reviewed-by: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#63356}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/f4bb5e7..127a048 Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/679dc37..2662d14 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/4c55b35..7f90416 Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/ebf97a6..656fd11 TBR=machenbach@chromium.org,tmrts@chromium.org Change-Id: I87815c4b3e4122a66b431805295e0e4ecfbcdd6c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1766054Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#63355}
-
Ng Zhi An authored
Bug: v8:8460 Change-Id: I16df8eee6146704e26c6e784452ad8dc4621a460 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1749711Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#63354}
-
Bill Budge authored
This reverts commit 8ee507f1. Reason for revert: Speculative, to unblock the V8 roller https://ci.chromium.org/p/chromium/builders/try/linux-rel/173637 Original change's description: > [ic] Inline constant fields in IC > > Previously, the handler would load the constant field from the holder > everytime by using the descriptor index. Instead, this patch inlines > the constant field directly into the handler. > > Change-Id: Ia731811b135897033f4c5dc973031a30f25a64ed > Bug: v8:9616 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1688829 > Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63332} TBR=gsathya@chromium.org,ishell@chromium.org,verwaest@chromium.org Change-Id: I36c5648c56f1d78447b7a45504cdebf593c020a1 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:9616 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1766148Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#63353}
-
Seth Brenith authored
This change adds the indexed field for the characters in the definition of sequential string types, and introduces support for recognizing the various specific string types in v8_debug_helper. In an attempt to avoid duplicating info about string instance types, it also refactors String::Get so that StringShape (a simple class usable by postmortem tools) can dispatch using a class that defines behaviors for each concrete type. Bug: v8:9376 Change-Id: Id0653040f6decddc004c73f8fe93d2187828c2c6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735795 Commit-Queue: Seth Brenith <seth.brenith@microsoft.com> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/master@{#63352}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/abb522f..f4bb5e7 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/bfcde3c..4c55b35 TBR=machenbach@chromium.org,tmrts@chromium.org Change-Id: Iaf903551f6942cd4b2d30fb80601eae7d04b91b5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1765461Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#63351}
-
Bill Budge authored
This reverts commit 1e472c42. Reason for revert: Speculative revert, to attempt to fix crashes that block the V8 roll. Example failure run: https://ci.chromium.org/p/chromium/builders/try/linux-rel/173465 Original change's description: > [compiler] Track the maximal unoptimized frame size > > This is another step towards considering the unoptimized frame size in > stack checks within optimized code. > > With the changes in this CL, we now keep track of the maximal > unoptimized frame size of the function that is currently being > compiled. An optimized function may inline multiple unoptimized > functions, so a single optimized frame can deopt to multiple > frames. The real frame size thus differs in different parts of the > optimized function. > > We only care about the maximal frame size, which we calculate > conservatively as an over-approximation, and track in > InstructionSelector::max_unoptimized_frame_height_ for now. In future > work, this value will be passed on to codegen, where it will be > applied as an offset to the stack pointer during the stack check. > > (The motivation behind this is to avoid stack overflows through deopts, > caused by size differences between optimized and unoptimized frames.) > > Note that this offset only ensure that the topmost optimized frame can > deopt without overflowing the stack limit. That's fine, because we only > deopt optimized frames one at a time. Other (non-topmost) frames are > only deoptimized once they are returned to. > > Drive-by: Print variable and total frame height in --trace-deopt. > > Bug: v8:9534 > Change-Id: I821684a9da93bff59c20c8ab226105e7e12d93eb > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1762024 > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Auto-Submit: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Sigurd Schneider <sigurds@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63330} TBR=neis@chromium.org,sigurds@chromium.org,jgruber@chromium.org Change-Id: I7b225c30bfc4e1d958276583f512a1ec5fa2b458 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:9534 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1764626Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#63350}
-
Jakob Kummerow authored
ClusterFuzz found another case where "weird" embedder calls can cause signed integer overflow. This patch fixes the last addition in that function to use unsigned types. Bug: chromium:991676 Change-Id: Ia77a12020908de8f0a3bd1be7d3722ba5c5c919b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1743971 Auto-Submit: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#63349}
-
Darius Mercadier authored
This CL enables the FreeList strategy introduced by CL 1762292. Bug: v8:9329 Change-Id: I73c1399aa9ae9a602f29f208c5543927a1405403 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1765533Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Darius Mercadier <dmercadier@google.com> Cr-Commit-Position: refs/heads/master@{#63348}
-
Sathya Gunasekaran authored
This reverts commit 5c59ba4f. Reason for revert: requires more thinking Original change's description: > [ic] Fix KeyedLoadIC for ArrayIndex access > > Previously, without support for converting strings to numbers we'd > switch to megamorphic state and go to the runtime always to do the > conversion causing a performance cliff. > > This patch improves the following js-perf-test scores: > Object-Lookup-String-Constant-BytecodeHandler: 4.25% > Object-Lookup-Index-String-BytecodeHandler: 5.41% > > Bug: v8:9449 > Change-Id: I63787fa84373fc946f1304b0141e48a52a1b4bcb > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1690953 > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63293} TBR=mythria@chromium.org,jyan@ca.ibm.com,gsathya@chromium.org,leszeks@chromium.org,ishell@chromium.org,verwaest@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: v8:9449 Change-Id: I6b6ad5901175c2e6bbd7516b13e91471adb5776d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1765532Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#63347}
-
Michael Starzinger authored
This preserves the object identity of a {WebAssembly.Function} instance that is being re-exported by a module. Such functions are considered to have an internal [[FunctionAddress]] slot and hence require their object identity to be preserved (similar to {WasmExportedFunction} already). R=jkummerow@chromium.org TEST=mjsunit/wasm/type-reflection BUG=v8:7742 Change-Id: I88ba75fcd91ce04440008467f3b218a1ac3047db Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1763545Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#63346}
-
Darius Mercadier authored
This new FreeList should be a reasonable replacement for our old FreeListLegacy: it is slightly less efficient (~1%), but uses much less memory (often 5% less old_space size). It is based on FreeListMany, with the following additions: - A cache to waste less time iterating empty categories - A fast path for allocations done in the runtime and generated code - A slow path (the same as FreeListMany actually) for allocations done in the GC. Bug: v8:9329 Change-Id: Ifc10b88df7861266a721afd2c6e6d8357255ec4e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1762292 Commit-Queue: Darius Mercadier <dmercadier@google.com> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#63345}
-
Andreas Haas authored
For import wrappers, we add a special "callable" parameter as the last parameter. This parameter is not set in the TurboFan graph but in the code generator. Therefore this parameter has to be allocated in a special register and cannot be lowered generically. With this CL we detect in the CallDescriptor lowering if the last parameter is this special "callable" parameter. If so, we preserve it in the lowered CallDescriptor in the same register. R=jkummerow@chromium.org Bug: v8:7741 Change-Id: I884baa41813011c811612ec84f4e3cfe86a0e83a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1762014Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#63344}
-
Sigurd Schneider authored
This CL adds a mechanism that prevents the RuntimeProfiler from triggering optimization of a function after %PrepareFunctionForOptimization has been called. This is useful to prevent flakiness in tests, as sometimes a function that already got deoptimized would receive a new code object from a concurrent compile that was triggered by a heuristic just in the right moment for the assertUnoptimized test to fail. For example, the following was happening: PrepareFunctionForOptimization [marking `testAdd` for optimized recompilation, reason: small function] [concurrently compiling method `testAdd` using TurboFan] [manually marking `testAdd` for non-concurrent optimization] [synchonously compiling method `testAdd` using TurboFan] [synchonously optimizing `testAdd` produced code object 0xAAAA - took 1.638 ms] Runtime_GetOptimizationStatus OPTIMIZED `testAdd` (code object 0xAAAA) DeoptimizeFunction `testAdd` with Code Object 0xAAAA [concurrently optimizing `testAdd` produced code object 0xBBBB - took 3.377 ms] Runtime_GetOptimizationStatus OPTIMIZED `testAdd` (code object 0xBBBB) Bug: v8:9563 Change-Id: Ia4c846aba95281589317d43b82383e70fe0a35f5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1763546Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#63343}
-
Dominik Inführ authored
This reverts commit aba185a7. Reason for revert: We want to keep this API. Original change's description: > [heap] Remove slots when shrinking objects > > Immediately remove recorded old-to-new slots when shrinking objects. > This operation needs to drain the store buffer, however the store buffer > is supposed to be removed anyway. > > Also do not remove slots when left-trimming since this isn't needed for > correctness. > > Bug: v8:9454 > Change-Id: I751baf2dcd03c87aee9cb1ebd168e05bf373a738 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1762012 > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63271} TBR=ulan@chromium.org,dinfuehr@chromium.org Bug: v8:9454 Change-Id: I9524a7448cc49948915fdccc5a6b1aa22e4de4a9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1762524Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#63342}
-