- 24 Aug, 2020 10 commits
-
-
Marja Hölttä authored
Bug: v8:9237 No-Try: True Change-Id: Ic1bba1e0f5584350217c3971dfcc769c86beb1fd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2366694 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#69538}
-
Zeynep Cankara authored
This CL highlights the items with clickable functionality. It is implemented based on the received feedback from the V8 Mobile Team. Bug: v8:10644 Change-Id: I0489327681d485eedde59594d36083efdc216575 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2370626Reviewed-by: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Zeynep Cankara <zcankara@google.com> Cr-Commit-Position: refs/heads/master@{#69537}
-
Santiago Aboy Solanes authored
The new one was created in https://chromium-review.googlesource.com/c/v8/v8/+/1969900, and the old API was deprecated in https://chromium-review.googlesource.com/c/v8/v8/+/2110015, so now we can remove it. Bug: v8:8116 Change-Id: Ia839279609b412c36f1f17368acef23fe07e7c61 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2369174Reviewed-by: Peter Marshall <petermarshall@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#69536}
-
Zeynep Cankara authored
This cleanup CL adds a timeline property to ic-panel and directly assigns the logEvents to selectedLogEvents upon data load. Bug: v8:10644 Change-Id: Ic1707ea237abbf57417c0b14e24fc0bf797d9679 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2370627Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Zeynep Cankara <zcankara@google.com> Cr-Commit-Position: refs/heads/master@{#69535}
-
Omer Katz authored
Marking on allocation assumes a non-empty stack. Thus marking on allocation will not finalize even if it runs out of work (we prefer to finalize in a non-nestable task with no stack). Instead it will schedule another marking task and delegates finalization to the next marking task. Bug: chromium:1056170 Change-Id: I457090fe0a235707bb9973e330ff24fb25ac66c0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2366764Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/master@{#69534}
-
Santiago Aboy Solanes authored
Change-Id: I1df5bbb5f974e09967a7e904556dd109235ecace Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2366780Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#69533}
-
Zhao Jiazhong authored
Reverse JS arguments hasn't been implemented on mips Change-Id: Ie6adb1c55de06838cb530966b1b54fb4b542350f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2371477Reviewed-by: Victor Gomes <victorgomes@chromium.org> Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn> Cr-Commit-Position: refs/heads/master@{#69532}
-
Jakob Gruber authored
Prior to this CL, one had to artificially insert a basic-block-terminating node after Unreachable. The common pattern was Unreachable(); Goto(&some_label); // Never reached but generates useless code. This CL improves usability by automatically merging Unreachable nodes to the end node, and terminating current effect/control. The updated pattern is just Unreachable(); or in cases where Turboprop must maintain a schedule: Unreachable(&some_label); Bug: v8:8888 Change-Id: I26a0b11b5e67252a6dc3584ae09ed06370f1eacc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2362690 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Auto-Submit: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#69531}
-
johnx authored
Starboard is the platform abstraction for Cobalt. This CL introduces all Cobalt changes in src/base/platform. The review was conducted mostly on: https://chromium-review.googlesource.com/c/v8/v8/+/2247918 See b/156155426 for background Tbr: mlippautz@chromium.org Change-Id: I6cd092304ba6485acd38e82aa2dc4505d7dfb0aa Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2346090 Commit-Queue: John Xu <johnx@google.com> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#69530}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/c97da98..b656b39 TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com Change-Id: I9d81d498321fe94d55f2b0eec45c10ef1cdc7f0c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2370823Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#69529}
-
- 23 Aug, 2020 1 commit
-
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/134058c..c97da98 TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com Change-Id: Ic02d3f8415af6afc1cdfe372d04f8cbef0113a55 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2370822Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#69528}
-
- 22 Aug, 2020 2 commits
-
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/d2b7ca1..134058c Rolling v8/buildtools: https://chromium.googlesource.com/chromium/src/buildtools/+log/b00ad0a..ff93f3e Rolling v8/buildtools/linux64: git_revision:e327ffdc503815916db2543ec000226a8df45163..git_revision:6f13aaac55a977e1948910942675c69f2b4f7a94 Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/7f34313..e6244cc Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/87a7605..4909610 Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/a4bb1c6..9784c4f TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com Change-Id: I5979068c4c7066b845adc8576281de66a36fdc6d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2370070Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#69527}
-
Francis McCabe authored
This reverts commit 8358094d. Reason for revert: Closed the tree on arm pointer compression: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20-%20arm64%20-%20sim%20-%20pointer%20compression/6256? Original change's description: > [atomics] Missing detach check in Atomics.store on MIPS > > There was a missing detach check in the runtime implementation of > Atomics.store on BigInt TypedArrays. This runtime function is only used > on MIPS. > > Bug: v8:10687 > Change-Id: I77946d2ab0abf70c583af514ddaba0d384a21309 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2369663 > Auto-Submit: Shu-yu Guo <syg@chromium.org> > Commit-Queue: Ben Smith <binji@chromium.org> > Reviewed-by: Ben Smith <binji@chromium.org> > Cr-Commit-Position: refs/heads/master@{#69525} TBR=binji@chromium.org,syg@chromium.org Change-Id: I955cdbf5d83674b8acb5b67bbe8754f3d39261aa No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:10687 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2369973Reviewed-by: Francis McCabe <fgm@chromium.org> Commit-Queue: Francis McCabe <fgm@chromium.org> Cr-Commit-Position: refs/heads/master@{#69526}
-
- 21 Aug, 2020 12 commits
-
-
Shu-yu Guo authored
There was a missing detach check in the runtime implementation of Atomics.store on BigInt TypedArrays. This runtime function is only used on MIPS. Bug: v8:10687 Change-Id: I77946d2ab0abf70c583af514ddaba0d384a21309 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2369663 Auto-Submit: Shu-yu Guo <syg@chromium.org> Commit-Queue: Ben Smith <binji@chromium.org> Reviewed-by: Ben Smith <binji@chromium.org> Cr-Commit-Position: refs/heads/master@{#69525}
-
Frank Tang authored
Bug: v8:10819 Change-Id: I91cf658d9fdcbaf58d6b2e5734c59d7248b8393e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2369461Reviewed-by: Shu-yu Guo <syg@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/master@{#69524}
-
Seth Brenith authored
If the input to a Switch happens to be something that we already know to be zero-extended, then we don't need to emit a movl to zero-extend it. This is a tiny optimization, but speeds up the Mono interpreter by 3% because it's heavily dependent on switch dispatch speed. Bug: v8:10606 Change-Id: I67ab6b6aeb93df4e420ea2afef41a2234d7da979 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2368195Reviewed-by: Zhi An Ng <zhin@chromium.org> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com> Cr-Commit-Position: refs/heads/master@{#69523}
-
Ross McIlroy authored
Also removes bmeurer@ from interpreter/OWNERS. BUG=v8:10806 Change-Id: I97cb77350271f773600e92d4ce787080388eb14c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2369179 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Mythri Alle <mythria@chromium.org> Auto-Submit: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Cr-Commit-Position: refs/heads/master@{#69522}
-
Mythri A authored
With in-place representation changes we can transition from a double field to a Tagged field without changing the map. So it is not always safe to assume the loaded value would be a HeapNumber. TurboFan takes a dependency on the field representation to ensure the code is deoptimized on any changes. With dynamic map checks, it is not possible to take such a dependency. Hence check the loaded value is a HeapNumber and deoptimize otherwise. Bug: chromium:1112155,v8:10582 Change-Id: I910ac1c0781ac8842fdbf272f9173b55b02923ba Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2354810 Commit-Queue: Mythri Alle <mythria@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#69521}
-
Santiago Aboy Solanes authored
Bug: v8:9708, v8:6949 Change-Id: I2a60a3970adf3020b42ee1b1264ca3c11f9f88c6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2362955Reviewed-by: Mythri Alle <mythria@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#69520}
-
Santiago Aboy Solanes authored
The array can be FixedArrayBase, PropertyArray or HeapObject. That HeapObject has to be either a FixedArray or a PropertyArray since we have an assert for it. However, due to how the code is structured it is not so simple to remove HeapObject from the Union. Drive-by: deleted unused version of BuildFastArrayForEach. Bug: v8:9708, v8:6949 Change-Id: I980f759dad9c76f0c765622cbdda37e33709f53f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2362954Reviewed-by: Mythri Alle <mythria@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#69519}
-
Thibaud Michaud authored
R=ahaas@chromium.org CC=ecmziegler@chromium.org Bug: v8:7431 Change-Id: Ia6303984be4b4f23051fe39a80cdff3143811bb2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2367867 Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#69518}
-
Ulan Degenbaev authored
This is a reland of 1dd7f3a9 Original change's description: > [heap] Add concurrent marking write barrier > > A LocalHeap creates and owns an instance of MarkingBarrier. A pointer to > the marking barrier is set to a thread_local variable for a quick access. > > WriteBarrier::MarkingSlow fetches the thread_local variable and invokes > the write barrier if it is set. Otherwise, it invokes the main thread > heap()->marking_barrier(). > > Each marking barrier has its own local marking worklist that is > published during scavenge (for updating pointers) and at finalization > of incremental marking. > > Typed-slot recording does not work yet because it is not thread-safe. > It will be fixed in a subsequent CL. > > Bug: v8:10315 > Change-Id: I221a906436cd91e7405a253ce0eb06cf68046f2c > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2354809 > Commit-Queue: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> > Cr-Commit-Position: refs/heads/master@{#69448} Bug: v8:10315 Change-Id: I155bb0aadd53a5333672fb085b33d8da86f3f336 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2364509Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#69517}
-
Lutz Vahl authored
the V8 branch cut TBR=hablich@chromium.org Change-Id: Iddc7173833f266fe43f0d5e2e618eeeb534d6f21 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2366783Reviewed-by: Adam Klein <adamk@chromium.org> Reviewed-by: Michael Hablich <hablich@chromium.org> Commit-Queue: Michael Hablich <hablich@chromium.org> Cr-Commit-Position: refs/heads/master@{#69516}
-
Dominik Inführ authored
Lock the mutex of PagedSpace before invoking FreeLinearAllocationArea(). Bug: v8:10315 Change-Id: If96b9b8b72932590daf3d548be41c20796ed524f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2367857Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#69515}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/183d29c..d2b7ca1 Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/c244e33..7f34313 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/25f1303..87a7605 TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com Change-Id: I0deda41eaae7b80cd99c1a8952817154e72d385d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2367668Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#69514}
-
- 20 Aug, 2020 15 commits
-
-
Andreas Haas authored
Some tests are failing now and have been marked as failing to investigate them. R=jkummerow@chromium.org Change-Id: I1242ccf3bdc8f4d2ff55bc016c43fa51c556376e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2366696Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#69513}
-
Thibaud Michaud authored
Skip code spaces that do not have a far jump table in GetRuntimeStubId. R=clemensb@chromium.org Bug: chromium:1116141 Change-Id: Id0fcec691a2729f67750d2da15eea9f521075743 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2366763Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/master@{#69512}
-
Victor Gomes authored
ppc and s390 do not currently support this feature. Change-Id: I5ea840e20f9aa77d63d19652bd826c812caae0b4 Bug: v8:10201 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2366762Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Victor Gomes <victorgomes@chromium.org> Cr-Commit-Position: refs/heads/master@{#69511}
-
Victor Gomes authored
Change-Id: Ic530de3d2dff626137c3d0a195cde71b99062203 Bug: v8:10201 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2366779 Auto-Submit: Victor Gomes <victorgomes@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Victor Gomes <victorgomes@chromium.org> Cr-Commit-Position: refs/heads/master@{#69510}
-
Maya Lekova authored
This reverts commit d7b20edc. Reason for revert: Introduces data races - https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/32898 Original change's description: > [wasm][ukm] Add tests for Wasm events > > Ensure that events are triggered when a module is decoded, compiled, > instantiated and tiered-up. > > R=clemensb@chromium.org > > Bug: chromium:1092417 > > Change-Id: I9dc87957fc03023c5ab1c4f49e865957c8324e1a > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2351676 > Commit-Queue: Emanuel Ziegler <ecmziegler@chromium.org> > Reviewed-by: Clemens Backes <clemensb@chromium.org> > Cr-Commit-Position: refs/heads/master@{#69508} TBR=clemensb@chromium.org,ecmziegler@chromium.org Change-Id: I9bcfeda1048939a8142f5003b03feab399f9de96 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:1092417 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2366785Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#69509}
-
Emanuel Ziegler authored
Ensure that events are triggered when a module is decoded, compiled, instantiated and tiered-up. R=clemensb@chromium.org Bug: chromium:1092417 Change-Id: I9dc87957fc03023c5ab1c4f49e865957c8324e1a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2351676 Commit-Queue: Emanuel Ziegler <ecmziegler@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#69508}
-
Omer Katz authored
Perform a small marking step whenever we allocate a new lab. Bug: chromium:1056170 Change-Id: I2a09480a254ddb1afc95bf5ef9a70ec27f512d79 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2366698 Commit-Queue: Omer Katz <omerkatz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#69507}
-
Omer Katz authored
This CL adds a bytes based deadline to draining of worklist. The time based deadline is also kept because: 1) Unified heap can't transition to bytes-based deadlines yet. 2) Unified heap with concurrent marking needs to flush v8 references which don't count as marked_bytes and can cause very long incremental pauses. Bug: chromium:1056170 Change-Id: I5ab57754e7ff0b5821f3acb76e1e6f59fc9d68b8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2299374Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/master@{#69506}
-
Lutz Vahl authored
TBR=vahl@chromium.org Change-Id: Ie869b55eccd0bd0d23cc62c7ec7884dbaa8e7c4d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2366701Reviewed-by: Lutz Vahl <vahl@chromium.org> Commit-Queue: Lutz Vahl <vahl@chromium.org> Cr-Commit-Position: refs/heads/master@{#69505}
-
Victor Gomes authored
Adapt GenericJSToWasmWrapper to support reversed arguments stack. Change-Id: I46f6492cd8a933a7670eb2ad436a1ac84b055e60 Bug: v8:10201 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2366702 Auto-Submit: Victor Gomes <victorgomes@chromium.org> Commit-Queue: Victor Gomes <victorgomes@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#69504}
-
Ulan Degenbaev authored
Change-Id: I328dde4ef8265fa15e2dfc7ac689e175465edebd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2366700Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#69503}
-
Milad Farazmand authored
Port 929dd374 Original Commit Message: When CFI is enabled this adds a check against this list whenever a new return address must be set in a deoptimized frame, as a mitigation for ROP attacks. The list is known at linking time so that its content and the pointer to it can be stored in a read-only memory section. The check is performed in the signing function, which is no longer generic, as well as when setting the current pc of the frame. Since the pc is now only signed when setting the caller's pc, there is no need for ReplaceContext anymore. R=salome.thirot@arm.com, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG= LOG=N Change-Id: I5005096811c289707e2d080477c60ae2ed4bf38b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2365372Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#69502}
-
Jakob Gruber authored
To properly test tier-up in the V8 test suite, change the test variant previously called --turbo-nci-as-highest-tier to --turbo-nci-as-midtier. As a midtier (between ignition and turbofan), all major parts of the NCI pipeline (codegen, caching inside the same native context, tier-up) are exercised by test suite. Bug: v8:8888 Change-Id: Ic8ee2f3e3d72768c3869f5e0b25800dd0a5f25b7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2361462 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#69501}
-
Andreas Haas authored
On x64, trap handlers are enabled as part of the default configuration. However, each embedder has to enable trap handlers explicitly, and in the wasm fuzzers, trap handlers were not enabled. This CL enables trap handlers now in all wasm fuzzers. Drive-by change: enable all staged wasm features in the wasm-async fuzzer. R=clemensb@chromium.org Change-Id: Ib7c2addb092551b5554a2b74830e5b67db077909 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2362957 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#69500}
-
Dominik Inführ authored
Heap::UnregisterStrongRoots needs to iterate the list of all strong roots to delete the given slot. This CL changes Heap::RegisterStrongRoots to return the pointer to the linked list node. Heap::UnregisterStrongRoots gets the node as argument and can directly delete it in constant time. The CL also introduces Heap::UpdateStrongRoots which can update a node without locking the mutex. Bug: v8:10315 Change-Id: I2c021517c010a659821f8c10de758bb49b28449f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2364511Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#69499}
-