- 06 Dec, 2017 27 commits
-
-
Vlad Tsyrklevich authored
Control Flow Integrity [1] indirect call checking is a compiler- instrumentation that verifies that function pointers are only used to call functions whose type signatures matches the type of the function pointer. The once implementation casts function pointers to different types--refactor it to pass around a std::function that calls the provided function pointer with its original type instead. [1] https://www.chromium.org/developers/testing/control-flow-integrity Bug=chromium:776905,v8:7164 Change-Id: I26b63973fdcebbc11b1cd7b023a6a6d0724c360c Reviewed-on: https://chromium-review.googlesource.com/806262Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#49906}
-
Clemens Hammacher authored
This saves us 14.2kB binary size in libv8.so (in release mode), and probably also improves performance a little bit. R=titzer@chromium.org Bug: v8:7109 Change-Id: I345a48369aaf054572a4fd4368bf5cd526ed146a Reviewed-on: https://chromium-review.googlesource.com/797270Reviewed-by: Ben Titzer <titzer@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#49905}
-
Clemens Hammacher authored
The value is passed as int in most places anyway, so better also store it as int, and make sure that it's in the range [0..kMaxInt]. Also, our style guide only allows {int} out of the standard integer types. R=mstarzinger@chromium.org Bug: v8:6600 Change-Id: Ia425a8a6f64c9e617de02bb1d4f07413e9da4fc6 Reviewed-on: https://chromium-review.googlesource.com/810645 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#49904}
-
Ulan Degenbaev authored
Bug: chromium:791582 Change-Id: Ic2b4289431a4bd7b4b5a37437d25ebccd493497a Reviewed-on: https://chromium-review.googlesource.com/809130Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#49903}
-
Ulan Degenbaev authored
Bug: chromium:758183 Change-Id: I626be7a8f42662a657595c1147a6aa8cb53391fa Reviewed-on: https://chromium-review.googlesource.com/808941 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#49902}
-
Igor Sheludko authored
- When a global object changes, invalidate its validity cell. - The global object prototypes don't need to be gathered into an array in InitPrototypeChecks. Bug: v8:7159 Change-Id: I3621c914d08b83e49e8a391800a92eb53ba19feb Reviewed-on: https://chromium-review.googlesource.com/808588Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#49901}
-
Georg Neis authored
Bug: v8:6791 Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng Change-Id: I4a8aebe68617a75fa5ab9778bfa1f2ca561e9aef Reviewed-on: https://chromium-review.googlesource.com/756841 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#49900}
-
peterwmwong authored
Bug: chromium:791045, v8:1956, v8:7165 Change-Id: I03f26bbbe65217cedf663af59ef5eb63a5dcf039 Reviewed-on: https://chromium-review.googlesource.com/810039 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#49899}
-
Ulan Degenbaev authored
Bug: chromium:758183 Change-Id: I4bfaf5fa4e0131b279546e50ca05a4bb4ca1eb0a Reviewed-on: https://chromium-review.googlesource.com/808939Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#49898}
-
Ulan Degenbaev authored
Bug: chromium:758183 Change-Id: I7e0d5d6cfbef82895f76bd020a8ad22e4be013e2 Reviewed-on: https://chromium-review.googlesource.com/809151Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#49897}
-
Georg Neis authored
R=jarin@chromium.org Bug: v8:6791 Change-Id: I9d3787f670d44d68cc2c6474621b6c6a25642e5a Reviewed-on: https://chromium-review.googlesource.com/803434Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#49896}
-
Michael Achenbach authored
This reverts commit 0c2faa06. Reason for revert: seems to make win asan flaky: https://build.chromium.org/p/client.v8/builders/V8%20Win32%20ASAN/builds/1094 https://build.chromium.org/p/client.v8/builders/V8%20Win32%20ASAN/builds/1095 Original change's description: > [D8] Clean up ArrayBuffer Allocators in shell. > > - Reworks the class hierarchy in d8.cc to conform to the allocator API. > In particular, allocators should malloc/free or equivalent unless > v8::ArrayBuffer::Allocator::Reserve is called. > - Modifies ExternalizedContents to remember the allocation mode. > - ArrayAllocatorBase now tracks its allocations to make sure it doesn't > call Free on externalized array buffers it didn't allocate. > > Bug: chromium:756050 > Change-Id: Ic2d07d36358f1b4fa542bea27f93d1d51a1757e1 > Reviewed-on: https://chromium-review.googlesource.com/807355 > Commit-Queue: Bill Budge <bbudge@chromium.org> > Reviewed-by: Ben Titzer <titzer@chromium.org> > Reviewed-by: Eric Holk <eholk@chromium.org> > Cr-Commit-Position: refs/heads/master@{#49893} TBR=bbudge@chromium.org,titzer@chromium.org,eholk@chromium.org Change-Id: I0f3ecc10de843102e7681285f0300cf98704c92c No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:756050 Reviewed-on: https://chromium-review.googlesource.com/810904Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#49895}
-
Clemens Hammacher authored
When implementing Liftoff I realized that these are not tested at all in our cctests. R=ahaas@chromium.org Bug: v8:6600 Change-Id: I9f4da9bb93580f556bc67ebe8b79427373e656ba Reviewed-on: https://chromium-review.googlesource.com/808385 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#49894}
-
Bill Budge authored
- Reworks the class hierarchy in d8.cc to conform to the allocator API. In particular, allocators should malloc/free or equivalent unless v8::ArrayBuffer::Allocator::Reserve is called. - Modifies ExternalizedContents to remember the allocation mode. - ArrayAllocatorBase now tracks its allocations to make sure it doesn't call Free on externalized array buffers it didn't allocate. Bug: chromium:756050 Change-Id: Ic2d07d36358f1b4fa542bea27f93d1d51a1757e1 Reviewed-on: https://chromium-review.googlesource.com/807355 Commit-Queue: Bill Budge <bbudge@chromium.org> Reviewed-by: Ben Titzer <titzer@chromium.org> Reviewed-by: Eric Holk <eholk@chromium.org> Cr-Commit-Position: refs/heads/master@{#49893}
-
Ali Ijaz Sheikh authored
This reverts commit 8dd405e3. Reason for revert: MSAN errors: https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/builds/18598 Original change's description: > [heap] introduce SpaceWithLinearArea class > > NewSpace and OldSpace have linear allocation areas, but presently the > implementation doesn't share any code and there are subtle differences. > This CL introduces a superclass 'SpaceWithLinearArea' that will be used > to refactor and share code. > > Change-Id: I741e6a6ebb9e75c111287214fd1f555fba62c452 > Reviewed-on: https://chromium-review.googlesource.com/809504 > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com> > Cr-Commit-Position: refs/heads/master@{#49890} TBR=ulan@chromium.org,ofrobots@google.com Change-Id: Ibd325c2965b7b8dea36b34a8c4a3ee06ea24e515 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/810664Reviewed-by: Ali Ijaz Sheikh <ofrobots@google.com> Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com> Cr-Commit-Position: refs/heads/master@{#49892}
-
Peter Marshall authored
Bug: v8:7109 Change-Id: I8d1525734019656b7575636deac8828623a2f8df Reviewed-on: https://chromium-review.googlesource.com/803215 Commit-Queue: Peter Marshall <petermarshall@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#49891}
-
Ali Ijaz Sheikh authored
NewSpace and OldSpace have linear allocation areas, but presently the implementation doesn't share any code and there are subtle differences. This CL introduces a superclass 'SpaceWithLinearArea' that will be used to refactor and share code. Change-Id: I741e6a6ebb9e75c111287214fd1f555fba62c452 Reviewed-on: https://chromium-review.googlesource.com/809504Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com> Cr-Commit-Position: refs/heads/master@{#49890}
-
Sergiy Byelozyorov authored
R=machenbach@chromium.org Bug: chromium:791583 Change-Id: I84e2949b4b6eb79308218bd1fa073abbb58eaf84 Reviewed-on: https://chromium-review.googlesource.com/809109Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org> Cr-Commit-Position: refs/heads/master@{#49889}
-
Ulan Degenbaev authored
Bug: chromium:758183 Change-Id: I5bfbff77562fdfd30587fdea475fb1b532e67b40 Reviewed-on: https://chromium-review.googlesource.com/809136Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#49888}
-
Ulan Degenbaev authored
Bug: chromium:758183 Change-Id: I00966a8831ff3d62c962573955e235538e4bf4bb Reviewed-on: https://chromium-review.googlesource.com/809108Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#49887}
-
Michael Starzinger authored
R=hablich@chromium.org BUG=v8:6792 Change-Id: Ib3bb3f84f9acec37a37803f460f5c8cdc3669867 Reviewed-on: https://chromium-review.googlesource.com/792937 Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Michael Hablich <hablich@chromium.org> Cr-Commit-Position: refs/heads/master@{#49886}
-
Peter Marshall authored
Bug: v8:7109 Change-Id: Ib5a6040ad2f651761d1d59dfe7bffcfe1b5ce062 Reviewed-on: https://chromium-review.googlesource.com/803350 Commit-Queue: Peter Marshall <petermarshall@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#49885}
-
Michael Lippautz authored
Similar to the Scavenger, the Minor MC updates typed pointers into the young generation and thus requires priviliges to write to code space. Bug: chromium:651354 Change-Id: If5ce600f651ccb04b6ac3d82e6c2e311bfd7dc4d Reviewed-on: https://chromium-review.googlesource.com/809013Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#49884}
-
Georg Neis authored
This removes a condition that seems to have become always true in the cases we care about. R=jarin@chromium.org Bug: Change-Id: I3684db93ab7e498b7b7ac0b42945625c30fd1afa Reviewed-on: https://chromium-review.googlesource.com/806225Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#49883}
-
Tobias Tebbi authored
We cannot remove a speculative operation when it's type relies on it to deopt. Fix this by only relying on the lowering to remove operations. Bug: chromium:786521 Change-Id: I2cf45e8d45b76cfeb06e6329f323cade74719124 Reviewed-on: https://chromium-review.googlesource.com/793043Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#49882}
-
Sergiy Byelozyorov authored
TBR=machenbach@chromium.org Bug: chromium:791583 Change-Id: I66e5ae2f5d0c8d26bf2a9dbe0a2cc6022a4c2b36 Reviewed-on: https://chromium-review.googlesource.com/808973Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org> Cr-Commit-Position: refs/heads/master@{#49881}
-
jing.bao authored
Add vshufps, vmovaps, insertps/vinsertps Bug: Change-Id: I178cde529b5309a5221086ab916e5485a8b67d5a Reviewed-on: https://chromium-review.googlesource.com/802999Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Jing Bao <jing.bao@intel.com> Cr-Commit-Position: refs/heads/master@{#49880}
-
- 05 Dec, 2017 13 commits
-
-
Deepti Gandluri authored
Bug: V8:6020 Change-Id: I4a244dce01a3f85d6e85d3c890c0da3d1f39ef16 Reviewed-on: https://chromium-review.googlesource.com/807350Reviewed-by: Bill Budge <bbudge@chromium.org> Reviewed-by: Mircea Trofin <mtrofin@chromium.org> Commit-Queue: Deepti Gandluri <gdeepti@chromium.org> Cr-Commit-Position: refs/heads/master@{#49879}
-
Michael Lippautz authored
The space does not have a FreeList and the cast to PagedSpace is UB. Bug: chromium:792105 Change-Id: If566374ab87374302a209a9ba4a15ce7c198a4e0 Reviewed-on: https://chromium-review.googlesource.com/809145Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#49878}
-
Jakob Kummerow authored
For "top digit" (of the result) comparison to be applicable, we must also check that there are no further digits in the source. The included regression test flushes out another bug in "TruncateToNBits", so that gets fixed here too (in contrast to the first landing attempt). This reverts commit cb9e7af4. Bug: v8:7150 Change-Id: Id631b1ae79e60b8e85ed4667e246a64c46765f2b Reviewed-on: https://chromium-review.googlesource.com/807348Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#49877}
-
Michael Lippautz authored
Bug: chromium:791043 Change-Id: Ica59510f9ee611d62bc65775977df7c7f99fb8ca Reviewed-on: https://chromium-review.googlesource.com/807929Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#49876}
-
Mircea Trofin authored
Rename to better capture what the files contain. Removed includes of wasm-code-manager.h from .h files to improve build time. Bug: Change-Id: I0f0108cfb00b061c4433b6ff9670e9c4cae9c699 Reviewed-on: https://chromium-review.googlesource.com/807368Reviewed-by: Ben Titzer <titzer@chromium.org> Commit-Queue: Mircea Trofin <mtrofin@chromium.org> Cr-Commit-Position: refs/heads/master@{#49875}
-
Sergiy Byelozyorov authored
TBR=machebach@chromium.org Bug: chromium:747960 Change-Id: I1da31b55cb1c5bffbe3c6221a31876cafedc85bb Reviewed-on: https://chromium-review.googlesource.com/808965 Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org> Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org> Cr-Commit-Position: refs/heads/master@{#49874}
-
Ali Ijaz Sheikh authored
See also: https://chromium-review.googlesource.com/c/v8/v8/+/738204 BUG=chromium:791582 Change-Id: Ife3acf35eeaa6fdebd5ea2fabc1678ec762b3ed3 Reviewed-on: https://chromium-review.googlesource.com/806516Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com> Cr-Commit-Position: refs/heads/master@{#49873}
-
Ivica Bogosavljevic authored
Bug: Change-Id: I9a98cdb032821d7155bf536da1b66bbce90389cf Reviewed-on: https://chromium-review.googlesource.com/807926Reviewed-by: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com> Cr-Commit-Position: refs/heads/master@{#49872}
-
Daniel Clifford authored
Bug: chromium:791345 Change-Id: I81e5e23e2ddfc5e78a4ca922ceffda28516277c3 Reviewed-on: https://chromium-review.googlesource.com/806097Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Daniel Clifford <danno@chromium.org> Cr-Commit-Position: refs/heads/master@{#49871}
-
Jaroslav Sevcik authored
The proper fix would be to make TruncatingUseInfoFromRepresentation respect tagged signed use representation, but requires extra work to refine typing for all values that are stored into Smi fields. Bug: chromium:791245 Change-Id: I83965bcc18a836d2c758a6a8b1477a4aa2c6133d Reviewed-on: https://chromium-review.googlesource.com/808866Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#49870}
-
Sergiy Byelozyorov authored
R=machenbach@chromium.org No-Try: true Bug: chromium:747960 Change-Id: I01f6c7e074e7a69f33d1d989460c36a9077a887d Reviewed-on: https://chromium-review.googlesource.com/806154 Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#49869}
-
Georgia Kouveli authored
Also remove some unused code. Bug: v8:6644 Change-Id: Id0021b397f366d2f26e990750c4b8c33f0c1cd81 Reviewed-on: https://chromium-review.googlesource.com/806836Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com> Cr-Commit-Position: refs/heads/master@{#49868}
-
Georg Neis authored
R=jarin@chromium.org Bug: chromium:791958 Change-Id: I483558270f4dfa845dff4ff88076be27bb15cc8e Reviewed-on: https://chromium-review.googlesource.com/808804Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#49867}
-