- 18 Feb, 2022 7 commits
-
-
Michael Achenbach authored
This reverts commit 1025bf26. Reason for revert: https://crbug.com/v8/12645 Original change's description: > [shared-struct] Prototype JS shared structs > > Unlike the Stage 1 proposal, for simplicity the prototype does not add > any new syntax, instead opting for exposing a SharedStructType > constructor which takes an array of field names. This type constructor > returns constructors for shared structs. > > Shared structs can be shared across Isolates, are fixed layout, have no > prototype, have no .constructor, and can only store primitives and > other shared structs. > > The initial prototype does not have TurboFan support. > > Bug: v8:12547 > Change-Id: I23bdd819940b42139692bcdb53d372099b0d4426 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3390643 > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > Reviewed-by: Marja Hölttä <marja@chromium.org> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> > Commit-Queue: Shu-yu Guo <syg@chromium.org> > Cr-Commit-Position: refs/heads/main@{#79156} Bug: v8:12547 Change-Id: I44f2b8bb7487b4d39ba1282585e0b2282501230f No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3474676 Auto-Submit: Michael Achenbach <machenbach@chromium.org> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Owners-Override: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/main@{#79170}
-
Nico Hartmann authored
This reverts commit a1838956. Reason for revert: https://bugs.chromium.org/p/v8/issues/detail?id=12642 Original change's description: > [heap] Allow shared references in WeakMap > > Shared references can also be stored in WeakMaps and during marking we > need to be able to deal with such references. In a client GC shared > objects are treated as live, so we don't need to update or check mark > bits for such objects. > > Bug: v8:11708 > Change-Id: I0dbf797472c4779f462750dab63cc9b012aad091 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3447365 > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> > Cr-Commit-Position: refs/heads/main@{#79153} Bug: v8:11708 Change-Id: I113672aceba0ef5aa71f6fbedda7e0df854a437d No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3474673 Auto-Submit: Nico Hartmann <nicohartmann@chromium.org> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> Owners-Override: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/main@{#79168}
-
Samuel Groß authored
Previously, V8_OS_MACOSX was, somewhat confusingly, also used for iOS. With this CL, V8_OS_DARWIN will be set on both macOS and iOS, V8_OS_MACOS only on macOS, and V8_OS_IOS only on iOS. This CL also renames V8_TARGET_OS_MACOSX to V8_TARGET_OS_MACOS and renames platform-xnu.cc to platform-darwin.cc. Change-Id: I4bcafc7c337586662114144f6c7ccf47d978da1f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3468577Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Cr-Commit-Position: refs/heads/main@{#79167}
-
Dominik Inführ authored
Now that we are able to compact map space, we can also get rid of the map space and allocate maps in the old space instead. This CL introduces a FLAG_map_space for enabling/disabling the map space but the map space remains enabled by default for now. Without a separate space for maps, the GC can't prevent relocation of maps anymore. Therefore this CL always allows compaction of maps when running without a map space. Rename flag to --compact-maps to better fit this scenario. mkgrokdump and debug_helper also need to be updated to look for maps also in the old space. The map space is now optional. Bug: v8:12578 Change-Id: Ic4e4abd0b58bee26e64329b1c92dbccb07d8105a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3424483Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
Seth Brenith <seth.brenith@microsoft.com> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/main@{#79165}
-
Clemens Backes authored
Message tests check the output of a test against an expected file. Executing with --stress-opt changes the output, since the test will be run multiple times. For that reason, most message tests explicitly add the --no-stress-opt flag. Since this is redundant, and not a per-test setting, just configure this globally for all message tests instead. R=machenbach@chromium.org Bug: v8:12425 Change-Id: I52f1b43da2781fcb6f6bd37e67d483ca69c1c929 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3471637Reviewed-by:
Michael Achenbach <machenbach@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#79164}
-
Benedikt Meurer authored
When a terminate_exception is raised while executing one of the promise related jobs on the microtask queue, we don't clean up properly, leaving the async stack in the inspector in an inconsistent state, not cleaning up the promise stack on the Isolate, and also not resetting the global current_microtask slot. This CL adds appropriate logic to perform the correct cleanup. Fixed: chromium:1297964 Change-Id: I4ec64405d4c66bfe1f0115e7039866447fb10f02 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3471815 Auto-Submit: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/main@{#79162}
-
Frank Tang authored
Change NumberFormat.prototpe.resolvedOptions to return new options in v3. Also fix a heap allocation assertion bug in GetStringOrBooleanOption while the useGrouping option is an invalid argument. https://github.com/tc39/proposal-intl-numberformat-v3 https://chromestatus.com/guide/edit/5707621009981440 Design Doc: https://docs.google.com/document/d/19jAogPBb6W4Samt8NWGZKu47iv0_KoQhBvLgQH3xvr8/edit Bug: v8:10776 Change-Id: Iaeeb0398b77394db3c941a2706d44b734a1f9d8c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3427298Reviewed-by:
Shu-yu Guo <syg@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/main@{#79161}
-
- 17 Feb, 2022 8 commits
-
-
Francis McCabe authored
Bug: v8:12638 Change-Id: I88a28b8a17b25ead4a5771870323425772f4f45a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3472873Reviewed-by:
-
Shu-yu Guo authored
Unlike the Stage 1 proposal, for simplicity the prototype does not add any new syntax, instead opting for exposing a SharedStructType constructor which takes an array of field names. This type constructor returns constructors for shared structs. Shared structs can be shared across Isolates, are fixed layout, have no prototype, have no .constructor, and can only store primitives and other shared structs. The initial prototype does not have TurboFan support. Bug: v8:12547 Change-Id: I23bdd819940b42139692bcdb53d372099b0d4426 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3390643Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Reviewed-by:
Marja Hölttä <marja@chromium.org> Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Reviewed-by:
Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/main@{#79156}
-
Milad Fa authored
https://crrev.com/c/3471558 is causing the following compilation error on gcc: ``` error: suggest explicit braces to avoid ambiguous 'else' ``` Bug: chromium:1298417 Change-Id: I84a34603664c5ee148cc9ea282c0f8c53319b6d8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3472403Reviewed-by:
-
Dominik Inführ authored
Shared references can also be stored in WeakMaps and during marking we need to be able to deal with such references. In a client GC shared objects are treated as live, so we don't need to update or check mark bits for such objects. Bug: v8:11708 Change-Id: I0dbf797472c4779f462750dab63cc9b012aad091 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3447365Reviewed-by:
-
Benoît Lizé authored
Guard pages are 4k areas at the beginning and end of each oilpan page (128kiB) which are meant to be inaccessible. However on ARM64 macOS, the OS page size is 16kiB, meaning that these are not inaccessible. But we do pay for these, as they are part of the first and last OS page. Meaning that we effectively waste 2 * 4kiB = 6.25% of each Oilpan page. Since these are not serving their purpose, disable them on this platform. Another fix could be to make the guard page 16kiB, but given that the entire oilpan page is 128kiB, this may have adverse effects on e.g. fragmentation. Note that this doesn't regress security, as the regions were never protected to begin with on this platform. Bug: chromium:1298417 Change-Id: Iad5d05670962780e6d1eeab2bb8a331deb7aa1f3 Cq-Include-Trybots: luci.v8.try:v8_linux_arm64_rel_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3471558Reviewed-by:
-
Nico Hartmann authored
Tests are flaky on arm64 sim and arm64 sim - msan bots. Bug: v8:12637 Change-Id: If9570ceb8af375d12ddd375274aea1ebc0078e63 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3471634 Owners-Override: Nico Hartmann <nicohartmann@chromium.org> Auto-Submit: Nico Hartmann <nicohartmann@chromium.org> Reviewed-by:
Maya Lekova <mslekova@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/main@{#79150}
-
Thibaud Michaud authored
Use the existing generic js-to-wasm wrapper to handle arguments in the stack-switching export wrapper, by combining them into a single helper function parameterized by a boolean. If the stack_switch parameter is false, the generated js-to-wasm wrapper is the same as before. If the stack_switch parameter is true, we allocate and switch to the new stack before starting to process the parameters. To load the parameters, we also keep a pointer to the old stack. After the call, we convert the return value according to the return type as usual, and then switch back to the parent stack (which may be different than the original stack, but has a compatible stack frame layout). If the stack suspends during the call, control-flow jumps right before we deconstruct and leave the frame, and returns the Promise as an externref in the return register. R=ahaas@chromium.org,jkummerow@chromium.org CC=fgm@chromium.org Bug: v8:12191 Change-Id: If3f8eaba8edebe6e98d4738f79f895fdb5322adc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3460410Reviewed-by:
Andreas Haas <ahaas@chromium.org> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/main@{#79148}
-
Manos Koukoutos authored
Changes: - Simplify GetRefTypeName. - Simplify WasmModuleDebug::GetWasmValue. - Fix some signature issues in tests. Change-Id: I61b9a48c0fbce0bc9cc74771412bdb8977880697 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3468344Reviewed-by:
-
- 16 Feb, 2022 6 commits
-
-
Camillo Bruni authored
This is a reland of 9ae463bc - Don't run the heap stats during bootstrapping Original change's description: > [heap-stats] Fix heap-stats with ptr-cage > > - Heap-stats was trying to load the map without explicitly passing in > the PtrComprBase causing failures with Code objects in external code > space > - Extend the debugPrint.js tests to run with some more debugging and > testing flags to prevent future regressions > > Change-Id: I1f0d03cb31480f316fe533b507ff98fe3befbe8e > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3432386 > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Auto-Submit: Camillo Bruni <cbruni@chromium.org> > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> > Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> > Cr-Commit-Position: refs/heads/main@{#78919} Bug: chromium:1297436 Change-Id: Ib42ae7b8c5f4a427abbce633a1b3ac36ad32994b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3437046Reviewed-by:
-
Paolo Severini authored
Allow Wasm to generate calls directly to Fast API C functions. Also fixes a problem when calling a Fast Api C function with no FastApiCallbackOptions from JS. This is a rebase of https://chromium-review.googlesource.com/c/v8/v8/+/3364356, which was a rebase of the work originally done by devsnek in: https://chromium-review.googlesource.com/c/v8/v8/+/2718666. Bug: chromium:1052746, chromium:1292333 Change-Id: Ic56268e7723f80f7ea9e6799e777786d3a50222f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3440694Reviewed-by:
Camillo Bruni <cbruni@chromium.org> Reviewed-by:
Manos Koukoutos <manoskouk@chromium.org> Commit-Queue: Paolo Severini <paolosev@microsoft.com> Cr-Commit-Position: refs/heads/main@{#79125}
-
Samuel Groß authored
This API allows allocating shared memory mappings inside a virtual address space from a platform-specific handle to a shared memory object. This will make it possible to allocate shared memory inside the sandbox, for example as backing memory for ArrayBuffers. Bug: chromium:1218005 Change-Id: I4f1f50baec50734e846496cff78046e4fffe75c5 Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3383777Reviewed-by:
Victor Gomes <victorgomes@chromium.org> Reviewed-by:
-
Michael Lippautz authored
The information was previously kept heap-global but is really only used by spaces when refilling their LABs. Bug: v8:12615 Change-Id: Iee256d35ffa0112c93ec721bc3afdc2881c4743b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3465898Reviewed-by:
-
Samuel Groß authored
These should not be allowed inside the sandbox as they could be corrupted by an attacker, thus posing a security risk. Furthermore, executable pages require MAP_JIT on macOS, which causes fork() to become excessively slow, in turn causing tests to time out. Due to this, the sandbox now requires the external code space. In addition, this CL adds a max_page_permissions member to the VirtualAddressSpace API to make it possible to verify the maximum permissions of a subspace. Bug: v8:10391 Change-Id: Ib9562ecff6f018696bfa25143113d8583d1ec6cd Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3460406Reviewed-by:
-
Camillo Bruni authored
- Simplify HeapObject::IsArrayList check - Dehandlify ArrayList initialization - Prevent auto-formatting of v8heapconst.py Change-Id: I9849ad82dae1a2dc671433e8d5eb8ec63ed830c9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3447906Reviewed-by:
Simon Zünd <szuend@chromium.org> Reviewed-by:
Omer Katz <omerkatz@chromium.org> Auto-Submit: Camillo Bruni <cbruni@chromium.org> Reviewed-by:
-
- 15 Feb, 2022 12 commits
-
-
Jakob Gruber authored
This was mostly unused. We should simply be able to use CodeKind plus related predicates instead. Replace FeedbackVector::optimization_tier with maybe_has_optimized_code, which states whether the optimized code cache is filled. The value is updated lazily and may lag behind the actual code cache state. We only use this field for quick cache-empty? checks from generated code. Bug: v8:7700,v8:12552 Change-Id: Ibfc5c0128eac56167a68ecba5690eab2e9369640 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3460741Reviewed-by:
-
Clemens Backes authored
Data segments were missing in the output of --wasm-fuzzer-gen-test. R=manoskouk@chromium.org Bug: v8:11863 Change-Id: I40e60ef8626125ca9df6bead688607215d9e5b58 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3461932Reviewed-by:
-
Thibaud Michaud authored
Split small chunks of assembly instructions into separate functions. This makes the code easier to follow and to maintain, especially for register allocation. Drive-by: simplify stack-switching test. R=ahaas@chromium.org Bug: v8:12191 Change-Id: Id7544a3b2d16085540d9f1863a0eabd1f72f22bb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3461929Reviewed-by:
-
Dominik Inführ authored
LocalAllocator was already renamed to EvacuationAllocator some time ago. Rename files now as well. Bug: v8:10315 Change-Id: I337f693998aaf5187a5ba05842cdb2474837b68d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3463719 Auto-Submit: Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by:
-
Jakob Gruber authored
1. feedback_vector_allocation -> feedback_allocation like elsewhere. 2. A consistent --interrupt-budget prefix. 3. Remove the on-by-default --feedback-allocation-on-bytecode-size. Bug: v8:7700 Change-Id: I1d0af11e89398973a65bf9cb7c7722740d9452ea Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3463718 Auto-Submit: Jakob Gruber <jgruber@chromium.org> Reviewed-by:
-
jameslahm authored
Originally, 'Promise.allSettled.call()' will throw "Promise.all called on non-object". It should be "Promise.allSettled called on non-object". Add test for it. Bug: v8:12122 Change-Id: I496a7c9d31baeb5b99012461387cfbccc4100d2b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3463063Reviewed-by:
Yang Guo <yangguo@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/main@{#79096}
-
jameslahm authored
according https://tc39.es/ecma262/#sec-runtime-semantics-iteratordestructuringassignmentevaluation, when desturcturing assignment with elision, iteratorValue should not be called, thus the returned object's "value" property should not be read during the assignment. Bug: v8:12595 Change-Id: Id4b2c236c30486397683b4ccd4d156b718e12df3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3459922Reviewed-by:
-
Clemens Backes authored
The --wasm-fuzzer-gen-test functionality didn't handle imported functions correctly. R=manoskouk@chromium.org Bug: v8:11863 Change-Id: I0486e15465bfabead7bc352d1a94326a39439e43 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3460412Reviewed-by:
-
Clemens Backes authored
The module builder was outputting the address as an unsigned LEB value instead of a signed value, leading to wrong results. R=manoskouk@chromium.org Bug: v8:11863 Change-Id: I547ca98defcae0ba15b4004a506b65387534b08a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3463715Reviewed-by:
-
Kim-Anh Tran authored
This CL adds the functionality to remove instrumentation breakpoints in wasm. Bug: chromium:1133307 Change-Id: I05ec7f8ac634267d95744ef4565d81cd0c372a2d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3460407Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
Clemens Backes <clemensb@chromium.org> Commit-Queue: Kim-Anh Tran <kimanh@chromium.org> Cr-Commit-Position: refs/heads/main@{#79088}
-
jameslahm authored
[bootstrapper] copy accessors in deserialized global into global object created using global proxy template Originally, the accessors wont be copied into global object from deserialized global. And the accessors in serialized global object will be lost. Fix to copy accessors in deserialized global into global object when recreating new global object using passed global proxy template. Tests credited to xiangyangemail@gmail.com https://chromium-review.googlesource.com/c/v8/v8/+/3405405 Bug: v8:12564 Change-Id: Iefb3a6dbfa5445b227d87c26eb423cf1b924dbb4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3459937Reviewed-by:
-
Balakrishna Avulapati authored
Adding ldflags for aix. This is a todo item noticed Change-Id: I09dc86a3e956408edb1bfeba6b60bf67843caf4d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3439339Reviewed-by:
-
- 14 Feb, 2022 7 commits
-
-
Manos Koukoutos authored
Since we do not yet have canonicalization for types, when emitting ref.func in the fuzzer, it is not enough to pick a function whose signature is equivalent with the requested type; we have to pick a function that is declared exactly with the requested signature index. Bug: chromium:1296936 Change-Id: Ie307a9a370bb9ba2c8c334ddf05268ed9c7077d6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3460411Reviewed-by:
Thibaud Michaud <thibaudm@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/main@{#79081}
-
Omer Katz authored
Various cleanups around young generation GCs. These include: (*) Repalce minor_mark_compact_collector_ with a unique_ptr and merge initialization with the mark_compact_collector_ and scavenger_collector_. (*) Rename IncrementalMarking::UpdateMarkingWorklistAfterScavenge to IncrementalMarking::UpdateMarkingWorklistAfterYoungGenGC. (*) Remove redundant MarkingTreatmentMode parameter from MakeIterable. Bug: v8:12612 Change-Id: Ifac7006d3425808a4b9e4c8e1af054a60c073180 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3448380Reviewed-by: -
Nikolaos Papaspyrou authored
This CL simplifies the reporting of full GC cycles and the connection between the GC of the managed C++ heap and the managed Javascript heap. It moves the call to GCTracer::RecordFullCycleToRecorder to be part of GCTracer::StopCycle. Bug: v8:12503 Bug: chromium:1154636 Change-Id: I332dbcd81d2e5bdda83f3353c6526fc18e23ebd5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3456563Reviewed-by:
-
Anton Bikineev authored
The generational barrier for source objects records the entire source object to be processed later during remembered set visitation. It's planned to be used for Blink backing stores when an inlined object (or a range thereof) is added (HeapAllocator::NotifyNewObject(s)). An alternative approach would be to eagerly process the inlined objects using a custom callback. However, this requires changing Visitors to bring slots into the context. This approach should better work for scenarios where small ranges or single elements are added, to avoid processing potentially large backing stores. The followup CL implements this idea. Bug: chromium:1029379 Change-Id: Iacb59e4b10a66354526ed293d7f43f14d8761a8f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3460402Reviewed-by:
-
Leszek Swirski authored
Replace the Advance/Done methods on BitVector::Iterator with STL-compatible operator overloads, and add begin/end methods to BitVector itself, so that BitVectors can be iterated with ranged for loops. As a drive-by cleanup, make GrowableBitVector hold the BitVector by value (to avoid needing to allocate one for empty iteration), and remove its unused (and inefficient) Union method. Change-Id: Idcd34e26bfb087e3ec8297b4a769a51bfab4b6e8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3455803Reviewed-by:
-
Dominik Inführ authored
This is a reland of 2694b75e The reason for the revert was fixed and landed in https://crrrev.com/c/3456023, together with all changes in d8.cc. This reland itself doesn't change the CL apart from rebasing. Original change's description: > Reland "Reland "[heap] Support client-to-shared refs in Code objects"" > > This is a reland of 4b8f1b1c > > After landing https://crrev.com/c/3447371, we can reland this CL as-is > correctness-wise. > > What's new in this CL is that we now treat references from client > objects into the shared heap as roots for the --track-retaining-path > feature. > > Original change's description: > > Reland "[heap] Support client-to-shared refs in Code objects" > > > > This is a reland of 12e46091 > > > > Original change's description: > > > [heap] Support client-to-shared refs in Code objects > > > > > > Support references from code objects in the client heaps to shared heap objects. Such references are stored in a remembered set during marking, which is later used for updating pointers. > > > > > > Bug: v8:11708 > > > Change-Id: I8aeb508ddd14514ca65fa5acf3030dd8c2040168 > > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3401588 > > > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > > > Reviewed-by: Camillo Bruni <cbruni@chromium.org> > > > Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> > > > Cr-Commit-Position: refs/heads/main@{#78819} > > > > Bug: v8:11708 > > Change-Id: I47bcf44b452fcffe8675fba03244b736ede14247 > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3422630 > > Reviewed-by: Camillo Bruni <cbruni@chromium.org> > > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > > Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> > > Cr-Commit-Position: refs/heads/main@{#78838} > > Bug: v8:11708 > Change-Id: I5b48e942fa469eabb40e797e221d06c25af16443 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3425358 > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Reviewed-by: Camillo Bruni <cbruni@chromium.org> > Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> > Cr-Commit-Position: refs/heads/main@{#79023} Bug: v8:11708 Change-Id: I83de1dc4dc4701cba4936a68923f6d9b97f7a6a8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3455242Reviewed-by:
-
Victor Gomes authored
This is a reland of c927ada7 Fix: Recalculate encoding after an allocation (that can potentially trigger GC) in EnsureHasFullTransitionArray. Original change's description: > [runtime] Refactor TransitionsAccessor > > Problems: > - The class uses a bare Map field, but some methods can trigger GC > causing it to have a potential dangling pointer in case of map > compaction. > - Some methods invalidate the object state and should not be used again. > - Complicate logic with a no_gc and a gc aware constructors. Some > methods can only be called if the object is constructed with a > particular constructor (e.g, Insert and PutPrototypeTransition). > > Note: Most usages of this class is done by constructing an object and > calling a single method: > `TransitionAccessor(...).Method(...)` > So we can easily change them to a static method. > > This CL: > 1. Adds DISALLOW_GARBAGE_COLLECTION to the class. > 2. Makes methods that can trigger GC static. > 3. Creates static helper functions that wrap the class in a different > scope, since TransitionsAccessor now forces the scope to disallow gc. > 4. Removes now unnecessary "Reload" logic. > > Bug: chromium:1295133, v8:12578 > Change-Id: I85484e7235fbd5e69894e26f5e1c491c6f69635e > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3450416 > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Commit-Queue: Victor Gomes <victorgomes@chromium.org> > Cr-Commit-Position: refs/heads/main@{#79051} Bug: chromium:1295133, v8:12578 Change-Id: If3880c2480433b78567870c8d14508d6ad9eccbd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3460405Reviewed-by:
-
