- 21 May, 2019 17 commits
-
-
Santiago Aboy Solanes authored
There was a case missing when we have a compressed value that: * Can be compressed signed * We know can't be a smi * Has to be converted to tagged pointer The case from tagged to compressed was also missing. This was the proper way of fixing the chromium bug (963917), and it could fix more things since a conversion was missing. Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng Bug: chromium:963917, v8:8977, v8:7703, v8:8982 Change-Id: Id1df8e81bc900fef9bed3539c0ace621810ab1da Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1621941Reviewed-by: Michael Stanton <mvstanton@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#61690}
-
Andreas Haas authored
This CL fixes an issue where V8 does not satisfy the WebAssembly spec of the anyref proposal. The table.fill instruction has 3 parameters, {start_index}, {length}, and {value}. V8 trapped with table-out-of-bounds when {start_index >= table_size}. However, the spec requires that {start_index == table_size} is valid when {length == 0}. R=mstarzinger@chromium.org Bug: v8:7581 Change-Id: I5f83a03fb8e349b48c887535f6f065492feb9ac2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609537 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#61689}
-
Peter Marshall authored
This is not needed as this is already a method on all ArrayBufferViews and there is only one caller which actually uses the cast. Bug: v8:9183 Change-Id: Ic45b40bf433c870bc8cb0121c24755fd03ce405b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1622106 Commit-Queue: Peter Marshall <petermarshall@chromium.org> Commit-Queue: Simon Zünd <szuend@chromium.org> Auto-Submit: Peter Marshall <petermarshall@chromium.org> Reviewed-by: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#61688}
-
Clemens Hammacher authored
In contrast to (private) class fields, struct fields are public and accessed directly, and do not end in an underscore. This CL fixes naming in struct fields in the recently introduces {CompilationUnitQueues} class. R=ahaas@chromium.org Bug: v8:9183 Change-Id: I87d80650dc4a1c58cf8067ebb4ecfadf929545ab Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1621936Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#61687}
-
Clemens Hammacher authored
The semantics of that method are not obvious (it returns an empty MaybeHandle if the element is undefined, otherwise it assumes it is of type T). Since there is only a single use of that method in the whole code base, just having that logic there explicitly is much simpler. Potential future uses of that method are probably also easier to understand if they just to the checks explicitly. Drive-by: Document semantics of {FixedArray::GetValueChecked}. Also for this method it's quesionable whether it is useful overall. Drive-by^2: Avoid else after return (see style guide). R=mstarzinger@chromium.org Bug: v8:9183 Change-Id: I88dcb0f080d728bbe55932f17cf4d7eb25ab5928 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619761 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#61686}
-
Yang Guo authored
TBR=hpayer@chromium.org NOPRESUBMIT=true Bug: v8:9247 Change-Id: I3d49c1c748fe5109523d4cd122ba925f20cfc60b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619755Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#61685}
-
Andreas Haas authored
This is just for convenience, and actually surprising behavior. R=clemensh@chromium.org Bug: v8:9183 Change-Id: I3316856e63b97bfb06da897c6f8b716bc988aa36 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1621932 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#61684}
-
Simon Zünd authored
This is a reland of 3dd56612 The reland introduces a new flag "--experimental-stack-trace-frames". The flag is disabled by default, but enabled for relevant tests. The flag stays disabled by default until API frames are eagerly symbolized to prevent leaks in blink web tests. Original change's description: > [stack-trace] Include API functions in Error.stack stack trace > > This CL extends Error.stack to include frames of functions declared > with the C++ FunctionTemplate API. For example, "print" in d8. > > Two changes are necessary: > - HandleApiCall and friends need to go through an BUILTIN_EXIT frame > instead of an EXIT frame. The existing stack-trace machinery will > then pick up FunctionTemplate frames without additional changes. > - Turbofan doesn't go through HandleApiCall, but instead uses an > ASM builtin to enter FunctionTemplate functions. A "marker" > frame state is needed to include these frames in the stack trace. > > Note: This CL only includes these frames in Error.stack, > but not (yet) in the stack-trace API (v8.h). > > Bug: v8:8742,v8:6802 > Change-Id: Ic0631af883cf56e0d0122a2e0c54e36fed324d91 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609835 > Commit-Queue: Simon Zünd <szuend@chromium.org> > Reviewed-by: Sigurd Schneider <sigurds@chromium.org> > Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/master@{#61602} Bug: v8:8742, v8:6802 Change-Id: I1d3b79cdf0b2edcbaeff1ec15e10deeca725f017 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1621925Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#61683}
-
Yang Guo authored
Bug: v8:9247 TBR=bmeurer@chromium.org,neis@chromium.org NOPRESUBMIT=true Change-Id: Ia1e49d1aac09c4ff9e05d58fab9d08dd71198878 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1621931Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#61682}
-
Andreas Haas authored
This parameter was just for convenience but did not end up in the generated bytes. R=clemensh@chromium.org Bug: v8:9183 Change-Id: Id4faf5b9ad20a357c069c3189db6ed14945dea8c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1621929 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#61681}
-
Toon Verwaest authored
Inputs to JSON can be two-byte because payload strings can contain two-byte characters, without actually having any one-byte property key. Rather than eagerly converting the string to one-byte, we can perform a string-table lookup with a two-byte string key; only converting the result to one-byte if it's a new key. This speeds up json parsing of two-byte json from the Youtube benchmark by 20%. Change-Id: If6d4a37d331724f48b008aef8ec3e28d366cd038 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619866 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#61680}
-
Sigurd Schneider authored
Factory::NewStackFrameInfo was leaving fields with the default initialization to 'undefined' for fields marked as Smi type in base.tq. Our heap verifier dutifully found and reported the discrepancy. This CL initializes all fields of the struct to values compatible with the Torque specification. In the future, this should probably be done automatically. Change-Id: I30c2e2830300d9d84af663384dd7e0283ec39b77 Bug: chromium:965042 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1621928Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#61679}
-
Yang Guo authored
It has previously been moved to gni/ R=machenbach@chromium.org Change-Id: If838616d28b9eaaea2bff0496a1ad2535845f420 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1621926Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#61678}
-
Simon Zünd authored
This CL also removes the corresponding intrinsic lowering of IsTypedArray in TurboFan and Ignition. Drive-by: Remove unused ArrayBufferViewWasDetached runtime function. Bug: v8:9183 Change-Id: I2767b22fbdfb679cba30b9fbc555c8d41c7f4345 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617930Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Peter Marshall <petermarshall@chromium.org> Commit-Queue: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#61677}
-
Yang Guo authored
Bug: v8:9247 Change-Id: I9bcf2694b449f79cdbe03f5fde59cb21b8cad418 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619758 Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#61676}
-
Yang Guo authored
R=verwaest@chromium.org Bug: v8:9247 Change-Id: I747c13cc8517858872c85fc93d0e95af4968e1b2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617934Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#61675}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/eaddee0..12e7bf6 Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/4d85003..5655d8f Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/cf6269b..5716400 TBR=machenbach@chromium.org,sergiyb@chromium.org,tmrts@chromium.org Change-Id: Ib0164d126269ca0974252536b9556ceae731e247 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1621488Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#61674}
-
- 20 May, 2019 23 commits
-
-
Suraj Sharma authored
Bug: v8:8952 Change-Id: I36ee0d6793a4a9715360c155636f6e19db2119bc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1616015 Commit-Queue: Suraj Sharma <surshar@microsoft.com> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Simon Zünd <szuend@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#61673}
-
Tobias Tebbi authored
Macros are now inaccessible from CSA except if their declaration is marked with the "export" keyword. The implicit field accessors for class fields are always exported. In this CL, unwarranted access from CSA is prevented by appending a pseudo-random suffix to non-exported names. This is to be replaced by something more principled, namely by not including these macros at all in the headers included from CSA. Bug: v8:7793 Change-Id: I3ffb2e91a616623f81b4b4508e001ad0cf65d2c2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1615258 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Simon Zünd <szuend@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#61672}
-
Suraj Sharma authored
This is a reland of b9bfd006 Original change's description: > [torque] Convert few class layout to torque and updated torque code formatter. > > 1. Converted Module, JSModuleNameSpace, JSCollator, JSV8BreakIterator, > TemplateList, > JSStrictArgumentsObject to torque. > 2. Updated torque code formatter to now handle multi-line > declarations correctly. > > Bug: v8:8952 > Change-Id: I97846b1bc0d2cba5d7a68468fc263423b1b55d19 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1536988 > Reviewed-by: Simon Zünd <szuend@chromium.org> > Commit-Queue: Suraj Sharma <surshar@microsoft.com> > Cr-Commit-Position: refs/heads/master@{#61624} Removed the Torque code Formatter update from this CL Bug: v8:8952 Change-Id: I01e88ac36acd7ba18791bec609e5ae737672c731 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619146 Commit-Queue: Suraj Sharma <surshar@microsoft.com> Reviewed-by: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#61671}
-
Z Duong Nguyen-Huu authored
When reconfigure data field (e.g. change representation), it was allowed to transition from dictionary elements kind to sealed elements kind. With this change, this transition is forbidden. Bug: chromium:963346 Change-Id: I6c9a5f6f269bc5ee4cd6176ff5e8d803f08dba1f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1613840 Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#61670}
-
Z Duong Nguyen-Huu authored
Also add mjsunit test for spread call with non-extensible objects Micro-benchmark JSTests/ObjectFreeze shows ~7x improvement Before: SpreadCall SpreadCall-Numbers(Score): 239 After: SpreadCall SpreadCall-Numbers(Score): 1461 Bug: v8:6831 Change-Id: Icefd89ad790ac159b7f0617d0a012eefd90d3b1d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1614296Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com> Cr-Commit-Position: refs/heads/master@{#61669}
-
Hannes Payer authored
Bug: v8:9093 Change-Id: I69aa3edddf5ea52e1cca185fa03f51122cdf02c5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617937 Commit-Queue: Hannes Payer <hpayer@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#61668}
-
Pierre Langlois authored
When the 'disabled-by-default-v8.gc' category is enabled, emit an instant event with heap statistics after every GC. The data that's emitted is the same as what the V8 API gives you with `GetHeapStatistics()` and `GetHeapSpaceStatistics()`. We generate JSON with the following format: ``` { "isolate": "0x55dd5cf03b50", "id": 1, "time_ms": 42.619, "total_heap_size": 3981312, "total_heap_size_executable": 573440, "total_physical_size": 2820440, "total_available_size": 2195254440, "used_heap_size": 1799616, "heap_size_limit": 2197815296, "malloced_memory": 251024, "external_memory": 2981, "peak_malloced_memory": 589280, "spaces": [ { "name": "read_only_space", "size": 262144, "used_size": 32568, "available_size": 229256, "physical_size": 32888 }, { "name": "new_space", "size": 2097152, "used_size": 903392, "available_size": 143904, "physical_size": 1856136 }, ... ] } ``` Bug: v8:9186 Change-Id: I0d07aa37b65d45778d6b47dbe6e07a9dd25d1097 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619763Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Pierre Langlois <pierre.langlois@arm.com> Cr-Commit-Position: refs/heads/master@{#61667}
-
Jaroslav Sevcik authored
This reverts commit ad1fcd43. Reason for revert: Breaks waterfall. Original change's description: > [cleanup] Remove the now-unused deopt_count from feedback vector. > > Bug: v8:9183 > Change-Id: Iceeccc8ab1e4e77b428e7e2feec39bff3317f241 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617675 > Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Cr-Commit-Position: refs/heads/master@{#61665} TBR=mstarzinger@chromium.org,jarin@chromium.org Change-Id: Iea0e6a329f55a3a941f0b976925b2abdf7eece38 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:9183 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619867Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#61666}
-
Jaroslav Sevcik authored
Bug: v8:9183 Change-Id: Iceeccc8ab1e4e77b428e7e2feec39bff3317f241 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617675 Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#61665}
-
Sigurd Schneider authored
This is a reland of 5ce68669 TBR=ishell@chromium.org Original change's description: > Enable alignment checks when reading object fields > > Drive-by: Fix alignment bugs caused by DCHECKS. > > Bug: v8:9264 > > Change-Id: I0836b1d08fea2ce11d8f7929e12f303b6ae06efe > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617676 > Commit-Queue: Sigurd Schneider <sigurds@chromium.org> > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Cr-Commit-Position: refs/heads/master@{#61643} Bug: v8:9264 Change-Id: Ice9b819cc29eec0c341f16ef35fad4867f5df85b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619754Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#61664}
-
Dan Elphick authored
This test needs detailed source positions which aren't available with lazy source positions enabled so force them to always be present. Bug: v8:8510 Change-Id: I1faf3d5614742b4181facc18eaf1d73d6a5712d6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617677Reviewed-by: Peter Marshall <petermarshall@chromium.org> Commit-Queue: Dan Elphick <delphick@chromium.org> Auto-Submit: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#61663}
-
Peter Marshall authored
Previously, compiling with perfetto would add 2.3 MiB to the d8 release binary. With this change it's 472 KiB. This is because trace:lite pulls in many more compiled proto classes than we need, e.g. a bunch of stuff under ftrace/ which is only used on Android. Chrome uses a 'mirror proto' ChromeTrackPacket to only provide compiled protos for the types of packets it will actually see, which on non-android devices does not include anything under ftrace/. We use the same trick here in the JSON consumer. Cq-Include-Trybots: luci.v8.try:v8_linux64_perfetto_dbg_ng Bug: v8:8339 Change-Id: Iae1f74eec3bd93b18e9f069701fc016440d3ce5e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619759 Commit-Queue: Peter Marshall <petermarshall@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Auto-Submit: Peter Marshall <petermarshall@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#61662}
-
Maciej Goszczycki authored
The read_only_object_cache call cannot return a vector when it is backed by the embedded heap, so this adds a few methods to abstract this away. ExtendReadOnlyObjectCache will eventually have a check to reject adding objects to the embedded read-only object cache. Prior to this change the read-only object cache would only be extended conditionally if needed. Since it started out empty it was always extended, so this removes this logic. Bug: v8:7464 Change-Id: I5b172f629ac48be5cbb8f78b03a0a213ebd570e9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619745Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Dan Elphick <delphick@chromium.org> Commit-Queue: Maciej Goszczycki <goszczycki@google.com> Cr-Commit-Position: refs/heads/master@{#61661}
-
Clemens Hammacher authored
This adds two more message tests to test compile errors in WebAssembly.compileStreaming and WebAssembly.instantiateStreaming. R=mstarzinger@chromium.org Bug: v8:9266 Change-Id: I34d1df4ce0fb02e14f3e5011569c8ba1d1374658 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619746 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#61660}
-
Michael Starzinger authored
This adds proper loading and parsing of the arguments that are being passed to the {WebAssembly.Function} constructor function, including tests covering most of the negative cases. R=jkummerow@chromium.org TEST=mjsunit/wasm/type-reflection BUG=v8:7742 Change-Id: Id4d67789604ee72aec5ad831004a01434c1c6d6f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619748Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#61659}
-
Andreas Haas authored
ASAN on Windows uses exceptions to manage its shadow memory. However, this behavior can conflict with WebAssembly trap handler, because WebAssembly trap handler are executed before the ASAN exception handler. For some WebAssembly instructions we do not generate assembly code but call to C functions instead. Since these functions are very simple, we do not want to reset the thread-in-wasm flag before calling them. However, when these functions trigger the ASAN exceptions, the thread-in-wasm flag gets out-of-sync. This happened for the memory_fill_wrapper function. Originally we thought that it's sufficient to just mark the function with DISABLE_ASAN. However, this is not enough because clang compiles the function to use memset, and memset gets replaced by ASAN with asan_memset. Therefore I decided now that just for sanitizer builds on Windows, we reset the thread-in-wasm flag in memory_fill_wrapper. This is not ideal because it's test-specific code within production code. However, the alternatives also don't sound convincing. Alternatives would be: * Resetting the thread-in-wasm flag whenever we call a c-function - This would be unnecessary performance overhead for production code just to make a test work. * Configure ASAN to not change memset. - This would weaken ASAN also for other cases. * Disable ASAN for trap handlers, or trap handlers in ASAN builds. - This would reduce test coverage. R=binji@chromium.org Bug: chromium:957405 Change-Id: Ibd13c6fe7b898238f636db576552e3e4b278c04a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617671 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Ben Smith <binji@chromium.org> Cr-Commit-Position: refs/heads/master@{#61658}
-
Benedikt Meurer authored
The invariant is that Map::bit_field2 shouldn't change, and the IsInRetainedMapListBit apparently changes when the map is held weakly from optimized code. This causes TurboFan compilations to change the Map::Hash() result, which in turn causes lookups on the normalized map cache to miss (and maybe other bad consequences). With this change we swap Map::IsInRetainedMapListBit (previously in bit_field2) and Map::HasHiddenPrototypeBit (previously in bit_field3) to address this problem. Bug: chromium:963411, v8:9114, v8:9267 Change-Id: I040a27c37305fa602649750bd93bee40c91fca78 Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619747 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Auto-Submit: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#61657}
-
Toon Verwaest authored
This reverts commit 0607f8ae. Reason for revert: We should be able to reenable those tests now. Original change's description: > [test] Skip debugger tests failing with JSON parsing > > NOTRY=true > > Bug: v8:9257 > Change-Id: I4713fd90c2a8b544def09d7305fe84d789ed60c4 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1613250 > Auto-Submit: Maya Lekova <mslekova@chromium.org> > Commit-Queue: Toon Verwaest <verwaest@chromium.org> > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Cr-Commit-Position: refs/heads/master@{#61543} TBR=verwaest@chromium.org,mslekova@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: v8:9257 Change-Id: Ieb28de987b0bfc7b408d3fe9bfe1f0a50c9db0c4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617932Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#61656}
-
Daniel Bratell authored
Recently* a second ResolveRenames appeared in typed-optimization.cc. In some extreme (non-default) jumbo builds that file shared translation unit (and thus anonymous namespace) with load-elimination.cc which also has a ResolveRenames which is slightly different. To avoid that name clash and failed compilation, this renames ResolveRenames -> ResolveRenamesForOpt. *) It appeared in https://chromium-review.googlesource.com/c/v8/v8/+/1609803 Change-Id: Ia175468a8e978e93e95da1d28f74cee8dce253d2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1615465 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Auto-Submit: Daniel Bratell <bratell@opera.com> Cr-Commit-Position: refs/heads/master@{#61655}
-
Clemens Hammacher authored
This fixes the error message generated for compile errors during asynchronous instantiation. It shows "WebAssembly.instantiate()" now instead of "WebAssembly.compile()". R=mstarzinger@chromium.org Bug: v8:9266 Change-Id: Ieae478d1c4f6843fbc17e15debb6c49f72059d99 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617940 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#61654}
-
Clemens Hammacher authored
This adds three message tests to test the message stack trace we show for - synchronous compilation, - asynchronous compilation, and - asynchronous instantiation. Note that the message for the asynchronous cases currently contain the "WebAssembly.Module()" prefix, which will be fixed in a separate CL. R=mstarzinger@chromium.org Bug: v8:9266 Change-Id: I370f4211b5f577ea1b5da026a78b292b50c6a339 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617938Reviewed-by: Andreas Haas <ahaas@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#61653}
-
Yang Guo authored
This reverts commit a7695520. Reason for revert: Was not the culprit. Original change's description: > Revert "Move deoptimizer files" > > This reverts commit 61523c45. > > Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Win32%20-%20debug/20396 > > Original change's description: > > Move deoptimizer files > > > > Bug: v8:9247 > > Change-Id: I6287907edb8a36225bfa9fe864305ea59c20dd8b > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617667 > > Commit-Queue: Yang Guo <yangguo@chromium.org> > > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > > Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> > > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#61648} > > TBR=yangguo@chromium.org,mstarzinger@chromium.org,jarin@chromium.org,bmeurer@chromium.org > > Change-Id: Icf258f7bc409ef0c360cfa82029bfc45a41dc75f > No-Presubmit: true > No-Tree-Checks: true > No-Try: true > Bug: v8:9247 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619749 > Reviewed-by: Yang Guo <yangguo@chromium.org> > Commit-Queue: Yang Guo <yangguo@chromium.org> > Cr-Commit-Position: refs/heads/master@{#61650} TBR=yangguo@chromium.org,mstarzinger@chromium.org,jarin@chromium.org,bmeurer@chromium.org Change-Id: Ic2aa07ccd08b6070222ec7a65b92b7afb9db484c No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:9247 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619753Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#61652}
-
Clemens Hammacher authored
This reverts commit 5ce68669. Reason for revert: Fails on win32 debug: https://ci.chromium.org/p/v8/builders/ci/V8%20Win32%20-%20debug/20394 Original change's description: > Enable alignment checks when reading object fields > > Drive-by: Fix alignment bugs caused by DCHECKS. > > Bug: v8:9264 > > Change-Id: I0836b1d08fea2ce11d8f7929e12f303b6ae06efe > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617676 > Commit-Queue: Sigurd Schneider <sigurds@chromium.org> > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Cr-Commit-Position: refs/heads/master@{#61643} TBR=ulan@chromium.org,jkummerow@chromium.org,sigurds@chromium.org,petermarshall@chromium.org,ishell@chromium.org Change-Id: I0ac73a880f2b7bd718e23e90c0867192def39dbb No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:9264 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619750Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#61651}
-