- 17 Sep, 2019 23 commits
-
-
Joshua Litt authored
Bug: v8:9463 Change-Id: Ie36fc1b04b81dd091c4526123bee50d6b22d6917 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1807044 Commit-Queue: Joshua Litt <joshualitt@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#63839}
-
Clemens Hammacher authored
This allows to remove special casing for the {count == 0} case, which was needed because {memmove} does not accept {nullptr} arguments even if the {count} is zero. R=leszeks@chromium.org Bug: v8:9396 Change-Id: Iaef3cdbbffa74c2ba1c4e4501dafd943282cbcd9 Cq-Include-Trybots: luci.v8.try:v8_linux64_ubsan_rel_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1807366Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#63838}
-
Liviu Rau authored
The new indicator behaves like verbose without printing the names of tests that passed. Also a new option (--ci-test-completion=/path) was added to represent a file where we can collect test completion messages. Bug: v8:9146 Change-Id: I0f1bbef4036a3019b60b094687b734d3d33a5915 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1806916Reviewed-by: Tamer Tas <tmrts@chromium.org> Commit-Queue: Liviu Rau <liviurau@chromium.org> Cr-Commit-Position: refs/heads/master@{#63837}
-
Andreas Haas authored
The element segment encoding in the bulk memory proposal changed recently. With this CL the V8 implementation gets up to date again. R=thibaudm@chromium.org Bug: v8:9658 Change-Id: I4f45d04369400356a6f3aaed9570c7870f5f97bd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1778022Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#63836}
-
Andreas Haas authored
For unknown reasons, WasmInterpreterInternals was a zone object. However WasmInterpreterInternals indirectly owns a global handle and a unique_ptr, both for the interpreter stack. As a zone object, WasmInterpreterInternals is never destructed, and therefore never frees the unique_ptr. With this CL I make WasmInterpreterInternals a normal object and allocate it into a unique_ptr, so that it gets destructed properly. R=mstarzinger@chromium.org Bug: chromium:1000610 Change-Id: Ie08c5627393a434521f5c32702bf9945db2c7811 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1807361Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#63835}
-
Santiago Aboy Solanes authored
Bug: v8:6949 Change-Id: I25d2247f149b296157cb422342cb7c218f724496 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1807363Reviewed-by: Dan Elphick <delphick@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#63834}
-
Joshua Litt authored
Change-Id: Ie233f093377bcdbab95a2f34b6c609a651f9db62 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1787980 Auto-Submit: Joshua Litt <joshualitt@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#63833}
-
Clemens Hammacher authored
This will give us much more test coverage and fuzzer coverage. R=mstarzinger@chromium.org Bug: v8:9477 Change-Id: Iad76c2b5b8c7a29b4168bbefa38bac7d92a30599 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1807367Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#63832}
-
Andreas Haas authored
The {CountTrailingZeros} function is at least on one hot code path, and there it causes significant overhead. With this CL I just call the base::bit:: version of {CountTrailingZeros} directly. This allows the compiler to compile it to a single hardware instruction. R=v8-arm-ports@googlegroups.com Bug: v8:9396 Change-Id: I81eccc5fce9b9856d41c503bd1e4a07287eb6e1e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1803648 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Martyn Capewell <martyn.capewell@arm.com> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#63831}
-
Mythri A authored
TNodifies most of ic-accessor-assember. Most of the remaining Node* are because of the Parameters. Bug: v8:6949, v8:9396 Change-Id: Ife9fd96c5e46dee02fdc60e5825562d7ae89f8f9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1803634Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Mythri Alle <mythria@chromium.org> Cr-Commit-Position: refs/heads/master@{#63830}
-
Jakob Kummerow authored
Adding a %SimulateNewspaceFull runtime function speeds up this test from 7m21s to 0.3s (on arm.optdebug with --jitless). Bonus content: - speed up mjsunit/md5 by 23x (5m25s -> 7.5s) - speed up mjsunit/string-replace-gc by 8x (1m37s -> 12s) Bug: v8:9700, v8:9396 Change-Id: Id00d0b83b51192edf1d5493b49b79b5d76e78087 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1807355Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#63829}
-
Georg Neis authored
- There was no use of DisallowDeferredHandleDereference, so remove the corresponding assertion scope and related code. - Make DeferredHandleScope::Detach return a unique_ptr rather than a raw pointer for clarity. - Store DeferredHandles in compilation info as unique_ptr rather than shared_ptr, as it's never shared. - Remove some unused methods. Change-Id: I8327399fd291eba782820dd7a62c3bbdffedac4d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1805645 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#63828}
-
Joey Gouly authored
The use of it was deleted in https://chromium-review.googlesource.com/c/v8/v8/+/1601151. Change-Id: I9810d180140e737c5a2763e4cdc4066266d654e9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1803345 Commit-Queue: Martyn Capewell <martyn.capewell@arm.com> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#63827}
-
Jakob Kummerow authored
By providing a custom implementation of __mulodi4(). This function usually comes from libcompiler_rt, but our build system doesn't provide that. Bug: v8:9665 Change-Id: Ia72f0c23e83724f73ec72b404706c9a40ed861ee Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1806682 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#63826}
-
Andreas Haas authored
R=clemensh@chromium.org Bug: chromium:1003241 Change-Id: I2c37404746bd4807040c787490fc7851ea6988d6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1807359Reviewed-by: Andreas Haas <ahaas@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#63825}
-
Maya Lekova authored
Bug: v8:9720 Change-Id: I681c521c7d368148d41aaa4a0694194e33d9a091 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1800578 Commit-Queue: Maya Lekova <mslekova@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#63824}
-
Clemens Hammacher authored
This is a reland of 5d8c4890 Original change's description: > Remove all custom CopyCharsUnsigned implementations > > It's unclear whether the custom implementation have any advantage over > the standard library one's. > Since we update our toolchain and standard library regularly, it might > well be the case that the custom implementations are slower by now. > > Thus this CL removes all {CopyCharsUnsigned} implementations and > implements {CopyChars} generically using {std::copy_n}. > > Note that this does not touch the {MemMove} and {MemCopy} functions > yet, as we have seen regressions when trying to remove them before > (https://crbug.com/v8/8675#c5). > > R=leszeks@chromium.org > > Bug: v8:9396 > Change-Id: I97a183afebcccd2fbb567bdba02e827331475608 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1800577 > Commit-Queue: Clemens Hammacher <clemensh@chromium.org> > Reviewed-by: Leszek Swirski <leszeks@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63808} Bug: v8:9396 Cq-Include-Trybots: luci.v8.try:v8_linux64_ubsan_rel_ng Change-Id: I9cd754ebe6b802bb4aabd6d2a448de41da040874 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1807357Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#63823}
-
Dan Elphick authored
Remove a redundant default destructor definition and add final to another which is overriding a virtual constructor. Bug: v8:9396 Change-Id: I917f3c6058bfae8cbcd3c4ffb0817f78e8214552 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1807360 Commit-Queue: Dan Elphick <delphick@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Auto-Submit: Dan Elphick <delphick@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#63822}
-
Andreas Haas authored
The function CPURegList::PopLowestIndex is called many times in the arm64 simulator. However, the simulator does not need a full CPURegister but only its register code. This CL creates a second PopLowestIndexAsCode method which only returns the register code, and also marks the function as inline. This speeds up the mjsunit/wasm/asm-wasm-f32 test from 1:45min to 1:35min in the optdebug build on my machine. R=v8-arm-ports@googlegroups.com Bug: v8:9396 Change-Id: I8cdcb2e0916dbb40e4a30ad5cd8f620b0358d08e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1803647 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#63821}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/2d9fa32..3bf1aad TBR=machenbach@chromium.org,tmrts@chromium.org Change-Id: Iea4e3425c2474e1035fe054fbe198a03ccea11f3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1807003Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#63820}
-
Jakob Gruber authored
Store-store elimination can potentially allocate many temporary data structures, all of which are contained in its so-called temporary zone. The zone is 'temporary' in the sense of only existing for the lifetime of the StoreStoreEliminationPhase; but all allocated memory remains alive until the phase terminates. Investigation of a pathological case (see the linked bug) showed this zone reaching a size of 4GB. The cause in this specific case was the UnobservableSet data structure, conceptually an immutable set (i.e. each operation creates a full copy). This CL changes the UnobservableSet to use a PersistentMap backing store rather than a ZoneSet. PersistentMap is intended for exactly this use-case, since copies are basically free and updates only change small parts of the data structure. Memory consumption for the linked pathological case drops from 4GB to 70MB and execution speeds up from 20s to 17s. Bug: v8:9574 Change-Id: I902b27f1aa42b88ddd905ee941df24028a68a9bd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1795351 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#63819}
-
Frank Tang authored
Bug: v8:9742 Change-Id: Ifd162c4c8c52efff7da98281c9dfed53a473026c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1808405 Commit-Queue: Mathias Bynens <mathias@chromium.org> Reviewed-by: Mathias Bynens <mathias@chromium.org> Cr-Commit-Position: refs/heads/master@{#63818}
-
v8-ci-autoroll-builder authored
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/ecd1092..b19a360 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/73ec83f..2c210a4 Rolling v8/third_party/googletest/src: https://chromium.googlesource.com/external/github.com/google/googletest/+log/cad3bc4..f2fb48c Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/27f1edd..b6e35ab TBR=machenbach@chromium.org,tmrts@chromium.org Change-Id: I35752af2f2b1a052d3b6eed35bc90414626f9198 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1807677Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#63817}
-
- 16 Sep, 2019 17 commits
-
-
Frank Tang authored
Bug: v8:9727 Change-Id: I634902e89c0c79fb95994e0a3a971cbc7889c09c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1803788 Commit-Queue: Frank Tang <ftang@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#63816}
-
Frank Tang authored
Bug: v8:9613 Change-Id: Ie91a5bd39c82b6baf33fd84dee8420d2c4a5f504 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1803783 Commit-Queue: Frank Tang <ftang@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#63815}
-
Ng Zhi An authored
Bug: v8:8460 Change-Id: I8e72aa194cfc9797f0451d54638b6ba152d32971 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1797269Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#63814}
-
Suraj Sharma authored
The new Smi handler created to handle StoreIC_Slow and KeyedStoreIC_Slow can get incorrectly assigned to global Objects. Added an extra Check to avoid that. Bug: chromium:1002628 Change-Id: I370e617e791792c98fa7b0cbf89ee7458f4e4c68 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1803659Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Suraj Sharma <surshar@microsoft.com> Cr-Commit-Position: refs/heads/master@{#63813}
-
Irina Yatsenko authored
Bug: v8:9739 Change-Id: I6ec23018e6e2725e47efcc9a5d95dda3713d064e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1803792 Commit-Queue: Irina Yatsenko <irinayat@microsoft.com> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#63812}
-
Fernando Serboncini authored
This will allow the test infrastructure to bypass isolate scheduling restrictions. Bug: chromium:1002582 Change-Id: Ib22a599cf6c826c3d412898520dba6f4045175b2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1801995Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Fernando Serboncini <fserb@chromium.org> Cr-Commit-Position: refs/heads/master@{#63811}
-
Adam Klein authored
This reverts commit 5d8c4890. Reason for revert: Fails on UBSan bot: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20UBSan/7946 Original change's description: > Remove all custom CopyCharsUnsigned implementations > > It's unclear whether the custom implementation have any advantage over > the standard library one's. > Since we update our toolchain and standard library regularly, it might > well be the case that the custom implementations are slower by now. > > Thus this CL removes all {CopyCharsUnsigned} implementations and > implements {CopyChars} generically using {std::copy_n}. > > Note that this does not touch the {MemMove} and {MemCopy} functions > yet, as we have seen regressions when trying to remove them before > (https://crbug.com/v8/8675#c5). > > R=leszeks@chromium.org > > Bug: v8:9396 > Change-Id: I97a183afebcccd2fbb567bdba02e827331475608 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1800577 > Commit-Queue: Clemens Hammacher <clemensh@chromium.org> > Reviewed-by: Leszek Swirski <leszeks@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63808} TBR=leszeks@chromium.org,clemensh@chromium.org Change-Id: Ia16da942c7c28ba71076d1e3b0b8a6388a4ba359 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:9396 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1806103Reviewed-by: Adam Klein <adamk@chromium.org> Commit-Queue: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#63810}
-
Santiago Aboy Solanes authored
There were two already TNodified methods, but lacking TNodification on the variables that they were assigning to. Now only CallRuntimeN and ExitPoint remain in interpreter-generator. Bug: v8:6949, v8:9396 Change-Id: I66f74306b88c2254ad8ed1cb2c17187afa4fe0ad Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1805644 Auto-Submit: Santiago Aboy Solanes <solanes@chromium.org> Commit-Queue: Mythri Alle <mythria@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Cr-Commit-Position: refs/heads/master@{#63809}
-
Clemens Hammacher authored
It's unclear whether the custom implementation have any advantage over the standard library one's. Since we update our toolchain and standard library regularly, it might well be the case that the custom implementations are slower by now. Thus this CL removes all {CopyCharsUnsigned} implementations and implements {CopyChars} generically using {std::copy_n}. Note that this does not touch the {MemMove} and {MemCopy} functions yet, as we have seen regressions when trying to remove them before (https://crbug.com/v8/8675#c5). R=leszeks@chromium.org Bug: v8:9396 Change-Id: I97a183afebcccd2fbb567bdba02e827331475608 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1800577 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#63808}
-
Dominik Inführ authored
Split OLD_TO_NEW remembered set and add OLD_TO_NEW_SWEEPING. The OLD_TO_NEW remembered set is moved to OLD_TO_NEW_SWEEPING during mark-compact. OLD_TO_NEW_SWEEPING is then modified by the sweeper. Before using the page again, OLD_TO_NEW and OLD_TO_NEW_SWEEPING are merged again. This means only the main thread modifies OLD_TO_NEW, the sweeper only removes entries from OLD_TO_NEW_SWEEPING. We can use this property to make accesses non-atomic in a subsequent CL. Bug: v8:9454 Change-Id: I9057cf85818d647775ae4c7beec4c8ccf73e18f7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1771783Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#63807}
-
Georg Neis authored
We used to have two special cases for named accesses on the global proxy, one based on seeing the global proxy constant in the graph and on based on seeing the global proxy map either in the feedback or in the graph. A change I made a while ago accidentally disabled the second one. This CL restores that. Moreover, given how things are set up now (this might have been different before), the first optimization is subsumed by the second one, so this CL also removes the first one. Finally, this CL records an accumulator hint in the case of a load, which improves precision of the serializer for concurrent inlining. Tbr: tebbi@chromium.org Bug: v8:7790 Change-Id: I255afc6c79e5c5c900b3ccfcd8459d836d21e42b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1801954 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/master@{#63806}
-
Peter Marshall authored
Remove CollectSample() and SetIdle(), advance deprecation of GetCallUid() Change-Id: Idb8c4f4d14bc5318a430e3549aaff7a41a911557 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1805641Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#63805}
-
Bruce Dawson authored
For the last few months Chrome has been seeing many "impossible" crashes on Intel Gemini Lake, family 6 model 122 stepping 1 CPUs. These crashes only happen with 64-bit Chrome and only happen in the prologue of two functions. The crashes come and go across different Chrome versions. Analysis of most of the crashes shows that the address of the crashing instruction follows some patterns: When crashing in GetFieldIndex() the last byte of the address is always 1c, 5c, 9c, or dc. When crashing in UpdateCaches (fewer unique samples) the last byte of the address is always 5d or 9d. The address of the function is 0xc or 0xd bytes earlier so the crashing functions always start with an address that ends in 10, 50, 90, or d0. Those addresses are for the crashes on a load of the __security_cookie. The crashes also occasionally happen on the two instructions that follow the __security_cookie load in which case the crashing instruction's address has been seen to end with 23 or a3. This corresponds to a function start address of 10 or 90. Since the crash involves reading incorrect instruction bytes when crossing a 16-byte boundary and since the crash appears to only happen with particular 16-byte alignments it seems reasonable to force the function's alignments to a multiple of 32 to see if this reliably avoids the crashes. This change uses the gcc/clang __attribute__ directive to force 32-byte alignment. I have tested this change enough to verify that it triggers the desired alignment (with up to 31 "int 3" instructions added for padding) but since I have never reproduced this crash I have no way of testing its efficacy. Bug: chromium:968683, chromium:964273 Change-Id: Ia6e1c6d1e044b84d274817374b25523303e78b51 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1803775Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Bruce Dawson <brucedawson@chromium.org> Cr-Commit-Position: refs/heads/master@{#63804}
-
Joshua Litt authored
The first land did not correctly handle exceptions for already evaluated modules. Original description: Implements AsyncModules in SourceTextModule. However, there is no support in the parser or D8 for actually creating / resolving AsyncModules. Also adds a flag '--top-level-await,' but the only external facing change with the flag enabled is that Module::Evaluate returns a promise. Bug: v8:9344 Change-Id: I24725816ee4a6c3616c3c8b08a75a60ca9f27727 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1797658 Commit-Queue: Joshua Litt <joshualitt@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#63803}
-
Clemens Hammacher authored
This randomizes new memory allocations and reservations. It's currently used to test far jump tables in wasm better, but might be helpful generally for testing arbitrary virtual memory layouts. R=mstarzinger@chromium.org Bug: v8:9477 Change-Id: Ie60b7c6dd3c4cd0f3b9eb8e2172912e0851c357d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1803340 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#63802}
-
Jakob Kummerow authored
Bug: v8:3770,v8:9666 Change-Id: I7b7652887d6b60fbb80e1100834bc7c9df0544d8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1792909 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Martyn Capewell <martyn.capewell@arm.com> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#63801}
-
Artem Serov authored
This is a reland of 2869d9de Original change's description: > [turbofan,arm64] Add float loads poisoning. > > Also extend load poisoning testing for arm and arm64. > > This is a port of I1ef202296744a39054366f2bc424d6952c3bbe9d, > originally introduced for arm. > > Change-Id: I7d317bba6be633dd1e563daa7231d3c5e930f8e4 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1691032 > Commit-Queue: Martyn Capewell <martyn.capewell@arm.com> > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63519} Change-Id: I8155456f6ad571897f6274a86e58fec6cd66ee7d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1800583Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Commit-Queue: Martyn Capewell <martyn.capewell@arm.com> Cr-Commit-Position: refs/heads/master@{#63800}
-