- 12 May, 2021 2 commits
-
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/52ccb29..4e27ee8 Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/1fbada9..302ca09 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/c499142..b65bbfe Rolling v8/third_party/google_benchmark/src: https://chromium.googlesource.com/external/github.com/google/benchmark/+log/3b508fa..7d0d906 Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/e76c8f1..53a9334 Rolling v8/tools/luci-go: git_revision:1b50bbe2f93441dd227ad6e6684fa9be4ab0dec2..git_revision:37e5f238829f911f85b62d66670d2fbd88354ef1 Rolling v8/tools/luci-go: git_revision:1b50bbe2f93441dd227ad6e6684fa9be4ab0dec2..git_revision:37e5f238829f911f85b62d66670d2fbd88354ef1 Rolling v8/tools/luci-go: git_revision:1b50bbe2f93441dd227ad6e6684fa9be4ab0dec2..git_revision:37e5f238829f911f85b62d66670d2fbd88354ef1 TBR=v8-waterfall-sheriff@grotations.appspotmail.com Change-Id: If03b514240069b576a774c574225d84a387b8b7b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2888363Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#74514}
-
Milad Fa authored
The following bit casting method using reinterpret_cast has undefined behaviour: ``` int a = 1; float b = *reinterpret_cast<float*>(&a); ``` Above breaks the strict aliasing rule which indicates: > dereferencing pointers to objects of different types will never refer to the same memory location. More information can be found under src/base/macros.h. `bit_cast` here is implemented with `memcpy` behind the scenes. C++20 will have this feature included by default. Change-Id: I69ffdbeba6db64e24b268d838ea1d863fcd9121d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2889331Reviewed-by: Junliang Yan <junyan@redhat.com> Commit-Queue: Milad Fa <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/master@{#74513}
-
- 11 May, 2021 22 commits
-
-
Camillo Bruni authored
On x64 we can emit more compact instructions for mov(reg, imm). However currently this only happens when using the Set method explicitly. This CL renames Set to Move to avoid confusion and yield better code by default. Also use the new Move helper for Smis as well. Change-Id: I06558e88d1142098f77fb98870f09742d494f3dc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2874450Reviewed-by: Zhi An Ng <zhin@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#74512}
-
Dominik Inführ authored
Allow GC of the shared heap without any attached clients. This CL also disables incremental marking for shared heaps for now. Bug: v8:11708 Change-Id: I1eb47a42fe3ced0f23f679ecaae0c32e09eab461 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2886878Reviewed-by: Victor Gomes <victorgomes@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#74511}
-
Luis Fernando Pardo Sixtos authored
This change adds support for `const` redeclaration on REPL mode with the semantincs recommended in the design doc: 1) REPL scripts should not be able to reassign bindings to `const` variables. 2) Re-declaring `const` variables of page scripts is not allowed in REPL scripts. 3) Re-declearing `const` variables is not allowed in the same REPL script. 4) `const` re-declaration is allowed across separate REPL scripts. 5) Old references to previously declared variables get updated with the new value, even those references from within optimized functions. Design doc: https://goo.gle/devtools-const-repl Bug: chromium:1076427 Change-Id: Ic73d2ae7fcfbfc1f5b58f61e0c3c69e9c4d85d77 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2865721Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Commit-Queue: Luis Fernando Pardo Sixtos <lpardosixtos@microsoft.com> Cr-Commit-Position: refs/heads/master@{#74510}
-
QiuJi authored
Bug: v8:11757 Change-Id: Ib463eb25631b9be8fc02b8cbc9e1f5984739dac2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2887023Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#74509}
-
Milad Fa authored
Port cc06b8c7 Original Commit Message: Convert StoreOrigin, TypeOfMode, SaveFPRegsMode and ArgvMode to enum classes with k-prefixed values. R=cbruni@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com BUG= LOG=N Change-Id: I46993e6e846cf7c1f6b3d15ea0aaea3d5693bf4d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2887646Reviewed-by: Junliang Yan <junyan@redhat.com> Commit-Queue: Milad Fa <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/master@{#74508}
-
Philip Pfaffe authored
DebugEvaluate can evaluate expressions in side-effect-free mode, where any operation that would cause observable side effects throws an exception. Currently, when accessors are backed by callbacks, it's possible that ICs call those accessors directly, bypassing the side-effect checks. This CL introduces a bailouts to runtime in those cases. Fixed: chromium:1201781 Also-By: ishell@chromium.org, pfaffe@chromium.org Change-Id: Ie53bfb2bff7b3420f2b27091e8df6723382cf53c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2857634 Commit-Queue: Philip Pfaffe <pfaffe@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#74507}
-
Junliang Yan authored
The deoptimization table needs to be continuously, so we need to block trampoline pool emission during the whole process. bug: v8:11759 Change-Id: Ie5e0ffe27dc8e6cdb18985dc2cf26bdadeff318f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2881918 Commit-Queue: Junliang Yan <junyan@redhat.com> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#74506}
-
Camillo Bruni authored
Argc and Slot are usually small and fit within a single 32bit word. This reduces most property calls by 5 bytes. This results in roughly 1% code reduction for sparkplug and no measurable regression on x64. Bug: v8:11420 Change-Id: I272c26c40b99f2dc5817f18bec113662a5bfebce Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2872828Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#74505}
-
Liu Yu authored
The typo in introduced by: commit b684c36f Change-Id: Ic8e9afe7b47e5c615c31ecbd3481e5b33d4f84e2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2885355Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn> Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn> Auto-Submit: Liu yu <liuyu@loongson.cn> Cr-Commit-Position: refs/heads/master@{#74504}
-
Maya Lekova authored
This reverts commit cf35926a. Reason for revert: Speculative revert for TSAN breakage which closed the tree, e.g. https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20stress-incremental-marking/3187/overview and https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN/36671/overview Original change's description: > [cleanup] Remove PropertyArray::synchronized_length_and_hash > > It was never stored with a release store, so can we use the loads as > non-atomic ones. > > Bug: v8:7790 > Change-Id: Ife67e8650a5fb279ad808e5e68c2ab46ee3507c5 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2880541 > Reviewed-by: Georg Neis <neis@chromium.org> > Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> > Cr-Commit-Position: refs/heads/master@{#74493} Bug: v8:7790 Change-Id: I4f942c46631117c6573ac16ca8464c24c1c23f6e No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2886886 Auto-Submit: Maya Lekova <mslekova@chromium.org> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#74503}
-
Michael Achenbach authored
This ports https://crrev.com/c/2515787 for V8. Bug: v8:9871 Change-Id: I3e62b2960bc622f90d433f9731a287ee14319047 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2886880 Auto-Submit: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#74502}
-
Daniel Lehmann authored
This is the second CL in a line of two to implement PKU-based WebAssembly code space write protection. The first CL added two low-level PKU functions; this CL uses them to grant/withdraw writable permissions, local to each thread that wants to modify the code space. In particular, when {--wasm-memory-protection-keys} is enabled, we first associate a memory protection key with all code pages, which by default does not allow any write access. Then, before each location that needs to modify the code space, we open {NativeModuleModificationScope}s (which are already present for mprotect-based write protection). When the PKU flag is given, this then first tries to set permissions of a memory protection key (which is fast), and otherwise when {--wasm-write-protect-code-memory} is enabled, falls back to mprotect-based write protection (which is much more expensive and also not thread-local, but for the whole process). R=clemensb@chromium.org Bug: v8:11714 Change-Id: I3527906a8d9f776ed44c8d5db52539e78e1c52fd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2882800 Commit-Queue: Daniel Lehmann <dlehmann@google.com> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#74501}
-
Victor Gomes authored
Bug: chromium:1206994, chromium:1206754, chromium:1206822 Change-Id: I8ccd501c5a918613fad59afdd65ca499ee57d7a1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2882805 Commit-Queue: Victor Gomes <victorgomes@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#74500}
-
Thibaud Michaud authored
Re-use InstallConstructorFunc and remove an obsolete comment. R=ahaas@chromium.org Change-Id: I1143d3e58e968b9210cef5045d8221d20ed18419 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2886859Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/master@{#74499}
-
Daniel Lehmann authored
This is the first CL in a line of two to finish PKU-based WebAssembly code space write protection. This CL adds two low-level PKU functions, which are essentially wrapping the functionality in glibc's {pkey_mprotect()} and {pkey_set()}). The added functionality is in (1) {SetPermissionsAndMemoryProtectionKey()}: Associate a memory protection key with a page (simultaneously with setting the page's regular permssions). This is as costly as a regular {mprotect()}. This call itself does not restrict permissions besides the regular page permissions. (2) {SetPermissionsForMemoryProtectionKey()}: Set permissions for the key itself (now associated with a page). This can be either "all data access disabled" (i.e., no read or write, but execution is allowed) or "write access disabled" (which we use for code space write protection). The permissions are added on top of the page's regular permissions. This operation is cheap (in the order of 20 cycles) since it is roughly a thread-local register read, some bit-masking, and register write. See the second CL (based on this one) for how those two functions will be used. A note on compatability and security implications: Because the functions which we use here were only added in glibc 2.27, and since glibc is dynamically linked, we check at runtime (with {dlsym()}) whether {pkey_*()} functions are available. However, calling functions via a pointer coming from {dlsym()} is not supported by CFI so far, which is why we disable indirect call checking for the added functions. Potentially, the functions could hence be used as an indirect call gadget in a ROP attack. On the other hand, they are only compiled in currently only on Linux on x64, and disabling CFI indirect call checking is also done in other places already. R=clemensb@chromium.org Bug: v8:11714 Change-Id: I0da00818f28cf1da195a5149bf11fccf87c5f8ea Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2882797 Commit-Queue: Daniel Lehmann <dlehmann@google.com> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#74498}
-
Camillo Bruni authored
Convert StoreOrigin, TypeOfMode, SaveFPRegsMode and ArgvMode to enum classes with k-prefixed values. Change-Id: Ib6ca3a9995297e8303a7e013b1d829613c0db510 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2885042Reviewed-by: Maya Lekova <mslekova@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Reviewed-by: Zhi An Ng <zhin@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#74497}
-
Michael Lippautz authored
Member is sometimes still used from off-heap storage which prohibits getting the heap from the Member's slot address. Bug: v8:11756 Change-Id: I61658ce07a8b02a8c400232ff21c75f0d8b95dcb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2886879 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Anton Bikineev <bikineev@chromium.org> Auto-Submit: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Anton Bikineev <bikineev@chromium.org> Cr-Commit-Position: refs/heads/master@{#74496}
-
Dominik Inführ authored
Isolate::UseAsSharedIsolate() was invoked after the Isolate was already created. I think it is cleaner to have the shared-flag right when constructing an Isolate. This way we can use that property already when setting up the isolate. Bug: v8:11708 Change-Id: Ibbfee09122b7b0361a5af7a1b559796594834813 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2885041Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#74495}
-
Lu Yahan authored
Change-Id: I89ceb023d109f3ad69c0d679135c52cd278b4af3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2878150 Auto-Submit: Yahan Lu <yahan@iscas.ac.cn> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#74494}
-
Santiago Aboy Solanes authored
It was never stored with a release store, so can we use the loads as non-atomic ones. Bug: v8:7790 Change-Id: Ife67e8650a5fb279ad808e5e68c2ab46ee3507c5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2880541Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#74493}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/f8d7f9d..52ccb29 Rolling v8/third_party/aemu-linux-x64: H-kH9WxQErL_AR-Nu_ZL8hbu1D-rZmdQQUaYZYm3AOUC..pwjSs3IapHTvM0wB7z3723g8rjsQnCWikZJhQxtBetsC Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/c92267a..1fbada9 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/03dfb00..c499142 Rolling v8/third_party/google_benchmark/src: https://chromium.googlesource.com/external/github.com/google/benchmark/+log/0852c79..3b508fa Rolling v8/third_party/zlib: https://chromium.googlesource.com/chromium/src/third_party/zlib/+log/eb9ce8c..618ddec Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/dbcffda..e76c8f1 Rolling v8/tools/luci-go: git_revision:66f9c8541b85c7f6efc63e75e68d660d4fb30752..git_revision:1b50bbe2f93441dd227ad6e6684fa9be4ab0dec2 Rolling v8/tools/luci-go: git_revision:66f9c8541b85c7f6efc63e75e68d660d4fb30752..git_revision:1b50bbe2f93441dd227ad6e6684fa9be4ab0dec2 Rolling v8/tools/luci-go: git_revision:66f9c8541b85c7f6efc63e75e68d660d4fb30752..git_revision:1b50bbe2f93441dd227ad6e6684fa9be4ab0dec2 TBR=v8-waterfall-sheriff@grotations.appspotmail.com Change-Id: I7c116cf19efaf2f55a7b40070a47645eb725c8d0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2886659Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#74492}
-
Shu-yu Guo authored
This reverts commit 7dce6a26. Reason for revert: Performance regressions for x64 Octane --no-opt Original change's description: > Fix speculation poisoning on x64 > > Pointer cage reserved another register and inadvertently broke > speculation poisoning by aliasing kSpeculationPoisonRegister with > kInterpreterBytecodeArrayRegister (r12). > > This CL changes kInterpreterBytecodeArrayRegister to r11. Note that this > changes it from being callee-save to caller-save, which required code > reshuffling in a baseline builtin. > > Bug: v8:11726 > Change-Id: Ic2a1bd6b3a2cb4c480c84375dd3274f2efedc81f > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2869985 > Commit-Queue: Shu-yu Guo <syg@chromium.org> > Reviewed-by: Leszek Swirski <leszeks@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#74364} TBR=leszeks@chromium.org Bug: v8:11726 Change-Id: Ic59b602e5519b05ad06890e409761f5138230b92 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2886544Reviewed-by: Shu-yu Guo <syg@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#74491}
-
- 10 May, 2021 16 commits
-
-
Ng Zhi An authored
Bug: v8:11589 Change-Id: I971003a41455d9594b9b98379e7976b75718d417 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2885738Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#74490}
-
Camillo Bruni authored
- Share RemeberedSetAction and SmiCheck enums between all platforms. - Convert to enum classes with k-prefixed values Bug: v8:11420 Change-Id: Ib265a229f12a850ea866fd01d8022cbae5e1a9d8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2885040Reviewed-by: Zhi An Ng <zhin@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#74489}
-
Ng Zhi An authored
Bug: v8:11589 Change-Id: I572dcc740f9974261521e239cd37c64af3bb0d7d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2883484Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#74488}
-
Frank Tang authored
Spec: https://tc39.es/proposal-intl-locale-info/ Design Doc: https://docs.google.com/document/d/1OwEsvs8VQwvR-ug01xLyIwpgcvUfaP24u9owc7aBKJ4/edit# https://www.chromestatus.com/feature/5566859262820352 Behind flag --harmony_intl_locale_info Bug: v8:11638 Change-Id: I9904b777b084aa02c86a258c7df48fdfb976396d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2878908Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/master@{#74487}
-
Clemens Backes authored
After updating our bots to use GCC 7.4, we do not need to support incomplete C++14 support any more. In particular, we can assume complete c++14 constexpr support now. This CL removes the V8_HAS_CXX14_CONSTEXPR and CONSTEXPR_DCHECK macros. The CONSTEXPR_DCHECKs are replaced by DCHECK and friend, or STATIC_ASSERT where possible. R=jgruber@chromium.org, leszeks@chromium.org, mlippautz@chromium.org Bug: v8:9686, v8:11384 Change-Id: I3a8769a0f54da7eb2cacc37ee23e5c97092e3051 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2876847Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#74486}
-
Omer Katz authored
The AtomicWeak wscope was nested within the AtomicMark scope. Both should be top level scopes and should be nested within each other. Bug: chromium:1056170 Change-Id: I1d695c1a3a24fff31aa57893739dca4b558901fb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2883663 Commit-Queue: Omer Katz <omerkatz@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#74485}
-
Bill Budge authored
This reverts commit 5f0ac36c. Reason for revert: Seems to be associated with multiple Sanitizer failures: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20stress-incremental-marking/3176 Original change's description: > [compiler] Consider IsPendingAllocation in Ref construction > > The logic in JSHeapBroker::TryGetOrCreateData assumes that parts > of the object are safe to read. In particular, the instance type > must be readable for the chain of `Is##Name()` type checks. > > This is guaranteed if > > - a global memory fence happened after object initialization and > prior to the read by the compiler; or > - the object was published through a release store and read through > an acquire read. > > The former is protected by the new call to ObjectMayBeUninitialized > (which internally calls IsPendingAllocation) in TryGetOrCreateData. > > The latter must be marked explicitly by calling the new > MakeRefAssumeMemoryFence variant. > > Note that support in this CL is expected to be incomplete and will > have to be extended in the future as more cases show up in which > MakeRef calls must be converted to MakeRefAssumeMemoryFence or to > TryMakeRef. > > Bug: v8:7790,v8:11711 > Change-Id: Ic2f7d9fc46e4bfc3f6bbe42816f73fc5ec174337 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2874663 > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#74474} Bug: v8:7790 Bug: v8:11711 Change-Id: Ia736cd1143da30ca25fdc2c3c1a2056ebf18d596 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2883245 Auto-Submit: Bill Budge <bbudge@chromium.org> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#74484}
-
Omer Katz authored
This was missing from Ulan's implementation for CollectCustomSpaceStatisticsAtLastGC. Bug: chromium:1056170, chromium:1181269 Change-Id: I72354e4f04873095eac5cb39ed188ed83de0bd26 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2880219Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/master@{#74483}
-
Benedikt Meurer authored
The FrameSummary::FunctionName() method is only used by the FrameInspector in the debugger, so the natural place to put the dependency on GetWasmFunctionDebugName() is in there, rather than adding a new dependency to frames.cc. This is a follow up cleanup as discussed in https://crrev.com/c/2878734 Bug: chromium:1159307 Change-Id: I0698adf63f88fe6a93d6e5e6235bc0c2219e9341 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2883784Reviewed-by: Clemens Backes <clemensb@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#74482}
-
Paolo Severini authored
As a first step to support Fast API calls with overloads, adds a new FunctionTemplate constructor that accepts a vector of CFunction*. Bug: v8:11739 Change-Id: I112b1746768f52df52c893a4f1fb799b6bd90856 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2860838Reviewed-by: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Paolo Severini <paolosev@microsoft.com> Cr-Commit-Position: refs/heads/master@{#74481}
-
Dan Elphick authored
Disable the checksum comparison for the read-only snapshot when --stress-snapshot is used, since it's possible that it would be corrupted. This corruption is not important as the purpose of stress-snapshot is not to produce a useable snapshot, but to test that the serialization/deserialization does not fail for any given objects. Since the --stress-snapshot flag's value is now used outside of d8, this also moves it to flag-definitions.h. Cq-Include-Trybots: luci.v8.try:v8_linux64_gc_stress_custom_snapshot_dbg_ng Bug: v8:11750 Change-Id: Iedcf1cfb5afa5f16ac19a76820b62b5b93948f2c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2882810 Commit-Queue: Dan Elphick <delphick@chromium.org> Auto-Submit: Dan Elphick <delphick@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#74480}
-
Patrick Thier authored
Make %PretenureAllocationSite more resilient to fuzzer inputs/configs and allow it for fuzzing. Bug: chromium:1200724 Change-Id: I541b1410ab1719b478c4ad9516dc350fec02fbba Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2883783Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Patrick Thier <pthier@chromium.org> Cr-Commit-Position: refs/heads/master@{#74479}
-
Milad Fa authored
Port d3d4a896 Original Commit Message: Checking for Smis is cheap. There is no need to put this in the deferred code block. With this CL we will bail out earlier for Smis. R=cbruni@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com BUG= LOG=N Change-Id: I29811cdeae0310031c114260734f3d5429e77633 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2883861Reviewed-by: Junliang Yan <junyan@redhat.com> Commit-Queue: Milad Fa <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/master@{#74478}
-
Daniel Lehmann authored
This is a partial reland of https://crrev.com/c/2850932, which was reverted because the histogram failed Chromium integration. The V8 histogram added here uses only two values (0 = no support, 1 = support), but is declared with 3 buckets in order not not fail a DCHECK on Chromium's side. As soon as https://crrev.com/c/2874651 lands in Chromium, we can properly declare the histogram here with only 2 buckets, but for now this is good enough to get early data on PKU support in the wild. The other part of the original reverted CL (adding PKU alloc and free functions, and a V8 flag for PKU) was already landed again in https://crrev.com/c/2878738 Original change's description: > [wasm] Add PKU alloc/free and support counter > > To enforce W^X for the WebAssembly code space, we want to explore using > Intel memory protection keys for userspace, also known as MPK, PKEYs, or > PKU. Instead of flipping page protection flags with mprotect (which > incurs a high syscall overhead; and which switches flags for the whole > process), this associates a key with each page once, and then changes > the permissions of that key with a fast thread-local register write. > That is, this gives both finger-grained permissions (per-thread) and > more performance. > > This CL is starts experimenting with PKUs by > (1) trying to allocate a protection key once per {WasmEngine} in x64 > Linux systems, and > (2) adding a counter for recording the sucess/failure of that, to assess > the support for PKUs on the target machine. > > The low-level PKU allocating functions should be moved into base/platform > long-term, but are inside wasm/ for this CL. > > R=clemensb@chromium.org > CC=jkummerow@chromium.org > > Bug: v8:11714 > Change-Id: Ia4858970ced4d0b84cc8c2651e86dceb532c88a7 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2850932 > Commit-Queue: Daniel Lehmann <dlehmann@google.com> > Reviewed-by: Clemens Backes <clemensb@chromium.org> > Cr-Commit-Position: refs/heads/master@{#74319} Bug: v8:11714, chromium:1207318 Change-Id: I1035ac09bd7aa04584fbc5df7a408b96dd270d0a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2871451Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Daniel Lehmann <dlehmann@google.com> Cr-Commit-Position: refs/heads/master@{#74477}
-
Marja Hölttä authored
This is moving needed stuff out of #if V8_ENABLE_WEBASSEMBLY. Everything related to guards is still behind V8_ENABLE_WEBASSEMBLY, since RAB / GSAB don't use guards. Bug: v8:11111 Change-Id: I9b9fd0dbdcdc1f3c70d6e4f5eb1c70d1bab98e68 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2880221Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#74476}
-
Camillo Bruni authored
Checking for Smis is cheap. There is no need to put this in the deferred code block. With this CL we will bail out earlier for Smis. Bug: v8:11420 Change-Id: I52e39def633d7cb8bd51ae24d56d9582f56faf41 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2872826Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#74475}
-