- 25 Jun, 2019 4 commits
-
-
Maciej Goszczycki authored
Shared read-only heap means that all isolates within a process must share the same snapshot. Pass the back-end snapshot to the front-end runner to fix that. Bug: v8:7464 Change-Id: I0ec591a919d4d462ef38e372907592df3c759521 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669691 Commit-Queue: Dan Elphick <delphick@chromium.org> Reviewed-by: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#62349}
-
Igor Sheludko authored
... in addition to existing Xxx::yyy(). The idea is to use these getters in hot C++ code since passing isolate explicitly makes it trivial to compute isolate root value and reduces the C++ code size. For full-pointer mode the unused isolate argument will be optimized away by the compiler, so full-pointer mode should not be affected in any sense. Bug: v8:9353 Change-Id: If6c43e3d5b3cbfc0db8b9eccee49dd8c4d168822 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1674035Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#62348}
-
Mythri A authored
To correctly fuzz the behaviour of optimized code and ICs we need to allocate feedback vectors. So for the configurations testing these we should turn off lazy feedback allocation. It is also good to fuzz without lazy feedback allocation on other configurations to flush out any other issues. So we also fuzz this with 0.35 chance. We also fuzz aggressive lazy feedback allocation (allocate feedback vectors on first branch / return) with 0.05 chance to test corner cases related to lazy feedback allocation. Bug: v8:9342 Change-Id: Id0761d1396bfc0866988abb8fb20168b86a5da20 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1672939 Commit-Queue: Mythri Alle <mythria@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#62347}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/074e5c6..fa4e56c Rolling v8/buildtools: https://chromium.googlesource.com/chromium/src/buildtools/+log/8c2657f..80b545b Rolling v8/buildtools/linux64: git_revision:8c7f49102234f4f4b9349dcb258554675475e596..git_revision:972ed755f8e6d31cae9ba15fcd08136ae1a7886f Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/566ad95..304e510 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/dd2737e..2cfafaf TBR=machenbach@chromium.org,sergiyb@chromium.org,tmrts@chromium.org Change-Id: I409526520c064ae4f8a70b6159414c256a352fb8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1674830Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#62346}
-
- 24 Jun, 2019 21 commits
-
-
Santiago Aboy Solanes authored
This is a CL that aims to do a general cleanup of DecompressionElimination to make it easier for devs to look at it, and to create new test cases. Combined direct decompression & compression tests since they can be summarized with a for loop in just one test that tries out all the combinations. Also created 'global' accesses to stop repeating them in every test. Same for compression and decompression ops. Added EXPECT in test cases that had none. Added dots after comments. Variables now use underscore instead of camelCase. Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng Bug: v8:8977, v8:7703, v8:9183 Change-Id: I38a5c6549e0b4ff89c3271ead23b626e8b6b4843 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1628788Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Auto-Submit: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#62345}
-
Dan Elphick authored
Bug: v8:9183 Change-Id: I40c1cd1f55efc353af19cdee48e85ddc8085586c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664059 Auto-Submit: Dan Elphick <delphick@chromium.org> Commit-Queue: Adam Klein <adamk@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#62344}
-
Michael Lippautz authored
Tbr: ulan@chromium.org Bug: chromium:948807, chromium:978050 Change-Id: I73d4ca4ca43b9c9bfa57502676bab9f60b052229 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1674036 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#62343}
-
Junliang Yan authored
Bug: v8:9355 Change-Id: I317bb52952ad5b347d627d4f6096f251bca1a815 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1652558 Commit-Queue: Junliang Yan <jyan@ca.ibm.com> Reviewed-by: Alexei Filippov <alph@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#62342}
-
Maya Lekova authored
Bug: v8:7790 Change-Id: I5c98af1745ed765ec060b2fd70006a3bd57d523a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1645317 Commit-Queue: Maya Lekova <mslekova@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#62341}
-
Peter Marshall authored
There is a generated file config.descriptor which is an output file for a particular target. When we try to add this to sources, it breaks as GN no longer silently accepts files with invalid types as sources. This breakage was due to recently-rolled changes to fix crbug.com/gn/77 Similar fixes have been used here: crbug.com/964411 Change-Id: Ica9272647c6d1ed31780a6319cf098a083a3cc57 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1674032 Auto-Submit: Peter Marshall <petermarshall@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#62340}
-
Mathias Bynens authored
It shipped in Chrome 73. Bug: v8:8021 Change-Id: I72a4e7fd3cd9ae8f960471a97100054d761d926b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593461 Commit-Queue: Mathias Bynens <mathias@chromium.org> Auto-Submit: Mathias Bynens <mathias@chromium.org> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#62339}
-
Jaroslav Sevcik authored
Address a TODO: Use EmitIdentity instead of kArchNop. Bug: v8:7947 Change-Id: Idd7de1bcffaf56f7eaf5d65be4dae3257d085ea8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1674031Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#62338}
-
Mathias Bynens authored
We currently use the class name “JSValue” for JSObjects that wrap primitive values. This name is a common source of confusion. This patch switches to a name that’s more clear. In addition to manual tweaks, the patch applies the following mechanical global replacements: before | after --------------------------------|-------------------------------------- if_valueisnotvalue | if_valueisnotwrapper if_valueisvalue | if_valueiswrapper js_value | js_primitive_wrapper JS_VALUE_TYPE | JS_PRIMITIVE_WRAPPER_TYPE JSPrimitiveWrapperType | JSPrimitiveWrapper type jsvalue | js_primitive_wrapper JSValue | JSPrimitiveWrapper _GENERATED_JSVALUE_FIELDS | _GENERATED_JSPRIMITIVE_WRAPPER_FIELDS Change-Id: I9d9edea784eab6067b013e1f781e4db2070f807c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1672942Reviewed-by: Tamer Tas <tmrts@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Mathias Bynens <mathias@chromium.org> Cr-Commit-Position: refs/heads/master@{#62337}
-
Clemens Hammacher authored
We have a global test/OWNERS that has "file://COMMON_OWNERS". This CL removes redundant OWNERS files in test/ subdirectories and removes redundant entries from OWNERS files we need to keep for special per-file entries. R=yangguo@chromium.org, machenbach@chromium.org CC=jkummerow@chromium.org Bug: v8:9247 Change-Id: Ic2e8cbe8e379d7d23c86c6164305e65807f28ed3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1674024Reviewed-by: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#62336}
-
Igor Sheludko authored
... in addition to existing [Heap]Object::IsXXX(). The idea is to use these getters in hot C++ code since passing isolate explicitly makes it trivial to compute isolate root value and reduces the C++ code size. For full-pointer mode the unused isolate argument will be optimized away by the compiler, so full-pointer mode should not be affected in any sense. Bug: v8:9353 Change-Id: I405cd54e8895b58f60f797fdb1c1b5654acb56f3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664337 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#62335}
-
Igor Sheludko authored
... as its existence gives us nothing. Bug: v8:9183 Change-Id: I80234e4ca8b0c9f596a7a3ff79a926d0dda98db8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1672937Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#62334}
-
Georg Neis authored
We tried to pass the load mode even for stores. Bug: chromium:977670 Change-Id: I2527a5ca755dba343b75f54383d17e22be0a20a5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1672940 Auto-Submit: Georg Neis <neis@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#62333}
-
Dan Elphick authored
Pass correct stream to the print for the constant_pool so the debug print doesn't go the stdout. Change-Id: I12952e5fa52e4890beaa490601f053128fd2b89a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1672938 Auto-Submit: Dan Elphick <delphick@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#62332}
-
Igor Sheludko authored
Bug: v8:9183 Change-Id: Ib17445fe22da683c5be4c3f0249a31502040c2dd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1672935Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#62331}
-
Michael Lippautz authored
The default values ensure that the controller doesn't change scheduling if no values are reported from the embedder. This allows for switching the flag on the embedder side. Bug: chromium:948807 Change-Id: Ib478adc1185ed5e56d06ba4404d6cafb196cff78 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1672930Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#62330}
-
Leszek Swirski authored
Bug: chromium:976939 Bug: chromium:977089 Change-Id: I93153dcf8c38e8b0b202597f5b27ce736c0552ec Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1672936Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#62329}
-
Sigurd Schneider authored
This change reduces accumulated constant pool size on Octane2.1 from 296kb (74170 32bit words) to 125 kb (31311 32bit words), a 57.7% reduction. Bug: v8:8054 Change-Id: I7d6f24dadf9e11b49d028df10970fd0bc6229ad6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1672932Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#62328}
-
Stephen Kyle authored
This affects VisitChangeUint32ToUint64 and VisitTruncateInt64ToInt32. The geometric mean of changes across octane, ares6-1.0.1, jetstream2, and web-tooling-0.5.3, was an improvement of 1.2% when running on a Cortex-A53. Change-Id: Ib551641fb78ce4060100129e12f23cd02b0b3b27 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669690Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#62327}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/538dcba..074e5c6 TBR=machenbach@chromium.org,sergiyb@chromium.org,tmrts@chromium.org Change-Id: Ide7d847764834995c17483b79b9ac0d180435321 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1673668Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#62326}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/baf52dc..538dcba TBR=machenbach@chromium.org,sergiyb@chromium.org,tmrts@chromium.org Change-Id: I7bed7749675df466b9a229be43d91339a9a32695 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1673601Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#62325}
-
- 23 Jun, 2019 2 commits
-
-
Sigurd Schneider authored
This CL deduplicates entries in constant pools based on handle location. This works well because we already use CanonicalHandleScope in the right places. The CL gives a ~2% speed-up on octane for arm64. The code size is reduced significantly as well: Before the change all generated code spend on constant pools during an Octane run on arm64 was 723kb (90398 64bit words) before this change, and after this change only spend 189kb (23615 64bit words) were spend on constant pools. This is a 73.8% reduction. Change-Id: If0bb83453a45c0df0d1b0fee591c04c621341af1 Bug: v8:8054, v8:8977, v8:7703 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1672924 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#62324}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/6ccf6a3..baf52dc Rolling v8/buildtools: https://chromium.googlesource.com/chromium/src/buildtools/+log/6f3775a..8c2657f Rolling v8/buildtools/linux64: git_revision:81ee1967d3fcbc829bac1c005c3da59739c88df9..git_revision:8c7f49102234f4f4b9349dcb258554675475e596 Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/94c77e7..566ad95 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/125f7cc..dd2737e Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/a8fe285..fb60bb4 TBR=machenbach@chromium.org,sergiyb@chromium.org,tmrts@chromium.org Change-Id: I1e73c86275dcc3c5fda64fd932edccc52d367dd9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1673186Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#62323}
-
- 21 Jun, 2019 13 commits
-
-
Frank Tang authored
1. Check resources and not solely depend on res_index.res file 2. Performance is +2-3% for Collator, DateTimeFormat, Locale, -2-3% for PluralRules, RelativeTimeFormat, ListFormat, NumberFormat Consider we improve the performance x3 not long ago, these perf regression could be ignored. Bug: v8:9340 Change-Id: Iab7cd64a77a55a03aae40f4d477523c37b3bcd3d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1655978 Commit-Queue: Frank Tang <ftang@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Jungshik Shin <jshin@chromium.org> Cr-Commit-Position: refs/heads/master@{#62322}
-
Ross McIlroy authored
BUG=chromium:965833 TBR=leszeks@chromium.org Change-Id: I7997841e7af59f7d36854a71cb9f967b91b123d5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662573Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#62321}
-
Irina Yatsenko authored
This is a reland of 02103b27 Fix for the original build break: build android with noop crashkeys for now Original change's description: > Add Crash Keys support > > This adds crash keys containing the isolate address and addresses of > the read_only, map, and code spaces to crash report minidumps. > When not compiling V8 with Chrome, a noop implementation is used. > > Bug: v8:9323 > Change-Id: I8523630e7a4ff792855163c06bf76dab35b1b9e5 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1641326 > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> > Commit-Queue: Irina Yatsenko <irinayat@microsoft.com> > Cr-Commit-Position: refs/heads/master@{#62059} Bug: v8:9323 Change-Id: I6bb115ad14b2ce5865f4d8fb255245c38fb0cd14 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1658505 Commit-Queue: Irina Yatsenko <irinayat@microsoft.com> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#62320}
-
Ross McIlroy authored
Calling FindIndexInScript performs a linear search on the script functions and can take considerable time. With Bytecode flushing we will lose the function_literal_id and have to call FindIndexInScript if we ever recompile the flushed function. This can take a significant proportion of the recompilation time and has caused regressions in rendering times for some web applications (e.g, 395ms in FindIndexInScript for 132ms spent lazily re-compiling code). To avoid this, add function_literal_id back into the SFI and remove it from UnoptimizedCompileInfo. This will slightly regress memory usage (particularly in cases where many of the SFIs are compiled), however it means we can remove the FindIndexInScript function and avoid these long-tail regressions when bytecode is flushed. BUG=chromium:965833 Change-Id: Ia31e82eb6c871a6d698a518326a8555822a7a1d8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669700Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#62319}
-
Daniel Clark authored
Convert the new class SourceTextModuleRecord to use Torque to define its fields. Bug: v8:9292 Change-Id: Iddad3b266dd0dc122aee510cc41c69be27988c4a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1668011 Commit-Queue: Dan Clark <daniec@microsoft.com> Reviewed-by: Georg Neis <neis@chromium.org> Auto-Submit: Dan Clark <daniec@microsoft.com> Cr-Commit-Position: refs/heads/master@{#62318}
-
Sigurd Schneider authored
Rework the implementation of non-external Torque classes to use Struct machinery rather than FixedArray machinery. This allows Torque-only defined 'internal' classes to the automatically generate class verifiers and printers. As part of this change, generate C++ boilerplate accessors for internal Torque classes, since this is a pre-requisite for the verifiers, printers and other Struct-based functionality. Moreover, augment the header-generating functionality in Torque to create separate header files for field offset definitions, internal class C++ definitions and instance types. Bug: v8:7793 Change-Id: I47d5f1570040c2b44d378f23b6cf95d3d132dacc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1607645 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#62317}
-
Irina Yatsenko authored
The extensions require isolate address to be set but don't rely on calling any runtime functions, which makes them viable for post-mortem debugging, if the corresponding memory is included into the dump !set_iso(isolate_address) call this function before using !mem or other heap routines !mem or !mem(\"space1[ space2 ...]\") prints memory chunks from the 'space' owned by the heap in the isolate set by !set_iso; valid values for 'space' are: new, old, map, code, lo [large], nlo [newlarge], ro [readonly] if no 'space' specified prints memory chunks for all spaces, e.g. !mem(\"code\"), !mem(\"ro new old\") !where(address) prints name of the space and address of the MemoryChunk the 'address' is from, e.g. !where(0x235cb869f9) Output from !mem would look something like this: 0:000> !mem("old") Heap at 0x210652b8838 Im address: object area start - end (size) OldSpace (allocating at: 0x1703dae7a20): * 0x33d9a8c0000: 0x33d9a8c0138 - 0x33d9a8f1000 (0x31000) 0x1703dac0000: 0x1703dac0138 - 0x1703db00000 (0x40000) Change-Id: Iae1a217bbc5c5a88e2cf742db88ead9bb6fc904c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669744 Commit-Queue: Irina Yatsenko <irinayat@microsoft.com> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Sergiy Belozorov <sergiyb@chromium.org> Cr-Commit-Position: refs/heads/master@{#62316}
-
Andreas Haas authored
The table.copy instruction used the indirect_function_table_size field of the instance for bounds-checks. However, when Table 0 is of type anyref, this field is not set. Now we use the actual size of the table instead. R=clemensh@chromium.org Bug: chromium:977101 Change-Id: Idda9cfe228141877747ed9a824936a1232f58cf8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669695 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#62315}
-
Andreas Haas authored
The {indirect_function_table_size} field of the instance was initialized with the size of the first anyfunc table. However, this field should only be set if Table 0 is of type anyfunc. R=clemensh@chromium.org Bug: chromium:977101 Change-Id: I4729feb6b67387ccda53d17179a34d719347efed Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669697Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#62314}
-
Sigurd Schneider authored
TBR=ishell@chromium.org Change-Id: Iba69e556519a76334b9a3a1a0ece9a67f7f69cf2 Bug: v8:8855 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669696 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#62313}
-
Clemens Hammacher authored
The platform is allowed to remove the foreground task without ever executing it if the isolate is shutting down. This can happen immediately when spawning the task. This would leave a stale pointer to the deleted task in the engine, and can lead to UAF. Thus deregister the task also from the destructor. At that point, we do not need to report back any live code for that isolate. R=ahaas@chromium.org Bug: v8:8217, chromium:971293 Change-Id: I7081efde8f306649d08956e758254a8875db8271 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669694Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#62312}
-
Milad Farazmand authored
Port 20d29a36 Original Commit Message: This disallows using CSA macros from Torque that have a Node* return type instead of TNode<>. By enforcing CSA types at the boundary between CSA and Torque, we can ensure that the Torque types and the CSA types match. As a drive-by, this CL adds a bit more of CSA typing where it made sense. R=tebbi@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG= LOG=N Change-Id: I531531e9029875b7685a9d775410ec9f924f8b69 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669827Reviewed-by: Junliang Yan <jyan@ca.ibm.com> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#62311}
-
Georg Neis authored
A few are still left and made explicit with Allow* scopes. Bug: v8:7790 Change-Id: I85e78949730d046d3449e0cee70997e60a043825 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1622108 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#62310}
-