- 04 Apr, 2022 2 commits
-
-
Igor Sheludko authored
Bug: v8:11880 Change-Id: Id3975d0c10ac5ece5c55d9db5ae7c6786fde2dfe Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3564566Reviewed-by:
Clemens Backes <clemensb@chromium.org> Reviewed-by:
Jakob Linke <jgruber@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/main@{#79739}
-
Igor Sheludko authored
... instead of Code objects. This is a step towards not creating Code objects for embedded builtins. Bug: v8:11880 Change-Id: Ie9f87b09d06e6b872ce3a5fa5d03a2502df979d9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3564565Reviewed-by:
Jakob Linke <jgruber@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/main@{#79733}
-
- 01 Apr, 2022 2 commits
-
-
Benoit Lize authored
For short builtin calls, the builtins are copied on the heap when they cannot be put close enough to be in range of relative calls. This costs memory, as the embedded builtins are part of the binary, and mapped from the binary, and as a consequence shared with all running processes. Rather than copying the memory, we can remap it at a different address, avoiding the memory cost. This CL does that, on ARM64 macOS only for now. This saves at least ~1.4MiB of memory per V8 process. See below the output of vmmap <PID>: [...] Memory Tag 255 7408308000-740833c000 [ 208K 144K 144K 0K] r-x/rwx SM=ZER Memory Tag 255 740833c000-7408340000 [ 16K 0K 0K 0K] ---/rwx SM=ZER Memory Tag 255 7408344000-7408348000 [ 16K 0K 0K 0K] ---/rwx SM=ZER Memory Tag 255 7408348000-740837c000 [ 208K 144K 144K 0K] r-x/rwx SM=ZER Memory Tag 255 740837c000-740fe80000 [123.0M 0K 0K 0K] ---/rwx SM=ZER mapped file 740fe80000-740ffe4000 [ 1424K 1328K 0K 0K] r-x/rwx SM=COW ...pp/Contents/Frameworks/Chromium Framework.framework/Versions/102.0.4958.0/Chromium Framework Memory Tag 255 740ffe4000-7410000000 [ 112K 0K 0K 0K] ---/rwx SM=ZER The "208K" regions are 256kiB code pages, minus the header and guard pages, meaning that they are code chunks. The mapped file are the remapped builtins, showing that they aren't copied, but remapped from the binary. Bug: chromium:1298417 Change-Id: Ia30a43e671726d01450a7db0ecb7777b34763053 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3553006Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Commit-Queue: Benoit Lize <lizeb@chromium.org> Cr-Commit-Position: refs/heads/main@{#79716}
-
Dominik Inführ authored
Lock mutex for shared isolate in global safepoints, such that e.g. the StringTable can use isolate->heap()->safepoint()->AssertActive() even for shared isolates. Bug: v8:11708, v8:12749 Change-Id: I8d99203581dfa2d7225846e19fa981300f88589e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3563138Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/main@{#79715}
-
- 29 Mar, 2022 2 commits
-
-
Shu-yu Guo authored
Bug: v8:11111, v8:12731, v8:12742 Change-Id: I2679c0e64faca25a2c16e15fd3a5c727eb941c92 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3551894Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Marja Hölttä <marja@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/main@{#79662}
-
Arthur Eubanks authored
Recent Clang versions have enhanced -Wunused-but-set-variable which now warns about these. Bug: chromium:1309955 Change-Id: Id99e3eee60bf2c789e15251f65a192a6bf51f252 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3554603Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/main@{#79645}
-
- 28 Mar, 2022 1 commit
-
-
Milad Fa authored
Code alignment was updated to 64-bytes on ppc: https://crrev.com/c/3528993 This change is required to maintain the same alignment on AIX. Change-Id: I8cc33c9abad1ceeac050fde30700d315ef549d7f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3552087Reviewed-by:
Vasili Skurydzin <vasili.skurydzin@ibm.com> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Commit-Queue: Milad Farazmand <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/main@{#79639}
-
- 24 Mar, 2022 1 commit
-
-
Milad Fa authored
P10 comes with prefixed instruction (2 x 4-byte instructions) which allow for using larger immediate values. `paddi` has been added in this CL which uses a 34-bit immediate. Prefixed instructions cannot cross 64-byte boundaries, i.e we cannot have the first 4-bytes on one side and the second 4-bytes emitted on the other side of the boundary. Therefore we need to align generated code to 64 bytes and emit a nop whenever the boundary is being crossed midway (check emit_prefix). Change-Id: I90e9953089214e15eeef0d70147ea5943fe05f45 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3528993Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Junliang Yan <junyan@redhat.com> Commit-Queue: Milad Farazmand <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/main@{#79612}
-
- 23 Mar, 2022 1 commit
-
-
Leszek Swirski authored
CreateInterpreterDataForDeserializedCode checks for bytecode, copies the InterpreterEntryTrampoline, and installs that and the bytecode on InterpreterData. However, the bytecode can be flushed when the IET is copied, which results in a failure to read it afterward. Add an IsCompiledScope to guard against this. As a drive-by, guard against baseline code being installed on the function. This shouldn't happen in normal execution, but could theoretically happen with some extra support for --always-sparkplug. Bug: chromium:1308178 Change-Id: Ia5e81b376bff2aaa19e9c6007242629ab8b0d4a8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3545171Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#79580}
-
- 17 Mar, 2022 1 commit
-
-
Jakob Gruber authored
- Restructure the runtime function implementation. - Rename osr_loop_nesting_level to osr_urgency and add helpers. The motivation for the latter: I've always struggled with the `osr_loop_nesting_level` term; it neither matches terminology of what it's compared against (= the loop depth), nor implies what it's used for (= osr is triggered when `loop depth < osr nesting level`). In this CL it's renamed to `osr_urgency` to reflect that as urgency rises, we consider more and more loops as OSR candidates. Bug: v8:12161 Change-Id: I194ec5a3f1f02526641af1c7796ee0956b6fd3a1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3528735Reviewed-by:
Patrick Thier <pthier@chromium.org> Reviewed-by:
Shu-yu Guo <syg@chromium.org> Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/main@{#79509}
-
- 16 Mar, 2022 2 commits
-
-
Samuel Groß authored
JSObject::InitializeBody now checks whether the instance type of the object being initialized can have embedder data slots around the initialization logic for these slots. This fixes a performance regression on certain benchmarks. To perform this check efficiently, a new instance type, JSObjectWithEmbedderSlots, is introduced so that the check becomes a simple range check. Bug: chromium:1304139 Change-Id: I00c892bc2276e950b59602257ca1c2435c10e517 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3507712Reviewed-by:
Igor Sheludko <ishell@chromium.org> Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Cr-Commit-Position: refs/heads/main@{#79497}
-
Samuel Groß authored
This method now handles external pointers in HeapObjects during serialization by encoding the representation of the external pointer (sandboxed, raw), the origin (internal, api) and potentially the external pointer tag. It is currently only used to handle JSExternalObjects but could, in the future, be extended to handle all external pointers that need special handling during serialization/deserialization. Bug: v8:12700 Change-Id: Ib0747d765ddc632e4ca4ee94521616d0271be0bc Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3521904Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Cr-Commit-Position: refs/heads/main@{#79496}
-
- 14 Mar, 2022 1 commit
-
-
Samuel Groß authored
Instead of implementing ExternalObjects as plain JSObjects with a single EmbedderDataSlot pointing to a Foreign containing the actual raw pointer, this CL now creates a new JSExternalObject type that directly contains the external pointer. As a side-effect of this refactoring, nullptr values are now no longer valid for ExternalObjects. Change-Id: Ic8ff334681c966e823ca70f34dd1efaaa21a0789 Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3513234Reviewed-by:
Igor Sheludko <ishell@chromium.org> Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Cr-Commit-Position: refs/heads/main@{#79459}
-
- 07 Mar, 2022 1 commit
-
-
Samuel Groß authored
This simplifies various bits of logic around EmbedderDataSlots as the raw part will now always contain a valid index into an external pointer table entry. This CL also unifies the initialization of EmbedderDataSlots by providing a EmbedderDataSlots::Initialize method and adds more documentation about the layout of EmbedderDataSlots in the different configurations. Bug: v8:10391 Change-Id: Ie952598898a7a6c9d40b28d3a7370bfc1291bcf0 Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3472495Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Cr-Commit-Position: refs/heads/main@{#79384}
-
- 01 Mar, 2022 1 commit
-
-
Igor Sheludko authored
1) add relaxed version of Code::main_cage_base accessors and use them from in those cases where they can be called from backround thread, 2) pass the main cage base value to IsCode() predicate to avoid accessing non-acomic Heap pointer value in page headers from background compilation thread. Drive-by cleanup: use MarkingVerifier::cage_base() instead of Code::main_cage_base(). Bug: v8:11880, v8:12611 Change-Id: I9fd28c1a3babb862d08fec09f6cfc369beaad231 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3494238Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/main@{#79313}
-
- 25 Feb, 2022 1 commit
-
-
Camillo Bruni authored
- Avoid handle derefs where possible - Split off PostProcessNewJSReceiver to avoid additional instance-type checks - Precompute should_rehash_ to avoid additional branches in PostProcessNewObject Bug: v8:12195 Change-Id: Ib80e711ced48b9b43072ada4e7ed72eb11ab0b8c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3270537Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/main@{#79279}
-
- 24 Feb, 2022 2 commits
-
-
Camillo Bruni authored
With this change we can easily track and filter unsupported objects for full-page snapshots. Bug: v8:11525 Change-Id: Id75b6f4edf68b47d6dfbe79aed2b686aeec61068 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3484320Reviewed-by:
Marja Hölttä <marja@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/main@{#79252}
-
Clemens Backes authored
{FreePages} is never expected to fail, and each caller wraps the call in a CHECK macro. In order to learn more about failures, this CL moves the CHECK inside of {::FreePages}, to fail whenever the {PageAllocator} fails to free pages. As a next step, I'll audit our {PageAllocator} implementations to ensure that none of them return {false} for {FreePages}. Note that this is already the case for the gin platform (chromium). R=mlippautz@chromium.org Bug: v8:12656, chromium:1299735 Change-Id: Ib61be6cc8da0110ead2db1ad005728bd061e0243 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3484321Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#79248}
-
- 22 Feb, 2022 1 commit
-
-
Camillo Bruni authored
This CL prepares WebSnapshot for skipping and re-injecting external references in the web snapshot. External references are encoded as separate object type and allows us to create partial snapshots at runtime and reconnect a deserialised snapshot to an existing object graph. Part II will also collect all objects which cannot be serialized by the web-snapshot serializer. Usage: snapshot = %WebSnapshotSerialize(root, skip_externals); object = %eWebSnapshotDeserializ(snapshot, replaced_externals); Drive-by-changes: - Reduce JSObject Map size in serializer (we ended up with 4 embedder fields) - Avoid adding non-HeapObject to the discovery_queue_ - Split off ReadXXX handlers into separate functions Bug: v8:11525 Change-Id: Ia6a9914259614c6c288667621b38daa0202d4d72 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3461936Reviewed-by:
Marja Hölttä <marja@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/main@{#79211}
-
- 18 Feb, 2022 1 commit
-
-
Samuel Groß authored
Previously, V8_OS_MACOSX was, somewhat confusingly, also used for iOS. With this CL, V8_OS_DARWIN will be set on both macOS and iOS, V8_OS_MACOS only on macOS, and V8_OS_IOS only on iOS. This CL also renames V8_TARGET_OS_MACOSX to V8_TARGET_OS_MACOS and renames platform-xnu.cc to platform-darwin.cc. Change-Id: I4bcafc7c337586662114144f6c7ccf47d978da1f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3468577Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Cr-Commit-Position: refs/heads/main@{#79167}
-
- 16 Feb, 2022 1 commit
-
-
Jakob Gruber authored
- bbudge - delphick - gsathya - mvstanton - sigurds - zhin + tebbi in src/torque/OWNERS Change-Id: I81ff27860cede273f1874b6079fa89e09486a99a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3461937Reviewed-by:
Emanuel Ziegler <ecmziegler@chromium.org> Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/main@{#79113}
-
- 07 Feb, 2022 1 commit
-
-
Dominik Inführ authored
Verification code in HeapObject::set_map() is supposed to run on the main thread since object layout change is only supported on the main thread. There are some users of set_map() on background threads though, which resulted in crashes. Since those users all perform a safe map transition, we introduce a separate method for this purpose: HeapObject::set_map_safe_transition(). This method behaves just like set_map() but verifies that this is a safe map transition and not an object layout change and therefore can be used on background threads as well. This CL also adds a DCHECK to HeapObject::set_map() to ensure we run this method only on the main thread. Bug: chromium:1293484 Change-Id: I25de6fda08de21b8b7a3645cf0ea5b1334e8a2f6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3439905Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/main@{#78978}
-
- 28 Jan, 2022 3 commits
-
-
Shu-yu Guo authored
Change-Id: Ie62c4d46b767f1dcf70e8e75a30b5fc4d90ac295 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3424897 Auto-Submit: Shu-yu Guo <syg@chromium.org> Reviewed-by:
Adam Klein <adamk@chromium.org> Commit-Queue: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/main@{#78851}
-
Igor Sheludko authored
The contents of CodeDataContainer::code_cage_base field was accidentally written during serialization while zeros should have been written instead. Bug: v8:11880 Change-Id: Ib1d66d2fe8cceace19f4feb57950838bfbc89efa Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3422642 Commit-Queue: Igor Sheludko <ishell@chromium.org> Auto-Submit: Igor Sheludko <ishell@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#78841}
-
Shu-yu Guo authored
Currently the reconstruction of the shared heap object cache for testing incorrectly includes the terminating undefined value. Unlike the RO cache reconstruction, which does not change, the shared heap object cache may be extended by serializing the live Isolate during testing, so it should skip the original terminating undefined. Bug: v8:12007, v8:12584 Change-Id: If73b865567ed7d5b658506e15b1dc8d14bd755d6 Cq-Include-Trybots: luci.v8.try:v8_linux64_gc_stress_custom_snapshot_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3421726 Auto-Submit: Shu-yu Guo <syg@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#78836}
-
- 27 Jan, 2022 1 commit
-
-
Shu-yu Guo authored
Bug: v8:12584, v8:12007 Change-Id: Iac3c8b1c5935142742dddc7e12293fd7640c06a3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3419736 Auto-Submit: Shu-yu Guo <syg@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#78804}
-
- 26 Jan, 2022 1 commit
-
-
Shu-yu Guo authored
This is a reland of 5320fe8d Changes since revert: - Remove stale DCHECK in deserializer Original change's description: > Reland "[string] Support shared strings in Value{Serializer,Deserializer}" > > This is a reland of 3cb4039c > > Changes since revert: > - Fix FLAG_stress_scavenge interaction with shared Isolate > - Use the shared Isolate's global handles to keep shared values > alive in transit during a postMessage > > Original change's description: > > [string] Support shared strings in Value{Serializer,Deserializer} > > > > When FLAG_shared_string_table is true, postMessaging strings will share > > instead of copy. > > > > Note that not all operations on shared strings are supported, and shared > > strings may be slower than non-shared strings for some operations. Bug: v8:12007 Change-Id: I70782978ed05558615eca03bafc4c12eba3644ca Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3417189Reviewed-by:
Dominik Inführ <dinfuehr@chromium.org> Reviewed-by:
Camillo Bruni <cbruni@chromium.org> Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/main@{#78791}
-
- 25 Jan, 2022 1 commit
-
-
Samuel Groß authored
When sandboxed external pointers are enabled, external pointers now only require 32 bits of storage space in a HeapObject. This CL does not shrink the size of EmbedderDataSlots, which will happen in a follow-up CL. Bug: v8:10391 Change-Id: I3cf8b68c3b985cf806a45183717f50462a88c281 Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3359629Reviewed-by:
Igor Sheludko <ishell@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Maya Lekova <mslekova@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Cr-Commit-Position: refs/heads/main@{#78754}
-
- 19 Jan, 2022 1 commit
-
-
Scott Violet authored
The experiment has been would down, so these can be removed. This effectively reverts these two commits: https://chromium-review.googlesource.com/c/v8/v8/+/3271389 https://chromium-review.googlesource.com/c/v8/v8/+/3256006 chrome side here: https://chromium-review.googlesource.com/c/chromium/src/+/3399313 BUG=chromium:1257321 TEST=none Change-Id: I5e9e4e7f56a6f19159d1c8c20c5a1fe5ed2859fb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3399226Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Scott Violet <sky@chromium.org> Cr-Commit-Position: refs/heads/main@{#78685}
-
- 14 Jan, 2022 1 commit
-
-
Igor Sheludko authored
The Isolate might not be aware that remapped builtins are used (see Code::OffHeapInstructionStart()), so always try to lookup PC in the remapped builtins if they are available. This is a follow-up to https://chromium-review.googlesource.com/c/v8/v8/+/3379817. Bug: chromium:1241665, v8:11460 Change-Id: Ied59ce6c7920278ed701e7139c8b6839a04cf1cf Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3386381Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/main@{#78624}
-
- 13 Jan, 2022 2 commits
-
-
Lei Zhang authored
Use grep to check for obviously unneeded includes. e.g. headers that include <vector> but does not contain "std::vector". Change-Id: I43a9e9f01e072fd495918d28ca4cdad5cfa0294c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3354400Reviewed-by:
Marja Hölttä <marja@chromium.org> Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org> Cr-Commit-Position: refs/heads/main@{#78613}
-
Patrick Thier authored
This CL fixes 2 issues with string internalization when the string table is shared: 1. In-place migration of a string's map to Internalized was done before it was sure that the string is going to be internalized (outside the critical section). To fix this problem StringTableKey::AsHandle() is now split into StringTableKey::PrepareForInsertion(), which is invoked outside the critical section and creates a copy if necessary, and StringTableKey::GetHandleForInsertion(), which is invoked inside the critical section only for string table misses. Migration of the map is handled by this method. 2. TryStringToIndexOrLookupExisting() didn't handle already internalized strings. So far this was impossible, as this method was only invoked for strings that were checked not to be internalized. However with a shared string table, the string could be internalized after the checks. Bug: v8:12007 Change-Id: I193d6b54dc41360eee47d21cbcaa36d2652d85dd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3368103Reviewed-by:
Shu-yu Guo <syg@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Commit-Queue: Patrick Thier <pthier@chromium.org> Cr-Commit-Position: refs/heads/main@{#78600}
-
- 12 Jan, 2022 1 commit
-
-
Igor Sheludko authored
The Isolate might not be aware that remapped builtins are used (see Code::OffHeapInstructionStart()), so always try to lookup PC in the remapped builtins if they are available. Bug: chromium:1241665, v8:11460 Change-Id: Iefc373cf0ea0110c8c002b7677e6a1fd8fd45319 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3379817Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/main@{#78579}
-
- 10 Jan, 2022 1 commit
-
-
XiangYang authored
Modify the wrong code annotation. Change-Id: Ied592d7066f394581ba36480eb91221f1ba53bbc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3359104Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/main@{#78541}
-
- 16 Dec, 2021 1 commit
-
-
Igor Sheludko authored
This CL * removes Builtins::codet() and Builtins::codet_handle() returning builtins as CodeT objects in favor of code() and code_handle(), * removes BUILTIN_CODET macro in favor of BUILTIN_CODE, * removes CodeDataContainer table. Bug: v8:11880 Change-Id: Ic868549030744b0ff3ea5d5edbfcacf77c6de96d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3344650Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/main@{#78399}
-
- 15 Dec, 2021 1 commit
-
-
Samuel Groß authored
This CL renames a number of things related to the V8 sandbox. Mainly, what used to be under V8_HEAP_SANDBOX is now under V8_SANDBOXED_EXTERNAL_POINTERS, while the previous V8 VirtualMemoryCage is now simply the V8 Sandbox: V8_VIRTUAL_MEMORY_CAGE => V8_SANDBOX V8_HEAP_SANDBOX => V8_SANDBOXED_EXTERNAL_POINTERS V8_CAGED_POINTERS => V8_SANDBOXED_POINTERS V8VirtualMemoryCage => Sandbox CagedPointer => SandboxedPointer fake cage => partially reserved sandbox src/security => src/sandbox This naming scheme should simplify things: the sandbox is now the large region of virtual address space inside which V8 mainly operates and which should be considered untrusted. Mechanisms like sandboxed pointers are then used to attempt to prevent escapes from the sandbox (i.e. corruption of memory outside of it). Furthermore, the new naming scheme avoids the confusion with the various other "cages" in V8, in particular, the VirtualMemoryCage class, by dropping that name entirely. Future sandbox features are developed under their own V8_SANDBOX_X flag, and will, once final, be merged into V8_SANDBOX. Current future features are sandboxed external pointers (using the external pointer table), and sandboxed pointers (pointers guaranteed to point into the sandbox, e.g. because they are encoded as offsets). This CL then also introduces a new build flag, v8_enable_sandbox_future, which enables all future features. Bug: v8:10391 Change-Id: I5174ea8f5ab40fb96a04af10853da735ad775c96 Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3322981Reviewed-by:
Hannes Payer <hpayer@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Reviewed-by:
Michael Achenbach <machenbach@chromium.org> Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Cr-Commit-Position: refs/heads/main@{#78384}
-
- 14 Dec, 2021 1 commit
-
-
Igor Sheludko authored
This CL migrates JSFunction's code accessors to CodeT. Bug: v8:11880 Change-Id: I8cf367eb79cc1d59548dd4f3e18c010f76f101cb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3330466Reviewed-by:
Nico Hartmann <nicohartmann@chromium.org> Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/main@{#78365}
-
- 08 Dec, 2021 2 commits
-
-
Leszek Swirski authored
Reduce the enqueuing cost of compiler-dispatcher jobs by getting rid of the sets and hashmaps, and instead: 1. Turning the pending job set into a queue, and 2. Making the SharedFunctionInfo's UncompiledData hold a pointer to the LazyCompilerDispatcher::Job, instead of maintaining an IdentityMap from one to the other. To avoid bloating all UncompiledData, this adds two new UncompiledData subclasses, making it four subclasses total, for with/without Preparse data and with/without a Job pointer. "should_parallel_compile" FunctionLiterals get allocated an UncompiledData with a job pointer by default, otherwise enqueueing a SFI without a job pointer triggers a reallocation of the UncompiledData to add a job pointer. Since there is no longer a set of all Jobs (aside from one for debug-only), we need to be careful to manually clear the Job pointer from the UncompiledData whenever we finish a Job (whether successfully or by aborting) and we have to make sure that we implicitly can reach all Jobs via the pending/finalizable lists, or the set of currently running jobs. Change-Id: I3aae78e6dfbdc74f5f7c1411de398433907b2705 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3314833Reviewed-by:
Igor Sheludko <ishell@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#78302}
-
Marja Hölttä authored
Bug: v8:11525 Change-Id: Ida18808fd299f0f5754a2693b1e6dbc93b263d77 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3320424Reviewed-by:
Camillo Bruni <cbruni@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/main@{#78284}
-
- 06 Dec, 2021 1 commit
-
-
Shu-yu Guo authored
For shared strings, String::MakeThin is protected by using the map word of the string being migrated as a spinlock. Note that this CL does not make it safe yet to access character data from multiple threads. The spinlock here only protects write-write races in String::MakeThin. For more information, see the following two design docs: https://docs.google.com/document/d/1c5i8f2EfKIQygGZ23hNiGxouvRISjUMnJjNsOodj6z0/edit https://docs.google.com/document/d/1Drzigf17t4ofy0evDmaIL5p0MDZuAl95c9fSeX-QjVg/edit Bug: v8:12007 Change-Id: I9c47412c6ec7360a672b65a8576b4f6156ee5846 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3313429 Commit-Queue: Shu-yu Guo <syg@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Marja Hölttä <marja@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
Patrick Thier <pthier@chromium.org> Reviewed-by:
Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/main@{#78257}
-