- 10 Mar, 2021 7 commits
-
-
Clemens Backes authored
Some ValueKinds were defined based on the size of a system pointer or the size of a tagged value. In order to be able to reuse those definitions in both LiftoffAssembler and LiftoffCompiler, define them as public constants on LiftoffAssembler. Also, avoid the "ValueType" suffix, since they are not ValueTypes, but ValueKinds. R=jkummerow@chromium.org Change-Id: I38f9c9b6c4e6592d31ee58466b786bf24a55f19c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2743890Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#73315}
-
Georg Neis authored
Bug: v8:7790 Change-Id: I1e7448c6583a36b2311474e14f4611935e2aa79f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2748076Reviewed-by:
Georg Neis <neis@chromium.org> Reviewed-by:
Santiago Aboy Solanes <solanes@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#73314}
-
Clemens Backes authored
In contrast to wasm modules, asm.js modules have an empty source URL. Thus loosen a DCHECK and handle the nullptr source_url correctly. Also add regression tests that check that we don't crash. Those can later be extended to check that the profile looks as expected; for now they only check that we terminate. R=bmeurer@chromium.org Bug: chromium:1185919 Change-Id: I6b879f540a2c3647920ad2970efcf7c94712d8c7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2745895Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#73313}
-
Michael Achenbach authored
Bug: chromium:1154223 Change-Id: Ie1786a499f87f86bc6f91a92a0dfb1a02889ef46 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2748083Reviewed-by:
Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#73312}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/077f859..389d3f3 Rolling v8/buildtools: https://chromium.googlesource.com/chromium/src/buildtools/+log/a5cc843..368c7dd Rolling v8/third_party/aemu-linux-x64: dBlHF6-1NU-vr6DU068Y8_WQHCWdk_yovRmg225wIr0C..oXIWsntGxFugYHN4Qb0Ve-IRPq4Rq1FxFYNiuEKnP0kC Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/75c9832..57af8c3 Rolling v8/third_party/icu: https://chromium.googlesource.com/chromium/deps/icu/+log/e6379c8..d879aac Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/630ab8a..fc54e6b TBR=v8-waterfall-sheriff@grotations.appspotmail.com Change-Id: I23f92a7e958b90228f898df85e3efa87c9429a73 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2746751Reviewed-by:
v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#73311}
-
Milad Fa authored
Change-Id: If9380a99318618199ced8f079d13ddee28cde770 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2745896Reviewed-by:
Junliang Yan <junyan@redhat.com> Commit-Queue: Milad Fa <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/master@{#73310}
-
Ng Zhi An authored
This is done with a script that does something like: files=$(ag 'v\d\d?x\d\d?[._]?all_?true' -l) sed -i 's/V\(8x16\|16x8\|32x4\|64x2\)\([._]\?\)\([aA]ll_\?[tT]rue\)/I\1\2\3/g' $(files) sed -i 's/v\(8x16\|16x8\|32x4\|64x2\)\([._]\?\)\([aA]ll_\?[tT]rue\)/i\1\2\3/g' $(files) And manual fixups in test-run-wasm-simd.cc and wasm-opcodes-inl.h. Bug: v8:10946 Change-Id: Ib5dad388dd6dd9cd0fb575ad961dffc189a2e6ef Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2740488Reviewed-by:
Bill Budge <bbudge@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#73309}
-
- 09 Mar, 2021 24 commits
-
-
Ng Zhi An authored
They were using a fixed offset of pc+2, but since the instructions can be multiple bytes long (leb128 encoded), it should be using *len. Drive-by fix to add missing instructions to wasm-module-builder.js. Bug: chromium:1185323,chromium:1185492 Change-Id: I12f396cc2969ecc284aba35b94b1bc5640f12277 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2745977 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by:
Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#73308}
-
Michael Lippautz authored
Bug: chromium:1056170 Change-Id: I89dd887a75a475f998d950e86f35c7fe2af5d67f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2743887Reviewed-by:
Omer Katz <omerkatz@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#73307}
-
Michael Lippautz authored
The test ensures that in-construction objects that have been found through a write barrier are properly processed (marked + trace) when finalizing the collection conservatively with a different stack. This is a test for https://crrev.com/c/2744074 Bug: chromium:1056170 Change-Id: I8099bca1fb9025a315a8f0a3530aac822d1c45d2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2745334Reviewed-by:
-
Dominik Inführ authored
It could happen that a background thread expands the heap by one page, but by the time the thread tries to allocate on it the space is already used by other background threads. If this happens three times in a row, V8 would crash with an OOM error. This CL prevents such situations by always allocating the object immediately at area_start(). Bug: v8:10315 Change-Id: I6390c84e742bf4105e70e930c21557ff1f4d952d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2743881Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#73305}
-
Frank Tang authored
https://chromium.googlesource.com/external/github.com/tc39/test262/+log/f6034ebe..311265 Bug: v8:7834 Change-Id: Ib5b92ff8a2b32a2f9c4140c5f70c514e52ab191c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2744442 Commit-Queue: Frank Tang <ftang@chromium.org> Reviewed-by:
Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/master@{#73304}
-
Clemens Backes authored
The wasm instance will initially be in kWasmInstanceRegister, and for each call we also need to put it in that register. Hence, when getting a new register to cache the instance, prefer that register, if it is available. R=thibaudm@chromium.org Bug: v8:11336 Change-Id: Ie7026c4c7c5e4b825b9ab310839f0273bd3ce7f1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2743885 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by:
Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/master@{#73303}
-
Thibaud Michaud authored
... and after creating the debug side table entry. The safepoint and the debug side table entry should be generated right after the call, so that they are associated with the return address of the previous call. R=clemensb@chromium.org Bug: v8:11453 Change-Id: I71395851c5a7f4e2c873907454245c9d04f972f1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2739629 Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Reviewed-by:
-
Seth Brenith authored
The generated Torque files class-verifiers.cc and class-debug-readers.cc currently include files which are part of v8_initializers, despite being used in unrelated build targets. This change removes the unnecessary inclusions. There is still a lot of code included via all-objects-inl.h, but that's because these files require full class definitions for every object type. Bug: v8:11528 Change-Id: Ib26496f2a30ef576f1101636e0aca2cafbfd1f37 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2743087 Commit-Queue: Seth Brenith <seth.brenith@microsoft.com> Reviewed-by:
Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/master@{#73301}
-
Maya Lekova authored
This CL removes the caching of the stack slot used for the fallback mechanism in V8, as the current implementation is incorrect and needs to be reworked. Bug: chromium:1185753 Change-Id: I9f77bc42bfd649e0dbcd294b000b48c928cf99d0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2743886 Commit-Queue: Maya Lekova <mslekova@chromium.org> Reviewed-by:
-
Sathya Gunasekaran authored
Lazy native accessors require special handling to rewrite the accessor into a data property, so transition to a slow handler for this case. Bug: v8:11485 Change-Id: I01636c6e624562619a216fea5e836ae85c7da93f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2743882Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#73299}
-
Clemens Backes authored
This ensures that after the function-entry stack check, the instance will still be available in a register. The cost is having to reload it from the stack in the OOL code for the stack check, even though it is not clear if that register will still be used. This does not affect code size significantly (~0.25% reduction), but can improve performance a little bit if there are memory accesses or other instructions that require the instance right at the beginning of the function. R=thibaudm@chromium.org Bug: v8:11336 Change-Id: Ib72db172813d55120f527b31014b69a734934ff3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2743878Reviewed-by:
-
Michael Achenbach authored
Bug: chromium:1154223 Change-Id: I9545db5ce76f973f8402cefe588d994d1519135b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2745137Reviewed-by:
Liviu Rau <liviurau@chromium.org> Auto-Submit: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Liviu Rau <liviurau@chromium.org> Cr-Commit-Position: refs/heads/master@{#73297}
-
Santiago Aboy Solanes authored
Reading the descriptor array from a map has been safe for a while. Bug: v8:7790 Change-Id: Ib06e12727b7da26c09822db45530addc11e2cf00 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2739637Reviewed-by:
-
Thibaud Michaud authored
Push the caught exception on the value stack, so that we can access it from an inner catch block and rethrow it. R=clemensb@chromium.org Bug: v8:11453 Change-Id: Ibc5e653a07c3e4436e252c001b53bc2d3402abc9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2739974Reviewed-by:
-
Jakob Kummerow authored
With the value stack refactoring in 1b5c7e15 / r73193, the combination of helper functions called by PeekArgs() ended up checking the stack height repeatedly. This CL avoids that by introducing a ValidateArgType() helper that does not check stack height. Bonus: achieve a small speedup by special-casing two of the most common opcodes in the decoder's main dispatcher. Fixed: chromium:1185082 Change-Id: I6d51aca844ef9377d203147f74ff8137e12a23e7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2745341 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by:
-
pthier authored
This is a reland of a8b61ef5 The main reason for the revert was not related to this CL and was fixed with https://crrev.com/c/2739646 In addition debug output in d8.test.verifySourcePositions was removed due to TSAN complaints. Original change's description: > [sparkplug] Change bytecode offset mapping and introduce iterator. > > Previously, we recorded pairs of (bytecode offset, sparkplug pc) to > create a mapping of bytecode offset <-> sparkplug pc. > These pairs were only recorded after builtin/runtime calls. > In preparation for deoptimizing to Sparkplug, we need a more precise > mapping. > With this CL, we record positions for every bytecode. Instead of storing > a pair of (bytecode offset, sparkplug pc), we store only the pc, > calculating the bytecode offset from the index in the mapping table. > For easier use an iterator to access the mapping is introduced. > > Drive-by: Reduce sampling interval in cpu-profiler cctest to get rid of flaky failures. > > Bug: v8:11420, v8:11429 > Change-Id: I36a9171f43a574eb67880cbca6cf9ff7ab291e60 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2720189 > Reviewed-by: Victor Gomes <victorgomes@chromium.org> > Reviewed-by: Camillo Bruni <cbruni@chromium.org> > Auto-Submit: Patrick Thier <pthier@chromium.org> > Commit-Queue: Patrick Thier <pthier@chromium.org> > Cr-Commit-Position: refs/heads/master@{#73186} > > Change-Id: I9ab4cb60da002ef130f8a21ad10ba69e2826a7b6 Change-Id: I9ab4cb60da002ef130f8a21ad10ba69e2826a7b6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2745335Reviewed-by:
Victor Gomes <victorgomes@chromium.org> Reviewed-by:
Camillo Bruni <cbruni@chromium.org> Commit-Queue: Patrick Thier <pthier@chromium.org> Cr-Commit-Position: refs/heads/master@{#73293}
-
Leszek Swirski authored
Do --always-sparkplug compilations in a separate function, and allow that function to return false if a sparkplug compilation fails. Similarly, don't assert that --always-sparkplug requires a function to have baseline code, in case a previous sparkplug compilation failed. Fixed: chromium:1185735, chromium:1185739 Change-Id: I363fcf271395afa2ec47228fff7a28a76c157f0f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2744735 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Reviewed-by:
-
Dan Elphick authored
Removes unneeded dependency on src/builtins/torque-csa-header-includes.h from debug-macros.h and adds swiss-name-dictionary.h and ordered-hash-table.h to debug-macros.cc. Additionally adds a v8_libbase dep to torque_generated_definitions. As a result, gn check errors are reduced by 2. Bug: v8:7330 Change-Id: I0ff666eebd6814e4d52d776e455fd269db36b589 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2744040Reviewed-by:
-
Ulan Degenbaev authored
Bug: v8:9877 Change-Id: I55cedfd2748f00f989172d804eec735aa6c19365 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2742618Reviewed-by:
Sigurd Schneider <sigurds@chromium.org> Reviewed-by:
-
Liu Yu authored
Port: 75d7d127 Bug: v8:11238 Change-Id: I5369875fe66d2297cbd342db91b1ffd99a361616 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2738792Reviewed-by:
Zhao Jiazhong <zhaojiazhong-hf@loongson.cn> Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn> Auto-Submit: Liu yu <liuyu@loongson.cn> Cr-Commit-Position: refs/heads/master@{#73289}
-
Clemens Backes authored
This excludes more targets and tests that won't work without webassembly: - wee8 - multi_return_fuzzer - wasm-js - wasm-spec-tests - wasm-api-tests - several cctests R=jkummerow@chromium.org Bug: v8:11238 Change-Id: I6d6ac43869a2b4a91e5b0e7e3183a476a98bf0af Cq-Include-Trybots: luci.v8.try:v8_linux64_no_wasm_compile_rel Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2742617 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by:
-
Adam Barth authored
These functions do the same thing, but Fuchsia will eventually remove support for protect2. Change-Id: I9f2b4153efa2f78238eb020e9f422f666ae5b7bb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2743635 Auto-Submit: Adam Barth <abarth@chromium.org> Commit-Queue: Victor Gomes <victorgomes@chromium.org> Reviewed-by:
-
pthier authored
Instead of using addresses of prototype and constructor (which can be movedby GC) when computing the hash of a Map, we use the addresses of the prototype map (which won't be compacted). The prototype map is in a 1:1 relation with the prototype. In addition the prototype points to the constructor in most cases. Bug: v8:11519 Change-Id: Ibc47e5870955d7721509be07fae7719a93da9a26 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2739646 Commit-Queue: Patrick Thier <pthier@chromium.org> Auto-Submit: Patrick Thier <pthier@chromium.org> Reviewed-by:
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/baef8bb..077f859 Rolling v8/buildtools: https://chromium.googlesource.com/chromium/src/buildtools/+log/27d20f0..a5cc843 Rolling v8/third_party/aemu-linux-x64: UNqI4KV2QmdCbFaMAYUJ340CZT7YjUKiV11WNfMPFF8C..dBlHF6-1NU-vr6DU068Y8_WQHCWdk_yovRmg225wIr0C Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/4ec3fd3..75c9832 TBR=v8-waterfall-sheriff@grotations.appspotmail.com Change-Id: I03ac61daec32bd0a968d7bdc9ce56d1a4aa8915a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2744974Reviewed-by:
-
- 08 Mar, 2021 9 commits
-
-
Bill Budge authored
This reverts commit 19b62d0b. Reason for revert: Undefined behavior https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20UBSan/15449 Original change's description: > [v8windbg] Add more items in the Locals pane > > Add more items in the Locals pane representing the JS function name, > source file name, and character offset within the source file, so > that the user doesn’t need to dig through the shared_function_info to > find them. > > Change-Id: I5d42b3c9542885a72e81613503d1d5abf51870b5 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2712310 > Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com> > Reviewed-by: Seth Brenith <seth.brenith@microsoft.com> > Cr-Commit-Position: refs/heads/master@{#73282} Change-Id: I616cd642379b97dff5fb0c66aeb6488e2f9b298b No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2744420 Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Reviewed-by:
-
Ng Zhi An authored
Bug: v8:11384 Change-Id: I5efbcd661242b8c8e23225f921b9170db66d98dd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2740486Reviewed-by:
-
Z Nguyen-Huu authored
Add more items in the Locals pane representing the JS function name, source file name, and character offset within the source file, so that the user doesn’t need to dig through the shared_function_info to find them. Change-Id: I5d42b3c9542885a72e81613503d1d5abf51870b5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2712310 Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com> Reviewed-by:
Seth Brenith <seth.brenith@microsoft.com> Cr-Commit-Position: refs/heads/master@{#73282}
-
Michael Lippautz authored
When objects are recorded for conservative handling and the GC is finalized conservatively, with a different stack, we rely on MarkNotFullyConstructedObjects(). In this method, the objects are initially marked, only to be forwarded to handlers that try to mark them again. Bug: chromium:1056170 Change-Id: I942e7b0ec88aae08e3fe06b7cb3ff4a86dc42f36 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2744074 Auto-Submit: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Reviewed-by:
-
Georg Neis authored
... where TF doesn't see that the property is deleted and re-added. Bug: chromium:1161847 Change-Id: I599a25fa8d29154b5bfede45f6655a1eac44a0f7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2739592 Auto-Submit: Georg Neis <neis@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#73280}
-
Bill Budge authored
- Adds some missing types, to appease the fuzzers. Bug: chromium:1185464 Change-Id: I08c4ebe5f4ae0d036da9819b805aeac93be384fe Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2742017 Commit-Queue: Bill Budge <bbudge@chromium.org> Reviewed-by:
-
Seth Brenith authored
This change relands the last part of https://crrev.com/c/2601880 . ScopeInfo has a vestigial 'length' field from when it used to be a FixedArray. This change removes that field, which saves some memory. More specifically: - Make ScopeInfo inherit from HeapObject, not FixedArrayBase which supplied the 'length' field. - Change FactoryBase::NewScopeInfo to allocate the updated object shape. It maintains the existing behavior of filling the newly-allocated object with undefined, even though that's not a valid ScopeInfo and further initialization is required. - Change a few length computations to use HeapObject::kHeaderSize rather than FixedArray::kHeaderSize. - Remove an unnecessary heap verifier function. Change-Id: I9b3980157568fdb0402fa31660949966b401fd31 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2733037Reviewed-by:
Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com> Cr-Commit-Position: refs/heads/master@{#73278}
-
Michael Lippautz authored
Resize() may be used to adjust additional trailing bytes of an object. It is up to the embedder to ensure correctness in case of shrinking. Bug: chromium:1056170 Change-Id: I954df6c7440b77275cd62e4b802e8f5d39c06f9d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2739652 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
-
Ng Zhi An authored
Bug: v8:11384 Change-Id: I230548625908512753e5d05dcf4f19c593d9cb19 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2739449Reviewed-by:
-
