- 22 Jun, 2022 1 commit
-
-
Luis Fernando Pardo Sixtos authored
Initial implementation for concurrent shared arrays. Current implementation exposes a `SharedArray` constructor, but its syntax might change in the future. Shared arrays can be shared across Isolates, have a fixed size, have no prototype, have no constructor, and can only store primitives, shared structs and other shared arrays. With this CL shared structs are also allowed to store shared arrays. The Backing storage for the SharedArrays is a `FixedArrayBase`. This CL introdces a new ElementKind: `SHARED_ARRAY_ELEMENTS`. The new kind should match the overall functionality of the `PACKED_SEALED_ELEMENTS` kind, but having it as standalone kind allows for easier branching in CSA and turbofan code. Bug: v8:12547 Change-Id: I054a04624d4cf1f37bc26ae4b92b6fe33408538a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3585353Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Luis Fernando Pardo Sixtos <lpardosixtos@microsoft.com> Reviewed-by: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/main@{#81285}
-
- 21 Jun, 2022 28 commits
-
-
Frank Tang authored
Rolling v8/third_party/icu: https://chromium.googlesource.com/chromium/deps/icu/+log/1658259..1da9170 Add "delimiters" resources needed by ulocdata_getDelimiter (Frank Tang) https://chromium.googlesource.com/chromium/deps/icu/+/1da9170 Cherry-Pick PR2085 to fix numbering system resolution in NumberRangeFormatter (Frank Tang) https://chromium.googlesource.com/chromium/deps/icu/+/6fff4cf Cherry-Pick PR2096 to fix TimeZone name (Frank Tang) https://chromium.googlesource.com/chromium/deps/icu/+/12de966 R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com,ftang@chromium.org Change-Id: Iaf6a2c2f1557331efbd17127a75925ebee829ca5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714902Reviewed-by: Frank Tang <ftang@chromium.org> Reviewed-by: Shu-yu Guo <syg@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/main@{#81284}
-
Etienne Pierre-doray authored
Creates a feature (flag): transition from Done -> Wait schedules a timer after 30s instead of 8s. In local benchmark, this reduces by 50% cpu time spent doing incremental marking and sweeping. Bug: chromium:1330940 Change-Id: Iff9121243b88d0ed87d0b921e285ece52a83eaa9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3696168 Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#81283}
-
Manos Koukoutos authored
Bug: v8:12986 Change-Id: I5aa8dbc7f387856cc017ac9fd72ff57bc1d44af9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3716469Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/main@{#81282}
-
Jakob Kummerow authored
This is a reland of commit 15f372af Change since revert: TSan fix for tier-up budget reset. Original change's description: > [wasm] Fix tier-up budget tracking for recursive calls > > In the previous implementation, functions overwrote any budget > decrements caused by recursive invocations of themselves, which > could cause tier-up decisions for certain unlucky functions to > get delayed unreasonably long. > This patch avoids this by working with the on-instance value > directly instead of caching it in a stack slot. That generates > the same amount of Liftoff code as the status quo, but handles > recursive functions properly. > The "barista3" benchmark's peak performance improves by almost 20%. > > Bug: v8:12281 > Change-Id: I8b487a88da99c2d22e132f2cc72bdf36aa5f6e63 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3693710 > Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> > Reviewed-by: Clemens Backes <clemensb@chromium.org> > Cr-Commit-Position: refs/heads/main@{#81249} Bug: v8:12281,v8:12984 Change-Id: Ia6ce776848dc86617546ec514660c9a840484cb1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3716479Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Auto-Submit: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/main@{#81281}
-
Jakob Kummerow authored
This merges the separate opcode name definitions from wasm-opcodes-inl.h into the main opcode-defining macros in wasm-opcodes.h. This is simpler (avoids a bunch of fairly complex macros) and easier to update when we add new opcodes in the future. The tests become obsolete because they would simply repeat the implementation. Change-Id: Ib6421da5670079e7725659c1f4008251f8ff7aed Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714244 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/main@{#81280}
-
Jakob Kummerow authored
The tier-up check in any backwards jumps in a br_table list cause the instance to get cached if it wasn't cached before. When the branch is not taken, we must not rely on this caching to have happened. This is a variant of crbug.com/1314184. Fixed: chromium:1338075 Change-Id: Id511e98f29ec13f0a38b5595ceb4a607c58b92a4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3716478 Auto-Submit: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/main@{#81279}
-
Camillo authored
This is likely just an issue in non-PGO builds, but it might skew the results locally. JetStream2 seems to profit from this CL. Change-Id: Id70030074dbabf2669fd42fb5fd9399e8692bed6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3716475 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Auto-Submit: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/main@{#81278}
-
Samuel Groß authored
This is a reland of commit 5b9401dd Now also skip tests that require large amounts of virtual address space if tsan is enabled as tsan may cause V8 to create a smaller sandbox which is then unable to allocate the required amount of memory. Original change's description: > [sandbox] Also enable the sandbox outside of Chromium builds > > Drive-by: include the right header in sandboxed-pointer-inl.h and fix > missing sandbox initialization in generate-bytecode-expectations.cc. > > Bug: v8:10391 > Change-Id: Ic39ba04b7c98eaa58ea3943189c23b297f581f5a > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3630082 > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Commit-Queue: Samuel Groß <saelo@chromium.org> > Cr-Commit-Position: refs/heads/main@{#81216} Bug: v8:10391 Change-Id: I141080fdf61a77ef48b22e353e3cfbc1ff816e5a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3716474Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Cr-Commit-Position: refs/heads/main@{#81277}
-
Toon Verwaest authored
When picking an arbitrary register for an input, prefer picking a register that's already used as input. If there's no such register, block the newly picked register. Bug: v8:7700 Change-Id: I5926ae33482aa615060fef3500c1d2d6079090a4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3716476 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Auto-Submit: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/main@{#81276}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/37b3bee..7eec98d Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/9ccf839..f0cfef3 R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com Change-Id: Ie2cc0a1d0d801774ff76d377f5caf752ae17ab0c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3716545 Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#81275}
-
Jakob Kummerow authored
The spec uses "v128" (not "s128") as the vector type name. Some conversion instructions have more specific names that we used to print, e.g. "i32x4.trunc_sat_f32x4_s" instead of "...convert...". Bug: v8:8460 Change-Id: I4e06f452de6ce8b06670a8c5e53142c36d5e6010 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3704497 Commit-Queue: Andreas Haas <ahaas@chromium.org> Auto-Submit: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/main@{#81274}
-
Toon Verwaest authored
- block regs that already contained the value - clear the blocklists (including double) in more places - check that a ForceAllocated reg isn't blocked yet (when allocated at start) Bug: v8:7700 Change-Id: I17b58ff23e0558f962a5d798a39ebb7d9b0ae634 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3716470Reviewed-by: Igor Sheludko <ishell@chromium.org> Auto-Submit: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/main@{#81273}
-
Nico Hartmann authored
This is a reland of commit 066d0233 Original change's description: > Reland "[turbofan] Support additional operators in SLVerifier" > > This is a reland of commit dec4bb06 > > Original change's description: > > [turbofan] Support additional operators in SLVerifier > > > > This CL extends SimplifiedLoweringVerifier by a few additional operators. > > > > It fixes the missing type on a LoadElement node generated during > > js-typed-lowering, that was detected by the verifier. > > > > Bug: v8:12619 > > Change-Id: I14e3ece15f6a90e6906c140696dcd2e6b74a2527 > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3557510 > > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > > Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> > > Cr-Commit-Position: refs/heads/main@{#80014} > > Bug: v8:12619 > Change-Id: If3cb6efe2005c41118f37b39b0209195b3e63a38 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3702330 > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > Auto-Submit: Nico Hartmann <nicohartmann@chromium.org> > Commit-Queue: Tobias Tebbi <tebbi@chromium.org> > Cr-Commit-Position: refs/heads/main@{#81125} Bug: v8:12619 Change-Id: I58f88cff4b2eb20130be79a207995b63ff44ac2a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714232 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Auto-Submit: Nico Hartmann <nicohartmann@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/main@{#81272}
-
Samuel Groß authored
Previously it was implemented in api.cc, therefore requiring an additional function call when accessing external pointer fields from embedder code with the sandbox enabled. Now ReadExternalPointerField can be inlined. Bug: v8:10391 Change-Id: Ia8cb2df148ac96f979fd3e22989b0ff6177abcec Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714245Reviewed-by: Igor Sheludko <ishell@chromium.org> Auto-Submit: Samuel Groß <saelo@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#81271}
-
Manos Koukoutos authored
We factor out the path-state part of branch elimination, to reuse it for wasm path-based type optimizations. The node state becomes a template parameter for the {ControlPathState} and {AdvancedReducerWithControlPathState} classes. Change-Id: I5e9811ced0b71140ec73ba26fae358ac7d56c982 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714238Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/main@{#81270}
-
Liu Yu authored
Port commit b84c7dbd Bug: chromium:1337221 Change-Id: I5f64995df3e0660740ef3915625373e1f147bc70 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3715957 Auto-Submit: Liu Yu <liuyu@loongson.cn> Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn> Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn> Cr-Commit-Position: refs/heads/main@{#81269}
-
Toon Verwaest authored
By maintaining a separate list of registers that can't be freed we can keep track of decisions already made for a node, and avoid creating conflicts. This can be used to avoid freeing fixed input/temporary requirements or other assigned registers. Bug: v8:7700 Change-Id: I3c24e0502e66714cf5f68374811741bc9f5e8b21 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714242Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/main@{#81268}
-
Michael Achenbach authored
This reverts commit 15f372af. Reason for revert: https://crbug.com/v8/12984 Original change's description: > [wasm] Fix tier-up budget tracking for recursive calls > > In the previous implementation, functions overwrote any budget > decrements caused by recursive invocations of themselves, which > could cause tier-up decisions for certain unlucky functions to > get delayed unreasonably long. > This patch avoids this by working with the on-instance value > directly instead of caching it in a stack slot. That generates > the same amount of Liftoff code as the status quo, but handles > recursive functions properly. > The "barista3" benchmark's peak performance improves by almost 20%. > > Bug: v8:12281 > Change-Id: I8b487a88da99c2d22e132f2cc72bdf36aa5f6e63 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3693710 > Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> > Reviewed-by: Clemens Backes <clemensb@chromium.org> > Cr-Commit-Position: refs/heads/main@{#81249} Bug: v8:12281, v8:12984 Change-Id: Ie254236785628c07ac569de16ea82a67ed5bd221 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714247 Auto-Submit: Michael Achenbach <machenbach@chromium.org> Owners-Override: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#81267}
-
Manos Koukoutos authored
Maintaining an AST class just for testing constant exressions does not seem justified. This CL changes constant expressions in mjsunit tests to be represented with bytes, like regular expressions. Change-Id: If5ec5f4d863176952442b1a7e2fec8a61e385971 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714237Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/main@{#81266}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/ced5024..37b3bee Rolling v8/buildtools/linux64: git_revision:e62d4e1938a45babc9afb6db543f388cd1802a52..git_revision:fcda46cf40422284f2e74b770da8b22f7f5d7006 Rolling v8/buildtools/third_party/libunwind/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libunwind/+log/1644d07..b387062 Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/b83d69f..4ea19a6 Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/f68dc6b..9ccf839 R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com Change-Id: If9fc5d9bed6d9ad51f726b2395fe88501835154b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714901 Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#81265}
-
Danylo Boiko authored
- Added parsing Turboshaft JSON output - Refactored node.ts, edge.ts, node-label.ts, turbo-visualizer.ts, tabs.ts P.S.: graph-phase.ts will be moved to graph-phase folder in the next CL Bug: v8:7327 Change-Id: Ida854307392a2d513c36f86869ea00cadcf3667c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3706603 Commit-Queue: Danylo Boiko <danielboyko02@gmail.com> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/main@{#81264}
-
v8-ci-autoroll-builder authored
Rolling v8/third_party/google_benchmark/src: https://chromium.googlesource.com/external/github.com/google/benchmark/+log/2365c4a..b7afda2 Revert "Add possibility to ask for libbenchmark version number (#1004) (#1403)" (#1417) (Dominic Hamon) https://chromium.googlesource.com/external/github.com/google/benchmark/+/b7afda2 Clarify that the cpu frequency is not used for benchmark timings. (#1414) (Dominic Hamon) https://chromium.googlesource.com/external/github.com/google/benchmark/+/af7de86 Fix DoNotOptimize() GCC copy overhead (#1340) (#1410) (Alexander Popov) https://chromium.googlesource.com/external/github.com/google/benchmark/+/8545dfb Add possibility to ask for libbenchmark version number (#1004) (#1403) (Matthias Donaubauer) https://chromium.googlesource.com/external/github.com/google/benchmark/+/efadf67 R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com,mlippautz@chromium.org Change-Id: I4bced8816a42abb8cd4d95761c93e51b2611b727 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714903 Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#81263}
-
Camillo authored
This is a temporary change to get more detailed crash reports for further investigations. Bug: chromium:1330861 Change-Id: Ifdd8d61692577dffd54d07fadb65575a5c30dcd3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3707592Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/main@{#81262}
-
Milad Fa authored
This CL removes the the usage of custom byte reversing functions from the simulator and uses the one provided by V8 utils under: ``` src/utils/utils.h ``` Change-Id: I9a334a10d659b8a3315c34563eb3e6f84644a9e8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714898 Commit-Queue: Milad Farazmand <mfarazma@redhat.com> Reviewed-by: Junliang Yan <junyan@redhat.com> Cr-Commit-Position: refs/heads/main@{#81261}
-
Lu Yahan authored
Port commit b84c7dbd Change-Id: I80ac3498e6cd21fffeb3988fa7341668e59593f0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3716150 Commit-Queue: ji qiu <qiuji@iscas.ac.cn> Auto-Submit: Yahan Lu <yahan@iscas.ac.cn> Commit-Queue: Yahan Lu <yahan@iscas.ac.cn> Reviewed-by: ji qiu <qiuji@iscas.ac.cn> Cr-Commit-Position: refs/heads/main@{#81260}
-
jameslahm authored
Bug: v8:11525 Change-Id: I227f0bb852e56551ec0333db52061842664c47c9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3706963 Commit-Queue: 王澳 <wangao.james@bytedance.com> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/main@{#81259}
-
Maya Lekova authored
Before we assumed that no exception can be thrown when specifying a function to be used as an async hook, but that's not the case when e.g. the object passed to createHook is a proxy trapping on property access and the trap throws an exception. Bug: chromium:1337629 Change-Id: I7bd7893cd274afb6e642ed18aacb9e203f7fdd96 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714233 Commit-Queue: Maya Lekova <mslekova@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/main@{#81258}
-
Lu Yahan authored
Change-Id: Ia651b26af419a2187217b8b0f2941ff61a17d247 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3712913 Commit-Queue: Yahan Lu <yahan@iscas.ac.cn> Reviewed-by: ji qiu <qiuji@iscas.ac.cn> Commit-Queue: ji qiu <qiuji@iscas.ac.cn> Auto-Submit: Yahan Lu <yahan@iscas.ac.cn> Cr-Commit-Position: refs/heads/main@{#81257}
-
- 20 Jun, 2022 11 commits
-
-
Nico Hartmann authored
This reverts commit 5b9401dd. Reason for revert: A few memory tests flake on tsan (e.g. https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20isolates/20190/overview) Original change's description: > [sandbox] Also enable the sandbox outside of Chromium builds > > Drive-by: include the right header in sandboxed-pointer-inl.h and fix > missing sandbox initialization in generate-bytecode-expectations.cc. > > Bug: v8:10391 > Change-Id: Ic39ba04b7c98eaa58ea3943189c23b297f581f5a > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3630082 > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Commit-Queue: Samuel Groß <saelo@chromium.org> > Cr-Commit-Position: refs/heads/main@{#81216} Bug: v8:10391 Change-Id: I22560a6bdcffbf71651f655bdf7d183d5c832620 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714239 Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Owners-Override: Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/main@{#81256}
-
Clemens Backes authored
PopToModifiableRegister did not check the {pinned} list, so it could return a register which was already used for another (temporary) value. This CL fixes that, and adds a little optimization which gives more freedom to the choice of spilling and has a chance to avoid a register mode. R=jkummerow@chromium.org Bug: chromium:1337221 Change-Id: Ifc02321038713ff03e8f8e7db78dde33f70ec847 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3707287Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/main@{#81255}
-
Samuel Groß authored
Previously, when embedders attempted to create ArrayBuffers backed by memory outside the sandbox, V8 would simply crash with a failed CHECK when converting the raw backing store pointer into a SandboxedPointer. The new ApiCheck now provides a better error message in that case. Bug: chromium:1218005 Change-Id: I7a1ad8cbf07fa346b1f09521850df9b18b428427 Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3711882Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Cr-Commit-Position: refs/heads/main@{#81254}
-
Andreas Haas authored
The original CL used Object::Set to create the result object of WebAssembly instantiation. However, Object::Set is potentially observable from JavaScript, and therefore required a MicrotasksScope. This CL replaces the use of Object::Set with Object::CreateDataProperty. Original message: This CL switches resolving and rejecting the wasm result promise from the V8-internal API to the external API added in https://chromium-review.googlesource.com/c/v8/v8/+/3695584. This CL can land once Chrome provided an implementation of the callback. R=jkummerow@chromium.org Bug: v8:12953 Change-Id: If1f252736fd3a13024d4b38adebf468530c59c03 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714234Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/main@{#81253}
-
Toon Verwaest authored
* Move fixed temporary allocation before arbitrary input allocation, so that fixed temporaries don't accidentally clobber the arbitrary input register. Now the input allocation will pick a different register. * For the above, make temporary allocation 'block' the register with a sentinel value, rather than marking it free, so that the subsequent input allocation knows not to use those registers (including spilling into them). * Similarly, move arbitrary input allocation after phi resolution when allocating control nodes, since phis may have fixed requirements. * Allow deopts to spill their inputs if they are not in registers and not yet loadable. This is done during the equivalent of input allocation for deopts. * Allow there to be multiple targets for a single source during gap move collection / cycle detection. There can still only be a single source per target, therefore there can only be one cycle for each connected component -- this is DCHECKed. * Make register validation more complete -- also walk the entire graph, and check whether value nodes' result register states match the current register allocator state. * Add much more printing to --trace-maglev-regalloc because these bugs ain't easy to debug. Bug: v8:7700 Change-Id: Id98259c2920d772ce168bf27497162e78b136f9f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714235 Auto-Submit: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/main@{#81252}
-
JianxiaoLuIntel authored
This bug may lead to gc_stats tracing doesn't stop after chrome://tracing stop as expected. Change-Id: Ibc2ece4c0ad536a99c4aece039ef546d152df10a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3709242Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Jianxiao Lu <jianxiao.lu@intel.com> Cr-Commit-Position: refs/heads/main@{#81251}
-
Clemens Backes authored
According to the style guide, the implicit conversion of any number of registers to a LiftoffRegList should not be there. This CL removes it, and fixes two subideal call sites to use SpillRegister (receiving a single register) instead of SpillOneRegister (receiving a register list to choose from). Plus some semantics-preserving rewrites. R=jkummerow@chromium.org Bug: chromium:1337221 Change-Id: Id22043ac1c185bc794dbde7baa4b1d5ab7cce56e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3707286Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/main@{#81250}
-
Jakob Kummerow authored
In the previous implementation, functions overwrote any budget decrements caused by recursive invocations of themselves, which could cause tier-up decisions for certain unlucky functions to get delayed unreasonably long. This patch avoids this by working with the on-instance value directly instead of caching it in a stack slot. That generates the same amount of Liftoff code as the status quo, but handles recursive functions properly. The "barista3" benchmark's peak performance improves by almost 20%. Bug: v8:12281 Change-Id: I8b487a88da99c2d22e132f2cc72bdf36aa5f6e63 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3693710 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#81249}
-
Manos Koukoutos authored
This is a reland of commit 538f2bc9 Changes compared to original: None. We think the problem that caused the revert (https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20no-concurrent-marking/9377/overview) is unrelated. Original change's description: > [wasm-gc][cleanup] Remove wasm signature from CallDescriptor > > This field is no longer used, as the functionality it supported has been > subsumed by wasm-gc typed-based optimizations. > > Bug: v8:7748 > Change-Id: I970514bb29e5f91bb5610cafde60ec3dbcfb07aa > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3705376 > Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> > Reviewed-by: Maya Lekova <mslekova@chromium.org> > Cr-Commit-Position: refs/heads/main@{#81244} Bug: v8:7748 Change-Id: I8eacff98d265751fae55f244d40c0df94e35e6fe Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714231 Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/main@{#81248}
-
Patrick Thier authored
CHECKs were added / DCHECKs turned into CHECKs in https://crrev.com/c/3707103 to help investigate crash reports. Revert this changes (besides 1 CEHCK that prevents potential OOB reads when the hash value is corrupted). Bug: chromium:1336516 Change-Id: I84dd699b53c2006a1be4059940017c1277efa7ff Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3711757Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Patrick Thier <pthier@chromium.org> Cr-Commit-Position: refs/heads/main@{#81247}
-
Michael Lippautz authored
Fix underflow in allocation timeout which is used by fuzzers to trigger garabge collection. Bug: chromium:1337646 Change-Id: Iffa70497c2945a26242e9e67820197bd5e61f04c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3711758 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Nikolaos Papaspyrou <nikolaos@chromium.org> Cr-Commit-Position: refs/heads/main@{#81246}
-