- 08 Jul, 2021 22 commits
-
-
Victor Gomes authored
- Fixes the size check to include Code::kHeaderSize. - Adds a DCHECK in NewEmptyCode. Bug: v8:11872 Change-Id: I05156bbe42e7efa8aa0e1982c9e2166d7b09ef5b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3015055 Auto-Submit: Victor Gomes <victorgomes@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#75643}
-
Georg Neis authored
This is a reland of 8d3c8093 to make UBsan happy: memcopy (and therefore MemCopy) seems to expect a non-null src even when the given size is 0, so avoid calling it in that case. Original change's description: > [factory] Make NewByteArray return canonical empty byte array > > ... for length = 0, analogously to what e.g. NewFixedArray does. > > Simplify some call sites that had special handling for this case > (there are others that didn't). > > Change-Id: Ib3de5506300e967aca072fad53df7ab04ef68839 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3009225 > Reviewed-by: Leszek Swirski <leszeks@chromium.org> > Commit-Queue: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#75629} Change-Id: Ib8dc471d63a4b11b846e9d436555a3615902b66f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3014456Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#75642}
-
Victor Gomes authored
Port of https://chromium-review.googlesource.com/c/v8/v8/+/3009221 to ia32. Bug: v8:11872 Change-Id: Ic142a35a1961afebca3f59f493bc801a59cf4914 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3014460Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Victor Gomes <victorgomes@chromium.org> Cr-Commit-Position: refs/heads/master@{#75641}
-
Maya Lekova authored
The stack overflow used to occur when too many bound functions are nested. The CL also adds a regression test. Bug: chromium:1226264 Change-Id: I34329d8392d2385207dbd9a8d3188ad4f7cb3c2d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3011161 Commit-Queue: Maya Lekova <mslekova@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#75640}
-
Andreas Haas authored
R=ecmziegler@chromium.org Change-Id: I90c7fbd1e963aaa063825d84ff6696a5534104b3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3014455Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#75639}
-
Junliang Yan authored
Change-Id: I2b1adb84fb62b60e62229252dadbd4c9e4c8042e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3010322Reviewed-by: Milad Fa <mfarazma@redhat.com> Commit-Queue: Junliang Yan <junyan@redhat.com> Cr-Commit-Position: refs/heads/master@{#75638}
-
Camillo Bruni authored
Setting promise hooks after running some promise-related code has hard to control side-effects that make correctness fuzzing difficult. Certain Promise functions are optimized and avoid creating intermediate Promises. Dynamically enabled Promise hooks combined with --force-slow-path, which would cause us to always create those intermediate Promises, will get us very differet callbacks if the hooks are enabled half-way. The exepected usage pattern is to only use setHooks if there are no pending promises, something that cannot be guaranteed for fuzzing. Bug: chromium:1202465 Change-Id: Ifa96f2db9c441b6f5da696b88a1c087160ec8eeb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3013355Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#75637}
-
Georg Neis authored
Optimize JSCallWithArrayLike with diamond speculation when probable arguments list is empty literal array The JSCallWithArraylike can be replaced with a JSCall if its probable arguments list is empty literal array. This replacement will introduce a deoptimization check to make sure the length of arguments list is 0 at runtime. This CL change this optimization to a diamond speculation which may help avoid deoptimization once and keep the fast path. This change may benefit a following usecase, function calcMax(testArray) { Array.max = function(array) { return Math.max.apply(Math, array); }; var result = []; for (var i = 0; i < testArray.length - 3; i++) { var positiveNumbers = []; for (var j = 0; j < 3; j++) { if (testArray[i + j] > 0) { positiveNumbers.push(testArray[i + j]); } } result.push(Array.max(positiveNumbers)); } return result; } testArray = [-1, 2, 3, -4, -5, -6, -7, -8, -9, 10]; for (var i = 0; i < 1000000; i++) { calcMax(testArray); } Bug: v8:9974 Change-Id: I595627e2fd937527350c8f8652d701c791b41dd3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2967757 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#75636}
-
Georg Neis authored
Bug: chromium:1226264 Change-Id: I270f09d33cd7a3bb795b79bae6ff1dbf41d11217 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3013357Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Auto-Submit: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#75635}
-
Victor Gomes authored
If we underestimate the size of the assembler buffer when compiling directly on the GC heap, we fallback to off-heap compilation and the Code object is incomplete in the memory. We know a Code object is incomplete when its relocation_info is undefined. Bug: v8:11872 Change-Id: I282fd442e0bf227d9d2cca5a47b3139030f5d64e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3013937 Commit-Queue: Victor Gomes <victorgomes@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Auto-Submit: Victor Gomes <victorgomes@chromium.org> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#75634}
-
Thibaud Michaud authored
Add an option to use Liftoff instead of the interpreter as the reference tier for fuzzing. The tier to use is chosen based on the input data before generating the module. This way, the module can use features depending on what is available in the reference tier, and we still get a chance to find correctness issues that would only be detected by the interpreter. R=clemensb@chromium.org Bug: v8:11856 Change-Id: I2e9878345355a37caec5fdb338dda42a84e8e63a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3008645 Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#75633}
-
Clemens Backes authored
Trap handling is not implemented yet for memory64. Make sure that no code tries to use it, by setting {NativeModule::bounds_checks_} accordingly. This requires some changes to tests to make sure that the {WasmModule::is_memory64} field is set before creating the corresponding {NativeModule}. R=ahaas@chromium.org Bug: v8:10949 Change-Id: I11d9544b603fc471e3368bb4e7487da4711293a0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3011167Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#75632}
-
Clemens Backes authored
This reverts commit 8d3c8093. Reason for revert: Fails on UBSan (nullptr on memcpy): https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20UBSan/17246/overview Original change's description: > [factory] Make NewByteArray return canonical empty byte array > > ... for length = 0, analogously to what e.g. NewFixedArray does. > > Simplify some call sites that had special handling for this case > (there are others that didn't). > > Change-Id: Ib3de5506300e967aca072fad53df7ab04ef68839 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3009225 > Reviewed-by: Leszek Swirski <leszeks@chromium.org> > Commit-Queue: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#75629} Change-Id: I0cb1667b98a2f9285706c2623671d532419d1395 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3013358 Auto-Submit: Clemens Backes <clemensb@chromium.org> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#75631}
-
Victor Gomes authored
Adds a verification step when we're compiling on heap. Bug: v8:11872 Change-Id: Ic71dc2b54e667ed4d5d861b4b9c1e1c2362f9821 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3013936 Auto-Submit: Victor Gomes <victorgomes@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#75630}
-
Georg Neis authored
... for length = 0, analogously to what e.g. NewFixedArray does. Simplify some call sites that had special handling for this case (there are others that didn't). Change-Id: Ib3de5506300e967aca072fad53df7ab04ef68839 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3009225Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#75629}
-
Georg Neis authored
This is a reland of 036e5783. Key JSBoundFunctionRef methods have been changed to return an optional type, replacing the bogus always-true serialized() method. Original change's description: > [compiler] Make JSDataViewRef and JSBoundFunctionRef bg-serialized > > ... but keep/make subclass-specific methods do direct reads. > > Bug: v8:7790 > Change-Id: Ia4b9d207ce75cf28f6f0f33027ab05e27db49ce9 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2959621 > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/master@{#75457} Bug: v8:11960, v8:7790 Change-Id: I1f29283b2fb6e5fe3644e2f4e33341fce2641775 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3013313 Auto-Submit: Georg Neis <neis@chromium.org> Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#75628}
-
Georg Neis authored
The first CL https://chromium-review.googlesource.com/c/v8/v8/+/3010281 had a small mistake: the GC predicate alone doesn't yet guarantee that Ref creation will succeed (due to JSFunction still being fg-serialized). Bug: chromium:1227279, v8:11957, v8:7790 Change-Id: I81772baa66e0f778b92a03ea7941a199d92d4857 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3013353 Auto-Submit: Georg Neis <neis@chromium.org> Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#75627}
-
Leszek Swirski authored
This reverts commit 819c3ae2. Reason for revert: Sorry Patrick, still failing on some layout tests :( https://test-results.appspot.com/data/layout_results/mac-rel/726365/blink_web_tests%20%28retry%20shards%20with%20patch%29/layout-test-results/results.html Original change's description: > Reland "Reland "Improve error messages for property access on null/undefined"" > > This is a reland of 8b18c5e6 > > Original change's description: > > Reland "Improve error messages for property access on null/undefined" > > > > This is a reland of 24c626c1 > > > > Original change's description: > > > Improve error messages for property access on null/undefined > > > > > > Only print the property name when accessing null/undefined if we can > > > convert it to a string without causing side effects. > > > If we can't, omit the property name in the error message. > > > This should avoid confusion when the key is an object with toString(). > > > E.g. undefined[{toString:()=>'a'}] doesn't print 'read property [object > > > Object]' anymore, which was misleading since the property accessed would > > > be 'a', but we can't evaluate the key without side effects. > > > > > > Bug: v8:11365 > > > Change-Id: If82d1adb42561d4851e2bd2ca297a1c71738aee8 > > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2960211 > > > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > > > Commit-Queue: Patrick Thier <pthier@chromium.org> > > > Cr-Commit-Position: refs/heads/master@{#75250} > > > > Bug: v8:11365 > > Change-Id: Ie2312337f4f1915faa31528a728d90833d80dbd1 > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2979599 > > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > > Commit-Queue: Patrick Thier <pthier@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#75571} > > Bug: v8:11365 > Change-Id: I90360641ecd870bd93247aa6d91dfb0ad049cfb8 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3008219 > Auto-Submit: Patrick Thier <pthier@chromium.org> > Commit-Queue: Toon Verwaest <verwaest@chromium.org> > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Cr-Commit-Position: refs/heads/master@{#75604} Bug: v8:11365 Change-Id: I7d7c0f201288384c2aa38a51418b582a64213ae0 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3013352 Auto-Submit: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#75626}
-
Yoshisato Yanagisawa authored
According to go/kqovk, the builder name should be '(reclient)' instead of '- reclient'. Bug: chromium:1222951 Change-Id: I22e119d50fd48103f195bb03bc3ccc584a596e57 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3012340 Auto-Submit: Yoshisato Yanagisawa <yyanagisawa@chromium.org> Commit-Queue: Liviu Rau <liviurau@chromium.org> Reviewed-by: Liviu Rau <liviurau@chromium.org> Cr-Commit-Position: refs/heads/master@{#75625}
-
Georg Neis authored
This reverts commit 036e5783. Reason for revert: crbug.com/1227279 Original change's description: > [compiler] Make JSDataViewRef and JSBoundFunctionRef bg-serialized > > ... but keep/make subclass-specific methods do direct reads. > > Bug: v8:7790 > Change-Id: Ia4b9d207ce75cf28f6f0f33027ab05e27db49ce9 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2959621 > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/master@{#75457} Bug: chromium:1227279, v8:7790 Change-Id: I4a77107c926ce3d99407d87a3160c2a555e6fbfe Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3013310 Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#75624}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/8969ad2..dc699aa Rolling v8/buildtools: https://chromium.googlesource.com/chromium/src/buildtools/+log/fd3f3c1..2500c1d Rolling v8/buildtools/third_party/libc++/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxx/+log/8fa8794..79a2e92 Rolling v8/buildtools/third_party/libc++abi/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxxabi/+log/d87a06d..cb34896 Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/ccc7ba2..293314a Rolling v8/tools/luci-go: git_revision:3501536c6f762461d322d6694711bb384ffce6f2..git_revision:6808332cfd84a07aeefa906674273fc762510c8c Rolling v8/tools/luci-go: git_revision:3501536c6f762461d322d6694711bb384ffce6f2..git_revision:6808332cfd84a07aeefa906674273fc762510c8c Rolling v8/tools/luci-go: git_revision:3501536c6f762461d322d6694711bb384ffce6f2..git_revision:6808332cfd84a07aeefa906674273fc762510c8c TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com Change-Id: I9e62582c0f092257334fe50e998baa7aeb7c46ec Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3010323Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#75623}
-
QiuJi authored
Change-Id: I1e90914aba634579a39a269b9a92881d488d4299 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3005769 Commit-Queue: Brice Dobry <brice.dobry@futurewei.com> Reviewed-by: Brice Dobry <brice.dobry@futurewei.com> Cr-Commit-Position: refs/heads/master@{#75622}
-
- 07 Jul, 2021 18 commits
-
-
Michael Lippautz authored
- Allows for differentiating committed and physical (resident) size on a page. This change merely adjusts the API surface and does not implement resident set size tracking. - Add object types on page level as well which helps diagnosing almost empty pages. Bug: chromium:1056170 Change-Id: I64c69dc55873a0ce97d2064356bfcd957e10cbf9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3011164 Auto-Submit: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Reviewed-by: Anton Bikineev <bikineev@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#75621}
-
Ng Zhi An authored
This makes jco on gdb behave the same as jco on lldb. Bug: v8:11879 Change-Id: Id6a338878d518984986d2b719588966ee09de3c6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3000956Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#75620}
-
Clemens Backes authored
We had some (dead) logic to create different parameter values pending on the position of the parameter. As it was not used any more, it got removed in https://crrev.com/c/3003464. This CL changes the existing logic for creating default parameter values to use a similar logic, which matches what --wasm-fuzzer-gen-test creates and has a slightly higher chance of triggering interesting behaviour. R=ahaas@chromium.org Change-Id: Ibb4394c1978f25d70166a03002e084211bfe7e1e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3003465 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#75619}
-
Milad Fa authored
A few fixes are applied in this CL: 1- Instructions which use UIM in V8 only use bits 16 to 19 inclusive. 2- get_simd_register is set to return a reference and not a copy. 3- On vector extract and insert instructions, UIM could be used to select specific bytes as starting point which may not reflect a lane. Vector splat uses UIM as a lane selector which remains unchanged in this CL. Change-Id: Ieb43afb977dac11d3ea10a2f265c2823f64457e3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3011166Reviewed-by: Junliang Yan <junyan@redhat.com> Commit-Queue: Milad Fa <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/master@{#75618}
-
Junliang Yan authored
Change-Id: I2a131a783b99a0bfd6550d0032a594f2eb402421 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3009227Reviewed-by: Milad Fa <mfarazma@redhat.com> Commit-Queue: Junliang Yan <junyan@redhat.com> Cr-Commit-Position: refs/heads/master@{#75617}
-
Shu-yu Guo authored
This is a reland of 1532f8ff Changes since revert: - Fix race in initialization Original change's description: > [heap] Tie process-wide CodeRange lifetime to any remaining Heaps > > Currently the process-wide CodeRange, once created, lives until process > shutdown. This CL changes it to be alive as long as there is a Heap, > when the last Heap is gone it gets destroyed and will be recreated the > next time a Heap is created. This behavior is shared with > SingleCopyReadOnlyArtifacts. > > Bug: v8:11929 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2989103 > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> > Commit-Queue: Shu-yu Guo <syg@chromium.org> > Cr-Commit-Position: refs/heads/master@{#75522} Bug: v8:11929 Change-Id: If250d8901044bcba1f7d7f797b398c29cc2c5a61 Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3003910 Commit-Queue: Shu-yu Guo <syg@chromium.org> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#75616}
-
Mike Stanton authored
The bugfix yesterday missed a case (CL https://chromium.googlesource.com/v8/v8/+/758816f4388704d82442769163b371c1b64aac86). A better approach is to compute the ideal representation of the value, then check if it can be in-place changed to the recorded representation. Bug: chromium:1226988, v8:7790 Change-Id: I90e58b8efb83892c033693a1a0f946b3059a330c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3011162 Commit-Queue: Michael Stanton <mvstanton@chromium.org> Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#75615}
-
Manos Koukoutos authored
Changes: - Add reference types and simd to GetValueType(). - Generalize BlockScope to handle reference types. Add EmitValueType() to WasmFunctionBuilder. - Constrain local_op and global_op to non-simd numeric types. - Add GenerateOneOf() for functions that need a heap type. Add GenerateOptRef(). Add ref_null, get_local_opt_ref as options for GenerateOptRef(). - Remove the numeric conversion logic from ConsumeAndGenerate. Bug: v8:11954 Change-Id: Idebae4a537326bdc03ac2f5e9c69a519f196938c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3009456 Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/master@{#75614}
-
Jakob Kummerow authored
Behind a new --experimental-wasm-nn-locals flag. The checking policy implemented here is that locals count as initialized until the end of the current control structure, as described here: https://github.com/WebAssembly/function-references/issues/44#issuecomment-801977331 Bug: v8:7748 Change-Id: I954fdf1b4e02ed4b45ef61b8379b7c0bbe802400 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3010283Reviewed-by: Manos Koukoutos <manoskouk@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#75613}
-
Peter Kasting authored
Bug: chromium:989932 Change-Id: I357a19a9da934f07181122bbf50614ccddce3a4b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3009926 Auto-Submit: Peter Kasting <pkasting@chromium.org> Commit-Queue: Victor Gomes <victorgomes@chromium.org> Reviewed-by: Victor Gomes <victorgomes@chromium.org> Cr-Commit-Position: refs/heads/master@{#75612}
-
Junliang Yan authored
Change-Id: I7afc5bede8684f469670c84da0f94d251369e6fb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3011165Reviewed-by: Milad Fa <mfarazma@redhat.com> Commit-Queue: Junliang Yan <junyan@redhat.com> Cr-Commit-Position: refs/heads/master@{#75611}
-
Georg Neis authored
... by recording dependencies not based on whether the caller remembered to pass non-null CompilationDependencies* but on whether the method is called in serialization mode or not. Bug: v8:7790 Change-Id: I841fe8fab57e94fff03dc3ce8dc8a02c49677560 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3009223 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#75610}
-
Georg Neis authored
We can't create Refs inside a DisallowGarbageCollection scope since the MapData constructor uses a parking mutex (which may park the local heap and let GC run). Bug: v8:11957, v8:7790 Change-Id: I300b76a15f0f63514ca049f78099e1e6125a6569 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3010281Reviewed-by: Michael Stanton <mvstanton@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#75609}
-
Georg Neis authored
Bug: v8:3221 Change-Id: I8955057b87ba7bb3a288e5454bb405faa67df6ed Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3010282Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Auto-Submit: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#75608}
-
Junliang Yan authored
Change-Id: I6833e9815d2655064967f249c607c5d2b8fe2c01 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3010681Reviewed-by: Milad Fa <mfarazma@redhat.com> Commit-Queue: Junliang Yan <junyan@redhat.com> Cr-Commit-Position: refs/heads/master@{#75607}
-
Dominik Inführ authored
This CL implements GC in a shared heap. A shared GC is started from an attached client isolate that fails to allocate a shared object. In order to perform a shared GC all other running client isolates need to be stopped and their roots need to be scanned. Bug: v8:11708 Change-Id: I45ac50e6b4a1e9270f9e39b69f9b8ee5e6e14134 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2964816Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#75606}
-
Victor Gomes authored
This is still incomplete, but already able to pass all tests on x64. Sparkplug (on pointer compression) only generates two relocation types: FULL_EMBEDDED_OBJECT and RUNTIME_ENTRY. Bug: v8:11872 Change-Id: I6aefbbc9690511a06b2a4a942c48fef85d536bef Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3009221 Commit-Queue: Victor Gomes <victorgomes@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#75605}
-
Patrick Thier authored
This is a reland of 8b18c5e6 Original change's description: > Reland "Improve error messages for property access on null/undefined" > > This is a reland of 24c626c1 > > Original change's description: > > Improve error messages for property access on null/undefined > > > > Only print the property name when accessing null/undefined if we can > > convert it to a string without causing side effects. > > If we can't, omit the property name in the error message. > > This should avoid confusion when the key is an object with toString(). > > E.g. undefined[{toString:()=>'a'}] doesn't print 'read property [object > > Object]' anymore, which was misleading since the property accessed would > > be 'a', but we can't evaluate the key without side effects. > > > > Bug: v8:11365 > > Change-Id: If82d1adb42561d4851e2bd2ca297a1c71738aee8 > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2960211 > > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > > Commit-Queue: Patrick Thier <pthier@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#75250} > > Bug: v8:11365 > Change-Id: Ie2312337f4f1915faa31528a728d90833d80dbd1 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2979599 > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Commit-Queue: Patrick Thier <pthier@chromium.org> > Cr-Commit-Position: refs/heads/master@{#75571} Bug: v8:11365 Change-Id: I90360641ecd870bd93247aa6d91dfb0ad049cfb8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3008219 Auto-Submit: Patrick Thier <pthier@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#75604}
-