- 16 May, 2022 9 commits
-
-
Samuel Groß authored
This CL removes some deprecated sandbox APIs and introduces new ones, in particular IsSandboxInitialized and GetSandboxReservationSizeInBytes. In additon, this CL also adds comments to the various public methods of the Sandbox class. Bug: v8:10391 Change-Id: If5c3081a0b9f7f192966150a0d2716099357363a Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647362Reviewed-by:
Igor Sheludko <ishell@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Cr-Commit-Position: refs/heads/main@{#80544}
-
Lu Yahan authored
Port commit bd22e3be Bug: v8:12284 Change-Id: I72ba5cfe221693125c366e7fcbc31dc936d18a16 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647968 Commit-Queue: Yahan Lu <yahan@iscas.ac.cn> Commit-Queue: ji qiu <qiuji@iscas.ac.cn> Reviewed-by:
ji qiu <qiuji@iscas.ac.cn> Cr-Commit-Position: refs/heads/main@{#80543}
-
Dominik Inführ authored
This is a reland of commit 2b79eefe A DCHECK was using map[key] and inadvertently inserted into the map that way. Original change's description: > Reland^2: [heap] Store size with invalidated object > > This is a reland of commit 23b2d571 > > When updating pointers during a full GC, a page might not be swept > already. In such cases there might be invalid objects and slots > recorded in free memory. Updating tagged slots in free memory is fine > even though not strictly necessary. > > However, the GC also needs to calculate the size of potentially dead > invalid objects in order to be able to check whether a slot is within > that object. But since that object is dead, its map might be dead as > well which makes size calculation impossible on such objects. The CL > changes this to cache the size of invalid objects. A follow-up CL will > also check the marking bit of invalid objects. > > Reason for reverts: > > Revert #2: In-object slack tracking on JSObjects doesn't update the > cached size of invalidated objects. The fix here was to stop > invalidating recorded slots on JSObjects at all and avoid that problem > completely (see https://crrev.com/c/3620274). > > Revert #1: Not all size changes go through NotifyObjectLayoutChange, so > https://crrev.com/c/3607992 introduced NotifyObjectSizeChange as a > bottleneck for object size changes/right-trimming. This method is > now used to update the size of invalidated objects. > > Bug: v8:12578, chromium:1316289 > Change-Id: I0478d04601c0270ddb39419ca6cf98719951eb4d > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3623542 > Reviewed-by: Jakob Linke <jgruber@chromium.org> > Reviewed-by: Patrick Thier <pthier@chromium.org> > Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Cr-Commit-Position: refs/heads/main@{#80344} Bug: v8:12578, chromium:1316289 Change-Id: Ibcc04c209213c584860a7c473082526cb4e53c59 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3627635Reviewed-by:
Patrick Thier <pthier@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/main@{#80542}
-
Marja Hölttä authored
Bug: v8:11111,v8:1321980 Change-Id: I4dead5d50a2e1a9c1011c16d13aad2722598e456 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3642297Reviewed-by:
Shu-yu Guo <syg@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by:
Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#80541}
-
Clemens Backes authored
GCC complains about empty format strings, and also clang already required special-handling for this case. We could either drop it, since statically empty strings are not that useful anyway, but for completeness I fix it via "if constexpr" instead. R=tebbi@chromium.org Bug: chromium:1323177 Change-Id: I4d59e1b361afd1edcd552e8a9ce395759646e67f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644433Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#80540}
-
Toon Verwaest authored
Bug: v8:7700 Change-Id: If4a9293649a15816504d2a9544484b67aa2b2fa1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644791 Auto-Submit: Toon Verwaest <verwaest@chromium.org> Reviewed-by:
-
Nikolaos Papaspyrou authored
This CL adds to the existing experimental implementation of the object start bitmap, that is evaluated as a mechanism for resolving inner pointers (behind the flag v8_enable_conservative_stack_scanning). It fixes method ObjectStartBitmap::FindBasePtr to ensure that the correct base pointer is returned, even if the bitmap is not fully populated (e.g., with object evacuation or inline object allocation). This method now recalculates the part of the bitmap that is required for returning the correct result, by iterating through objects of the page. A special constructor has been introduced to the PagedSpaceObjectIterator for this purpose. It also moves the existing inline methods of ObjectStartBitmap to a new -inl.h header file, to avoid circular dependencies. Bug: v8:12851 Change-Id: Iabd0df020bee3bb63ef9d4888591b25d24d79dd9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3641179Reviewed-by:
Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/main@{#80538}
-
Camillo Bruni authored
Next steps: Move general code from V8FileLogger to Logger Bug: v8:12795, chromium:1316443 Change-Id: I66e0d7d3908a2a24cd1cf3858834bd57314754b9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3637795 Commit-Queue: Camillo Bruni <cbruni@chromium.org> Reviewed-by:
Andreas Haas <ahaas@chromium.org> Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/main@{#80537}
-
Lu Yahan authored
Change-Id: Ifaaa87234ab48869e828ba99e96de0d372538e81 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647967 Commit-Queue: Yahan Lu <yahan@iscas.ac.cn> Commit-Queue: ji qiu <qiuji@iscas.ac.cn> Auto-Submit: Yahan Lu <yahan@iscas.ac.cn> Reviewed-by:
-
- 15 May, 2022 1 commit
-
-
Michael Lippautz authored
Forward deprecations of methods that are not supported anymore. Bug: v8:12819 Change-Id: I304ff159fa7e3936b5b12a5e43bb2a580576dd4e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644792 Auto-Submit: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by:
Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/main@{#80535}
-
- 14 May, 2022 1 commit
-
-
Simon Zünd authored
This is a reland of commit 8278cb50 The reland adds the RestartFrameTrampoline to the list of builtins that the deoptimizer is allowed to return from for control flow integrity. Original change's description: > [inspector] Re-enable Debugger#restartFrame > > Doc: https://bit.ly/revive-restart-frame > > This CL "undeprecates" Debugger#restartFrame and adds a new optional > "mode" parameter for back-wards compatibility. Moreover, the return > values are all deprecated. They were never actually used in the > DevTools frontend and the same information is available from the > Debugger#paused event that fires once execution stops at the > beginning of the restarted function. > > The CL also re-baselines all the restart-frame inspector tests that > now run successfully. > > R=bmeurer@chromium.org, kimanh@chromium.org > > Bug: chromium:1303521 > Change-Id: I34bddeb1f2f4ff3dee58dd82e779c111495566f3 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3616505 > Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> > Reviewed-by: Kim-Anh Tran <kimanh@chromium.org> > Commit-Queue: Simon Zünd <szuend@chromium.org> > Cr-Commit-Position: refs/heads/main@{#80491} Bug: chromium:1303521 Change-Id: I13e2f8b5011795a38e541310622b8333a3d08049 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644624Reviewed-by:
Kim-Anh Tran <kimanh@chromium.org> Cr-Commit-Position: refs/heads/main@{#80534}
-
- 13 May, 2022 27 commits
-
-
Clemens Backes authored
MSVC does not implicitly convert the std::array iterator to a char*, hence explicitly use the {data()} accessor instead of {begin()}, which is cleaner anyway. R=mlippautz@chromium.org Bug: chromium:1323177 Change-Id: I65c6836889eb57a18b655cb9e6c98008a8fbcaac Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644794 Auto-Submit: Clemens Backes <clemensb@chromium.org> Reviewed-by:Deepti Gandluri <gdeepti@chromium.org> Commit-Queue: Deepti Gandluri <gdeepti@chromium.org> Cr-Commit-Position: refs/heads/main@{#80533}
-
Camillo Bruni authored
Read only a single byte of FLAG_trace_osr in assembly builtin code to make asan happy in the simulator. Bug: chromium:1324042 Change-Id: I002cea0b4917af3780d6bdedfb0ec55008e146c7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644793Reviewed-by:
-
Leszek Swirski authored
This test tests the interpreted/baseline and optimized behaviour of cpu profiler ticks. We should eventually support this for maglev too, but for now just disable it. Bug: v8:7700 Change-Id: Iba89ab2c718025ebf90c86a84ed937c2d1d0af7f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647363 Auto-Submit: Leszek Swirski <leszeks@chromium.org> Reviewed-by:
-
Samuel Groß authored
This is more consistent with similar features, for example V8_ENABLE_WEBASSEMBLY or V8_ENABLE_MAGLEV. Drive-by: remove V8_SANDBOX_IS_AVAILABLE as it's no longer needed. Bug: v8:10391 Change-Id: I8658c5b0c331a4c73892737083b2c2f9b8f84056 Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647355 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Auto-Submit: Samuel Groß <saelo@chromium.org> Reviewed-by:
-
Clemens Backes authored
This introduces a class which can be used for formatting dynamic values into a constant-size, stack-allocated array. You get ostream-style code but printf-style performance, and in particular no dynamic allocation. This makes this class also suitable to be used in OOM or other fatal situations where we cannot rely on dynamic memory allocation to still work. Using FormattedString will automatically compute the format string depending on the types. It also computes the maximum size of the output. Last but not least, it makes the code a lot more readable than traditional printf style printing. R=mlippautz@chromium.org Bug: chromium:1323177 Change-Id: I47228b3603c694c1fa23516dd3f1c57e39c0ca35 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644622 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by:
-
Dominik Inführ authored
We initialize the JSObject in the payload of a ByteArray, so we know that no slots were recorded there. This also means we don't need to remove any recorded slots and thus invalidation isn't required. With this change only strings use object slot invalidation on String::MakeExternal. Bug: v8:12578 Change-Id: I009635c2a61ae8ff2b9e2480cb7d374451a8cc7d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644614Reviewed-by:
-
Toon Verwaest authored
This avoids unnecessary spill moves and reduces register pressure. Bug: v8:7700 Change-Id: I3f2c35f2b6c0a3e64408b40d59696d924af8a9b4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647365Reviewed-by:
-
Andy Wingo authored
Bug: v8:12868 Change-Id: I69e149aa607ee77dd00267a0bbe4e5828dceb75e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647350Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Andy Wingo <wingo@igalia.com> Cr-Commit-Position: refs/heads/main@{#80526}
-
Leszek Swirski authored
Explicitly initialize the loop merge's back-edge predecessor to a specfic "uninitialized" value, distinct from nullptr (which marks dead loops) and done in both debug and release modes. Bug: v8:7700 Change-Id: I6a845cc4dbd7da75954f78607e69a5d4e2ec1ec7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3645114Reviewed-by:
-
Clemens Backes authored
Now that we require C++17 support, we can just use the standard static_assert without message, instead of our STATIC_ASSERT macro. R=leszeks@chromium.org Bug: v8:12425 Change-Id: I1d4e39c310b533bcd3a4af33d027827e6c083afe Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647353Reviewed-by:
Hannes Payer <hpayer@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#80524}
-
Andy Wingo authored
Bug: v8:12868 Change-Id: I9008da5f89c4c18ea45ddbe44cae832087c76b01 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647349Reviewed-by:
-
Andreas Haas authored
JobDelegate::ShouldYield() should not be called anymore after it has already returned true. This CL changes the deserialization of WebAssembly to remember when ShouldYield() returned for the first time, and does not call ShouldYield() afterwards anymore. R=thibaudm@chromium.org Bug: chromium:1277962 Change-Id: Ie84abf30b20d302a19f3192c3859796be1cccd97 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647361 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by:
Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/main@{#80522}
-
Anton Bikineev authored
With this CL, the decompression simply becomes: movsxd rax, edi add rax, rax and rax, qword ptr fs:[base@TPOFF] Bug: chromium:1325007 Change-Id: I931e4e667a9b9697671bccf14575420f8cb705e8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3629871Reviewed-by: -
Marja Hölttä authored
This reverts commit b8f88be0. Reason: disabling an experimental feature in release branch Bug: v8:11111,v8:12870 Change-Id: I6fbd6bdb318c0d25e69c04db208a0d5f2b9ebbd7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647357 Auto-Submit: Marja Hölttä <marja@chromium.org> Reviewed-by:
-
Leszek Swirski authored
Do the same trick as TurboFan, keeping the BytecodeArray alive by holding it strongly in the deopt literals. Bug: v8:7700 Change-Id: I8f8472674b08df3ca18aff58172e7ba83d09a620 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647358 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by:
-
Anton Bikineev authored
With caged heap enabled, we can halve Member<> by storing only the least significant half. The base of the heap is stored in a thread local variable. The feature has therefore an implication that only single heap is allowed per thread. The feature is gated by the new GN arg: cppgc_enable_pointer_compression. Bug: chromium:1325007 Change-Id: Ic7f1ecb7b9ded57caad63d95bbc8e8ad6ad65031 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2739979Reviewed-by:
Almothana Athamneh <almuthanna@chromium.org> Commit-Queue: Almothana Athamneh <almuthanna@chromium.org> Commit-Queue: Tamer Tas <tmrts@chromium.org> Reviewed-by:
Tamer Tas <tmrts@chromium.org> Auto-Submit: Anton Bikineev <bikineev@chromium.org> Cr-Commit-Position: refs/heads/main@{#80518}
-
Clemens Backes authored
Use V8::FatalProcessOutOfMemory directly instead. R=mlippautz@chromium.org Bug: chromium:1323177 Change-Id: Ib1efd9e8099c76cd9ae0ac412b2e37307a698f4f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3641176Reviewed-by:
Marja Hölttä <marja@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#80517}
-
Patrick Thier authored
We temporarily enable the StringForwardingTable for all ThinString transitions behind --future to get coverage and performance numbers from future bots. Bug: v8:12007 Change-Id: Ia59bd6c40df2fd413867f6fc2aa7f69d099b5377 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3637799Reviewed-by:
-
Al Muthanna Athamina authored
NOTRY=true Bug: v8:12445 Change-Id: I67bd72e2369ffc0e4afc75e0436d80d3c5c0fae2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3632101Reviewed-by:
Michael Achenbach <machenbach@chromium.org> Commit-Queue: Almothana Athamneh <almuthanna@chromium.org> Auto-Submit: Almothana Athamneh <almuthanna@chromium.org> Cr-Commit-Position: refs/heads/main@{#80515}
-
jameslahm authored
This CL adds serialization and deserialization for packed double array and holey double array. Bug: v8:11525 Change-Id: Idce22e1c5d707e45127ae972587c6b7808ca2cda Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3640751Reviewed-by:
-
Frank Tang authored
Spec text: https://tc39.es/proposal-temporal/#sec-temporal.calendar.prototype.era https://tc39.es/proposal-temporal/#sec-temporal.calendar.prototype.erayear Notice this only implement the "iso8601" calendar and we will implement the code for other calendar later by calling ICU with other Calendar methods. This CL reduce the differences of testing result between ALWAYS and no_i18n because the code in no_i18n will not call Calendar era or eraYear and therefore passed the test even w/o this CL but the ALWAYS tests will cause Temporal object to internal call era and eraYear and therefore fail if w/o this CL. Bug: v8:11544 Change-Id: I921fbfbbd26473c238024161eb58b096c38b881b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3641938Reviewed-by:
Adam Klein <adamk@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/main@{#80513}
-
Leszek Swirski authored
Doesn't do much at the moment beyond not being a baseline frame. Fixes a DCHECK in tiering that checks the frame type, by removing the frame lookup there (which wasn't necessary anymore). Bug: v8:7700 Change-Id: Icecfe27771923d380a7d1dc1c29aa9c5c9dfbf0f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644618 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Reviewed-by:
-
Dominik Inführ authored
We use the invalidate_recorded_slots argument to signal to NotifyObjectLayoutChange whether a particular object layout change could cause a tagged pointer to be replaced with an untagged value. In such cases we need our snapshot protocol in order to allow marking such objects concurrently. The snapshot protocol consists of two main operations: 1) Tracing and marking the object black on the main thread before performing the unsafe transition. 2) The concurrent marker needs to read such objects into a buffer first and is only allowed to trace it when successfully marking that object black. However, in some cases we were still doing 1) on the main thread when the concurrent marker didn't use 2) the snapshot buffer anymore. This CL cleans up this behavior and ensures that 1) and 2) are always paired together. Bug: v8:12578 Change-Id: Id83b3de866a80efedf4a72e440cbc767fe3eaea6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644611Reviewed-by: -
Leszek Swirski authored
The budget interrupt in maglev can clobber registers. We need to save the caller-saved registers before making this call. Additionally, move the interrupt call into deferred code, and only emit the interrupt check + call for returns and backwards jumps (i.e. things that reduce the budget). Bug: v8:7700 Change-Id: I277e9fdf454ff0f22bf20e7cf9538e3020403c1a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644619Reviewed-by:
-
Michael Achenbach authored
Port GN changes in https://crrev.com/c/3596671 No-Try: true Change-Id: I4d9571ce0d5abcae56a370986db1104e5429b348 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647347Reviewed-by:
-
Lu Yahan authored
Change-Id: Iad4b34b1c4a85800e8e1d6c01b686dd19e8116a6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3600532 Auto-Submit: Yahan Lu <yahan@iscas.ac.cn> Reviewed-by:
-
Lu Yahan authored
Port commit fe443a4e Bug: v8:12284 Change-Id: I19ba180ecc7cd0e5a3b6e5009cc2b8c40074399a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3642243Reviewed-by:
-
- 12 May, 2022 2 commits
-
-
Seth Brenith authored
CompilationSubCache has some complexity regarding generations of tables which is only used by one subclass, CompilationCacheRegExp. This change adjusts the class hierarchy so that classes only contain the necessary member functions. Bug: v8:12808 Change-Id: I4f4cf15bbf9b80c2de0c18aea82a0c238804759d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3629603Reviewed-by:
-
Tobias Tebbi authored
This CL adds two experimental JS builtins to convert between i16 Wasm GC and JS strings. This is a non-standard experimental feature only available with the flag --wasm-gc-js-interop. WebAssembly.experimentalConvertArrayToString(array, start, count) Convert the `count`-many WTF-16 code units starting at index `start` into a JS string. Throws a TypeError if `array` is not an i16 array, or if `start` and `count` are not numbers or not in range. WebAssembly.experimentalConvertStringToArray(string, sampleArray) Convert `string` to an i16 array. The `sampleArray` parameter needs to be an arbitrary i16 array, which is only used to extract the rtt. Throws a TypeError if `string` is not a string or `sampleArray` is not an i16 array. Change-Id: I7ac2f6bd89b8f638427f61da1bb01ccba90d735b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3642301 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by:
-
