- 30 Sep, 2020 29 commits
-
-
Marja Hölttä authored
This enables correctness fuzzing. Bug: v8:9237 Change-Id: I9b8e5506cf22a482cf39e92d3d67629382ac4b39 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2436539Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#70237}
-
Mike Stanton authored
CallHandleInfos are observed for optimizing API calls in TurboFan. The place to be careful is on allocation and installation of these objects in a FunctionTemplate. As long as store order is preserved there, we can safely directly access the class members. Bug: v8:7790 Change-Id: I6acb318d01c19d97725c7218e913765c33e0d8b8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2435096 Commit-Queue: Michael Stanton <mvstanton@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/master@{#70236}
-
Clemens Backes authored
All instantiations of the function body decoder (validation, Liftoff, TurboFan) currently generate precise error messages. For Liftoff though, the error message and location is never used. Thus we can save some binary size and performance by only keeping a flag whether an error occured or not. In the error case, the TurboFan compiler will execute right afterwards anyway, generating a proper error message. As as follow-up, we can avoid storing the pc in {ValueBase} and {ControlBase}, because that's only used for error reporting. R=thibaudm@chromium.org Bug: v8:10969 Change-Id: I65c46cb9d8b654f9476f2c34ca9a8dd45d6bbbc5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2436347 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/master@{#70235}
-
Jakob Gruber authored
CodeKind::OPTIMIZED_CODE -> TURBOFAN Kinds are now more fine-grained and distinguish between TF, TP, NCI. CodeKind::STUB -> DEOPT_ENTRIES_OR_FOR_TESTING Code stubs (like builtins, but generated at runtime) were removed from the codebase years ago, this is the last remnant. This kind is used only for deopt entries (which should be converted into builtins) and for tests. Change-Id: I67beb15377cb60f395e9b051b25f3e5764982e93 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440335 Auto-Submit: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Mythri Alle <mythria@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Cr-Commit-Position: refs/heads/master@{#70234}
-
Jakob Kummerow authored
Array.prototype.pop() must throw a TypeError whenever the array's length is readonly; there is no exception to that when the length is 0. This patch moves the length==0 special case after the read- only length check in both fast paths (CSA and C++). Fixed: v8:10908 Change-Id: I4a77439478cffeaf11022ff8beb78b0a907290d2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440576 Auto-Submit: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#70233}
-
Jakob Kummerow authored
Sorting a TypedArray with a custom compare function requires us to copy the array's contents to a FixedArray. When the TypedArray is larger than FixedArray::kMaxLength, we should throw a RangeError rather than crashing with an OOM message. Fixed: v8:10931 Change-Id: I8a27cc0ac80a9172bc5e8e154fdf4ccce5974317 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440575 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Auto-Submit: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#70232}
-
Leszek Swirski authored
This reverts commit 5d7a29c9. Reason for revert: UBSan -- https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20UBSan/13100 Original change's description: > [serializer] Allocate during deserialization > > This patch removes the concept of reservations and a specialized > deserializer allocator, and instead makes the deserializer allocate > directly with the Heap's Allocate method. > > The major consequence of this is that the GC can now run during > deserialization, which means that: > > a) Deserialized objects are visible to the GC, and > b) Objects that the deserializer/deserialized objects point to can > move. > > Point a) is mostly not a problem due to previous work in making > deserialized objects "GC valid", i.e. making sure that they have a valid > size before any subsequent allocation/safepoint. We now additionally > have to initialize the allocated space with a valid tagged value -- this > is a magic Smi value to keep "uninitialized" checks simple. > > Point b) is solved by Handlifying the deserializer. This involves > changing any vectors of objects into vectors of Handles, and any object > keyed map into an IdentityMap (we can't use Handles as keys because > the object's address is no longer a stable hash). > > Back-references can no longer be direct chunk offsets, so instead the > deserializer stores a Handle to each deserialized object, and the > backreference is an index into this handle array. This encoding could > be optimized in the future with e.g. a second pass over the serialized > array which emits a different bytecode for objects that are and aren't > back-referenced. > > Additionally, the slot-walk over objects to initialize them can no > longer use absolute slot offsets, as again an object may move and its > slot address would become invalid. Now, slots are walked as relative > offsets to a Handle to the object, or as absolute slots for the case of > root pointers. A concept of "slot accessor" is introduced to share the > code between these two modes, and writing the slot (including write > barriers) is abstracted into this accessor. > > Finally, the Code body walk is modified to deserialize all objects > referred to by RelocInfos before doing the RelocInfo walk itself. This > is because RelocInfoIterator uses raw pointers, so we cannot allocate > during a RelocInfo walk. > > As a drive-by, the VariableRawData bytecode is tweaked to use tagged > size rather than byte size -- the size is expected to be tagged-aligned > anyway, so now we get an extra few bits in the size encoding. > > Bug: chromium:1075999 > Change-Id: I672c42f553f2669888cc5e35d692c1b8ece1845e > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2404451 > Commit-Queue: Leszek Swirski <leszeks@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Cr-Commit-Position: refs/heads/master@{#70229} TBR=ulan@chromium.org,jgruber@chromium.org,leszeks@chromium.org Change-Id: I2bd792a24861e8f54897e51522769b50f8f814e2 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:1075999 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440827 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#70231}
-
Gus Caplan authored
This is some general cleanup for the experimental regexp implementation. DeferredLabels have been merged into Labels, label APIs more closely resemble other parts of V8, and instruction codegen has been moved into its own class. Bug: v8:10765 Change-Id: I139c0a0df30e539ee39eae70fc206e6406d898b1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2433058Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Gus Caplan <snek@chromium.org> Cr-Commit-Position: refs/heads/master@{#70230}
-
Leszek Swirski authored
This patch removes the concept of reservations and a specialized deserializer allocator, and instead makes the deserializer allocate directly with the Heap's Allocate method. The major consequence of this is that the GC can now run during deserialization, which means that: a) Deserialized objects are visible to the GC, and b) Objects that the deserializer/deserialized objects point to can move. Point a) is mostly not a problem due to previous work in making deserialized objects "GC valid", i.e. making sure that they have a valid size before any subsequent allocation/safepoint. We now additionally have to initialize the allocated space with a valid tagged value -- this is a magic Smi value to keep "uninitialized" checks simple. Point b) is solved by Handlifying the deserializer. This involves changing any vectors of objects into vectors of Handles, and any object keyed map into an IdentityMap (we can't use Handles as keys because the object's address is no longer a stable hash). Back-references can no longer be direct chunk offsets, so instead the deserializer stores a Handle to each deserialized object, and the backreference is an index into this handle array. This encoding could be optimized in the future with e.g. a second pass over the serialized array which emits a different bytecode for objects that are and aren't back-referenced. Additionally, the slot-walk over objects to initialize them can no longer use absolute slot offsets, as again an object may move and its slot address would become invalid. Now, slots are walked as relative offsets to a Handle to the object, or as absolute slots for the case of root pointers. A concept of "slot accessor" is introduced to share the code between these two modes, and writing the slot (including write barriers) is abstracted into this accessor. Finally, the Code body walk is modified to deserialize all objects referred to by RelocInfos before doing the RelocInfo walk itself. This is because RelocInfoIterator uses raw pointers, so we cannot allocate during a RelocInfo walk. As a drive-by, the VariableRawData bytecode is tweaked to use tagged size rather than byte size -- the size is expected to be tagged-aligned anyway, so now we get an extra few bits in the size encoding. Bug: chromium:1075999 Change-Id: I672c42f553f2669888cc5e35d692c1b8ece1845e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2404451 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#70229}
-
Michael Achenbach authored
The infrastructure will soon start using the canonical build output location out/build. New flake bisect jobs will then be started with --outdir=out/build. This change picks the current out/Release or out/Debug as an alternative output location to be compatible with the future value of the flag. This code will be removed when the property change happens. This prepares: https://crrev.com/c/2426643 Bug: chromium:1132088 Change-Id: I1fe3bcb239b05d069a1006646bc9306a16a3cecd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440336Reviewed-by: Liviu Rau <liviurau@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#70228}
-
Samuel Groß authored
Previously, unhandled promise rejections weren't reset between REPRL executions, leading to incorrect exit statuses being reported. This CL fixes the issue and adds further tests to verify the correct behaviour. Change-Id: Ied47d9359b0fbc05ebb211667687a0a4041ef767 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2431205Reviewed-by: Clemens Backes <clemensb@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Commit-Queue: Samuel Groß <saelo@google.com> Cr-Commit-Position: refs/heads/master@{#70227}
-
Jakob Kummerow authored
When building the error message for a TypeError when e.g. a non-callable is called, we should avoid running into the max string length. Printing many megabytes there isn't going to be useful anyway. Fixed: v8:10963 Change-Id: Ief89800f660bdd48585f84c3e3d4ece21b02b760 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2438068Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Auto-Submit: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#70226}
-
Milad Fa authored
Bug: v8:10965 Change-Id: Iba23cfcfaed44b52fe38851713e2ffedd118430f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2437172Reviewed-by: Junliang Yan <junyan@redhat.com> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Milad Fa <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/master@{#70225}
-
Clemens Backes authored
As a preparation to add a "boolean validation" mode, rename the existing flags. This removes many unrelated changes from the follow-up change and makes it easier to review. R=thibaudm@chromium.org Bug: v8:10969 Change-Id: I5f71405b525a7caa91be46c035e31d4d960e4e4c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440036Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#70224}
-
Michael Achenbach authored
This breaks looking for build output after finding valid output. Otherwise build output with lower precedence can overwrite output with higher precedence. This also moves a static method. Bug: chromium:1132088 Change-Id: I1824028243f964ab0956e54ca24921e6f32f2ca3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440337 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Liviu Rau <liviurau@chromium.org> Auto-Submit: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Liviu Rau <liviurau@chromium.org> Cr-Commit-Position: refs/heads/master@{#70223}
-
Igor Sheludko authored
Bug: chromium:1132640 Change-Id: I40e8aecc98d9fc20bbe1df6e31be127af8710723 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2436334Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#70222}
-
Jakob Gruber authored
The invocation count is part of call feedback, and is used during tier-up to determine inlining candidates. For bytecode, it is updated by the InterpreterEntryTrampoline, which can be seen as a global prologue for all bytecode functions. Since NCI tiers up, it must also track the invocation count. This CL adds it to the NCI prologue sequence (emitted as part of every NCI code object). Bug: v8:8888 Change-Id: I04b33c9c8b0bdd975aceb97145f159798e18b97b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2436340 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#70221}
-
Victor Gomes authored
Change-Id: I33294dc5b93d5842a3a51779bfec30f20bf4f23f Bug: v8:10201 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2436345Reviewed-by: Andreas Haas <ahaas@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Victor Gomes <victorgomes@chromium.org> Cr-Commit-Position: refs/heads/master@{#70220}
-
Victor Gomes authored
Change-Id: I624b16162dd859dc88b5f26cfc7d1a4a15089095 Bug: v8:10201 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2438455 Commit-Queue: Victor Gomes <victorgomes@chromium.org> Auto-Submit: Victor Gomes <victorgomes@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#70219}
-
Thibaud Michaud authored
Ensure that a valid off-heap trampoline is created for the GenericJSToWasmWrapper builtin by adding it to the list of executable builtins. R=ahaas@chromium.org CC=evih@chromium.org Bug: v8:10701 Change-Id: I49b8144237aca20f5f663c7b32810a16f715ad5f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2438415 Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#70218}
-
Vicky Kontoura authored
This CL extends fast-path transformations of JavaScript parameters when calling an exported WebAssembly function from JavaScript to support heap numbers for types kF32 and kF64. Bug: v8:10943 Change-Id: Ifbb745cb7bee3ef34bb40b7c01597703fde340bd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2435366 Commit-Queue: Vicky Kontoura <vkont@google.com> Reviewed-by: Andreas Haas <ahaas@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#70217}
-
Zhao Jiazhong authored
Since the inspector/debugger/wasm-scope-info* tests need simd128, but not all mips cpus support it, we skip the tests on mips platforms without simd support. Change-Id: Iebefa5d6b33d80d707ad0077be7d4f25e3e52b4f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2439769 Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#70216}
-
Manos Koukoutos authored
Changes: - Implement WasmExportedFunction::MatchesSignature. - Use it over comparison with == in ResolveWasmImportCall. - Add a test which exposes the existing bug. - Add a few reminder TODOs. Bug: v8:9495 Change-Id: Ibbe31dbf550be212dbf2170ab8cdab9b4b6de734 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2438060 Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#70215}
-
Zhao Jiazhong authored
Float32/64 abs operation should only clear the sign bit, but abs.s and abs.d instructions of mips64r2 would convert nan to canonical nan. Change-Id: Ibbd05cdb3a73acfe0e532030d1815d262c3ac433 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2439768 Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#70214}
-
Jakob Gruber authored
Turboprop-generated Code objects will now have the dedicated TURBOPROP code kind instead of OPTIMIZED_FUNCTION. When possible, the code kind is used as the source of truth instead of FLAG_turboprop. This is the initial step towards implementing tier-up from Turboprop to Turbofan. Future work: Rename OPTIMIZED_FUNCTION to TURBOFAN, rename STUB to DEOPT_ENTRIES_OR_FOR_TESTING, implement TP tier-up. No-Try: true Bug: v8:9684 Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel_ng Change-Id: I3c9308718d7e9a2b7e6796e7ea94f17e5ff84c0a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2424140 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#70213}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/38a49c1..3ede101 Rolling v8/buildtools: https://chromium.googlesource.com/chromium/src/buildtools/+log/3ff4f50..4be464e Rolling v8/third_party/aemu-linux-x64: FfxmX7LQ9OID3pVAmcemr6u9lK3xjXzAXxvqzEcclMwC..oJeWXQJJ1lVY6P7l39pBV-mrbeWlw0swPZQuNmcix5AC Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/18d69fb..0f6ed71 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/1099c11..991ead1 Rolling v8/third_party/instrumented_libraries: https://chromium.googlesource.com/chromium/src/third_party/instrumented_libraries/+log/3c52ccd..6ba978c Rolling v8/third_party/zlib: https://chromium.googlesource.com/chromium/src/third_party/zlib/+log/4668fea..26211a5 Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/3017eda..bd8e096 TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com Change-Id: Icb156ce2fe693cd4838c7e11b31cb96282125c92 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2439341Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#70212}
-
Zhao Jiazhong authored
Change-Id: Ib5728e22815339096dec72cc3a6d8732da436062 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2437514Reviewed-by: Zhi An Ng <zhin@chromium.org> Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn> Cr-Commit-Position: refs/heads/master@{#70211}
-
Ng Zhi An authored
For replacing lanes (i8x16 and i16x8) the replacement value is stored in a word32. Simply storing it will cause us to have the wrong value, we need to mask (for overflow) and extend appropriately. Same for extracting, the values are stored in sign-extended form, unsigned extracts should zero the top bits. Bug: v8:10507 Change-Id: If5ed79f5b6bdb64f900a54b9e148b2d96a74f312 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2436612Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#70210}
-
Andrey Kosyakov authored
A break may cause the session disconnect (and therefore agents destruction) on a nested message loop. The runtime agent code is generally prepared to handle this during evaluate, but the code outside of it may be not. Besides, having a break before the console API installed is generally not what user wants or expects, so just disable all breaks while installing the API. Bug: chromium:1122487 Change-Id: I1d40f5007f2e1e4ec07a50ef57988513d0309b7e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2437383 Commit-Queue: Andrey Kosyakov <caseq@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#70209}
-
- 29 Sep, 2020 11 commits
-
-
Ng Zhi An authored
Bug: v8:10933 Change-Id: I6709dac3598f9dea96fe6f5efec452c1bbdcbc2b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2436611Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#70208}
-
Etienne Pierre-doray authored
Delegate kept task id around for longer than the worker is considered active, thus breaking the task_id < num_worker garantee. The fix is to adjust the delegate lifetime. Change-Id: I9aabb1286d507c09bfe9be4fd4f810f232d6e6b9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2437005 Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#70207}
-
Ng Zhi An authored
Perform the renames for all arch-dependent opcodes too. This is a follow-up of https://crrev.com/c/2422357. Bug: v8:10946,v8:10933 Change-Id: I02f048b64dd4d75f06d6b7919660ffebd0e78b50 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2431798Reviewed-by: Bill Budge <bbudge@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#70206}
-
Ng Zhi An authored
LoadTransform operators contain a LoadKind, which can be unaligned, protected, poisoned, normal. If it is protected, we cannot eliminiate that load, since we rely on the segv signal handling. So, we use partial template specialization on LoadKind::kProtected, and don't set the operator to not be eliminatable. Bug: chromium:1132461 Change-Id: If45fc6562348ffd4dbaa27058e6c5d4242f79abb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2436081 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#70205}
-
Samuel Groß authored
This change moves external pointers into a separate table and turns external pointers in heap objects into indices into that table. This CL implements one of two possible ownership models for the table entries. With this one, every heap object owns its table entries, and they are allocated when the owning object is allocated. As such, setting external pointer fields does not require allocation of table entries. On the other hand, table indices cannot be shared between multiple objects. This CL does not yet implement freeing of external pointer table entires. This will later happen by a table garbage collector. Bug: v8:10391 Change-Id: I4d37785295c25a7d1dcbc9871dd5887b9d788a4f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2235700Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Samuel Groß <saelo@google.com> Cr-Commit-Position: refs/heads/master@{#70204}
-
Ng Zhi An authored
Bug: v8:10933 Change-Id: I71869306fded6212a231f9825a6b7091f5f6f19d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2383070Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#70203}
-
Santiago Aboy Solanes authored
We used to have a loop that it was used for JSReceivers. However, this was not used as a proper loop since at most it would have two loop iterations. Then, it could be changed to a Branch case. Since I was refactoring the method, I also de-duplicated code by using the common code from PlainPrimitiveNonNumberToNumber. In order to do so, said method was renamed to TryPlain... and was reworked as well. Bug: v8:6949, v8:10933 Change-Id: I860601a3b9e8bdeed052dcd237a767ac7ed80c92 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2435110 Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#70202}
-
Milad Fa authored
Bug: v8:10965 Change-Id: Ie98d77c681cfdc468ae8c1fef51e8b6ec2aa185a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2438230Reviewed-by: Junliang Yan <junyan@redhat.com> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Milad Fa <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/master@{#70201}
-
Sathya Gunasekaran authored
Instead of always inlining the polymorphic map checks, this CL introduces a builtin to perform these polymorphic map checks when the IC is monomorphic at compile time. This reduces the time we spend compiling and code bloat while trading it for performance. Bug: v8:10582, v8:9684 Change-Id: I7aea698988f8ead3cbf3f4a836218f53223f0f98 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2398525 Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#70200}
-
Seth Brenith authored
There were two problems: 1. v8_builtins_profiling_log_file was not declared in "sources" or "inputs", so Ninja wouldn't re-run mksnapshot if it changed. 2. v8_builtins_profiling_log_file was passed directly to mksnapshot without rebasing the path, which makes it awkward and inconsistent with how most other gn arguments work. Bug: v8:10470 Change-Id: Id8edba325b867e8d9561d3c76f28e121641d0dd4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2434103Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com> Cr-Commit-Position: refs/heads/master@{#70199}
-
Philip Pfaffe authored
This is the first step to support debug evaluate on wasm call frames. This CL enables calling evaluateOnCallFrame when a wasm frame is selected, which before always returned undefined. The CL mirrors global evaluation, and actually enabling inspecting the wasm frame will be part of a second change. Bug: chromium:1127914 Change-Id: If0ad0be7c402d85ab2a8e95376398f4f4ef94948 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2436338 Commit-Queue: Philip Pfaffe <pfaffe@chromium.org> Reviewed-by: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#70198}
-