- 22 Aug, 2022 29 commits
-
-
Dominik Inführ authored
The generational barrier isn't supported on the background thread at the moment. Make sure it isn't used on such threads by accident. Bug: v8:13203 Change-Id: I5577f3802c1aba246955519c8c778fa741d56d96 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3840300 Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#82635}
-
Shu-yu Guo authored
The concurrent marker needs an override for JSObject subclasses with their own visitor id and body descriptor. Implement the missing VisitJSSynchronizationPrimitive. Bug: v8:13214 Change-Id: Ie4f64e2b4e9b211f9661da75bf8d2d012f8d16ac Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3846320Reviewed-by:
Dominik Inführ <dinfuehr@chromium.org> Auto-Submit: Shu-yu Guo <syg@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/main@{#82634}
-
Feng Yu authored
Bug: v8:12781 Change-Id: If7681564f3e0c087e3347557a3f9169625b51607 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3817621Reviewed-by:
Camillo Bruni <cbruni@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/main@{#82633}
-
Frank Tang authored
In collator and localeCompare, we have an incorrect optimization for zero length string that compare the length and ignore the fact some non zero length string could be considered as equal to a zero length string because the content are all ignoreable. Took out this incorrect optimization with test cases. The regression is introduced in https://source.chromium.org/chromium/_/chromium/v8/v8.git/+/6fbb8bc806da7231ceb81e492d09abe3f43e320e which first appeared in 97.0.4665.0 Bug: chromium:1347690 Change-Id: Ie70feb9598b1842f8a8744c38f33b3397865abfd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3832526Reviewed-by:
Shu-yu Guo <syg@chromium.org> Reviewed-by:
Jakob Linke <jgruber@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/main@{#82632}
-
ishell@chromium.org authored
Namely: - AccessorInfo::getter and AccessorInfo::js_getter, - CallHandlerInfo::callback and CallHandlerInfo::js_callback. The redirected/non-redirected callback distinction is required only for simulated builds but we wasted memory also for all native builds. Now we store these fields in "redirected" form which allows us to call them directly from builtins or generated code. In case it's necessary to call a callback from C++ code the C function address is read from the redirection. This additional indirection makes the callback calls from C++ code in simulated builds slower but saves memory for native builds. This CL should recover a part of memory regression caused by inlining Foreign fields into AccessorInfo and CallHandlerInfo. Bug: v8:12949, chromium:1336105, chromium:1335930 Change-Id: I38470ed21ee23b281247c11a9531542c7e4acca1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3835686Reviewed-by:
-
Feng Yu authored
This changeset include: 1. [prepare for migrate] move `cctest/compiler/value-helper.h`, `cctest/compiler/c-signature.h`, and `cctest/compiler/call-tester.h` to `test/common` directory because both `test-codegen` and a lot of cctest file include it. 2. [prepare for migrate] separate the tester helper part of `test-codegen` into a new `codegen-tester` file. 3. finally, migrate test-codegen.cc to `codegen-unittest.cc` Bug: v8:12781 Change-Id: Ia2f52c1d3b6b62501066dc1c4308a2c09d699e92 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3831146Reviewed-by:
Clemens Backes <clemensb@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#82630}
-
Danylo Boiko authored
Bug: v8:7327 Change-Id: I4aececd931359785aa806f749dd27029f8ca4ebe Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3840758 Commit-Queue: Danylo Boiko <danielboyko02@gmail.com> Reviewed-by:
Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/main@{#82629}
-
Feng Yu authored
Bug: v8:12781 Change-Id: I3dfbc03dd2dd4ac32d16cf153146979a0b4bcf50 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829504 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by:
-
Clemens Backes authored
Move forward with the deprecation. R=mlippautz@chromium.org Bug: chromium:634547 Change-Id: I46227ee119923d7f6ac364769718e5bca90686e7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3780531 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by:
-
Dominik Inführ authored
We used to treat Heap::ReportExternalMemoryPressure just like allocation observer marking steps. Which means that we advance incremental marking but never finalize here immediately. This is now problematic without a separate COMPLETE phase when we don't reach the stack guard because we are stuck in C++ for awhile. In such cases we might perform way more marking work than we used to. We can fix this by finalizing marking immediately at this point when the stack guard was already armed. Otherwise we prefer to finalize marking in a task where we don't have a stack at all. For this we add a new method IncrementalMarking::AdvanceAndFinalizeIfNecessary. AdvanceFromTask is renamed to AdvanceAndFinalizeIfComplete to make the difference between those methods more clear. Bug: v8:12775, chromium:1354911 Change-Id: If57bedb1a5f87923ccb8ad3fe2b60952e3843975 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3845082 Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by:
-
Junliang Yan authored
The load for external reference should be a full pointer load instead of tagged size. Change-Id: I3460a26abea5053ba6daa5c6ed908cb93431654a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3842348Reviewed-by:
-
ishell@chromium.org authored
This is a reland of commit 9b0d5cb1 The newly added check does not allow comparisons with stale or invalid pointers because attempt to access the page header might crash. Original change's description: > [ext-code-space] Fix Code vs non-Code comparisons > > When external code space is enabled comparing Code and non-Code objects > by looking at compressed values is not always correct. Such an approach > works only for comparing Code vs Code objects or non-Code vs non-Code > objects. > > This CL instroduces SLOW_DCHECK into Object comparison operators to > ensure that such a comparison is allowed. Also, this CL instroduces > an Object::SafeEquals() method which compares uncompressed values > and thus is safe to be used for comparing Code with non-Code objects. > > Bug: v8:11880 > Change-Id: I7ccf1f90f927beb2bb9f45efb303e902b1838d02 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3838172 > Reviewed-by: Jakob Linke <jgruber@chromium.org> > Reviewed-by: Camillo Bruni <cbruni@chromium.org> > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> > Commit-Queue: Igor Sheludko <ishell@chromium.org> > Cr-Commit-Position: refs/heads/main@{#82611} Bug: v8:11880 Change-Id: Iab3c8fe49cb954b2dc9171b3fc4b189e84763e73 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3842932Reviewed-by:
-
Samuel Groß authored
Bug: v8:10391 Change-Id: If85a308a6f6ed1b17d86f87b4911c82d2327ea72 Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3757341Reviewed-by:
Igor Sheludko <ishell@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Cr-Commit-Position: refs/heads/main@{#82623}
-
Qifan Pan authored
Bug: v8:9407 Change-Id: I159b2ce338ab55d8171b0892a6942c9a5144d632 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3842156Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Qifan Pan <panq@google.com> Reviewed-by:
-
Clemens Backes authored
This check leads to quadratic runtime, which is problematic on huge stacks (>10000 entries in the reproducer). Typically stacks are small, so we check the first 16 entries one by one, and then increase the step size. This still gives fuzzers and other tests a good chance to find bugs, but avoids quadratic runtime. R=thibaudm@chromium.org Bug: chromium:1344481 Change-Id: Iaa3684410939d4c56177eed62787b29e409c3136 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3842154Reviewed-by:
Thibaud Michaud <thibaudm@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#82621}
-
Camillo Bruni authored
Drive-by-fix: Clean up html header tags a bit Change-Id: Ib9d3e0a24497f393b1d45b7b6ab46af381252613 No-Try: True Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3845076Reviewed-by:
Victor Gomes <victorgomes@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/main@{#82620}
-
Samuel Groß authored
Currently, when the input ArrayBuffer is detached during DataView construction, the code will create an invalid DataView object whose length, offset, and data_pointer are all incorrect. While this is currently ok as the DataView is never exposed to JavaScript in that case, it does cause issues as setting the data_pointer to a value outside of the V8 sandbox leads to a CHECK failure. This CL now ensures that the constructed DataView is always in a sane state to fix this. Bug: chromium:1354429 Change-Id: I04260a5cf5547a420956d7a75e77f41408aa4f78 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3841931Reviewed-by:
-
Omer Katz authored
This reverts commit 97997681. Reason for revert: Races fixed. Skipping no longer needed. Original change's description: > Skip HeapTest.GrowAndShrinkNewSpace under tsan > > Bug: v8:13185 > Change-Id: I0c6e4ba8b325c3ac70dbceb927e2a8b1f9d68a16 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3830286 > Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> > Auto-Submit: Adam Klein <adamk@chromium.org> > Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> > Cr-Commit-Position: refs/heads/main@{#82449} Bug: v8:13185 Change-Id: I4e1c117250932358dbd8d09ebe2cc2d331e7236f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3844530 Commit-Queue: Omer Katz <omerkatz@chromium.org> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Auto-Submit: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/main@{#82618}
-
Lu Yahan authored
Port commit aaa15e65 Change-Id: I728d5f786c3e217d249bf6d356b2a004896ed582 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3844663 Auto-Submit: Yahan Lu <yahan@iscas.ac.cn> Reviewed-by:
ji qiu <qiuji@iscas.ac.cn> Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/main@{#82617}
-
Leszek Swirski authored
This reverts commit 9b0d5cb1. Reason for revert: Seems to fail on gc-stress bots (e.g. https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/43472/overview) Original change's description: > [ext-code-space] Fix Code vs non-Code comparisons > > When external code space is enabled comparing Code and non-Code objects > by looking at compressed values is not always correct. Such an approach > works only for comparing Code vs Code objects or non-Code vs non-Code > objects. > > This CL instroduces SLOW_DCHECK into Object comparison operators to > ensure that such a comparison is allowed. Also, this CL instroduces > an Object::SafeEquals() method which compares uncompressed values > and thus is safe to be used for comparing Code with non-Code objects. > > Bug: v8:11880 > Change-Id: I7ccf1f90f927beb2bb9f45efb303e902b1838d02 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3838172 > Reviewed-by: Jakob Linke <jgruber@chromium.org> > Reviewed-by: Camillo Bruni <cbruni@chromium.org> > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> > Commit-Queue: Igor Sheludko <ishell@chromium.org> > Cr-Commit-Position: refs/heads/main@{#82611} Bug: v8:11880 Change-Id: Ie34af0135625eff2975f78f4d2901a76b8517eb7 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3842930 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Owners-Override: Leszek Swirski <leszeks@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#82616}
-
Simon Zünd authored
This CL shuffles around some code in `ScopeIterator` to better reflect the two (internal) iteration modes: - While "inside" the paused function we iterate based on lexical scopes. - Once we move past the paused function we iterate based on runtime contexts. This CL renames the advancing functions to `AdvanceScope` and `AdvanceContext` respectively which operate in the following way: - `AdvanceScope` first checks if the current lexical scope requires a context. If so, we move one context up the chain, since the next lexical scope belongs to that next context. Then we move up one lexical scope. - `AdvanceContext` moves one context up the context chain. Then we we move up through all the lexical scopes until we find the next lexical scope that requires a context. The tricky bit is the transition from scope iteration mode to context iteration mode. This is where the bug fix comes in. After doing one standard `AdvanceScope` from the `closure_scope_` to the next lexical scope, we need to keep moving up through the lexical scope until we find the next lexical scope that requires a context. The CL also changes how we collect the locals blocklist. The locals blocklist is always put on the current context. So every time we move up one context we reset the locals blocklist and every time we move up the lexical scope we collect the scope locals into the blocklist. R=bmeurer@chromium.org, jarin@chromium.org Fixed: chromium:1354464 Change-Id: I7b37687a8827c20d0660a25413d2c9117b5fe5ba Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3842158 Commit-Queue: Simon Zünd <szuend@chromium.org> Reviewed-by:Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/main@{#82615}
-
Dominik Inführ authored
AdvanceWithDeadline() was only used from AdvanceFromTask(). So we can move this method into AdvanceFromTask(). AdvanceFromTask() and AdvanceOnAllocation() share quite some code, there is already a common bottleneck for both methods: Step(). So we can move that code into Step(). Bug: v8:12775 Change-Id: I0f749f52df05d951f4310f05ff0d3977c6b2a9aa Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3843143 Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by:
-
Al Muthanna Athamina authored
Bug: v8:13052 Change-Id: I97c8d44dfd54d2a1352ceed7675d019bdec33396 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3822863Reviewed-by:
Michael Achenbach <machenbach@chromium.org> Commit-Queue: Almothana Athamneh <almuthanna@chromium.org> Reviewed-by:
Liviu Rau <liviurau@google.com> Cr-Commit-Position: refs/heads/main@{#82613}
-
Darius M authored
The generational write-barrier currently does not support background threads. As a result, building in the background a ConsString that points to a young string can lead to bugs, since the young string could be freed. Bug: v8:13203 Change-Id: I0df7c8cca8712d765eff0b1e918379f5477fdee5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3840940Reviewed-by:
-
ishell@chromium.org authored
When external code space is enabled comparing Code and non-Code objects by looking at compressed values is not always correct. Such an approach works only for comparing Code vs Code objects or non-Code vs non-Code objects. This CL instroduces SLOW_DCHECK into Object comparison operators to ensure that such a comparison is allowed. Also, this CL instroduces an Object::SafeEquals() method which compares uncompressed values and thus is safe to be used for comparing Code with non-Code objects. Bug: v8:11880 Change-Id: I7ccf1f90f927beb2bb9f45efb303e902b1838d02 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3838172Reviewed-by:
-
jameslahm authored
...to clear the recompilable code. Bug: v8:13181 Change-Id: I6b78bbd2f08242fdd4659113ce1b4fa81174f8a2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829243Reviewed-by:
-
Dominik Inführ authored
Write barrier was only used in Factory::CopyCode for the InterpreterEntryTrampolineForProfiling. This was removed in in https://crrev.com/c/3811287. Change-Id: I4cd0863fc2629d2d564af6a269e722d1a9e128f0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3843141 Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by:
-
Omer Katz authored
Bug: v8:13185 Change-Id: Id145e76ad52469d9aa8a12c9172851b086421afd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3840217 Commit-Queue: Omer Katz <omerkatz@chromium.org> Auto-Submit: Omer Katz <omerkatz@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
-
Shu-yu Guo authored
Turns out parking the outer Isolate needs to encompass the entire lifetime of the inner Isolate during snapshot stress. Isolate initialization locks the shared Isolate's client mutex to prevent shared GCs. This mutex is also taken on Heap teardown on Isolate shutdown during the shared heap verification, which may end up waiting in a safepoint, causing deadlock. Bug: v8:13217 Change-Id: I3893ae883ab345a9d36c9437ea15e90f18951057 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3843288Reviewed-by:
-
- 21 Aug, 2022 1 commit
-
-
Feng Yu authored
Bug: v8:12781 Change-Id: I0271c632a057ed457af5af59cb918d86472563d8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3827131 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by:
-
- 20 Aug, 2022 2 commits
-
-
Milad Fa authored
Change-Id: I28747c49422280a7fd02ce771bd4f7c6ec60002c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3840820 Commit-Queue: Milad Farazmand <mfarazma@redhat.com> Reviewed-by:
Junliang Yan <junyan@redhat.com> Cr-Commit-Position: refs/heads/main@{#82605}
-
Milad Fa authored
Change-Id: I5da6270dc5c3d9b561eeb6c6dd3a938e705039c4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3843088Reviewed-by:
-
- 19 Aug, 2022 8 commits
-
-
Shu-yu Guo authored
This reverts commit abd0adf1. Reason for revert: Test times out on Win64 https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Win64%20-%20msvc/23024/overview Original change's description: > [compiler] Make ReduceWord32EqualForConstantRhs work for Word64Equal > > Adds reduction case in MachineOperatorReducer for when the left-hand side of a > Word64Equals is based on a 64-bit shift-and-mask operation, as is the case > when Torque accesses 64-bit bitfields. > > This improves Speedometer2 by 0.15% on a Neoverse-N1 machine, with > React-Redux being improved by 0.4%. > > Change-Id: Icd0451c00c1b25f7d370e81bddcfd668a5b2523c > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3834027 > Commit-Queue: George Wort <george.wort@arm.com> > Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> > Cr-Commit-Position: refs/heads/main@{#82593} Change-Id: I26515348a3d8de58445ecddc0486d9fcc2711cec No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3839048 Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Auto-Submit: Shu-yu Guo <syg@chromium.org> Owners-Override: Shu-yu Guo <syg@chromium.org> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#82603}
-
Clemens Backes authored
The mutex is there to protect against concurrent compilation of the same function. It can be avoided by accumulating the vector of call targets locally in the LiftoffCompiler, and only transferring it to the stored type feedback once at the end (under the mutex). Also, choose slightly better data structures: base::OwnedVector uses less memory that std::vector (because it never over-reserves), and std::unordered_map is more memory efficient and faster to lookup that {std::map}. R=jkummerow@chromium.org Bug: v8:13209 Change-Id: I7aa82560a83cbac5c019effc7fd38c9b1495a42c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3840294 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: -
Shu-yu Guo authored
WaiterQueueNodes as used by JS synchronization primitives are per-main thread, and external pointer handles to those nodes are 1-1. That 1-1-ness is captured by each main thread Isolate having a waiter_queue_node_external_pointer_ field. The current logic is incorrect on unlock paths as the Isolate that requested the unlock can point its own waiter_queue_node_external_pointer_ to another Isolate's WaiterQueueNode. This CL fixes this by having each WaiterQueueNode hold onto its own external pointer handle. This CL also fixes an embarrassing bug where the WaiterQueueNode was not correctly dequeued on timeout. Bug: v8:13189, v8:12547 Change-Id: I8db16ae6d653d2e71989ad003faae20fcee06a25 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3832298 Commit-Queue: Shu-yu Guo <syg@chromium.org> Reviewed-by:
Samuel Groß <saelo@chromium.org> Cr-Commit-Position: refs/heads/main@{#82601}
-
Nico Hartmann authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/339f8c6..8291582 Rolling v8/buildtools: https://chromium.googlesource.com/chromium/src/buildtools/+log/3d64821..3a4c850 Rolling v8/buildtools/third_party/libc++/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxx/+log/6cc58d6..db72216 Rolling v8/buildtools/third_party/libc++abi/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxxab/+log/039323b..d2e4dc7 Rolling v8/buildtools/third_party/libunwind/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libunwind/+log/030b4eb..f87795e Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapul/+log/b342107..7294631 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/268d645..44b7330 Rolling v8/third_party/fuchsia-sdk/sdk: version:9.20220812.1.1..version:9.20220819.1.1 R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com Change-Id: I9fb7df0fc77ec27a1a8ea69eef080e095c22edf7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3842152 Commit-Queue: Shu-yu Guo <syg@chromium.org> Owners-Override: Nico Hartmann <nicohartmann@chromium.org> Reviewed-by:
-
Shu-yu Guo authored
Bug: v8:12548 Change-Id: Ib0b22cd941f0ab928c9c3d31d77695972d87c137 No-try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3840817Reviewed-by:
Deepti Gandluri <gdeepti@chromium.org> Auto-Submit: Shu-yu Guo <syg@chromium.org> Commit-Queue: Deepti Gandluri <gdeepti@chromium.org> Cr-Commit-Position: refs/heads/main@{#82599}
-
Deepti Gandluri authored
Bug: v8:12609, v8:12284 Change-Id: I2b72b20b64d3487343212f30fba614a92845e770 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3837854 Commit-Queue: Deepti Gandluri <gdeepti@chromium.org> Reviewed-by:
-
Shu-yu Guo authored
Otherwise allocated external pointer handles may be swept if never set by the caller. Bug: v8:10391 Change-Id: I3d727b80635ac8e21bd403de6bcad59091ed80a0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3832528Reviewed-by:
-
Shu-yu Guo authored
Currently there is nothing ensuring the internal VM state of shared objects are in a coherent state and visible to other threads when the shared object is published. This CL adds a store-store memory barrier when returning from Factory methods that allocate shared JSObjects that are exposed to user JS code. For primitives, there is an additional store-store memory barrier in the shared value barrier. Bug: v8:12547 Change-Id: I4833c7ebf02cc352da9b006d2732669d6d043172 Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng,v8_linux64_tsan_rel_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3819041 Commit-Queue: Shu-yu Guo <syg@chromium.org> Reviewed-by:
-
