- 02 May, 2019 40 commits
-
-
Johannes Henkel authored
This reverts commit b7134d3a. Reason for revert: breaks presubmit Original change's description: > [DevTools] Add V8InspectorSession::state(), which returns binary (CBOR). > > Keep the existing method for compatibility, by converting > to json from CBOR using the inspector_protocol_encoding library, > via a v8 specific interface library that directs routines for > converting between strings and doubles to v8's implementations. > > This change also brings in the encoding.h / encoding.cc files from the > upstream inspector_protocol project. The only modification here > are the header guards, and the namespace. I will fix roll.py to > make it so that we pick up future changes. > > third_party/inspector_protocol/BUILD.gn is specific to v8, by necessity. > third_party/inspector_protocol/.clang-format is a copy of the upstream > file. If we don't put this, we'll find ourselves auto-formatting the roll, > which is annoying. > > Change-Id: I20fa8759164e7a39f8a7c30e0d2a3f8a7e4be227 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1590627 > Reviewed-by: Alexei Filippov <alph@chromium.org> > Reviewed-by: Dmitry Gozman <dgozman@chromium.org> > Commit-Queue: Johannes Henkel <johannes@chromium.org> > Cr-Commit-Position: refs/heads/master@{#61187} TBR=dgozman@chromium.org,alph@chromium.org,caseq@chromium.org,johannes@chromium.org Change-Id: I67f297ef8454499036c94bf88e0d23657a579140 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1592130Reviewed-by: Dmitry Gozman <dgozman@chromium.org> Commit-Queue: Johannes Henkel <johannes@chromium.org> Cr-Commit-Position: refs/heads/master@{#61189}
-
Maciej Goszczycki authored
Various small changes are required to enable this. HeapObject::GetReadOnlyRoots no longer uses the Space's heap when possible (see comment in ReadOnlyHeap::GetReadOnlyRoots definition). This requires that ReadOnlyRoots be construct-able using a raw pointer to the read-only space's roots array. Global read-only heap state is now cleared by tests where appropriate and extra DCHECKs in ReadOnlyHeap::SetUp should make catching future issues easier. String padding is now always cleared just before read-only space is sealed when not deserializing. Change-Id: I7d1db1c11567be5df06ff7066f3a699125f8b372 Bug: v8:7464 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1535830 Commit-Queue: Maciej Goszczycki <goszczycki@google.com> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#61188}
-
Johannes Henkel authored
Keep the existing method for compatibility, by converting to json from CBOR using the inspector_protocol_encoding library, via a v8 specific interface library that directs routines for converting between strings and doubles to v8's implementations. This change also brings in the encoding.h / encoding.cc files from the upstream inspector_protocol project. The only modification here are the header guards, and the namespace. I will fix roll.py to make it so that we pick up future changes. third_party/inspector_protocol/BUILD.gn is specific to v8, by necessity. third_party/inspector_protocol/.clang-format is a copy of the upstream file. If we don't put this, we'll find ourselves auto-formatting the roll, which is annoying. Change-Id: I20fa8759164e7a39f8a7c30e0d2a3f8a7e4be227 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1590627Reviewed-by: Alexei Filippov <alph@chromium.org> Reviewed-by: Dmitry Gozman <dgozman@chromium.org> Commit-Queue: Johannes Henkel <johannes@chromium.org> Cr-Commit-Position: refs/heads/master@{#61187}
-
Seth Brenith authored
On Windows, expanding the stack by more than 4 KB at a time can cause access violations. This change fixes a few known cases (and includes unit tests for those), and attempts to make stack expansion more consistent overall by using the AllocateStackSpace helper method everywhere we can, even when the offset is a small constant. On arm64, there was already a consistent method for stack pointer manipulation using the Claim and Drop methods, so Claim is updated to touch every page. Bug: v8:9017 Change-Id: I2dbbceeebbdefaf45803e9b621fe83f52234a395 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1570666 Commit-Queue: Seth Brenith <seth.brenith@microsoft.com> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#61186}
-
Maciej Goszczycki authored
Code relocation info is now always allocated in old-space. Before relocation info allocated for placeholders and builtins (which get replaced with trampolines in nosnap builds) would become unreachable. Since read-only space is not GCed and ReadOnlyHeapIterator doesn't check for reachability, ValidateSnapshot would fail finding unreachable objects returned by ReadOnlyHeapIterator. Because trampoline relocation info gets replaced with canonical one, this only affects no-embdded-builtins nosnap builds, which don't get much benefit from read-only relocation info anyway. A new check has been added to the read-only deserializer to verify that every read-only object is reachable at mksnapshot-time. The CombinedHeapIterator iteration order was changed to iterate over read-only space first, because that's how HeapIterator worked. This is a reland of 3d1d8eae Original change's description: > [heap] Skip ro-space from heap iterators, add CombinedHeapIterator. > > Read-only space sharing requires an iterator independent of heap. This > also enables future removal of read-only space from heap. > > Bug: v8:7464 > Change-Id: Ia07a9369494ea2c547d12c01ffa1d7b8b6bbeabc > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1552795 > Commit-Queue: Maciej Goszczycki <goszczycki@google.com> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Dan Elphick <delphick@chromium.org> > Cr-Commit-Position: refs/heads/master@{#60819} Bug: v8:7464 Change-Id: I49ae070955b77956962334a84f762ab29052d5ff Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1566513Reviewed-by: Dan Elphick <delphick@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Maciej Goszczycki <goszczycki@google.com> Cr-Commit-Position: refs/heads/master@{#61185}
-
Hannes Payer authored
The registry right now has no users. In a follow-up CL I will remove the skip list for code pages and make users of the skip list use the registry. Bug: v8:9093 Change-Id: I23a2b9e0d4158e2ffa89626e71f58d3bb5a41201 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593074Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Hannes Payer <hpayer@chromium.org> Cr-Commit-Position: refs/heads/master@{#61184}
-
Toon Verwaest authored
The performance actually matters to JSON parsing and this improves it by a % or 2. In the longer run we should probably share the IsMatch implementation in StringTableKey directly and call a virtual GetBytes on the key implementation. Change-Id: I838a106f9c8c52f0385057a52a8c0b9141ae025b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1589977 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Auto-Submit: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#61183}
-
Ross McIlroy authored
Bug: v8:8801, v8:8394 Change-Id: I7f27cb0a9dcbdd1ba0e3f90735472408c22185e1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593304 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Mythri Alle <mythria@chromium.org> Auto-Submit: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Cr-Commit-Position: refs/heads/master@{#61182}
-
Sigurd Schneider authored
This ensures that the parent class' field 'elements' is not shadowed. Bug: v8:9194 Change-Id: Ibb53dedc0205cbb4c61e810e2d5822a94843c605 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593076 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#61181}
-
Santiago Aboy Solanes authored
This is the first CL that aims to eliminate the straggler tagged loads and stores. Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng Bug: v8:8977, v8:7703 Change-Id: If3782c0c7047d4c7d8669e12fb423cc0c74bc58a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1587392Reviewed-by: Michael Stanton <mvstanton@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#61180}
-
Toon Verwaest authored
This is a reland of b0c4a876 Original change's description: > [json] Speed up json parsing > > - scan using raw data pointers + GC callback > - scan using scanner tables > - cap internalizing large string values > - inline fast transitioning logic > > Fixes previous CL by moving AllowHeapAllocation to callers of > ReportUnexpectedCharacter where needed to make it clear we need to exit. > > Tbr: ulan@chromium.org > Change-Id: Icfbb7cd536e0fbe153f34acca5d0fab6b5453d71 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1591778 > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Commit-Queue: Toon Verwaest <verwaest@chromium.org> > Cr-Commit-Position: refs/heads/master@{#61159} Tbr: verwaest@chromium.org Cq-Include-Trybots: luci.v8.try:v8_linux64_msan_rel Change-Id: Ic7d0057178c649fc45b8c8f4587ee9128e351515 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593292 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#61179}
-
Sigurd Schneider authored
This reverts commit febe3a10. Reason for revert: Regressions Original change's description: > [regalloc] Enable control-flow aware allocation > > We enable this feature to collect performance data; revert at will. > > Bug: v8:9088 > Change-Id: I57cd79707fe56ec5a2d6d5ee65b7ce24bda57773 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585726 > Auto-Submit: Sigurd Schneider <sigurds@chromium.org> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> > Commit-Queue: Sigurd Schneider <sigurds@chromium.org> > Cr-Commit-Position: refs/heads/master@{#61117} TBR=mstarzinger@chromium.org,jarin@chromium.org,sigurds@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: v8:9088, chromium:958623, chromium:958726, chromium:958727 Change-Id: Ib07e9f201f8e35c190717ddb6e81a30bcadb1c07 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593300Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#61178}
-
Ross McIlroy authored
BUG=v8:8395 Change-Id: Ic6fb17c25ab3625721998898de2c05ee9b1bab0d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593299 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Dan Elphick <delphick@chromium.org> Auto-Submit: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#61177}
-
Clemens Hammacher authored
This reverts commit b6fb2707. Reason for revert: TSan issues, e.g. https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/26177 Original change's description: > [wasm][gc] Free WasmCode objects > > This adds the next step to freeing code: We free the actual C++ > {WasmCode} objects. This will cause UAF if any C++ code uses stale > references. > The underlying machine code will still not be freed. > > For simplicity, this CL changes the vector of owned_code to an ordered > set, such that lookup and removal is much simpler. The drawback is that > insertion is now more expensive. > > R=mstarzinger@chromium.org > > Bug: v8:8217 > Change-Id: I07fc81167816637fbaad6c06ff79e3f952f2fde8 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593080 > Commit-Queue: Clemens Hammacher <clemensh@chromium.org> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Cr-Commit-Position: refs/heads/master@{#61165} TBR=mstarzinger@chromium.org,clemensh@chromium.org Change-Id: I167a8d806a8c6ac1c90e0743cdf86d492389bbed No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:8217, v8:9200 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593305Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#61176}
-
Joyee Cheung authored
This enables the embedder to check if the snapshot generated from SnapshotCreator::CreateBlob() can be rehashed and the seed can be recomputed during deserialization. The lack of this functionality resulted in a temporary vunerability in Node.js: https://github.com/nodejs/node/pull/27365 Change-Id: I88d52337217c40f79c26438be3c87d2db874d980 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1578661 Commit-Queue: Joyee Cheung <joyee@igalia.com> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#61175}
-
Georg Neis authored
When asked to start at the receiver and the receiver is a primitive, the dependency should be taken on the primitive map (which is a no-op) rather than the wrapper object's map. Bug: chromium:958716 Change-Id: I9c8b2b56436d134b2f79dbe458c0c527fe6d17a1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593086 Commit-Queue: Georg Neis <neis@chromium.org> Auto-Submit: Georg Neis <neis@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#61174}
-
Milad Farazmand authored
Port 381a7f9e Original Commit Message: On Arm/64 the last return address is stored in a link register instead of being pushed to the top-of-stack like on x64/ia32. Extend the support in the tick sampler to check for samples in a frameless bytecode handler with support for checking the link register if it exists instead of top-of-stack. In addition, make the x64/ia32 check more robust by ensuring we only apply the change if the pc is a bytecode handler and the top frame isn't a bytecode handler (stub) frame. R=rmcilroy@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG=v8:9162 LOG=N Change-Id: I893b45af40a48415fbbc2c9f5e9e5cd72ed8d9e7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1588888Reviewed-by: Junliang Yan <jyan@ca.ibm.com> Reviewed-by: Peter Marshall <petermarshall@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#61173}
-
Peter Marshall authored
This reverts commit ad44c258. Reason for revert: Missed some users: crbug.com/v8/9105 Original change's description: > [typedarray] Make JSTypedArray::length authoritative. > > This is the first step towards full huge typed array support in V8. > Before this change, the JSTypedArray::length and the elements backing > store length (FixedTypedArrayBase::length) were used more or less > interchangeably to determine the number of elements in a JSTypedArray. > > With this change we disentangle these two lengths, and instead make > JSTypedArray::length authoritative. For on-heap typed arrays, the > FixedTypedArrayBase::length will remain the number of elements in the > backing store, but for the off-heap typed arrays, this length will be > set to 0 (matching the fact that the FixedTypedArrayBase instance does > not contain any elements itself). > > This also unifies the JSTypedArray::set_/length() and length_value() > methods to only have JSTypedArray::set_/length() which returns/takes > size_t values. Currently this still requires the values to be in Smi > range, but later we will extend this to allow arbitrary size_t values > (in the safe integer range). > > Bug: v8:4153, v8:7881 > Change-Id: Iff9089130bb31fa9e08e0cf913e7ab52c3dbf107 > Cq-Include-Trybots: luci.chromium.try:linux-blink-rel > Doc: http://doc/1Z-wM2qwvAuxH46e9ivtkYvKzzwYZg8ymm0x0wJaomow > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1543729 > Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> > Reviewed-by: Peter Marshall <petermarshall@chromium.org> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> > Reviewed-by: Ben Titzer <titzer@chromium.org> > Reviewed-by: Hannes Payer <hpayer@chromium.org> > Cr-Commit-Position: refs/heads/master@{#60648} TBR=jarin@chromium.org,titzer@chromium.org,hpayer@chromium.org,petermarshall@chromium.org,bmeurer@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. TBR=jarin@chromium.org, szuend@chromium.org Bug: v8:4153, v8:7881 Change-Id: I96992bff15b4a2765ae4a557d2c37e78269c927d Cq-Include-Trybots: luci.chromium.try:linux-blink-rel Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593294 Commit-Queue: Peter Marshall <petermarshall@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#61172}
-
Georg Neis authored
Bug: chromium:958021 Change-Id: I6cc6ff2666750b508786db010e202b1e8e1e9536 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593293Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#61171}
-
Ulan Degenbaev authored
This is a reland of 7c426286 Original change's description: > [heap] Use normal marking write barrier for fixed array elements > > This simplifies the marking write barrier for elements to mark the > values instead of revisiting the array. > > Bug: chromium:918485 > > Change-Id: Id5da0d5b9ff8385a256fe14f4bf7171f9f6343e1 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1588459 > Commit-Queue: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Hannes Payer <hpayer@chromium.org> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Cr-Commit-Position: refs/heads/master@{#61125} Bug: chromium:918485 Change-Id: I8075e0333b3a05bc6193eb4bc030bfdcd72e64d8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593088Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#61170}
-
Simon Zünd authored
This enables "goto definition" navigation for parent types. R=sigurds@chromium.org Bug: v8:8880 Change-Id: I3207ec8b85f0e36cbab3519b89af98bba1666406 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593081 Commit-Queue: Simon Zünd <szuend@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#61169}
-
Alexander Neville authored
This patch ports the following builtins to torque: - Math.acos() - Math.acosh() - Math.asin() - Math.asinh() - Math.atan() - Math.atan2() - Math.atanh() - Math.cbrt() - Math.cos() - Math.cosh() - Math.exp() - Math.expm1() - Math.fround() - Math.log() - Math.log1p() - Math.log10() - Math.log2() - Math.sin() - Math.sinh() - Math.sqrt() - Math.tan() - Math.tanh() Change-Id: Ia7b0246744e4b0cace696dc309622e287397be1f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1584169 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#61168}
-
Michael Achenbach authored
This is a reland of e632f8f4 Original change's description: > [test] Remove longer timeout on bots > > CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_linux_gc_stress_dbg > CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_linux_gcc_rel > CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_linux64_msan_rel > CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_linux64_tsan_rel > CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_linux_arm64_dbg > CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_mac64_asan_rel > CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_win64_dbg > CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_android_arm64_n5x_rel_ng > CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_linux64_cfi_rel_ng > CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_linux64_ubsan_rel_ng > CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_linux_arm_lite_rel_ng > CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_linux_noi18n_rel_ng > CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_mac64_dbg_ng > > Bug: v8:9145 > Change-Id: I6efee8579d9d9e0aad0431f6b87c152141d4ec7f > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1581261 > Commit-Queue: Michael Achenbach <machenbach@chromium.org> > Reviewed-by: Tamer Tas <tmrts@chromium.org> > Cr-Commit-Position: refs/heads/master@{#61107} Bug: v8:9145 Change-Id: Id8f0468bbf2d67f62141e7f7c42417d351c3fffa Cq-Include-Trybots: luci.v8.try:v8_linux_gc_stress_dbg Cq-Include-Trybots: luci.v8.try:v8_linux_gcc_rel Cq-Include-Trybots: luci.v8.try:v8_linux64_msan_rel Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel Cq-Include-Trybots: luci.v8.try:v8_linux_arm64_dbg Cq-Include-Trybots: luci.v8.try:v8_mac64_asan_rel Cq-Include-Trybots: luci.v8.try:v8_win64_dbg Cq-Include-Trybots: luci.v8.try:v8_android_arm64_n5x_rel_ng Cq-Include-Trybots: luci.v8.try:v8_linux64_cfi_rel_ng Cq-Include-Trybots: luci.v8.try:v8_linux64_ubsan_rel_ng Cq-Include-Trybots: luci.v8.try:v8_linux_arm_lite_rel_ng Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng Cq-Include-Trybots: luci.v8.try:v8_mac64_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1588429Reviewed-by: Tamer Tas <tmrts@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#61167}
-
Georg Neis authored
This fixes a memory leak. Bug: v8:9191, v8:7790 Change-Id: I0df49cd3a6791600638a67b4b7ad9687562e500b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1588426 Commit-Queue: Georg Neis <neis@chromium.org> Auto-Submit: Georg Neis <neis@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#61166}
-
Clemens Hammacher authored
This adds the next step to freeing code: We free the actual C++ {WasmCode} objects. This will cause UAF if any C++ code uses stale references. The underlying machine code will still not be freed. For simplicity, this CL changes the vector of owned_code to an ordered set, such that lookup and removal is much simpler. The drawback is that insertion is now more expensive. R=mstarzinger@chromium.org Bug: v8:8217 Change-Id: I07fc81167816637fbaad6c06ff79e3f952f2fde8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593080 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#61165}
-
Michael Achenbach authored
NOTRY=true Change-Id: I20f88cb163797690a3b91863c40f1ca7d201bb9b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593079Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#61164}
-
Michael Achenbach authored
This reverts commit b0c4a876. Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/26470 Original change's description: > [json] Speed up json parsing > > - scan using raw data pointers + GC callback > - scan using scanner tables > - cap internalizing large string values > - inline fast transitioning logic > > Fixes previous CL by moving AllowHeapAllocation to callers of > ReportUnexpectedCharacter where needed to make it clear we need to exit. > > Tbr: ulan@chromium.org > Change-Id: Icfbb7cd536e0fbe153f34acca5d0fab6b5453d71 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1591778 > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Commit-Queue: Toon Verwaest <verwaest@chromium.org> > Cr-Commit-Position: refs/heads/master@{#61159} TBR=ulan@chromium.org,ishell@google.com,ishell@chromium.org,verwaest@chromium.org Change-Id: Ibe823e187d9ab999be7278140b0ed31868440e9e No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593090Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#61163}
-
Georg Neis authored
Change-Id: I626e26fa2e1486365c858f3fc616422199242f5b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1588422 Auto-Submit: Georg Neis <neis@chromium.org> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#61162}
-
Ben L. Titzer authored
R=mstarzinger@chromium.org Change-Id: Ibb30a4413d1e40adab8802a84b7a962d3ea3f933 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593084 Commit-Queue: Ben Titzer <titzer@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#61161}
-
Clemens Hammacher authored
We won't remove the jump table for performance reasons. That would complicate a lot of code and remove options for tiering and code aging. Thus remove the TODO. R=titzer@chromium.org No-Try: true Change-Id: Ifbbfdeeeb17078feaea4f358169bc5943ba09ddb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593089Reviewed-by: Ben Titzer <titzer@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#61160}
-
Toon Verwaest authored
- scan using raw data pointers + GC callback - scan using scanner tables - cap internalizing large string values - inline fast transitioning logic Fixes previous CL by moving AllowHeapAllocation to callers of ReportUnexpectedCharacter where needed to make it clear we need to exit. Tbr: ulan@chromium.org Change-Id: Icfbb7cd536e0fbe153f34acca5d0fab6b5453d71 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1591778Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#61159}
-
Jaroslav Sevcik authored
The problem is with element kinds transitions without going through runtime (i.e., IC or optimizing compiler). Bug: chromium:952682 Change-Id: I6fe2bb30a0ea6fecb8f6e0750427cc50cc50f9e1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593083Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#61158}
-
Georg Neis authored
- Add missing uses of MapInference::NoChange. - Insert map checks even if inferred maps were reliable, because they were inferred for an earlier effect input. Bug: chromium:958420, chromium:958350, v8:9197 Change-Id: Id7677b1fc6f1e09dc12ae178f1155e4245b4e3e6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593077 Auto-Submit: Georg Neis <neis@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#61157}
-
Georg Neis authored
Replace the unsafe function NodeProperties::HasInstanceTypeWitness with a new safe method on MapInference. Bug: v8:9197 Change-Id: I937433c7721946139dc761750ea34032e58e275c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1591612Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Auto-Submit: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#61156}
-
Maciej Goszczycki authored
Bug: v8:9183 Change-Id: I1e47de782f0422369096b382427565d5816b99b9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1591614Reviewed-by: Dan Elphick <delphick@chromium.org> Commit-Queue: Dan Elphick <delphick@chromium.org> Auto-Submit: Maciej Goszczycki <goszczycki@google.com> Cr-Commit-Position: refs/heads/master@{#61155}
-
Georg Neis authored
R=jarin Change-Id: I36d4952f351cfa428532cfd56ecbb10c9fe3d39a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1588469 Auto-Submit: Georg Neis <neis@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#61154}
-
Pierre Langlois authored
Improve code generation for stores with write barriers slightly by using the assembler's dedicated scratch registers (x16 and x17 on Arm64, ip on Arm) instead of allocating temporaries. To do this, we've done two things: - Use ip as a scratch register when loading page flags. - TurboAssembler::CallRecordWriteStub() now takes the offset of the slot that's written to rather than its address, removing the need to allocate a temporary register for it. In essence, we've gone from: ``` ;; Do the store. stur x19, [x9, #15] ;; Check *destination* object page flags and jump out-of-line. and x4, x9, #0xfffffffffff80000 ldr x4, [x4, #8] tbnz x4, #2, #+0x1e7c | ;; Check *source* object page flags. | `-> and x4, x19, #0xfffffffffff80000 | ldr x4, [xM, #8] |,--- tbz x4, #1, #-0x1e80 | ;; Compute address of slot. | add x5, x9, #0xf (15) | ;; Setup arguments to RecordWrite | stp x2, x3, [sp, #-32]! | stp x4, lr, [sp, #16] | stp x0, x1, [sp, #-16]! | mov x0, x9 ;; Object address in x9 | mov x1, x5 ;; Slot address in x5 | movz x2, #0x0 | movz x3, #0x100000000 | ;; Call RecordWrite | ldr x16, pc+2056 | blr x16 ``` Which allocates x4 and x5 as temporaries. To: ``` stur x19, [x9, #15] and x16, x9, #0xfffffffffff80000 ;; Using x16 instead of allocating x4. ldr x16, [x16, #8] tbnz x16, #2, #+0x1e7c | `-> and x16, x19, #0xfffffffffff80000 | ldr x16, [xM, #8] |,--- tbz x16, #1, #-0x1e80 | stp x2, x3, [sp, #-32]! | stp x4, lr, [sp, #16] | stp x0, x1, [sp, #-16]! | mov x0, x9 ;; Object address still in x9. | add x1, x9, #0xf (15) ;; Compute the slot address directly. | movz x2, #0x0 | movz x3, #0x100000000 | ldr x16, pc+2056 | blr x16 ``` Finally, `RecordWriteField()` does not need an extra scratch register anymore. Change-Id: Icb71310e7b8ab1ca83ced250851456166b337d00 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1505793 Commit-Queue: Pierre Langlois <pierre.langlois@arm.com> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#61153}
-
Ben L. Titzer authored
R=mstarzinger@chromium.org Change-Id: Iefd80d3365369dbf9bfb9832640d90963253e603 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593082Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Ben Titzer <titzer@chromium.org> Cr-Commit-Position: refs/heads/master@{#61152}
-
Clemens Hammacher authored
The "stress_background_compile" variant runs on all our bots. We combine it with testing wasm code GC (which kind of fits into background compile stressing) to get more coverage for that. Both features are orthogonal, so we can test both at the same time without loosing any coverage. R=machenbach@chromium.org CC=rmcilroy@chromium.org Bug: v8:8217 Change-Id: Ib17decd4869978ff98e302694fa73d70ceec120e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1588472Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#61151}
-
v8-ci-autoroll-builder authored
Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/020b429..fe1dbe1 TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org Change-Id: I854de89cdf421d58e2205363ad0370ecf97b6b2f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593095Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#61150}
-