- 20 Jul, 2018 14 commits
-
-
Leszek Swirski authored
Adds an Isolate::FromWritableHeapObject method, with a bool return value and Isolate* out parameter, and replace most accesses to Isolate via MemoryChunk (which handle objectsin ROSpace rather than just failing) to use that instead. Bug: v8:7754 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: Idb472a3d6037deed92e6fa8c8a7a1a14293e2462 Reviewed-on: https://chromium-review.googlesource.com/1144933 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#54579}
-
Marja Hölttä authored
BUG=v8:7754,v8:5402 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: I5306005e7d0fcfe188c9e0270a003c6e1098c9e9 Reviewed-on: https://chromium-review.googlesource.com/1144824Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#54578}
-
v8-ci-autoroll-builder authored
Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/20c1311..3899f1b Rolling v8/tools/luci-go: https://chromium.googlesource.com/chromium/src/tools/luci-go/+log/abcd908..445d7c4 TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org Change-Id: Ibd109913b42c2bd758855378ac61fb1a6a4f5cfe Reviewed-on: https://chromium-review.googlesource.com/1145040Reviewed-by: V8 Autoroller <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: V8 Autoroller <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#54577}
-
Sergiy Byelozyorov authored
R=machenbach@chromium.org Bug: chromium:838864 Change-Id: I8242537847615848a3c2e6bdf39509c4692882ae Reviewed-on: https://chromium-review.googlesource.com/1143474 Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#54576}
-
Andreas Haas authored
This function has been deprecated for month by now. R=ulan@chromium.org Bug: v8:7754 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: I19d1b41bad2849b7f3d4d6684dc6f0f80af081f0 Reviewed-on: https://chromium-review.googlesource.com/1144922Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#54575}
-
Tobias Tebbi authored
Bug: v8:7793 Change-Id: I208edf856f0283d840358f3c11bab97af0397056 Reviewed-on: https://chromium-review.googlesource.com/1095192Reviewed-by: Daniel Clifford <danno@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#54574}
-
Toon Verwaest authored
Bug: chromium:861953 Change-Id: Id3a57aca0b24c421ac959d69265c449eaa214c16 Reviewed-on: https://chromium-review.googlesource.com/1138083 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#54573}
-
Michael Starzinger authored
This is a reland of 0f2d22dd Original change's description: > [wasm] Improve module code size sampling approach. > > This samples module code sizes at GC time instead of during destruction. > It hence makes sure that we also receive samples for long-lived modules > which would otherwise die with the Isolate and never be finalized. Note > that this approach is still biased and just a stop-gap until we have a > sampling tick based on actual wall-clock time. > > R=clemensh@chromium.org > > Change-Id: I9558d383a5aada8876bc9cbf63baca771dbe5c28 > Reviewed-on: https://chromium-review.googlesource.com/1141866 > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Clemens Hammacher <clemensh@chromium.org> > Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> > Cr-Commit-Position: refs/heads/master@{#54554} Change-Id: I1863e94bbe91c89c248ddf8fc700ff91bc3593b2 Reviewed-on: https://chromium-review.googlesource.com/1143344Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#54572}
-
Yang Guo authored
R=machenbach@chromium.org Change-Id: Ia50f6e637aec58e9c1bdd726c84b296fd71d7cbb Reviewed-on: https://chromium-review.googlesource.com/1142767Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#54571}
-
Sergiy Byelozyorov authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/abdb548..385916c Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/26d6aff..d26f5c3 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/f9afc77..20c1311 Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/5d1ce93..f30572c TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org Change-Id: Ic4e31241686394601dc3667f5159184f03789ef2 Reviewed-on: https://chromium-review.googlesource.com/1144645 Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org> Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org> Reviewed-by: V8 Autoroller <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#54570}
-
Simon Zünd authored
Drive-by change: Add "at" method to ZoneChunkList. R=petermarshall@chromium.org Bug: v8:7754 Change-Id: I75f4e3f786640f2a53b467aab18abe01b4f5b360 Reviewed-on: https://chromium-review.googlesource.com/1144823Reviewed-by: Peter Marshall <petermarshall@chromium.org> Commit-Queue: Simon Zünd <szuend@google.com> Cr-Commit-Position: refs/heads/master@{#54569}
-
Georg Neis authored
Chrome-crash tells me that occasionally a function gets stripped of an initial map entirely (e.g. report 917de3c31d0e0d9b). R=jarin@chromium.org Change-Id: Ie0103695c4801a4c2cbc488af91c3d580efe4eab Reviewed-on: https://chromium-review.googlesource.com/1143483Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#54568}
-
Sigurd Schneider authored
Bug: v8:7932 Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel Change-Id: Ia29e9e62022f0820c3a5aaf48a7724b13b61b275 Reviewed-on: https://chromium-review.googlesource.com/1143186Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#54567}
-
Jaroslav Sevcik authored
This will simplify the optimizing compiler (no need to pretenure COW arrays when compiling). Bug: v8:7790 Change-Id: I7502f43c6b6f7e10bce8536352462731083b5bef Reviewed-on: https://chromium-review.googlesource.com/1143466Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#54566}
-
- 19 Jul, 2018 26 commits
-
-
Deepti Gandluri authored
Currently AtomicStores use AtomicExchange to store to memory, but AtomicExchange produces an output that is ignored by the AtomicStore visitor, a side effect of this is that a register already in use gets overwritten by the output of the exchange. BUG:v8:7602 Change-Id: I4ec3107a0a27503611e349e6f56ca9492d05d9f8 Reviewed-on: https://chromium-review.googlesource.com/1134576Reviewed-by: Ben Smith <binji@chromium.org> Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Deepti Gandluri <gdeepti@chromium.org> Cr-Commit-Position: refs/heads/master@{#54565}
-
Tobias Tebbi authored
Bug: v8:7929 v8:7793 Change-Id: I7d9cdd0fb3e36ae6e81683cc4c3746f6ea119d15 Reviewed-on: https://chromium-review.googlesource.com/1138077Reviewed-by: Daniel Clifford <danno@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#54564}
-
Dan Elphick authored
Uses the new Isolate version of methods. Bug: v8:7754 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: I1a38dd61d10899ae33ef796f4f443b11640315c2 Reviewed-on: https://chromium-review.googlesource.com/1143861 Commit-Queue: Dan Elphick <delphick@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#54563}
-
Tobias Sargeant authored
Change-Id: I5977c58d7d39f5f13352234f0d016c47ce9be133 Reviewed-on: https://chromium-review.googlesource.com/1143465Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Tobias Sargeant <tobiasjs@chromium.org> Cr-Commit-Position: refs/heads/master@{#54562}
-
Junliang Yan authored
CHECK is accessing 1 byte across object boundary because *expect and *actual will return the object address with tag. And memcmp should return 0 if we expect (expected == actual) R=cbruni@chromium.org, gsathya@chromium.org, ishell@chromium.org Bug: v8:6443, v8:7569 Change-Id: I316e450a80400cea4c9394dbe470932a1f30cea5 Reviewed-on: https://chromium-review.googlesource.com/1142351Reviewed-by: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Junliang Yan <jyan@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#54561}
-
Michael Starzinger authored
R=clemensh@chromium.org Change-Id: Ib4f84d9b0bb2c54d5e1743c34b4034b14cb1152a Reviewed-on: https://chromium-review.googlesource.com/1143188Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#54560}
-
Michael Hablich authored
TBR=machenbach@chromium.org NOTRY=true Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: I13105e27794ebbfdfc57ca351959b92bfbbad7c7 Reviewed-on: https://chromium-review.googlesource.com/1143280 Commit-Queue: Michael Hablich <hablich@chromium.org> Reviewed-by: Michael Hablich <hablich@chromium.org> Cr-Commit-Position: refs/heads/master@{#54559}
-
Simon Zünd authored
This CL changes Array.p.fill to use the baseline implementation for everything other than JSArray. One of the reasons is that shadowing the length property on TypedArrays (and other ElementsKinds) is allowed and should be respected by Array.p.fill. The fast-path for fill for TypedArrays expects the indices to be clamped to the actual length of the underlying backing store and not to some length property. While this mismatch (and others) could probably be handled properly, we do the conservative thing and only use the fast-path for specific JSArrays. R=jgruber@chromium.org Bug: chromium:865312 Change-Id: Ib3050e3bfc22d47ca8597b6df34788dc2b59b6e1 Reviewed-on: https://chromium-review.googlesource.com/1142772Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Simon Zünd <szuend@google.com> Cr-Commit-Position: refs/heads/master@{#54558}
-
Michael Starzinger authored
This reverts commit 0f2d22dd. Reason for revert: Caused a race discovered by TSAN. Original change's description: > [wasm] Improve module code size sampling approach. > > This samples module code sizes at GC time instead of during destruction. > It hence makes sure that we also receive samples for long-lived modules > which would otherwise die with the Isolate and never be finalized. Note > that this approach is still biased and just a stop-gap until we have a > sampling tick based on actual wall-clock time. > > R=clemensh@chromium.org > > Change-Id: I9558d383a5aada8876bc9cbf63baca771dbe5c28 > Reviewed-on: https://chromium-review.googlesource.com/1141866 > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Clemens Hammacher <clemensh@chromium.org> > Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> > Cr-Commit-Position: refs/heads/master@{#54554} TBR=ulan@chromium.org,mstarzinger@chromium.org,clemensh@chromium.org Change-Id: Ie1fc99ad0ef36b30a73cc464808ce7679a0f15df No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/1143284Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#54557}
-
Maya Lekova authored
This reverts commit 941d5f96. Reason for revert: Regressed performance tests https://bugs.chromium.org/p/chromium/issues/detail?id=864540 Original change's description: > [turbofan] Remove optimization for Cons strings > > We used to have an optimized version for nodes that are concatenating > two strings which was allocating an object on the heap, therefore > preventing this code from being executed on the compiler thread. > Octane benchmark results show insignificant increase in performance > (< 0.5%) without this optimization - see > https://docs.google.com/spreadsheets/d/1MC5NrMoMSsqxZqw0ojoZvomBb7q2EOt1S0sFoJ8ld2c/edit?usp=sharing > which leads to the conclusion we can safely remove the optimization for now. > > Bug: v8:7790 > Change-Id: I6492c6a76118cac568d28805995d55c5360bb123 > Reviewed-on: https://chromium-review.googlesource.com/1138246 > Reviewed-by: Georg Neis <neis@chromium.org> > Commit-Queue: Maya Lekova <mslekova@chromium.org> > Cr-Commit-Position: refs/heads/master@{#54467} TBR=jarin@chromium.org,neis@chromium.org,mslekova@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: v8:7790 Change-Id: I20a8a11e40bcd2bcfaf58154a1ab5e4daa7a25e4 Reviewed-on: https://chromium-review.googlesource.com/1143144 Commit-Queue: Maya Lekova <mslekova@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#54556}
-
Clemens Hammacher authored
R=mstarzinger@chromium.org Bug: v8:7754 Change-Id: I470813e241ace22b2e39b7bb9ff26dd824b50426 Reviewed-on: https://chromium-review.googlesource.com/1142162Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#54555}
-
Michael Starzinger authored
This samples module code sizes at GC time instead of during destruction. It hence makes sure that we also receive samples for long-lived modules which would otherwise die with the Isolate and never be finalized. Note that this approach is still biased and just a stop-gap until we have a sampling tick based on actual wall-clock time. R=clemensh@chromium.org Change-Id: I9558d383a5aada8876bc9cbf63baca771dbe5c28 Reviewed-on: https://chromium-review.googlesource.com/1141866Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#54554}
-
Marja Hölttä authored
BUG=v8:7308 Change-Id: I8cc8b3a426b9b24dd5c5e32fb665f29544f3daf6 Reviewed-on: https://chromium-review.googlesource.com/1143190Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#54553}
-
Clemens Hammacher authored
Instead of repeating it in every configuration, just add it to the common FLAGS. R=machenbach@chromium.org Change-Id: I93e7ef0f0ad55bfe0a0e24f50d5a73d4658d7554 Reviewed-on: https://chromium-review.googlesource.com/1141733 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#54552}
-
Peter Marshall authored
The data of an ArrayBuffer lives at backing_store(), not at allocation_base(), which is just used as the pointer to free when the buffer is unreachable. Change-Id: Id6157ec4cf5b42631461327b3e6078fe25d20c57 Reviewed-on: https://chromium-review.googlesource.com/1143189Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#54551}
-
Dan Elphick authored
Change many uses of deprecated methods returning Locals to use the MaybeLocal versions. Also fix uses of Utf8Length to use the Isolate versions. Bug: v8:7754 Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel Change-Id: Ib89df12e6cc5ca50296d21b2bb51a3f3ed065dd4 Reviewed-on: https://chromium-review.googlesource.com/1142779Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#54550}
-
Marja Hölttä authored
BUG=v8:7308 Change-Id: I3de8160b28d2fccda895069c85a03f033152b1f6 Reviewed-on: https://chromium-review.googlesource.com/1140054 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#54549}
-
Clemens Hammacher authored
Instead of having a separate liftoff config, which is tested against the default (which currently means tier-up from liftoff to turbofan), just choose reasonable liftoff configs for the existing configs. 'ignition' now implies pure liftoff execution. 'ignition_turbo_opt' always compiles with turbofan. Other configs use the default (tier up). R=machenbach@chromium.org Bug: chromium:824098, v8:6600 Change-Id: I92c008fc1b1fa54d3161fb5695a095127d6ac263 Reviewed-on: https://chromium-review.googlesource.com/1141731Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#54548}
-
Andreas Haas authored
R=clemensh@chromium.org Change-Id: I21d185c73dc22a79311f3b35b2602a00a4b96112 Reviewed-on: https://chromium-review.googlesource.com/1141743Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#54547}
-
Simon Zünd authored
This CL replaces all std::endl in implementation-visitor since std::endl flushes the stream (which is not necessary). R=tebbi@chromium.org Bug: v8:7754, v8:7793 Change-Id: Ic4b43905280020a99cb405cc90440b2adb679839 Reviewed-on: https://chromium-review.googlesource.com/1142780Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Simon Zünd <szuend@google.com> Cr-Commit-Position: refs/heads/master@{#54546}
-
Maya Lekova authored
Bug: v8:7790 Change-Id: Ia2c556c63b95712d384c7f7d9c6b585e7d10583f Reviewed-on: https://chromium-review.googlesource.com/1141740 Commit-Queue: Maya Lekova <mslekova@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#54545}
-
Sigurd Schneider authored
This reverts commit 9eca23e9. Reason for revert: Clusterfuzz correctness issue Original change's description: > [turbofan] Inline Number constructor in certain cases > > This CL adds inlining for the Number constructor if new.target is not > present. The lowering is BigInt compatible, i.e. it converts BigInts to > numbers. > > Bug: v8:7904 > Change-Id: If03b9f872d82e50b6ded7709069181c33dc44e82 > Reviewed-on: https://chromium-review.googlesource.com/1118557 > Commit-Queue: Sigurd Schneider <sigurds@chromium.org> > Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> > Cr-Commit-Position: refs/heads/master@{#54454} TBR=jarin@chromium.org,neis@chromium.org,sigurds@chromium.org,bmeurer@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: v8:7904 Change-Id: Ie5fa6c1262b8acc33edb672a0124f4458fcded86 Reviewed-on: https://chromium-review.googlesource.com/1142777Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#54544}
-
Leszek Swirski authored
Remove the function identifier field from SharedFunctionInfo. This field would store one of a) the function's inferred name, b) the "builtin function id", or c) debug info. We remove these in turn: a) The function's inferred name is available on the ScopeInfo, so like the start/end position we read it off either the ScopeInfo (for compiled functions) or the UncompiledData (for uncompiled functions). As a side-effect, now both UncompiledData and its subclass, UncompiledDataWithPreparsedScope, contain a pointer field. To keep BodyDescriptors manageable, we introduce a SubclassBodyDescriptor which effectively appends two BodyDescriptors together. b) The builtin function id is < 255, so we can steal a byte from expected no. of properies (also <255) and store these together. Eventually we want to get rid of this field and use the builtin ID, but this is pending JS builtin removal. As a side-effect, BuiltinFunctionId becomes an enum class (for better storage size guarantees). c) The debug info can hang off anything (since it stores the field it replaces), so we can attach it to the script field instead. This saves a word on compiled function (uncompiled functions unfortunately still have to store it in UncompiledData). Bug: chromium:818642 Change-Id: I8b4b3a070f0fe328aafcaeac58842d144d12d996 Reviewed-on: https://chromium-review.googlesource.com/1138328Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#54543}
-
Leszek Swirski authored
Instead of looking up functions by their function literal id (which can be slow now that function id involves a linear search for compiled functions), we key the lookup by the function's start position. This means that the script+literal id swapping to find equivalent unchanged functions during constant pool patching no longer works -- we could replace it by fixing up the start position of the redundant new function, but instead we just build up a side-table mapping (new) start positions to function literal ids, and use that function literal id to find the old function in the script's SFI list. Change-Id: I10bfce6c39665cba063e0ddbc8fd38a6f5fd5513 Reviewed-on: https://chromium-review.googlesource.com/1140169Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#54542}
-
Andreas Haas authored
The WebAssembly spec is not fully deterministic: the sign bit of NaN can be arbitrary. This sign bit can be observed by several WebAssembly opcodes. In the testcase the sign bit of NaN makes the difference between terminating code and an infinite loop. In the libfuzzer fuzzer we have to prevent infinite loops ourselves. At the moment we do this by only execute generated code of WebAssembly modules for which the interpretation of the code ends in a limited number of steps. With the non-determinism described above we cannot guarantee the absence of infinite loops with this method. Therefore we stop now to execute generated code of WebAssembly modules for which we observe possible non-determinism in the interpreter. R=clemensh@chromium.org Bug: chromium:863829 Change-Id: I461d67df87d672bed25d6c915ba7ea5134cb5890 Reviewed-on: https://chromium-review.googlesource.com/1141945Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#54541}
-
Georg Neis authored
R=mslekova@chromium.org Change-Id: I1f60108effa15585a7cf5af150fc4c1d4dd9570f Reviewed-on: https://chromium-review.googlesource.com/1142160Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#54540}
-