- 26 Apr, 2022 30 commits
-
-
Milad Fa authored
Port 91453880 Original Commit Message: This is a reland of commit 91da3883 Original change's description: > Fixed: Use an X register for JumpIfCodeTIsMarkedForDeoptimization > on arm64. > Bug: v8:12161 Change-Id: I6e63bd5995340bac32654ef12c52d25b496140e3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3607997Reviewed-by: Junliang Yan <junyan@redhat.com> Commit-Queue: Milad Farazmand <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/main@{#80194}
-
Adam Klein authored
Change-Id: Idca60865da669dc90112eb04bdd464041fc447f3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3608119Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/main@{#80193}
-
Camillo Bruni authored
Add basic profiler support - Moved profiling-related helpers to profiling.mjs - Added bottom-up profiler table - Added mini-timeline overview wit opt/deopt events and usage graph - Added flame-graph, pivoted on the currently selected function Drive-by-fixes: - Added/updated jsdoc type information - Fixed static symbols (builtins, bytecodehandlers) that were both added by the CppEntriesProvider and from code-events in the v8.log - Support platform-specific (linux/macos) dynamic symbol loader by adding a query path ('/v8/info/platform') to lws-middleware.js - added css var --selection-color Bug: v8:10644 Change-Id: I6412bec63eac13140d6d425e7d9cc33316824c73 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3585453Reviewed-by: Patrick Thier <pthier@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/main@{#80192}
-
Jakob Gruber authored
Bug: v8:12161 Change-Id: I5ea8cdaac62e126bb6674fc109a9275c0a69fa23 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3605244Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Jakob Linke <jgruber@chromium.org> Cr-Commit-Position: refs/heads/main@{#80191}
-
Igor Sheludko authored
It's necessary to support fast W^X permission switching on MacOS on ARM64 ("Apple M1"/Apple Silicon) where permission modification of RWX pages to anything else is prohibited. On all the other architectures/platforms RecommitPages() is equivalent to SetPermissions(). The new API will be used in a follow-up CLs. Bug: v8:12797 Change-Id: Id0d8b8c42c81b80cd8fa6b47c227680d7d1f9b10 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3606231Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Samuel Groß <saelo@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/main@{#80190}
-
Shu-yu Guo authored
ShadowRealm.prototype.importValue dynamically imports other files, so the testing infrastructure need to look for these calls to gather files to push to e.g. test devices. The reason to do this over explicit Resources: comment lines is to also cover test262. Bug: v8:12829 Cq-Include-Trybots: luci.v8.try:v8_android_arm64_n5x_rel_ng Change-Id: I6a06933d5da849157b2c7d5fa6b7b98d39f7d39f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3606391Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/main@{#80189}
-
Jakob Gruber authored
.. since it's located in ReadOnlySpace and thus immutable. We could extend this to other strings in RO-space but for now I want to avoid too much movement. This bumps jetstream2/gbemu scores by ~30%. Bug: v8:12790,v8:12161 Change-Id: I3fe10703e9ceca19c110d19c83143d811e090192 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3607994 Auto-Submit: Jakob Linke <jgruber@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/main@{#80188}
-
Andreas Haas authored
For lazy compilation there is one generic lazy compilation builtin that spills all registers on the stack and then triggers the compilation of the called function. Some of these registers may contain references. If a GC was triggered during lazy compilation, the GC would have to know which spill slots on the stack contain references. This CL adds a check to guarantee that no GC can be triggered during lazy compilation. Thereby it is not necessary for the GC to know which spill slots contain references. If successful, lazy compilation indeed does not allocate on the heap and therefore cannot trigger a GC. However, when compilation fails, an error objects needs to be allocated and thrown. This allocation may trigger a GC, but that's not a problem, because the reference parameters which may get corrupted by the GC will not be used anyways, because the called function will never get executed after the failed compilation. R=clemensb@chromium.org Fixes: v8:11366 Change-Id: Ic526d169d4e80ba83f517970ff234e669f854331 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3599474Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/main@{#80187}
-
Andreas Haas authored
I cannot reproduce the original problem anymore. The test passes nicely. If the test (wasm-js/limits) fails again, then we should just disable it for those platforms where it is failing. Fixed: v8:11577 Change-Id: I186da2ec2dd8fd518ce4034e8e3838376fefbc3b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3605814Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/main@{#80186}
-
Jakob Gruber authored
.. since they may be written from background threads (for SP concurrent codegen). Bug: v8:12161 Fixed: chromium:1319857 Change-Id: I11860137ea4d79645821df69e61b62836f7c8283 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3605818 Auto-Submit: Jakob Linke <jgruber@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#80185}
-
jameslahm authored
... in DeserializeContexts. Allocate the context before filling the scope info with the correct variable name may cause DCHECK failure in TorqueGeneratedClassVerifiers::ScopeInfoVerify. This CL changes the context variables serialization order from "name, value, name, value" to "name, name... value, value...". And only allocate and fill the context after setting up the correct scope info. Bug: v8:12832 Change-Id: I6e91aa867a528b7ffcae85de0f2364d0f9ea1bd7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3607374Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: 王澳 <wangao.james@bytedance.com> Cr-Commit-Position: refs/heads/main@{#80184}
-
Patrick Thier authored
This is a reland of commit 8ba60b7a Changes to original: - Weaken DCHECK in MakeThin to allow direct transitions of shared strings during deserialization. This is safe as the string to be transitioned is freshly created and hasn't escaped the thread yet. - To enable this, add has_active_deserializer() to LocalIsolate - Shared thin string transitions are subject to the same layout changes as non-shared thin string transitions, thus treat them equally when checking if a map transition is safe. Original change's description: > [string] Non-transitioning shared strings > > Instead of transitioning shared strings to ThinString on > internalization, use a forwarding table to the internalized string and > store the index into the forwarding table in the string's hash field. > > This way we don't need to handle concurrent string transitions that > modify the underlying string data. > > During stop-the-world GC, live strings in the forwarding table are > migrated to regular ThinStrings. > > Bug: v8:12007 > Change-Id: I6c6f3d41c6f644e0aaeafbf25ecec5ce0aa0d2d8 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3536647 > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> > Reviewed-by: Jakob Linke <jgruber@chromium.org> > Reviewed-by: Shu-yu Guo <syg@chromium.org> > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Commit-Queue: Patrick Thier <pthier@chromium.org> > Cr-Commit-Position: refs/heads/main@{#79801} Bug: v8:12007 Change-Id: I022e5c4768b763a86bb28c9c82218c3b807371a0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3571817Reviewed-by: Shu-yu Guo <syg@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by: Jakob Linke <jgruber@chromium.org> Commit-Queue: Patrick Thier <pthier@chromium.org> Cr-Commit-Position: refs/heads/main@{#80183}
-
Andreas Haas authored
Drive-by change: fix stray "//". R=clemensb@chromium.org Change-Id: I614bbc545ab8cd803f0c64f04e01fa55c4c2ec7b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3605610Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/main@{#80182}
-
Clemens Backes authored
This adds the implementation of the {AssemblerBufferCache} class. PKU-protected memory is allocated via the {WasmCodeManager}, which has access to the actual protection key. R=thibaudm@chromium.org Bug: v8:12809 Change-Id: Id26abd6f98248d5c646ae337ccb903d3e168bed1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3593137Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#80181}
-
Clemens Backes authored
Other places use the {kSimd} bailout reason for bailouts because of missing CPU support for SIMD. We should do the same when encountering SIMD locals or parameters. R=thibaudm@chromium.org Change-Id: I7ea6ff32927a035cdafe437d581a79f67ff0b30f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3605243Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#80180}
-
Jakob Kummerow authored
When passing anyref-typed things to Wasm, we cannot expect that all functions are WasmExternalFunctions. Instead of adding a relatively expensive type check to such calls, this patch disables function unwrapping for anyref-typed values. Fixed: v8:12789 Change-Id: Ied57187bac7fde0326634f7b4fc428ad21dc9c2f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3605231 Auto-Submit: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/main@{#80179}
-
Victor Gomes authored
- For simplicity we call a builtin when allocating a number. - Elision of boxing/unboxing nodes will be done in a followup CL. Bug: v8:7700 Change-Id: Iec4422d84c6597d3369ab512a1662adb0f077c98 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3602514Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Victor Gomes <victorgomes@chromium.org> Auto-Submit: Victor Gomes <victorgomes@chromium.org> Cr-Commit-Position: refs/heads/main@{#80178}
-
Jakob Gruber authored
.. when deoptimization occurs after the outermost loop containing the loop that triggered OSR compilation. The reasoning is that the main benefit of OSR'd code is speeding up the OSR'd loop; the speedup of the OSR'd loop is assumed to be higher than deoptimization overhead. This is a slightly modified version of crrev.com/c/3521361, credit goes to tao.pan@intel.com for most of the investigation and implementation work. Bug: v8:12161 Change-Id: Ie729dd5d1df9c7f529a1cf1b9471bb60ce76c41a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3607988Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Jakob Linke <jgruber@chromium.org> Cr-Commit-Position: refs/heads/main@{#80177}
-
Andreas Haas authored
Table.set has two arguments, the table index and the value. Therefore Table.set was defined with a length of 2. However, the value argument is optional, so the length should actually be 1. Change-Id: Ica2ea13a8e78c974cb011df2b5dc99f8e7eb4bcd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3398496Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/main@{#80176}
-
Anton Bikineev authored
When setting a range for a newly allocated lab, consider adjacent cards. If either is young, don't mark it as kMixed. Bug: chromium:1029379 Change-Id: If7d1d920dd5769679de68800eae61f3a8dc1eb17 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3584116Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Anton Bikineev <bikineev@chromium.org> Cr-Commit-Position: refs/heads/main@{#80175}
-
jameslahm authored
... unittests/objects/concurrent-transition-array-unittest. Bug: v8:12781 Change-Id: Ic6fbef71e1439c0a0056b122a4b42dcad674ca3b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3604961Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: 王澳 <wangao.james@bytedance.com> Cr-Commit-Position: refs/heads/main@{#80174}
-
Nico Hartmann authored
This reverts commit 5d235def. Reason for revert: Speculative revert because of https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20gc%20stress/38153/overview Original change's description: > [heap] Store size with invalidated object > > When updating pointers during a full GC, a page might not be swept > already. In such cases there might be invalid objects and slots recorded > in free memory. Updating tagged slots in free memory is fine even though > it is superfluous work. > > However, the GC also needs to calculate the size of potentially dead > invalid objects in order to be able to check whether a slot is within > that object. But since that object is dead, its map might be dead as > well which makes size calculation impossible on such objects. The CL > changes this to cache the size of invalid objects. A follow-up CL will > also check the marking bit of invalid objects. > > Bug: v8:12578, chromium:1316289 > Change-Id: Ie773d0862a565982957e0dc409630d76552d1a32 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3599482 > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Reviewed-by: Jakob Linke <jgruber@chromium.org> > Reviewed-by: Patrick Thier <pthier@chromium.org> > Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> > Cr-Commit-Position: refs/heads/main@{#80169} Bug: v8:12578, chromium:1316289 Change-Id: I6949412c5d6e1aa15718d027043d9528137a60a0 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3605812 Auto-Submit: Nico Hartmann <nicohartmann@chromium.org> Owners-Override: Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#80173}
-
jameslahm authored
... /numbers/conversions-unittest. Bug: v8:12781 Change-Id: I81043f8bcebf5ce1292111211af1bea297c9eea4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3604962Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: 王澳 <wangao.james@bytedance.com> Cr-Commit-Position: refs/heads/main@{#80172}
-
jameslahm authored
... /date/date-unittest. Bug: v8:12781 Change-Id: Id5c7fd1ec11a427849c01acf992c7e398c456a4c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3599655Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: 王澳 <wangao.james@bytedance.com> Cr-Commit-Position: refs/heads/main@{#80171}
-
Tobias Tebbi authored
It seems that GCC 7 doesn't support constructor calls with curly braces inside of expressions. Bug: v8:12827 Change-Id: I7b8ff792de1f67a45af6e2e2d82808f57d23b66c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3606230 Auto-Submit: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/main@{#80170}
-
Dominik Inführ authored
When updating pointers during a full GC, a page might not be swept already. In such cases there might be invalid objects and slots recorded in free memory. Updating tagged slots in free memory is fine even though it is superfluous work. However, the GC also needs to calculate the size of potentially dead invalid objects in order to be able to check whether a slot is within that object. But since that object is dead, its map might be dead as well which makes size calculation impossible on such objects. The CL changes this to cache the size of invalid objects. A follow-up CL will also check the marking bit of invalid objects. Bug: v8:12578, chromium:1316289 Change-Id: Ie773d0862a565982957e0dc409630d76552d1a32 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3599482Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Jakob Linke <jgruber@chromium.org> Reviewed-by: Patrick Thier <pthier@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/main@{#80169}
-
jameslahm authored
... /objects/concurrent-prototype-unittest. Bug: v8:12781 Change-Id: Id283af4940a8cff19da78e0404022bc0faf2412e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3599654Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: 王澳 <wangao.james@bytedance.com> Cr-Commit-Position: refs/heads/main@{#80168}
-
Jakob Gruber authored
This is a reland of commit 91da3883 Fixed: Use an X register for JumpIfCodeTIsMarkedForDeoptimization on arm64. Original change's description: > [osr] Use the new OSR cache > > This CL switches over our OSR system to be based on the feedback > vector osr caches. > > - OSRing to Sparkplug is fully separated from OSR urgency. If > SP code exists, we simply jump to it, no need to maintain an > installation request. > - Each JumpLoop checks its dedicated FeedbackVector cache slot. > If a valid target code object exists, we enter it *without* > calling into runtime to fetch the code object. > - Finally, OSR urgency still remains as the heuristic for > requesting Turbofan OSR compile jobs. Note it no longer has a > double purpose of being a generic untargeted installation > request. > > With the new system in place, we can remove now-unnecessary > hacks: > > - Early OSR tierup is replaced by the standard OSR system. Any > present OSR code is automatically entered. > - The synchronous OSR compilation fallback is removed. With > precise installation (= per-JumpLoop-bytecode) we no longer > have the problem of 'getting unlucky' with JumpLoop/cache entry > mismatches. Execution has moved on while compiling? Simply spawn > a new concurrent compile job. > - Remove the synchronous (non-OSR) Turbofan compile request now > that we always enter available OSR code as early as possible. > - Tiering into Sparkplug no longer messes with OSR state. > > Bug: v8:12161 > Change-Id: I0a85e53d363504b7dac174dbaf69c03c35e66700 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3596167 > Commit-Queue: Jakob Linke <jgruber@chromium.org> > Auto-Submit: Jakob Linke <jgruber@chromium.org> > Reviewed-by: Leszek Swirski <leszeks@chromium.org> > Commit-Queue: Leszek Swirski <leszeks@chromium.org> > Cr-Commit-Position: refs/heads/main@{#80147} Bug: v8:12161 Change-Id: Ib3597cf1d99cdb5d0f2c5ac18e311914f376231d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3606232 Auto-Submit: Jakob Linke <jgruber@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#80167}
-
Frank Tang authored
Also add AOs: ToLargestTemporalUnit, ToISODayOfYear, RegulateISODate, AddISODate, DifferenceISODate Spec Text: https://tc39.es/proposal-temporal/#sec-temporal.calendar.prototype.dateuntil https://tc39.es/proposal-temporal/#sec-temporal-tolargesttemporalunit https://tc39.es/proposal-temporal/#sec-temporal-toisodayofyear https://tc39.es/proposal-temporal/#sec-temporal-regulateisodate https://tc39.es/proposal-temporal/#sec-temporal-addisodate https://tc39.es/proposal-temporal/#sec-temporal-differenceisodate Bug: v8:11544 Change-Id: I03a28bf07ddfae036491e49cb06278d050ddebf6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3534620Reviewed-by: Adam Klein <adamk@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/main@{#80166}
-
Liu Yu authored
The size of flag is now 16 bits. Bug: v8:12161 Change-Id: I5db5e05171281f27cce739c7b76e1d4b9ebf20b9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3602236Reviewed-by: Jakob Linke <jgruber@chromium.org> Commit-Queue: Yu Liu <liuyu@loongson.cn> Cr-Commit-Position: refs/heads/main@{#80165}
-
- 25 Apr, 2022 10 commits
-
-
Shu-yu Guo authored
Make the file names consistent on "shadow-realm" (i.e. singular, with a dash). Bug: v8:11989 Change-Id: Id0a6f417fd9b53b9f7ddf9677da7396fa2481af6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3606392Reviewed-by: Adam Klein <adamk@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/main@{#80164}
-
Shu-yu Guo authored
Currently the Isolate is gotten off of the object that the operation is being performed on. Shared objects return the shared Isolate, which is incorrect as it shouldn't be used to run JS, nor does it have HandleScopes open. Plumb the executing Isolate through. Bug: v8:12547 Change-Id: I3d960751c798ac657a6122598154e36d9d504c31 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3606489Reviewed-by: Adam Klein <adamk@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/main@{#80163}
-
Igor Sheludko authored
This CL extends BoundedPageAllocator with PageFreeingMode parameter which controls how pages should be freed: by setting permissions to kNoAccess (preferred) or by discarding pages (Apple Silicon specific behavior for RWX pages). The latter mode allows to ensure that once pages are configured with RWX permissions they are never reconfigured to anything else again. The new mode will be used in a follow-up CL. Bug: v8:12797 Change-Id: I3277f56ea6fee9c9b38b1682e68c22e66e9a02a4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3606228Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/main@{#80162}
-
Michael Lippautz authored
Young GlobalHandle nodes were processed during post processing which required a logic to defend against recursive GCs. This was originally designed in a delayed way as the list itself was only treated as an optimization and could thus be lazily cleared. Since this still happens in the atomic pause and every node needs to be visited, there's no advantage over just keeping it correct at all times. Bug: chromium:1319213 Change-Id: I199fc0be5e4b6ed5cbb60cf3b1452e37108cd4f8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3605281Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#80161}
-
Camillo Bruni authored
Bug: v8:10644 Change-Id: Iff48e762fd895df63d599cf4663f8b6f44373a00 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3605241Reviewed-by: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Victor Gomes <victorgomes@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/main@{#80160}
-
Leszek Swirski authored
Make sure that Call nodes are only added to the graph after their arguments are processed. Previously we were already doing this for the undefined constant, but forgot to also do it for tagging nodes. Now rather than trying to add those nodes before creating the Call node, we create the Call node without adding it to the graph, then add it only after setting up its inputs. Bug: v8:7700 Change-Id: Id8c4c381f42fdd3c86d19d0fa2eb57163771060b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3605248 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Victor Gomes <victorgomes@chromium.org> Commit-Queue: Victor Gomes <victorgomes@chromium.org> Cr-Commit-Position: refs/heads/main@{#80159}
-
Leszek Swirski authored
Bug: v8:7700 Change-Id: If0ae8dce83d91b159c345bdeef74d902593cd185 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3605247 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Victor Gomes <victorgomes@chromium.org> Commit-Queue: Victor Gomes <victorgomes@chromium.org> Cr-Commit-Position: refs/heads/main@{#80158}
-
Leszek Swirski authored
Correct use the lazy deopt's deopt index in safepoints, instead of the index in the translation array. Bug: v8:7700 Change-Id: I4a99ceb8bb54f2fba5bee0e6ddd6629b44439ce1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3605609 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Victor Gomes <victorgomes@chromium.org> Commit-Queue: Victor Gomes <victorgomes@chromium.org> Cr-Commit-Position: refs/heads/main@{#80157}
-
Junliang Yan authored
Change-Id: I94f3f02e2214437d8320d31c8be24f41698f136c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3604752Reviewed-by: Milad Farazmand <mfarazma@redhat.com> Commit-Queue: Junliang Yan <junyan@redhat.com> Cr-Commit-Position: refs/heads/main@{#80156}
-
legendecas authored
Invoking a JSBoundFunction is slightly slower than a normal JSFunction (since we don't have to first jump to the target_function). The closure steps in SourceTextModule ExecuteAsyncModule is controlled by the engine so it is better to create dedicated context slots for the captured values. Change-Id: I8163fc4b302d6d22906e578164470c9e28e768e0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3584601Reviewed-by: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Chengzhong Wu <legendecas@gmail.com> Cr-Commit-Position: refs/heads/main@{#80155}
-