- 23 Jul, 2021 13 commits
-
-
Milad Fa authored
Change-Id: I00da20528553e4135681790998c03126931bca9a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3042719 Commit-Queue: Milad Fa <mfarazma@redhat.com> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Junliang Yan <junyan@redhat.com> Cr-Commit-Position: refs/heads/master@{#75883}
-
Maya Lekova authored
Bug: chromium:1052746 Change-Id: Ibd93c5651384e489d3c41800dfc3b1bdd397c637 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3048182 Auto-Submit: Maya Lekova <mslekova@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#75882}
-
Danil Somsikov authored
This reverts commit a5fd60e1. Reason for revert: As per crbug/1213374 this is not applied consistently. E.g. wrapping object into an array will bypass access checks. With the crrev/c/3041424 however, only accessible properties are shown in console, so logging a restricted object is no longer unsafe. Original change's description: > Calls to {console} require an access check for the provided arguments > > This CL adds an access check for the arguments to all calls to > {console} like {console.log}. This is needed since the DevTools > protocol notificiation event does not contain the context in which > the {console.log} call occurred. Only the context of the argument. > When DevTools then reads properties for the preview of the argument, > it uses arguments context, instead of the calling context, potentially > leaking objects/exceptions into the calling context. > > Bug: chromium:987502, chromium:986393 > Change-Id: I6f7682f7bee94a28ac61994bad259bd003511c39 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1741664 > Commit-Queue: Simon Zünd <szuend@chromium.org> > Reviewed-by: Yang Guo <yangguo@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63122} Bug: chromium:987502, chromium:986393, chromium:1213374 Change-Id: I92a8bb7663ff97de8831ddeb2c8560fb9fa1c12e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3046189Reviewed-by: Simon Zünd <szuend@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Danil Somsikov <dsv@chromium.org> Cr-Commit-Position: refs/heads/master@{#75881}
-
Jakob Kummerow authored
Now that we have advanced division algorithms, we can implement a divide-and-conquer strategy for toString-conversions, to make their complexity sub-quadratic. For example, this speeds up `(2n ** (2n ** 21n)).toString().length` from 9400 ms to 200 ms on my laptop. Bug: v8:11515 Change-Id: Id20f7f2928dc7308609f4c1688f32b252e04f433 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3017805Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#75880}
-
Omer Katz authored
As an optimization, RegisterWeakReferenceIfNeeded checks whether the target object is marked, and only registers it if it's not marked. The target object may still be under construction, in which case checking the mark bit will race with allocating the object. Bug: chromium:1056170, chromium:1232339 Change-Id: I0a41afba7f48f288f708441176f89509a81ebb09 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3048171 Commit-Queue: Omer Katz <omerkatz@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#75879}
-
Marja Hölttä authored
Bug: v8:11111 Change-Id: I41a318d3858e48035ae67e937420e2963a13d871 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3035091 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/master@{#75878}
-
Maya Lekova authored
This is a reland of 84d5b027 It removes support for 8-byte types which were causing unaligned reads. Original change's description: > [fastcall] Implement support for TypedArray arguments > > This CL adds TypedArrays as supported arguments for fast API calls. > It implements "exact type" matching, i.e. if Float32Array is expected > and e.g. Int32Array is passed instead, the generated code bails to the > slow callback. > > Bug: chromium:1052746, chromium:1018624 > Change-Id: I01d4e681d2b367cbb57b06effcb591c090a23295 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2999094 > Commit-Queue: Maya Lekova <mslekova@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Reviewed-by: Camillo Bruni <cbruni@chromium.org> > Cr-Commit-Position: refs/heads/master@{#75756} Bug: chromium:1052746, chromium:1018624 Change-Id: I872716d95bde8c340cf04990a3e4ae8ec8cd74a2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3035090Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#75877}
-
Michael Achenbach authored
No-Try: true Bug: chromium:1231999 Change-Id: I08cba762a7ef28cfa2ef74a23e86ac3d057db8dd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3046188Reviewed-by: Liviu Rau <liviurau@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#75876}
-
Benedikt Meurer authored
This properly threads through the `executionContextId` to the request reported to the DevTools front-end, similarly to how we already report the `executionContextId` as part of `Runtime.bindingCalled`. Bug: chromium:1231521 Change-Id: I0a003041aedd8ec661d1b07cdddbcd1f2866a99f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3046187 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Auto-Submit: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#75875}
-
Danil Somsikov authored
devtools Bug: chromium:1213374 Change-Id: Ie064873e8a3998aad01120022e39e93dba0cb729 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3041424 Commit-Queue: Danil Somsikov <dsv@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#75874}
-
Dan Elphick authored
Replaces includes of v8.h with more fine-grained includes and moves the deoptimizer.h include to the places that actually need it. Bug: v8:11879 Change-Id: Ifc2e89caf455ddcf559fdb449d0fed7ad0d046d9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3045706Reviewed-by: Simon Zünd <szuend@chromium.org> Commit-Queue: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#75873}
-
legendecas authored
According to the spec https://tc39.github.io/proposal-error-cause, the property 'cause' should not present on Error.prototype. Bug: v8:12006 Change-Id: Ib1601769793b808c5f5a7065effcc77d1def4cbb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3037911Reviewed-by: Shu-yu Guo <syg@chromium.org> Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#75872}
-
Al Muthanna Athamina authored
Bug: chromium:1231890 Change-Id: Iea8273dec335e0a9d264743751ac62e3869ec327 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3045354 Auto-Submit: Almothana Athamneh <almuthanna@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#75871}
-
- 22 Jul, 2021 23 commits
-
-
Dan Elphick authored
Removes unnecessary includes of v8.h from src/diagnostics/gdb-jit.h src/diagnostics/system-jit-win.h src/diagnostics/unwinder.h by predeclaring types or using more appropriate headers. Bug: v8:11879 Change-Id: I17f42acfef8e61133988453d67c3c0d473ff0337 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3045702 Auto-Submit: Dan Elphick <delphick@chromium.org> Commit-Queue: Dan Elphick <delphick@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#75870}
-
Clemens Backes authored
This reverts commit 85e6c4b6. Reason for revert: All gc-stress bots are unhappy: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20gc%20stress/34544/overview Original change's description: > [sparkplug] Enable sparkplug by default on desktop > > Bug: v8:11420 > Change-Id: I07ac7f30b5ffffe40170ac15d5df0d3bf8a53523 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3041418 > Auto-Submit: Leszek Swirski <leszeks@chromium.org> > Commit-Queue: Leszek Swirski <leszeks@chromium.org> > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Cr-Commit-Position: refs/heads/master@{#75868} Bug: v8:11420 Change-Id: I91fde3a35eece61e1dfa8b81f57fcda465ce5882 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3046178 Auto-Submit: Clemens Backes <clemensb@chromium.org> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#75869}
-
Leszek Swirski authored
Bug: v8:11420 Change-Id: I07ac7f30b5ffffe40170ac15d5df0d3bf8a53523 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3041418 Auto-Submit: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#75868}
-
Andreas Haas authored
The test is flaky on that hardware but seems to work just fine on other arm hardware. R=machenbach@chromium.org Bug: v8:10948 Change-Id: Ic60cc23c1b4825623a91e3defcd21eada74554a4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3043954 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#75867}
-
legendecas authored
The intrinsic default proto was not installed on async function constructor, so the proto for those unable to get a proper receiver fallbacks to the realms' %Object.prototype%. Bug: v8:9818 Change-Id: I08b9459d60da72dc894b983973e0a36019be9141 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3043691Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#75866}
-
Ross McIlroy authored
And use it to remove the set of TurboProp test skips. BUG=v8:9684,v8:12013 Change-Id: I878e2b9c595449c954735290959d3b38eead5a5b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3043963 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Cr-Commit-Position: refs/heads/master@{#75865}
-
Camillo Bruni authored
* Avoid accessing thread_local_top directly and use getters: - scheduled_exception - pending_exception - pending_message * Rename pending_message_obj to pending_message Bug: chromium:1014421 Change-Id: I080b7d5919e180a943776c79ee9321235d58d3c7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3010278Reviewed-by: Mythri Alle <mythria@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#75864}
-
Jakob Kummerow authored
...while on-heap objects are referring to it. This is accomplished by storing a reference to its associated WasmInstanceObject on every WasmTypeInfo object. Details: https://bit.ly/2UxD4hW Fixed: v8:11953 Change-Id: Ifb6f976142356021393d41c50717d210d525d521 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3043959 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/master@{#75863}
-
legendecas authored
The original issue was resolved in https://github.com/tc39/test262/pull/2083 Change-Id: I5257982bc6d30a51c8fec4ecac31e54b5481a306 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3040879Reviewed-by: Shu-yu Guo <syg@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/master@{#75862}
-
Jakob Gruber authored
These mutex guards may trigger GC on the slow paths; to detect misuse (creating these guards inside GC-disallowed scopes) more reliably, this CL adds DCHECK(AllowGarbageCollection::IsAllowed()) to the guard constructors. Bug: v8:12012 Change-Id: If59514c97ba6cc9bbca3b56559bf2496cafc78d9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3043952Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#75861}
-
Clemens Backes authored
This is a follow-up to https://crrev.com/c/3015557. Even though we enabled trap handling and use it in wasm code, the embedder callback still refused to handle the signal. This CL removed an obsolete comment and simplifies the preprocessor condition to just check for the V8_TRAP_HANDLER_SUPPORTED variable instead of repeating the supported platforms. R=ahaas@chromium.org Bug: v8:11955, chromium:1231858 Change-Id: I417c790fdb755cba182578e7aa1ce4327f4c05ef Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3045352Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#75860}
-
Patrick Thier authored
- Add DropArguments() to x64 TurboAssembler to get rid of arguments on the stack while preserving the return address. - Add DropArgumentsAndPushNewReceiver() to x64 TurboAssembler to get rid of arguments on the stack and push a new receiver, while preserving the return address. Bug: v8:11112 Change-Id: I39ea012219ae3748a73933188eb860ce794de2f1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3045349 Commit-Queue: Patrick Thier <pthier@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#75859}
-
Jakob Gruber authored
A mix of readability refactors, additional DCHECKs, and addressed/updated TODOs. Bug: v8:7790 Change-Id: I87ff996abd40b0ed081586e2c0da1a4c0942fed4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3041665 Auto-Submit: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#75858}
-
Patrick Thier authored
Move some methods that don't access the isolate from x64 MacroAssembler to TurboAssembler. Drive-by: Add RootAsOperand to create an operand for root-relative constants. Bug: v8:11112 Change-Id: Ic0b62d96af004860e5a05539f94d0ac003b06fc3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3045348Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Patrick Thier <pthier@chromium.org> Cr-Commit-Position: refs/heads/master@{#75857}
-
Nico Hartmann authored
TBR=machenbach@chromium.org Bug: chromium:1231890 Change-Id: I60f0a21192f551e737d1b141a44601b9ad2b56fc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3045345Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> Auto-Submit: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/master@{#75856}
-
Jakob Kummerow authored
While pointer-compression still doesn't guarantee 8-byte alignment for objects, the WasmInstanceObject definition should be prepared for a future where that changes. No behavioral differences are expected from this, and likely no performance differences for now either. Change-Id: Iedd85f4361d45e1e3cf5d645496b9ad34acf533b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3038527 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Auto-Submit: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#75855}
-
Ross McIlroy authored
Some skips are no longer required. BUG=v8:9684 Change-Id: I921f2032ea5c19429c735120ba80a09b8f1e352e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3043961 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Auto-Submit: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Cr-Commit-Position: refs/heads/master@{#75854}
-
Ross McIlroy authored
Adds incompatibility between future/turboprop variants and stress-concurrent-inlining due to incompatibility from both configs weakly setting --interrupt-budget. Also ensures we maintain this incompatibility if --future is passed as an extra flag as is done on some bots. BUG=v8:9684 Change-Id: I4855b92a64db00da15efc2384e241d4bf0c373c2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3041677 Auto-Submit: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#75853}
-
Jakob Gruber authored
- Rename AssemblerOptions::enable_root_array_delta_access to enable_root_relative_access. - Remove the identical but duplicated PipelineData::roots_relative_addressing_enabled. Bug: v8:9594 Change-Id: I41c5ddc3c1ad9681dce8402640c50529f00141cf Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3043956 Auto-Submit: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#75852}
-
Leszek Swirski authored
Fold the stack interrupt check to happen as part of the bytecode budget interrupt, so that we can skip the stack check on JumpLoop. This is a minor improvement for Ignition, but it's mainly for for Sparkplug code as it means we don't have to emit additional stack interrupt checks. TurboFan doesn't have budget interrupts, so it keeps the stack interrupt check. Bug: v8:11420 Change-Id: I055fe752946fda6a50ca2675fa3847999898a951 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3041674 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#75851}
-
Jakob Gruber authored
The MapRef constructor contains a ParkedSharedMutexGuard which may trigger gc; and MapRefs may be created for any HeapObjectRef (or subclass) creation. Thus, calls to (Try)MakeRef must happen in contexts in which garbage collection is allowed. Bug: v8:7790,v8:12012 Change-Id: If0cb9e2dae7150b0aa5193a90ec3bc9cd9ac3b81 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3043951Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Auto-Submit: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#75850}
-
v8-ci-autoroll-builder authored
Rolling v8/base/trace_event/common: https://chromium.googlesource.com/chromium/src/base/trace_event/common/+log/d41864d..ad56859 Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/51d7849..66e6c2e Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/6a2f664..9ac1fdf Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/c81b8b9..131233f Rolling v8/tools/luci-go: git_revision:6387586e5b3279aebdf22bdab7ae619dbc156b66..git_revision:9ee8b1d719c0d3c268e0e19282351ca78024af2d Rolling v8/tools/luci-go: git_revision:6387586e5b3279aebdf22bdab7ae619dbc156b66..git_revision:9ee8b1d719c0d3c268e0e19282351ca78024af2d Rolling v8/tools/luci-go: git_revision:6387586e5b3279aebdf22bdab7ae619dbc156b66..git_revision:9ee8b1d719c0d3c268e0e19282351ca78024af2d TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com Change-Id: I1fb8aa68f5afba116d2f214f2128553a77e6ca7d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3045038Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#75849}
-
Shu-yu Guo authored
RegExp match indices have shipped since M90 Bug: v8:9548 Change-Id: I8bf54ce1a50b5079aad71140f75c979a09aae5bb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3042842 Auto-Submit: Shu-yu Guo <syg@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#75848}
-
- 21 Jul, 2021 4 commits
-
-
Thibaud Michaud authored
This is a reland of 4cc547c7 Change: prevent a memcpy to nullptr by skipping the call to copy_out() when the length is zero. Original change's description: > [wasm][eh] Add WebAssembly.Tag.type > > R=ahaas@chromium.org > > Bug: v8:8091 > Change-Id: Id069ffbf76bf836b613287788b1b1fccbb577475 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3021173 > Reviewed-by: Andreas Haas <ahaas@chromium.org> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> > Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> > Cr-Commit-Position: refs/heads/master@{#75815} Bug: v8:8091 Change-Id: I22f400b6e36d1322a4eabd20a68b4bdd70d61377 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3041436Reviewed-by: Andreas Haas <ahaas@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/master@{#75847}
-
Michael Lippautz authored
Allow CrossThreadPersistent and its weak form to access ASAN poisoned memory from the GC entry points. In general, payloads of to-be-finalized objects are poisoned until the finalizer actually runs to avoid accidentally touching that payload. In the case of cross-thread handles, these may need to be cleared by a different thread before the finalizer actually runs. In order to clear those references, the slot needs to be unpoisoned. This is issue is ASAN-only and does not affect production or other debug builds. Bug: chromium:1230599, chromium:1056170 Change-Id: If4d0808953047319b02653821abbb5c638084dc5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3040845 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/master@{#75846}
-
Michael Lippautz authored
Change-Id: I62b6ea126cd15c06fc48c8c7eae14b2b0c9b1dda Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3043962 Auto-Submit: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/master@{#75845}
-
Manos Koukoutos authored
Bug: v8:7748 Change-Id: I1a9787514e105c70ab101aa035e6ee4ae2284ba3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3041434Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/master@{#75844}
-