- 20 May, 2022 27 commits
-
-
Frank Tang authored
Spec Text: https://tc39.es/proposal-temporal/#sup-temporal.plaindate.prototype.tostring https://tc39.es/proposal-temporal/#sup-temporal.plaindate.prototype.tolocalestring https://tc39.es/proposal-temporal/#sup-temporal.plainmonthday.prototype.tostring https://tc39.es/proposal-temporal/#sup-temporal.plainmonthday.prototype.tolocalestring https://tc39.es/proposal-temporal/#sup-temporal.plainyearmonth.prototype.tostring https://tc39.es/proposal-temporal/#sup-temporal.plainyearmonth.prototype.tolocalestring Implement toString/toLocaleString as non-intl version. Because toString took options bag in Temporal, we cannot use the same way how we handle Date.prototype.toLocaleString() for non-intl build by just forwarding to it's toString implementation. Change built-ins-defintions.h to always has built-ins for *.toLocaleString , not just in intl build. Change src/init/bootstrapper.cc away of the toLocaleString forward to toString approach. Implement the non-intl version of ToLocaleString in js-temporal-objects.cc for Temporal.Plain(Date|YearMonth|MonthDay) Bug: v8:11544 Change-Id: I202bcf28ef05ed03c337475300cfdfd18b52ffb3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3656137Reviewed-by:
Adam Klein <adamk@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/main@{#80675}
-
Andy Wingo authored
Bug: v8:12868 Also adds wtf8.cc, wtf8.h to src/wasm, to implement WTF-8 validation and possibly other utilities. Also fixes a bug when parsing the string literals section; I had misunderstood the way the unordered/ordered sections mechanism worked. Change-Id: I3c4205e0872379a69575f84ba33e0090a9d8d656 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652789 Commit-Queue: Andy Wingo <wingo@igalia.com> Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/main@{#80674}
-
Alex Gough authored
Before: when cet is disabled v8_shell is marked with the cetcompat bit, which breaks the chromium build on cet machines. With this CL: v8_shell is not marked as cetcompat unless v8_enable_cet_shadow_stacks is true. Bug: chromium:1289318 Change-Id: If8a79ac5288a9a3385bf6b692db566508cca248f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3656146 Commit-Queue: Alex Gough <ajgo@chromium.org> Reviewed-by:
Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#80673}
-
Marja Hölttä authored
Bug: v8:11525,v8:12820 Change-Id: Ic4cd3172a4d6884b8234ca6b6463dfc405e10ba1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652793 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by:
Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/main@{#80672}
-
Tobias Tebbi authored
Bug: v8:12893 Change-Id: Ibc2068011243b2ec811cd90646f0ec2a0d93cc05 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3657433 Auto-Submit: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#80671}
-
Leszek Swirski authored
Add Int32/Float64 nodes for: * Subtract * Multiply * Divide and additionally Int32 nodes for * BitwiseOr/And/Xor * ShiftLeft/Right/RightLogical The latter ones don't have Float64 equivalents since they're implicitly Int32 operations. In the future we'll add support for Number feedback by adding Float64-to-Int32 conversions and using the Int32 nodes. The divide node does an Int32 division and deopts if there's a remainder to the division -- we may want to make it output a Float64 instead if we think that's more likely in real-world code. There's also no peephole optimisations for constant operations, which would generate much better code, especially for shifts. Bug: v8:7700 Change-Id: Ief1d24b46557cf4d2b7929ed50956df7b0d25992 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652301 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/main@{#80670}
-
Tobias Tebbi authored
This reverts commit 74c68e2a. Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20UBSan/21353/overview Original change's description: > [heap] Disable map space with --future > > Original CL got reverted, this time the failing test should be fixed. > > Bug: v8:12578 > Change-Id: Id2d8801f07742e8b00884fefec8200e4270f4250 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3657434 > Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Cr-Commit-Position: refs/heads/main@{#80668} Bug: v8:12578 Change-Id: I2ee20c79ec09ff4f7bece6ddcc1c3a5cd9351223 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647692 Owners-Override: Tobias Tebbi <tebbi@chromium.org> Auto-Submit: Tobias Tebbi <tebbi@chromium.org> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#80669}
-
Dominik Inführ authored
Original CL got reverted, this time the failing test should be fixed. Bug: v8:12578 Change-Id: Id2d8801f07742e8b00884fefec8200e4270f4250 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3657434 Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#80668}
-
Michael Lippautz authored
Unfortunately heap setup happens before setting up flags in practice. This means that flags such as `--single-threaded-gc` were not respected properly for Oilpan. Delay the setup until the GC is actually triggered. Bug: chromium:1326723 Change-Id: Icabe7ecf27e879bd44bba5e09ca176beb012c58a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3657430Reviewed-by:
Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#80667}
-
Marja Hölttä authored
Enforce the parent context has a smaller id, this time more forcefully. Bug: v8:11525,v8:12820 Change-Id: I05bf675545b81b818eebfcaa40ee6bb93f5bcf9e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652792 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by:
-
Samuel Groß authored
These bots should run sandbox tests in the future, for which the memory corruption API will be required. Bug: v8:12878 Change-Id: Ib64bfb0ae080016db6d1629f375d2a71a20d70b4 Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3657427Reviewed-by:
Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Auto-Submit: Samuel Groß <saelo@chromium.org> Cr-Commit-Position: refs/heads/main@{#80665}
-
Tobias Tebbi authored
This reverts commit 4ba3b515. Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20no-concurrent-marking/8900/overview Original change's description: > [heap] Disable map space with --future > > Bug: v8:12578 > Change-Id: If0253a2feb383d6ef313729bf99b489eb9436303 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652794 > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> > Cr-Commit-Position: refs/heads/main@{#80660} Bug: v8:12578 Change-Id: I9ccfc2641b29539a29258a6517824cdd5a5709d5 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3657432 Owners-Override: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#80664}
-
Andy Wingo authored
A fixup to https://chromium-review.googlesource.com/c/v8/v8/+/3644961 that I had neglected to address then. Whoops! Change-Id: Id0f2721e6cdfb3493b5d11043f6a6a3273e1fc09 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652790Reviewed-by:
-
Igor Sheludko authored
This is a reland of commit e8cac377 The proxy resolver issue is fixed in a separate CL. Original change's description: > [rwx][mac] Enable fast W^X on Apple Silicon (M1) > > Bug: v8:12797 > Change-Id: I53bb803dd77db5bdd42b1a1b4b568e63857adf31 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3598861 > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Commit-Queue: Igor Sheludko <ishell@chromium.org> > Cr-Commit-Position: refs/heads/main@{#80396} Bug: v8:12797 Change-Id: Icd897d3f3ff1f1bcfdb9e874e13f6a654c985fc8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3650925 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by:
-
Jakob Kummerow authored
Fixed: chromium:1327321 Change-Id: I4868e0127b9dd14a0812cafca1681280534faa46 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652788Reviewed-by:
-
Dominik Inführ authored
Bug: v8:12578 Change-Id: If0253a2feb383d6ef313729bf99b489eb9436303 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652794Reviewed-by:
-
Samuel Groß authored
When enabled, this API exposes a new global 'Sandbox' object which contains a number of functions and objects that in effect emulate typical memory corruption primitives constructed by exploits. In particular, the 'MemoryView' constructor can construct ArrayBuffers instances that can corrupt arbitrary memory inside the sandbox. Further, the getAddressOf(obj) and getSizeInBytesOf(obj) functions can be used respectively to obtain the address (relative to the base of the sandbox) and size of any HeapObject that can be accessed from JavaScript. This API is useful for testing the sandbox, for example to facilitate developing PoC sandbox escapes or writing regression tests. In the future, it may also be used by custom V8 sandbox fuzzers. Bug: v8:12878 Change-Id: I4e420b2ff28bd834b0693f1546942e51c71bfdda Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3650718Reviewed-by:
Igor Sheludko <ishell@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Cr-Commit-Position: refs/heads/main@{#80659}
-
Leszek Swirski authored
Fixed: v8:12886 Change-Id: I729f6f11be3befa573ac6a201dc91e3d5f2eebc1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652791 Commit-Queue: Clemens Backes <clemensb@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Reviewed-by:
-
Liu Yu authored
LLd and Scd should be used for StoreType::kI64Store* types. Change-Id: Ic645c9149c7ade95e0a36acadb48d246ee817469 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3655179 Auto-Submit: Yu Liu <liuyu@loongson.cn> Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn> Reviewed-by:
Zhao Jiazhong <zhaojiazhong-hf@loongson.cn> Cr-Commit-Position: refs/heads/main@{#80657}
-
Dominik Inführ authored
Adding the shared heap write barrier caused regressions on some benchmarks. Presumably this is because the compiler can't merge the fast paths of the generational and shared heap write barrier. This CL therefore introduces a CombinedHeapBarrier that manually unifies the fast path for the marking, generational and shared heap write barrier. This should make the barrier easier to optimize for the compiler. In particular it should help to ensure that page flags don't need to be loaded multiple times in a single full write barrier. Bug: chromium:1326446, v8:11708 Change-Id: Iacd487f1263491cf4c05f25e004233a52b7c45a6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644964Reviewed-by:
-
Jakob Kummerow authored
By popular demand. Bug: v8:7748 Change-Id: I6892d5cb92066ecc56574b5f27a09088c692e071 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3650927 Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by:
Manos Koukoutos <manoskouk@chromium.org> Auto-Submit: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/main@{#80655}
-
Andy Wingo authored
Bug: v8:12868 A slight modification to the existing DFA-based UTF-8 allocator to allow decoding surrogates, for use in decoding WTF-8. We'll need to additionally constrain the decoder to disallow surrogate pairs. Change-Id: Ifddbf08d4eeeff8f270df52a68f01769ea790eec Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652787 Commit-Queue: Andy Wingo <wingo@igalia.com> Reviewed-by:
Marja Hölttä <marja@chromium.org> Reviewed-by:
-
Samuel Groß authored
With crrev.com/c/3641564, Chromium now uses PartitionAlloc for ArrayBuffer allocations even if one of the sanizier tools (e.g. ASan) is enabled. As such, sanitizer builds are now compatible with the sandbox. Bug: chromium:1218005 Change-Id: I100bf3ef442c556652fb00dd6c09d06b167e6577 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652785 Commit-Queue: Samuel Groß <saelo@chromium.org> Reviewed-by:
-
v8-ci-autoroll-builder authored
Rolling v8/third_party/icu: https://chromium.googlesource.com/chromium/deps/icu/+log/585942f..1c67b4e CP PR2090 to remove ATOMIC_VAR_INIT (Frank Tang) https://chromium.googlesource.com/chromium/deps/icu/+/1c67b4e Disable -Wambiguous-reversed-operator in ICU. (Peter Kasting) https://chromium.googlesource.com/chromium/deps/icu/+/3272ffe R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com,ftang@chromium.org Change-Id: I1a35eadab7a580b6f447af17fc75981723e89d22 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3656643 Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#80652}
-
Pan, Tao authored
All user of osr_code_cache_state had been removed. Change-Id: I08a4783e47c900617b53ba789d267fb9a0bd1e92 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652276Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Commit-Queue: Tao Pan <tao.pan@intel.com> Cr-Commit-Position: refs/heads/main@{#80651}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/62419bc..399520d Rolling v8/buildtools: https://chromium.googlesource.com/chromium/src/buildtools/+log/7208edd..a5fa465 Rolling v8/buildtools/third_party/libc++abi/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxxabi/+log/75a3853..3e4d383 Rolling v8/buildtools/third_party/libunwind/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libunwind/+log/837a94e..c9b2288 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/ab4d2e3..bd80a1b Rolling v8/third_party/fuchsia-sdk/sdk: version:8.20220518.3.1..version:8.20220519.0.1 Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/6e492e7..bec960d Rolling v8/tools/luci-go: git_revision:d3db74920e35147955be43f62b5f4ed0cf84c614..git_revision:0ef9351a5b73943d547fb27d463d5f4a1572727f Rolling v8/tools/luci-go: git_revision:d3db74920e35147955be43f62b5f4ed0cf84c614..git_revision:0ef9351a5b73943d547fb27d463d5f4a1572727f R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com Change-Id: I0eb24c3dcae59d3d9f7a1049fd42c984f8d0440c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3654637 Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#80650}
-
Shu-yu Guo authored
Error.cause has shipped since M93. Bug: chromium:1192162 Change-Id: Ib6019f5796cc41447af70c325c90136bcbd774ab Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3624981 Commit-Queue: Shu-yu Guo <syg@chromium.org> Reviewed-by:
-
- 19 May, 2022 13 commits
-
-
Andy Wingo authored
Avoid a run-time dispatch for tables that don't contain subtypes of funcref. Change-Id: I27a55c378b0a4fcd98e77f8ff45ae9972c9d095a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644961Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/main@{#80648}
-
Milad Fa authored
Port 0236d7b5 Original Commit Message: Instruction lowering on ARM uses pmin/pmax as there is no hardware support. More details here: https://github.com/WebAssembly/relaxed-simd/issues/33 R=gdeepti@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com BUG= LOG=N Change-Id: Ifbee1c0485ae47939fc070121ed6e0abd01c3547 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3654562Reviewed-by:
Junliang Yan <junyan@redhat.com> Commit-Queue: Milad Farazmand <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/main@{#80647}
-
Igor Sheludko authored
... when com.apple.security.cs.allow-jit entitlement is not enabled. Bug: v8:12797, chromium:1324829 Change-Id: I660008e1f8abbac3436dd78ea90937971599b5d0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644960Reviewed-by:
-
Seth Brenith authored
This is a reland of commit a7607221 The bug exposed by landing this change the first time has been fixed separately in https://crrev.com/c/3654413 . Original change's description: > Disable recompilation of existing Scripts from Isolate compilation cache > > My previous change https://crrev.com/c/3597106 led to some performance > regressions in time spent on parsing and compilation. This change > disables the ability to recompile an existing uncompiled Script, as an > attempt to both fix the regressions and isolate which part of the > previous change was the cause of those problems. > > Bug: v8:12808, chromium:1325566, chromium:1325567, chromium:1325601 > Change-Id: Ifa086bf27070da8f4b3c0e4415af5ca7b6706b0a > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652252 > Reviewed-by: Leszek Swirski <leszeks@chromium.org> > Commit-Queue: Seth Brenith <seth.brenith@microsoft.com> > Cr-Commit-Position: refs/heads/main@{#80616} Bug: v8:12808, chromium:1325566, chromium:1325567, chromium:1325601 Change-Id: Ib31864bef90ff3340d1dfd4e25e21bef121f2d49 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3655011Reviewed-by:
-
Clemens Backes authored
Triggering tier-up can happen very often, so the runtime function should be as slim as possible. This CL adds two DisallowGarbageCollection scopes and removes a HandleScope which was unnecessarily created. R=jkummerow@chromium.org Bug: v8:12281 Change-Id: I43e7f2b449630856ac8dfb36d294fbd29191d0eb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652300 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by:
-
Toon Verwaest authored
Bug: v8:7700 Change-Id: I4a772e0b2b821376ba75afd587694e130f059089 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647831 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by:
-
Issack John authored
Part of the improve error messages initiative. Based on a resource of JSON.parse() errors found at https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Errors/JSON_bad_parse added support for: - 'Bad control character in string literal' - 'Bad Unicode escape' Previously JSON.parse('"a\bz"') would output: SyntaxError: Unexpected token in JSON at position 2 Now the output is: SyntaxError: Bad control character in string literal in JSON at position 2 Previously JSON.parse("[\"\\t\\u") would output: SyntaxError: Unexpected end of JSON input Now the output is: SyntaxError: Bad Unicode escape in JSON at position 6 Bug: v8:6551 Change-Id: I3ba5450c41b8a388643a15bc58e4e3fc75855d13 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652254Reviewed-by:
-
Stephen Roettger authored
args.set_at lead to a vulnerability in the past where the caller (ignition) didn't expect the callee to overwrite the arguments. The current usage doesn't look like an issue, but let's preemptively remove these usages so that they don't lead to issues in the future. Change-Id: I64e1f84ad1833b2b2f96cd7503bdde00f344404c Bug: chromium:1268738 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644965Reviewed-by:
-
Liu Yu authored
Change-Id: Ib4039ede294fe3c108cd49c45a7a5e36a6f51780 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3653714Reviewed-by:
-
Stephen Roettger authored
Bug: chromium:1310790 Change-Id: I739161f47fc1fc32d832f106d5ef6b7df4aed213 Fixed: chromium:1310790 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3654096Reviewed-by:
-
Manos Koukoutos authored
Specifically, move numeric conversions from WasmGraphBuilder, and add functionality for traps. These will be used in wasm-gc lowering phases. Change-Id: I73f0dab28d87db8f1c4c339ea3d871f262e270ab Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3654101Reviewed-by:
-
Seth Brenith authored
The script compilation cache contains weak pointers to Script objects as its keys. When doing a rehashing operation, any hash table needs the ability to get the hash code for every entry in the table. However, if the weak pointer was cleared from a key, there is no longer any way to get the hash code for that entry. In https://crrev.com/c/3597106 , I attempted to solve this problem by deleting all entries whose keys contain cleared weak pointers prior to rehashing, but the implementation has a bug: when resizing, the new table is allocated after deleting the entries with cleared keys, so if that allocation triggers a GC, the table can once again have entries with cleared keys. This could be solved in a variety of ways, such as: 1. Iterate the entries again and delete those with cleared keys, after allocating the new table but before calling Rehash() to copy data into that new table. This means we can't directly use HashTable::EnsureCapacity, which normally does both the allocation and the rehashing. 2. Return a bogus hash code for entries whose keys contain cleared weak pointers. This is simple but risks poor distribution of data after rehashing. 3. Implement custom rehashing which can avoid copying entries with cleared keys, rather than reusing the rehashing implementation from HashTable. 4. Include the hash value in every key, so a consistent hash value is available even after the weak Script pointer has been cleared. The fourth option sounds like the lowest risk to me, so this change implements that option. Bug: v8:12808 Change-Id: I6b19b9c8af67dcfc31b74842ba581dd141e18845 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3654413Reviewed-by:
-
Samuel Groß authored
The majority of 64-bit Android devices appear to be using a 40-bit address space, i.e. 512GB for userspace. Allocating a 256GB sandbox (plus 2x 32GB guard regions) may take too much of the address space and cause the creation of other address space reservations (e.g. the cppgc caged heap), which are created per worker, to fail later on. In general, we should try to limit the sandbox size to less than 1/4 of the address space, so this CL shinks the sandbox on Android to 128GB. Bug: chromium:1327131 Change-Id: Ib48b45506ad6a7a5e15b95115c7642bf62a68fa1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652783Reviewed-by:
-
