- 18 Jan, 2022 11 commits
-
-
Jakob Gruber authored
Recursive ToNode node generation may overflow the stack for large graphs. As a quick fix, insert periodic stack overflow checks in selected ToNode methods. As a more permanent fix, in the future we could abort gracefully (instead of crashing on a CHECK), and/or refactor into iterative node generation. Bug: v8:12472 Change-Id: Ie5fbe838c5f6a5192d7d9b44bfe6f6c76a8d26e7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3398112Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/main@{#78667}
-
Samuel Groß authored
These tests cover the basic VirtualAddressSpace functionality for the three different types of address spaces currently available: the root space, subspaces, and emulated subspaces. This CL also includes minor bugfixes in VirtualAddressSpace implementations and removes RandomizedVirtualAlloc in platform-win32.cc which doesn't seem to do anything useful anymore but prevents page allocation hints from working correctly. Bug: v8:10391 Change-Id: Ifa260d18fd366516b5a41ab42ce2f1785c57d061 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3386801Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Cr-Commit-Position: refs/heads/main@{#78666}
-
Maya Lekova authored
This reverts commit bd72152e. Reason for revert: TSAN reports a data race, please see https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20isolates/18124/overview Original change's description: > [fastcall] Add Wasm entry for Fast API calls > > Allow Wasm to generate calls directly to Fast API C functions. > This massively reduces the overhead of these calls (~300%). > Currently options parameter is not supported. > > This is a rebase of the work originally done by devsnek in: > https://chromium-review.googlesource.com/c/v8/v8/+/2718666. > > Bug: chromium:1052746 > Change-Id: I1bb1de68b440044cc8a4e528adf9d8e0e6692a07 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3364356 > Reviewed-by: Clemens Backes <clemensb@chromium.org> > Reviewed-by: Manos Koukoutos <manoskouk@chromium.org> > Reviewed-by: Maya Lekova <mslekova@chromium.org> > Commit-Queue: Paolo Severini <paolosev@microsoft.com> > Cr-Commit-Position: refs/heads/main@{#78664} Bug: chromium:1052746 Change-Id: I957708cf1cff6ee8f90678ee48428f5c12f75a53 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3398121 Auto-Submit: Maya Lekova <mslekova@chromium.org> Owners-Override: Maya Lekova <mslekova@chromium.org> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#78665}
-
Paolo Severini authored
Allow Wasm to generate calls directly to Fast API C functions. This massively reduces the overhead of these calls (~300%). Currently options parameter is not supported. This is a rebase of the work originally done by devsnek in: https://chromium-review.googlesource.com/c/v8/v8/+/2718666. Bug: chromium:1052746 Change-Id: I1bb1de68b440044cc8a4e528adf9d8e0e6692a07 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3364356Reviewed-by: Clemens Backes <clemensb@chromium.org> Reviewed-by: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Paolo Severini <paolosev@microsoft.com> Cr-Commit-Position: refs/heads/main@{#78664}
-
Camillo Bruni authored
Bug: v8:11165 Change-Id: I7c00d2dc87b232b24c4760922936580347358778 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3395881 Auto-Submit: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/main@{#78663}
-
Liu Yu authored
Port commit db9f6bff Bug: v8:11112 Change-Id: I23e4f5e9fe854dce1c9cd93c28fdb656980c7094 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3397537 Auto-Submit: Yu Liu <liuyu@loongson.cn> Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn> Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn> Cr-Commit-Position: refs/heads/main@{#78662}
-
v8-ci-autoroll-builder authored
Rolling v8/third_party/google_benchmark/src: https://chromium.googlesource.com/external/github.com/google/benchmark/+log/6cf20f1..9e859f5 Refine docs on changing cpufreq governor (#1325) (Dominic Hamon) https://chromium.googlesource.com/external/github.com/google/benchmark/+/9e859f5 Expand documentation for unpacking arbitrary arguments. (#1324) (Dominic Hamon) https://chromium.googlesource.com/external/github.com/google/benchmark/+/00e2211 R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com,mlippautz@chromium.org Change-Id: I69f60ec9a6db9db57b1a3376730088a829a0aeb5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3396458 Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#78661}
-
Anton Bikineev authored
When the stack is split in safe and unsafe parts, on-stack TracedReferences are allocated on the unsafe stack. What currently happens is that on GC we destroy all the on-stack references below the current frame of the *safe* stack. If the safe stack is allocated above the unsafe counterpart, then all the traced references will be preliminary destructed on GC. This CL fixes it by using __builtin___get_unsafe_stack_ptr() if -fsanitize=safe-stack is enabled. In addition, deduplicate OnStackTracedNodeSpace::IsOnStack() and Stack::IsOnStack() and move more logic into ::heap::base::Stack. Bug: chromium:1278780 Change-Id: I9582bb1321958b7ec8ef2c0c46b9e42d51bb6f94 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3395033Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Anton Bikineev <bikineev@chromium.org> Auto-Submit: Anton Bikineev <bikineev@chromium.org> Cr-Commit-Position: refs/heads/main@{#78660}
-
Joyee Cheung authored
Previously, StoreOwnIC incorrectly reuses the [[Set]] semantics when initializing public literal class fields and object literals in certain cases (e.g. when there's no feedback). This was less of an issue for object literals, but with public class fields it's possible to define property attributes while the instance is still being initialized, or to encounter existing static "name" or "length" properties that should be readonly. This patch fixes it by 1) Emitting code that calls into the slow stub when handling StoreOwnIC with existing read-only properties. 2) Adding extra steps in StoreIC::Store to handle such stores properly with [[DefineOwnProperty]] semantics. Bug: v8:12421, v8:9888 Change-Id: I6547320a1caba58c66ee1043cd3183a2de7cefef Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3300092Reviewed-by: Shu-yu Guo <syg@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Joyee Cheung <joyee@igalia.com> Cr-Commit-Position: refs/heads/main@{#78659}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/1af42f8..79e39b3 Rolling v8/third_party/googletest/src: https://chromium.googlesource.com/external/github.com/google/googletest/+log/4e9fe30..c9643a2 R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com Change-Id: I9361683537801e8beebe557f272c4b8efeb29c76 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3396457 Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#78658}
-
Maya Lekova authored
This reverts commit f1c2a208. Reason for revert: Breaks some tests on no-sse configuration, please see https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux/45243/overview Original change's description: > [wasm] Various small cleanups/fixes > > Changes: > - Fix a bug in objects-printer where array elements were not treated as > tagged pointers. > - Fix a few TODOs, mainly in the wasm interpreter. > - Improve documentation, small refactorings. > > Change-Id: I1d70ad454b3a0693b9b784b17395434d81d01b61 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3383136 > Reviewed-by: Nikolaos Papaspyrou <nikolaos@chromium.org> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> > Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> > Cr-Commit-Position: refs/heads/main@{#78656} Change-Id: Ic698177259bb14b4c251a4212c79cc0d945b07f8 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3398109 Auto-Submit: Maya Lekova <mslekova@chromium.org> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Commit-Queue: Maya Lekova <mslekova@chromium.org> Owners-Override: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/main@{#78657}
-
- 17 Jan, 2022 20 commits
-
-
Manos Koukoutos authored
Changes: - Fix a bug in objects-printer where array elements were not treated as tagged pointers. - Fix a few TODOs, mainly in the wasm interpreter. - Improve documentation, small refactorings. Change-Id: I1d70ad454b3a0693b9b784b17395434d81d01b61 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3383136Reviewed-by: Nikolaos Papaspyrou <nikolaos@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/main@{#78656}
-
Milad Fa authored
Port db9f6bff Original Commit Message: The receiver is included unconditionally on all platforms (kJSArgcIncludesReceiver is always true). Remove all usages of kJSArgcIncludesReceiver from the code. R=pthier@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com BUG= LOG=N Change-Id: Iec840804c1070f54f03ff80770246061996b4ea6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3395813Reviewed-by: Patrick Thier <pthier@chromium.org> Commit-Queue: Milad Farazmand <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/main@{#78655}
-
Camillo Bruni authored
Bug: v8:11525 Change-Id: I35e582c4ca6da794bab8bce1dfb59e2bb8f0096b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3395559 Auto-Submit: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/main@{#78654}
-
Victor Gomes authored
This is a reland of f605d778 Adds a GC safe (using handles) and unsafe versions of the iterator. V8HeapExplorer needs an unsafe one, since it does not allow the creation of handles. Original change's description: > [runtime] Adds LocalNameIterator > > ScopeInfo will contain either inlined (array) local names or > a hash table (names => index) containing the local names. > > We abstract iteration with LocalNameIterator and remove > ContextLocalName since accessing a local name by index in > the hash table would be expensive. > > This CL only implements the iterator for the array. > > Bug: v8:12315 > Change-Id: I2c62802652fca1cf47815ce8768a3f7487f2c39f > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3386603 > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Commit-Queue: Victor Gomes <victorgomes@chromium.org> > Cr-Commit-Position: refs/heads/main@{#78623} Bug: v8:12315 Change-Id: I6288a08b9c342cd3a9cabcb621c40bb44c08c9c4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3394706Reviewed-by: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Victor Gomes <victorgomes@chromium.org> Cr-Commit-Position: refs/heads/main@{#78653}
-
Andreas Haas authored
The wpt test external/wpt/wasm/jsapi/functions/entry.html failed because the current context was entered when executing the start function instead of the native context. The test crashed because in GetEnteredOrMicrotaskContext a NativeContext is expected. Bug: chromium:1098844 Change-Id: I52d50986c67a0a69c8d9e03756592dff670f83df Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3368107Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/main@{#78652}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/3803b80..1af42f8 Rolling v8/buildtools/third_party/libc++abi/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxxabi/+log/a0ace99..d78d7bf Rolling v8/buildtools/third_party/libunwind/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libunwind/+log/14da6e7..c27c97a Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/dc12138..a2e49be Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/0f5a4de..fd7427c Rolling v8/third_party/googletest/src: https://chromium.googlesource.com/external/github.com/google/googletest/+log/6b74da4..4e9fe30 Rolling v8/third_party/logdog/logdog: https://chromium.googlesource.com/infra/luci/luci-py/client/libs/logdog/+log/17ec234..0b2078a Rolling v8/third_party/zlib: https://chromium.googlesource.com/chromium/src/third_party/zlib/+log/efd9399..fc5cfd7 Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/f5a2da5..3da260b R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com Change-Id: Idaec6f64b683c8aecfcf392b4e90ab0fa3b736a0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3395444 Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#78651}
-
Milad Fa authored
Implementations are added to macro-assembler to be shared between liftoff and code generator. Change-Id: Ic38677b3266399e5e170a4b2d6a8f90d0b830d47 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3389090Reviewed-by: Junliang Yan <junyan@redhat.com> Commit-Queue: Milad Farazmand <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/main@{#78650}
-
Dominik Inführ authored
Verify usages of SKIP_WRITE_BARRIER in builds with SLOW_DCHECKs enabled. We can only remove the write barrier in specific circumstances that can also be DCHECK'ed. I also switched some write barriers to UPDATE_WRITE_BARRIER where those simple rules didn't hold but relied on more elaborate explanations. Bug: v8:12544 Change-Id: I4caa43627f8a3209d853e3352caabc161568e6eb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3386803Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/main@{#78649}
-
Jakob Gruber authored
We are guaranteed to have a valid ref for the prototype now that the no-concurrent-inlining configuration has been removed. Bug: v8:7790 Change-Id: I8400d1887f5cd41b14c92c87151847c0ed78f911 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3394708Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/main@{#78648}
-
Victor Porof authored
This CL exposes the `recurring` flag on the experimental async stack tagging API which was implemeted in the following CL: https://chromium-review.googlesource.com/c/v8/v8/+/3212506 It serves as a prototype to check if such an API is suitable for improving stack traces for frameworks which split up tasks across multiple frames, yielding back to the main thread when some time budget is consumed. The tests are implemented as Blink web tests in the following CL: https://chromium-review.googlesource.com/c/chromium/src/+/3383386 Bug: chromium:332624 Change-Id: I3e8c5de723cb7c0413d03ca4292c22d6a6e565b0 Signed-off-by: Victor Porof <victorporof@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3380495Reviewed-by: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/main@{#78647}
-
Victor Gomes authored
In preparation to use the hash table in the scope_info, we setup a hashtable from name to indices. Bug: v8:12315 Change-Id: I77f1eb40191c2fb2d40127e1e84dbc41ca2e4b70 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3386804Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Victor Gomes <victorgomes@chromium.org> Cr-Commit-Position: refs/heads/main@{#78646}
-
Simon Zünd authored
This CL introduces a dedicated API to retrieve the current (w.r.t. the JS stack) script name or sourceURL. Currently, API clients will collect multiple stack traces in increasing sizes to accomplish the same goal. The new method walks the JS stack in the same way as the stack trace collection mechanic but doesn't create/allocate stack info or callsite objects along the way. R=bmeurer@chromium.org, yangguo@chromium.org Doc: https://bit.ly/v8-current-script-name Bug: chromium:1286677 Change-Id: Id53e4f04bf17349d34f3d581bc712b1f4aa055db Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3382818Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/main@{#78645}
-
Jakob Gruber authored
Now that concurrent inlining is shipping on stable, remove support --no-concurrent-inlining. Note that it's still possible to run Turbofan exclusively on the main thread by passing --no-concurrent-recompilation. Bug: v8:7790, v8:12142, chromium:1240585 Change-Id: I1943bbbcad7dea7e3a3c337c239f14f7d96c23cd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3308798Reviewed-by: Liviu Rau <liviurau@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/main@{#78644}
-
Marja Hölttä authored
Give the "phantom" script containing the web snapshot functions the same name as the original script. Bug: v8:11525 Change-Id: Iae77d58152642256560ceb3688bc2b3d0d9800be Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3394707Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/main@{#78643}
-
Patrick Thier authored
The receiver is included unconditionally on all platforms (kJSArgcIncludesReceiver is always true). Remove all usages of kJSArgcIncludesReceiver from the code. Bug: v8:11112 Change-Id: I7d62e6de65b73fe6d8c3293f32b500b760b08a3e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3322980Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Patrick Thier <pthier@chromium.org> Cr-Commit-Position: refs/heads/main@{#78642}
-
Marja Hölttä authored
Serialize and restore objects' __proto__s. Bug: v8:11525 Change-Id: I241de1f8b716b2a1cc3cd45ce83759e07759202a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3345002Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/main@{#78641}
-
Benedikt Meurer authored
As described in https://crbug.com/1287476, the fact that the AsyncEventDelegate is currently implemented on top of the PromiseHooks causes performance problems and makes it difficult to reason about the exact (observed) semantics; this is because for this we intercept every JSPromise creation (via PromiseHook::kInit) and walk the synchronous stack at that point to see if we find one of Promise#then(), Promise#catch() or Promise#finally() on the stack. And if we do so, we report that to the AsyncEventDelegate (which is implemented in the inspector and will then do the async stack/stepping logic on top). This CL introduces dedicated instrumentation for Promise#then(), which is also called from Promise#catch() and Promise#finally(), and uses that instrumentation for the purpose of the AsyncEventDelegate. It also adjusts the stack walk to not always walk the full stack (which might lead to wrong results when calls to Promise#then(), which itself can call back into user JavaScript, are found deeper in the stack), but instead only check the top-most builtin frames and whatever user JavaScript frame is underneath it. On the standalone.js (from https://crbug.com/1287476#c1), when run with the DevTools default of maxDepth=200, we go from around 4.00ms to around 0.36ms. For everything that does not call Promise#then() - either explicitly or implicitly - or `await`s, there's now no observable performance impact of turning on the AsyncEventDelegate. Bug: chromium:1280519 Fixed: chromium:1287476 Change-Id: I4911bed146381fc46cfeefb763d6dfc32e8f6071 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3386379 Auto-Submit: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#78640}
-
Lu Yahan authored
Bug: v8:12543 Change-Id: I6dc98dea4e713323c18666ecfff459cbd55d90d5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3383514Reviewed-by: Maya Lekova <mslekova@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Yahan Lu <yahan@iscas.ac.cn> Cr-Commit-Position: refs/heads/main@{#78639}
-
QiuJi authored
According to https://chromium-review.googlesource.com/c/v8/v8/+/725721/, ToBoolean should be a simplified operator. Change-Id: I4898e1c022f7b3083aefd880478529b18f0d2dad Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3361661Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: ji qiu <qiuji@iscas.ac.cn> Cr-Commit-Position: refs/heads/main@{#78638}
-
Tobias Tebbi authored
The fast path has an early return if the two inputs are the same object. However, this was missing the check that the receiver is not undefined required by the spec. This fixes it by first checking that the receiver is a string and only afterwards checking for reference equality. Bug: v8:12495 Change-Id: I4c5fc80e09060b013c94b05bbc9da504ddbb5206 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3386602 Auto-Submit: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/main@{#78637}
-
- 16 Jan, 2022 1 commit
-
-
Dan Clark authored
Shell::FetchModuleTree assumes that the module at file_name wasn't already fetched. Shell::ExecuteModule is calling into FetchModuleTree without checking if the module is already in the module map, violating this assumption. This change fixes this by having Shell::ExecuteModule check for the existence of the module before calling into Shell::ExecuteModule, the same way that Shell::DoHostImportModuleDynamically does. Bug: v8:12530 Change-Id: Ia038cbd1715e85c9c92c4554fd486c657ef952e8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3388130Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/main@{#78636}
-
- 15 Jan, 2022 3 commits
-
-
Clemens Backes authored
This is a reland of 40b062ce. Known existing problems have been fixed, see https://crbug.com/v8/12330. Original change's description: > [future] Use mid-tier regalloc for huge functions > > Stage the --turbo-use-mid-tier-regalloc-for-huge-functions behind > --future. > > R=thibaudm@chromium.org > > Bug: v8:12287, v8:12320 > Change-Id: I7145ca1b022bfdcb0b61d6666daf855f14cbc4ce > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3236547 > Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> > Commit-Queue: Clemens Backes <clemensb@chromium.org> > Cr-Commit-Position: refs/heads/main@{#77549} Bug: v8:12287, v8:12320, v8:12330 Change-Id: I90eb2cb54b42fca77c1e3db9c18b20080f0d9338 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3347822Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#78635}
-
Clemens Backes authored
Access private fields directly instead. R=thibaudm@chromium.org Bug: v8:12330 Change-Id: I2b52dc8a2d0a1ee3a87cf6bd24b145e5c7419770 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3380914Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#78634}
-
Clemens Backes authored
Similar to the case of fixed registers, we need to consider both cases: A SIMD register might collide with either the low or high FP register, or the FP register might collide with a previously allocated SIMD register. We did only consider the first case so far. R=thibaudm@chromium.org Bug: chromium:1286253, v8:12330 Change-Id: Id4c995586cc8b97a2e131ee9d3417525e409bcef Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3380597Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#78633}
-
- 14 Jan, 2022 5 commits
-
-
Clemens Backes authored
For getting from one SIMD "sibling" register to the other, the mid tier register allocator was relying on the indexes of the two registers to be {2N} and {2N+1}. This is only true for lower SIMD registers; later registers can be at {2N-1} and {2N} instead, because of holes in the allocatable double registers (e.g. d13-d15 are not allocatable currently on ARM). We can rely on other facts though: 1) The two aliasing registers are always successive. 2) A SIMD register code always maps to the lower register index. 3) We can get from an F32 register code to F64 and from F64 to S128 by shifting one bit to the right (this is what {RegisterConfiguration::GetAliases} uses). This bug was uncovered by running the existing cctest/test-code-generator/FuzzAssemble* tests with either --turbo-use-mid-tier-regalloc-for-huge-functions or with --turbo-force-mid-tier-regalloc. Hence it will be covered by these tests once https://crrev.com/c/3347822 lands. R=thibaudm@chromium.org TEST=cctest/test-code-generator/FuzzAssemble* Bug: v8:12330 Change-Id: I168840fe50b6ba6cdaa6a5462596a5cbf55c87ec Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3378782Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#78632}
-
Michael Lippautz authored
This is a reland of 142dd775 Original change's description: > cppgc-js,heap: Implement snapshots for embedder fields > > https://crrev.com/c/3293410 added concurrent processing of C++ objects > found through V8 embedder fields. The CL missed that those embedder > fields are not read atomically from JS objects. The problem is that > embedder fields are only aligned to kTaggedSize on builds with pointer > compression and are as such mis-aligned for atomic ops. This is not a > problem for on-heap values as the upper 32bits are anyways computed > from the cage. Is is a problem for generic C++ values though, as they > are used with Oilpan. > > This CL adds the standard marker snapshot protocol for embedder fields. > > Marker: > 1. Snapshot embedder fields > 2. Try to mark host object > 3. On success: process snapshot > > Main thread: > 1. On setting embedder fields mark the object black first > 2. Emit a write barrier for the embedder fields > > This will get simpler with the heap sandbox that uses a separate table > for embedder fields. Once the sandbox is the default configuration, we > can use it as dependency for the concurrent fast path. > > Bug: chromium:1285706 > Change-Id: I6b975ea561be08cda840ef0dd27a11627de93900 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3380983 > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> > Commit-Queue: Michael Lippautz <mlippautz@chromium.org> > Cr-Commit-Position: refs/heads/main@{#78604} Bug: chromium:1285706 Change-Id: I024e50fc0757fbcd13cb9ffde027dff55f99d25c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3386600Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#78631}
-
Milad Fa authored
Implementations are added to macro-assembler to be shared between liftoff and code generator. Change-Id: I945e312b45d87e021ffd64948bdfd69d0642fb83 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3387608Reviewed-by: Junliang Yan <junyan@redhat.com> Commit-Queue: Milad Farazmand <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/main@{#78630}
-
Junliang Yan authored
Change-Id: If401e5c9d1ab6f293de2d8efed1f885683667408 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3386389Reviewed-by: Milad Farazmand <mfarazma@redhat.com> Commit-Queue: Junliang Yan <junyan@redhat.com> Cr-Commit-Position: refs/heads/main@{#78629}
-
Thibaud Michaud authored
- Add suspend asm builtin stub, and call it from the suspending wasm-to-js wrapper - Rename frame type to match both builtins (prompt and suspend) - Add suspend bool to the import cache key R=ahaas@chromium.org CC=fgm@chromium.org Bug: v8:12191 Change-Id: Ie5a8ca7cbe4bcb91697e05b6470e3d632d608993 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3345004Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/main@{#78628}
-