1. 02 Jun, 2022 1 commit
  2. 01 Jun, 2022 3 commits
  3. 17 May, 2022 1 commit
    • Michael Achenbach's avatar
      [numfuzz] Gracefully ignore contradictory flags · 3212b906
      Michael Achenbach authored
      NumFuzz passes various flags to V8 testing randomly, which can lead to
      various flag contradictions with existing flags. Up to now the system
      ignored the check for contradictions and kept running the test cases,
      leading to false positives.
      
      This change adds a new v8 flag --exit-on-contradictory-flags that
      exists gracefully when a contradiction is detected. On the numfuzz
      side we now filter simple contradictions beforehand.
      
      Measurements showed that ~2% of all numfuzz tests ran into
      contradictions. Around half of them are simple contradictions
      (repetitions and inversions), which are now filtered beforehand.
      The remaining ones (redundant or contradictory implications) are
      now ignored.
      
      Bug: v8:11826
      Change-Id: I9942e203ba9668a097fabe1343dd1365c9da94c1
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3650746
      Commit-Queue: Michael Achenbach <machenbach@chromium.org>
      Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
      Reviewed-by: 's avatarAlmothana Athamneh <almuthanna@chromium.org>
      Cr-Commit-Position: refs/heads/main@{#80589}
      3212b906
  4. 10 May, 2022 1 commit
    • Michael Achenbach's avatar
      Revert "[maglev] Turn on fuzzing for --maglev" · 7e9715d8
      Michael Achenbach authored
      This reverts commit b8b7a3a2.
      
      Reason for revert:
      https://crbug.com/1324097
      https://crbug.com/v8/12859
      
      Let's maybe only reland the clusterfuzz_trials part until the rest
      is sorted out.
      
      Original change's description:
      > [maglev] Turn on fuzzing for --maglev
      >
      > Turn on fuzzing for Maglev to get additional test coverage.
      >
      > Bug: v8:7700
      > Change-Id: I5b72d851639e31dff1bd91361cd81ad448c2d69e
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3629334
      > Auto-Submit: Jakob Linke <jgruber@chromium.org>
      > Commit-Queue: Michael Achenbach <machenbach@chromium.org>
      > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
      > Reviewed-by: Michael Achenbach <machenbach@chromium.org>
      > Cr-Commit-Position: refs/heads/main@{#80416}
      
      Bug: v8:7700, chromium:1324097, v8:12859
      Change-Id: I926319988c3b9a2bc6dd083c69691a6536838782
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3634963
      Auto-Submit: Michael Achenbach <machenbach@chromium.org>
      Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
      Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
      Cr-Commit-Position: refs/heads/main@{#80440}
      7e9715d8
  5. 09 May, 2022 1 commit
  6. 03 May, 2022 2 commits
  7. 26 Apr, 2022 1 commit
  8. 19 Apr, 2022 1 commit
  9. 07 Apr, 2022 1 commit
  10. 04 Apr, 2022 1 commit
  11. 29 Mar, 2022 1 commit
  12. 25 Mar, 2022 1 commit
  13. 23 Mar, 2022 1 commit
  14. 17 Mar, 2022 2 commits
  15. 02 Mar, 2022 1 commit
    • Jakob Gruber's avatar
      [maglev] Basic tiering to Maglev · 123c38a5
      Jakob Gruber authored
      When --maglev is set, tier up to Maglev from unoptimized tiers based on
      --interrupt-budget-for-maglev, initially set to 40KB (which should very
      roughly by 1/10th of the time until the TF tierup decision is made).
      On the first interrupt, a non-concurrent optimization to Maglev is
      requested, which the next call to the marked function will perform.
      
      - There is no support for tiering from Maglev to TF yet.
      - Maglev's language support is minimal and tests are not expected to
        pass with --maglev.
      - Disable --maglev by default for now.
      
      Drive-by: fixes related to Maglev flag definitions.
      
      Bug: v8:7700
      Change-Id: I121bb3f4f3830fdd20e1d4a12d3e04f08a99be38
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3500302Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
      Commit-Queue: Jakob Gruber <jgruber@chromium.org>
      Cr-Commit-Position: refs/heads/main@{#79328}
      123c38a5
  16. 18 Feb, 2022 2 commits
  17. 15 Feb, 2022 1 commit
  18. 11 Feb, 2022 1 commit
  19. 07 Feb, 2022 1 commit
  20. 04 Feb, 2022 2 commits
  21. 31 Jan, 2022 1 commit
  22. 27 Jan, 2022 1 commit
  23. 20 Jan, 2022 1 commit
  24. 17 Jan, 2022 1 commit
  25. 11 Jan, 2022 2 commits
  26. 10 Jan, 2022 3 commits
  27. 15 Dec, 2021 1 commit
    • Samuel Groß's avatar
      V8 Sandbox rebranding · 277fdd1d
      Samuel Groß authored
      This CL renames a number of things related to the V8 sandbox.
      Mainly, what used to be under V8_HEAP_SANDBOX is now under
      V8_SANDBOXED_EXTERNAL_POINTERS, while the previous V8 VirtualMemoryCage
      is now simply the V8 Sandbox:
      
      V8_VIRTUAL_MEMORY_CAGE => V8_SANDBOX
      V8_HEAP_SANDBOX => V8_SANDBOXED_EXTERNAL_POINTERS
      V8_CAGED_POINTERS => V8_SANDBOXED_POINTERS
      V8VirtualMemoryCage => Sandbox
      CagedPointer => SandboxedPointer
      fake cage => partially reserved sandbox
      src/security => src/sandbox
      
      This naming scheme should simplify things: the sandbox is now the large
      region of virtual address space inside which V8 mainly operates and
      which should be considered untrusted. Mechanisms like sandboxed pointers
      are then used to attempt to prevent escapes from the sandbox (i.e.
      corruption of memory outside of it). Furthermore, the new naming scheme
      avoids the confusion with the various other "cages" in V8, in
      particular, the VirtualMemoryCage class, by dropping that name entirely.
      
      Future sandbox features are developed under their own V8_SANDBOX_X flag,
      and will, once final, be merged into V8_SANDBOX. Current future features
      are sandboxed external pointers (using the external pointer table), and
      sandboxed pointers (pointers guaranteed to point into the sandbox, e.g.
      because they are encoded as offsets). This CL then also introduces a new
      build flag, v8_enable_sandbox_future, which enables all future features.
      
      Bug: v8:10391
      Change-Id: I5174ea8f5ab40fb96a04af10853da735ad775c96
      Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3322981Reviewed-by: 's avatarHannes Payer <hpayer@chromium.org>
      Reviewed-by: 's avatarIgor Sheludko <ishell@chromium.org>
      Reviewed-by: 's avatarMichael Achenbach <machenbach@chromium.org>
      Reviewed-by: 's avatarToon Verwaest <verwaest@chromium.org>
      Commit-Queue: Samuel Groß <saelo@chromium.org>
      Cr-Commit-Position: refs/heads/main@{#78384}
      277fdd1d
  28. 06 Dec, 2021 1 commit
  29. 02 Dec, 2021 1 commit
  30. 01 Dec, 2021 1 commit
    • Leszek Swirski's avatar
      [compiler-dispatcher] Enqueue tasks for non-eager inner funcs · 5ab1ec1e
      Leszek Swirski authored
      Add suppose for compiling non-eager, non-top-level inner functions in
      parallel, using the compiler dispatcher. This behaviour can be enabled
      with --parallel-compile-tasks-for-lazy.
      
      There are a couple of consequences:
      
        * To support this we need support for off-thread ScopeInfo
          deserialization, so this adds that too.
        * The previous --parallel-compile-tasks flag is renamed to the more
          descriptive --parallel-compile-tasks-for-eager-toplevel.
        * Both parallel-compile-tasks flags are moved onto
          UnoptimizedCompileFlags so that they can be enabled/disabled on a
          per-compile basis (e.g. enabled for streaming, disabled for
          re-parsing).
        * asm.js compilations can now happen without an active Context (in
          the compiler dispatcher's idle finalization) so we can't get a
          ContextId for metric reporting; we'd need to somehow fix this if we
          wanted asm.js UKM but for now it's probably fine.
        * Took the opportunity to clean up some of the "can preparse" logic in
          the parser.
      
      Change-Id: I20b1ec6a6bacfe268808edc8d812b92370c5840d
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3281924
      Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      Reviewed-by: 's avatarToon Verwaest <verwaest@chromium.org>
      Reviewed-by: 's avatarEmanuel Ziegler <ecmziegler@chromium.org>
      Cr-Commit-Position: refs/heads/main@{#78183}
      5ab1ec1e
  31. 30 Nov, 2021 1 commit