- 07 Aug, 2020 2 commits
-
-
Leszek Swirski authored
This reverts commit 60ee70bb. Reason for revert: wasm-api-tests/WasmCapiTest.Serialize starts flaking: https://crbug.com/v8/10784 Original change's description: > [wasm] Ensure that only TurboFan code is serialized > > We have the implicit assumption that Liftoff code will never be > serialized, and we start relying on that when implementing new features > (debugging, dynamic tiering). > > This CL makes the serializer fail if the module contains any Liftoff > code. Existing tests are changed to ensure that we fully tiered up > before serializing a module (similar to the logic in Chromium). > The "wasm-clone-module" test needs to serialize the module before > enabling the debugger. > > Note that chrome currently only serializes a module after it fully > tiered up, so that should be fine. If other embedders need the ability > to serialize a module in an arbitrary state, we will have to fix this > later. With this CL we will be on the safe side though and (gracefully) > fail serialization instead of accidentally serializing Liftoff code. > > R=ahaas@chromium.org > > Bug: v8:10777 > Change-Id: I1245e5f7fda3447a544c1e3525e1239cde759174 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2336799 > Commit-Queue: Clemens Backes <clemensb@chromium.org> > Reviewed-by: Andreas Haas <ahaas@chromium.org> > Cr-Commit-Position: refs/heads/master@{#69276} TBR=ahaas@chromium.org,clemensb@chromium.org Change-Id: Ic1349375bd562bb0a2724c39c27ef3247461c97b No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:10777 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2342845Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#69284}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/2e78142..2943e82 Rolling v8/third_party/aemu-linux-x64: TfK3Whl6AfZifLOotcOS_jvckKztERlPvmVyZo16fN0C..xa2xI0A-kKlMVwMtJRzexwWWPSwHynmUpB0Z6C9Y7wkC Rolling v8/third_party/android_platform: https://chromium.googlesource.com/chromium/src/third_party/android_platform/+log/c1f84dc..5edcbfd Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/ac60992..5cf00e2 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/486f181..24289f2 Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/1078c41..e6863f8 Rolling v8/tools/luci-go: git_revision:56ae79476e3caf14da59d75118408aa778637936..git_revision:b022173f8069cf8001d4cf2a87ce7c5f0eae220f Rolling v8/tools/luci-go: git_revision:56ae79476e3caf14da59d75118408aa778637936..git_revision:b022173f8069cf8001d4cf2a87ce7c5f0eae220f Rolling v8/tools/luci-go: git_revision:56ae79476e3caf14da59d75118408aa778637936..git_revision:b022173f8069cf8001d4cf2a87ce7c5f0eae220f TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com Change-Id: I783e91f9c10a8c295a9df81a16f85fdbecfcc13c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2340190Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#69283}
-
- 06 Aug, 2020 28 commits
-
-
Georg Neis authored
The test relies on certain maps not dying but didn't ensure that. Bug: v8:10783 Change-Id: I708f7fc027ee0bf5656be9bb4f29130f5b924597 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2340912Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Auto-Submit: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#69282}
-
Bill Budge authored
This is a reland of ce249dbb As it's unchanged, TBR=leszeks@chromium.org,tebbi@chromium.org Original change's description: > [torque] Port some constructor builtins to Torque. > > - FastNewFunctionContextEval > - FastNewFunctionContextFunction > - CreateEmptyLiteralObject > - CreateRegExpLiteral > - CreateEmptyArrayLiteral > - CreateShallowArrayLiteral > - CreateShallowObjectLiteral > - NumberConstructor > - ObjectConstructor > - GenericLazyDeoptContinuation > > Bug: v8:9891 > > Change-Id: Idd4bf035d8dbeec03b9ef727e1bfb80eab4bc43c > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2311411 > Commit-Queue: Bill Budge <bbudge@chromium.org> > Reviewed-by: Leszek Swirski <leszeks@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/master@{#69082} Bug: v8:9891 Change-Id: I566d4167c02488ef6a9a1c73015af5e2f484a31d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2330382 Commit-Queue: Bill Budge <bbudge@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#69281}
-
Santiago Aboy Solanes authored
This will ensure that the PersistentHandles are all created, and in the OptimizedCompilationInfo before going into Exectute. Bug: v8:7790 Change-Id: I1bc4f45153113c48422371498ff2cf79a1267737 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2336803Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#69280}
-
Milad Farazmand authored
Change-Id: I0362b4123ccce5d2709b1705453a32697581e526 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339551Reviewed-by: Junliang Yan <jyan@ca.ibm.com> Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#69279}
-
Santiago Aboy Solanes authored
Now that we are using PersistentHandles, we don't need it anymore. Bug: v8:7790 Change-Id: Id0b9d555191c00fb08dc2bb9099746076c5ad1b7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2332161 Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#69278}
-
Thibaud Michaud authored
Spill registers before stack checks so that we can inspect them, similar to traps. OSR during a stack check is still unsupported and will be fixed in a follow-up CL. R=clemensb@chromium.org Bug: v8:10235 Change-Id: I22c2da6b3f79b30c3838c568f9680204afc85d36 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339467 Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#69277}
-
Clemens Backes authored
We have the implicit assumption that Liftoff code will never be serialized, and we start relying on that when implementing new features (debugging, dynamic tiering). This CL makes the serializer fail if the module contains any Liftoff code. Existing tests are changed to ensure that we fully tiered up before serializing a module (similar to the logic in Chromium). The "wasm-clone-module" test needs to serialize the module before enabling the debugger. Note that chrome currently only serializes a module after it fully tiered up, so that should be fine. If other embedders need the ability to serialize a module in an arbitrary state, we will have to fix this later. With this CL we will be on the safe side though and (gracefully) fail serialization instead of accidentally serializing Liftoff code. R=ahaas@chromium.org Bug: v8:10777 Change-Id: I1245e5f7fda3447a544c1e3525e1239cde759174 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2336799 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#69276}
-
Marja Hölttä authored
This is a reland of 28ead054 The failure is a test that is sensitive to adding a function in a FunctionTemplate in d8: https://bugs.chromium.org/p/v8/issues/detail?id=10783 Original change's description: > [Atomics.waitAsync] Fix removing multiple nodes when Isolate deinits > > RemoveNode already nullifies the next_ pointer of FutexWaitListNode, > and DeleteAsyncNode was trying to retrieve it. > > Bug: v8:10239 > Change-Id: I595885de87f433d263eeacfc825a689efd467f5e > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2332812 > Commit-Queue: Marja Hölttä <marja@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Shu-yu Guo <syg@chromium.org> > Cr-Commit-Position: refs/heads/master@{#69259} Bug: v8:10239 Tbr: leszeks@chromium.org Change-Id: Icec590354886433a0b41c8f9b7af7101b54b7690 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339469Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#69275}
-
Maya Lekova authored
TBR=cbruni@chromium.org Bug: chromium:1052746 Change-Id: Ib61b06bcc4cd7cf9cfa741899322739e807605b0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339619 Commit-Queue: Maya Lekova <mslekova@chromium.org> Auto-Submit: Maya Lekova <mslekova@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#69274}
-
Marja Hölttä authored
Bug: v8:10783 No-Try: true Change-Id: I605813842af639158909bce13e162869b3cfc6db Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339621 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#69273}
-
Z Nguyen-Huu authored
Just a fast iteration over bytes written in Torque for Smi number and non-decimal radix, also only for more than one string character result. Improve following micro-benchmark by ~75% Before toHexString toHexString-Numbers(Score): 7905000 After toHexString toHexString-Numbers(Score): 14419000 Bug: v8:10477 Change-Id: I366092d4d70156ad33830352c1122af8794bea76 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2330221 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#69272}
-
Leszek Swirski authored
This reverts commit 28ead054. Reason for revert: mjsunit/compiler/serializer-transition-propagation failure seems to bisect to this (despite looking unrelated): https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/32532 Original change's description: > [Atomics.waitAsync] Fix removing multiple nodes when Isolate deinits > > RemoveNode already nullifies the next_ pointer of FutexWaitListNode, > and DeleteAsyncNode was trying to retrieve it. > > Bug: v8:10239 > Change-Id: I595885de87f433d263eeacfc825a689efd467f5e > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2332812 > Commit-Queue: Marja Hölttä <marja@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Shu-yu Guo <syg@chromium.org> > Cr-Commit-Position: refs/heads/master@{#69259} TBR=ulan@chromium.org,marja@chromium.org,syg@chromium.org Change-Id: I5db179aec5a04f59770903b17d059a7150c7efbd No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:10239 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339466Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#69271}
-
Leszek Swirski authored
Changes the isolate's string table into an off-heap structure. This allows the string table to be resized without allocating on the V8 heap, and potentially triggering a GC. This allows existing strings to be inserted into the string table without requiring allocation. This has two important benefits: 1) It allows the deserializer to insert strings directly into the string table, rather than having to defer string insertion until deserialization completes. 2) It simplifies the concurrent string table lookup to allow resizing the table inside the write lock, therefore eliminating the race where two concurrent lookups could both resize the table. The off-heap string table has the following properties: 1) The general hashmap behaviour matches the HashTable, i.e. open addressing, power-of-two sized, quadratic probing. This could, of course, now be changed. 2) The empty and deleted sentinels are changed to Smi 0 and 1, respectively, to make those comparisons a bit cheaper and not require roots access. 3) When the HashTable is resized, the old elements array is kept alive in a linked list of previous arrays, so that concurrent lookups don't lose the data they're accessing. This linked list is cleared by the GC, as then we know that all threads are in a safepoint. 4) The GC treats the hash table entries as weak roots, and only walks them for non-live reference clearing and for evacuation. 5) Since there is no longer a FixedArray to serialize for the startup snapshot, there is now a custom serialization of the string table, and the string table root is considered unserializable during weak root iteration. As a bonus, the custom serialization is more efficient, as it skips non-string entries. As a drive-by, rename LookupStringExists_NoAllocate to TryStringToIndexOrLookupExisting, to make it clearer that it returns a non-string for the case when the string is an array index. As another drive-by, extract StringSet into a separate header. Bug: v8:10729 Change-Id: I9c990fb2d74d1fe222920408670974a70e969bca Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339104 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#69270}
-
Georg Neis authored
There were a few places where we would do such verification even without --verify-heap. The CL changes these to be in line with all the rest. Change-Id: Ia43708104c7d7818dc8d41d645a84f9b5e7446a8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2336796 Auto-Submit: Georg Neis <neis@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Commit-Queue: Hannes Payer <hpayer@chromium.org> Cr-Commit-Position: refs/heads/master@{#69269}
-
Omer Katz authored
This is a revival of https://chromium-review.googlesource.com/c/v8/v8/+/2228332 The CL establishes the following: *) Objects are marked before being pushed to the worklists. *) Live bytes are always accounted after tracing an object (i.e. move from Gray to Black below). *) Previously not fully constructed objects are traced immediately instead of pushed to the marking worklist. This establishes the following invariants for all marking worklists: 1) White = !object.is_marked() && !worklist.contains(object) 2) Gray = object.is_marked() && worklist.contains(object) 3) Black = object.is_marked() && !worklist.contains(object) Bug: chromium:1056170 Change-Id: I821573b3fbc057e6ffb836154271ff986ecb4d2b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2336797Reviewed-by: Anton Bikineev <bikineev@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/master@{#69268}
-
Andreas Haas authored
We used to check the size of tables at compile time, and threw a CompilationError if a given size exceeded the implementation-defined limit. However, the spec defines that an error should only be thrown when the implementation-defined limit is reached, which is either at instantiation time of during runtime at a table.grow. With this CL the V8 implementation becomes spec compliant in this regard. R=jkummerow@chromium.org Bug: v8:10556 Change-Id: I7d0e688b385a65e4060a569e5ab1dec68947ceea Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2326331 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#69267}
-
Marja Hölttä authored
Bug: v8:10239, v8:10775 Change-Id: I0189dd8a71ef82d7c863f26511790a1ca426f72d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2340906Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#69266}
-
Clemens Backes authored
Wasm recently switched from spawning a number of background tasks for compilation to just using a single job (via the pretty new {Platform::PostJob} API). This caused major regressions in several benchmarks running in d8, because the {DefaultPlatform} is only using half of the available worker threads for executing jobs with "user visible" priority. This CL changes this to use all available worker threads for "user blocking" or "user visible" jobs, and two threads for "best effort" jobs. The limit of two threads for best effort is identical to what chromium does with best effort *tasks*. For user blocking and user visible, chromium does not impose any limit, so we also remove the limitation to half of the threads from d8. Drive-by: Use {NewDefaultJobHandle} for constructing {DefaultJobHandle}. R=mlippautz@chromium.org CC=ahaas@chromium.org, gab@chromium.org, etiennep@chromium.org Bug: chromium:1113234, chromium:1101340 Change-Id: I9280e649a1cf3832c562ff7251e8bda0103af111 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339481Reviewed-by: Andreas Haas <ahaas@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Commit-Queue: Hannes Payer <hpayer@chromium.org> Auto-Submit: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#69265}
-
Tobias Tebbi authored
This is a reland of 408e7240 Change: Allow CSA load elimination accross code comments Original change's description: > [torque] typed context slot access > > This introduces a new type Slot<ContextType, SlotType> that is used > for enum values used to access context slots. > Together with new types for the various custom contexts used in > Torque, this results in fairly type-safe access to context slots, > including the NativeContext's slots. > > Drive-by changes: > - Introduce a new header file to specify headers needed for > generated CSA headers, to reduce the amount of includes specified > in implementation-visitor.cc > - Port AllocateSyntheticFunctionContext to Torque. > > Bug: v8:7793 > Change-Id: I509a128916ca408eeeb636a9bcc376b2cc868532 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2335064 > Commit-Queue: Tobias Tebbi <tebbi@chromium.org> > Reviewed-by: Seth Brenith <seth.brenith@microsoft.com> > Cr-Commit-Position: refs/heads/master@{#69249} Bug: v8:7793 Change-Id: I1fe100d8d62e8220524eddb8ecc4faa85219748d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339462Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#69264}
-
Zeynep Cankara authored
This CL sync the timeline-tracks positions upon receiving a horizontal scrolling event. Bug: v8:10644 Change-Id: I69bc1066a3f5da6ddc978ad71fe77820df8066bd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2336806 Commit-Queue: Zeynep Cankara <zcankara@google.com> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#69263}
-
Jakob Gruber authored
In the --turbo-nci-as-highest-tier testing mode, allow NCI codegen for OSR to increase coverage and simplify logic. Bug: v8:8888 Change-Id: I254939928f92bf675dbf2b78cdd5b5dce802d972 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339460 Auto-Submit: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#69262}
-
Dominik Inführ authored
This reverts commit 1742d256. Reason for revert: Longer safepoint can cause deadlocks with global handles. Original change's description: > [heap] Add safepoints in Heap GC methods > > Add safepoints to GC methods in Heap. There is still stuff in > Heap::CollectGarbage which might work better or more precise in a global > safepoint. Be conservative here and move everything into the safepoint, > eventually we can start to move code out that is fine to run outside > the safepoint. > > Bug: v8:10315 > Change-Id: I656dfd72f032eff6f386cec63a02777506650aa7 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2335192 > Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Cr-Commit-Position: refs/heads/master@{#69228} TBR=ulan@chromium.org,dinfuehr@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: v8:10315 Change-Id: Idaf575911b34674c16d46b41c2ebee9f56dbac6d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339617Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#69261}
-
Clemens Backes authored
The interpreter is not an execution tier in production any more. It's only used in tests. Thus, remove {ExecutionTier::kInterpreter} and instead add a {TestExecutionTier} that still has {kInterpreter}. If needed (in {TestingModuleBuilder::execution_tier()}), we translate back from {TestExecutionTier} to {ExecutionTier} (for {kLiftoff} and {kTurboFan} only). The {TraceMemoryOperation} method, which is shared between interpreter and production code, now receives a {base::Optional<ExecutionTier>}, and we will just pass en empty optional if called from the interpreter. R=thibaudm@chromium.org Bug: v8:10389 Change-Id: Ibe133b91e8dca6d6edbfaee5ffa0d7fe72ed6d64 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2335186Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#69260}
-
Marja Hölttä authored
RemoveNode already nullifies the next_ pointer of FutexWaitListNode, and DeleteAsyncNode was trying to retrieve it. Bug: v8:10239 Change-Id: I595885de87f433d263eeacfc825a689efd467f5e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2332812 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/master@{#69259}
-
Anna Henningsen authored
`Object::GetRealNamedPropertyAttributes()` can crash if an empty `Maybe` is returned by `JSReceiver::GetPropertyAttributes()` because it was not checking for that. Fix that. Refs: https://github.com/nodejs/node/issues/34606 Change-Id: Ic83f904ba7134786bcd8f786eb2ce98adb4fea1e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2335057 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#69258}
-
Marja Hölttä authored
Bug: v8:10239, v8:10775 Change-Id: Ic12f9da7f8bb10f83c9e3c00f39a26412e058943 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2340904Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#69257}
-
Jakob Gruber authored
This reverts commit 408e7240. Reason for revert: debug builds fail is_component_build = true is_debug = true use_goma = true v8_enable_backtrace = true v8_enable_debugging_features = true v8_enable_fast_mksnapshot = true v8_enable_slow_dchecks = true v8_enable_snapshot_code_comments = true v8_enable_verify_csa = true v8_optimized_debug = false v8_use_multi_snapshots = false # Fatal error in ../../src/compiler/backend/instruction-selector.cc, line 3088 # Expected Turbofan static assert to hold, but got non-true input: static_assert(nativeContext == LoadNativeContext(context)) at src/builtins/promise-resolve.tq:45:5 Original change's description: > [torque] typed context slot access > > This introduces a new type Slot<ContextType, SlotType> that is used > for enum values used to access context slots. > Together with new types for the various custom contexts used in > Torque, this results in fairly type-safe access to context slots, > including the NativeContext's slots. > > Drive-by changes: > - Introduce a new header file to specify headers needed for > generated CSA headers, to reduce the amount of includes specified > in implementation-visitor.cc > - Port AllocateSyntheticFunctionContext to Torque. > > Bug: v8:7793 > Change-Id: I509a128916ca408eeeb636a9bcc376b2cc868532 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2335064 > Commit-Queue: Tobias Tebbi <tebbi@chromium.org> > Reviewed-by: Seth Brenith <seth.brenith@microsoft.com> > Cr-Commit-Position: refs/heads/master@{#69249} TBR=tebbi@chromium.org,seth.brenith@microsoft.com Change-Id: I90c014022a808449aca4a9b9b3c3b8e036beb28e No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:7793 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2340903Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#69256}
-
Michael Achenbach authored
This reverts commit 3927c9c4. Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20NumFuzz%20-%20debug/10732 Original change's description: > Override _runner_flags for num_fuzzer.py > > This CL ensures that we add the > '--fuzzing' flag to the num_fuzzer script. > Please note that NumFuzzer does not inherit the > StandardTestRunner class but it inherits > BaseTestRunner so we had to override _runner_flags. > > Bug: v8:10755 > Change-Id: Ifb779ba402106b8f2ce4d0e13090ef2db468a6ae > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2335185 > Commit-Queue: Almothana Athamneh <almuthanna@chromium.org> > Reviewed-by: Michael Achenbach <machenbach@chromium.org> > Reviewed-by: Liviu Rau <liviurau@chromium.org> > Cr-Commit-Position: refs/heads/master@{#69241} TBR=machenbach@chromium.org,liviurau@chromium.org,almuthanna@chromium.org Change-Id: Ie39fb87a0e53c5cbbc276f8efb6e4a89ce44bb74 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:10755 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2340902Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#69255}
-
- 05 Aug, 2020 10 commits
-
-
Omer Katz authored
Pdfium folks can't build pre-finalizers due to the missing qualifier. Bug: chromium:1056170 Change-Id: Ib90859880e845c714c52f10ee50841ac46bcb0ef Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339477 Commit-Queue: Omer Katz <omerkatz@chromium.org> Commit-Queue: Hannes Payer <hpayer@chromium.org> Commit-Queue: Anton Bikineev <bikineev@chromium.org> Auto-Submit: Omer Katz <omerkatz@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Reviewed-by: Anton Bikineev <bikineev@chromium.org> Cr-Commit-Position: refs/heads/master@{#69254}
-
Tobias Tebbi authored
Make sure that Torque/CSA generated phi's get kRepWord32 instead of kRepWord8 or kRepWord16, since that's how we handle small integer values in Turbofan. Bug: v8:7793 Change-Id: I992b43287552b6117e90fbd0e11576470bc91509 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339096 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#69253}
-
Mythri A authored
Change the heuristics for OSRing in TurboProp. Currently we OSR if a funciton is already optimized / marked for optimization but is still running optimized code. Since TurboProp optimizes much earlier than TurboFan using the same heuristics would cause us to OSR more often than required. This cl adds an additional check on the number of ticks to make sure the function is hot enough for OSRing. Bug: v8:9684 Change-Id: I7a1c8229182a928fd85efb23e2d385413c5209ef Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339098 Commit-Queue: Mythri Alle <mythria@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#69252}
-
Jakob Gruber authored
Just like the optimized code cache, the compiler should check the isolate cache for NCI code objects and return them if they exist. Drive-by: Skip additional tests to fix the nci_as_highest_tier test variant. These are related to interactions with deoptimization, which NCI code doesn't fully support yet. Bug: v8:8888 Change-Id: I6253811f96993796cfc38fff0da7ffb4f1a5eb24 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339095 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Cr-Commit-Position: refs/heads/master@{#69251}
-
Manos Koukoutos authored
Changes: - Remove restriction that function types cannot be used as ref types. - Introduce WasmModule::has_type(). - Remove deferred signature checks in module-decoder. Instead, check if type indices are out of bounds in consume_value_type (was bugged before). - Remove obsolete GetCanonicalRttIndex. - Refine type of ref.func. - Statically check immediate type against table type for call_indirect. - Dynamic check for call_indirect should only happen when for funcref (currently the only function supertype). - Allocate a different map per function signature (with Map::Copy). - Introduce function type equivalence and (trivial) subtyping. - Add a few elementary tests. Bug: v8:7748 Change-Id: If57d0bfd856c9eb3784191f3de423f53dfd26ef1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2335190 Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#69250}
-
Tobias Tebbi authored
This introduces a new type Slot<ContextType, SlotType> that is used for enum values used to access context slots. Together with new types for the various custom contexts used in Torque, this results in fairly type-safe access to context slots, including the NativeContext's slots. Drive-by changes: - Introduce a new header file to specify headers needed for generated CSA headers, to reduce the amount of includes specified in implementation-visitor.cc - Port AllocateSyntheticFunctionContext to Torque. Bug: v8:7793 Change-Id: I509a128916ca408eeeb636a9bcc376b2cc868532 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2335064 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Seth Brenith <seth.brenith@microsoft.com> Cr-Commit-Position: refs/heads/master@{#69249}
-
Jakob Gruber authored
... introduced by https://chromium-review.googlesource.com/c/v8/v8/+/2336793/ The parameter is called 'is_stub', but actually means 'not optimized JS code, nor wasm'. Tbr: leszeks@chromium.org Bug: v8:8888 Change-Id: I1dc2cf95cca6af5dd584dd889324edc94f44a628 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339314Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#69248}
-
Peter Marshall authored
The surrounding code can trigger an allocation through InliningStack which can eventually end up allocating a line ends array. This is fine as-is because the existing iterator code makes a copy of the byte array. It just triggers the no_gc dcheck in debug mode. Fixed: v8:10778 Change-Id: Ic8c502767ec6c3d3b1f5e84df60638bd2fc6be75 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339102 Auto-Submit: Peter Marshall <petermarshall@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#69247}
-
Clemens Backes authored
This function was only used in a single test, and it tests a scenario which cannot happen any more with the module cache: Having two copies of the same NativeModule in an isolate. Hence remove the respective runtime function and the test. R=ahaas@chromium.org Change-Id: Id7cdffbdf1bdf95a7eb31fdeb7d75b8e326bb90e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339100Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#69246}
-
Dominik Inführ authored
PagedSpace::SizeOfObjects() then returns exactly the same value as PagedSpace::Size(). SizeOfObjects() used to deduct the current LAB, however this is now more difficult with local heaps. Accessing the main thread LAB from concurrent threads causes a data race. Also LocalHeaps have their own LAB, which should be deducted as well to be uniform with the main thread. However this would be tricky and expensive. The simpler solution is to do not deduct the main thread LAB anymore. Bug: v8:10315 Change-Id: I3c47e1a65caca9395737251aa694b295e78c7fb5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2336090 Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#69245}
-