- 15 Jan, 2020 23 commits
-
-
Santiago Aboy Solanes authored
Change-Id: I30032793e1e764a7be7453b3fa97649bfded229a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2000748 Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#65794}
-
Clemens Backes authored
This reverts commit b0ebfabc. Reason for revert: Speculative revert for nvidia bot failure: https://ci.chromium.org/p/v8/builders/ci/Linux%20V8%20FYI%20Release%20(NVIDIA)/7953 Original change's description: > Make NoSideEffectsToString gracefully handle huge msgs on error objects > > Bug: chromium:1032512 > Change-Id: I323981a08e316ebc10c729f2f04b7832373937b0 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1962865 > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Commit-Queue: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#65782} TBR=neis@chromium.org,jgruber@chromium.org Change-Id: Ibdc1efccab3edcd05dd1df99ad0263ea4bce9989 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:1032512 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002532Reviewed-by:
Clemens Backes <clemensb@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#65793}
-
Milad Farazmand authored
Port ba14c2f3 Original Commit Message: Add kWasmS128 to the list of supported types, and implement Fill for all the architectures so that LocalGet works. Add a new test file to contain tests that run only on Liftoff, and assert that the code is indeed compiled by Liftoff. We cannot rely on the nooptimization variant for testing because by default, if Liftoff compilation fails, it will fall back to Turbofan, and we accidentally get a test passing. We skip these tests on mips architecture that don't support SIMD, since there is no way to implement these, and we don't have a "lowering" phase for Liftoff. As we implement more of SIMD in Liftoff, we can add more tests to this file and ensure correctness. Future patches will introduce support for globals and params. R=zhin@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG= LOG=N Change-Id: I776b3d93dd4dc53641650ac30b26661e52142287 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002688Reviewed-by:
-
Santiago Aboy Solanes authored
It doesn't do anything. Bug: v8:10021 Change-Id: I430550f9ce25fd555ec32c8eb0f3276a63c7e53b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2000746Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#65791}
-
Jakob Gruber authored
Without the type check, Bytecode() may read OOB. Note that this is an internal, test-only runtime function. Bug: chromium:1041316 Change-Id: Id9898400605719df2a294e7654cf36ddeec23af1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002395 Auto-Submit: Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#65790}
-
Clemens Backes authored
This extends the debug side table to track stack offsets of locals and operand stack slots, and uses this to read spilled value from the physical stack frame when inspecting Liftoff frames. R=jkummerow@chromium.org Bug: v8:10019 Change-Id: Ida7ab5256fcc1e9d408201f4eafe26919f1432a1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2000739 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#65789}
-
Emanuel Ziegler authored
Add decoding of ref.null as a valid argument for references in TurboFan, LiftOff and the interpreter. R=ahaas@chromium.org R=jkummerow@chromium.org Bug: chromium:10063 Change-Id: I1e2d9c76f616dacb3aa06f8b535543bdcdcf0783 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1991485 Commit-Queue: Emanuel Ziegler <ecmziegler@chromium.org> Reviewed-by:
Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#65788}
-
Leszek Swirski authored
Introduce OffThreadFactory with initial string construction support. The OffThreadFactory shares with Factory a new CRTP base class, called FactoryBase. Methods in FactoryBase return a FactoryHandle<Factory, T> alias, which is Handle<T> for normal Factory and a new OffThreadHandle<T> for OffThreadFactory. OffThreadHandle<T> behaves like Handle<T>, except it stores the object in-line rather than needing external storage. Any shared factory methods are moved into FactoryBase, which uses CRTP to call the sub-class's AllocateRaw method (plus a few more customization points which need Isolate access on the main thread). Methods that used to take an Isolate or Factory, and are needed off the main thread, are now expected to be templated on the factory type and to use the appropriate handle. Once an OffThreadFactory has finished being used (e.g. off-thread compilation completed) its pages are "Published" into the main-thread Heap. To deal with string internalization without creating a bunch of ThinStrings, this is done in two stages: 1. 'FinishOffThread': The off-thread pages are walked to collect all slots pointing to "internalized" strings. After this is called it is invalid to allocate any more objects with the factory. 2. 'Publish': On the main thread, we transform these slots into <Handle to holder, offset> pairs, then for each saved slot re-internalize its string and update the slot to point to the internalized string. Bug: chromium:1011762 Change-Id: I008a694da3c357de34362bd86fe7e1f46b535d5e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1992434 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by:Ulan Degenbaev <ulan@chromium.org> Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#65787}
-
Michael Lippautz authored
The DCHECKs ensured that all on-stack handles removed when the embedder notifies V8 of an empty stack are indeed below the current stack limit. This is brittle, as the calls that are guaranteed to have no stack above, e.g., non-nestable tasks executing GC, sometimes have larger stack depth then previously registered on-stack handles. Resetting the slot to avoid UAF is not possible/needed as it is guaranteed in such cases that the stack is indeed different from the stack that was used when registering an on-stack handle. This CL removes the DCHECKs and trust the embedder on such calls, similar to when the embedder tells V8 that there's no interesting C++ stack on top of a call to avoid conservative stack scanning. Bug: chromium:1040038 Change-Id: I2e8c77d8080f2d888f773984646998bede59e19c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2000753Reviewed-by:
-
Jakob Kummerow authored
When reserving the requested virtual memory fails (due to address space exhaustion), simply return nullptr to indicate allocation failure, which callers must be prepared to handle anyway. That way, ClusterFuzz will correctly classify OOM situations. Bonus change: skip demo test on simulators to save time. Drive-by cleanup: add a 'simulator_run' section to mjsunit.status Bug: chromium:1042151,chromium:1042173 Change-Id: I8569f3c0d2a681fbf6f91b665dcb88a4ac3b901e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002391Reviewed-by:
-
Clemens Backes authored
This moves first parts of the wrapper generation to the GraphAssembler. We should migrate more code in follow-up CLs, and think about also computing the schedule in the GraphAssembler (once everything is migrated). This also removes the only uses of the controversial {HalfDiamond} construct, hence this is also removed in this CL. Plus a bug fix in the GraphAssembler::Call method, and a new method in GraphAssembler to load heap number values. R=jkummerow@chromium.org, tebbi@chromium.org Bug: v8:10123 Change-Id: Iac4661cdd50049cb73a2f305e280c1af6200729a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2000756Reviewed-by: -
Leszek Swirski authored
Bug: v8:10122 Change-Id: I5fc28a4e567ad545ac39324240458960fc86b71c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2000744 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Reviewed-by:
-
Georg Neis authored
Bug: chromium:1032512 Change-Id: I323981a08e316ebc10c729f2f04b7832373937b0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1962865Reviewed-by:
-
Nico Hartmann authored
This CL adds optimizations for Word64And, Word64Or and Word64Xor to the MachineOperatorReducer. Some of these (esp. constant folding) have previously been removed from CodeAssembler to streamline the optimization pipeline. Bug: v8:10021 Change-Id: I679f0b60589a84b2d92ca6d9083efaddfe0b6423 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1997131 Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> Reviewed-by:
Maya Lekova <mslekova@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#65781}
-
Clemens Backes authored
Some architectures used {kConstantStackSpace}, others used {kInstanceOffset}. This CL unifies it to {kInstanceOffset} and uses that constant consistently (in {GetInstanceOperand}). R=zhin@chromium.org Bug: v8:10019 Change-Id: Ia2b6908e289591e2dbc48e559e11407877b7c4ad Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2000146Reviewed-by:Zhi An Ng <zhin@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#65780}
-
Nico Hartmann authored
bug: chromium:1041232 No-Try: true Change-Id: Icdf1b41016701a1c336793ee278ef704782e610a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2000755Reviewed-by:
-
Shu-yu Guo authored
https://chromium.googlesource.com/external/github.com/tc39/test262/+log/31f1bb5a..28b4fcca4 Bug: v8:7834, v8:7532, v8:10111, v8:9515, v8:10112 Change-Id: I4775a7788fe9158e1318ca04dd1d34adc21060be Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1994392 Auto-Submit: Shu-yu Guo <syg@chromium.org> Reviewed-by:
Mathias Bynens <mathias@chromium.org> Commit-Queue: Mathias Bynens <mathias@chromium.org> Cr-Commit-Position: refs/heads/master@{#65778}
-
Tobias Tebbi authored
Bug: v8:7793 Change-Id: Ibf045274ae48bd58f8c99361f02e51860b1a4150 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1997443 Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> Auto-Submit: Tobias Tebbi <tebbi@chromium.org> Reviewed-by:
Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/master@{#65777}
-
Simon Zünd authored
This CL attempts to fix a chrome crash seen in the wild. Without a reproducer, the current working theory is that we hit a 'null' context in some edge case, causing us to access an empty handle. This CL prevents the empty context handle to be dereferenced. TBR=yangguo@chromium.org Bug: chromium:1038747 Change-Id: Icd6f4853a22ddbf1e504f0f0f90c065b3437f8ab Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2000752Reviewed-by:
Simon Zünd <szuend@chromium.org> Commit-Queue: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#65776}
-
Jakob Gruber authored
Without the type check, Code() may read OOB. Note that this is an internal, test-only runtime function. Bug: chromium:1041316 Change-Id: I8c0b21ce3c2aea8aa3d065b99d8ab45a8c9e754f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2000749 Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Auto-Submit: Jakob Gruber <jgruber@chromium.org> Reviewed-by:
-
Jakob Gruber authored
Native C++ arrays cannot have size 0 and thus need a dummy element when filled with variadic template args. std::array does not have this limitation and makes related code easier to read. Bug: v8:9972 Change-Id: I70304b55525bd67d966fa69c663a71c202245d14 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2000751 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Michael Stanton <mvstanton@chromium.org> Auto-Submit: Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/master@{#65774}
-
Clemens Backes authored
With --stress-opt, the second run will share the NativeModule with the first run, hence it's in a nondeterministic state and the test expectations fail. TBR=ahaas@chromium.org CC=duongn@microsoft.com No-Try: true Bug: v8:10086, v8:9654 Change-Id: I74cf5e841ae2330b3b846ee742cc022305ec9636 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2000750 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by:
-
v8-ci-autoroll-builder authored
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/71813e2..7431e17 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/a1266b6..2a04803 TBR=machenbach@chromium.org,tmrts@chromium.org Change-Id: If4e16809f0065ee7780d7bb316d51fbc8f7e2a7b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2001822Reviewed-by:
v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#65772}
-
- 14 Jan, 2020 17 commits
-
-
Ng Zhi An authored
blendvpd should not be defined in the macro list, since the AVX version has 4 operands, not 3. Change-Id: Id020b460fa1a3510a91490f3b2286024cc6c5994 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1990139 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by:
Deepti Gandluri <gdeepti@chromium.org> Cr-Commit-Position: refs/heads/master@{#65771}
-
Milad Farazmand authored
Port 83b115c3 R=ahaas@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG= LOG=N Change-Id: I46030004c893430abf693b67f8f7b0bb56c49e7a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2001145Reviewed-by:
-
Ng Zhi An authored
Also add missing disasm for SSE4_2 instruction. Bug: v8:9561 Change-Id: Idc8d3c0e59f0e9aff57ebdcc5774bba375828597 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1986386Reviewed-by:
-
Ng Zhi An authored
Add kWasmS128 to the list of supported types, and implement Fill for all the architectures so that LocalGet works. Add a new test file to contain tests that run only on Liftoff, and assert that the code is indeed compiled by Liftoff. We cannot rely on the nooptimization variant for testing because by default, if Liftoff compilation fails, it will fall back to Turbofan, and we accidentally get a test passing. We skip these tests on mips architecture that don't support SIMD, since there is no way to implement these, and we don't have a "lowering" phase for Liftoff. As we implement more of SIMD in Liftoff, we can add more tests to this file and ensure correctness. Future patches will introduce support for globals and params. Bug: v8:9909 Change-Id: I7fc911f2d588d60c709ddb258b2efc1f22805fab Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1999470 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by:
-
Ng Zhi An authored
Bug: v8:10114 Change-Id: Ia882bdf012399d6fc3345bd870e9038da4780f85 Fixed: v8:10114 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1999614Reviewed-by:
-
Shu-yu Guo authored
Bug: chromium:1038178 Change-Id: I0c96015817b226368479bf8a384a654e6ed22969 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1987914Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Auto-Submit: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/master@{#65766}
-
Andreas Haas authored
R=clemensb@chromium.org Bug: v8:10108 Change-Id: If34fe46611c4e3c558b658f741a9266fde634f99 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1991495 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by:
-
Andreas Haas authored
I also fixed one issue in the wasm interpreter. R=clemensb@chromium.org Bug: v8:10180 Change-Id: Ie30e908ad051a27fa611e8d36134b67aaf4c830c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2000741 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by:
-
Z Nguyen-Huu authored
Reuse logic in {CompileNativeModule} function in module-compiler.cc: initialize parallel compile jobs, then wait for them to finish while taking part in this compilation. Bug: v8:9654 Change-Id: I9974d9f8b516e9faec716a592c7c0ee9c7077d8e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1977041 Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com> Reviewed-by: -
Dan Elphick authored
This Tnodifies the CombineFeedback and OverwriteFeedback methods and changes the TaggedToWord32OrBigInt* ann TaggedToNumeric methods to take TVariables. Additionally it refactors bitwise binary operators in intepreter-generator.cc and builtins-number-gen.cc and puts the common code in NumberBuiltinsAssembler. Bug: v8:10021 Change-Id: I3b15ecfadb42b50ffbfd0bd1114197e0fef42e99 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1995387 Commit-Queue: Dan Elphick <delphick@chromium.org> Reviewed-by:
-
Santiago Aboy Solanes authored
The DCHECK was not correct in pointer compression mode. Change-Id: Ifc00478df10962a8114f2d9cd1596ddaedc60d97 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2000742Reviewed-by:
-
Clemens Backes authored
This just removes the flag if it is not supported anyway. This avoids fuzzers trapping over this. The same was done for the --perf-prof flag in https://crrev.com/c/1993969. R=ahaas@chromium.org Bug: chromium:1035233 Change-Id: I7b4b8fdd141df717cc62d795534f30435f7b38c1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1998083Reviewed-by:
-
Clemens Backes authored
Tests which set the --perf-prof flag leave behind a file in the current working directory every time they execute. In order to avoid this, this CL introduces a --perf-prof-delete-file flag, which removes this file right after creating it. This still allows the process to write to it via the open handle, but the file will be gone afterwards, even if the process crashes or gets killed while executing. R=ahaas@chromium.org Bug: v8:10121 Change-Id: I99b159bb6d94255f77095ac78d98ba55106e94fc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2000738Reviewed-by:
-
Milad Farazmand authored
Port 4648b83c Original Commit Message: This CL implements 4 of the 6 load extend operations. The added opcodes include: I16x8Load8x8S, I16x8Load8x8U, I32x4Load16x4S, I32x4Load16x4U. R=zhiguo.zhou@intel.com, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG= LOG=N Change-Id: I3a3308522a69dba78c7a8d6b3ff4b25d25f2e569 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1999492Reviewed-by:
Junliang Yan <jyan@ca.ibm.com> Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#65758}
-
Michael Lippautz authored
- Introduces a API to set top of the stack through EmbedderHeapTracer::SetStackTop. - Introduces a new API to inform V8 about an empty embedder stack. - Switch internal representation of TracedReference for on-stack handles to a proper stack that considers all contained handles as roots. - Handle garbage is avoided by cleaning up on handle creation or GC. Design doc: https://bit.ly/on-stack-traced-reference Bug: chromium:1040038 Change-Id: I927ef0abb268fdb5853c9e17b1bc96e2491cf101 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1993973 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
-
Seth Brenith authored
There is no particular reason that PropertyDescriptorObject should be a subclass of FixedArray. By using a separate struct type, we get better generated accessor functions, automatic verification, and runtime type info, plus we save four bytes per instance. Change-Id: If076782832aa9398806794e4ee6d019aea2f92b7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1999463Reviewed-by:
-
Ulan Degenbaev authored
Currently the on-hold area is reset on incremental marking steps. At the start of marking we conservatively assume that the on-hold area spans the initially allocated linear allocation area, which may be large. Bug: chromium:973627 Change-Id: I83f2d0e38a2a255c1e8d48549352e9303be89920 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2000737Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#65755}
-
