- 27 Apr, 2022 6 commits
-
-
Anton Bikineev authored
If the following conditions hold: 1) value is kSentinel, 2) slot is on stack, 3) stack is allocated below 4GB, then the generational barrier would be erroneously triggered for the stack object object. This CL fixes it. At the same time, it aims to simplify the code and potentially optimizes it (by having 'and' instead of 'sub'). Bug: chromium:1029379 Change-Id: Iafd91d50b0a1c3d97647f7bf3643dfcc7e9fb48f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3608629Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Anton Bikineev <bikineev@chromium.org> Cr-Commit-Position: refs/heads/main@{#80202}
-
Samuel Groß authored
These can be tricked into corrupting memory when an attacker can leak the "hole" value due to a bug. This CL simply adds CHECKs to prevent this. A longer-term solution might be to introduce "special-purpose holes" so that a leaked "hole" value can no longer be used to confuse unrelated code like the JSMap implementation because that would then use a different "hole" value. Bug: chromium:1315901 Change-Id: Id6c432d39fb97002fa67efe90d34014fc5408ba3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3593783Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Cr-Commit-Position: refs/heads/main@{#80201}
-
Dominik Inführ authored
Introduce a bottleneck for right-trimming an object. In a subsequent CL we will use this method to update the cached size of invalidated objects. This CL also tries to clean-up the various CreateFillerObjectAt methods. CreateFillerObjectAtRaw is now the internal method for all these methods. After moving right-trimming to NotifyObjectSizeChange, both CreateFillerObjectAt and CreateFillerObjectAtBackground don't need those arguments for clearing slots or memory anymore. Bug: v8:12578, chromium:1316289 Change-Id: I6ff0bfaced3e0a1765152700e68a4ad33a155723 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3607992Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/main@{#80200}
-
jameslahm authored
... /objects/modules-unittest. Bug: v8:12781 Change-Id: Ie3d63ac470e435858dfd0e32b7fda2f78502aa17 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3607369Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: 王澳 <wangao.james@bytedance.com> Cr-Commit-Position: refs/heads/main@{#80199}
-
yufeng.freeman authored
This CL includes count value to InvalidCountValue error message to make it easier to dignoise RangeError of String.prototype.repeat. When InvalidCountValue error throw, we could not know it's caused by which count value if count value is not included. Bug: none Change-Id: I16e6693da0fc3b181241cb90daca27957f59c77c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3593574Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/main@{#80198}
-
Lu Yahan authored
Port 91453880 Change-Id: I863c060cee8a0830a33594d8843898e40e7a71d0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3606619 Auto-Submit: Yahan Lu <yahan@iscas.ac.cn> Reviewed-by: ji qiu <qiuji@iscas.ac.cn> Commit-Queue: ji qiu <qiuji@iscas.ac.cn> Cr-Commit-Position: refs/heads/main@{#80197}
-
- 26 Apr, 2022 32 commits
-
-
Frank Tang authored
PR85 https://github.com/tc39/proposal-intl-numberformat-v3/pull/85 Throw RangeError while roundingIncrement is not 1 and minimumFractionDigits != maximumFractionDigits Test by new test cases in intl/number-format/rounding-increment-v3.js Add more unit test to check the resolved options of roundingIncrement, minimumFractionDigits, and maximumFractionDigits. PR91 https://github.com/tc39/proposal-intl-numberformat-v3/pull/91 Throw TypeError instead of RangeError while roundingIncrement is not 1 and RoundingType is not fractionDigits Test by intl402/NumberFormat/constructor-roundingIncrement-invalid.js in test262 Bug: v8:10776 Change-Id: I071bfe8b3e844c5999144d74bb5f79ea9811e37b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3603059Reviewed-by: Shu-yu Guo <syg@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/main@{#80196}
-
Frank Tang authored
Also add AOs: IsIntegralNumber, ToIntegerWithoutRounding, ToTemporalDurationRecord, ToTemporalDuration, ParseTemporalDurationString, CreateDurationRecord Spec Text: https://tc39.es/proposal-temporal/#sec-temporal.duration.from https://tc39.es/ecma262/#sec-isintegralnumber https://tc39.es/proposal-temporal/#sec-temporal-totemporaldurationrecord https://tc39.es/proposal-temporal/#sec-temporal-totemporalduration https://tc39.es/proposal-temporal/#sec-temporal-parsetemporaldurationstring https://tc39.es/proposal-temporal/#sec-temporal-createdurationrecord Bug: v8:11544 Change-Id: I0f4176921e088bd2f2fd48ddd28f22f3b454bd3b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3379233Reviewed-by: Adam Klein <adamk@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/main@{#80195}
-
Milad Fa authored
Port 91453880 Original Commit Message: This is a reland of commit 91da3883 Original change's description: > Fixed: Use an X register for JumpIfCodeTIsMarkedForDeoptimization > on arm64. > Bug: v8:12161 Change-Id: I6e63bd5995340bac32654ef12c52d25b496140e3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3607997Reviewed-by: Junliang Yan <junyan@redhat.com> Commit-Queue: Milad Farazmand <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/main@{#80194}
-
Adam Klein authored
Change-Id: Idca60865da669dc90112eb04bdd464041fc447f3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3608119Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/main@{#80193}
-
Camillo Bruni authored
Add basic profiler support - Moved profiling-related helpers to profiling.mjs - Added bottom-up profiler table - Added mini-timeline overview wit opt/deopt events and usage graph - Added flame-graph, pivoted on the currently selected function Drive-by-fixes: - Added/updated jsdoc type information - Fixed static symbols (builtins, bytecodehandlers) that were both added by the CppEntriesProvider and from code-events in the v8.log - Support platform-specific (linux/macos) dynamic symbol loader by adding a query path ('/v8/info/platform') to lws-middleware.js - added css var --selection-color Bug: v8:10644 Change-Id: I6412bec63eac13140d6d425e7d9cc33316824c73 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3585453Reviewed-by: Patrick Thier <pthier@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/main@{#80192}
-
Jakob Gruber authored
Bug: v8:12161 Change-Id: I5ea8cdaac62e126bb6674fc109a9275c0a69fa23 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3605244Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Jakob Linke <jgruber@chromium.org> Cr-Commit-Position: refs/heads/main@{#80191}
-
Igor Sheludko authored
It's necessary to support fast W^X permission switching on MacOS on ARM64 ("Apple M1"/Apple Silicon) where permission modification of RWX pages to anything else is prohibited. On all the other architectures/platforms RecommitPages() is equivalent to SetPermissions(). The new API will be used in a follow-up CLs. Bug: v8:12797 Change-Id: Id0d8b8c42c81b80cd8fa6b47c227680d7d1f9b10 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3606231Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Samuel Groß <saelo@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/main@{#80190}
-
Shu-yu Guo authored
ShadowRealm.prototype.importValue dynamically imports other files, so the testing infrastructure need to look for these calls to gather files to push to e.g. test devices. The reason to do this over explicit Resources: comment lines is to also cover test262. Bug: v8:12829 Cq-Include-Trybots: luci.v8.try:v8_android_arm64_n5x_rel_ng Change-Id: I6a06933d5da849157b2c7d5fa6b7b98d39f7d39f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3606391Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/main@{#80189}
-
Jakob Gruber authored
.. since it's located in ReadOnlySpace and thus immutable. We could extend this to other strings in RO-space but for now I want to avoid too much movement. This bumps jetstream2/gbemu scores by ~30%. Bug: v8:12790,v8:12161 Change-Id: I3fe10703e9ceca19c110d19c83143d811e090192 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3607994 Auto-Submit: Jakob Linke <jgruber@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/main@{#80188}
-
Andreas Haas authored
For lazy compilation there is one generic lazy compilation builtin that spills all registers on the stack and then triggers the compilation of the called function. Some of these registers may contain references. If a GC was triggered during lazy compilation, the GC would have to know which spill slots on the stack contain references. This CL adds a check to guarantee that no GC can be triggered during lazy compilation. Thereby it is not necessary for the GC to know which spill slots contain references. If successful, lazy compilation indeed does not allocate on the heap and therefore cannot trigger a GC. However, when compilation fails, an error objects needs to be allocated and thrown. This allocation may trigger a GC, but that's not a problem, because the reference parameters which may get corrupted by the GC will not be used anyways, because the called function will never get executed after the failed compilation. R=clemensb@chromium.org Fixes: v8:11366 Change-Id: Ic526d169d4e80ba83f517970ff234e669f854331 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3599474Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/main@{#80187}
-
Andreas Haas authored
I cannot reproduce the original problem anymore. The test passes nicely. If the test (wasm-js/limits) fails again, then we should just disable it for those platforms where it is failing. Fixed: v8:11577 Change-Id: I186da2ec2dd8fd518ce4034e8e3838376fefbc3b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3605814Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/main@{#80186}
-
Jakob Gruber authored
.. since they may be written from background threads (for SP concurrent codegen). Bug: v8:12161 Fixed: chromium:1319857 Change-Id: I11860137ea4d79645821df69e61b62836f7c8283 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3605818 Auto-Submit: Jakob Linke <jgruber@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#80185}
-
jameslahm authored
... in DeserializeContexts. Allocate the context before filling the scope info with the correct variable name may cause DCHECK failure in TorqueGeneratedClassVerifiers::ScopeInfoVerify. This CL changes the context variables serialization order from "name, value, name, value" to "name, name... value, value...". And only allocate and fill the context after setting up the correct scope info. Bug: v8:12832 Change-Id: I6e91aa867a528b7ffcae85de0f2364d0f9ea1bd7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3607374Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: 王澳 <wangao.james@bytedance.com> Cr-Commit-Position: refs/heads/main@{#80184}
-
Patrick Thier authored
This is a reland of commit 8ba60b7a Changes to original: - Weaken DCHECK in MakeThin to allow direct transitions of shared strings during deserialization. This is safe as the string to be transitioned is freshly created and hasn't escaped the thread yet. - To enable this, add has_active_deserializer() to LocalIsolate - Shared thin string transitions are subject to the same layout changes as non-shared thin string transitions, thus treat them equally when checking if a map transition is safe. Original change's description: > [string] Non-transitioning shared strings > > Instead of transitioning shared strings to ThinString on > internalization, use a forwarding table to the internalized string and > store the index into the forwarding table in the string's hash field. > > This way we don't need to handle concurrent string transitions that > modify the underlying string data. > > During stop-the-world GC, live strings in the forwarding table are > migrated to regular ThinStrings. > > Bug: v8:12007 > Change-Id: I6c6f3d41c6f644e0aaeafbf25ecec5ce0aa0d2d8 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3536647 > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> > Reviewed-by: Jakob Linke <jgruber@chromium.org> > Reviewed-by: Shu-yu Guo <syg@chromium.org> > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Commit-Queue: Patrick Thier <pthier@chromium.org> > Cr-Commit-Position: refs/heads/main@{#79801} Bug: v8:12007 Change-Id: I022e5c4768b763a86bb28c9c82218c3b807371a0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3571817Reviewed-by: Shu-yu Guo <syg@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by: Jakob Linke <jgruber@chromium.org> Commit-Queue: Patrick Thier <pthier@chromium.org> Cr-Commit-Position: refs/heads/main@{#80183}
-
Andreas Haas authored
Drive-by change: fix stray "//". R=clemensb@chromium.org Change-Id: I614bbc545ab8cd803f0c64f04e01fa55c4c2ec7b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3605610Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/main@{#80182}
-
Clemens Backes authored
This adds the implementation of the {AssemblerBufferCache} class. PKU-protected memory is allocated via the {WasmCodeManager}, which has access to the actual protection key. R=thibaudm@chromium.org Bug: v8:12809 Change-Id: Id26abd6f98248d5c646ae337ccb903d3e168bed1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3593137Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#80181}
-
Clemens Backes authored
Other places use the {kSimd} bailout reason for bailouts because of missing CPU support for SIMD. We should do the same when encountering SIMD locals or parameters. R=thibaudm@chromium.org Change-Id: I7ea6ff32927a035cdafe437d581a79f67ff0b30f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3605243Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#80180}
-
Jakob Kummerow authored
When passing anyref-typed things to Wasm, we cannot expect that all functions are WasmExternalFunctions. Instead of adding a relatively expensive type check to such calls, this patch disables function unwrapping for anyref-typed values. Fixed: v8:12789 Change-Id: Ied57187bac7fde0326634f7b4fc428ad21dc9c2f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3605231 Auto-Submit: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/main@{#80179}
-
Victor Gomes authored
- For simplicity we call a builtin when allocating a number. - Elision of boxing/unboxing nodes will be done in a followup CL. Bug: v8:7700 Change-Id: Iec4422d84c6597d3369ab512a1662adb0f077c98 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3602514Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Victor Gomes <victorgomes@chromium.org> Auto-Submit: Victor Gomes <victorgomes@chromium.org> Cr-Commit-Position: refs/heads/main@{#80178}
-
Jakob Gruber authored
.. when deoptimization occurs after the outermost loop containing the loop that triggered OSR compilation. The reasoning is that the main benefit of OSR'd code is speeding up the OSR'd loop; the speedup of the OSR'd loop is assumed to be higher than deoptimization overhead. This is a slightly modified version of crrev.com/c/3521361, credit goes to tao.pan@intel.com for most of the investigation and implementation work. Bug: v8:12161 Change-Id: Ie729dd5d1df9c7f529a1cf1b9471bb60ce76c41a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3607988Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Jakob Linke <jgruber@chromium.org> Cr-Commit-Position: refs/heads/main@{#80177}
-
Andreas Haas authored
Table.set has two arguments, the table index and the value. Therefore Table.set was defined with a length of 2. However, the value argument is optional, so the length should actually be 1. Change-Id: Ica2ea13a8e78c974cb011df2b5dc99f8e7eb4bcd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3398496Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/main@{#80176}
-
Anton Bikineev authored
When setting a range for a newly allocated lab, consider adjacent cards. If either is young, don't mark it as kMixed. Bug: chromium:1029379 Change-Id: If7d1d920dd5769679de68800eae61f3a8dc1eb17 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3584116Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Anton Bikineev <bikineev@chromium.org> Cr-Commit-Position: refs/heads/main@{#80175}
-
jameslahm authored
... unittests/objects/concurrent-transition-array-unittest. Bug: v8:12781 Change-Id: Ic6fbef71e1439c0a0056b122a4b42dcad674ca3b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3604961Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: 王澳 <wangao.james@bytedance.com> Cr-Commit-Position: refs/heads/main@{#80174}
-
Nico Hartmann authored
This reverts commit 5d235def. Reason for revert: Speculative revert because of https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20gc%20stress/38153/overview Original change's description: > [heap] Store size with invalidated object > > When updating pointers during a full GC, a page might not be swept > already. In such cases there might be invalid objects and slots recorded > in free memory. Updating tagged slots in free memory is fine even though > it is superfluous work. > > However, the GC also needs to calculate the size of potentially dead > invalid objects in order to be able to check whether a slot is within > that object. But since that object is dead, its map might be dead as > well which makes size calculation impossible on such objects. The CL > changes this to cache the size of invalid objects. A follow-up CL will > also check the marking bit of invalid objects. > > Bug: v8:12578, chromium:1316289 > Change-Id: Ie773d0862a565982957e0dc409630d76552d1a32 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3599482 > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Reviewed-by: Jakob Linke <jgruber@chromium.org> > Reviewed-by: Patrick Thier <pthier@chromium.org> > Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> > Cr-Commit-Position: refs/heads/main@{#80169} Bug: v8:12578, chromium:1316289 Change-Id: I6949412c5d6e1aa15718d027043d9528137a60a0 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3605812 Auto-Submit: Nico Hartmann <nicohartmann@chromium.org> Owners-Override: Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#80173}
-
jameslahm authored
... /numbers/conversions-unittest. Bug: v8:12781 Change-Id: I81043f8bcebf5ce1292111211af1bea297c9eea4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3604962Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: 王澳 <wangao.james@bytedance.com> Cr-Commit-Position: refs/heads/main@{#80172}
-
jameslahm authored
... /date/date-unittest. Bug: v8:12781 Change-Id: Id5c7fd1ec11a427849c01acf992c7e398c456a4c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3599655Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: 王澳 <wangao.james@bytedance.com> Cr-Commit-Position: refs/heads/main@{#80171}
-
Tobias Tebbi authored
It seems that GCC 7 doesn't support constructor calls with curly braces inside of expressions. Bug: v8:12827 Change-Id: I7b8ff792de1f67a45af6e2e2d82808f57d23b66c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3606230 Auto-Submit: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/main@{#80170}
-
Dominik Inführ authored
When updating pointers during a full GC, a page might not be swept already. In such cases there might be invalid objects and slots recorded in free memory. Updating tagged slots in free memory is fine even though it is superfluous work. However, the GC also needs to calculate the size of potentially dead invalid objects in order to be able to check whether a slot is within that object. But since that object is dead, its map might be dead as well which makes size calculation impossible on such objects. The CL changes this to cache the size of invalid objects. A follow-up CL will also check the marking bit of invalid objects. Bug: v8:12578, chromium:1316289 Change-Id: Ie773d0862a565982957e0dc409630d76552d1a32 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3599482Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Jakob Linke <jgruber@chromium.org> Reviewed-by: Patrick Thier <pthier@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/main@{#80169}
-
jameslahm authored
... /objects/concurrent-prototype-unittest. Bug: v8:12781 Change-Id: Id283af4940a8cff19da78e0404022bc0faf2412e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3599654Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: 王澳 <wangao.james@bytedance.com> Cr-Commit-Position: refs/heads/main@{#80168}
-
Jakob Gruber authored
This is a reland of commit 91da3883 Fixed: Use an X register for JumpIfCodeTIsMarkedForDeoptimization on arm64. Original change's description: > [osr] Use the new OSR cache > > This CL switches over our OSR system to be based on the feedback > vector osr caches. > > - OSRing to Sparkplug is fully separated from OSR urgency. If > SP code exists, we simply jump to it, no need to maintain an > installation request. > - Each JumpLoop checks its dedicated FeedbackVector cache slot. > If a valid target code object exists, we enter it *without* > calling into runtime to fetch the code object. > - Finally, OSR urgency still remains as the heuristic for > requesting Turbofan OSR compile jobs. Note it no longer has a > double purpose of being a generic untargeted installation > request. > > With the new system in place, we can remove now-unnecessary > hacks: > > - Early OSR tierup is replaced by the standard OSR system. Any > present OSR code is automatically entered. > - The synchronous OSR compilation fallback is removed. With > precise installation (= per-JumpLoop-bytecode) we no longer > have the problem of 'getting unlucky' with JumpLoop/cache entry > mismatches. Execution has moved on while compiling? Simply spawn > a new concurrent compile job. > - Remove the synchronous (non-OSR) Turbofan compile request now > that we always enter available OSR code as early as possible. > - Tiering into Sparkplug no longer messes with OSR state. > > Bug: v8:12161 > Change-Id: I0a85e53d363504b7dac174dbaf69c03c35e66700 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3596167 > Commit-Queue: Jakob Linke <jgruber@chromium.org> > Auto-Submit: Jakob Linke <jgruber@chromium.org> > Reviewed-by: Leszek Swirski <leszeks@chromium.org> > Commit-Queue: Leszek Swirski <leszeks@chromium.org> > Cr-Commit-Position: refs/heads/main@{#80147} Bug: v8:12161 Change-Id: Ib3597cf1d99cdb5d0f2c5ac18e311914f376231d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3606232 Auto-Submit: Jakob Linke <jgruber@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#80167}
-
Frank Tang authored
Also add AOs: ToLargestTemporalUnit, ToISODayOfYear, RegulateISODate, AddISODate, DifferenceISODate Spec Text: https://tc39.es/proposal-temporal/#sec-temporal.calendar.prototype.dateuntil https://tc39.es/proposal-temporal/#sec-temporal-tolargesttemporalunit https://tc39.es/proposal-temporal/#sec-temporal-toisodayofyear https://tc39.es/proposal-temporal/#sec-temporal-regulateisodate https://tc39.es/proposal-temporal/#sec-temporal-addisodate https://tc39.es/proposal-temporal/#sec-temporal-differenceisodate Bug: v8:11544 Change-Id: I03a28bf07ddfae036491e49cb06278d050ddebf6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3534620Reviewed-by: Adam Klein <adamk@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/main@{#80166}
-
Liu Yu authored
The size of flag is now 16 bits. Bug: v8:12161 Change-Id: I5db5e05171281f27cce739c7b76e1d4b9ebf20b9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3602236Reviewed-by: Jakob Linke <jgruber@chromium.org> Commit-Queue: Yu Liu <liuyu@loongson.cn> Cr-Commit-Position: refs/heads/main@{#80165}
-
- 25 Apr, 2022 2 commits
-
-
Shu-yu Guo authored
Make the file names consistent on "shadow-realm" (i.e. singular, with a dash). Bug: v8:11989 Change-Id: Id0a6f417fd9b53b9f7ddf9677da7396fa2481af6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3606392Reviewed-by: Adam Klein <adamk@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/main@{#80164}
-
Shu-yu Guo authored
Currently the Isolate is gotten off of the object that the operation is being performed on. Shared objects return the shared Isolate, which is incorrect as it shouldn't be used to run JS, nor does it have HandleScopes open. Plumb the executing Isolate through. Bug: v8:12547 Change-Id: I3d960751c798ac657a6122598154e36d9d504c31 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3606489Reviewed-by: Adam Klein <adamk@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/main@{#80163}
-