- 13 Sep, 2022 20 commits
-
-
Omer Katz authored
FillCurrentPage assumed that everything after top is empty, which doesn't work with MinorMC and sweeping. Revise FillCurrentPage based SimulateFullSpace for MinorMC. I similar implementation is provided both in unittests and cctest. Migrating affected cctest to unittests is left a future work. Bug: v8:12612 Change-Id: Ie29be2fc7aaee25e1fd5f66b1c0959c2a45f007f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885888Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/main@{#83158}
-
Al Muthanna Athamina authored
Bug: v8:13052 Change-Id: Ida65f95547006e6fa2542362c59f20c60a63a9af Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3893852Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Almothana Athamneh <almuthanna@chromium.org> Cr-Commit-Position: refs/heads/main@{#83157}
-
Leszek Swirski authored
This is a reland of commit 133e7f83 Reland: Rebase onto v8_multi_arch_build fix. Original change's description: > [maglev] Optimize monomorphic keyed loads > > Add a fast path for keyed loads that are: > > 1. Monomorphic, > 2. Fast elements accesses, > 3. Not out-of-bounds (deopt on OOB), > 4. Not holey > > Bug: v8:7700 > Change-Id: I4d46f4d0ce7065c93a9b092833fb16a8c9e9f94e > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3882974 > Auto-Submit: Leszek Swirski <leszeks@chromium.org> > Reviewed-by: Jakob Linke <jgruber@chromium.org> > Commit-Queue: Leszek Swirski <leszeks@chromium.org> > Cr-Commit-Position: refs/heads/main@{#83149} Bug: v8:7700 Change-Id: Ib48bdc8729757527c19d0b24864f8eab0570c3f3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3890920 Commit-Queue: Jakob Linke <jgruber@chromium.org> Reviewed-by: Jakob Linke <jgruber@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#83156}
-
Samuel Groß authored
During ExternalPointerTable::Grow, if we cross one of a handful of predefined utilization thresholds, we now request a (major) GC to free up entries that are no longer used in the table. Bug: v8:10391 Change-Id: Id2d262f0f1d4dc37aec1e4978a8be2d223fb2b2b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3890971 Commit-Queue: Samuel Groß <saelo@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#83155}
-
Leszek Swirski authored
v8_multi_arch_build toggles v8_enable_pointer_compression, but some other flags are set depending on v8_enable_pointer_compression. Previously the v8_multi_arch_build condition was resetting some of these in its branch, but we can make this simpler by moving the pointer compression toggle earlier, immediately after the default pointer compression setting. Change-Id: Ie5f4e73f947b693d4ba2abe4e1cf30009a2bbb2c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3890918Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#83154}
-
Hao Xu authored
The way to determine whether a MaybeObject is a strong or weak reference to the heap object is to check its lowest two bits. However, if the MaybeObject is known to not be a smi, that is, the lowest bit is known to be 1, we can check one bit instead. This allows Turbofan to select better instructions: x64: Before: movl r9,r11 andl r9,0x3 cmpb r9l,0x1 After: testb r11,0x2 arm64: Before: and w8, w7, #0x3 cmp w8, #0x1 (1) b.ne #+0x320 After: tbnz w7, #1, #+0x320 Change-Id: I03623183406ad7d920c96a752651e0116a22832e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3861310Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Hao A Xu <hao.a.xu@intel.com> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/main@{#83153}
-
Jakob Linke authored
.. Throw|LazyDeopt. Whether a builtin can Throw|LazyDeopt depends on the implementation, so to be safe all builtin calls should be marked as such - UNLESS we know for certain that one or the other doesn't happen. Drive-by: For calls with two result registers, properly consider the second register in a few spots. Bug: v8:7700 Change-Id: Icbcffb51e9760761a2f4e32d79af33abccb8f1cb Fixed: chromium:1361245 Fixed: chromium:1360800 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879617Reviewed-by: Leszek Swirski <leszeks@chromium.org> Auto-Submit: Jakob Linke <jgruber@chromium.org> Commit-Queue: Jakob Linke <jgruber@chromium.org> Cr-Commit-Position: refs/heads/main@{#83152}
-
Jakob Linke authored
.. where we sometimes want to inspect Node contents. With this CL, for a human-readable print in gdb: print node->Print() Note: Since we use an adhoc-created graph labeller, the output can't properly identify input nodes and instead prints them as 'unregistered node'. Bug: v8:7700 Change-Id: Icba458ac1a5c43a09b815e12582443aca4e19380 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3890914 Auto-Submit: Jakob Linke <jgruber@chromium.org> Commit-Queue: Jakob Linke <jgruber@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#83151}
-
Leszek Swirski authored
This reverts commit 133e7f83. Reason for revert: Breaks compilation for non-pointer-compressed x64 Original change's description: > [maglev] Optimize monomorphic keyed loads > > Add a fast path for keyed loads that are: > > 1. Monomorphic, > 2. Fast elements accesses, > 3. Not out-of-bounds (deopt on OOB), > 4. Not holey > > Bug: v8:7700 > Change-Id: I4d46f4d0ce7065c93a9b092833fb16a8c9e9f94e > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3882974 > Auto-Submit: Leszek Swirski <leszeks@chromium.org> > Reviewed-by: Jakob Linke <jgruber@chromium.org> > Commit-Queue: Leszek Swirski <leszeks@chromium.org> > Cr-Commit-Position: refs/heads/main@{#83149} Bug: v8:7700 Change-Id: I08e7ca3a79b383d19c6baf73a721364b859d6df3 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3890916 Auto-Submit: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#83150}
-
Leszek Swirski authored
Add a fast path for keyed loads that are: 1. Monomorphic, 2. Fast elements accesses, 3. Not out-of-bounds (deopt on OOB), 4. Not holey Bug: v8:7700 Change-Id: I4d46f4d0ce7065c93a9b092833fb16a8c9e9f94e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3882974 Auto-Submit: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Jakob Linke <jgruber@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#83149}
-
Liu Yu authored
Bug: v8:13206 Change-Id: Ifb5daeff2a1e91fd098bc5abe9f81339575636bf Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3837160Reviewed-by: Hannes Payer <hpayer@chromium.org> Reviewed-by: Jakob Linke <jgruber@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Auto-Submit: Liu Yu <liuyu@loongson.cn> Commit-Queue: Liu Yu <liuyu@loongson.cn> Cr-Commit-Position: refs/heads/main@{#83148}
-
Shu-yu Guo authored
The normative change in https://github.com/tc39/proposal-resizablearraybuffer/pull/93 changed the behavior of TypedArray.prototype.subarray(begin, end) such that if the receiver is a length-tracking TA and end is undefined, the result TypedArray is also length-tracking. This change reached consensus in the March 2022 TC39. Bug: v8:11111 Change-Id: If1a84cc3134f3ce8046196d6cc36683b6996dec0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3888382 Commit-Queue: Marja Hölttä <marja@chromium.org> Auto-Submit: Shu-yu Guo <syg@chromium.org> Reviewed-by: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/main@{#83147}
-
Fabrice de Gans authored
Bug: v8:8594 Change-Id: I398678bb92105dc99882e4a253d0c6235628952f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3892178 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Auto-Submit: Fabrice de Gans <fdegans@chromium.org> Cr-Commit-Position: refs/heads/main@{#83146}
-
Greg Thompson authored
Bug: v8:12589 Change-Id: Idf341625f8fadf4a0145887c0ec6642b5e6bfd88 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885882Reviewed-by: Alexander Schulze <alexschulze@chromium.org> Commit-Queue: Greg Thompson <grt@chromium.org> Cr-Commit-Position: refs/heads/main@{#83145}
-
Leszek Swirski authored
Loop used value lifetimes extension extends the lifetime of anything used inside of a loop but defined outside of it, to make sure that it is considered 'live' for the entire body of the loop (this is so that we don't e.g. clobber their stack slots with stack slot reuse). The implementation works on the principle that a) basic blocks are topologically sorted by forward control flow, and b) loops are irreducible. This means that basic blocks between a loop header and the jump to that loop header are inside the loop, and nodes whose id preceeds the loop header's id must be before the loop. Generator resumes break this irreducibility by jumping into the middle of loops. This is principally not a problem for the above lifetime extension, it just means that the loop's used nodes will overapproximate and include these generator nodes. However, there was an implicit additional assumption that the node must be loadable by the loop end, to extend its lifetime. This fails for the generator resume case, because it's possible that the node didn't make it into any loop merge state, e.g. because the resume would immediately deopt or return, e.g. Start / \ / GeneratorResume | | v | .>Loop header | | | | | Branch | | | | | | | Suspend | | | | | | Resume <-' | | | | | Return | v `--JumpLoop Here the Resume will get the accumulator from the generator and the Return will use it, which will be seen as an out-of-loop use of the generator, but the generator was never reachable from the "real" loop body. At the end of the day, since there are no actual uses of the generator value in the loop body, the lifetime extension does no harm; all that fails is a DCHECK that the values loop lifetime extension extends are actually loadable. So, we can relax this DCHECK for this specific generator edge case, by checking for whether the JumpLoop is reachable from the generator resume. Bug: v8:7700 Change-Id: Iec4db2aee5b8812de61c3afb9004c8be3982baa2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3890975 Auto-Submit: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Jakob Linke <jgruber@chromium.org> Commit-Queue: Jakob Linke <jgruber@chromium.org> Cr-Commit-Position: refs/heads/main@{#83144}
-
Leszek Swirski authored
Allow distinguishing control nodes that do and don't allow continued execution. Bug: v8:7700 Change-Id: Ifa13b64821484584929bd62a0d8585aee160c19e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3891255 Commit-Queue: Jakob Linke <jgruber@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Jakob Linke <jgruber@chromium.org> Cr-Commit-Position: refs/heads/main@{#83143}
-
Leszek Swirski authored
Missing predicate updates when implementing TF-compatible exception handling. Bug: v8:7700 Change-Id: I6b50f67d15e4a98879d651be196d4032bfc46100 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3891258 Commit-Queue: Jakob Linke <jgruber@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Jakob Linke <jgruber@chromium.org> Cr-Commit-Position: refs/heads/main@{#83142}
-
Frank Tang authored
Only change the implementation in BalanceISODate from https://github.com/tc39/proposal-temporal/pull/2178/files#diff-113bc23f7ddc769c78deac4268f2400a0a8ca75258f4a6a8af8219cf430a0788 Changes of other AOs in that PR is not in this cl. Note: Split from cl/3864358 Bug: v8:11544 Change-Id: I8c8514642cdb522975b23bcc9c2bb9eb56cb2839 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3892177Reviewed-by: Adam Klein <adamk@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/main@{#83141}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/6180903..7fcb69a Rolling v8/buildtools: https://chromium.googlesource.com/chromium/src/buildtools/+log/a7f5ad0..4276428 Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/861067d..4864449 Rolling v8/third_party/fuchsia-sdk/sdk: version:9.20220912.0.1..version:9.20220912.3.1 R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com Change-Id: I93a73b86e70bcc8c1aa9a4ae61c6aa15ec37cdc1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3893410 Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#83140}
-
Shu-yu Guo authored
v8::String::MakeExternal is currently incorrectly using the shared isolate of the shared string, which will race when setting VM state. In general the shared Isolate shouldn't be used for anything, it's an implementation detail to hold the shared heap space. Bug: v8:12007, v8:13276 Fixed: v8:13276 Change-Id: I21ec57645ed4740a4c19c51b8fa1e2928a07a0f4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3888384Reviewed-by: Adam Klein <adamk@chromium.org> Auto-Submit: Shu-yu Guo <syg@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/main@{#83139}
-
- 12 Sep, 2022 14 commits
-
-
Frank Tang authored
https://chromium.googlesource.com/external/github.com/tc39/test262/+log/8dcc0e19..7461973 Bug: v8:7834 Change-Id: I2dc32c22a01f0a6729e326864812f4230ad6ac54 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3880731Reviewed-by: Shu-yu Guo <syg@chromium.org> Commit-Queue: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/main@{#83138}
-
Manos Koukoutos authored
Bug: v8:12166 Change-Id: Ib1d9ac90a2b9c03915c496f1d23586ab8a94aef7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3891209 Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/main@{#83137}
-
Manos Koukoutos authored
Bug: v8:7748 Change-Id: Ic8b140c2dbf24171fe75b4feea04101f8c22e4dc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3890992Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/main@{#83136}
-
Camillo Bruni authored
callstats.html creates grouped entries on the fly. Thus we can safely ignore already added group entries from the input file. Change-Id: I5a17fc895c4d36bfd7b79fcdb6d4644498998f86 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3890977 Commit-Queue: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/main@{#83135}
-
Leszek Swirski authored
GetNamedPropertyFromSuper needs both the receiver and the lookup_start_object (the home object prototype), as it does lookups on the latter but calls accessors with the former as the receiver. Bug: v8:7700 Change-Id: Ib8b930d06eb8bed090ad1839a05514f0dffc321f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3891253 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/main@{#83134}
-
Seth Brenith authored
BackgroundMergeTask::CompleteMergeInForeground contained an incorrect assumption that some SharedFunctionInfos would have bytecode arrays. Bug: v8:12808, chromium:1360024 Change-Id: I42ca22fc3a4412aea5e5a433e63c685eaf2af242 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3888198Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com> Cr-Commit-Position: refs/heads/main@{#83133}
-
Michael Achenbach authored
A call to cancel_join_thread() is removed as it is suspected to leave the done_queue with garbled data on process join. Bug: v8:13113 Change-Id: I85a736cee98d1c2a315efdd468cde216ad848c99 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3891251Reviewed-by: Liviu Rau <liviurau@google.com> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/main@{#83132}
-
v8-ci-autoroll-builder authored
Rolling v8/base/trace_event/common: https://chromium.googlesource.com/chromium/src/base/trace_event/common/+log/640fc6d..521ac34 Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/24bb610..6180903 Rolling v8/buildtools: https://chromium.googlesource.com/chromium/src/buildtools/+log/46ab4c3..a7f5ad0 Rolling v8/buildtools/linux64: git_revision:00b741b1568d56cf4e117dcb9f70cd42653b4c78..git_revision:b4851eb2062f76a880c07f7fa0d12913beb6d79e Rolling v8/buildtools/third_party/libc++/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxx/+log/85a3363..60f9078 Rolling v8/buildtools/third_party/libc++abi/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxxabi/+log/6285577..5c3e02e Rolling v8/buildtools/third_party/libunwind/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libunwind/+log/42aa6de..60a480e Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/7ee0711..861067d Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/a089281..2d25dbd Rolling v8/third_party/fuchsia-sdk/sdk: version:9.20220902.1.1..version:9.20220912.0.1 Rolling v8/third_party/zlib: https://chromium.googlesource.com/chromium/src/third_party/zlib/+log/9f4113d..05e137d Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/0a22859..2a5ebae Rolling v8/tools/luci-go: git_revision:3226112a79a7c2de84c3186191e24dd61680a77d..git_revision:c93fd3c5ebdc3999eea86a7623dbd1ed4b40bc78 Rolling v8/tools/luci-go: git_revision:3226112a79a7c2de84c3186191e24dd61680a77d..git_revision:c93fd3c5ebdc3999eea86a7623dbd1ed4b40bc78 R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com Change-Id: Ife89abccaa2696ade97bb5640010c4f5bdc7009c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3891191 Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#83131}
-
Samuel Groß authored
This is a reland of commit 49c59678 The non-deterministic snapshot issue has been fixed by using the correct field size for CodeDataContainers in serializer.cc. Original change's description: > [sandbox] Fold V8_SANDBOXED_EXTERNAL_POINTERS into V8_ENABLE_SANDBOX > > Now that all external pointers have been sandboxed, > V8_SANDBOXED_EXTERNAL_POINTERS is no longer needed. This change also > shrinks external pointer slots to 32 bits when the sandbox is enabled. > > Bug: v8:10391 > Change-Id: Iccbef27ac107b988cb23fe9ef66da6fe0bae087a > Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3869269 > Reviewed-by: Leszek Swirski <leszeks@chromium.org> > Reviewed-by: Manos Koukoutos <manoskouk@chromium.org> > Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Commit-Queue: Samuel Groß <saelo@chromium.org> > Cr-Commit-Position: refs/heads/main@{#83083} Bug: v8:10391 Change-Id: I29870404406902d99ba6016c570cc0c4d05c6c85 Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3887899Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Reviewed-by: Manos Koukoutos <manoskouk@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Cr-Commit-Position: refs/heads/main@{#83130}
-
Leszek Swirski authored
Exception handlers were allowing register state to leak through, which had knock-on effects of Phi allocation inserting gap moves in an illegal location (specifically, at the end of the block, thinking that it's allocating a control node since it's not allocating a body node). Fix the register leak by clearing register state, and add some invariant guards in the areas where the failure appeared. Bug: v8:7700 Change-Id: I15c1fba1a250e295f0147a4e51a6c8c5481e8c7e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3890989Reviewed-by: Jakob Linke <jgruber@chromium.org> Commit-Queue: Jakob Linke <jgruber@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#83129}
-
Matthias Liedtke authored
Fixed: chromium:1362431 Bug: chromium:1362431 Change-Id: Iaef432459dc39aa8f6bef5b74687af172d065574 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3890991Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> Auto-Submit: Matthias Liedtke <mliedtke@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/main@{#83128}
-
Leszek Swirski authored
Make the flush-baseline-code tests use --no-maglev in addition to --no-turbofan. Bug: v8:7700 Change-Id: I12145735e7a88f156d30e15621a9fe12e18abecf Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3890990 Commit-Queue: Jakob Linke <jgruber@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Jakob Linke <jgruber@chromium.org> Cr-Commit-Position: refs/heads/main@{#83127}
-
Dominik Inführ authored
During verification all LABs are iterable. For PagedNewSpace we can therefore use the property that all new space pages are iterable. Bug: v8:12612 Change-Id: I71ec079fde3c0b719ccf91b431b0b29a8a9c5a2e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3888019Reviewed-by: Omer Katz <omerkatz@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/main@{#83126}
-
Jakob Linke authored
Bug: v8:7700 Change-Id: I9554ee1a569cea6a04694c7e0a5b84a45196080c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3876370Reviewed-by: Victor Gomes <victorgomes@chromium.org> Commit-Queue: Jakob Linke <jgruber@chromium.org> Cr-Commit-Position: refs/heads/main@{#83125}
-
- 10 Sep, 2022 5 commits
-
-
Frank Tang authored
Not passing null object but passing undefined while calling ToTemporalDate() Bug: v8:11544 Change-Id: I9376c32f306b000980d37bf233ffef3e83baf706 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885352 Commit-Queue: Frank Tang <ftang@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/main@{#83124}
-
Frank Tang authored
Add TimeHourMinuteBasicFormatNotAmbiguousWithMonthDay TimeZoneNumericUTCOffsetNotAmbiguousWithDayOfMonth TimeZoneNumericUTCOffsetNotAmbiguousWithMonth TimeZoneIdentifier, UnpaddedHour, TimeZoneIANALegacyName productions. Sync the spec of TemporalInstantString, TemporalTimeString TimeZone, TimeZoneBracketedAnnotation, TemporalTimeZoneString, ToTemporalTimeZone, TimeZoneIANAName productions. Fix bug in ScanCalendarDateTimeTimeRequired, ToTemporalTimeZone Change name from Handle<String> to Handle<Object> to hold undefined Update parser tests accordingly. Spec Text: https://tc39.es/proposal-temporal/#sec-temporal-iso8601grammar https://tc39.es/proposal-temporal/#sec-temporal-totemporaltimezone Related PR changes: https://github.com/tc39/proposal-temporal/pull/2284 https://github.com/tc39/proposal-temporal/pull/2287 https://github.com/tc39/proposal-temporal/pull/2345 Bug: v8:11544 Change-Id: I6f1a5e5dedba461db9f36abe76fa97119c1f8c2c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3822342Reviewed-by: Shu-yu Guo <syg@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/main@{#83123}
-
Lu Yahan authored
Port commit 6f9e71fa Change-Id: Id5226e0892f67573cea289040c2d5aa85f159478 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3886478 Commit-Queue: ji qiu <qiuji@iscas.ac.cn> Reviewed-by: ji qiu <qiuji@iscas.ac.cn> Auto-Submit: Yahan Lu <yahan@iscas.ac.cn> Cr-Commit-Position: refs/heads/main@{#83122}
-
Shu-yu Guo authored
This reverts commit 0a1f0e33. Reason for revert: JetStream regressions: https://bugs.chromium.org/p/chromium/issues/detail?id=1362212 Original change's description: > [strings] Fix raw hash lookup for forwarded strings > > Raw hashes may need to be looked up via the forwarding table when > internalized strings are forwarded to external resources. Notably, the > megamorphic ICs were not correctly fetching the raw hash. > > Bug: v8:12007 > Change-Id: Ibbc75de57e707788f544fbd1a0f8f0041350e29d > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885379 > Reviewed-by: Leszek Swirski <leszeks@chromium.org> > Commit-Queue: Shu-yu Guo <syg@chromium.org> > Reviewed-by: Patrick Thier <pthier@chromium.org> > Cr-Commit-Position: refs/heads/main@{#83115} Bug: v8:12007 Change-Id: I64853d55ea32b04b3325377c0c1affd0c1a27c6e No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3887949 Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Auto-Submit: Shu-yu Guo <syg@chromium.org> Owners-Override: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/main@{#83121}
-
Lu Yahan authored
Port commit b2576418 Bug: v8:13146 Change-Id: Ie3727e873614f6e3e0749cb8cc10b287cd9643c2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885380Reviewed-by: ji qiu <qiuji@iscas.ac.cn> Commit-Queue: Yahan Lu <yahan@iscas.ac.cn> Cr-Commit-Position: refs/heads/main@{#83120}
-
- 09 Sep, 2022 1 commit
-
-
Marja Hölttä authored
With everything related to map transitions, RAB/GSAB typed array elements kinds should behave exactly like non-RAB/GSAB typed array elements kinds. Bug: chromium:1360736, v8:11111 Change-Id: Ie5cef928a25856f0c476653275066b49dfee6e41 Fixed: chromium:1360736 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879497Reviewed-by: Shu-yu Guo <syg@chromium.org> Auto-Submit: Marja Hölttä <marja@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/main@{#83119}
-