- 11 May, 2021 1 commit
-
-
Camillo Bruni authored
On x64 we can emit more compact instructions for mov(reg, imm). However currently this only happens when using the Set method explicitly. This CL renames Set to Move to avoid confusion and yield better code by default. Also use the new Move helper for Smis as well. Change-Id: I06558e88d1142098f77fb98870f09742d494f3dc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2874450Reviewed-by: Zhi An Ng <zhin@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#74512}
-
- 10 May, 2021 1 commit
-
-
Clemens Backes authored
After updating our bots to use GCC 7.4, we do not need to support incomplete C++14 support any more. In particular, we can assume complete c++14 constexpr support now. This CL removes the V8_HAS_CXX14_CONSTEXPR and CONSTEXPR_DCHECK macros. The CONSTEXPR_DCHECKs are replaced by DCHECK and friend, or STATIC_ASSERT where possible. R=jgruber@chromium.org, leszeks@chromium.org, mlippautz@chromium.org Bug: v8:9686, v8:11384 Change-Id: I3a8769a0f54da7eb2cacc37ee23e5c97092e3051 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2876847Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#74486}
-
- 30 Apr, 2021 1 commit
-
-
Clemens Backes authored
cpplint rules change over time, and we change the exact rules we enable for v8. This CL removes NOLINT annotations which are not needed according to the currently enabled rules. R=pthier@chromium.org Bug: v8:11717 Change-Id: Id930a72e938a82e4dd8117cb2d4834d9dfb7e9e5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2862763Reviewed-by: Patrick Thier <pthier@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#74306}
-
- 21 Apr, 2021 1 commit
-
-
Leszek Swirski authored
Similar to the recent change to --code-comments, make --debug-code a build-time enabled flag, enabled by default on debug builds. This also removes the emit_debug_code() option from the assembler, instead using the flag directly (there were no cases where this option didn't match the global flag). Change-Id: Ic26b0d37b615a055508c9dda099ffbe979eae030 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2843348 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#74095}
-
- 08 Apr, 2021 3 commits
-
-
Igor Sheludko authored
This CL fixes a segfault when Wasm tried to generate a builtin call from background compilation job when the Isolate was already teared down by the main thread. Drive-by: Use CallBuiltin in RegExpMacroAssemblerARM64. Bug: v8:11527, chromium:1195552 Change-Id: I8048ffcb212bda4d19d07b5ec6b487d6fb16b30d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2811739 Auto-Submit: Igor Sheludko <ishell@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#73850}
-
Jakob Gruber authored
Lookarounds rewind the position after matching, and thus don't play well with eats_at_least (EAL). This CL disables EAL propagation from lookarounds. In the future we could be a bit smarter by skipping over lookarounds instead of resetting to 0. Bug: v8:11290 Change-Id: I935400a7f9cda96d9c5a80e412ba7d04de70a84f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2808944Reviewed-by: Seth Brenith <seth.brenith@microsoft.com> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#73849}
-
Jakob Gruber authored
The eats_at_least (EAL) value is applied in forward-directions only. Two reasons for that which are relevant to this CL: - EAL's of neighboring nodes are combined additively, irrespective of their read_backward value. - EatsAtLeastPropagator::VisitText uses the successor's eats_at_least_from_not_start value, which doesn't work properly for read_backwards successors (which may end at the start). A symptom of this bug was that we applied an incorrect EAL of 255 starting at the initial 'x' of /x(?<=^x{4})/); for subject strings shorter than 255 chars, this would result in an incorrect failure result. Bug: v8:11616 Change-Id: I4b2b1b78f0cea8f59e4beb1037ee46035d83c927 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2807596Reviewed-by: Seth Brenith <seth.brenith@microsoft.com> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#73848}
-
- 07 Apr, 2021 1 commit
-
-
Jakob Gruber authored
Until now we've only exposed trace output for the parse- and assembly stages of regexp codegen. Debug tracing of the graph was missing. The new --trace-regexp-graph flag fills that hole. Available regexp codegen tracing flags are now: --trace-regexp-parser --trace-regexp-graph --trace-regexp-assembler The output of --trace-regexp-graph can be formatted with `dot`, for example: $ d8 --trace-regexp-graph [...] | dot -Tjpg -o regexp-graph.jpg Change-Id: Ice593c34f7818c94e42d98e98a31533178bb538b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2808945 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Auto-Submit: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Patrick Thier <pthier@chromium.org> Cr-Commit-Position: refs/heads/master@{#73825}
-
- 19 Mar, 2021 1 commit
-
-
Georgia Kouveli authored
This use of LR previously allowed overwriting it with arbitrary addresses that aren't signed. Change this so we never return to an arbitrary LR. Instead of loading the InterpreterTrampolineEntry address into LR directly, use an ADR instruction to place into LR the address of a piece of code that jumps to the InterpreterTrampolineEntry instead. This makes a difference because BR is also constrained by BTI, whereas RET isn't. An alternative would have been to `Call` instead of `Jump` to the target bytecode and avoid the ADR instruction altogether, but I wanted to keep the same behaviour with respect to the return stack that the existing code exhibits. Also add a comment to src/regexp/arm64/regexp-macro-assembler-arm64.cc for a similar use of LR that should eventually be removed. Bug: v8:10026 Change-Id: I24a13481f3fa416247dab8f9e5ae6f52f6b2ad42 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2764761Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com> Cr-Commit-Position: refs/heads/master@{#73535}
-
- 17 Mar, 2021 3 commits
-
-
Igor Sheludko authored
... introduced in https://chromium-review.googlesource.com/c/v8/v8/+/2727502 Bug: v8:11527, v8:11421 Change-Id: I97d8711ad946789f8a39de5fcca41e77f20cde79 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2767019Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#73467}
-
Igor Sheludko authored
This is a speed-for-memory tradeoff, which can be achieved by re-mapping the builtins code blob into existing code range. The feature can be enabled by v8_enable_short_builtin_calls flag and it's off by default. This CL adds GN flag and updates code generator to emit shorter pc-relative calls/jumps to builtins. However, the runtime doesn't support appearance of the off-heap builtins' PCs that point to the embedded code blob on the stack yet. Bug: v8:11527, v8:11421 Change-Id: Iaba384c549675852beae70739175976ee193ffef Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2727502Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#73458}
-
Jakob Gruber authored
.. which was previously broken due to 1. a hardcoded impl names list and 2. the addition of a new impl (riscv). The new solution prevents this in the future by basing both enum and name generation on a macro list. Bug: v8:11572 Change-Id: Ieb2134c9ecf3729633b76e4a30e7ddceba396328 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2764752 Auto-Submit: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#73455}
-
- 11 Mar, 2021 4 commits
-
-
Clemens Backes authored
This is a reland of 80f5dfda. A condition in pipeline.cc was inverted, which lead to a CSA verifier error. Original change's description: > [no-wasm] Exclude src/wasm from compilation > > This is the biggest chunk, including > - all of src/wasm, > - torque file for wasm objects, > - torque file for wasm builtins, > - wasm builtins, > - wasm runtime functions, > - int64 lowering, > - simd scala lowering, > - WasmGraphBuilder (TF graph construction for wasm), > - wasm frame types, > - wasm interrupts, > - the JSWasmCall opcode, > - wasm backing store allocation. > > Those components are all recursively entangled, so I found no way to > split this change up further. > > Some includes that were recursively included by wasm headers needed to > be added explicitly now. > > backing-store-unittest.cc is renamed to wasm-backing-store-unittest.cc > because it only tests wasm backing stores. This file is excluded from > no-wasm builds then. > > R=jkummerow@chromium.org, jgruber@chromium.org, mlippautz@chromium.org, petermarshall@chromium.org > > Bug: v8:11238 > Change-Id: I7558f2d12d2dd6c65128c4de7b79173668c80b2b > Cq-Include-Trybots: luci.v8.try:v8_linux64_no_wasm_compile_rel > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2742955 > Commit-Queue: Clemens Backes <clemensb@chromium.org> > Reviewed-by: Peter Marshall <petermarshall@chromium.org> > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/master@{#73344} TBR=jgruber@chromium.org Bug: v8:11238 Change-Id: I20bd2847a59c68738b5a336cd42582b7b1499585 Cq-Include-Trybots: luci.v8.try:v8_linux64_no_wasm_compile_rel Cq-Include-Trybots: luci.v8.try:v8_linux_verify_csa_rel_ng Cq-Include-Trybots: luci.v8.try:v8_linux64_verify_csa_rel_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2752867Reviewed-by: Clemens Backes <clemensb@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#73348}
-
Clemens Backes authored
This reverts commit 80f5dfda. Reason for revert: Fails CSA verification: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20verify%20csa/21766/overview Original change's description: > [no-wasm] Exclude src/wasm from compilation > > This is the biggest chunk, including > - all of src/wasm, > - torque file for wasm objects, > - torque file for wasm builtins, > - wasm builtins, > - wasm runtime functions, > - int64 lowering, > - simd scala lowering, > - WasmGraphBuilder (TF graph construction for wasm), > - wasm frame types, > - wasm interrupts, > - the JSWasmCall opcode, > - wasm backing store allocation. > > Those components are all recursively entangled, so I found no way to > split this change up further. > > Some includes that were recursively included by wasm headers needed to > be added explicitly now. > > backing-store-unittest.cc is renamed to wasm-backing-store-unittest.cc > because it only tests wasm backing stores. This file is excluded from > no-wasm builds then. > > R=jkummerow@chromium.org, jgruber@chromium.org, mlippautz@chromium.org, petermarshall@chromium.org > > Bug: v8:11238 > Change-Id: I7558f2d12d2dd6c65128c4de7b79173668c80b2b > Cq-Include-Trybots: luci.v8.try:v8_linux64_no_wasm_compile_rel > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2742955 > Commit-Queue: Clemens Backes <clemensb@chromium.org> > Reviewed-by: Peter Marshall <petermarshall@chromium.org> > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/master@{#73344} Bug: v8:11238 Change-Id: I93672002c1faa36bb0bb5b4a9cc2032ee2ccd814 Cq-Include-Trybots: luci.v8.try:v8_linux64_no_wasm_compile_rel No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2752866 Auto-Submit: Clemens Backes <clemensb@chromium.org> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#73346}
-
Clemens Backes authored
This is the biggest chunk, including - all of src/wasm, - torque file for wasm objects, - torque file for wasm builtins, - wasm builtins, - wasm runtime functions, - int64 lowering, - simd scala lowering, - WasmGraphBuilder (TF graph construction for wasm), - wasm frame types, - wasm interrupts, - the JSWasmCall opcode, - wasm backing store allocation. Those components are all recursively entangled, so I found no way to split this change up further. Some includes that were recursively included by wasm headers needed to be added explicitly now. backing-store-unittest.cc is renamed to wasm-backing-store-unittest.cc because it only tests wasm backing stores. This file is excluded from no-wasm builds then. R=jkummerow@chromium.org, jgruber@chromium.org, mlippautz@chromium.org, petermarshall@chromium.org Bug: v8:11238 Change-Id: I7558f2d12d2dd6c65128c4de7b79173668c80b2b Cq-Include-Trybots: luci.v8.try:v8_linux64_no_wasm_compile_rel Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2742955 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Peter Marshall <petermarshall@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#73344}
-
Jakob Gruber authored
In https://chromium-review.googlesource.com/c/v8/v8/+/1866771 we added a static regexp stack area to ensure a stack always exists. We apparently forgot to update EnsureCapacity s.t. we skip dynamically-allocating a stack when the static stack suffices. Found by lizeb@, thanks! Bug: v8:11540 Change-Id: Ie63b0b5e5959fbf0768cc3597f63943b1775fbf2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2749015 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#73337}
-
- 08 Mar, 2021 1 commit
-
-
Santiago Aboy Solanes authored
If a method happens on the main thread and only on the main thread (i.e. it will never be run on the background), it is safer to use non-atomic accessors as TSAN will give warnings if we use them improperly. As a drive-by, pass the isolate as a parameter where it was readily available as it saves us from getting the isolate from the object later on. Bug: v8:7790 Change-Id: Id9bdd69254edc60b0331a32fccf1479a95b7d286 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2732669Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#73251}
-
- 25 Feb, 2021 1 commit
-
-
Hannes Payer authored
Change-Id: Ib54d5abad3e67f74d1930af135778e1f201ba28f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2712964 Commit-Queue: Hannes Payer <hpayer@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#73050}
-
- 11 Feb, 2021 1 commit
-
-
Jakob Gruber authored
V8 implements a fast-path for RegExp.prototype.split which diverges from the spec: instead of creating a new sticky regexp instance `splitter` and running it in a loop, we reuse the existing non-sticky regexp without looping through each character. This works fine in most cases, but we run into issues when matching at the very end of the string. According to the spec, matches at the end of the string are impossible in @@split, but in our fast-path implementation they can happen. The obvious fix would be to remove our fast-path but this comes with high performance costs. The fix implemented in this CL adds a special flag to `exec` s.t. matches at the end of the string can be treated as failures. This is only relevant for @@split. Bug: chromium:1075514 Change-Id: Ifb790ed116793998d7aeb37e307f3f3f764023d3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2681950 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Auto-Submit: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/master@{#72644}
-
- 09 Feb, 2021 1 commit
-
-
Brice Dobry authored
This very large changeset adds support for RISC-V. Bug: v8:10991 Change-Id: Ic997c94cc12bba6881bc208e66526f423dd0679c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2571344 Commit-Queue: Brice Dobry <brice.dobry@futurewei.com> Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/master@{#72598}
-
- 08 Feb, 2021 1 commit
-
-
Iain Ireland authored
Some of the DCHECK_LT assertions in GenerateBranches were generating signed-vs-unsigned comparisons in SM. While I was looking at this code, it seemed reasonable to just fix the whole thing to use uc32/uint32_t where appropriate. Bug: v8:11380 Change-Id: I7e27fb7e34ce962349d7204d6306217292746e33 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2666986Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#72557}
-
- 01 Feb, 2021 1 commit
-
-
Iain Ireland authored
RegExpParser::ParseRegExpSyntax was added to allow the SpiderMonkey embedding of irregexp to report early errors. It was removed in https://chromium-review.googlesource.com/c/v8/v8/+/2509596 because it was unused. This patch restores it, with a comment to prevent future deletion. Bug: v8:11368 Change-Id: Iebec7e14b92e9a0fccc08f2f1c85d8ff4d6173f1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2658037Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#72453}
-
- 18 Jan, 2021 1 commit
-
-
Junliang Yan authored
Change-Id: I4bb964bee86248b7990e69ac458431c2a489bcd8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2633730Reviewed-by: Milad Fa <mfarazma@redhat.com> Commit-Queue: Junliang Yan <junyan@redhat.com> Cr-Commit-Position: refs/heads/master@{#72141}
-
- 14 Jan, 2021 2 commits
-
-
Patrick Thier authored
Offsets in regular expressions are limited to 16 bits. It was possible to exceed this limit when emitting greedy loops where the length of text nodes exceeded 16 bits, resulting in overflowing offsets. With this CL we throw a SyntaxError "Regular expression too large" to prevent this overflow. Bug: chromium:1166138 Change-Id: Ica624a243bf9827083ff883d9a976f13c8da02e5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2629286 Commit-Queue: Patrick Thier <pthier@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#72095}
-
Jakob Gruber authored
This is a reland of 164cf80b The reland fixes UB (left-shift of negative integer type) with a static_cast<uint32_t>. Original change's description: > [regexp] Hard-crash on invalid offsets in AdvanceCurrentPosition > > Drive-by: Range checks in `Emit(byte, twenty_four_bits)` to ensure the > given packed bits actually fit into 24 bits. > > Bug: chromium:1166138 > Change-Id: I2e711e6466bb48d7b9897f68dfe621d12bd92508 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2625877 > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Commit-Queue: Leszek Swirski <leszeks@chromium.org> > Auto-Submit: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Leszek Swirski <leszeks@chromium.org> > Cr-Commit-Position: refs/heads/master@{#72064} Tbr: leszeks@chromium.org Bug: chromium:1166138 Change-Id: I514495e14bb99dfc9588fdb4a9f35d67d8d64acb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2626663Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#72088}
-
- 13 Jan, 2021 2 commits
-
-
Nico Hartmann authored
This reverts commit 164cf80b. Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20UBSan/14532/overview Original change's description: > [regexp] Hard-crash on invalid offsets in AdvanceCurrentPosition > > Drive-by: Range checks in `Emit(byte, twenty_four_bits)` to ensure the > given packed bits actually fit into 24 bits. > > Bug: chromium:1166138 > Change-Id: I2e711e6466bb48d7b9897f68dfe621d12bd92508 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2625877 > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Commit-Queue: Leszek Swirski <leszeks@chromium.org> > Auto-Submit: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Leszek Swirski <leszeks@chromium.org> > Cr-Commit-Position: refs/heads/master@{#72064} TBR=jgruber@chromium.org,leszeks@chromium.org,pthier@chromium.org Change-Id: Ibe72ecda03518e444442a0440ecdae7669bfc4c1 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:1166138 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2625883Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/master@{#72065}
-
Jakob Gruber authored
Drive-by: Range checks in `Emit(byte, twenty_four_bits)` to ensure the given packed bits actually fit into 24 bits. Bug: chromium:1166138 Change-Id: I2e711e6466bb48d7b9897f68dfe621d12bd92508 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2625877 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Auto-Submit: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#72064}
-
- 12 Jan, 2021 2 commits
-
-
Camillo Bruni authored
Make sure gcmole detects issue in DisallowGarbageCollection scopes. DisallowGarbageCollection is widely used in the codebase to document code that doesn't allocate. However, this has the rather unexpected side-effect that gcmole is not run when such a scope is active. This CL changes the default behavior of gcmole to run even with DisallowGarbageCollection scopes present. This will give us the best results of both worlds, dynamic checks by the fuzzer, and static analysis by gcmole. To allow crazy local raw pointer operations there is a new DisableGCMole scope that explicitly disables gcmole. Change-Id: I0a78fb3b4ceaad35be9bcf7293d917a41f90c91f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2615419Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#72039}
-
Georgia Kouveli authored
The frame pointer did not point to the previous frame pointer, which made the stack non-iterable with SafeStackFrameIterator. This can cause pointer authentication failures when CFI is enabled, as we expect the value stored above the previous frame pointer to be a return address. Bug: v8:10026 Change-Id: Ia55181038b1b277d0a6df519f1e7f61859847b1a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2614429Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com> Cr-Commit-Position: refs/heads/master@{#72036}
-
- 21 Dec, 2020 2 commits
-
-
Junliang Yan authored
Change-Id: I036bad7eba4bcf0ba80f7cec6f3d58a674e22b12 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2599937Reviewed-by: Milad Fa <mfarazma@redhat.com> Commit-Queue: Junliang Yan <junyan@redhat.com> Cr-Commit-Position: refs/heads/master@{#71854}
-
Junliang Yan authored
Change-Id: Idb8948c3ff9209a6a41d0793cd2f5c1557b417df Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2598697Reviewed-by: Milad Fa <mfarazma@redhat.com> Commit-Queue: Junliang Yan <junyan@redhat.com> Cr-Commit-Position: refs/heads/master@{#71851}
-
- 14 Dec, 2020 1 commit
-
-
Junliang Yan authored
Change-Id: I232585076ecf6a824cdbe2e989eadaf96adcc1d8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2587241Reviewed-by: Milad Fa <mfarazma@redhat.com> Commit-Queue: Junliang Yan <junyan@redhat.com> Cr-Commit-Position: refs/heads/master@{#71737}
-
- 11 Dec, 2020 3 commits
-
-
Junliang Yan authored
Change-Id: I59c905182294dc4e8fb8caf03f10ea66d332e034 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2586153Reviewed-by: Milad Fa <mfarazma@redhat.com> Commit-Queue: Junliang Yan <junyan@redhat.com> Cr-Commit-Position: refs/heads/master@{#71724}
-
Junliang Yan authored
Change-Id: I6d7e263b84d6871cb13cb01b2b51299b9249d961 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2586994Reviewed-by: Milad Fa <mfarazma@redhat.com> Commit-Queue: Junliang Yan <junyan@redhat.com> Cr-Commit-Position: refs/heads/master@{#71720}
-
Junliang Yan authored
Change-Id: I9761b80f32beeb53e466fc67ee1c535075e4225c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2586993Reviewed-by: Milad Fa <mfarazma@redhat.com> Commit-Queue: Junliang Yan <junyan@redhat.com> Cr-Commit-Position: refs/heads/master@{#71717}
-
- 10 Dec, 2020 1 commit
-
-
Junliang Yan authored
a few unused functions Drive-By: Also clean up LoadSimd128 as LoadV128 and remove Change-Id: I4cdee0fcb1e153309492026b4334af27afba7ec1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2584442 Commit-Queue: Junliang Yan <junyan@redhat.com> Reviewed-by: Milad Fa <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/master@{#71701}
-
- 04 Dec, 2020 1 commit
-
-
Junliang Yan authored
Replace LoadW/lW/LogicalHalfWordP/HalfWordP/B/lB/Float32/Double as LoadS32/U32/S16/U16/S8/U8/F32/F64 Change-Id: I2a41dee0168fb17eb4043ce78f857e1fd898ea8a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2575139Reviewed-by: Milad Fa <mfarazma@redhat.com> Commit-Queue: Junliang Yan <junyan@redhat.com> Cr-Commit-Position: refs/heads/master@{#71621}
-
- 26 Nov, 2020 1 commit
-
-
Santiago Aboy Solanes authored
Scopes in V8 are used to guarantee one or more properties during its lifetimes. If a scope is not named e.g MyClassScope(args) instead of MyClassScope scope(args) it will get created and automatically destroyed and therefore, being useless as a scope. This CL would produce a compiling warning when that happens to ward off this developer error. Follow-up to ccrev.com/2552415 in which it was introduced and implemented for Guard classes. Change-Id: Ifa0fb89cc3d9bdcdee0fd8150a2618af5ef45cbf Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2555001 Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#71425}
-
- 24 Nov, 2020 2 commits
-
-
Leszek Swirski authored
Add a CompareCharsEqual to complement CompareChars, where we only care about equality and not ordering. For such cases, we can memcmp for two- byte as well as one-byte strings (we can't for CompareChars because the ordering would be incorrect on little-endian systems). Replace uses of CompareChars that only compare the result against zero, with CompareCharsEqual. Additionally, use some template magic to simplify the "make unsigned" operation in these methods. Change-Id: I0d65bee81b98d3938d15daa4af331c90558ea84f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557980 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#71385}
-
Georg Neis authored
Apart from removing Min and Max (utils.h), this is mostly a renaming. In a few cases I had to add a cast. In a bunch of cases I had to use initializer lists to force call-by-value for static member constants because call-by-reference wouldn't compile (like in the previous CL). In a few places I used initializer lists in place of nested min/max operations. Bug: v8:11074 Change-Id: I53a5411be6334ff41e7a8517e6b87fb46f14d086 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2545523 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#71380}
-