- 08 Dec, 2021 9 commits
-
-
Thibaud Michaud authored
Treat all stack pointers as roots: - Maintain a global linked-list of StackMemories - Update StackFrameIterator to process inactive stacks - Visit roots in all inactive stacks (including root marking and root pointer updating). Drive-by: - Fix some issues uncovered by the test - Refactor the builtin constants R=mlippautz@chromium.org,ahaas@chromium.org Bug: v8:12191 Change-Id: I5b6381f9818166e2eabf80dd59135673dddb2afc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3310932Reviewed-by: Andreas Haas <ahaas@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/main@{#78291}
-
Nico Hartmann authored
to src/bigint/bitwise.cc. Bug: v8:11515 Change-Id: I20f8aebab138651247cedcd85460e40fbc255d98 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3310802Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/main@{#78290}
-
Leszek Swirski authored
Introduce a ReusableUnoptimizedCompileState class, passed to ParseInfo, which stores a couple of pointers and most importantly the Zone and AstValueFactory of the parse. This allows the Zone and AstValueFactory to be reused across multiple parses, rather than re-initialising per-Parse. With this, we can amend the LazyCompileDispatcher to initialise one LocalIsolate, Zone and AstValueFactory per background thread loop, rather than one per compile task, which allows us to reduce per-task costs and re-use the AstValueFactory's string table and previous String internalizations. Change-Id: Ia0e29c4e31fbe29af57674ebb10916865d38b2ce Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3313106Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#78289}
-
Lu Yahan authored
Add func UseImmediate64(int64_t imm) into instruction-selector-impl Bug: v8:11976 Change-Id: I274ab59cc6d9a9cdc8b4081a7c418c56c3e8f5b7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3312453Reviewed-by: ji qiu <qiuji@iscas.ac.cn> Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Yahan Lu <yahan@iscas.ac.cn> Cr-Commit-Position: refs/heads/main@{#78288}
-
JianxiaoLuIntel authored
Change-Id: Ic79f5829ae47cb4217d424aa6582f4686751ff1a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3299279 Auto-Submit: Jianxiao Lu <jianxiao.lu@intel.com> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#78287}
-
Maya Lekova authored
This reverts commit 58531652. Reason for revert: Breaks on gc stress variant - https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20gc%20stress/36600/blamelist Original change's description: > [wasm-gc] Allocate supertype arrays in old space > > We fix an inconsistency where supertype arrays for wasm-gc object maps > were not always allocated in old space. To do so we add an > AllocationType argument to a couple of factory helpers. > > Bug: v8:7748 > Change-Id: I8b16032b8504c17e0f730cfc86e30b172645b67b > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3320455 > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> > Cr-Commit-Position: refs/heads/main@{#78285} Bug: v8:7748 Change-Id: I74cf52c4f4da8948134f00bcf5415e9c65e509eb No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3322752 Auto-Submit: Maya Lekova <mslekova@chromium.org> Owners-Override: Maya Lekova <mslekova@chromium.org> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#78286}
-
Manos Koukoutos authored
We fix an inconsistency where supertype arrays for wasm-gc object maps were not always allocated in old space. To do so we add an AllocationType argument to a couple of factory helpers. Bug: v8:7748 Change-Id: I8b16032b8504c17e0f730cfc86e30b172645b67b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3320455Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/main@{#78285}
-
Marja Hölttä authored
Bug: v8:11525 Change-Id: Ida18808fd299f0f5754a2693b1e6dbc93b263d77 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3320424Reviewed-by: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/main@{#78284}
-
Benedikt Meurer authored
On the way to a cheaper and more scalable stack frame representation for the inspector (crbug/1258599), this removes the need to expose both what was called "function name" and what was called "function debug name" on a v8::StackFrame instance. The reason to having a distinction between that the V8 API exposes and what the inspector exposes as frame function name is that after the initial refactoring around v8::internal::StackFrameInfo, some wasm cctests would still dig into the implementation details and insist on seeing the "function name" rather than the "function debug name". This CL now addresses that detail in the wasm cctests and going forward unifies the function names used by the inspector and the V8 API (which is not only needed for internal consistency and reduced storage requirements in the future, but also because Blink for example uses v8 API and v8_inspector API interchangeably and assumes that they agree, even though at this point Blink luckily wasn't paying attention to the function name): - The so-called "detailed stack trace", which is produced for the inspector and exposed by the v8 API, always yields the "function debug name" (which for example in case of wasm will be a WAT compatible name), - while the so-called "simple stack trace", which is what is used to implement the CallSite API and underlies Error.stack continues to stick to the "function name" which in case of wasm is not WAT compatible). Bug: chromium:1258599 Change-Id: Ib15d038f3ec893703d0f7b03f6e7573a38e82b39 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3312274Reviewed-by: Clemens Backes <clemensb@chromium.org> Reviewed-by: Simon Zünd <szuend@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/main@{#78283}
-
- 07 Dec, 2021 21 commits
-
-
Shu-yu Guo authored
With the TLA flag removed, EvaluateMaybeAsync is a misleading name. This CL renamed EvaluateMaybeAsync to Evaluate and consolidate it with the sync Evaluate method. Bug: v8:9344 Change-Id: I376ba9b9af0ac9e40a226cc8454f042ab7d9fb50 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3309233Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/main@{#78282}
-
Corentin Pescheloche authored
This is a reland of 2d087f23 The changes are : * Fix redundant reinterpret_cast in test file for MSVC failure https://crbug.com/v8/12476 * Fix flaky test https://crbug.com/v8/12475 If a sample is captured during a GC, no embedder context is obtained defaulting to EMPTY. This is the expected behavior, made it in clear in implementation and in test. * Synchronized the embedder context filter behavior with existing native context filter. Original change's description: > Add APIs to surface VMState and new EmbedderState to CpuProfile samples. > > EmbedderState: > * An EmbedderState is defined as a value uint8_t and a v8::context used > for filtering. > * EmbedderStates are stack allocated by the embedder, construction and > destruction set/unset the state to the isolate thread local top. > * A v8::context is used to filter states that are added to a CpuProfile, > if the CpuProfile do not have a ContextFilter set or if contexts do not > match, state defaults to Empty. > > * v8:StateTag is already propagated all the way to a Sample, simply add > an API to surface it. > > VMState: > Change-Id: I7eed08907360b99b0ad20ddcff59c95c7076c85e > Bug: chromium:1263871 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3188072 > Auto-Submit: Corentin Pescheloche <cpescheloche@fb.com> > Reviewed-by: Camillo Bruni <cbruni@chromium.org> > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Commit-Queue: Camillo Bruni <cbruni@chromium.org> > Cr-Commit-Position: refs/heads/main@{#78250} Bug: chromium:1263871 Change-Id: Ief891b05da99c695e9fb70f94ed7ebdecc6c3b7b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3320037 Auto-Submit: Corentin Pescheloche <cpescheloche@fb.com> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/main@{#78281}
-
Manos Koukoutos authored
We introduce a minimum length for the supertype array of gc maps. When the depth of the rtt is known to be smaller than that length, we can type check without bounds checking the supertype array of the object map. Bug: v8:7748, v8:11510 Change-Id: I88e67871040a8c4dd219e48a84527f7f3f3d0a96 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3312487Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/main@{#78280}
-
Clemens Backes authored
Counter updates were already atomic, but reading the counter values was not. This lead to data races if one isolate called `quit` while other isolates were still running. This makes counters fully atomic, and reflects that by making the fields {std::atomic<int>}. R=mlippautz@chromium.org Bug: v8:12481, v8:12482 Change-Id: I6fc78ad6461b93c4b3e87bec052b0a67694539e3 Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng Cq-Include-Trybots: luci.v8.try:v8_linux64_ubsan_rel_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3320428Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#78279}
-
Clemens Backes authored
D8 shares counters across isolates, so even if they are only updated from the main thread, they need to be thread-safe. This CL removes the distinction between {StatsCounter} and {StatsCounterThreadSafe}, and just makes all {StatsCounter} use (cheap) atomic operations for counter updates. This will make previously thread-safe counters cheaper, because no Mutex is involved. It might make previously not-thread-safe counters slightly more expensive, but it's not expected to be a significant regression. R=mlippautz@chromium.org Bug: v8:12481, v8:12482 Change-Id: I47b8681c1cf26d142e1ccfafa0c192e3fdcb7d2a Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng Cq-Include-Trybots: luci.v8.try:v8_linux64_ubsan_rel_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3320427Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#78278}
-
Patrick Thier authored
This reverts commit 863bc2b8. Reason for revert: https://crbug.com/1276923 Original change's description: > [turbofan] Improve StoreStoreElimination > > Previously, StoreStoreElimination handled allocations as > "can observe anything". This is pretty conservative and prohibits > elimination of repeated double stores to the same field. > With this CL allocations are changed to "observes initializing or > transitioning stores". > This way it is guaranteed that initializing stores to a freshly created > object or stores that are part of a map transition are not eliminated > before allocations (that can trigger GC), but allows elimination of > non-initializing, non-transitioning, unobservable stores in the > presence of allocations. > > Bug: v8:12200 > Change-Id: Ie1419696b9c8cb7c39aecf38d9f08102177b2c0f > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3295449 > Commit-Queue: Patrick Thier <pthier@chromium.org> > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > Reviewed-by: Maya Lekova <mslekova@chromium.org> > Cr-Commit-Position: refs/heads/main@{#78230} Bug: chromium:1276923 Change-Id: I43dc3572ce1ef1fda42b7551ce8210d9f03e36ca Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3318666 Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Patrick Thier <pthier@chromium.org> Cr-Commit-Position: refs/heads/main@{#78277}
-
Michael Lippautz authored
Checks whether a Persistent is used from the creation thread on slow path allocations. In practice, these currently happen every 256 Persistent allocations. This is a best effort check that may help to flush out issues that are missed with DCHECK builds. Bug: chromium:1276570 Change-Id: Ia868ca436341b1b5ef427d5b3ec04926c1394e41 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3318658 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Anton Bikineev <bikineev@chromium.org> Cr-Commit-Position: refs/heads/main@{#78276}
-
Jakob Kummerow authored
Allocating a temp register in a conditional branch confuses the LiftoffAssembler's state tracking, so this patch moves allocation of the register into the unconditional part of the control flow. Fixed: chromium:1275711 Change-Id: Ic83ba8c098c5edb33d035c1a93931d54cc1f1caa Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3320423 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/main@{#78275}
-
Maya Lekova authored
This CL adds the following specific cases, to make sure they are correctly handled by the slow path: - the backing store of a TypedArray gets detached after optimisation - passing null instead of a TA doesn't lead to a deopt Bug: v8:11739, chromium:1052746 Change-Id: I7dfd3da9f535831901998ca6fad854af6e93e9f9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3320425Reviewed-by: Michael Stanton <mvstanton@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/main@{#78274}
-
Dominik Inführ authored
Field used to be atomic for AssertActive() but now that this method uses another approach, we can make that field non-atomic again. Bug: v8:11708 Change-Id: I5254aa5e655844739082144fc75ba9f0c13d1ba0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3317424Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/main@{#78273}
-
Marja Hölttä authored
Bug: v8:11525 Change-Id: Iacdbc486de4aac3df6792f760ee216a5b6e62a27 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3312276Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/main@{#78272}
-
Kim-Anh Tran authored
This removes the additional call to `didPause` solely for instrumentation breakpoints. They will be reported along with any other pause reasons, and if several apply, 'ambiguous' will be reported as a reason. Bug: chromium:1229541 Change-Id: I38557248dc2274c2ff2c396aa19073f4a5c5abd5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3300134Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Kim-Anh Tran <kimanh@chromium.org> Cr-Commit-Position: refs/heads/main@{#78271}
-
Shu-yu Guo authored
Change-Id: I8b496a028601442b509f894ab29d70c53d67eef5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3318732 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Auto-Submit: Shu-yu Guo <syg@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#78270}
-
Dominik Inführ authored
Concurrent marking got accidentally disabled because V8_ATOMIC_MARKING_STATE got removed. Bug: v8:12470, chromium:1277264, chromium:1277330, chromium:1277392 Bug: chromium:1277287, chromium:1277260, chromium:1277259 Bug: chromium:1277256, chromium:1277252, chromium:1277250 Bug: chromium:1277254, chromium:1277251 Change-Id: I21211e8f6d3a65714ba3204e87863b71af42d82d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3318663 Auto-Submit: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#78269}
-
Shu-yu Guo authored
MSVC disallows inline assembly on x64 and arm64, and instead requires use of compiler intrinsics [0]. This CL checks for MSVC and uses intrinsics for yield/pause, where available. [0] https://docs.microsoft.com/en-us/cpp/intrinsics/compiler-intrinsics?view=msvc-170 Cq-Include-Trybots: luci.v8.try:v8_win64_msvc_rel_ng Change-Id: I3b9cbd998e91b391a21f1443e83758e7242425c4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3318721 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Auto-Submit: Shu-yu Guo <syg@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#78268}
-
Simon Zünd authored
R=bmeurer@chromium.org Bug: chromium:1267427 Change-Id: Ibee0fb62fda5f834b1866e2b6ae17bebca34f4ba Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3317425 Commit-Queue: Simon Zünd <szuend@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/main@{#78267}
-
Igor Sheludko authored
Bug: v8:11880, v8:12478 Change-Id: I47f5384195aee8d6f251ca141714bdaec272f62f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3318659 Auto-Submit: Igor Sheludko <ishell@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/main@{#78266}
-
v8-ci-autoroll-builder authored
Rolling v8/third_party/google_benchmark/src: https://chromium.googlesource.com/external/github.com/google/benchmark/+log/fd258bb..ab86707 clang-tidy: readability-redundant and performance (#1298) (dominc8) https://chromium.googlesource.com/external/github.com/google/benchmark/+/ab86707 R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com,mlippautz@chromium.org Change-Id: I234eb0daeb7d96c1886b780c97016ca25f5af7f7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3319441 Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#78265}
-
Frank Tang authored
https://chromium.googlesource.com/external/github.com/tc39/test262/+log/4b7f8b49c..1f16a6ad0 Bug: v8:7834 Change-Id: Id9d8d48f03d60e44fc614667e599da056cf23464 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3315231Reviewed-by: Shu-yu Guo <syg@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/main@{#78264}
-
Frank Tang authored
https://github.com/tc39/proposal-temporal/pull/1957 Resolve https://github.com/tc39/proposal-temporal/issues/1794 Bug: v8:11544 Change-Id: I50d406848e815b400d6e0cd14dee95589aac0647 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3318718Reviewed-by: Shu-yu Guo <syg@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/main@{#78263}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/623bc83..0d9559b Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/32ccf21..02439f6 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/203a644..82f3512 Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/d812be7..fb06cff Rolling v8/tools/luci-go: git_revision:3de46a51120f37b29e3552d36ad2aa5882961a05..git_revision:81212ba3aa0a1a724465bded12d12c16ed46da3a Rolling v8/tools/luci-go: git_revision:3de46a51120f37b29e3552d36ad2aa5882961a05..git_revision:81212ba3aa0a1a724465bded12d12c16ed46da3a R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com Change-Id: If442eafffb10213c8e5b3cb624b833f3909ef523 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3319440 Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#78262}
-
- 06 Dec, 2021 10 commits
-
-
Shu-yu Guo authored
This is a reland of 3ee4804f. The CL was originally reverted for blink test failures. Since the revert, the blink top-level await flag has been removed. Original change's description: > [top-level-await] Remove --harmony-top-level-await > > TLA has been shipped since v8.9. > > Bug: v8:9344, chromium:1271114 > Change-Id: Ibebf21da8bacb1f0d212390133847495ad8553e5 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3307103 > Commit-Queue: Shu-yu Guo <syg@chromium.org> > Reviewed-by: Camillo Bruni <cbruni@chromium.org> > Reviewed-by: Marja Hölttä <marja@chromium.org> > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Cr-Commit-Position: refs/heads/main@{#78169} Bug: v8:9344, chromium:1271114 Change-Id: I96a9641967a23a12ba2467a69e5859ad8647f3e3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3318717 Commit-Queue: Shu-yu Guo <syg@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/main@{#78261}
-
Michael Lippautz authored
Avoid verifying the stack when running with TSAN as the TSAN runtime changes stack contents when e.g. working with locks. Specifically, the marker uses locks in slow path operations which results in stack changes throughout marking. This means that the conservative iteration in the verifier may find more objects then the regular marker. The difference is benign as the delta of objects is not reachable from user code but it prevents verification. Bug: chromium:1275581 Change-Id: Ie316ab65a5b90a1b72c09966f72d61af91224091 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3317976 Auto-Submit: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Anton Bikineev <bikineev@chromium.org> Reviewed-by: Anton Bikineev <bikineev@chromium.org> Cr-Commit-Position: refs/heads/main@{#78260}
-
Tobias Tebbi authored
This aligns the Torque semantics of catch with the JavaScript behavior: When we catch an exception, we also reset the pending exception. This also fixes a long-standing bug that we didn't restore the original pending message after executing arbitrary JS in IteratorCloseOnException Bug: v8:12439 Change-Id: I268d9d639d09023a424f352547cdce03428f983a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3303805 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Marja Hölttä <marja@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/main@{#78259}
-
Clemens Backes authored
This CL separates checks for hardware support from checks for software configuration. We unconditionally allocate a protection key to know whether hardware support is there, but then only use it if PKU is enabled via flags. This will allow us to collect statistics on hardware availability even if PKU cannot be used yet on ChromeOS. Allocation should always be fine, and has been finched for several weeks now. The remaining kernel issue on ChromeOS does not affect allocation and deallocation of protection keys, so it is safe to unconditionally enable that. R=ahaas@chromium.org Bug: v8:11974 Change-Id: I62fd48e6302aecae9843a62861d978f86ea52141 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3315446 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/main@{#78258}
-
Shu-yu Guo authored
For shared strings, String::MakeThin is protected by using the map word of the string being migrated as a spinlock. Note that this CL does not make it safe yet to access character data from multiple threads. The spinlock here only protects write-write races in String::MakeThin. For more information, see the following two design docs: https://docs.google.com/document/d/1c5i8f2EfKIQygGZ23hNiGxouvRISjUMnJjNsOodj6z0/edit https://docs.google.com/document/d/1Drzigf17t4ofy0evDmaIL5p0MDZuAl95c9fSeX-QjVg/edit Bug: v8:12007 Change-Id: I9c47412c6ec7360a672b65a8576b4f6156ee5846 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3313429 Commit-Queue: Shu-yu Guo <syg@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Marja Hölttä <marja@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Patrick Thier <pthier@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/main@{#78257}
-
Camillo Bruni authored
This reverts commit 2d087f23. Reason for revert: - Causing MSVC build failures: https://crbug.com/v8/12476 - Causing flaky failures: https://crbug.com/v8/12475 Original change's description: > [profiler] Surface VM & Embedder State > > Add APIs to surface VMState and new EmbedderState to CpuProfile samples. > > EmbedderState: > * An EmbedderState is defined as a value uint8_t and a v8::context used > for filtering. > * EmbedderStates are stack allocated by the embedder, construction and > destruction set/unset the state to the isolate thread local top. > * A v8::context is used to filter states that are added to a CpuProfile, > if the CpuProfile do not have a ContextFilter set or if contexts do not > match, state defaults to Empty. > > * v8:StateTag is already propagated all the way to a Sample, simply add > an API to surface it. > > VMState: > Change-Id: I7eed08907360b99b0ad20ddcff59c95c7076c85e > Bug: chromium:1263871 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3188072 > Auto-Submit: Corentin Pescheloche <cpescheloche@fb.com> > Reviewed-by: Camillo Bruni <cbruni@chromium.org> > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Commit-Queue: Camillo Bruni <cbruni@chromium.org> > Cr-Commit-Position: refs/heads/main@{#78250} Bug: chromium:1263871, v8:12475, v8:12476 Change-Id: I02670b1ed3bb863033208369227642a7419fce00 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3315444 Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/main@{#78256}
-
Samuel Groß authored
On Intel chips, MAP_JIT is required when the hardened runtime is enabled, which it is in Chrome. Without MAP_JIT, it is then not possible to allocate executable pages in an address space reservation. Bug: chromium:1276887 Change-Id: I632fdfc9e6cf02bac95e630e6404fea7d8f4c176 Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3310913 Commit-Queue: Samuel Groß <saelo@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/main@{#78255}
-
Milad Fa authored
Currently atomic ops on TF are using machine native byte order and cannot be used by Wasm calls. This Cl adds support for Little Endian enforced Wasm atomic ops to S390 by reversing bytes where needed. This CL does not change the behaviour on S390 simulator. Change-Id: Iedb2c05a55f495409ee21a76713bf15e21108997 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3313444 Commit-Queue: Milad Farazmand <mfarazma@redhat.com> Reviewed-by: Junliang Yan <junyan@redhat.com> Cr-Commit-Position: refs/heads/main@{#78254}
-
Shu-yu Guo authored
Rename StringShape::full_representation_tag to StringShape::representation_and_encoding_tag, since the full representation tag now includes the shared bit. There are no users of the new method in this CL; this is split out to make subsequent shared string CLs smaller. Bug: v8:12007 Change-Id: Ic4ac0241fd9846241e85b4a094dfee6d201ba42b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3313428Reviewed-by: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Patrick Thier <pthier@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/main@{#78253}
-
Clemens Backes authored
Calling {V8::Dispose} resets flag values, but error simulation relies on {FLAG_random_seed}. Thus simulate errors before disposing V8. R=machenbach@chromium.org Bug: chromium:1168290 Change-Id: Ie3bc921d6dd1dbaece68ef0b801d8b25ba97585f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3315441Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#78252}
-