- 25 Nov, 2020 9 commits
-
-
Milad Fa authored
Port 3836aeb0 Original Commit Message: Apart from removing Min and Max (utils.h), this is mostly a renaming. In a few cases I had to add a cast. In a bunch of cases I had to use initializer lists to force call-by-value for static member constants because call-by-reference wouldn't compile (like in the previous CL). In a few places I used initializer lists in place of nested min/max operations. R=neis@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com BUG= LOG=N Change-Id: Iecb43c19b8e16721e942553d7d811daf74bedc02 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557570 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#71396}
-
Michael Lippautz authored
Bug: chromium:1056170 Change-Id: I303715630c79213d5b0dc34ff7107e8ffa973539 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557991 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/master@{#71395}
-
Zhi An Ng authored
Prototype v128.load{8,16,32,64}_lane on IA32 (stores will come later). This is pretty similar to x64 version, except that there is no signal handler for OOB access, so kProtected is not a valid access mode. Left some TODOs for myself to merge the new instruction codes (kIA32Pinsrb) with the replace lane Wasm instructions. Bug: v8:10975 Change-Id: I5c9f9a45e2e7f06e8fab4a28cdfe1857ccc35880 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557063 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#71394}
-
Zhi An Ng authored
This reverts commit 21e47944. Reason for revert: Broke build https://ci.chromium.org/p/v8/builders/ci/V8%20Arm%20-%20debug/16872? Original change's description: > [wasm-simd][arm] Prototype i64x2.bitmask > > Cleanup to simulator to remove repetitive logic to get instruction > fields. > > Bug: v8:10997 > Change-Id: I01f0b99f85788b41e4cab505fc94362d637c396f > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2554256 > Commit-Queue: Zhi An Ng <zhin@chromium.org> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> > Reviewed-by: Bill Budge <bbudge@chromium.org> > Cr-Commit-Position: refs/heads/master@{#71391} TBR=bbudge@chromium.org,jkummerow@chromium.org,v8-arm-ports@googlegroups.com,zhin@chromium.org Change-Id: I15513cc5923db7d189d08a9faf5051e57af7190b No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:10997 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2558260Reviewed-by: Zhi An Ng <zhin@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#71393}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/356ef25..29207aa Rolling v8/third_party/aemu-linux-x64: qDJOg4W2RuPZ92H6d33I9kLLWjqfYuMr_gFsPRodSQAC..b5ckZyVJ3XwwvnxV2J_ybKfLyiHfOj81r9Llym22_UsC Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/a629d81..ae003f5 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/260eb0f..8820ab8 Rolling v8/tools/luci-go: git_revision:6cbe3f56e9f00b8f65eae21f01838a8b58191a47..git_revision:1a022d3a4c50be4207ee93451255d71896416596 Rolling v8/tools/luci-go: git_revision:6cbe3f56e9f00b8f65eae21f01838a8b58191a47..git_revision:1a022d3a4c50be4207ee93451255d71896416596 Rolling v8/tools/luci-go: git_revision:6cbe3f56e9f00b8f65eae21f01838a8b58191a47..git_revision:1a022d3a4c50be4207ee93451255d71896416596 TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com Change-Id: I56abc6880884805075c73201c3c871c1ceedf284 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2558979Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#71392}
-
Zhi An Ng authored
Cleanup to simulator to remove repetitive logic to get instruction fields. Bug: v8:10997 Change-Id: I01f0b99f85788b41e4cab505fc94362d637c396f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2554256 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#71391}
-
Zhi An Ng authored
Bug: v8:11074 Change-Id: I41a62490b3abe9ff00905fd9ea7e4bfff5f23a48 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557064Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#71390}
-
Zhi An Ng authored
Bug: v8:11074 Change-Id: I01ffd94290aa5deafa0953a86ff555147b813bf4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557069Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#71389}
-
Zhi An Ng authored
Also remove a comment referring to using the macro. Bug: v8:11074 Change-Id: Ib56a0360b28812833b372738f4956ef41c59a97b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557058Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#71388}
-
- 24 Nov, 2020 31 commits
-
-
Daniel Clark authored
This change refactors the v8.h API as discussed in https://docs.google.com/document/d/1yuXgNHSbTAPubT1Mg0JXp5uTrfirkvO1g5cHHCe-LmY/edit#heading=h.q0c9h4p928mn such that a v8::Module exposes module requests as a FixedArray of ModuleRequest objects, which can then be used to obtain their module specifier and source code offset. This replaces the old functions that passed back individual specifier Strings and Locations via repeated calls to getters that take an index. These are marked as deprecated. The new ModuleRequest interface includes a getter for an ImportAssertions FixedArray, which will contain the import assertions for the request if --harmony-import-assertions is set, and will be empty otherwise. One notable change here is that the APIs now return source code offsets rather than v8::Locations. The host must then call the new Module::SourceOffsetToLocation to convert these offsets into line/column numbers. This requires a bit more back-and-forth, but allows the host to defer the cost of converting from source offset to line/column numbers until an error needs to be reported, potentially skipping the work altogether. Bug: v8:10958 Change-Id: I181639737c701e467324e6c781aa4d7bdd87ae8c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2545577 Commit-Queue: Dan Clark <daniec@microsoft.com> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#71387}
-
Sara Tang authored
Removed wall_clock_time_in_us field. Bug: v8:11109 Change-Id: Ib3efa74fc741b793ef064c1d12ca1797be3a10c1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2550280Reviewed-by: Clemens Backes <clemensb@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Sara Tang <sartang@microsoft.com> Cr-Commit-Position: refs/heads/master@{#71386}
-
Leszek Swirski authored
Add a CompareCharsEqual to complement CompareChars, where we only care about equality and not ordering. For such cases, we can memcmp for two- byte as well as one-byte strings (we can't for CompareChars because the ordering would be incorrect on little-endian systems). Replace uses of CompareChars that only compare the result against zero, with CompareCharsEqual. Additionally, use some template magic to simplify the "make unsigned" operation in these methods. Change-Id: I0d65bee81b98d3938d15daa4af331c90558ea84f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557980 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#71385}
-
Camillo Bruni authored
- Use C++ primitives (int, bool) for the ScriptOrigin constructor. - Deprecate the old accessors and constructor Bug: v8:11195 Change-Id: I739edd6b4c58e19a8a16ddce863eea14ec933697 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2555005Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#71384}
-
Bill Budge authored
This reverts commit 44efa00b. Reason for revert: Breaks MSVC with warning as error: https://ci.chromium.org/p/v8/builders/ci/V8%20Win64%20-%20msvc/15903 Original change's description: > [wasm][memory64] Decode memory offset as 64-bit LEB > > After preparing Liftoff, TurboFan, and the interpreter for this change, > we now store the memory offset as uint64_t. {LoadLane} and {StoreLane} > were added after the TurboFan refactoring, so those two are adapted > similar to the other memory operations. > > R=manoskouk@chromium.org > > Bug: v8:10949 > Change-Id: Iba66ce448904e23b152fcb8612d171124e615473 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2555006 > Commit-Queue: Clemens Backes <clemensb@chromium.org> > Reviewed-by: Manos Koukoutos <manoskouk@chromium.org> > Cr-Commit-Position: refs/heads/master@{#71382} TBR=clemensb@chromium.org,manoskouk@chromium.org Change-Id: Ia0f46a0b6fd2102a61c7664d7cdd86a2cf8ddb24 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:10949 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2558752Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#71383}
-
Clemens Backes authored
After preparing Liftoff, TurboFan, and the interpreter for this change, we now store the memory offset as uint64_t. {LoadLane} and {StoreLane} were added after the TurboFan refactoring, so those two are adapted similar to the other memory operations. R=manoskouk@chromium.org Bug: v8:10949 Change-Id: Iba66ce448904e23b152fcb8612d171124e615473 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2555006 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/master@{#71382}
-
Michael Lippautz authored
Exposes an opaque handle for uniformly (cppgc and V8) referring to an instance of a heap. Exposes a set of raw write barriers for advances embedders through subtle::HeapConsistency which is a mirror into write barrier internals. The following barriers are exposed: - DijkstraWriteBarrier: Regular Dijkstra-style write barrier (add to wavefront); - DijkstraWriteBarrierRange: Same as DijkstraWriteBarrier but operating on a range of slots that are composite (inlined) objects; - SteeleWriteBarrier: Regular Steele-style write barrier (retreating wavefront); Change-Id: Ib5ac280204686bf887690f72df1cdb506ea6ef70 Bug: chromium:1056170 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2554601Reviewed-by: Omer Katz <omerkatz@chromium.org> Reviewed-by: Anton Bikineev <bikineev@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#71381}
-
Georg Neis authored
Apart from removing Min and Max (utils.h), this is mostly a renaming. In a few cases I had to add a cast. In a bunch of cases I had to use initializer lists to force call-by-value for static member constants because call-by-reference wouldn't compile (like in the previous CL). In a few places I used initializer lists in place of nested min/max operations. Bug: v8:11074 Change-Id: I53a5411be6334ff41e7a8517e6b87fb46f14d086 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2545523 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#71380}
-
Milad Fa authored
Port 2180e20f Original Commit Message: The total frame size returned by GetTotalFrameSize includes the frame marker. However, the frame marker is pushed on the stack with a push instruction. Therefore it is not needed to allocate memory for it again on the stack. This CL therefore reduces the memory allocated on the stack by the size of the frame marker. R=ahaas@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com BUG= LOG=N Change-Id: I76e259d54703265fcf1a84857365997af008e16a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2558257Reviewed-by: Junliang Yan <junyan@redhat.com> Commit-Queue: Milad Fa <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/master@{#71379}
-
Leszek Swirski authored
Make String::IsEqualTo use a direct string shape dispatch and a direct call to CompareChars, rather than splitting the behaviour over IsOneByte/IsTwoByte/HasOneBytePrefix. Avoiding GetFlatContent will make this method easier to make efficient while staying string-access-lock safe. Also, redefines the sequential string table key's matcher in terms of this IsEqualTo method. Change-Id: Iab71246e12044ebaeff06f0dbc14d28b3482dcbe Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557979 Commit-Queue: Igor Sheludko <ishell@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#71378}
-
Gus Caplan authored
Bug: v8:10961 Change-Id: I3746dca570de005d203a2648dcffedd81122f215 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2553157Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Shu-yu Guo <syg@chromium.org> Commit-Queue: Gus Caplan <snek@chromium.org> Cr-Commit-Position: refs/heads/master@{#71377}
-
Clemens Backes authored
This CL prepares the interpreter for 64-bit addresses. The offset (in the memory immediate) can now be 64-bit, and also the index (from the stack) will be 64-bit if memory64 is enabled. memory.size will return a 64-bit constant under memory64. memory.grow is a bit more involved and requires more refactorings in the called functions. I left a TODO in the interpreter for now. R=manoskouk@chromium.org Bug: v8:10949 Change-Id: I47ab7e38a7356239c827619325f4583069e46669 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2555000 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/master@{#71376}
-
Vicky Kontoura authored
This reverts commit f2034bf5. Reason for revert: Issue on the generic wrapper Original change's description: > [wasm] Enable --wasm-generic-wrapper > > This CL enables the --wasm-generic-wrapper flag by default. > > Bug: v8:10982 > Change-Id: Iada906ce49810806c500ee3ca26e09e847b69a27 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2539915 > Commit-Queue: Vicky Kontoura <vkont@google.com> > Reviewed-by: Andreas Haas <ahaas@chromium.org> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> > Cr-Commit-Position: refs/heads/master@{#71374} TBR=jkummerow@chromium.org,ahaas@chromium.org,vkont@google.com Change-Id: I809de71155a76fce503ecd75c7c4854d507c3695 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:10982 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557990Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#71375}
-
Vicky Kontoura authored
This CL enables the --wasm-generic-wrapper flag by default. Bug: v8:10982 Change-Id: Iada906ce49810806c500ee3ca26e09e847b69a27 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2539915 Commit-Queue: Vicky Kontoura <vkont@google.com> Reviewed-by: Andreas Haas <ahaas@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#71374}
-
Andreas Haas authored
The total frame size returned by GetTotalFrameSize includes the frame marker. However, the frame marker is pushed on the stack with a push instruction. Therefore it is not needed to allocate memory for it again on the stack. This CL therefore reduces the memory allocated on the stack by the size of the frame marker. R=clemensb@chromium.org Bug: v8:11074 Change-Id: Ie04508a57a2c641a2ee5d89d72dd22ec0572b5e5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557510Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#71373}
-
Andreas Haas authored
R=clemensb@chromium.org Bug: v8:11074 Change-Id: I43036a826008027cf44179f1236f4feb9ef4c83b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2554608Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#71372}
-
Tobias Tebbi authored
Drive-by Torque changes: - kSize can be non-aligned, use SizeFor() instead for map allocation. - Factory functions use Torque-generated setters directly to work even if they are shadowed. - Allow class generation in the presence of custom weak fields, this was supported already. Bug: v8:7793 Change-Id: I7e2df45d550ff70973e5167459050fd84db03114 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2547285 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Seth Brenith <seth.brenith@microsoft.com> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Cr-Commit-Position: refs/heads/master@{#71371}
-
Vicky Kontoura authored
This CL temporarily disables use of the generic js-to-wasm wrapper for asm.js modules, since the generic js-to-wasm wrapper does not fully support them yet. Bug: v8:10982 Change-Id: I79a489075c689549b07bf1436c6115edb147cbe5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2554602Reviewed-by: Andreas Haas <ahaas@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Vicky Kontoura <vkont@google.com> Cr-Commit-Position: refs/heads/master@{#71370}
-
Clemens Backes authored
The top-level functions are already in an anonymous namespace, hence 'inline' is redundant. Similar for the methods defined within the class declaration. R=manoskouk@chromium.org Bug: v8:11074 Change-Id: I84f790aa2826e4f9e9efcea7cabe75d6ea05f070 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2554605Reviewed-by: Manos Koukoutos <manoskouk@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#71369}
-
Manos Koukoutos authored
OpcodeLength in function-body-decoder was implemented in a way that did not detect invalid non-prefixed opcodes, even when {validate} was on. This CL brings its behavior in line with prefixed opcodes and validation requirements. Change-Id: I53fec32f13bd18a2ed0c7a7666d69fc09603db56 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2552516 Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#71368}
-
Clemens Backes authored
A simple fix to avoid an unneeded instruction. R=ahaas@chromium.org Bug: chromium:1152363 Change-Id: I7188156816ab24ed88fb1cd79859aa9f0b6c948b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557513Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#71367}
-
Manos Koukoutos authored
This is a reland of 21f001e8 Original change's description: > [wasm] Small changes in opcode organization > > Changes: > - Move call_ref and return_call_ref to misc opcodes. > - Create macro which groups all simd opcodes. > > Change-Id: I7742c8a27fe8859d1bbe129d8056420aaffe0931 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2549948 > Reviewed-by: Andreas Haas <ahaas@chromium.org> > Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> > Cr-Commit-Position: refs/heads/master@{#71355} Change-Id: Ie8a509520b4e9105fb1b6606458c80c2b6337faf Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557511Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/master@{#71366}
-
Georg Neis authored
Change-Id: Ib1855adbf0292381f2b279d5b44fbddff551a4d5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557499 Auto-Submit: Georg Neis <neis@chromium.org> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/master@{#71365}
-
Georg Neis authored
SL's VisitSpeculativeIntegerAdditiveOp was setting Signed32 as restriction type even when relying on a Word32 truncation in order to skip the overflow check. This is not sound. Bug: chromium:1150649 Change-Id: I3113a2102c62d6ecef342c98d25daf31431c01ed Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557498Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#71364}
-
Clemens Backes authored
Make compileAndRunWithOrigin accept the same six arguments as inspector-test. This makes inspector tests more useful as seed for the inspector fuzzer, and allows to run more inspector fuzzer outputs directly in the inspector-test binary. R=szuend@chromium.org Bug: chromium:1142437 Change-Id: Ib9e9768c834204ff17a641e9d462400a139bf6b0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557507Reviewed-by: Simon Zünd <szuend@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#71363}
-
Maya Lekova authored
This reverts commit 1341dbd2. Reason for revert: The new test is failing on arm64 simulator MSAN - https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/35559 Original change's description: > [int] Fix security bug in Intl.ListFormat > > Also add test to ensure it won't crash. The crash is caused by int32_t overflow inside ICU68-1 > > Real fix in https://chromium.googlesource.com/chromium/deps/icu/+/3bf08c6a50f77921ae79d4e715b580b959e494c7 > > Bug: chromium:1150371 > Change-Id: I71c7bb3c50453fe3fa40226cab83bee0d865b0f0 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2551212 > Reviewed-by: Shu-yu Guo <syg@chromium.org> > Reviewed-by: Michael Achenbach <machenbach@chromium.org> > Commit-Queue: Frank Tang <ftang@chromium.org> > Cr-Commit-Position: refs/heads/master@{#71357} TBR=jkummerow@chromium.org,machenbach@chromium.org,ftang@chromium.org,syg@chromium.org Change-Id: I10862ad1fb308d1610b8f7a80cca43c010475397 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:1150371 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557512Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#71362}
-
Frank Tang authored
Bug: v8:11174 Change-Id: If84c9056d0147720dabce52154648b4086146d0c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2556258Reviewed-by: Frank Tang <ftang@chromium.org> Reviewed-by: Shu-yu Guo <syg@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/master@{#71361}
-
Dominik Inführ authored
For pages that are already swept, it can happen that one thread iterates old-to-new-slots while another thread promotes an object onto the same page. Accessing the slot_set in Scavenger::ScavengePage therefore needs to be atomic. Bug: v8:11077 Change-Id: I086db612ed4e861aa9bd1c18fdf5c0e17c519a4b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2555009 Auto-Submit: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#71360}
-
Manos Koukoutos authored
This reverts commit 21f001e8. Reason for revert: Changes in SIMD created merge errors. Original change's description: > [wasm] Small changes in opcode organization > > Changes: > - Move call_ref and return_call_ref to misc opcodes. > - Create macro which groups all simd opcodes. > > Change-Id: I7742c8a27fe8859d1bbe129d8056420aaffe0931 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2549948 > Reviewed-by: Andreas Haas <ahaas@chromium.org> > Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> > Cr-Commit-Position: refs/heads/master@{#71355} TBR=ahaas@chromium.org,manoskouk@chromium.org Change-Id: I31a9a0a62e1e40a09f29f944bccb18694236c62b No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557509Reviewed-by: Manos Koukoutos <manoskouk@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/master@{#71359}
-
Jakob Gruber authored
The Code object returned by CompileOptimized runtime functions is tail-called to continue execution. This Code object should not be the CompileLazy builtin. We ran into this case when the requested code kind was available, but not attached - here we returned early from Compiler::CompileOptimized without doing anything. To satisfy the postcondition, this CL removes the early exit and lets GetOptimizedCode handle the cached cases (both the FeedbackVector's optimized code cache, and the isolate cache). Bug: v8:8888 Change-Id: Ie60e6cf27b697ea6685441184b65f28f3583f75a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557500Reviewed-by: Mythri Alle <mythria@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#71358}
-
Frank Tang authored
Also add test to ensure it won't crash. The crash is caused by int32_t overflow inside ICU68-1 Real fix in https://chromium.googlesource.com/chromium/deps/icu/+/3bf08c6a50f77921ae79d4e715b580b959e494c7 Bug: chromium:1150371 Change-Id: I71c7bb3c50453fe3fa40226cab83bee0d865b0f0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2551212Reviewed-by: Shu-yu Guo <syg@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/master@{#71357}
-