Skip to content

V
V8
Switch branch/tag
  1. 06 May, 2022 1 commit
    • Clemens Backes's avatar
      [assembler] Remove the "no condition" · 738f4b69
      Clemens Backes authored 
      The no_condition / kNoCondition not only has the flaw that it's a
special case which represents an illegal / nonexisting condition, and
thus needs special handling in all methods which get a condition as
input (this check is often missing), it is also weird in that every
negative condition value must be considered a "no condition".

It turns out that this "no condition" is rarely used, and can easily be
avoided by duplicating methods, or storing a {base::Optional<Condition>}
instead (not needed anywhere yet).

This is a follow-up to https://crrev.com/c/3629553.

R=tebbi@chromium.org, pthier@chromium.org

Bug: v8:12425
Change-Id: Id2270b1660fcb0aff0a8460961b57068ed1c3c73
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3632102Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: 's avatarPatrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80397}
      738f4b69
  3. 05 May, 2022 2 commits
  5. 22 Apr, 2022 1 commit
  7. 20 Apr, 2022 1 commit
  9. 16 Mar, 2022 1 commit
  11. 14 Mar, 2022 1 commit
  13. 23 Feb, 2022 1 commit
  15. 18 Jan, 2022 1 commit
  17. 16 Dec, 2021 1 commit
    • Seth Brenith's avatar
      Revert "Shorten generated code for binary-search switches" · c84bcd74
      Seth Brenith authored 
      This reverts commit 00a757fa.

Reason for revert: Caused perf regressions, https://crbug.com/1280236

Original change's description:
> Shorten generated code for binary-search switches
>
> On some branches of the search tree for a binary-search switch, the
> input value is sufficiently constrained that we could unconditionally
> jump to the last possible case rather than checking for value equality.
> This shortens some builtins by a few instructions and might speed things
> up, though I expect the effect to be small.
>
> Change-Id: I2313f26976e6d3c182f03bd927b338c8175b3af3
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3335437
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
> Cr-Commit-Position: refs/heads/main@{#78376}

Bug: chromium:1280236
Change-Id: I88d9ff64641b85d48198b7012df2eeb9441913b5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3343234
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: 's avatarNico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#78397}
      c84bcd74
  19. 15 Dec, 2021 1 commit
    • Samuel Groß's avatar
      V8 Sandbox rebranding · 277fdd1d
      Samuel Groß authored 
      This CL renames a number of things related to the V8 sandbox.
Mainly, what used to be under V8_HEAP_SANDBOX is now under
V8_SANDBOXED_EXTERNAL_POINTERS, while the previous V8 VirtualMemoryCage
is now simply the V8 Sandbox:

V8_VIRTUAL_MEMORY_CAGE => V8_SANDBOX
V8_HEAP_SANDBOX => V8_SANDBOXED_EXTERNAL_POINTERS
V8_CAGED_POINTERS => V8_SANDBOXED_POINTERS
V8VirtualMemoryCage => Sandbox
CagedPointer => SandboxedPointer
fake cage => partially reserved sandbox
src/security => src/sandbox

This naming scheme should simplify things: the sandbox is now the large
region of virtual address space inside which V8 mainly operates and
which should be considered untrusted. Mechanisms like sandboxed pointers
are then used to attempt to prevent escapes from the sandbox (i.e.
corruption of memory outside of it). Furthermore, the new naming scheme
avoids the confusion with the various other "cages" in V8, in
particular, the VirtualMemoryCage class, by dropping that name entirely.

Future sandbox features are developed under their own V8_SANDBOX_X flag,
and will, once final, be merged into V8_SANDBOX. Current future features
are sandboxed external pointers (using the external pointer table), and
sandboxed pointers (pointers guaranteed to point into the sandbox, e.g.
because they are encoded as offsets). This CL then also introduces a new
build flag, v8_enable_sandbox_future, which enables all future features.

Bug: v8:10391
Change-Id: I5174ea8f5ab40fb96a04af10853da735ad775c96
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3322981Reviewed-by: 's avatarHannes Payer <hpayer@chromium.org>
Reviewed-by: 's avatarIgor Sheludko <ishell@chromium.org>
Reviewed-by: 's avatarMichael Achenbach <machenbach@chromium.org>
Reviewed-by: 's avatarToon Verwaest <verwaest@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78384}
      277fdd1d
  21. 14 Dec, 2021 2 commits
    • Seth Brenith's avatar
      Shorten generated code for binary-search switches · 00a757fa
      Seth Brenith authored 
      On some branches of the search tree for a binary-search switch, the
input value is sufficiently constrained that we could unconditionally
jump to the last possible case rather than checking for value equality.
This shortens some builtins by a few instructions and might speed things
up, though I expect the effect to be small.

Change-Id: I2313f26976e6d3c182f03bd927b338c8175b3af3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3335437Reviewed-by: 's avatarNico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#78376}
      00a757fa
    • Seth Brenith's avatar
      Always emit unconditional jump in binary-search switch · dd9d4c96
      Seth Brenith authored 
      We probably expect a binary-search switch to take log(n) time in all
cases, but there is currently a possibility of that expectation being
broken. I'm not aware of any place where this actually happens, but if
the default handler immediately follows the switch dispatch block in
assembly order, then unconditional jump instructions for that handler
would be omitted. This omission could cause linear execution time, where
every case is checked before falling through to the default handler.

This change introduces a new function to emit an unconditional jump
instruction regardless of whether the target is the following block, and
uses that new function when generating a binary-search switch to ensure
consistently log(n) behavior.

Change-Id: I5cab86fd66386762519035410e3b532dc6fd764c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3335222Reviewed-by: 's avatarNico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#78370}
      dd9d4c96
  23. 02 Nov, 2021 2 commits
  25. 18 Oct, 2021 1 commit
  27. 12 Oct, 2021 1 commit
  29. 30 Sep, 2021 1 commit
  31. 26 Sep, 2021 1 commit
  33. 24 Sep, 2021 1 commit
  35. 30 Aug, 2021 1 commit
  37. 21 Aug, 2021 1 commit
  39. 13 Aug, 2021 1 commit
  41. 12 Aug, 2021 1 commit
  43. 05 Aug, 2021 1 commit
  45. 28 Jun, 2021 1 commit
  47. 14 Jun, 2021 1 commit
  49. 07 Jun, 2021 1 commit
  51. 01 Jun, 2021 1 commit
  53. 26 May, 2021 1 commit
  55. 25 May, 2021 1 commit
  57. 24 May, 2021 1 commit
  59. 19 May, 2021 1 commit
  61. 13 May, 2021 2 commits
  63. 11 May, 2021 1 commit
  65. 10 May, 2021 3 commits
  67. 04 May, 2021 1 commit