- 18 May, 2021 12 commits
-
-
Ross McIlroy authored
Reverts part of the change https://chromium-review.googlesource.com/c/v8/v8/+/2892664 to avoid using bitfields for Truncation since it causes older versions of gcc to report a warning. BUG=v8:9684 Change-Id: Ia807d6dbbb5ae1baae73bf5816c336b9b80ae83d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2900660 Auto-Submit: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#74624}
-
Lu Yahan authored
Change-Id: I0fb3a4738c8e9b4b4328b8a1e142eefed61ec998 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2881494 Commit-Queue: Yahan Lu <yahan@iscas.ac.cn> Reviewed-by: Brice Dobry <brice.dobry@futurewei.com> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#74623}
-
Sathya Gunasekaran authored
This reverts commit 50cbeca9. Reason for revert: speculative revert for https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20no-concurrent-marking/3824/overview Original change's description: > [codegen] Use builtin calls for TSANRelaxedStore > > Instead of calling the C function directly from codegen, we call a > builtin that calls the C function. This is done to encapsulate the > push/pop registers in the code in the builtin. > > Bug: v8:7790, v8:11600 > Change-Id: I4c77a80803d4eb44526b716901afe0e8ccbe077d > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2892663 > Reviewed-by: Georg Neis <neis@chromium.org> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> > Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> > Cr-Commit-Position: refs/heads/master@{#74599} Bug: v8:7790 Bug: v8:11600 Change-Id: I3a4c57a29346fe6c84ec11404d8ff64cfac51a70 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2902926 Auto-Submit: Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#74622}
-
Sathya Gunasekaran authored
This reverts commit 4683d6fe. Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN/36744/overview Original change's description: > Reland "[compiler] Consider IsPendingAllocation in Ref construction" > > This is a reland of 5f0ac36c > > Fixes Ref construction failures in: > - MapRef::instance_descriptors > - NativeContext reads (see also crrev.com/c/2891575) > > Original change's description: > > [compiler] Consider IsPendingAllocation in Ref construction > > > > The logic in JSHeapBroker::TryGetOrCreateData assumes that parts > > of the object are safe to read. In particular, the instance type > > must be readable for the chain of `Is##Name()` type checks. > > > > This is guaranteed if > > > > - a global memory fence happened after object initialization and > > prior to the read by the compiler; or > > - the object was published through a release store and read through > > an acquire read. > > > > The former is protected by the new call to ObjectMayBeUninitialized > > (which internally calls IsPendingAllocation) in TryGetOrCreateData. > > > > The latter must be marked explicitly by calling the new > > MakeRefAssumeMemoryFence variant. > > > > Note that support in this CL is expected to be incomplete and will > > have to be extended in the future as more cases show up in which > > MakeRef calls must be converted to MakeRefAssumeMemoryFence or to > > TryMakeRef. > > > > Bug: v8:7790,v8:11711 > > Change-Id: Ic2f7d9fc46e4bfc3f6bbe42816f73fc5ec174337 > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2874663 > > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > > Reviewed-by: Georg Neis <neis@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#74474} > > Bug: v8:7790,v8:11711,chromium:1207680,chromium:1207679 > Change-Id: Ib3dbf59909e6982a3230dd6a67c9fb7d6ffb9ab4 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2886861 > Reviewed-by: Georg Neis <neis@chromium.org> > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/master@{#74587} Bug: v8:7790 Bug: v8:11711 Bug: chromium:1207680 Bug: chromium:1207679 Change-Id: I8cd45ac006b7b5f3d668d0df272bcba880c75926 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2901990Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#74621}
-
Sathya Gunasekaran authored
This reverts commit 0a661a9a. Reason for revert: 4683d6fe broke TSAN, reverting all its dependencies first (including this) https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN/36744/overview Original change's description: > Revert "[compiler] Temporarily change ContextRef back to kSerialized" > > This reverts commit 445f0f74. > > Reason for revert: TryMakeRef is again ready for this. > > Original change's description: > > [compiler] Temporarily change ContextRef back to kSerialized > > > > This can be reverted once TryMakeRef checks the heap predicate. > > I'm not reverting the previous CL because newer changes already depend > > on it. > > > > Tbr: jgruber@chromium.org > > Bug: v8:11765, v8:7790 > > Change-Id: Iacc6a78a70fe6f40c9421258889c2175fb400b04 > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891579 > > Reviewed-by: Georg Neis <neis@chromium.org> > > Commit-Queue: Georg Neis <neis@chromium.org> > > Auto-Submit: Georg Neis <neis@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#74531} > > Bug: v8:11765 > Bug: v8:7790 > Change-Id: I0b38791255182f1f8d0a5cf79f18d86568172487 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2897101 > Commit-Queue: Georg Neis <neis@chromium.org> > Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Auto-Submit: Georg Neis <neis@chromium.org> > Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/master@{#74591} Bug: v8:11765 Bug: v8:7790 Change-Id: I462b9b098781101549ebd6c185697d4b235c2888 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2901989 Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#74620}
-
Shu-yu Guo authored
Bug: v8:11719 Change-Id: Ib9064e09a77b03adc1234e2f1739983cdab24113 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2898778 Commit-Queue: Shu-yu Guo <syg@chromium.org> Reviewed-by: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#74619}
-
Sathya Gunasekaran authored
This reverts commit 59bb4325. Reason for revert: 4683d6fe broke TSAN, reverting all its dependencies first (including this) https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN/36744/overview Original change's description: > [compiler] Remove one ObjectRef constructor > > Remove the handle-taking ObjectRef constructor in favor of > (Try)MakeRef as bottleneck. > > Bug: v8:7790 > Change-Id: I3cc3a1dcef4bac53a91c573d1a532332b88c6eb4 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2883664 > Commit-Queue: Georg Neis <neis@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/master@{#74593} Bug: v8:7790 Change-Id: Ifdecf93a3a8c09a3da7118a269fc66c2ae0f1a09 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2901988Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#74618}
-
Sathya Gunasekaran authored
This reverts commit 6d99f933. Reason for revert: 4683d6fe broke TSAN, reverting all its dependencies first (including this) https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN/36744/overview Original change's description: > [compiler] Replace EnsureElementsTenured by IsElementsTenured > > We can't mutate heap state from the compiler thread; turn this into a > predicate and emit generic code if it returns false. > > Bug: v8:7790 > Change-Id: I6186a87e178d0c0206b6e7659fa2a41bf65fd835 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2876845 > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#74596} Bug: v8:7790 Change-Id: Ic32921a2f7d870560cd596933d6308a04d757e22 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2901986Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#74617}
-
Sathya Gunasekaran authored
This reverts commit 5258364e. Reason for revert: 4683d6fe broke TSAN, reverting all its dependencies first (including this) https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN/36744/overview Original change's description: > [compiler] Make NativeContextRef never-serialized > > Most NativeContext elements are immutable after initialization; > additionally, we now use acquire-release semantics to load/store > elements when possible. Reading and constructing Refs for elements > is thus possible from the background. > > A few notes: > > - A few elements are not immutable; if read from the background > thread, these must use acquire-release semantics. > - Elements can be stored from generated code; these are not compatible > with bg-thread accesses. > - While elements can be read safely from the native context, the > elements themselves may still require serialization; this is done in > NativeContextRef::Serialize. > > Bug: v8:7790 > Change-Id: I12e9611a292e7dd912438c712390731a5422407d > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2897254 > Auto-Submit: Jakob Gruber <jgruber@chromium.org> > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Commit-Queue: Georg Neis <neis@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#74604} Bug: v8:7790 Change-Id: I5c26b476a25a9af0ff4e56e51b5aa35d87cf35c1 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2901985 Auto-Submit: Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#74616}
-
Sathya Gunasekaran authored
This reverts commit 03fcd892. Reason for revert: breaks linux64 https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64/42874/overview Original change's description: > [compiler] Skip IsPendingAllocation check in Ref construction > > This temporarily reverts the key part of > https://chromium-review.googlesource.com/c/v8/v8/+/2886861 > in order to unblock the roll. > > Bug: v8:7790, chromium:1209798 > Change-Id: I10a02bdb2f1a0e0a2b1238481dc39a1d975ee5b2 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2896983 > Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> > Commit-Queue: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#74611} Bug: v8:7790 Bug: chromium:1209798 Change-Id: I79fae981acb3f2ddfc1d7d9a49a73d1741d19e71 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2901984 Auto-Submit: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#74615}
-
Shu-yu Guo authored
Bug: v8:11718 Change-Id: If903f5e336729fa55bec03acef40025ce20d6ce7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2898176Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/master@{#74614}
-
Frank Tang authored
https://chromium.googlesource.com/external/github.com/tc39/test262/+log/70bc32e..6d353a Bug: v8:7834, v8:10958 Change-Id: Ifa497643d8de2f8dc0f01af2d14c79f5aa84d7d2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2900879Reviewed-by: Shu-yu Guo <syg@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/master@{#74613}
-
- 17 May, 2021 28 commits
-
-
Michael Achenbach authored
tldr: This adds an on-demand comparison with x64 when a difference to a non-x64 build is detected. Normally foozzie compares the baseline build (just ignition), with two secondary builds. One, the default, always uses the shipping configuration, the second passes additional flags. Both can use a different architecture than the baseline build as well. Differences between ignition and turbofan are then often detected independent of the architectures used, but reported several times (for each compared architecture). This makes the reporting more specific, by running another build on demand that uses the baseline architecture, but otherwise the same configuration that showed a difference. If it shows the difference as well, the baseline architecture is used for the report. As a result only pure architecture differences will be reported with an architecture other than x64. This also adds some minor refactorings to reduce the code complexity when looping over comparisons. For testing this, the fake-d8s are extended with different behavior for different flags passed. We add two test cases for testing: x64 vs. ia32 with difference in x64 and ia32 x64 vs. ia32 with difference only in ia32 Bug: chromium:1196633 No-Try: true Test: tools/clusterfuzz/v8_foozzie_test.py Change-Id: Ic470ae8f0b37fb1628b32e4fafc0c39377e16f8c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2897099Reviewed-by: Liviu Rau <liviurau@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#74612}
-
Georg Neis authored
This temporarily reverts the key part of https://chromium-review.googlesource.com/c/v8/v8/+/2886861 in order to unblock the roll. Bug: v8:7790, chromium:1209798 Change-Id: I10a02bdb2f1a0e0a2b1238481dc39a1d975ee5b2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2896983Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#74611}
-
Clemens Backes authored
This fixes a compile error after https://crrev.com/c/2891829 if webassembly is disabled (v8_enable_webassembly = false). R=pfaffe@chromium.org Change-Id: Ia425a49d3de11e7c71bb65680ac6a94acd63599e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2900231 Commit-Queue: Clemens Backes <clemensb@chromium.org> Commit-Queue: Philip Pfaffe <pfaffe@chromium.org> Auto-Submit: Clemens Backes <clemensb@chromium.org> Reviewed-by: Philip Pfaffe <pfaffe@chromium.org> Cr-Commit-Position: refs/heads/master@{#74610}
-
Santiago Aboy Solanes authored
Continuing the cleanups and using the tags rather than synchronized_ in the name of the accessors. Bug: v8:7790 Change-Id: I3c2d0ccf54fa6161dbd9d12b1b9743a046534521 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2897095Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#74609}
-
Junliang Yan authored
Change-Id: I916f7564cc519d05867a29a2168a45d930999212 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2900229Reviewed-by: Milad Fa <mfarazma@redhat.com> Commit-Queue: Junliang Yan <junyan@redhat.com> Cr-Commit-Position: refs/heads/master@{#74608}
-
Michael Lippautz authored
Create verification state on first assignment and check that the reference slot is contained within the values heap if it is an on-heap reference. Bug: chromium:1056170 Change-Id: I0ce0e2bbd751186429950bb4f6bad97b273b3128 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2887509 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Auto-Submit: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/master@{#74607}
-
Liu Yu authored
Allow MultiPushMSA and MultiPushMSA to generate simd instructions in builtins on mips which don't support SIMD; And implement IsValidFloatParameterRegister on mips. Change-Id: Iac41930ce4bf39a41dd157e22e4194752df35b8c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2882676 Auto-Submit: Liu yu <liuyu@loongson.cn> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#74606}
-
Santiago Aboy Solanes authored
Continuing the cleanups and using the tags rather than synchronized_ in the name of the accessors. `map_word` (and its setter) can also be marked explicitly as relaxed to show that they are atomic accessors. Bug: v8:7790 Change-Id: I0725054ef37022c777f47660cb11cf839bb7f273 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2897094Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#74605}
-
Jakob Gruber authored
Most NativeContext elements are immutable after initialization; additionally, we now use acquire-release semantics to load/store elements when possible. Reading and constructing Refs for elements is thus possible from the background. A few notes: - A few elements are not immutable; if read from the background thread, these must use acquire-release semantics. - Elements can be stored from generated code; these are not compatible with bg-thread accesses. - While elements can be read safely from the native context, the elements themselves may still require serialization; this is done in NativeContextRef::Serialize. Bug: v8:7790 Change-Id: I12e9611a292e7dd912438c712390731a5422407d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2897254 Auto-Submit: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#74604}
-
Milad Fa authored
Change-Id: I264a06924d8ffcb8cce1febe9bde18280edeaea0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2896273Reviewed-by: Junliang Yan <junyan@redhat.com> Commit-Queue: Milad Fa <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/master@{#74603}
-
Philip Pfaffe authored
This is a reland of 0ce36e7d The reland includes two fixes: - Move the EvaluateGlobalForTesting into libv8 to avoid linkage issues and to avoid having to export ThreadLocalTop symbols. - Give the ExecutionMode enum a uint8_t backing type to avoid endianess issues. Original change's description: > [ic] Fix handling of API properties with side effects > > DebugEvaluate can evaluate expressions in side-effect-free mode, where > any operation that would cause observable side effects throws an > exception. Currently, when accessors are backed by callbacks, it's > possible that ICs call those accessors directly, bypassing the > side-effect checks. This CL introduces a bailouts to runtime in those > cases. > > Fixed: chromium:1201781 > Also-By: ishell@chromium.org, pfaffe@chromium.org > Change-Id: Ie53bfb2bff7b3420f2b27091e8df6723382cf53c > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2857634 > Commit-Queue: Philip Pfaffe <pfaffe@chromium.org> > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Reviewed-by: Yang Guo <yangguo@chromium.org> > Cr-Commit-Position: refs/heads/master@{#74507} Fixes: v8:11761 Change-Id: I58cde8bd11ba0fc9d83adc19fa87733628ab6c13 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891829Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Philip Pfaffe <pfaffe@chromium.org> Cr-Commit-Position: refs/heads/master@{#74602}
-
Omer Katz authored
This is a reland of 4f4b4f74 Original change's description: > cppgc-js: Add unittest for CollectCustomSpaceStatisticsAtLastGC > > Drive-by: fix delayed task implementation in cpp-heap.cc. > > Bug: chromium:1056170 > Change-Id: Ie92d909056532047b378ebfafeb98273997e60e9 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2883618 > Commit-Queue: Omer Katz <omerkatz@chromium.org> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Cr-Commit-Position: refs/heads/master@{#74530} Bug: chromium:1056170 Change-Id: Ic3a7bb269e23acf728af57a9733600567659e76b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2897084 Commit-Queue: Omer Katz <omerkatz@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#74601}
-
Antonio Sartori authored
The method changes a global flag, depending upon which v8 attaches or not the SharedArrayBuffer constructor to global objects. Chrome ended up calling it when some contexts had already been created, leading to inconsistencies. (Also) because of that, we decided to change the mechanism for enabling cross-origin isolation (cf. https://crrev.com/c/2880215). I believe it is better not to expose this method. Bug: chromium:923807 Change-Id: I269cb1c5406f999a395bbb7657574c0f73b4ae99 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2900224Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Antonio Sartori <antoniosartori@chromium.org> Cr-Commit-Position: refs/heads/master@{#74600}
-
Santiago Aboy Solanes authored
Instead of calling the C function directly from codegen, we call a builtin that calls the C function. This is done to encapsulate the push/pop registers in the code in the builtin. Bug: v8:7790, v8:11600 Change-Id: I4c77a80803d4eb44526b716901afe0e8ccbe077d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2892663Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#74599}
-
Jakob Kummerow authored
Turns out std::sort() gets angry when various ranges of an array alias each other in memory. We wouldn't like it when it's angry. Fixed: chromium:1209152 Change-Id: Ic927b46c59d10f7d3856768628c773b344005979 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2897098 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Auto-Submit: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#74598}
-
Ross McIlroy authored
Move a field and pack enums in Truncation to save 2 word for each NodeInfo. BUG=v8:9684 Change-Id: Ib470019b13a1cb8586c1bc585ff1aff6a88267ef Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2892664 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#74597}
-
Jakob Gruber authored
We can't mutate heap state from the compiler thread; turn this into a predicate and emit generic code if it returns false. Bug: v8:7790 Change-Id: I6186a87e178d0c0206b6e7659fa2a41bf65fd835 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2876845 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#74596}
-
Jakob Gruber authored
When fuzzing and concurrent compilation is enabled, disable Turbofan tracing flags since reading/printing heap state is not thread-safe and leads to false positives on TSAN bots. For future work: consider teaching fuzzers to avoid these flags instead of forcing implications in V8. Bug: chromium:1205289 Change-Id: Icc26abd7c628cbcdd3671a27f955fb9fe7207172 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2897102Reviewed-by: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#74595}
-
Michael Lippautz authored
ObjectView abstracts Start/End/Size of an object over the different internal representations (HeapObjectHeader and LargePage). Bug: chromium:1056170 Change-Id: I4e888f907fff94c1b02d5e21b4ec3f4a78a471f8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2892081 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/master@{#74594}
-
Georg Neis authored
Remove the handle-taking ObjectRef constructor in favor of (Try)MakeRef as bottleneck. Bug: v8:7790 Change-Id: I3cc3a1dcef4bac53a91c573d1a532332b88c6eb4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2883664 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#74593}
-
Santiago Aboy Solanes authored
The instance_size of a live map can change via ShrinkInstanceSize. This change was outside of the scope of the MapUpdater. In order to have a consistent view of the data, the concurrent reader will access the map updater lock if needed. Also refactor MapUpdaterMutexDepthScope (now named `MapUpdaterGuardIfNeeded`) so that A) it's not possible to forget to lock it, and B) add V8_NODISCARD to the class. As a second refactor use std::function in TraverseCallback. Bug: v8:7790 Change-Id: I57dd00699ccb1c9f132a950db93704b07ca115ac Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2862765Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#74592}
-
Georg Neis authored
This reverts commit 445f0f74. Reason for revert: TryMakeRef is again ready for this. Original change's description: > [compiler] Temporarily change ContextRef back to kSerialized > > This can be reverted once TryMakeRef checks the heap predicate. > I'm not reverting the previous CL because newer changes already depend > on it. > > Tbr: jgruber@chromium.org > Bug: v8:11765, v8:7790 > Change-Id: Iacc6a78a70fe6f40c9421258889c2175fb400b04 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891579 > Reviewed-by: Georg Neis <neis@chromium.org> > Commit-Queue: Georg Neis <neis@chromium.org> > Auto-Submit: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#74531} Bug: v8:11765 Bug: v8:7790 Change-Id: I0b38791255182f1f8d0a5cf79f18d86568172487 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2897101 Commit-Queue: Georg Neis <neis@chromium.org> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Auto-Submit: Georg Neis <neis@chromium.org> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#74591}
-
Jakob Gruber authored
Bug: chromium:1209774 Change-Id: Ie4d9a673a1c9d91d47cfb75682ff381a4c3075ed Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2897100 Auto-Submit: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#74590}
-
Santiago Aboy Solanes authored
This ends up cleaning up the last of the macros in object-macros which were using `synchronized_`. There are still a few methods which use `synchronized_` but those were defined ad-hoc (i.e. w/o macros). Bug: v8:7790 Change-Id: Ib2d35030fd032293e746c09e10156e526af8d032 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2897085Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#74589}
-
Clemens Backes authored
This will allow us to refactor those V8 files without being concerned about potential interference with the security of the trap handler. This requires the duplication of V8_EXPORT_PRIVATE, the CHECK/DCHECK macros, and V8_DISABLE_ASAN. The trap-handler specific definitions are prefixed with "TH_". R=ahaas@chromium.org Bug: v8:11755 Change-Id: Iac39b553704ef50e51937375c8db805d57ce2625 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2880218 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#74588}
-
Jakob Gruber authored
This is a reland of 5f0ac36c Fixes Ref construction failures in: - MapRef::instance_descriptors - NativeContext reads (see also crrev.com/c/2891575) Original change's description: > [compiler] Consider IsPendingAllocation in Ref construction > > The logic in JSHeapBroker::TryGetOrCreateData assumes that parts > of the object are safe to read. In particular, the instance type > must be readable for the chain of `Is##Name()` type checks. > > This is guaranteed if > > - a global memory fence happened after object initialization and > prior to the read by the compiler; or > - the object was published through a release store and read through > an acquire read. > > The former is protected by the new call to ObjectMayBeUninitialized > (which internally calls IsPendingAllocation) in TryGetOrCreateData. > > The latter must be marked explicitly by calling the new > MakeRefAssumeMemoryFence variant. > > Note that support in this CL is expected to be incomplete and will > have to be extended in the future as more cases show up in which > MakeRef calls must be converted to MakeRefAssumeMemoryFence or to > TryMakeRef. > > Bug: v8:7790,v8:11711 > Change-Id: Ic2f7d9fc46e4bfc3f6bbe42816f73fc5ec174337 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2874663 > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#74474} Bug: v8:7790,v8:11711,chromium:1207680,chromium:1207679 Change-Id: Ib3dbf59909e6982a3230dd6a67c9fb7d6ffb9ab4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2886861Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#74587}
-
Lu Yahan authored
Bug: v8:11767 Change-Id: I8ddd578bbc60c72c8d8e269da5492e6fce68482d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2894025Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Auto-Submit: Yahan Lu <yahan@iscas.ac.cn> Cr-Commit-Position: refs/heads/master@{#74586}
-
Clemens Backes authored
V8 uses "thread_local" since several years now, so we can assume it to be available on all platforms. This avoids a cumbersome macro definition. R=ahaas@chromium.org Bug: v8:11755 Change-Id: I64826188a15a22238ffbcb3215a5b5d66470d573 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2885038Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#74585}
-