- 10 Nov, 2020 29 commits
-
-
Manos Koukoutos authored
When comparing a decoded i33 value (v) to an expected value (ex) given as a 7-bit unsigned byte, we first truncated (v) to 7 bits. This resulted in values which coincide with (ex) only in the last 7 digits to erroneously be accepted. Bug: v8:7748 Change-Id: Iaf40d5be7bbfa80535cec9109c7dd19a9d96edaf Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2526387 Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#71091}
-
Victor Gomes authored
- It also fixes padding issues in the deoptimizer Change-Id: Icac62892657830d067b7c21ff45b43ba58e350d9 Bug: v8:10201 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2498694 Commit-Queue: Victor Gomes <victorgomes@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#71090}
-
Clemens Backes authored
A new compile job can be scheduled from any thread, and {current_compile_job_} is documented to be protected by {mutex_}. Hence take the mutex before writing that field. R=thibaudm@chromium.org, ahaas@chromium.org Bug: v8:11089 Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng Change-Id: I2d3b2c51a7d24c7e827bb7ddc9c76b718c2ccb4c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2529140Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#71089}
-
Michael Achenbach authored
This reverts commit df156ffc. Reason for revert: experiment over Original change's description: > Reland "Temporary compilation failure to test tree closing" > > This is a reland of e3ec228c > > Original change's description: > > Temporary compilation failure to test tree closing > > > > This will be reverted after testing the new tree closer. > > > > No-Try: true > > Bug: v8:10661 > > Change-Id: I1b47976ee38cda447e2960ca4b6bd274f16425fe > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2529131 > > Reviewed-by: Maya Lekova <mslekova@chromium.org> > > Reviewed-by: Liviu Rau <liviurau@chromium.org> > > Reviewed-by: Clemens Backes <clemensb@chromium.org> > > Commit-Queue: Michael Achenbach <machenbach@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#71081} > > No-Try: true > Bug: v8:10661 > Change-Id: Ia628c5eb7609b57c9ad7ebe042e63d056e0ff85f > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2529144 > Commit-Queue: Michael Achenbach <machenbach@chromium.org> > Reviewed-by: Clemens Backes <clemensb@chromium.org> > Reviewed-by: Maya Lekova <mslekova@chromium.org> > Cr-Commit-Position: refs/heads/master@{#71085} TBR=machenbach@chromium.org,clemensb@chromium.org,mslekova@chromium.org,liviurau@chromium.org Change-Id: I11d7c3de64ef26c7d53210463d5477d15fa925b7 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:10661 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2529146Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#71088}
-
Marja Hölttä authored
The tests assert that funcs are optimized / deoptimized a certain way. Bug: v8:9237, v8:11138 Change-Id: Ia4879e722e442be52de0bf93919eb03fecb88147 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2529136Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#71087}
-
Ross McIlroy authored
Also moves CallStubN to be a private member of code-assembler. BUG=v8:6949,v8:11074 Change-Id: I88a36819aead919cc4f4deff201925562fc9f74f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2527061Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Auto-Submit: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#71086}
-
Michael Achenbach authored
This is a reland of e3ec228c Original change's description: > Temporary compilation failure to test tree closing > > This will be reverted after testing the new tree closer. > > No-Try: true > Bug: v8:10661 > Change-Id: I1b47976ee38cda447e2960ca4b6bd274f16425fe > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2529131 > Reviewed-by: Maya Lekova <mslekova@chromium.org> > Reviewed-by: Liviu Rau <liviurau@chromium.org> > Reviewed-by: Clemens Backes <clemensb@chromium.org> > Commit-Queue: Michael Achenbach <machenbach@chromium.org> > Cr-Commit-Position: refs/heads/master@{#71081} No-Try: true Bug: v8:10661 Change-Id: Ia628c5eb7609b57c9ad7ebe042e63d056e0ff85f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2529144 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#71085}
-
Jakob Gruber authored
Construction of JSFunction objects is complex, mostly due to the existence of multiple functions kinds (JS, wasm, builtin, test, ...) that are all created slightly differently. For example, JS functions may come with an existing FeedbackCell (and FeedbackVector), while builtins and wasm functions always use the many_closures_cell (without a vector). Prior to this CL, construction logic was scattered over a family of 7 functions, without a clearly defined chokepoint for header initialization. This was hard to understand, hard to modify, and needlessly inefficient (by setting some fields twice). This CL fixes all that by introducing JSFunctionBuilder. The BuildRaw method is the chokepoint for allocation and initialization, and Build performs common pre- and post-work. Future work: - Remove now-deprecated functions. - Untangle SFI/Map/JSFunction construction and remove Factory::NewFunction and NewFunctionArgs. Bug: v8:8888 Change-Id: I709a2a44ee02e10593a4c9afe43d4d2c6d6351c4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2527098Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#71084}
-
Michael Achenbach authored
This reverts commit a9252d70. Reason for revert: experiment done Original change's description: > Temporary failure for tree-closer test > > CL to test tree-closure. This CL will be reverted afterwards. > > No-Try: true > Bug: v8:10661 > Change-Id: I07cdedc530dd3718a9537bca51fbb40b83a3e8b9 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2527100 > Commit-Queue: Liviu Rau <liviurau@chromium.org> > Reviewed-by: Liviu Rau <liviurau@chromium.org> > Reviewed-by: Maya Lekova <mslekova@chromium.org> > Cr-Commit-Position: refs/heads/master@{#71075} TBR=machenbach@chromium.org,mslekova@chromium.org,liviurau@chromium.org Change-Id: I830daa57a10f284d96e8532b6117d627817f1da8 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:10661 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2529138Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#71083}
-
Michael Achenbach authored
This reverts commit e3ec228c. Reason for revert: experiment done Original change's description: > Temporary compilation failure to test tree closing > > This will be reverted after testing the new tree closer. > > No-Try: true > Bug: v8:10661 > Change-Id: I1b47976ee38cda447e2960ca4b6bd274f16425fe > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2529131 > Reviewed-by: Maya Lekova <mslekova@chromium.org> > Reviewed-by: Liviu Rau <liviurau@chromium.org> > Reviewed-by: Clemens Backes <clemensb@chromium.org> > Commit-Queue: Michael Achenbach <machenbach@chromium.org> > Cr-Commit-Position: refs/heads/master@{#71081} TBR=machenbach@chromium.org,clemensb@chromium.org,mslekova@chromium.org,liviurau@chromium.org Change-Id: I16b03d0e86b23cbf55fcd3e7f40976897e138229 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:10661 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2529137Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#71082}
-
Michael Achenbach authored
This will be reverted after testing the new tree closer. No-Try: true Bug: v8:10661 Change-Id: I1b47976ee38cda447e2960ca4b6bd274f16425fe Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2529131Reviewed-by: Maya Lekova <mslekova@chromium.org> Reviewed-by: Liviu Rau <liviurau@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#71081}
-
Camillo Bruni authored
This is mostly an auto-conversion done by several tools. - use let / const - use arrow functions - use template strings There are some additional manual rewrite required to modernize the code further. Change-Id: I63a7a43b05b14b33ad9941350d3d5f26aab10ba0 Bug: v8:10667 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2519564Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#71080}
-
Tobias Tebbi authored
Bug: v8:7793 TBR=hpayer@chromium.org Change-Id: I88644c9476b74f57d3cf7a3056a9b70f1467b96d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2489689 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/master@{#71079}
-
Clemens Backes authored
This reverts commit a74f9eb6. Reason for revert: Data race: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/34121 Original change's description: > [wasm]: Use CancelAndDetach and barrier on BackgroundCompileJob. > > To avoid keeping around a list of job handles, CancelAndDetach() is > used in CancelCompilation. Dependency on WasmEngine is handled by a > barrier that waits on all jobs to finish. > > > Change-Id: I685a1737354b2fb3d1f4b98580926a93da38be5b > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2498659 > Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Clemens Backes <clemensb@chromium.org> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> > Cr-Commit-Position: refs/heads/master@{#71074} TBR=ulan@chromium.org,jkummerow@chromium.org,clemensb@chromium.org,etiennep@chromium.org Change-Id: I9288abd03b572059ac5278d2e5b84bd418b4d69d No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2529132Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#71078}
-
Marja Hölttä authored
This is the second reland of https://chromium-review.googlesource.com/c/v8/v8/+/2487122 , this time without RuntimeCallStats in the tests. Generalize the existing property lookup machinery (JSNCS::ReduceNamedAccess) to handle the case where the lookup_start_object and the receiver are different objects. Design doc: https://docs.google.com/document/d/1b_wgtExmJDLb8206jpJol-g4vJAxPs1XjEx95hwRboI/edit#heading=h.xqthbgih7l2l Bug: v8:9237 Change-Id: I782df6e032ff8191082b425e68d68b69cef0a560 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2527092 Auto-Submit: Marja Hölttä <marja@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#71077}
-
Sathya Gunasekaran authored
Instead of just warning, let's try to format the files as well Bug: v8:10670 Change-Id: I0dfbdc0ed4a96af7f2a2a472f1d0d3d332d39c90 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2523193 Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Auto-Submit: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#71076}
-
Michael Achenbach authored
CL to test tree-closure. This CL will be reverted afterwards. No-Try: true Bug: v8:10661 Change-Id: I07cdedc530dd3718a9537bca51fbb40b83a3e8b9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2527100 Commit-Queue: Liviu Rau <liviurau@chromium.org> Reviewed-by: Liviu Rau <liviurau@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#71075}
-
Etienne Pierre-doray authored
To avoid keeping around a list of job handles, CancelAndDetach() is used in CancelCompilation. Dependency on WasmEngine is handled by a barrier that waits on all jobs to finish. Change-Id: I685a1737354b2fb3d1f4b98580926a93da38be5b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2498659 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#71074}
-
Georg Neis authored
Bug: chromium:1147206 Change-Id: I53bc7fc6326c6656c154f1bdebf0ddebc178e146 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2527093 Commit-Queue: Georg Neis <neis@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Auto-Submit: Georg Neis <neis@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#71073}
-
Georg Neis authored
This is a reland of 3b6f7802. The compilation failures due to call-by-reference have been fixed. Original change's description: > [cleanup] Replace more uses of Min/Max by std::min/max > > Bug: v8:11074 > Change-Id: I94d53ea0aac123459ae60fc61748fedf0faac2f4 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2521147 > Reviewed-by: Maya Lekova <mslekova@chromium.org> > Commit-Queue: Georg Neis <neis@chromium.org> > Auto-Submit: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#71022} Bug: v8:11074 Change-Id: Ia01bfd014e481d3a13b306974f6837a65391b19c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2527064 Commit-Queue: Maya Lekova <mslekova@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Auto-Submit: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#71072}
-
Michael Achenbach authored
This reverts commit 915f729a. Reason for revert: Failing on Android: https://ci.chromium.org/p/v8/builders/ci/V8%20Android%20Arm64%20-%20N5X/11321 Original change's description: > Add regression tests for 4 calendar bugs > > These bugs was fixed by ICU68 > > Bug: v8:10526, v8:10527, v8:10528, v8:10529 > Change-Id: I8d0dcb52d849f742e0a29314ac8a148370f60a1a > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2527086 > Reviewed-by: Shu-yu Guo <syg@chromium.org> > Commit-Queue: Frank Tang <ftang@chromium.org> > Cr-Commit-Position: refs/heads/master@{#71062} TBR=jkummerow@chromium.org,ftang@chromium.org,syg@chromium.org Change-Id: I3173d1e7e991de63a8a6fa73be9b931faf6d9ef6 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:10526 Bug: v8:10527 Bug: v8:10528 Bug: v8:10529 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2527091Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#71071}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/6dd14a4..2101eff Rolling v8/third_party/aemu-linux-x64: a1yTNBS-h5GEUTwaKTzyZcC4sisB88wYX7_tvAkzSP0C..xP4TXh9wWGTG0qr4y6eFcUO_0HOBmt3vorgtVmpwBJsC Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/b674f8a..982b2a7 Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/192a0ed..a37c085 Rolling v8/tools/luci-go: git_revision:576741d3eed0fa33971fb34cd823650e6f5b47fb..git_revision:1a022d3a4c50be4207ee93451255d71896416596 Rolling v8/tools/luci-go: git_revision:576741d3eed0fa33971fb34cd823650e6f5b47fb..git_revision:1a022d3a4c50be4207ee93451255d71896416596 Rolling v8/tools/luci-go: git_revision:576741d3eed0fa33971fb34cd823650e6f5b47fb..git_revision:1a022d3a4c50be4207ee93451255d71896416596 TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com Change-Id: I91f9a8e5079721ca76c34bbd8e309e7567fbcace Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2528755Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#71070}
-
Zhi An Ng authored
Bug: v8:11038 Change-Id: Ia8b8c1c438d67ccfe5f27c452852c0f096062f56 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2503877 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by: Ben Smith <binji@chromium.org> Cr-Commit-Position: refs/heads/master@{#71069}
-
Zhi An Ng authored
Prototype i32x4.extadd_pairwise_i16x8_{s,u} and i16x8.extadd_pairwise_i8x16{s,u} (names not confirmed) on ARM64 and interpreter. With a simple test case. Bug: v8:11086 Change-Id: If1ffc04e179e86ca5cc209bf9ef9d337298e3cc2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2513872Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#71068}
-
Zhi An Ng authored
Introduce some helper functions to implement NEON operations that were performing unary operations or binary operations lane-wise. Not everything uses these helpers yet, in particular pairwise operations, or zip/transpose. Bug: v8:11074 Change-Id: Ia7e5b13ae79cd166c47535139d92adb7f7a7c1ab Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2516301 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#71067}
-
Daniel Clark authored
This change plumbs import assertions from SourceTextModuleDescriptor's ModuleRequestMap into SourceTextModuleInfo via a new ModuleRequest type, where previously there had been only the specifier. SourceTextModuleDescriptor::module_map now deduplicates module requests using the specifier and the import assertions. Continuing to use the specifier alone would cause a loss of information in the event that a module imports from the same specifier multiple times using different sets of assertions. Failing to deduplicate at all would result in multiple requests for statements like `import {a,b,c} from "foo.js"`, which would be a potential performance issue. See design doc at https://docs.google.com/document/d/1yuXgNHSbTAPubT1Mg0JXp5uTrfirkvO1g5cHHCe-LmY for more detail on this decision. v8::internal::ModuleRequest holds the assertions as an array of the form [key1, value1, position1, key2, value2, assertion2, ...]. However the parser still needs to use a map, since duplicate assertion keys need to be detected at parse time. A follow-up change will ensure that assertions are sorted using a proper lexicographic sort. Bug: v8:10958 Change-Id: Iff13fb9a37d58fc1622cd3cce78925ad2b7a14bb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2493060 Commit-Queue: Dan Clark <daniec@microsoft.com> Reviewed-by: Adam Klein <adamk@chromium.org> Reviewed-by: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#71066}
-
Zhi An Ng authored
Bug: v8:11074 Change-Id: I4e53abf1c4d5dcf8342eff98a699afeac7719d36 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2522731Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#71065}
-
Zhi An Ng authored
Bug: v8:11074 Change-Id: I181af917c141fb327213ae6303057f1bb87f4ac4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2524418Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#71064}
-
Frank Tang authored
Bug: v8:11131 Change-Id: I7007a11e3cfc5ea4ebab6bedc8b6ba4c7cafa456 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2527787Reviewed-by: Shu-yu Guo <syg@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/master@{#71063}
-
- 09 Nov, 2020 11 commits
-
-
Frank Tang authored
These bugs was fixed by ICU68 Bug: v8:10526, v8:10527, v8:10528, v8:10529 Change-Id: I8d0dcb52d849f742e0a29314ac8a148370f60a1a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2527086Reviewed-by: Shu-yu Guo <syg@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/master@{#71062}
-
Milad Fa authored
fctidz saturates the output in case of overflow. This cl makes the behaviour similar to s390 and sets the output to zero. Change-Id: Ic043625c46147eb02a65dfdbbcd883a067ba6981 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2527783Reviewed-by: Junliang Yan <junyan@redhat.com> Commit-Queue: Milad Fa <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/master@{#71061}
-
Clemens Backes authored
The arm implementation made the assumption that the {lhs} and {dst} registers are either the same, or there is no overlap. This assumption does not hold. ia32 on the other hand has a lot of complicated logic (and unnecessary code generation) for different cases of overlap. This CL fixes the arm issue *and* simplifies the ia32 logic by making the arm assumption hold, and using it to eliminate special handling on ia32. R=thibaudm@chromium.org Bug: chromium:1146861 Change-Id: I8753c2ed70349e735c03293130c899c0c8a3a671 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2526388Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#71060}
-
Clemens Backes authored
For the fuzzer it's unwise to exit on uncaught exceptions, as this terminates the whole fuzzing process. Just ignore those exceptions instead. Drive-by: Fix a typo. R=szuend@chromium.org Bug: chromium:1142437 Change-Id: Ided1c0f35840c158f157acd8c0bb1c12ecf8a37f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2526386 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#71059}
-
Shu-yu Guo authored
This reverts commit 30ca51ec. Reason for revert: TSAN failures https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/34104 Original change's description: > [super] Optimize super property access in JSNativeContextSpecialization > > This is a reland of https://chromium-review.googlesource.com/c/v8/v8/+/2487122 > > Generalize the existing property lookup machinery > (JSNCS::ReduceNamedAccess) to handle the case where the > lookup_start_object and the receiver are different objects. > > Design doc: https://docs.google.com/document/d/1b_wgtExmJDLb8206jpJol-g4vJAxPs1XjEx95hwRboI/edit#heading=h.xqthbgih7l2l > > Bug: v8:9237 > Change-Id: Ia8e79b00f7720f4e3e90801e49a0106e03b4767d > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2523197 > Commit-Queue: Marja Hölttä <marja@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#71052} TBR=marja@chromium.org,neis@chromium.org Change-Id: I2b10963a9a99f7b482f1014472a6a281fcf9b8c1 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:9237 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2527184Reviewed-by: Shu-yu Guo <syg@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/master@{#71058}
-
Ulan Degenbaev authored
The function was using an non-atomic marking state to check the color of the object. This is incorrect because concurrent marking may be running while the linear allocation area is freed. Bug: chromium:1139165 Change-Id: I20ef22908dfd8dcd75858707e884e87658dcb1cb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2526391 Auto-Submit: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#71057}
-
Clemens Backes authored
Instead of passing two bools to the {TaskRunner} constructor, pass to enums. This makes the semantics more clear in the caller. In the fuzzer, we actually *do not* want to catch exceptions. This semantic fix will be done in a follow-up CL, such that this CL is a pure refactoring. R=szuend@chromium.org Bug: v8:11074 Change-Id: I7f6df3a3f344524deb08db10b9317a6734b7ea42 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2526385Reviewed-by: Simon Zünd <szuend@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#71056}
-
Ulan Degenbaev authored
This adds a guard for a forwarding address in the debug mode checks of FixStaleLeftTrimmedHandlesVisitor::FixHandle. Bug: chromium:1146601 Change-Id: I6681352a91177c1d138a409d17e5d170bd43f11b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2526389 Auto-Submit: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#71055}
-
Clemens Backes authored
Joining the thread from the watchdog is problematic, since e.g. {pthread_join} (the implementation of {Thread::Join} on POSIX systems) has undefined behaviour if multiple threads try to join at the same time. In practice, this leads to deadlocks. Thus implement termination by just calling {TaskRunner::Terminate}, but not {TaskRunner::Join}. This fixes the deadlocks in the inspector fuzzer. The inspector test binary is fixed simarly, even though there it seems to not cause problems so far. In both files, the {Terminate} function is inlined into callers because it's only a single line now, with one to two users. Also, replace the single fuzzer test (which is invalid javascript) by two tests: One called "invalid" explicitly, still with invalid javascript, and one empty file, which is valid input. That one reproduced the deadlock. R=szuend@chromium.org Bug: chromium:1142437 Change-Id: I8fb98b0cdbf3ceff6af6849397e5da5a4e9acd3c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2526384Reviewed-by: Simon Zünd <szuend@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#71054}
-
Sara Tang authored
As part of an effort to prepare the Recorder interface for general use, we had to make some changes to the way the existing Wasm Events are being used. In particular, - it is more fitting to use a ElapsedTimer than a TimedScope to measure the durations in src/wasm/module-[decoder|instantiate].cc - we want to rename the wall_clock_time_in_us field to duration_in_us for clarity. Because these Wasm events are already being instantiated in chromium, renaming the field requires a two-step change. This is the first of those changes. Change-Id: If1b2990f7645616a59fc21d07ac10bf00701c0e5 Bug: v8:11109 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2518619Reviewed-by: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#71053}
-
Marja Hölttä authored
This is a reland of https://chromium-review.googlesource.com/c/v8/v8/+/2487122 Generalize the existing property lookup machinery (JSNCS::ReduceNamedAccess) to handle the case where the lookup_start_object and the receiver are different objects. Design doc: https://docs.google.com/document/d/1b_wgtExmJDLb8206jpJol-g4vJAxPs1XjEx95hwRboI/edit#heading=h.xqthbgih7l2l Bug: v8:9237 Change-Id: Ia8e79b00f7720f4e3e90801e49a0106e03b4767d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2523197 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#71052}
-