- 19 Jul, 2022 24 commits
-
-
Danylo Boiko authored
Implemented: - Remember nodes/blocks selection for Turboshaft layout - Test version of adapting nodes positions while changing op properties visibility - Turboshaft blocks collapsing Refactored: - text-view.ts - resizer.ts Solved previous comments: - https://chromium-review.googlesource.com/c/v8/v8/+/3706603/comments/62ffc361_7827e282 - https://chromium-review.googlesource.com/c/v8/v8/+/3700078/comments/d29ea456_f3c197d6 Bug: v8:7327 Change-Id: I9e141eb882ab0e22bd079b067e2229f5baa69433 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3752805 Commit-Queue: Danylo Boiko <danielboyko02@gmail.com> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/main@{#81817}
-
Michael Lippautz authored
Thread through compressed pointer into write barrier to allow to delay compression after checking whether a write barrier is actually needed. Change-Id: If7e6cbb69a57cc9aeeb551c11f685bace4e56c4c Bug: chromium:1325007 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3769826 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Anton Bikineev <bikineev@chromium.org> Cr-Commit-Position: refs/heads/main@{#81816}
-
v8-ci-autoroll-builder authored
Rolling both trusted-versions and trusted-origins and an additional patch coming from https://crrev.com/c/3706887. Rolling v8/buildtools/third_party/libc++/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxx/+log/b126981..88bf407 Rolling v8/buildtools/third_party/libunwind/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libunwind/+log/49191c5..955e2ff Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/8168f76..f05fcf7 Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/679de1e..6e435d6 Rolling v8/buildtools: https://chromium.googlesource.com/chromium/src/buildtools/+log/5cee6a2..a4506d5 R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com Bug: chromium:1345621 Change-Id: I0659a5f98c83bbc6f061259e798a4b85a7cd7c63 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3766889Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Liviu Rau <liviurau@chromium.org> Cr-Commit-Position: refs/heads/main@{#81815}
-
ishell@chromium.org authored
... when external code space is enabled. Currently this mode is guarded by V8_REMOVE_BUILTINS_CODE_OBJECTS flag which is set to false until Code-less builtins are supported. Drive-by: * remove unnecessary methods from AbstractCode, * avoid CodeDataContainer <-> Code roundtrips when accessing writable state of Code objects via CodeT. Bug: v8:11880 Change-Id: Iae3ff3b2feae68d875cbe9f82a6bb076460dd2f8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3769832 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#81814}
-
Pierre Langlois authored
We already generate BTI instructions with `BaselineAssembler::JumpTarget()` on `VisitSingleBytecode()`, so we shouldn't need to do it when binding a label. Bug: v8:13082 Change-Id: Ie4d645a2379c3feb4909be524b42ebd85a8d35af Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3771861Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Pierre Langlois <pierre.langlois@arm.com> Cr-Commit-Position: refs/heads/main@{#81813}
-
Darius M authored
When pointer compression is disabled, and sizeof(Tagged_t) is 8 (eg, arm64 without pointer compression), the function extract_first_nonzero_index is never used, which was causing a warning. Bug: v8:13048 Change-Id: I5a0fba4da4201e3be147632d891d0d9e20cb46eb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3769694Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Darius Mercadier <dmercadier@chromium.org> Cr-Commit-Position: refs/heads/main@{#81812}
-
ishell@chromium.org authored
The Code::constant_pool() segfaulted on configurations with disabled external code space when it was called on mallocced copy of a Code object. Bug: v8:11880 Change-Id: I86919002ef080486f1e4532c3a2d3352f4526508 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3772004 Auto-Submit: Igor Sheludko <ishell@chromium.org> Reviewed-by: Patrick Thier <pthier@chromium.org> Commit-Queue: Patrick Thier <pthier@chromium.org> Cr-Commit-Position: refs/heads/main@{#81811}
-
Danylo Boiko authored
- accelerated nodes selection for the old IR layout; - implemented turboshaft blocks layout building (blocks coordinates and edges); - extended interaction with user (selecting/hovering) for such things like: blocks/nodes/edges. Bug: v8:7327 Change-Id: I0b01679e9dde0bb7d94ba80dd0ee744f334e1968 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3747871Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Danylo Boiko <danielboyko02@gmail.com> Cr-Commit-Position: refs/heads/main@{#81810}
-
Philip Pfaffe authored
Thic CL adds a CDP API skeleton that will be used to disassemble WASM modules using V8's new disassembler. Bug: v8:12917, chromium:1325626 Change-Id: I4ca81aca923e9716653cd90367e5fad319483aae Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3721381Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Philip Pfaffe <pfaffe@chromium.org> Cr-Commit-Position: refs/heads/main@{#81809}
-
Jakob Kummerow authored
This includes several changes: - avoid a very-unlikely-but-theoretically-possible OOB write - avoid a somewhat-likely memory leak - grow the buffer less aggressively for medium-length strings Change-Id: I877f43d7e2e7cd4778ba8c7c7525ba988301f750 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3771900Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/main@{#81808}
-
Manos Koukoutos authored
Bug: v8:13006 Change-Id: Ia59bf5ca93403e055c65e4f28afc1b0f803bc531 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3771901Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/main@{#81807}
-
Manos Koukoutos authored
Notably: - As per convention, TrapIf/Unless should not return a control node. - Wasm-gc pipeline should not depend on FLAG_wasm_inlining. Change-Id: Ic593db1f979bec1cedfd9384b21487fc2763a35b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3771640Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/main@{#81806}
-
Samuel Groß authored
To work properly and securely, the sandbox requires cooperation from the Embedder, for example in the form of a custom ArrayBufferAllocator and later on custom type tags for external objects. As such, it likely does not make sense to enable the sandbox by default everywhere. Bug: v8:10391, v8:13058 Change-Id: Ief2720122f70b9a1bc3f2e6802e60b5b95b855d1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3771841Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Cr-Commit-Position: refs/heads/main@{#81805}
-
Leszek Swirski authored
DropRegisterAtEnd is used to free a register, to make space for the result of a node. Normally this frees up an input that is dead at the end of the node's lifetime, but under high local variable pressure, we might not have a dead value to drop. In these cases we have to spill a register through the normal spilling mechanism. Additionally, allow freeing up a blocked free register (i.e. a temporary) if this is possible. Bug: v8:7700 Change-Id: I0099751918cf5cb65c2a09337a3f080eb2c4dd14 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3769833Reviewed-by: Victor Gomes <victorgomes@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#81804}
-
Nikolaos Papaspyrou authored
This CL fixes a bug in the units of the reported metrics for V8.GC.Cycle.MainThread.Full.Incremental.Mark (ms instead of us). It also reports incremental marking/sweeping metrics (both for the unified heap and the C++ managed heap) only when incremental marking/sweeping were used; otherwise, no zero values are reported. Bug: chromium:1154636 Bug: chromium:1343507 Change-Id: Ibc0103ea62fa0eeb5f7184280c8514e99a5c21a3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3768502Reviewed-by: Omer Katz <omerkatz@chromium.org> Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#81803}
-
Victor Gomes authored
Bug: v8:7700 Change-Id: Id108820c75d8a3a84b90b8bb498aaaa603dfb0e0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3768412 Commit-Queue: Victor Gomes <victorgomes@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Auto-Submit: Victor Gomes <victorgomes@chromium.org> Cr-Commit-Position: refs/heads/main@{#81802}
-
v8-ci-autoroll-builder authored
Rolling v8/third_party/google_benchmark/src: https://chromium.googlesource.com/external/github.com/google/benchmark/+log/48c2d1c..d4bc509 Fix SOVERSION of shared library (Dominic Hamon) https://chromium.googlesource.com/external/github.com/google/benchmark/+/d4bc509 v1.6.2 bump (Dominic Hamon) https://chromium.googlesource.com/external/github.com/google/benchmark/+/7a2024e R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com,mlippautz@chromium.org Change-Id: I3aea0df8dc06edd78f3e4e8329ab17ed58a6ed6b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3768773Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#81801}
-
Victor Gomes authored
Similarly to TF, we inline ToBoolean directly on Maglev generated code. Most of the code is run as deferred, it "returns" true after 6 simple checks. ToBoolean is separated in a different function to be used by other nodes later (e.g. ToBooleanLogicalNot). Bug: v8:7700 Change-Id: I75d77b60ebfb1bb124c9e98ad381f8aefa0ac665 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3769688Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Victor Gomes <victorgomes@chromium.org> Cr-Commit-Position: refs/heads/main@{#81800}
-
Manos Koukoutos authored
Mostly test/fuzzer, test/inspector, test/unittests. Bug: v8:13006 Change-Id: I825efa5d72a224bb3cb9f86a9fac8763e9dbd1cf Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3769696Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/main@{#81799}
-
Victor Gomes authored
Additionally, the CL creates a BranchIfRootConstant node and updates JumpIfTrue and JumpIfFalse. Bug: v8:7700 Change-Id: I7ee98f4b726ffef0f7969231b598d6216b09ccfc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3769828Reviewed-by: Leszek Swirski <leszeks@chromium.org> Auto-Submit: Victor Gomes <victorgomes@chromium.org> Commit-Queue: Victor Gomes <victorgomes@chromium.org> Cr-Commit-Position: refs/heads/main@{#81798}
-
Leon Bettscheider authored
This CL is part of an effort to enable concurrent marking in MinorMC. For this purpose we plan to reuse the IncrementalMarking class which already implements a part of the concurrent marking code for MajorMC (and is currently coupled with MarkCompactCollector). We plan to parameterize IncrementalMarking with CollectorBase, which can be either MinorMarkCompactCollector or MarkCompactCollector, in a subsequent CL. Bug: v8:13012 Change-Id: I595bfdcb6e1abaa270d8037d889620433f26a416 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3749183 Commit-Queue: Leon Bettscheider <bettscheider@google.com> Reviewed-by: Omer Katz <omerkatz@chromium.org> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/main@{#81797}
-
Shu-yu Guo authored
Bug: v8:13081 Change-Id: I34a736e8c3aaf0712da677925ff7ad64842ebc54 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3770018 Auto-Submit: Shu-yu Guo <syg@chromium.org> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/main@{#81796}
-
Frank Tang authored
Change the return value to fallback while the property is not one specified in the value. https://github.com/tc39/proposal-intl-numberformat-v3/pull/92 Bug: v8:13053 Change-Id: I40e430152c71258f1ff85fec1d69928937d0ad99 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3759224 Commit-Queue: Frank Tang <ftang@chromium.org> Reviewed-by: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/main@{#81795}
-
JianxiaoLuIntel authored
The LeftTrimFixedArray will call OnMoveEvent every time. Even though when the profiling is not enabled in user mode, it still need to do some check, and the function call itself has certain overhead. This patch aims to remove the unnecessary check. We only need to check it when the logging status changes. Change-Id: I0e957860616a18415398f7753ed21caab5a4361f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3751964Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Jianxiao Lu <jianxiao.lu@intel.com> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/main@{#81794}
-
- 18 Jul, 2022 16 commits
-
-
Shu-yu Guo authored
This reverts commit 50e944f0. Reason for revert: Breaking GPU tests on all platforms https://ci.chromium.org/ui/p/v8/builders/ci/Win%20V8%20FYI%20Release%20(NVIDIA)/15929/overview https://ci.chromium.org/ui/p/v8/builders/ci/Mac%20V8%20FYI%20Release%20(Intel)/18070/overview https://ci.chromium.org/ui/p/v8/builders/ci/Linux%20V8%20FYI%20Release%20(NVIDIA)/20597/overview Original change's description: > [turbofan] Support Phi nodes in SL Verifier > > Drive-by: Fix incorrect typing of Phi node in > JSTypedLowering::ReduceJSHasInProtoypeChain > > Bug: v8:12619 > Change-Id: Iac6e04e7de7596caa11d021f2cb0759b50aa9bc3 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3755113 > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> > Cr-Commit-Position: refs/heads/main@{#81785} Bug: v8:12619 Change-Id: Idcd4881e981ae6f886ae2bc5ed77958f01bb178e No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3770010 Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Commit-Queue: Shu-yu Guo <syg@chromium.org> Auto-Submit: Shu-yu Guo <syg@chromium.org> Owners-Override: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/main@{#81793}
-
Frank Tang authored
Spec text: https://tc39.es/proposal-temporal/#sec-temporal-iso8601grammar Support 'T' prefix in time-only strings and require it in cases of ambiguity Remove TemporalDateString and TemporalRelativeToString from parser Change algorithm of ParseTemporalDateString Related spec changes: https://github.com/tc39/proposal-temporal/pull/1952 https://github.com/tc39/proposal-temporal/pull/2187 Bug: v8:11544 Change-Id: I7430afabb7dd78930b339b818bad7c7721decb99 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3636361Reviewed-by: Shu-yu Guo <syg@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/main@{#81792}
-
Jakob Kummerow authored
This adds a bunch of tracing hooks to the module decoder and uses them to support "annotated hexdump" output for full modules in wami: $ out/x64.release/wami my_module.wasm --full-hexdump Change-Id: I5821d940b5ec236df9708eecd0124172d8893ffd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3754741Reviewed-by: Manos Koukoutos <manoskouk@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/main@{#81791}
-
Lei Zhang authored
This file did not include all the headers it needed, so when https://crrev.com/c/3749178 removed a bunch of headers, the MSVC build broke. Add in the missing header to address the MSVC compiler falure. Change-Id: I646787cfde802d8cabe7d61bac2f2066beaec436 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3764190Reviewed-by: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org> Cr-Commit-Position: refs/heads/main@{#81790}
-
Milad Fa authored
Port d5b3d8e9 Original Commit Message: This change already landed for x64, now come arm and ia32. The code already existed for arm64. The wasm instance got pushed three times in the lazy-compile builtin: 1) as part of the parameters; 2) as a parameter for the runtime function; 3) to load the jump table address after the runtime function; The third push can be avoided by loading the jump table address after all parameters get loaded from the stack again. R=ahaas@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com BUG= LOG=N Change-Id: I731473b2d5e08e7ea5841ef589dd3f896b5302db Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3769698 Commit-Queue: Milad Farazmand <mfarazma@redhat.com> Reviewed-by: Junliang Yan <junyan@redhat.com> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/main@{#81789}
-
ishell@chromium.org authored
... in order to avoid expensive computation of cage_base for Code objects and in order to avoid issues with wrong cage base values computed from Code objects in external code space. Drive-by: cage-bas'ify some accessors in JSFunction and Code. This is a step towards Code-less embedded builtins. Bug: v8:11880 Change-Id: I95dd8bcd4680e09c7463e1bc7d72dcbf9f2e5c1c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3769831Reviewed-by: Patrick Thier <pthier@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Reviewed-by: Anton Bikineev <bikineev@chromium.org> Cr-Commit-Position: refs/heads/main@{#81788}
-
Matthias Liedtke authored
Bug: v8:7748 Change-Id: Ib8fadc272178fb0d49f7d5fab7d1953e2328a1ad Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3770107 Auto-Submit: Matthias Liedtke <mliedtke@google.com> Commit-Queue: Matthias Liedtke <mliedtke@google.com> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/main@{#81787}
-
ishell@chromium.org authored
Bug: v8:11880 Change-Id: I07d5811132d2b1e3cb853f58972970c77fdae026 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3769697 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Patrick Thier <pthier@chromium.org> Cr-Commit-Position: refs/heads/main@{#81786}
-
Nico Hartmann authored
Drive-by: Fix incorrect typing of Phi node in JSTypedLowering::ReduceJSHasInProtoypeChain Bug: v8:12619 Change-Id: Iac6e04e7de7596caa11d021f2cb0759b50aa9bc3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3755113Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/main@{#81785}
-
Thibaud Michaud authored
Until crbug.com/1269989 is completely resolved. R=clemensb@chromium.org Bug: chromium:1269989 Change-Id: I35f6278425857d727ea99470d9531fd70a58a3c0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3769692 Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#81784}
-
ishell@chromium.org authored
... which might be undefined during initialization. Bug: v8:13054 Change-Id: Ia3a7a95ffb1133b5d3d299c36bfb3875bcee2dfa Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3769830Reviewed-by: Patrick Thier <pthier@chromium.org> Auto-Submit: Igor Sheludko <ishell@chromium.org> Reviewed-by: Anton Bikineev <bikineev@chromium.org> Commit-Queue: Anton Bikineev <bikineev@chromium.org> Cr-Commit-Position: refs/heads/main@{#81783}
-
Andreas Haas authored
This change already landed for x64, now come arm and ia32. The code already existed for arm64. The wasm instance got pushed three times in the lazy-compile builtin: 1) as part of the parameters; 2) as a parameter for the runtime function; 3) to load the jump table address after the runtime function; The third push can be avoided by loading the jump table address after all parameters get loaded from the stack again. R=clemensb@chromium.org Bug: v8:13049, v8:12926 Change-Id: Ifdbe943520c031ec5c480798694bcacc490a64bc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3764348Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/main@{#81782}
-
Clemens Backes authored
This is a reland of commit 8218c061. Compile errors on mac arm64 are fixed. Original change's description: > [wasm] Reset PKRU before spawning new threads > > We sometimes hit the DCHECK in the wasm code manager: > DCHECK_IMPLIES(writable, !MemoryProtectionKeyWritable()); > > This is because we spawn new threads while having a > {CodeSpaceWriteScope} open. In the case of PKU, this changes the PKRU > register to allow writes to the code space, and the value of that > register is inherited by any new thread. If this thread then tries to > switch to writable code spaces, it hits the DCHECK. It would hit a > similar DCHECK when trying to execute code. > > We fix this issue by temporarily resetting the PKRU register to > non-writable while we call the {NotifyConcurrencyIncrease} method. This > is not a very robust solution, as any new call that potentially happens > inside a {CodeSpaceWriteScope} needs to do the same, but refactoring the > code to avoid spawning new threads while being in writable state would > be a lot of work with other downsides. > > R=jkummerow@chromium.org > > Bug: v8:13075 > Change-Id: Ibc7270aa597902dc6d9649cb6bcdfce8b1a9bafc > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3762579 > Commit-Queue: Clemens Backes <clemensb@chromium.org> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> > Cr-Commit-Position: refs/heads/main@{#81729} Bug: v8:13075 Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_compile_rel Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_compile_dbg Change-Id: I2e634959c969fc022393ae51c391397c7195ee54 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3769829 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/main@{#81781}
-
Leszek Swirski authored
We check page flags in the deferred write barrier, and bail out early if pointers to that page are not interesting. Make sure that the slot register saving happens after that early bailout, to avoid unbalanced push/pop. To avoid bugs like this in the future, add a stack size check as a prefix to every node's code gen. Bug: v8:7700 Change-Id: I54a00fcbc843d473a1ca1e6cf3d852a0c60621c0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3769695Reviewed-by: Igor Sheludko <ishell@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/main@{#81780}
-
ishell@chromium.org authored
... in particular: * safepoint table accessors, * constant pool accessors, * handler table accessors. This is a step towards Code-less embedded builtins. Bug: v8:11880 Change-Id: I50c21000a821d0895295e4003ab321ddd8856546 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3764349Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Auto-Submit: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/main@{#81779}
-
Clemens Backes authored
The stack offsets of cache slots are always positive, but the compiler does not know that. The lack of this knowledge makes division by the system pointer size significantly more expensive. One solution would be to rewrite the division to be an actual right shift. Another solution is to teach the compiler that offsets are positive. This CL does the latter. This reduces the overall Liftoff compile time of the reproducer in the linked issue by nearly 25%. R=jkummerow@chromium.org, cbruni@chromium.org Bug: v8:13063 Change-Id: Ib55b35d407e9909c792ae095a6767aaa03faebdc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3760453Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/main@{#81778}
-