The change at https://chromium-review.googlesource.com/c/v8/v8/+/1993971
introduced some new exports, but it appears the wrong macro was used for
the component being built (V8_BASE_EXPORT rather than V8_EXPORT_PRIVATE)
This breaks DLL builds (at least on MSVC, which I just fixed via
https://chromium-review.googlesource.com/c/v8/v8/+/1996157).
Adding Leszek who made the change, and Ulan and Toon as area OWNERS.
Bug: v8:8791
Change-Id: I916553992f7d42cba0f4d8ae46b014df6c5ef633
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2005528
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65833}
That way we don't need to generate bytecode for it.
Change-Id: Ie7e17f283cf5a096ab98c4fd01fd346b56b83576
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2004611
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65832}
This was used for debugging only. The DevTools frontend now receives the
raw wasm bytes, and disassembles the functions it needed. The inspector
change was done in https://crrev.com/c/1991481.
This CL removes all code which is now dead in v8.
R=ahaas@chromium.org, bmeurer@chromium.org
Change-Id: I2d433613f1270a1ddac9af0bae8d990ef190712a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2005072
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65831}
Add a cctest that contains a function with a SIMD parameter, and calls
that function. This will exercise two cases in Liftoff which involves
preparing to call the function, and processing the SIMD parameters of
the function. The tricky case here is ARM, which requires an FP pair.
Most of the logic added is to check the RegClass/type and construct the
right type of LiftoffRegister to use.
As a drive-by, added SIMD case to the various backends' Move
implementation. This is not exercised by the test case, requires more
complicated function setup.
Bug: v8:9909
Change-Id: I1d01e8c3bee0cf336d1a8ff537317c77aedfdac0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2004369
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65829}
Since:
1) The Int32Add will only look at the lower bits
2) The output of this instruction will clear the top
bits (in the same way that the movl does)
then the truncation is not needed.
Change-Id: Ic611ce435ff6216ce8b75bb7316af4372e3290e5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2000747
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65828}
Re-use set breakpoint logic for wasm script to set breakpoint to first
breakable position of given wasm function.
Bug: v8:9724
Change-Id: Ibd6b59d5b93c6895f71f0114291bf78db03aee0b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2001564
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65827}
We had a --log-instruction-stats option which would count executed instructions,
splitting them into categories. We haven't used this for some years so we're
proposing to just remove the code so it doesn't bitrot and allows further
cleanups.
Change-Id: If24d11608823e24689ea02f09f5e93b4a5acd636
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002819
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#65826}
Add 64-bit data size support to SHL and SHR, add simulator logic to
support new data size, and fix disasm.
For the disasm fix, casting size / 16 to NeonSize no longer works when
given a size of 64, it is 4, but should be 3.
Change-Id: I5bd1ce254cd3ff4b86159837087f22b2ed06703e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1994180
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65825}
Previously, V8 was just relinking nodes which broke when a move involves
an on-stack reference as such nodes have different semantics.
The solution is to create new internal nodes when necessary.
Bug: chromium:1040038
Change-Id: Ia5b3866ae68d014beb30972c4266aa5bae6559fc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002546
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65823}
Add the necessary V8_EXPORT_PRIVATE attributes and a few other minor
changes to make building DLLs with MSVC happy. (Note: Debug builds still
seem to be failing in Torque, but this fixes Release builds).
Bug: v8:8791
Change-Id: Ia4d5372fd1cb961e6268a2b5c089bcd17822f1e5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1996157
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65822}
This makes Liftoff inspection (scope reporting) also use the decoded
names of locals, which are now stored in a C++ data structure (see
https://crrev.com/c/2002541).
The call to {SetOwnPropertyIgnoreAttributes} had to be replaced by a
proper lookup first, to handle integer names and duplicate names
correctly. The test already covered these cases.
The test was extended by another unnamed local to also test the
generation of default names in case no name is provided.
R=thibaudm@chromium.org
Bug: v8:10019
Change-Id: I475bb4db9a32c39203180e9c8d3f8181c3882138
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002544
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65821}
TimeTicks cannot convert to other timeunits, only TimeDelta can
do that. Chrome's version of TimeBase introduced a `since_origin`
helper that essentially converts a TimeTicks object in to a
TimeDelta with the corresponding duration.
This CL ports that helper to V8 and cleans up a couple of places
where we used `timestamp - 0` to convert a TimeTicks object to
a TimeDelta.
Change-Id: I540ced876ac3e727dfdedf7b838a272cc40d6954
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1993282
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65820}
We were decoding the names of locals into a C++ data structure, and then
generated a FixedArray out of that, stored in the on-heap WasmDebugInfo.
In order to support name lookup for debugging with Liftoff, where no
WasmDebugInfo will be present, this CL refactors the C++ data structure
to allow direct lookups and stores it in the C++ DebugInfo structure.
With this CL, the names are still only used from the old
interpreter-based debugging path. A follow-up CL will then also use it
from Liftoff.
R=thibaudm@chromium.org
Bug: v8:10019
Change-Id: I1397021b5d69b9346fc26f5e83653360f428c5e7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002541
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65819}
When buildin an array boilerplate description, we currently walk the
array literal as if it had tagged pointers, and post-hoc copy it to
a FixedDoubleArray if it had double elements kind.
Now, we calculate the elements kind during the InitDepthAndFlags walk,
and if the elements kind is Double, we allocate a FixedDoubleArray to
start with, and convert the elements of the array literal directly to
unboxed doubles in the array.
Change-Id: I56561e0af2236e785498eb70cb37eddcb09a56ca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002529
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65817}
Add support for internalizing an AstValueFactory using the off-thread
factory. Includes adding ConsString support to OffThreadFactory.
This introduces a Handle union wrapper, which is used in locations that
can store a Handle or an OffThreadHandle. This is used in this patch for
the internalized "string" field of AST strings, and will be able to be
used for other similar fields in other classes (e.g. the ScopeInfo
handle in Scope, object boilerplate descriptor handles, the inferred
name handle on FunctionLiterals, etc.). It has a Factory-templated
getter which returns the appropriate handle for the factory, and a
debug-only tag to make sure the right getter is used at runtime. This
union wrapper currently decomposes implicitly to a Handle if the getter
is not called, to minimise code changes, but this implicit conversion
will likely be removed for clarity.
Bug: chromium:1011762
Change-Id: I5dd3a7bbdc483b66f5ff687e0079c545b636dc13
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1993971
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65816}
When an overall timeout is reached, swarming sends a SIGTERM to
terminate the test runner. The test runner has a signal handler on the
main process to terminate all workers gracefully.
Additionally, every worker process installs a signal handler for
terminating ongoing tests wrapped by command.Command.
Also, command.Command is used on the main process to list tests for
cctest and gtest executables, which led to overriding the test runner's
main signal handler.
This CL disables using signal handlers in commands by default and only
explicitly enables it in safe source locations.
Bug: v8:8292
Change-Id: Ifceadaff75bdd2b77e761498bccbe00b6a3e265c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002528
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65815}
Function calls can push arguments onto the stack. The consumed stack
slots are not considered by the function-entry stack check, since
initial frame setup only reserves space for local slots, not call
arguments. This CL adds such logic by tracking the maximum pushed
argument count during instruction selection, and adding these slots to
the (existing) stack check offset logic in code generation.
Bug: chromium:1030167
Change-Id: I26a9407cf38009839b1dda2ff0c8ec297c15ed8d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002540
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65814}
This reverts commits
- 63dc55568b
Add a debug v8 API SetDetachedWindowReason
- 9645810552
Introduce and emit "function calls in detached window" use counters.
- db18e49556
PPC/s390: Add a debug v8 API SetDetachedWindowReason
Note, macro-assembler-x64.cc isn't reverted b/c DCHECK_NE
is currently in a better place.
Reason for revert: No longer needed. It was intended for only 1 milestone.
Bug: chromium:1018156,chromium:1023293
Change-Id: Ic1c19e6e12bb4ac967cf8e687a77c58edc405833
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2004133
Auto-Submit: Bartek Nowierski <bartekn@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Bartek Nowierski <bartekn@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65811}
This way we don't need to generate bytecodes to push the context.
This drops the stack trace for redeclaration SyntaxErrors but keeps the
message location. This is in line with what we do for other
SyntaxErrors.
Change-Id: Id8e3cc348b4d56a8196753baf51cfd810f07512b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1997439
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65810}
The advance-by parameter can contain negative numbers, but until this
CL was treated as unsigned.
Bug: v8:10072,v8:9330
Change-Id: Ib9a9c2d47ba71fa819e89502d14871af6dfc9693
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002543
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65809}
These safepoints weren't needed and weren't even valid
(e.g. pointing to the wrong instruction). The exception are
Wasm C API functions, where we do need a safepoint (and can
work around the invalid address).
Bug: v8:10037
Change-Id: I597c33dbd542394990fbd006ba8c16ccff7e260e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002530
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65806}
... and remove a related, unused function.
Bug: v8:7790
Change-Id: I803f4b747220a1722e096ef77fcc6c8a9e18fe1a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002534
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65805}
Changes FastCheck failures to just call Unreachable (which in turn
calls DebugBreak) instead of DebugBreak and then returning to just
after the check. FastCheck is only called in release builds so this
does not affect debug builds.
This reduces the embedded instruction size from 1249720 to 1246812
(2908 bytes) for ARM.
Change-Id: If4b9b6810a53d64262a0fa9c2a1903e022748a22
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002538
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65803}
DebugBreak allows you to put break points into generated code. When
executed in gdb, the execution will stop in the generated code at the
break point.
R=clemensb@chromium.org
Change-Id: I5607d7ec45d4910412c7adff5ae9bea2c9498909
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002536
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65802}
Add missing disasm tests for vroundss and vpalignr.
Fix disasm for vinsertps and vpinsrq.
Change-Id: I0f3907761b998d27ec00435a569084724af54ae2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1990140
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65799}
Most of the implementation work has been done as part of previous
patches, this finishes it by adding a new case for LoadType, and also
adding a test. The arm and arm64 implementation is new, and wasn't
required, since the Liftoff tests (in nooptimization variants) are
skipped on arm and arm64, and hence did not fail.
Bug: v8:9909
Change-Id: I01bd86d2e46de852bc067f44c802f66ac9e9b029
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2001561
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65798}
This reverts commit 3352fcc900.
Reason for revert: Causing wasm/tier-down-to-liftoff.js to be flaky, https://crbug.com/v8/10086
Original change's description:
> [wasm] Perform NativeModule tier down in parallel.
>
> Reuse logic in {CompileNativeModule} function in module-compiler.cc:
> initialize parallel compile jobs, then wait for them to finish while
> taking part in this compilation.
>
> Bug: v8:9654
> Change-Id: I9974d9f8b516e9faec716a592c7c0ee9c7077d8e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1977041
> Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#65763}
TBR=rmcilroy@chromium.org,clemensb@chromium.org,duongn@microsoft.com
Change-Id: Ie3a0a3b2315879b6c19ef25f435fdc83c297b23b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9654
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002692
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65797}
Rename ToNumber to PlainPrimitiveToNumber since it must only be used on
primitives, as we assume that it never throws and has no side effects.
Change-Id: I78880545e58e46d38712f5ab75fe0b627ad178c5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002394
Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65796}
Port ba14c2f354
Original Commit Message:
Add kWasmS128 to the list of supported types, and implement Fill for all
the architectures so that LocalGet works.
Add a new test file to contain tests that run only on Liftoff, and
assert that the code is indeed compiled by Liftoff.
We cannot rely on the nooptimization variant for testing
because by default, if Liftoff compilation fails, it will fall back to
Turbofan, and we accidentally get a test passing.
We skip these tests on mips architecture that don't support SIMD, since
there is no way to implement these, and we don't have a "lowering" phase
for Liftoff.
As we implement more of SIMD in Liftoff, we can add more
tests to this file and ensure correctness. Future patches will introduce
support for globals and params.
R=zhin@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: I776b3d93dd4dc53641650ac30b26661e52142287
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002688
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#65792}
Without the type check, Bytecode() may read OOB. Note that this is an
internal, test-only runtime function.
Bug: chromium:1041316
Change-Id: Id9898400605719df2a294e7654cf36ddeec23af1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002395
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65790}
This extends the debug side table to track stack offsets of locals and
operand stack slots, and uses this to read spilled value from the
physical stack frame when inspecting Liftoff frames.
R=jkummerow@chromium.org
Bug: v8:10019
Change-Id: Ida7ab5256fcc1e9d408201f4eafe26919f1432a1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2000739
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65789}
Add decoding of ref.null as a valid argument for references in
TurboFan, LiftOff and the interpreter.
R=ahaas@chromium.orgR=jkummerow@chromium.org
Bug: chromium:10063
Change-Id: I1e2d9c76f616dacb3aa06f8b535543bdcdcf0783
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1991485
Commit-Queue: Emanuel Ziegler <ecmziegler@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65788}
Introduce OffThreadFactory with initial string construction support.
The OffThreadFactory shares with Factory a new CRTP base class, called
FactoryBase. Methods in FactoryBase return a FactoryHandle<Factory, T>
alias, which is Handle<T> for normal Factory and a new OffThreadHandle<T>
for OffThreadFactory. OffThreadHandle<T> behaves like Handle<T>, except
it stores the object in-line rather than needing external storage.
Any shared factory methods are moved into FactoryBase, which uses CRTP
to call the sub-class's AllocateRaw method (plus a few more customization
points which need Isolate access on the main thread).
Methods that used to take an Isolate or Factory, and are needed off the
main thread, are now expected to be templated on the factory type and
to use the appropriate handle.
Once an OffThreadFactory has finished being used (e.g. off-thread
compilation completed) its pages are "Published" into the main-thread
Heap. To deal with string internalization without creating a bunch of
ThinStrings, this is done in two stages:
1. 'FinishOffThread': The off-thread pages are walked to
collect all slots pointing to "internalized" strings. After this is
called it is invalid to allocate any more objects with the factory.
2. 'Publish': On the main thread, we transform these slots into
<Handle to holder, offset> pairs, then for each saved slot
re-internalize its string and update the slot to point to the
internalized string.
Bug: chromium:1011762
Change-Id: I008a694da3c357de34362bd86fe7e1f46b535d5e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1992434
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65787}
The DCHECKs ensured that all on-stack handles removed when the embedder
notifies V8 of an empty stack are indeed below the current stack limit.
This is brittle, as the calls that are guaranteed to have no stack
above, e.g., non-nestable tasks executing GC, sometimes have larger
stack depth then previously registered on-stack handles. Resetting the
slot to avoid UAF is not possible/needed as it is guaranteed in such
cases that the stack is indeed different from the stack that was used
when registering an on-stack handle.
This CL removes the DCHECKs and trust the embedder on such calls,
similar to when the embedder tells V8 that there's no interesting C++
stack on top of a call to avoid conservative stack scanning.
Bug: chromium:1040038
Change-Id: I2e8c77d8080f2d888f773984646998bede59e19c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2000753
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65786}
When reserving the requested virtual memory fails (due to address space
exhaustion), simply return nullptr to indicate allocation failure, which
callers must be prepared to handle anyway. That way, ClusterFuzz will
correctly classify OOM situations.
Bonus change: skip demo test on simulators to save time.
Drive-by cleanup: add a 'simulator_run' section to mjsunit.status
Bug: chromium:1042151,chromium:1042173
Change-Id: I8569f3c0d2a681fbf6f91b665dcb88a4ac3b901e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002391
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65785}
