The `rep` field of ComparisonOp and EqualOp should be used to know
what is the representation of the things that are being compared,
rather than the output representation: the latter should always be
Word32.
Fixed: chromium:1395737
Bug: v8:12783
Change-Id: I01d29dd598da57bab3410f4b59e407e89871f207
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4079223
Auto-Submit: Darius Mercadier <dmercadier@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84638}
This refactors how we generate any decoding errors during streaming
compilation: Instead of generating an error message, we only remember
that decoding failed. After all bytes have been received, we then
synchronously re-validate the bytes. This ensures consistent error
messages between all decoding and compilation pipelines.
In order to achieve this, we now unconditionally store the full wire
bytes in the {StreamingDecoder}. This partially overlaps with the
section buffers that we already store, but we cannot continue filling
section buffers after a decoder error. This will be cleaned up in a
follow-up CL.
We can also remove most of the buffer-offset tracking, which will also
be done in a follow-up.
R=ahaas@chromium.org
Bug: v8:13447
Change-Id: I1d506356de6a0070c3bf2b26470dbf781f4f62e3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4066922
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84636}
The chromium-side histogram is being deprecated in
https://crrev.com/c/4076250.
This CL removes the v8-side counter together with the `kAfterBaseline`
sampling mode.
R=ahaas@chromium.org
Bug: v8:12852
Change-Id: If7960824264dfc7e99e0c5c436de1dca90fbce4a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4076167
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84635}
When stopping incremental marking in IncrementalMarking::Stop we can't
blindly reset is_marking_flag_ for worker isolates as incremental
marking in the shared heap might be running at that point.
Since we are already here add a isolate() accessor to
IncrementalMarking.
Bug: v8:13267
Change-Id: Icb63306eef820577d59c6ca833429c1be00d294c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4061322
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84634}
... which is an alias for __attribute__((const)) when it's available.
Bug: v8:7703
Change-Id: Ic585f48bc764ccf0c920ff82ba788cf1e88e0cdd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4076525
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84633}
This reverts commit bb288ea342.
Reason for revert: Failing on linux debug and TSAN run
- https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20-%20debug%20-%20single%20generation/7820/overview
- https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20isolates/22912/overview
Original change's description:
> [strings] Don't try to record/update invalidated slots in shared space
>
> Strings in shared space are always direct (i.e. they don't contain
> pointers) and therefore cannot have any recorded slots.
>
> Drive-by: DCHECK no slots are recorded in shared space.
>
> Bug: chromium:1394741
> Change-Id: If1ef04d2fadcc14f552f69e99dc109d883e975c9
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4075908
> Commit-Queue: Patrick Thier <pthier@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#84630}
Bug: chromium:1394741
Change-Id: I938dcac9cb5c9154ec9a3c5504b29f3208e3e369
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4079145
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Owners-Override: Nico Hartmann <nicohartmann@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#84632}
The safepoint is already initiated by the HeapObjectIterator. In
addition the CombinedHeapObjectIterator wasn't updated for the shared
heap and always used an IsolateSafepointScope which didn't match the
global safepoint initiated by HeapObjectIterator.
Simplify this by relying on the safepoint scope in HeapObjectIterator.
This CL also moves the verification that all client isolates are
fully deserialized into the GC.
Bug: v8:13267
Change-Id: I59eff66a38fd8ecd8e90f68e6ed5abc5d2d4cec9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4076332
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84631}
Strings in shared space are always direct (i.e. they don't contain
pointers) and therefore cannot have any recorded slots.
Drive-by: DCHECK no slots are recorded in shared space.
Bug: chromium:1394741
Change-Id: If1ef04d2fadcc14f552f69e99dc109d883e975c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4075908
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84630}
This reverts commit 347142f647.
Reason for revert: <There is a bug for onclick event.>
Original change's description:
> [turbolizer] Show basic block id in schedule phase
>
> In the schedule phase of turbolizer, there is only RPO number was
> shown, when we want to debug Builtin PGO or other modules, we
> would like to see the block id instead of RPO number.
>
> this CL add the support for displaying basic block id for schedule
> phase in turbolizer.
>
> Change-Id: I7a71f259230564400b683d598f68b6d064f1eb4d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4068103
> Commit-Queue: Wenqin Yang <wenqin.yang@intel.com>
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#84625}
Change-Id: If6b3674e7bc333be7d323714e3d2ca5327826892
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4078511
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84629}
1) When transferring ArrayBuffers, retain resizability
2) Fix transmitting TypedArray flags; we cannot set the flags after
TypedArray creation, since the map would then be wrong.
Bug: v8:11111
Change-Id: Ic2fa3e6a4db1cb82a3751d2b114353fb477a54c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4064463
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84628}
This is a reland of commit af3678d122
Original change's description:
> [riscv] Add tracepoint instructions to help simulator debug
>
> Change-Id: I92f2c8600ab6ff2be3c0566f8dd5602cb47252cb
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4050059
> Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
> Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
> Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
> Cr-Commit-Position: refs/heads/main@{#84441}
Change-Id: If021236afa7f890123f95716e6ed622617b91b07
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4074457
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#84627}
In the schedule phase of turbolizer, there is only RPO number was
shown, when we want to debug Builtin PGO or other modules, we
would like to see the block id instead of RPO number.
this CL add the support for displaying basic block id for schedule
phase in turbolizer.
Change-Id: I7a71f259230564400b683d598f68b6d064f1eb4d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4068103
Commit-Queue: Wenqin Yang <wenqin.yang@intel.com>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84625}
The --shared-space flag introduces incremental marking in the shared
heap, this forces us to also emit write barriers for stores into
shared objects.
Bug: v8:13267
Change-Id: I835c3050381cef84e96384fd69a3a77ee588679f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4061356
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84622}
This differs from the patch that landed in so far as the libm target
is only defined if v8_use_libm_trig_functions is defined. Doing this
ensures building the 'all' target only builds libm is appropriate.
You can diff between patchset 1 and 2 to see the change.
This is controlled by a gn arg, which defaults to true for clang
builds. I'm limiting to clang builds as the macros for determining
endian type are currently clang specific. My understanding is that
chrome only uses clang. I can update the endian macros if necessary
for other targets.
Bug=v8:13477
Change-Id: I59cd450facc9fcb8987fe56e8cfc1c13522e1f6d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4070924
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Auto-Submit: Scott Violet <sky@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84620}
MinorMC's parallel marker was mistakenly using CppMarkingState for the
mutator thread, which caused tsan reports due to pushing into the same
WorkList::Local.
Bug: v8:13475
Change-Id: I640ee23ff643a40910a73eab986795710cec1393
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4076445
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84618}
When invoking RememberedSet::CheckNoneInRange the end address is
exclusive, which means a slot might be recorded at that this address.
Bug: v8:13267, chromium:1395311
Change-Id: I20c23a69530b2c9b10c6213036145c4dcfb206a1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4075526
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84617}
Rename the vreg allocation to "SetValueLocationConstraints", which is a
more accurate description of what it does. Also, remove the actual vreg
state, since we don't care about unallocated operand vregs (ValueNodes
act as their own vreg).
This allows us to remove a post-processing pass which sets input
constraints for Phi nodes, which previously couldn't do so in the foward
pass due to loop Phis' back-edge inputs not having a vreg yet.
Bug: v8:7700
Change-Id: I24e75f0f600aa5fbd2169a189c0863e4153f3439
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4075529
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84615}
In a local debugging session, it happened to be be in frame 8, so was
slighly missed. Looking through the first 10 frames instead of 7 should
not hurt anyone but fixes that problem.
My stack trace:
#0 __pthread_kill_implementation
#1 __pthread_kill_internal
#2 __GI___pthread_kill
#3 ??
#4 __GI_abort
#5 v8::base::OS::Abort
#6 V8_Fatal
#7 v8::base::(anonymous namespace)::DefaultDcheckHandler
#8 V8_Dcheck
R=leszeks@chromium.org
No-Try: true
Change-Id: I6d8bfb482fe4c926a8ecfad8757286618a98f2c3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4061894
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84613}
The {async_counters_} field is not used, so we should remove it.
R=ahaas@chromium.org
Bug: v8:13447
Change-Id: I55c335b65f0ab12f8ccc4969741908cb33e1fa8b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4067024
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84612}
As Wasm module can live longer than the isolate that initially created
them, it generally makes sense to use the WasmEngine's accounting
allocator for the decoded WasmModule.
Instead of passing that allocator through many functions, we can just
get it directly from the one global WasmEngine when we need it.
R=ahaas@chromium.org
Change-Id: I552f8e19072f2305a3186b821c2f5b3969eac83f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4071464
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84611}
The reasoning around EnsureTagged using known node aspects in merges was
previously broken. Consider the following case:
1. We have a Smi-feedback logical right shift.
2. We emit Int32ShiftRightLogical followed by CheckUint32IsSmi, and we
now know this is a Smi, so we record it in known_node_aspects.
3. We EnsureTagged the Int32ShiftRightLogical value in a merge, when
mergin it with another value.
4. EnsureTagged inserts UnsafeSmiTag (because the shift is a known
Smi), but inserts it _between_ the Int32ShiftRightLogical and
CheckUint32IsSmi.
5. During execution, we get a non-Smi value out of
Int32ShiftRightLogical. The "assert in Smi range" check in
UnsafeSmiTag fails.
In short, this is because we insert the conversion node immediately
after the value node, but th known_node_aspects is, at this point,
reasoning about known aspects later than this.
This patch fixes this by changing the logic around tagging entirely --
instead of EnsureTagged inserting the conversion immediately after the
node, it inserts it at the end of the predecessor requiring the
conversion.
This would mean that the conversion is emitted at the end of _every_
predecessor to the merge; we try to avoid this by additionally storing a
per-predecessor cache of the known_node_aspects at that predecessor's
control node, in particular storing whether there are any existing
tagged alternatives. This cache is checked when creating the Phi,
otherwise we continue using the untagged value. We'll be able to re-use
this cache for non-tagged Phis in the future.
A drive-by is that a bunch of code moves from the
maglev-interpreter-frame-state header to the .cc file -- this is to
avoid cyclical dependencies on between that header and the BasicBlock
one (which we now need for the append of the conversion node).
Bug: v8:7700
Change-Id: Ie441a8c7bd14a14dde8b12f91578f2dc713c4e33
Fixed: chromium:1393232
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4055116
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84610}
- Adds code gen prologue
- Adds a few essential nodes in arm64
- Shares a few non-arch dependent nodes w/ x64
- Shares deferred code handling, deopting and vreg helpers w/ x64
Caveats:
- Deopts don't work, since CallForDeoptimization in arm64 uses a
different mechanism (not yet implemented).
- ParallelMoveResolver and ExceptionHandlerTrampolineBuilder uses
singles push/pop mechanism, which is not arm64 friendly. We add
a padding for each push/pop at the moment.
Bug: v8:7700
Change-Id: I2896f3cd272fc47d7bd9059c8cc8948221b3b932
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4069708
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84607}
Rolling v8/build: 73d7c51..961774e
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/1d3369c..550c7af
Rolling v8/third_party/depot_tools: 391cc61..c4044d4
Rolling v8/third_party/fuchsia-sdk/sdk: version:10.20221130.0.1..version:10.20221201.2.1
Rolling v8/tools/clang: 1b8faee..83f8830
Rolling v8/tools/luci-go: git_revision:7a04ca7c0fd3e73cc09c817542a74d947e68b8c9..git_revision:4814885a05fd7cc925933f614dc6fcc58bc83e4b
Rolling v8/tools/luci-go: git_revision:7a04ca7c0fd3e73cc09c817542a74d947e68b8c9..git_revision:4814885a05fd7cc925933f614dc6fcc58bc83e4b
Change-Id: I33712632cec3bfaf416e4e8cf0b2ca08a65fb1e2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4075044
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#84606}
This is a reland of commit 48a6193e67.
PS2 fixes the use-after-free by using the WasmEngine's allocator instead
of the Isolate's. The module can live longer than the isolate, so on
module destruction we would otherwise potentially access an already
deleted allocator.
Original change's description:
> [wasm] Remove StartDecoding method
>
> Move it into the constructor instead, to simplify the API.
>
> R=ahaas@chromium.org
>
> Bug: v8:13447
> Change-Id: I563a409c57c3cfdd91998c7c459f4e099211ccf7
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4062042
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#84589}
Bug: v8:13447
Change-Id: I33c3c641ab6de6b6e30365fe967a579469039740
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4070264
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84604}
This is split out from
https://chromium-review.googlesource.com/c/v8/v8/+/3963708, and
implements only the change to using a dispatcher code stub for different
object types in GetOwnPropertyDescriptor, which returns a
PropertyDescriptor struct, and converts the descriptor into a JSObject
in the final step of Reflect.getOwnPropertyDescriptor or
Object.getOwnPropertyDescriptor.
This does not include the path in the dispatcher for Proxy objects, and
thus Proxy objects are still handled in the runtime.
Change-Id: I3960615aa0941d02d32717ccea291f6b63ae180e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4024866
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84602}
... to match new encoding of the forwarding pointers.
Bug: v8:11880, chromium:1393256
Change-Id: I8bc8183c22ef8933c02470d5c8ed77cf83489e0f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4069706
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84601}
In case of nested GCs, NotifyFullSweepingCompleted will first notify
that the nested young cycle is finished, which in turn will check
whether we need stop the full cycle as well.
After returning from NotifyYoungSweepingCompleted,
NotifyFullSweepingCompleted tries to stop the full cycle again, which
triggers the DCHECK that the current cycle is in a sweeping state.
Bug: v8:12612
Change-Id: I659038c04533b71bbc379cd51d22441e44e96021
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4069707
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Auto-Submit: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84600}
A gn build with no specified targets builds all visible targets. The
postmortem-metadata action is visible, but its output is only needed
if v8_postmortem_support is enabled, hence we now guard the whole
action by the flag.
Depends on https://crrev.com/c/4064686
Bug: chromium:1394626
Change-Id: I8444021cfe253cedee5c1578c733a3ad973726db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4061865
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84599}
Adds new `br_on_cast <branch depth> <heap type>` instruction
with opcode 0xfb42.
The instruction does not branch on null.
The heap type may be any concreate heap type index or an abstract
type like `(ref null eq)`.
Bug: v8:7748
Change-Id: Id1d238645c176b32b568249d67fa28517b435ad4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4069559
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84598}
This CL fixed missing instance type checks for constant shift
amounts and corrected the use info for the lhs.
Bug: chromium:1393865, v8:9407
Change-Id: Id6e65f4e26a0436960b12196f29663429876398b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4061075
Commit-Queue: Qifan Pan <panq@google.com>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84596}
This is a reland of commit 3a946583e2
The issue was in a Chromium test which was fixed here:
https://crrev.com/c/4061562
Original change's description:
> [sparkplug] Enable concurrent Sparkplug on desktop
>
> Bug: v8:12054
> Change-Id: Iffeedc6d33483d86d95169aaf45c214e32c8bc83
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4061312
> Auto-Submit: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#84531}
Bug: v8:12054
Change-Id: I77399aca2945a4a0f64a533ca72b1d629c591f96
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4064462
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84595}
An {OwnedVector} that was moved or assigned to another {OwnedVector} was
left in an inconsistent state: {data_} was null, but {length_} was
non-zero.
This CL changes that to leave the moved-from vector in a valid (empty)
state, similar to what the {std::vector} move constructor and assignment
does.
R=mlippautz@chromium.org
Change-Id: I59b543b2cea4bc0e066b7817cee1de6b2b8a7735
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4062089
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84594}
When importing a WasmExportedFunction into a module, we checked that
its type is equivalent with the declared type of the import. Instead,
we should check that the imported function has an isorecursive subtype
of the declared type.
Change-Id: I2a5f68d4c4c8c65a0eed5b82e8e825affb832cfe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4061732
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84593}
