Explicitly specify the enum base type for Flags enums generated
from Torque bitfield structs. Before, this was implicitly a signed
integer type. This caused a recent gcc compile issue with signed
and unsigned comparisons triggered by
https://chromium-review.googlesource.com/c/v8/v8/+/3251177
Bug: v8:7793
Change-Id: Iceb3c8632cfc95766b5e6ce7fae47cf5d002b9f7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3253358
Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77658}
Apply a "modulo" (i32.rem_s) operator to the array size before
allocating the array. The unbounded array allocations frequently lead to
out-of-memory crashes in the fuzzer.
R=manoskouk@chromium.org
Bug: chromium:1238063, chromium:1258319
Change-Id: Ie344f783323294c711d75b6e004ff2dca4da5923
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3256548
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77657}
Data race access to chunk_map_. The main thread can read the map
while the background thread (concurrent SP compiler) adds a new page
to the map.
Bug: v8:12054
Change-Id: Ie7c596f3d3aeb4dca9cc6f41ed16f39dcafc7871
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3256547
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77654}
Currently it is not possible to run samples on arm architecture
I faced the issue on Macbook Pro M1
Running sample codes is crucial for getting started with the project
R=tandrii@chromium.org
Bug: None
Change-Id: Ie3ed52e68d1f7193217110d43545971c714202c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3251026
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77653}
When a Promise-Reject handler throws an unhandled exception, we should
use that promise's context for reporting the exception to the runtime.
This avoids a null-pointer deref.
Fixed: chromium:1263994
Change-Id: I3792a1884af4a83991249d612caf15588ea77dad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3250912
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77652}
This CL adds a minor change to the arm/arm64 simulators to support up to
20 arguments in a C function call. This change is necessary for an
upcoming CL which adds float support to the simulator and tests with
more than 20 arguments, see
https://chromium-review.googlesource.com/c/v8/v8/+/3060486
Bug: chromium:1052746
Change-Id: I60ae603c96554525d28f1cd248d7766f86c9cc3e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3256785
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77651}
When materializing a scope object, we previously assumed that we will
not have any name collisions. This is not correct e.g. when eval
introduces an aliased local variable.
This CL resolves this wrong assumption. The test case should not crash.
It however fails as there is a bug in how debug-evaluate should resolve
variables defined in eval.
R=verwaest@chromium.org
Fixed: chromium:1240962
Bug: chromium:1264852
Change-Id: I0e41e7905589735e25eff221376d09997ea99117
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3250911
Auto-Submit: Yang Guo <yangguo@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77649}
After https://crrev.com/c/3247035 compilation with gcc may fail
with the following error:
```
error: comparison between 'enum v8::internal::
compiler::BitsetType::<unnamed>' and 'enum v8::internal::
TurbofanTypeBits::Flag'
```
Change-Id: I5edf28e335483be66ae46e4359e0a4dc83341adf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3255303
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#77647}
Since early regexp errors were implemented in
crrev.com/a56874d3eb5cff9f8f04f899ac45d0d2ef88ab4d, the JS parser
calls into the regexp parser to validate the regexp literal syntax.
For these calls, the JS parser passes its Zone to the regexp parser.
This means that scripts with multiple regexp literals are all parsed
using the same Zone memory. Very large scripts with many (think
hundreds of thousands) regexp literals may thus run out of memory
whereas previously they would parse and run successfully.
This CL fixes the OOMs by resetting the state of the JS parser Zone
around regexp parser calls. We introduce a new ZoneScope class,
similar to HandleScope, which controls the lifetime of zone objects
allocated within its scope. In other words:
{
ZoneScope zone_scope(zone); // Store zone state S.
// ... Allocate objects O in zone.
// zone is now in state S'.
}
// zone_scope goes out of scope, reset zone to state S. Objects O
// are freed and no longer usable.
Fixed: chromium:1264014
Bug: v8:896
Change-Id: I3e7ac36f25a9d6c4eda2460bd1bea9814685e89b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3256783
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77646}
In stress runs a GC may kick in before assertOptimized() is called
on the optimized function, causing it to deoptimize and the test
would fail even if the function is optimized as expected.
Adding --no-stress-flush-code --no-flush-bytecode fixes the timing
issue.
Bug: v8:12332
Change-Id: If43c2a06e84c0e3b5e21f7bde160340a0fc742f4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3237326
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Cr-Commit-Position: refs/heads/main@{#77645}
Fixes `buildifier` warning, since the alias has the same name
as the icu/noicu/d8 targets.
The alias was used in the CI bot, but this is no longer the case.
No-Try: true
Change-Id: Ie8e9b6b2d8510c78982ed4c6845b51a4d4378106
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3253356
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77644}
This patch refactors the ClassFields benchmarks and makes the results
detection work properly. Previously the errors weren't caught since
the ClassFields benchmarks don't get run in the perf_integration
step in the CI.
- Instead of putting different configs (single/multiple fields, type
of fields, etc.)in the JSON configuration, we now group the related
benchmarks into the same script and run the different configurations
in the scripts directly. Only the optimization status is now
controlled in JSON. All the class fields definition benchmarks are
merged into initialize-class.js.
- Update the number of local iterations of evaluate-class.js to 100
(similar to most of other benchmarks) to keep the time spent on
this benchmark similar to that of other benchmarks.
In addition, copy the configs to JSTests3 so that the benchmarks gets
run by the perf_integration step and we can see the graphs on
http://chromeperf.appspot.com/report. These can be removed
when the ClassFields benchmark results are generated there too.
Bug: v8:10793, v8:9888
Change-Id: I4e677bdc7b582650f39cf6e9ec02775c57fd04ab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3226550
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77640}
Design doc: https://bit.ly/3jEVgzz
Summary:
We change the context for WasmJSFunction and WasmCapiFunction from a
tuple containing the instance to a triple WasmAPIFunctionRef =
{isolate root, context, callable}. This way we do not have to maintain
the correct instance at runtime. Also, a few places in the code get
simplified.
Changes:
- In WasmGraphBuilder, support having a WasmAPIFunctionRef at parameter
0.
- Remove unpacking of (instance, callable) tuple from code generators.
- Remove the part in WasmGraphBuilder and LiftoffCompiler that used to
set the instance field of the function reference.
- Modify code that handles the 'ref' field in wasm-objects.*, factory.*
and c-api.cc.
- Fix the recorded safepoint address for arm when calling a C function
from wasm.
- (Drive-by) Remove WasmAllocatePair.
Bug: v8:11510
Change-Id: I2a4ef3abaf9da36c4a2d85b434965a40a289b9ec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3236719
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77639}
Rolling v8/build: d552bed..1eb779c
Rolling v8/buildtools/linux64: git_revision:f847b5744a81d23b96de3f2e56ce0398f550bd0e..git_revision:8926696a4186279489cc2b8d768533e61bba73d7
Rolling v8/third_party/aemu-linux-x64: oGlyr7Yd3bVAIOk9ix9USsqpL5HzLbxt5CyB54MmvJ4C..hys6gk1KOHMz9nURGWen255HiLIaVd3e4eZfa-w6l7oC
Rolling v8/third_party/android_ndk: https://chromium.googlesource.com/android_ndk/+log/401019b..9644104
Rolling v8/third_party/android_sdk/public: n7svc8KYah-i4s8zwkVa85SI3_H0WFOniP0mpwNdFO0C..Yw53980aNNn0n9l58lN7u0wSVmxlY0OM1zFnGDQeJs4C
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/f10f06d..2c76b34
Rolling v8/third_party/depot_tools: 0f5bd4f..aebf624
Rolling v8/tools/clang: 729a6d1..21baac0
Rolling v8/tools/luci-go: git_revision:d1c03082ecda0148d8096f1fd8bf5491eafc7323..git_revision:68355732afb00a422ae0c70eed95c6a45f9868b1
Rolling v8/tools/luci-go: git_revision:d1c03082ecda0148d8096f1fd8bf5491eafc7323..git_revision:68355732afb00a422ae0c70eed95c6a45f9868b1
Rolling v8/tools/luci-go: git_revision:d1c03082ecda0148d8096f1fd8bf5491eafc7323..git_revision:68355732afb00a422ae0c70eed95c6a45f9868b1
TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com
Change-Id: If41da8684b30379acac77bba4b7a6ac0f8d8a213
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3256764
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#77637}
Port commit 7a93bd647c
Port commit afd1554963
Change-Id: I7b5d59d448d210d80ee656d81c8134c780586296
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3256981
Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#77636}
Port e127f58410
Change-Id: Id0eb9205c3e94cb504340110ff6a42bc94a80cc1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3251133
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#77634}
Port commit afd1554963
Since V8 heap sandbox requires pointer compression, which is not
implemented on mips64 and loong64 ports, so I just fix the build
issue in this CL.
Change-Id: Ie8f9d070c6149d85c2c870e882199ede2ebfe317
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3255207
Auto-Submit: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Liu yu <liuyu@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/main@{#77633}
Drive-by:
* don't create proto handlers for DefineOwnIC and StoreOwnIC,
* make sure that none of the DefineOwnIC and StoreOwnIC handlers are
leaked into StoreIC's megamorphic stub cache.
Bug: v8:9888, chromium:1259950
Change-Id: I9db538e6ed14bc578aa80df037ffebd9e8c3c649
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3250641
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77632}
This reverts commit 35a6eeecfa.
Reason for revert: TSAN failures like https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN/39084/overview
Original change's description:
> [off-thread] Allow off-thread top-level IIFE finalization
>
> Allow off-thread finalization for parallel compile tasks (i.e. for top-
> level IIFEs).
>
> This allows us to merge the code paths in BackgroundCompileTask, and
> re-enable the compiler dispatcher tests under the off-thread
> finalization flag. Indeed, we can simplify further and get rid of that
> flag entirely (it has been on-by-default for several releases now).
>
> Change-Id: I54f361997d651667fa813ec09790a6aab4d26774
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3226780
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#77615}
Change-Id: I6752470eebd594bad92c7cf4e58dbe5bac53598c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3255667
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Owners-Override: Shu-yu Guo <syg@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#77631}
Port 7a93bd647c
Original Commit Message:
Temporarily behind a new flag: --new-wasm-dynamic-tiering
The plan is to merge this into the existing --wasm-dynamic-tiering
flag once it's been confirmed to be generally beneficial.
R=jkummerow@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N
Change-Id: I1ba28b60e628dc2ded33b267be62debcf1b03099
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3250936
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#77628}
Rolling v8/build: 40d725c..d552bed
Rolling v8/buildtools/linux64: git_revision:79c6c1b1a24c46df5a773cc61604bb5051ca6cf4..git_revision:f847b5744a81d23b96de3f2e56ce0398f550bd0e
Rolling v8/buildtools/third_party/libc++abi/trunk: 1876d99..4c6e099
Rolling v8/third_party/aemu-linux-x64: ed-NOx1j5-wX3SbRi_OHyHn-6tFz33VbLDCFga8JWFwC..oGlyr7Yd3bVAIOk9ix9USsqpL5HzLbxt5CyB54MmvJ4C
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/819f08f..f10f06d
Rolling v8/third_party/depot_tools: b3a1a79..0f5bd4f
Rolling v8/tools/clang: f827083..729a6d1TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com
Change-Id: I741a993592d2c6d3d68ae201915f1398b1a77fd2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3253923
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#77626}
There is a bit of a contradictory register requirement in the
instruction selector for i64x2.mul. We want dst == lhs (when AVX not
supported), but we also want lhs and rhs to be unique (to ensure that
that they don't alias the temp).
We remove the requirement for dst == lhs, since the code gen can handle
both cases (dst == lhs, dst != lhs), at the expense of 1 movaps.
Bug: chromium:1264462
Change-Id: Ia48572412b1f6e0da3551880d8b68a03f42fe2a3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3253661
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77625}
Port afd1554963
Original Commit Message:
A CagedPointer is guaranteed to point into the Virtual Memory Cage and
will for example be used for ArrayBuffer backing stores when the heap
sandbox is enabled. In the current implementation, CagedPointers are
stored as offsets from the cage base, shifted to the left. Because the
cage base address is usually available in a register, accessing a
CagedPointer is very efficient, requiring only an additional shift and
add operation.
R=saelo@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N
Change-Id: I6d5b9da23f35b60dffecb5fc5acb9c7fa362df14
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3250935
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#77624}
Trait requires methods taking `const void*` as they are passed along
as regular TraceCallback.
Bug: v8:12165
Change-Id: Ic5cfb8dba070e5a2c0087069086c925c5318fb8b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3253354
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77623}
Temporarily behind a new flag: --new-wasm-dynamic-tiering
The plan is to merge this into the existing --wasm-dynamic-tiering
flag once it's been confirmed to be generally beneficial.
Bug: v8:12281
Change-Id: I191d03170f8d5360073a45fea170f432074f7534
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3247632
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77620}
The trait is expected to return a nullptr for the base address. This
is required for ephemeron tracing to trigger eagerly tracing a value.
This will be required when Blink uses a type alias to TracedReference.
Bug: v8:12165
Change-Id: Ibe142eaff41616c9de6ae0db9878f8489a5e4142
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3253345
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77619}
Port the CompilerDispatcher to use the Jobs API, instead of its own
hand-rolled worker management.
This required some re-thinking of how testing is handled, since the
tests want to be able to
a) Defer calls to PostTask/Job, to actuall post the jobs later. This
was easy enough with PostTask, since we could simply store the task
in a list and no-op, but PostJob has to return a JobHandle. The
tests now have a DelayedJobHandleWrapper, which defers all method
calls on itself, and because of all the unique_ptrs, there's also
now a SharedJobHandleWrapper.
b) Wait until tasks/jobs complete. Returning from a Task meant that
the task had completed, but this isn't necessarily the case with
JobTasks; e.g. a job might be asked to yield. This patch hacks
around this by Posting and Joining a non-owning copy of the
requested JobTask, and then re-posting it once Join returns.
Change-Id: If867b4122af52758ffabcfb78a6701f0f95d896d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2563664
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77618}
The time spent by the parallel scavengers running on the main thread
was being added twice to the SCAVENGER_SCAVENGE_PARALLEL scope.
Change-Id: I358b28cbf56f554d04e3da927182a7c1a7568dad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3253341
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77617}
This CL fixes an error when generating code for a fast API function
that has no fallback case, but can still fallback to the slow call
due to e.g. argument mismatch in the overloads. It also adds cctest
for overloading between TypedArray and JSArray.
Bug: chromium:1052746
Change-Id: Iee09d942cba85bed84a764bc53e98c3e36312c8d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3244421
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77616}
Allow off-thread finalization for parallel compile tasks (i.e. for top-
level IIFEs).
This allows us to merge the code paths in BackgroundCompileTask, and
re-enable the compiler dispatcher tests under the off-thread
finalization flag. Indeed, we can simplify further and get rid of that
flag entirely (it has been on-by-default for several releases now).
Change-Id: I54f361997d651667fa813ec09790a6aab4d26774
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3226780
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77615}
A CagedPointer is guaranteed to point into the Virtual Memory Cage and
will for example be used for ArrayBuffer backing stores when the heap
sandbox is enabled. In the current implementation, CagedPointers are
stored as offsets from the cage base, shifted to the left. Because the
cage base address is usually available in a register, accessing a
CagedPointer is very efficient, requiring only an additional shift and
add operation.
Bug: chromium:1218005
Change-Id: Ifc8c088e3862400672051a8c52840514dee2911f
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3123417
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77614}
This is done in a separate runtime function call for now, so that we can
update the limit under the ExecutionAcess lock.
Also set the thread-in-wasm flag before calling the wasm function.
R=ahaas@chromium.org
CC=fgm@chromium.org
Bug: v8:12191
Change-Id: I914856bc261fa0f75e93620bc6597bd28bec0695
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3250902
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77613}