Do not leak handles to the outer scopes from inspector methods.
Add `SealHandleScope`s to the tests and the d8 binding, and
`HandleScope`s in the places in the inspector source where
handles are actually used.
Change-Id: I80b1bb0ccc4778b32e9198513f63d5c0652c8f59
Reviewed-on: https://chromium-review.googlesource.com/c/1484304
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59812}
This fixes an early handle dereference before a potential allocation
in ReplacementStringBuilder.
Bug: chromium:935101
Change-Id: I03cf2b18b577a38af818dcc42f7c430faba23450
Reviewed-on: https://chromium-review.googlesource.com/c/1485831
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59811}
This read can cause a guard page violation on Windows, where the sp is
sometimes incorrect and points far into the future stack space.
Bug: v8:8883, v8:5193
Change-Id: I55c1fcac873a9c43484a5d1c3f2661f3589b1daf
Reviewed-on: https://chromium-review.googlesource.com/c/1480378
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59810}
When using a shared WebAssembly.Memory, always try to reserve up to the
maximum to avoid having to move the buffer. If after multiple retries
it is not possible to reserve the maximum, fall back to initial size
reservation.
- Add new methods to allocate a Shared WebAssemblyMemory.buffer
- Use these to reserve upto the mazimum for a Shared WebAssembly.Memory
- Cleanup js-api so actual allocation is done inside the constructor
BUG: v8:8564
Change-Id: I97815c7c94a2b84416cd867fb23b3c815d7f0f12
Reviewed-on: https://chromium-review.googlesource.com/c/1480910
Reviewed-by: Ben Smith <binji@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59805}
Implement the ReturnCall functionality for the interpreter.
Note that some tests have had to be deferred to the implementation
of ReturnCall for TurboFan.
Bug: v8:7431
Change-Id: I091528e72f9113ddf1929bd1a5650b490bc8cc0c
Reviewed-on: https://chromium-review.googlesource.com/c/1467343
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Francis McCabe <fgm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59803}
This fixes a corner case where the main thread has items in the local
segments but the global pool is empty. In such case concurrent marking
tasks are not posted and marking is performed on the main thread.
Bug: chromium:934453
Change-Id: Ic34cd4ecb59b848021d8d8b086904b415669f5e6
Reviewed-on: https://chromium-review.googlesource.com/c/1482739
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59802}
This is to get better handle on improvements and regressions.
Bug: v8:8361, chromium:930680
Change-Id: I2963b55f3480036ada885267a277a95d24a67656
Reviewed-on: https://chromium-review.googlesource.com/c/1482737
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59800}
This now makes it so TurboFan now uses full pointer loads for arguments values
located on stack.
Bug: v8:8876, v8:7703
Change-Id: Ib82d6f3b0f4c8d33669c7f86ce803381d210c019
Reviewed-on: https://chromium-review.googlesource.com/c/1480382
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59798}
... which will work for 32-bit kTaggedSize but we are not there yet.
Bug: v8:7703
Change-Id: Iaceb126ba316f37532221597cbd4f7e85ceb4fb9
Reviewed-on: https://chromium-review.googlesource.com/c/1482917
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59797}
Port b0b1ba9add
Original Commit Message:
This CL changes the secondary stack check for WebAssembly functions
with big stack frames in the code generator from calling a runtime
function to calling a code stub. The runtime function caused problems
with serialization.
R=ahaas@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: Ie2175eedb043304405fd271c3bf1337dac76ab49
Reviewed-on: https://chromium-review.googlesource.com/c/1483210
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#59796}
Also cleans up the code slightly.
Change-Id: I9d1e7305f69e5f746833ed7985a320023fc90f2e
Reviewed-on: https://chromium-review.googlesource.com/c/1477744
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59795}
All HeapObjects already have roots access so this was redundant and
made ComputeAndSetHash difficult to use.
Eventually we need to get rid of the Isolate version of HashSeed,
but this will touch a lot of files, so leaving it for now.
Bug: v8:8562
Change-Id: I27d8fe10df72494d0a2146f408a2158cf02ce226
Reviewed-on: https://chromium-review.googlesource.com/c/1481630
Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59792}
This CL changes the secondary stack check for WebAssembly functions
with big stack frames in the code generator from calling a runtime
function to calling a code stub. The runtime function caused problems
with serialization.
R=mstarzinger@chromium.orgCC=bbudge@chromium.org
Bug: v8:8882
Change-Id: Iab4a1a8af233726d322722d87433f0cb33e60ac3
Reviewed-on: https://chromium-review.googlesource.com/c/1480375
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59790}
Move FRAME_SUMMARY_FIELD undef to after its define.
Bug: v8:8834
Change-Id: I431b3b8fd3de9589c10364178fd00882d74f19bc
Reviewed-on: https://chromium-review.googlesource.com/c/1480389
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59788}
A compiler may not implicitly cast the output of first->spill_type() to an integer, adding a cast to fix the problem
Change-Id: Ic4e779d447fba9d040b81ee315327b631dfd6ad3
Reviewed-on: https://chromium-review.googlesource.com/c/1480913
Reviewed-by: Stephan Herhut <herhut@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59786}
When Assembler::nop is in the header, it is considered an inline
function. With GN arg is_component_build=true, the V8_EXPORT_PRIVATE
mark on the class causes it to be exported every time the header is
included. This, in turn, produces a reference to
Register::XRegFromCode.
Register::XRegFromCode is only ever defined as an inlined function, so
that reference is never fulfilled.
Clang can avoid this using the /Fc:dllexportInlines- flag to suppress
the export of Assembler::nop and so avoid generating the reference to
Register::XRegFromCode.
MSVC does not support this flag, so this change suppresses the export
by moving Assembler::nop's definition to the .cc file. This also allows
it to use the inline definition of Register::XRegFromCode.
Bug: v8:8870
Change-Id: I1cd33195677256c9dd06c7047fe84e1b912d3151
Reviewed-on: https://chromium-review.googlesource.com/c/1478216
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59785}
Recent changes to luci/client-py contain functionality improvement/fixes to
swarming.py. This is needed by v8 recipes to dispatch swarming tasks.
Bug: chromium:934482
Change-Id: Icdbf213918f10d5bc67d6ce078179e95888281e5
Reviewed-on: https://chromium-review.googlesource.com/c/1480920
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Erik Chen <erikchen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59784}
Windows ARM64 does cross build for V8 and runs snapshot tool on build host
under simulator. Simulator is built with LLP64 data model so 0xFFFFL is 32-bit
long by default. It causes problem for the expression "0xFFFFL << shift" when
shift is 32, which actually does nothing on x64 because 0xFFFFL is only 32-bit.
The issue happens for instruction "movk rd, NUM lsl 32" which is simulated in
Simulator::VisitMoveWideImmediate. "0xFFFL << shift" acts as mask to clear bits
32-47 of the orignal value in rd. Under LLP64, the mask happens unexpectedly to
the lowest 16 bits of rd register and corrupts the result of rd. Specify 0xFFFFL
as 64 bit as 0xFFFFLL fixes this problem.
Bug: chromium:893460
Change-Id: Ibd911ce595e83637432a3e1f79a9bf28fcbe09f6
Reviewed-on: https://chromium-review.googlesource.com/c/1475330
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59778}
This should recover the regression from constant field tracking
in Speedometer/angular.
Bug: chromium:930680
Change-Id: I9ccbcbdaf11556596ed5df5c08829b7ae329cab7
Reviewed-on: https://chromium-review.googlesource.com/c/1480383
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59775}
With 32-bit kTaggedSize string data address may not be kSystemPointerSize
aligned.
Bug: v8:7703
Change-Id: I243e6844bed62d96f8b07328fffe23e83512e8e5
Reviewed-on: https://chromium-review.googlesource.com/c/1481217
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59772}
This adds special prining for the different spill kinds.
Change-Id: Ib03da8e46b98c62b83c686ee90ae24c9052ddb39
Reviewed-on: https://chromium-review.googlesource.com/c/1477743
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59771}
With 32-bit kTaggedSize small strings may be not externalizable.
Bug: v8:7703
Change-Id: I34002568214742dadb2358fca97dfb4b92a5342a
Reviewed-on: https://chromium-review.googlesource.com/c/1480373
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59770}
It's only used in tests, and for some reason v8 refers to a macro defined
in src.git, so I need to remove this in v8 first before I can remove it
in Chromium.
Bug: chromium:934255
Change-Id: I31ea32aa43cf7a5f518def7b91dce99dcb268709
Reviewed-on: https://chromium-review.googlesource.com/c/1480911
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Nico Weber <thakis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59769}
Port adb7e37b28
Original Commit Message:
In the Crankshaft days we (mis)used the Representation to also express
the various internal representations that the compiler understands. But
with TurboFan we now have proper MachineRepresentation and MachineType,
which do that independently. So there's no need to have this in the
Representation class anymore, and instead the Representation class only
needs to deal with the field representations.
R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: Ie3c8062786d5fd42872e22be01cea45d719ea0a4
Reviewed-on: https://chromium-review.googlesource.com/c/1479972
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#59767}
This makes the asm.js validator reject source with trailing expressions
after the module exporting return statement. Most of the time trailing
statements would not affect semantics, since they are unreachable. In
some cases we might hide an expected ReferenceError tough.
R=leszeks@chromium.org
TEST=mjsunit/regress/regress-crbug-934138
BUG=chromium:934138
Change-Id: I790366204f5e9c943715a065b5229f2442e2c86e
Reviewed-on: https://chromium-review.googlesource.com/c/1481216
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59766}