With shipping lazy compilation, we lose the test coverage for eager
compilation. This is bad, because with PGO, eager compilation may have
a comeback. With this CL we enable eager compilation in the
nooptimization test variant. This variant seems to be the best fit, as
there are no conflicts with existing flags. The --liftoff flag is not a
problem, because Liftoff was anyways the default for eager compilation.
R=clemensb@chromium.org
Bug: v8:12852
Change-Id: I002ecb2a31ad2e2335a0469fdf5e3d5bda3b33bc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4027004
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84294}
Apparently the server-provided information changed, so we need to
work a little harder to find the latest release.
No-Try: true
Change-Id: Idc030fb648e39039175133dc0cb052c296193b94
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4023861
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84263}
This prepares work for speeding up gcmole infrastructure by adding
more checks and testing.
- Add a presubmit check that verifies gcmole directives in gn files.
- Simplify gcmole directives in gn files. Drop all but the
architecture property as the others were unused. Simplify regular
expressions.
- Fix some gcmole directives (fly by - only on untested
architectures).
- Add a python test for the changed function in gcmole.py. There's
no other testing yet and this starts somewhere. The test simulates
real BUILD.gn files via checked-in test data.
Bug: v8:12660
Change-Id: I9ca3152b2c3b806de5d4509c152283b36294950d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4020268
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84239}
- Debounce creating tooltips to declutter the UI
- CTRL-mouse move causes immediate tooltips
- Use icons and help text on tooltip buttons
- Recreate tooltip target nodes in timeline views to avoid moving the
existing tooltip if the update is debounced
Change-Id: I65a885827ebfeafc09c1c08e2cfe9c2dd448edca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4012720
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84120}
When introducing heap type decoding we added some module-specific checks
to the constructor of certain immediates. This broke the previous design
where module-specific checks were done in a separate {Validate} method.
This CL restores that state.
R=jkummerow@chromium.org
Change-Id: I1ed887daecc25990272c95a24f4444da2d8b5466
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4008318
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84118}
Controlled by a command-line flag --wasm-disassembly-max-mb,
set to 1000 MB for now. The intention is to avoid OOM crashes
for huge modules.
Bug: chromium:1362286
Change-Id: Ifc0cdd7e8dda016c7cc65dcd75ff6ed51c785a6c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4008625
Reviewed-by: Philip Pfaffe <pfaffe@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84111}
The wasm decoder immediates are currently templatized by the {validate}
enum value. They do not need to be though; the only difference is in the
constructor, so the constructor should be templatized instead.
This CL implements that, and also changes the {validate} enum to be a
tag (a typename) instead. This is needed in order to enable template
parameter deduction for the constructor calls (C++ does not allow to
explicitly define the template parameter at constructor calls).
As a nice side effect, this produces nicer symbolized stack traces.
Before:
v8::internal::wasm::Decoder::read_u32v<(v8::internal::wasm::Decoder::ValidateFlag)1>
After:
v8::internal::wasm::Decoder::read_u32v<v8::internal::wasm::Decoder::BooleanValidationTag>
R=jkummerow@chromium.org
Change-Id: I013c909ebaf2c8c495f32b5ce598905f3eccc3ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3973267
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83889}
... and prepare for using PGO profiles for arm builds.
Bug: v8:10470
Change-Id: If71d363195c60277a59dc68d0c18e361e24209c6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3970665
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83867}
Similar to how `time COMMAND` measures time, `rss.py COMMAND` measures
memory consumption, by sampling RSS (Resident Set Size) for the child
process in /proc at a configurable interval (default: every 1ms).
No-Try: true
Change-Id: I381cdd6325fae67944ee96e44ba09dd948d432cd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3971360
Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83858}
This CL makes the object keeping stack information thread-local, moving
it from Heap to ThreadLocalTop. In this way, stack scanning will work
correctly when switching between threads, e.g., using v8::Locker.
It also introduces a mechanism for setting a stack marker, to be used
for scanning only the part of stack between its start and the marker
(instead of the current stack top).
Bug: v8:13257
Change-Id: I01091f5f49d9a8143d50aeef53789a98bdb29048
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3960991
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83848}
Turbofan generates bitcast nodes like BitcastWordToTaggedSigned to
ensure the value types of definitions and uses are matched. These
nodes can be elided after MachineGraphVerifier verifying the graph.
This can avoid generating redundant instructions:
Before:
xorl r15,r15
cmpl [rdx+0xb],r15
After:
cmpl [rdx+0xb],0x0
Change-Id: I84bc1b05d77ed9487001e34a93dfe14e45a7a678
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3837161
Commit-Queue: Hao A Xu <hao.a.xu@intel.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83811}
This is a reland of commit 4804c4de31.
There are major changes since the previous attempt:
- The WasmLiftoffFrameSetup (formerly WasmGetFeedbackVector) builtin
now performs as much of the frame setup work as possible, to reduce
generated code size for each function.
- The WasmLazyCompile builtin/runtime function no longer allocates,
hence gets frame type INTERNAL, and is un-handlified.
Original change's description:
> [wasm] Allocate feedback vectors on demand
>
> We previously allocated feedback vectors when instantiating the module,
> or when lazily compiling a function. That's not sufficient when there
> are multiple instances of the same NativeModule, or when we eagerly
> tier-down all code for debugging. This patch changes the "get vector from
> instance" sequence at the beginning of every Liftoff function to "get
> or allocate vector"; factored into a builtin call to avoid generating
> more code for every function.
>
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3939667
> Cr-Commit-Position: refs/heads/main@{#83610}
Bug: v8:12852
Change-Id: I58a6a02a55c3e29cae3cbdafad6cf81487faccbe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3942206
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83794}
We want to trigger CQ builders with the resultdb flag on.
V8-Recipe-Flags: resultdb
Bug: v8:13316
Change-Id: I42299909504bddae51348ab1a70b43b5d8239453
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3962988
Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Commit-Queue: Liviu Rau <liviurau@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83769}
--use-map-space was already disabled by default. This CL removes
the possibility to enable map space again by removing that flag and
all its usages.
Bug: v8:12578
Change-Id: I8af18f39e9bf645316aa8718b49589eb4b852374
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3959658
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83758}
Use fast path for locales that don't need special handling.
Change-Id: Iff2b60143edca4e3b7dd41f412d6d06f779cfffe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3952317
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83725}
After removing flag in https://crrev.com/c/3952935 it was still used
on fuzzers.
Bug: v8:12578
Change-Id: I35790b11224c9487923b322f575530159a09b129
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3956734
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83718}
This is a reland of commit e3096c31d6.
The one additional use of FLAG_turboshaft is also rewritten now.
Original change's description:
> [flags] Remove FLAG_* aliases
>
> This removes the deprecated FLAG_* aliases, and switches remaining uses
> to the new v8_flags syntax.
>
> R=jkummerow@chromium.org
>
> Bug: v8:12887
> Change-Id: Icde494a3819a9b1386c91e44f5d72a55666d9eae
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3952350
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83686}
Bug: v8:12887
Change-Id: I978df89f51e11c9a101ff3c1e385b1eced697a74
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3953292
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83717}
This is a reland of commit 237de893e1
We now guard against requests Python module not being available when running the testrunner. If preconditions (modules & luci context) are not met we no longer add ResultDBIndicator to the chain.
Original change's description:
> [resultdb] Add ResultDB indicator
>
> Adds a new indicator that will send every result to ResultDB (and ultimately in a bq table; to be configured later).
>
> If we are not running in a ResultDB context we introduce only a minimal overhead by exiting early from indicator.
>
> To test these changes in a luci context with ResultDB we activated resultdb feature flag via V8-Recipe-Flags. This feature got implemented in https://crrev.com/c/3925576 .
>
>
> V8-Recipe-Flags: resultdb
> Bug: v8:13316
> Change-Id: I5d98e8f27531b536686a8d63b993313b9d6f62c5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3905385
> Commit-Queue: Liviu Rau <liviurau@google.com>
> Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83672}
V8-Recipe-Flags: resultdb
Bug: v8:13316
Change-Id: I0bdfae13cc7f250c41a18f2d3a513a3bfc580f6d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3955263
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Liviu Rau <liviurau@google.com>
Cr-Commit-Position: refs/heads/main@{#83711}
Make several changes to template object caching:
* Key the cache on Script rather than SFI, so that entries stay alive
even if the SFI dies (e.g. because its parent is code flushed) but
can be resurrected (because other functions from the same script can
recreate it)
* With the above change, identify the required template object by
comparing both function literal id and feedback slot id.
* Change the cache from a linked list of CachedTemplateObjects into an
ArrayList pointing directly to the template object JSArrays.
* With CachedTemplateObjects being gone, store the function literal id
and slot id directly on the JSArray behind private symbols. Fast
path access to them in the case where the template object has the
expected map, and look them up in a slow path if the map changed
(e.g. because the template object was used as a prototype and
transitioned to a dictionary map).
Change-Id: Id715cb2fd38b9605b8e6ddf5e35336bb4f0300d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3900376
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83693}
This removes the deprecated FLAG_* aliases, and switches remaining uses
to the new v8_flags syntax.
R=jkummerow@chromium.org
Bug: v8:12887
Change-Id: Icde494a3819a9b1386c91e44f5d72a55666d9eae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3952350
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83686}
This reverts commit 237de893e1.
Reason for revert: breaks flake bisect:
https://ci.chromium.org/ui/p/v8/builders/try.triggered/v8_flako/b8800423657665797553/overview
The change added the implicit requirement to run testing with
vpython3, which is not given everywhere.
Original change's description:
> [resultdb] Add ResultDB indicator
>
> Adds a new indicator that will send every result to ResultDB (and ultimately in a bq table; to be configured later).
>
> If we are not running in a ResultDB context we introduce only a minimal overhead by exiting early from indicator.
>
> To test these changes in a luci context with ResultDB we activated resultdb feature flag via V8-Recipe-Flags. This feature got implemented in https://crrev.com/c/3925576 .
>
>
> V8-Recipe-Flags: resultdb
> Bug: v8:13316
> Change-Id: I5d98e8f27531b536686a8d63b993313b9d6f62c5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3905385
> Commit-Queue: Liviu Rau <liviurau@google.com>
> Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83672}
Bug: v8:13316
Change-Id: I7e55668e365475298ed46d2fc8ee0fe1282c3e8e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3952131
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#83677}
Adds a new indicator that will send every result to ResultDB (and ultimately in a bq table; to be configured later).
If we are not running in a ResultDB context we introduce only a minimal overhead by exiting early from indicator.
To test these changes in a luci context with ResultDB we activated resultdb feature flag via V8-Recipe-Flags. This feature got implemented in https://crrev.com/c/3925576 .
V8-Recipe-Flags: resultdb
Bug: v8:13316
Change-Id: I5d98e8f27531b536686a8d63b993313b9d6f62c5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3905385
Commit-Queue: Liviu Rau <liviurau@google.com>
Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83672}
After the let instruction was removed again, the number and types of
locals stays constant throughout the decoding of a function. Hence store
it in a plain array instead of a ZoneVector. This makes the decoder
smaller and saves bounds checks for the "safe libc++".
R=thibaudm@chromium.org
Bug: chromium:1358853
Change-Id: Iad69aa0cfdc254710e1c2219cfb2c972241ef473
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3944929
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83671}
No need to use 'cpcp' or 'cpm' now, simple 'print' shall work:
Instead of:
{
<cppgc::internal::MemberBase> = {raw_ = {value_ = 2300193596}},
<cppgc::internal::DisabledCheckingPolicy> = {<No data fields>},
<No data fields>
}
the output becomes:
cppgc::Member<GCed> pointing to 0xbbbbbbbb12345678
Bug: chromium:1373391
Change-Id: I72645d372ee830e20ec02b991ddff94851c4a49f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3948607
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83654}
This CL adds the following gdb commands:
cpcp <compressed-pointer> # prints compressed pointer
cpm <member> # prints member value
Bug: chromium:1373391
Change-Id: If5cc121883afbe64f4b95965a48b52647179b9f8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3945108
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83633}
A BoundedSize is just a regular size_t when the sandbox is disabled.
However, when the sandbox is enabled, a BoundedLength is guaranteed to
be in the range [0, kMaxSafeBufferSizeForSandbox]. This is (currently)
achieved by storing the length shifted to the left, then right-shifting
it when loading it. This guarantees that the top bits are zero.
BoundedSizes are used to ensure safe access to variable-sized buffers,
in particular ArrayBuffers and their views, located inside the sandbox.
If a full size_t is used to represent their size, it may allow an
attacker to "reach out of" the sandbox address space by setting the
length to a very large value. A BoundedSize prevents this.
Bug: chromium:1360375
Change-Id: I0579693db528af96c41eeaa64bd3ed71266aacd9
Cq-Include-Trybots: luci.v8.try.triggered:v8_linux64_no_sandbox_dbg_ng_triggered
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3876823
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83631}
The function-body-decoder-impl.h header is really heavy, and a comment
at its beginning says that it should only be included for new
implementations of WasmFullDecoder.
While there are other nice reasons to include it (e.g. for the Immediate
types), many includes were not needed.
This CL removes them, and adds other needed includes as needed instead.
R=jkummerow@chromium.org
Bug: v8:13312
Change-Id: I84efab0814fc1a38643960f49c7641c824b75f71
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3933055
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83561}
Implements the normative change
https://github.com/tc39/ecma262/pull/2819, which removes the await
inside async generator yield*. The delegating iterator result is already
awaited, and this effectively removes an extra tick and unwrapping.
The implementation of `yield` uses the existing AsyncGeneratorYield
builtin, which already performs an Await. It is renamed to
AsyncGeneratorYieldWithAwait.
The implementation of `yield*` uses a new builtin named
AsyncGeneratorYieldNoAwait, which does not perform an Await.
Bug: v8:13275
Change-Id: I88569f1e982edfb6a193c2fa07544fc59732f380
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3919916
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83545}
WAS_USED_FOR_ALLOCATION is set whenever we allocate on a new-space page.
This may happen while concurrent compilation is running in the
background, which may race with checking other page flags during
compilation.
Bug: v8:13356
Change-Id: Id3d7f0904c61b18b5675e8c0351e17679f3c76ab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3932165
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83538}
Provide dummies for performance methods that are irrelevant for
differential fuzzing.
Bug: chromium:1370405
Change-Id: I91dcadc446314dbfc97b09a95f054c867574e345
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3932722
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83509}
This reverts the following commits:
* [runtime] Clean up dead entries in the template cache"
8436c0059c.
* [runtime] Don't update template map for existing templates
e7b9604040.
* [runtime] Fix hash used in template cache
caa087bb18.
* [runtime] Hold cached template objects weakly
5d19e724d2.
* [runtime] Key template object cache on Script
f3a0e8bccf.
There are gerrit UI issues which appear to be template object caching
related.
For dashboard:
This reverts commit 8436c0059c.
This reverts commit e7b9604040.
This reverts commit caa087bb18.
This reverts commit 5d19e724d2.
This reverts commit f3a0e8bccf.
Bug: v8:13190
Bug: chromium:1366900
Change-Id: I9759771441a4dece2a5dbb47e462ce0c0c01b182
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3925696
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83471}
This reverts commit 178148045f.
Reason for revert: regresses JetStream2 a lot.
Original change's description:
> [runtime] Invalidate XxxIteratorLookupChain protectors
>
> ... when "return" property is added to respective iterator or might be
> added somewhere up the prototype chain.
>
> According to the iterator protocol the "return" callback must be
> called when iteration is aborted in the middle.
>
> Bug: chromium:1357318
> Change-Id: I36d81b90cfd40e417136ab97ec53ad7054f4df77
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3916630
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83427}
Bug: chromium:1357318, chromium:1368400, v8:13335
Change-Id: I8b14a2c47819a89d9b2c869a7bcb52e2c2457427
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3925199
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83466}
When unicode sets (/v) are enabled, the regular expression is treated as
unicode, similar to /u.
Bug: v8:11935
Change-Id: I07dc617c1fcd9975ad5a3d226cec025c63489fd9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3918417
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83452}
