Everyone was getting a copy of this through debug.h.
Bug: v8:9396
Change-Id: I5189cb4bf27a3381768b0be479d7b3d60dec20bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1695472
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62670}
I noticed the indentation was off in one function, but also fixed
all the other flake8 issues in this file.
Change-Id: I2303ed87da7154484a872315f8355f57621514c4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1697054
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Sam Clegg <sbc@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62669}
Previously, we didn't have access checks for the megamorphic case cause
we'd never get to this IC state for a receiver that doesn't hold the
right private field. But now with lazy feedback allocation we share
the megamorphic case code paths for the uninitialized loads as well,
which exposes our bug.
Bug: chromium:982702
Change-Id: I419406bcfc52575260a85d05520c1662735e15f8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1697256
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62668}
This CL adds a new FreeList strategy, that can be turned on by using flag
`--gc-freelist-strategy=1`. It is inspired by FreeListLegacy, and differs from
it in the following ways:
- Only has 3 categories: Medium, Large and Huge.
- Any block that would have belong to tiniest, tiny or small in FreeListLegacy
is considered wasted.
- Allocation is done only in Huge, Medium and Large (in that order), using a
first-fit strategy (only the first block of each freelist is ever considered
though).
- Performances is supposed to be better than FreeListLegacy, but memory usage
should be higher (because fragmentation will probably be higher).
Bug: v8:9329
Change-Id: Ib399196788f1dfaa1aeddc3dc721375dd7da65f1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1697248
Commit-Queue: Darius Mercadier <dmercadier@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62667}
This change implements lowering of speculative BigInt addition as well as
BigInt heap constants to corresponding int64 versions, if they are used in
a context where the result is truncated to the least significant 64 bits
(e.g. using asUintN). The JSHeapBroker is extended to provide access to the
BigInt's least significant digit during concurrent compilation. The BigInt
context (required to introduce correct conversions) is recognized in the
RepresentationChanger by either the output type propagated downward or the
TypeCheckKind propagated upward. This is necessary, because the TypeCheckKind
may only be set by nodes that may potentially deopt (and sit in the effect
chain). This is the case for SpeculativeBigIntAdd, but not for BigIntAsUintN.
This CL contains a simple fix to prevent int64-lowered BigInts to flow into
state values as the deoptimizer cannot handle them yet. A more sophisticated
solution to allow the deoptimizer to materialize truncated BigInts will be
added in a following CL.
Bug: v8:9407
Change-Id: I96a293e9077962f53e5f199857644f004e3ae56e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1684183
Commit-Queue: Nico Hartmann <nicohartmann@google.com>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62665}
This CL adds the --assert-types flag to d8, which is intended to
insert additional runtime checks after typed nodes, verifying the
validity of our typing rules. So far, only range types are checked.
Thanks to Neil Patil for suggesting something similar.
R=neis@chromium.org, tebbi@chromium.org
Change-Id: I5eb2c482235ec8cd07ee802ca7c12c86c2d3dc40
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1678372
Commit-Queue: Georg Schmid <gsps@google.com>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62664}
Even though this is not spec'ed yet, it's good to have an implementation
so that we can use clusterfuzz on it.
I changed the parameter order (hopefully) everywhere to
(table_dst_index, table_src_index, ...). This corresponds to the
(dst, src, ...) parameter order for the entry indices.
R=binji@chromium.org
Bug: v8:7581 chromium:980475
Change-Id: I2fb36ffd4bb2f2be5b22c8366732295fa6759236
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1698386
Reviewed-by: Ben Smith <binji@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62661}
This change fixes missing symbol errors in the Windows 10 on ARM build
of Node.js.
When a whole class is marked for export, all of its members are marked
as well. This can be a problem when inline members call undefined yet
inline members of other classes: the exported function will contain a
reference to the undefined inline function that should be satisfied at
link time, but because the other function is inline no symbol will be
produced that will satisfy that reference.
Clang gets around this by masking inlined class members from export
using /Fc:dllexportInlines-. This is why b0a2a567 worked.
Node.js' Windows builds use MSVC and so do not have access to this
flag. This results in unresolved symbols at link time.
Bug: v8:9465
Change-Id: Ief9c7ab6ba35d22f995939eb62a64d6f1992ed85
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1696771
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62660}
This is a reland of https://crrev.com/c/v8/v8/+/1692366. The original
change was reverted because it broke some blink tests. This will be
landed after suppressing them:
https://crrev.com/c/chromium/src/+/1695541
Make native errors serializable.
The implementation is mostly straightforward, but there is one
exception: the stack property. Although the property is not specified,
the spec for error cloning asks us to preserve the property if
possible. This implementation serializes the property only when it is
a string, and otherwise ignores it.
Spec: https://github.com/whatwg/html/pull/4665
Intent-to-Ship: https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/f8JngIi8qYs
Bug: chromium:970079, v8:9462
Change-Id: Ibf012754f30237f6b5acf119ef834e73727a230f
Cq-Include-Trybots: luci.v8.try:v8_linux_blink_rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1695202
Auto-Submit: Yutaka Hirano <yhirano@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62659}
Rolling v8/build: 40634f1..c989268
Rolling v8/buildtools: 80b545b..95c72f3
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/b79dda9..1abe66f
Rolling v8/third_party/depot_tools: d3f6994..78dec04
Rolling v8/tools/luci-go: git_revision:25958d48e89e980e2a97daeddc977fb5e2e1fb8c..git_revision:7d11fd9e66407c49cb6c8546a2ae45ea993a240c
Rolling v8/tools/luci-go: git_revision:25958d48e89e980e2a97daeddc977fb5e2e1fb8c..git_revision:7d11fd9e66407c49cb6c8546a2ae45ea993a240c
Rolling v8/tools/luci-go: git_revision:25958d48e89e980e2a97daeddc977fb5e2e1fb8c..git_revision:7d11fd9e66407c49cb6c8546a2ae45ea993a240c
TBR=machenbach@chromium.org,sergiyb@chromium.org,tmrts@chromium.org
Change-Id: I014010e41a1fe31582ab5aa3abbb28b1f1be32f9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1698803
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#62658}
The alignment should be 3 (i.e. 8 bytes), but was specified as 2 (i.e. 4
bytes).
Bug: v8:9425
Change-Id: I0beb09df25fe0281ed604909e894afd804f5411e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1693836
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62657}
Even though this is not spec'ed yet, it's good to have an implementation
so that we can use clusterfuzz on it.
R=binji@chromium.org
Bug: v8:7581
Change-Id: I323625322e5240dc6ac224dce8a1f1f7f6070758
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1695478
Reviewed-by: Ben Smith <binji@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62656}
With lazy feedback allocation and bytecode flushing we need to call
%PrepareFunctionForOptimize before we call %OptimizeFunctionOnNextCall/
%OptimizeOsr. This cl:
1. Adds an additional state in pending optimized table to check if the
optimization was triggered manually.
2. Changes the compilation pipeline to delete the entry from pending
optimized table only if the optimization was triggered through
%OptimizeFunctionOnNextCall / %OptimizeOsr.
3. Adds a check to enforce %PrepareFunctionForOptimize was called.
4. Adds a new run-time flag to only check in the d8 test runner. We
don't want this check enabled in other cases like clusterfuzz that doesn't
ensure %PrepareFunctionForOptimize is called.
Bug: v8:8394, v8:8801, v8:9183
Change-Id: I9ae2b2da812e313c746b6df0b2da864c2ed5de51
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664810
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62653}
BasicMemoryChunk sits above the MemoryChunk in the chunk hierarchy and
is responsible for storing the bare minimum data to identify a chunk of
memory, without worrying about GC etc.
This change also completes the MemoryChunk offset asserts, which were
previously missing for few key properties.
Bug: v8:7464
Change-Id: Id4c7716c4ed5722ceca3cbc66d668aed016c74b0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1688843
Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62652}
The simulator builds have bugs which cause invalid frame markers in
some cases.
Change-Id: I837732c6f5efe24821415a0ae0626578bbcc3a7e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1697253
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62650}
GetOwnPropertyNameTryFast uses ENUMERABLE_STRINGS filter to trigger fast
path in KeyAccumulator::GetKeys conditionally when all properties on the
receiver are enumerable. It is not easy to verify if all properties are
enumerable and the current check is incorrect in some cases.
For ex: when we have non-enumerable properties when we have elements on
the receiver. This cl removes this try_fast path from the builtin. This
could impact performance. The long term fix for this would be to fix
KeyAccumulator::GetKeys to use fast path for more cases.
Bug: chromium:977870
Change-Id: Iecde730739c2c452ffa0d893d0d1b3612a45d1b2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1679499
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62649}
These are ancient artefacts from when HeapObject was a pointer.
Bug: v8:9396
Change-Id: I1782837aa5bd4b8393cd084321b90baa614a7373
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1691911
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
Cr-Commit-Position: refs/heads/master@{#62647}
In order to migrate the extra flags into the fuzzer and keep bisection stable,
we need to use the same RNG state for each call to generating fuzz flags.
Throughout one fuzzing session the same random-seed is used
(https://crbug.com/983128) and we'll pass it to the fuzz config in a follow up.
TBR=tmrts@chromium.org
NOTRY=true
Bug: chromium:813833
Change-Id: I3203c86028a5d283238e6ef739f82eccee1302b1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1697254
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62646}
Reverse specialization of https://chromium-review.googlesource.com/c/v8/v8/+/1684075.
Again, it skips over Tagged to save some instructions.
Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:7703
Change-Id: I7fc50e0d8eebfef7a1ba02ce3d687ff808f30680
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1693007
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62645}
In the atomics stress, the search for sequential sequences creates
lots of new WebAssembly.Memory objects. This memory pressure is not
central to this test, so reuse the same memory to make them less
flaky.
R=mstarzinger@chromium.org
Change-Id: I8d135e7b82d572cb1df38f37a4e2f6393f6b2e05
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1697247
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62644}
This adds support for properly importing {WebAssembly.Function} objects
that were constructed in JavaScript and just wrap a JavaScript callable.
R=ahaas@chromium.org
TEST=mjsunit/wasm/type-reflection
BUG=v8:7742
Change-Id: I00e01db0d85b83d405eb28517d00fba62c253985
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1690949
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62641}
This reverts commit a6eabacfee.
Reason for revert: as planned
Original change's description:
> Disabe FLAG_turbo_control_flow_aware_allocation again
>
> A few changes have been made to this feature and disabling it lets us
> best see its current performance impact.
>
> Bug: v8:9088
> Change-Id: I54d5e09f3fcece215e29d66d5bdb3f19ba07bda0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1690954
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62586}
TBR=neis@chromium.org,sigurds@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:9088
Change-Id: I13b94d90cfb2d8e9372291645729e05b79a9a6ea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1697243
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62638}
In a DCHECK inside AddExport(), MSVC gives a C4018 signed/unsigned
mismatch warning. Use a cast to silence this.
Change-Id: Ie388b95b183d2ca3649475fe2206171800673f88
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1697043
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Auto-Submit: Lei Zhang <thestig@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62636}
Add a bit on the isolate which indicates that the stack is currently
not iterable for the SafeStackFrameIterator.
This is needed during deoptimization, when we do a fast C call without
a return address on the stack, meaning we can't iterate the stack
frames.
Re-enable DeoptAtFirstLevelInlinedSource which is fixed by this CL.
Bug: v8:9057
Change-Id: I76379a2dd38023be7e6f5153edeb1f838e9ac4d6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1688049
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62634}
This removes the last remaining use of the AbortJS opcode. We now use
AbortCSAAssert instead, which is not influenced by the
--disable-abortjs flag. The AbortJS runtime function should only be
called from JS now.
R=mstarzinger@chromium.org
Bug: v8:9396
Change-Id: I791da99594f9e1e99991ac8b03e943297d7d41e3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1695476
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62633}
This fixes a corner-case where a {WasmExportedFunction} that represents
a re-export of a JavaScript callable from another module was identified
correctly, but not all corner-cases were correctly covered. Concretely
we failed to check for function signatures incompatible with JavaScript.
R=ahaas@chromium.org
TEST=mjsunit/regress/wasm/regress-9447
BUG=v8:9447
Change-Id: Ia6c73c82f4c1b9c357c08cde039be6af100727d6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1690941
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62632}
Prior to this CL, it was possible to pollute another context's
fast/slow-path state for RegExp builtins due to the species protector
being per-isolate rather than per-context. Among other things, this
means that iframes can slow down the main site, and slowdowns persist
across page reloads and navigation within the same tab.
This CL thus moves the RegExpSpeciesProtector to the native context.
The same should be done for all other protectors in the future.
Bug: chromium:977382, v8:5577, v8:9463
Change-Id: I577f470229cb9dfcd4a88c20b1b9111c65a9b85f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1695465
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62631}
This reverts commit e8d865973f.
Reason for revert: crbug.com/981701
Original change's description:
> [parsing] Improve elision of hole checks for default parameters
>
> Use the position of the next parameter to be declared as the end of the
> initializer for default parameters, so that hole checks can be elided
> for initializers using previous parameters in arrow functions.
>
> This fixes a source of bytecode mismatches when collecting source
> positions lazily.
>
> Bug: chromium:980422, v8:8510
> Change-Id: I5ab074231248b661156e7d8e47c01685448b56d5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1683267
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62525}
TBR=verwaest@chromium.org,delphick@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: chromium:980422, v8:8510
Change-Id: I3abd70a1fb00967e58b46177655a0078e24db720
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1697242
Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62630}
We don't use this anywhere, it's always true.
Change-Id: Iae16a108f036de5eddd1b9741e554ddd4eac8c83
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1692928
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62628}
At the moment we cancel all {AsyncCompileJobs} when a context of an
isolate gets disposed. However, there can be multiple contexts per
isolate, which meant that in some cases we canceled compilations even
though their context was still alive.
With this CL we only abort the compilations of the native context,
which is typically the context that is being disposed.
This is a small change that can be merged back. I plan to do a proper
change later which extends the V8 API so that the embedder provides
a handle to the context that is disposed.
R=clemensh@chromium.org
Bug: chromium:980876
Change-Id: I278bc30f084fe31fa409f1d4f913f1186b4809ec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1692939
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62627}
The {FrameScope} with {StackFrame::NONE} just sets the {has_frame_}
field in the {TurboAssembler}, so it's fine to just unconditionally do
that. The field will be reverted to the previous state when the
{FrameScope} dies.
R=mstarzinger@chromium.org
Bug: v8:9396
Change-Id: Iec56a9bd45d19eda689ff033df58928d6edbdcf0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1692930
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62626}
This refactors some CSA methods to receive an initializer list instead
of endless parameters, and simplifies the macros used to generate the
respecive calls.
R=tebbi@chromium.org
Bug: v8:9396, v8:7629
Change-Id: I318e785da62f139ed9e70df631c426fe1609a42a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1693002
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62624}
The existing AbortJS runtime function can be disabled via
--disable-abortjs (which the fuzzers use), but we never want to disable
CSA assertions. Hence use a separate runtime function for those.
This will also reduce the size of generated strings, since the
"CSA_ASSERT failed: " prefix is not part of those strings any more.
As a drive-by, this renames all occurences of "DebugAbort" to "AbortJS"
to be consistent in that name.
R=mstarzinger@chromium.org, tebbi@chromium.org
Bug: v8:9453
Change-Id: I52e48032a1d58f296f0364fe8d917e45a2603a2c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1692921
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62622}
