pthread_jit_write_protect* functions are only available on arm64 Mac,
not on iOS (which also sets V8_{TARGET_,}OS_MACOSX).
This CL refactors the logic to detect whether pthread_jit_write_protect
and MAP_JIT are available and defines a global preprocessor macro which
can subsequently be used instead of the existing complex condition.
R=jkummerow@chromium.org, mlippautz@chromium.org
Change-Id: I63894f42df35406d6eee90a4ce5070c2fde7b566
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3077154
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76143}
C++ frames can get quite big in sanitizer builds. In the linked bug it
was an ASan debug build, which overflowed the stack by more than 8kB
just from C++ frames (when entering the runtime, there was no overflow
yet).
Hence increase the allowed stack overflow a bit for sanitizer builds,
from 8kB to 32kB.
R=jkummerow@chromium.org
Bug: chromium:1236560
Change-Id: I119fdb859f7ab5e6a0a4174cf79f0a16baa39432
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3078359
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76142}
So that it is possible to differentiate modules in the stack trace even
when they are anonymous.
R=kimanh@chromium.org
Bug: v8:11808
Change-Id: I12a1f07accdf62c404052f32624e9914381a7451
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3074472
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76141}
Firstly, the fast path checking for applicability of the equality
"A/B = 0 with remainder A" must use the condition "A<B", not "A<=B".
Secondly, *all* early return paths must ensure that enough padding
'0' characters are written.
Fixed: chromium:1236694
Bug: v8:11515
Change-Id: I3fa7e17f5f3969ddbb5417b53abf3bff3fc1355b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3075365
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76139}
This reverts commit fffcbaea55.
Reason for revert: Breaks in Chromium (e.g. https://ci.chromium.org/p/v8/builders/ci/Linux%20V8%20FYI%20Release%20%28NVIDIA%29)
Original change's description:
> [counters] Fix reentrant timers for V8.Execute
>
> This CL fixes a long standing issue where reentering TimedHistograms
> scopes would cause spurious measurements. Only the non-nested scopes
> yielded correct results.
>
> Due to the changed numbers, the V8.Execute histogram is renamed to
> V8.ExecuteMicroSeconds. Note that this histogram is also guarded
> behind the --slow-histograms flag due to the additional overhead.
>
> Unlike before, it does no longer include time for external callbacks
> and only measures self time. The following example illustrates the
> new behaviour:
>
> 1. Enter V8: |--+.......+--| self-time: 4 units (reported)
> 2. Exit V8 (callback): |-+...+-| self-time: 2 units (ignored)
> 3. Re-enter V8: |---| self-time: 3 units (reported)
>
> This would result in 2 histogram entries with 4 time units for the first
> V8 slice and 3 units for the nested part. Note that the callback time
> itself is ignored.
>
> This CL attempts to clean up how TimedHistograms work:
> - Histogram: the base class
> - TimedHistograms: used for time-related histograms that are not nested
> - NestedTimeHistograms: Extends TimedHistograms and is used for nested
> histograms
>
> This CL changes Histograms to not measure time themselves. Measurements
> happen in the *HistogramScopes:
> - BaseTimedHistogramScope: Base functionality
> - TimedHistogramScope: For non-nested measurements
> - NestedTimedHistogramScope: For nested measurements
> - PauseNestedTimedHistogramScope: Ignore time during a given scope.
> This is used to pause timers during callbacks.
>
> Additional changes:
> - ExternalCallbackScope now contains a PauseNestedTimedHistogramScope
> and always sets VMState<EXTERNAL>
>
> Bug: v8:11946
> Change-Id: I45e4b7ff77b5948b605dd50539044cb26222fa21
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3001345
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Reviewed-by: Victor Gomes <victorgomes@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#76111}
Bug: v8:11946
Change-Id: I954de1afbabf101fb5d4f52eca0d3b80a723385b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3077153
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76138}
We add support for struct and arraytypes in wasm-fuzzer-common.
Also, we add addStruct and addArray while generating tests.
Other OptRef types like eqref/anyref have been supported.
Adding struct and arraytypes in wasm-compile has been placed
at the beginning in order to generate them in addSignature.
Bug: v8:11954
Change-Id: Ibe468dd4df70ad40367196c88353b28b7654f086
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3074463
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Rakhim Khismet <khismet@google.com>
Cr-Commit-Position: refs/heads/master@{#76137}
We would like to use the name CompilerDispatcher for dispatcher base
class to be used by Sparkplug and OptimizingCompileDispatcher.
Bug: v8:12054
Change-Id: Id69955101c1f46fc2f79b6f77b05c92ed8a31edb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3077150
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76136}
This patch makes V8 accept the binary format produced by Binaryen
after https://github.com/WebAssembly/binaryen/pull/3933 when the
--experimental-wasm-gc-experiments flag is present. The explicit
inheritance information is not used for anything. Validation is
performed only insofar as explicit supertypes must be valid types.
Bug: v8:7748
Change-Id: Id5b5050aa03591281632e3a2a161aa93422e10bd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3071406
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76135}
We make an undocumented assumption in {CodeSpaceWriteScope} that a
single thread will only work on one module at a time. If this is
violated, the thread-local {code_space_write_nesting_level_} would
prevent the second module from being switched to writable.
This CL adds a second thread local (in debug only) to check that if
there is already a {CodeSpaceWriteScope} open that it contains the same
{NativeModule} as any nested scope.
R=jkummerow@chromium.org
Change-Id: I43fa886d9d0fdf0e1846137dc411745fcca471fa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3074477
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76134}
Lets the macro-assembler compile RISC-V C-Extension instructions
when the corresponding flag is set during runtime.
Change-Id: I443d026653b9945ac7ccff41b0ca3f7db9b65775
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3039384
Reviewed-by: Brice Dobry <brice.dobry@futurewei.com>
Reviewed-by: Ji Qiu <qiuji@iscas.ac.cn>
Commit-Queue: Ji Qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/master@{#76128}
Verify if Chromium's flag was enabled and toggle the flag
for V8, enabling support for PAC (Pointer Authentication Code)
and BTI (Branch Target Identification).
Bug: v8:10026, chromium:1145581, chromium:919548
Change-Id: I7c40674d2f9c8512639a7320b491006697420e28
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3072158
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76126}
This was handled in JS but not in C++.
Bug: chromium:236703, v8:11025
Change-Id: Ic9adc4ceb4d2af2614427fec459c3e950654572f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3074460
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76125}
Make sure we update the module status before accessing it's code object
in PrintStatusTransition.
Bug: v8:11949
Change-Id: Ide1745eeeb0d5612034a42680d99fb97a9b110ab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3075361
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76124}
Generate the test case before compilation, so that we can generate it
even if compilation crashes.
We can only do this when require_valid is true. Otherwise the test case
depends on whether the module compiles or not.
R=ahaas@chromium.org
CC=khismet@google.com
Bug: v8:11954
Change-Id: I944e867cc7ca631bff749bd67c4b8baff1df1fa9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3074476
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76123}
If no GC happens when we grow the assembler buffer (this could happen
since we allocate a new Code object), we do not need to fix references
to full-embedded-objects.
Bug: v8:11872
Change-Id: I11fb1abcb4c53e124bb7659c9f9995ccb18cf296
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3073741
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76122}
Bug: v8:7790
Change-Id: Ia5903364a774bd49db1a646b3066b9972deac725
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3074465
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76119}
Bug: v8:7790
Change-Id: I299678102254ffb7d68be3d5cad11b4a4161492f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3068947
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76118}
Forgot to do this in crrev.com/c/3067226.
Bug: v8:7790,v8:12030
Change-Id: Ic6fbf3feb07e8d08f0fd83d76d54535387c7a27c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3074464
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76117}
This CL limits the amount of address space we reserve for shared
WebAssembly memory. Up until now we just reserved either the defined
maximum size of the memory or the V8-defined maximum memory size,
depending on whether the maximum size is defined or not. This could
cause OOMs easily on 32-bit systems due to address space exhaustion.
With this CL we limit the amount of address space we reserve for shared
WebAssembly memory.
1) We try to reserve at least the initial size;
2) If no maximum size is defined, we reserve 1GB by default;
3) If a maximum size is defined, then we reserve that maximum size
but at most 1GB.
Note that the handling of shared memory here is different than the
handling of not-shared memory because for shared memory it is not
possible to grow with realloc.
R=clemensb@chromium.org
Bug: v8:12038
Change-Id: I00493b330ee00588d65cbffa6f042e039106736e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3071206
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76116}
There was a DCHECK to ensure tests don't miss enabling either bytecode
or baseline code flushing along with stress-flush-code. Fuzzers use
different combination of flags so there we should allow
stress-flush-code without bytecode / baseline code flushing.
Bug: chromium:1236614,v8:11947
Change-Id: I86190b6336015e37288cffffc05de2fa21f496ad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3074462
Commit-Queue: Mythri Alle <mythria@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Auto-Submit: Mythri Alle <mythria@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76115}
Optimizing compilation can no longer collect source positions on demand
since it may now run concurrently without serialization.
Instead, we now collect full source positions when any component that
needs them is enabled (profiler, debugger).
Bug: v8:7790,v8:12030
Change-Id: I6a2a82eb2b0d3e92121e101b4d9bf330c1f6c065
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3067226
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76114}
ObjectDataKind::kSerializedHeapObject is no longer in use.
Remove the CreateDataFunctors since creation code is now simple
and uniform enough to inline.
Bug: v8:7790
Change-Id: I90009373b4f6b5e1b0ed90c7ccff323dc9821ed8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3073740
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76113}
Skip over SFIs that already have source position available.
Bug: v8:7790
Change-Id: Iaea51fe1e4cec9e3291a258a1c60b2354afa8525
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3074239
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76112}
This CL fixes a long standing issue where reentering TimedHistograms
scopes would cause spurious measurements. Only the non-nested scopes
yielded correct results.
Due to the changed numbers, the V8.Execute histogram is renamed to
V8.ExecuteMicroSeconds. Note that this histogram is also guarded
behind the --slow-histograms flag due to the additional overhead.
Unlike before, it does no longer include time for external callbacks
and only measures self time. The following example illustrates the
new behaviour:
1. Enter V8: |--+.......+--| self-time: 4 units (reported)
2. Exit V8 (callback): |-+...+-| self-time: 2 units (ignored)
3. Re-enter V8: |---| self-time: 3 units (reported)
This would result in 2 histogram entries with 4 time units for the first
V8 slice and 3 units for the nested part. Note that the callback time
itself is ignored.
This CL attempts to clean up how TimedHistograms work:
- Histogram: the base class
- TimedHistograms: used for time-related histograms that are not nested
- NestedTimeHistograms: Extends TimedHistograms and is used for nested
histograms
This CL changes Histograms to not measure time themselves. Measurements
happen in the *HistogramScopes:
- BaseTimedHistogramScope: Base functionality
- TimedHistogramScope: For non-nested measurements
- NestedTimedHistogramScope: For nested measurements
- PauseNestedTimedHistogramScope: Ignore time during a given scope.
This is used to pause timers during callbacks.
Additional changes:
- ExternalCallbackScope now contains a PauseNestedTimedHistogramScope
and always sets VMState<EXTERNAL>
Bug: v8:11946
Change-Id: I45e4b7ff77b5948b605dd50539044cb26222fa21
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3001345
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76111}
It was missing an AssumeMemoryFence.
Bug: v8:7790,chromium:1236612
Change-Id: Icd3ed9f9979b0ba287c9dff7f4f8722ac06e859a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3073739
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76110}
Just re-use the error constructor's initial map for the
WebAssembly.Exception constructor, instead of creating a new one.
R=jkummerow@chromium.org
Bug: v8:11992
Change-Id: If1ee53a1e9492c9ab4b59e363b388260ff097cf5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3071211
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76108}
For streaming compilation, scripts don't have a source string attached
until finalization, but the Script and SharedFunctionInfo objects are
already on the heap and may be picked up by heap walks.
This happens e.g. in CollectSourcePositionsForAllBytecodeArrays, where
we then try to reparse and recompile the SFI. This is invalid, since
the source string is not yet set.
Avoid this by checking for the empty source string (and leaving a TODO
for a nicer future solution).
Bug: v8:12051
Change-Id: Ib4f40cd218151120e5aff8558dd5df5c8834412e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3071403
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76104}
Rolling v8/build: cff8a26..e360729
Rolling v8/third_party/aemu-linux-x64: DxCnfY154Xn-UYrZ-GF8FewyGfo29cYHkKdDMgpEHJkC..Nw0OOp4j9l4Sj0WpOmaRhNeJ137UfsLg0P1YrF8uzKwC
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/61f0e50..cb61e19
Rolling v8/third_party/depot_tools: a806594..0a4dd41
Rolling v8/third_party/icu: 2a822c5..75e34bc
Rolling v8/tools/luci-go: git_revision:db421da12bad8e57f97ee45b24147e34ec882007..git_revision:467ab48f5ed9f3ef32ae17f5b73a117e0c86566b
Rolling v8/tools/luci-go: git_revision:db421da12bad8e57f97ee45b24147e34ec882007..git_revision:467ab48f5ed9f3ef32ae17f5b73a117e0c86566b
Rolling v8/tools/luci-go: git_revision:db421da12bad8e57f97ee45b24147e34ec882007..git_revision:467ab48f5ed9f3ef32ae17f5b73a117e0c86566b
TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com
Change-Id: I4006df2bfd8824d5a680d0c24b39f5b4a29f11b5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3071613
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#76101}
The number of arguments for the LiftoffCompiler has grown significantly
since its initial implementation, and it becomes hard to keep track of
all options at the call sites.
This CL refactors all optional parameters into a {LiftoffOptions} struct
which has a factory-like interface.
This will allow us to add more options in the future, e.g. for dynamic
tiering.
R=thibaudm@chromium.org
Change-Id: I66697bb2f99b676a84c158304cc3a285e1b077d0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3069148
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76098}
For inline scripts that have a `// #sourceURL=foo.js` annotation, the
V8 inspector (and by extension `Error.stack`) currently operates in
terms of the `foo.js`, i.e. doesn't give any hint about the actual
source, except for the line/column offsets reported upon scriptParsed.
However in case of stack frames (i.e. as part of `Error.stack` or as
part of the call frames reported via CDP), the line/column offsets are
relative to the actual source instead of relative to the `foo.js` part,
which - besides other things - makes post-processing of recorded stack
traces tricky (sometimes impossible).
This change adjusts the source positions reported for (inline) scripts
with sourceURL annotations to be relative to the (inline) script instead
of the surrounding document.
Bug: chromium:1183990
Fixed: chromium:578269
Change-Id: I74f2b93c22ec43ca796b6b51faa9df5b99cf03f9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3069289
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76097}
This CL is a port of https://crrev.com/c/3045349 for ia32 and arm,
adding helper methods to drop arguments from the stack.
Drive-by: Add RootAsOperand to ia32.
Bug: v8:11112
Change-Id: I07b753d51b9fc9fc91bf09618b1315d146827123
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3069157
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76095}
crrev.com/c/3069146 fixed a write barrier issue leading to a null
dereference on Windows that was triggered by having the stack allocated
at address below 4GB.
Turns out the same can happen on Fuchsia.
Bug: chromium:1230763, chromium:1056170
Change-Id: I74ba0b465c3230b4274f2c23d279c4f73183eddb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3071402
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Auto-Submit: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76094}
