Changes:
- When checking if a table is a function table, check for subtyping to
funcref instead of equality.
- Add WasmModuleObject argument to GetFunctionTableEntry.
- Implement WasmTableObject::Get/Set for all legal table types.
- Factor out SetFunctionTableEntry from WasmTableObject::Set.
- Write unittests and JS tests.
Bug: v8:9495
Change-Id: I4f0c7a7013f17c561afb3039c5e0811634a4d313
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2416387
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70032}
Remove the hack introduced in https://crrev.com/c/2412176, use the
existing {ValueTypeToConstantName} function instead.
R=ahaas@chromium.org
Bug: chromium:1127717
Change-Id: I4ac50346825d7b00ea8dadccd7798a273ae84499
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2421568
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70028}
Bug: v8:7790
Change-Id: Ibe41dcc3d1717326b8ce7bf3491bf32a8d0882b0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2421810
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70027}
Assertions are implemented with the new ASSERTION instruction. The nfa
interpreter evaluates the assertion based on the current context in the
subject string every time a thread executes ASSERTION. This is
analogous to what re2 and rust/regex do.
Alternatives to this approach:
- The interpreter could calculate eagerly for all assertion types
whether they are satisfied whenever the current input position is
advanced. This would make evaluating the ASSERTION instruction itself
cheaper, but at the cost of making every advance in the input string
more expensive. I suspect this would be slower on average because
assertions are not that common that we typically evaluate >= 2
assertions at every input position.
- Assertions in a regexp could be desugared into CONSUME_RANGE
instructions, so that no new instruction would be necessary. For
example, the word boundary assertion \b is satisfied at a given
position/state if we have just consumed a word character and will
consume a non-word character next, or vice-versa. The tricky part
about this is that the assertion itself should not consume input, so
we'd have to split (automaton) states according to whether we've
arrived at them via a word character or not. The current compiler is
not really equipped for this kind of transformation. For {start,end}
of {line,file} assertions, we'd need to introduce dummy characters
indicating start/end of input (say, 0x10000 and 0x10001) which we feed
to the interpreter before respectively after the actual input.
I suspect that this approach wouldn't make much of a difference for
NFA execution. It would likely speed up (lazy) DFA execution though
because assertions would be dealt with in the fast path.
Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel_ng
Bug: v8:10765
Change-Id: Ic2012c943e0ce54eb8662789fb3d4c1b6cd8d606
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2398644
Commit-Queue: Martin Bidlingmaier <mbid@google.com>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70026}
Return MaybeHandle directly instead of converting to Handle first and
then back to MaybeHandle.
Bug: v8:10315
Change-Id: I7d0b67ea3931ad4eba48fc58d934d5722ff70905
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2418402
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70025}
When a compaction space allocates a new code page, that pages needs to
be added to the Isolate::code_pages_ array used for stack unwinding.
Since the array is owned by the main thread, compaction thread cannot
directly modify it. Because of that code pages are added upon merging
of the compaction space to the main space in MergeLocalSpace.
The bug was that all code pages coming from the compaction space
were added to the code_pages_ array. However, some of the pages are
not newly allocated but merely borrowed from the main space.
This CL keeps track of all newly allocated paged by a compaction space.
Bug: v8:10900
Change-Id: Iff3ff5d608df60fb752d2e0ffc29e51f2d967936
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2418718
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70023}
Since the flag is enabled by default, it is more useful to have the
reverse implications so that disabling the flag is guaranteed to work.
Bug: v8:10315
Change-Id: I191c35682442925f3fed691460d074ba6715fc99
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2409498
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70022}
That DCHECK could fail even though GC was in the right state. It could
happen that the first load gets the old value NOT_IN_GC, since this
isn't TEAR_DOWN a second load needs to be performed. The load then
returns TEAR_DOWN but that doesn't match NOT_IN_GC either.
Fix this by only loading gc_state() once.
Bug: v8:10315
Change-Id: Ibcad540fa4d5f578c9936c472b294bbccebdc09a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2418719
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70021}
For js frame, we want to display currently executing function.
Change-Id: If33b04279dafdf6e4834bfb6c7240e8e7e799fc7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2411483
Reviewed-by: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#70018}
Rolling v8/build: 153ad0b..d77db9e
Rolling v8/third_party/aemu-linux-x64: QxDL1Bk85zKmALn9xHGhro_uZAytSTHjJ--QwZLaT7oC..UncMpcoIeFj9FKkqbpkwnPCh8YmqHZcucJu-mi7jF1MC
Rolling v8/third_party/depot_tools: d949c91..244d770
Rolling v8/third_party/jinja2: 61cfe2a..a82a494
Rolling v8/tools/luci-go: git_revision:b022173f8069cf8001d4cf2a87ce7c5f0eae220f..git_revision:83c3df996b224edf5061840744395707a0e513e7
Rolling v8/tools/luci-go: git_revision:b022173f8069cf8001d4cf2a87ce7c5f0eae220f..git_revision:83c3df996b224edf5061840744395707a0e513e7
Rolling v8/tools/luci-go: git_revision:b022173f8069cf8001d4cf2a87ce7c5f0eae220f..git_revision:83c3df996b224edf5061840744395707a0e513e7
TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com
Change-Id: I3305d8fa9f2a741f1f6fdd14b9754f4f42b76bc9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2419992
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#70014}
The DCHECK is only guaranteed to hold after checking that is_logging()
still returns true.
Bug: v8:10315
Change-Id: Ia43657faffa4c7eda70c95a446bee1389d08e6fd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2418713
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70013}
This reverts commit c0564971ac.
Reason for revert: Speculative revert, ASAN is failing consistently:
https://ci.chromium.org/p/v8/builders/ci/V8%20Win64%20ASAN/15103
Original change's description:
> [parser] Use SmallVector(1) for DeclarationParsingResult::declarations
>
> Typically we'll parse a single declaration when parsing variable declarations.
> Using on-stack storage rather than std::vector that requires malloc is much
> more efficient.
>
> Change-Id: Id99515bb4ce7ea2dae46498f8f9f9d49c33c7353
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2418393
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#69995}
TBR=leszeks@chromium.org,verwaest@chromium.org
Change-Id: I6e46c058f16c965e905f20b8df473a8fb22cc6cc
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2419037
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70011}
This reverts commit cfe9544aa6.
Reason for revert: Some spec tests fail:
https://ci.chromium.org/p/v8/builders/ci/V8%20Arm%20-%20debug/15933
Original change's description:
> [wasm-simd][scalar-lowering] Enable some spec tests
>
> These tests can now be enabled as we implemented more scalar lowering
> support.
>
> Bug: v8:10507
> Change-Id: Ida5f896300e074db079ec24720302729b0582d9d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2411774
> Reviewed-by: Bill Budge <bbudge@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70006}
TBR=bbudge@chromium.org,zhin@chromium.org
Change-Id: Idb2da40178860f045ffab9ab5b2c8b1f2ebafcf6
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10507
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2419036
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70010}
Cast to int32_t after checking the range.
Bug: v8:10921
Cq-Include-Trybots: luci.v8.try:v8_linux64_ubsan_rel_ng,v8_linux64_asan_rel_ng,v8_linux64_tsan_isolates_rel_ng,v8_linux64_msan_rel_ng,v8_linux64_tsan_rel_ng,v8_mac64_asan_rel_ng,v8_win64_asan_rel_ng,v8_linux64_gcc_compile_dbg,v8_linux_gcc_compile_rel,v8_linux_gcc_rel_ng,v8_linux64_gc_stress_custom_snapshot_dbg_ng,v8_linux_arm64_gc_stress_dbg_ng,v8_linux_gc_stress_dbg_ng,v8_mac64_gc_stress_dbg_ng;luci.chromium.try:linux_chromium_ubsan_rel_ng
Change-Id: I9c3631a2f3aa34bc9c87a6f40a2888b38832978c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2414622
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70008}
These tests can now be enabled as we implemented more scalar lowering
support.
Bug: v8:10507
Change-Id: Ida5f896300e074db079ec24720302729b0582d9d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2411774
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70006}
vmin should return the default NaN if any input is a NaN (regardless of
the default NaN mode), so turn the default NaN mode, canonicalize, then
reset it.
Bug: v8:10835
Change-Id: Ia83c9fbcbc2070029f35bbd07cbb4abf857b594d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2416399
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70005}
Implement f32x4 and f64x2 nearest, trunc, ceil, and floor for arm and
arm64. arm implementation will check for ARMv8 support, and bail out to
runtime call if not supported.
Bug: v8:10906
Change-Id: Ia473f63de3717d02d4cea2fc888befb3681e20aa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2415769
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70004}
This will allow minimorphic ICs the best chance of succeeding as they
only check the first FLAG_max_minimorphic_map_checks maps in the
feedback vector.
Bug: v8:10582
Change-Id: I1c78dcc8b6f7072b2563fdc8bf69b349a99c4bb5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2400340
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70003}
Change-Id: Ibd414806c5f8688486fec169d523876d0ef74c8f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2415047
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70002}
Changes:
- Rename IsSignatureEqual -> MatchesSignature for consistency
- Add WasmInstanceObject field to WasmTableObject.
- Improve some error messages related to tables in
function-body-decoder-impl.h.
- Introduce WasmTable::IsValidTableType. Use it wherever appropriate.
- Overload equality operators in HeapType to work with
HeapType::Representation.
- Rename DynamicTypeCheckRef -> TypecheckJSObject.
- Handle WasmCapiFunctions in TypecheckJSObject.
- Use TypecheckJSObject in WasmTableObject::IsValidElement.
- A few more minor improvements.
Bug: v8:9495
Change-Id: I2867dd3486d7c31717ac26b87a50e15cf2b898be
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2416491
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70001}
This reverts commit 8b60d8fcbf.
Reason for revert: Flaky on windows: https://ci.chromium.org/p/v8/builders/ci/V8%20Win32%20-%20debug/27302
Original change's description:
> Reland "[cpu-profiler] Log OSR code when starting the profiler"
>
> This is a reland of f696528189
>
> Updated the test:
> 1. Set profiling interval to 100us to get 10x the samples
> 2. Guarantee we spend at least 1ms per iteration, instead of only
> bailing out if we spend more than 1ms. This gives us enough samples on
> release mode.
> 3. Increase the time spent profiling optimized code by 50% to make sure
> we have a big enough difference.
>
> With 1000 iterations I didn't see any flakes locally so this looks solid
> now.
>
> Original change's description:
> > [cpu-profiler] Log OSR code when starting the profiler
> >
> > OSR code doesn't hang off any JSFunction or SFI, so we missed it when
> > starting up the profiler. This meant we didn't properly attribute
> > ticks to SFI code. The ticks ended up going to the caller instead.
> >
> > There is a weak cache of OSR code per native context, so iterate that
> > on profiler startup and log all the code objects.
> >
> > Change-Id: I2e9738b86a488b37f36ac89803561607dc76f745
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2414216
> > Commit-Queue: Peter Marshall <petermarshall@chromium.org>
> > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> > Reviewed-by: Mythri Alle <mythria@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#69964}
>
> Change-Id: Ib506e88b546008e462967259763bbf985b74b462
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2418092
> Commit-Queue: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Mythri Alle <mythria@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#69990}
TBR=mythria@chromium.org,petermarshall@chromium.org,dinfuehr@chromium.org
Change-Id: Ie3272c4fd297ca6f10a47c3fe8826e226a9f0545
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2418714
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69999}
GCs should reset memory pressure back to none on GC. Especially with
background threads calling MemoryPressureNotification to start a
collection.
Bug: v8:10315
Change-Id: I4dbda71e8434eb7949c0f9b978662b32910133cc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2418400
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69996}
Typically we'll parse a single declaration when parsing variable declarations.
Using on-stack storage rather than std::vector that requires malloc is much
more efficient.
Change-Id: Id99515bb4ce7ea2dae46498f8f9f9d49c33c7353
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2418393
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69995}
Keep TSAN happy by locking the string table NumberOfElements read (only
on heap counters and in the startup serializer), which can be modified
by background threads that add elements.
Bug: v8:10928
Change-Id: I411af5f9642b0cafce291344d26351ff18d2301e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2418392
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69994}
This reverts commit af5f437cd9.
Reason for revert: Seems to break TSAN - https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/33286?
Original change's description:
> [heap] Fix tracking of code pages for V8 stack unwinder
>
> When a compaction space allocates a new code page, that pages needs to
> be added to the Isolate::code_pages_ array used for stack unwinding.
> Since the array is owned by the main thread, compaction thread cannot
> directly modify it. Because of that code pages are added upon merging
> of the compaction space to the main spage in MergeLocalSpace.
>
> The bug was that all code pages coming from the compaction space
> were added to the code_pages_ array. However, some of the pages are
> not newly allocated but merely borrowed from the main space.
>
> This CL introduces a new page flag for marking pages that are borrowed
> during compaction and skips them in MergeLocalSpace.
>
> Bug: v8:10900
> Change-Id: I786dc5747bd7c785ae58dfd8b841c00774efb15e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2416500
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#69992}
TBR=ulan@chromium.org,jkummerow@chromium.org,dinfuehr@chromium.org
Change-Id: I13f8b64014750af95423166152dc9bee8cec12d0
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10900
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2418395
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69993}
When a compaction space allocates a new code page, that pages needs to
be added to the Isolate::code_pages_ array used for stack unwinding.
Since the array is owned by the main thread, compaction thread cannot
directly modify it. Because of that code pages are added upon merging
of the compaction space to the main spage in MergeLocalSpace.
The bug was that all code pages coming from the compaction space
were added to the code_pages_ array. However, some of the pages are
not newly allocated but merely borrowed from the main space.
This CL introduces a new page flag for marking pages that are borrowed
during compaction and skips them in MergeLocalSpace.
Bug: v8:10900
Change-Id: I786dc5747bd7c785ae58dfd8b841c00774efb15e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2416500
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69992}
Instead of iterating over the pair of map and handlers twice -- once
to extract them into a vector, second to process them from the vector
-- combine the two passes into one.
Bug: v8:10582
Change-Id: I4c238b494789ae270798f33302b94b1ec02c7fc8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2400338
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69991}
This is a reland of f696528189
Updated the test:
1. Set profiling interval to 100us to get 10x the samples
2. Guarantee we spend at least 1ms per iteration, instead of only
bailing out if we spend more than 1ms. This gives us enough samples on
release mode.
3. Increase the time spent profiling optimized code by 50% to make sure
we have a big enough difference.
With 1000 iterations I didn't see any flakes locally so this looks solid
now.
Original change's description:
> [cpu-profiler] Log OSR code when starting the profiler
>
> OSR code doesn't hang off any JSFunction or SFI, so we missed it when
> starting up the profiler. This meant we didn't properly attribute
> ticks to SFI code. The ticks ended up going to the caller instead.
>
> There is a weak cache of OSR code per native context, so iterate that
> on profiler startup and log all the code objects.
>
> Change-Id: I2e9738b86a488b37f36ac89803561607dc76f745
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2414216
> Commit-Queue: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Mythri Alle <mythria@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#69964}
Change-Id: Ib506e88b546008e462967259763bbf985b74b462
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2418092
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69990}
This reverts commit 1aa9ab7384.
The reverted CL chain had an issue where ThinStrings could accidentally
end up in compilation artifacts, causing issues down the line with ICs
that expected direct internalized strings.
The reason for this bug was that forward references to internalized
strings were resolved before PostProcessNewObject. When this happened,
the internalized string A would be written to the field where it was
previously deferred, then PostProcessNewObject would change string A to
string A', and update string A to a ThinString. This means any _future_
back references to A would see the ThinString and follow it to receive
A', but any _past_ forward references would keep pointing to the
ThinString A.
This reland fixes this by preventing InternalizedString deferral, so
that all references to InternalizedStrings are back references. It also
adds some additional verification to the heap verifier that constant
pools and object boilerplate descriptors aren't allowed to hold thin
strings.
This patch also fixes an additional bug in the original CL, where weak
forward refs weren't being serialized with a weak prefix.
Original change's description:
> Revert recent de/serializer related changes
>
> They are suspected to be causing Canary crashes, confirmed through
> local reverts and repro attempts.
>
> This reverts:
> - "Reland "[serializer] Change deferring to use forward refs""
> commit 76d684cc82.
> - "Reland "[serializer] Remove new space""
> commit 81231c23a9.
> - "[serializer] Clean-up and de-macro ReadDataCase"
> commit c06d24b915.
> - "[serializer] DCHECK deserializer allocations are initialized"
> commit fbc1f32d8e.
>
> Bug: chromium:1128872
> Change-Id: Id2bb3b8fac526fdf9ffb033222ae08cd423f8238
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2414220
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#69955}
Tbr: jgruber@chromium.org,dinfuehr@chromium.org
Bug: chromium:1075999
Bug: chromium:1127610
Bug: chromium:1128848
Bug: chromium:1128872
Bug: chromium:1128957
Change-Id: I8b7bbabf77eb8cb942a28316afbfaa5f9a0aa4cb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2418101
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69988}
The new helper function allows us to write tests for log parsing
without the need of first generating a log file.
This makes it easier guard against errors when the log format changes.
- add d8.log.getAndStop helper
- add basic log test
- fix test that regresses due to changed gc timing
Bug: v8:10668
Change-Id: Ie57171fa98fe90428b89c26289d55fcbf2a70615
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2403245
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69987}
... to "V8 Linux64 TSAN - stress-incremental-marking" since it runs
with --stress-incremental-marking (and concurrent marking is on by
default anyways).
No-Try: true
Change-Id: I4660151cde2fb9e873cc046c1baf6578ab835eb7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2416385
Commit-Queue: Georg Neis <neis@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69983}