Now that TurboProp doesn't have an earlier interupt budget, we
should no longer be scaling the number of ticks required to
OSR to TurboProp.
BUG=v8:9684
Change-Id: Ie4d41e75df697e36e7fbc3f7bc8a8d0f24f6743a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3014462
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75647}
This is a reland of 819c3ae2f8
Original change's description:
> Reland "Reland "Improve error messages for property access on null/undefined""
>
> This is a reland of 8b18c5e6a5
>
> Original change's description:
> > Reland "Improve error messages for property access on null/undefined"
> >
> > This is a reland of 24c626c1f7
> >
> > Original change's description:
> > > Improve error messages for property access on null/undefined
> > >
> > > Only print the property name when accessing null/undefined if we can
> > > convert it to a string without causing side effects.
> > > If we can't, omit the property name in the error message.
> > > This should avoid confusion when the key is an object with toString().
> > > E.g. undefined[{toString:()=>'a'}] doesn't print 'read property [object
> > > Object]' anymore, which was misleading since the property accessed would
> > > be 'a', but we can't evaluate the key without side effects.
> > >
> > > Bug: v8:11365
> > > Change-Id: If82d1adb42561d4851e2bd2ca297a1c71738aee8
> > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2960211
> > > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> > > Commit-Queue: Patrick Thier <pthier@chromium.org>
> > > Cr-Commit-Position: refs/heads/master@{#75250}
> >
> > Bug: v8:11365
> > Change-Id: Ie2312337f4f1915faa31528a728d90833d80dbd1
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2979599
> > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> > Commit-Queue: Patrick Thier <pthier@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#75571}
>
> Bug: v8:11365
> Change-Id: I90360641ecd870bd93247aa6d91dfb0ad049cfb8
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3008219
> Auto-Submit: Patrick Thier <pthier@chromium.org>
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75604}
Bug: v8:11365
Change-Id: I002b537144f328ccbbdcd655e26e5dc87c49c6f5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3013935
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75645}
Most register and immediate inputs are 5 bits long and 0x1f is used
as mask. Some immediates are byte sized in which case 0xff had to
be used.
Change-Id: Id7568732db9141743c839a2d1d21a27983547aba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3009811
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#75644}
This is a reland of 8d3c809349 to make
UBsan happy: memcopy (and therefore MemCopy) seems to expect a non-null
src even when the given size is 0, so avoid calling it in that case.
Original change's description:
> [factory] Make NewByteArray return canonical empty byte array
>
> ... for length = 0, analogously to what e.g. NewFixedArray does.
>
> Simplify some call sites that had special handling for this case
> (there are others that didn't).
>
> Change-Id: Ib3de5506300e967aca072fad53df7ab04ef68839
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3009225
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75629}
Change-Id: Ib8dc471d63a4b11b846e9d436555a3615902b66f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3014456
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75642}
The stack overflow used to occur when too many bound functions
are nested. The CL also adds a regression test.
Bug: chromium:1226264
Change-Id: I34329d8392d2385207dbd9a8d3188ad4f7cb3c2d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3011161
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75640}
Setting promise hooks after running some promise-related code has hard
to control side-effects that make correctness fuzzing difficult.
Certain Promise functions are optimized and avoid creating intermediate
Promises. Dynamically enabled Promise hooks combined with --force-slow-path,
which would cause us to always create those intermediate Promises, will
get us very differet callbacks if the hooks are enabled half-way.
The exepected usage pattern is to only use setHooks if there are no
pending promises, something that cannot be guaranteed for fuzzing.
Bug: chromium:1202465
Change-Id: Ifa96f2db9c441b6f5da696b88a1c087160ec8eeb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3013355
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75637}
The JSCallWithArraylike can be replaced with a JSCall if its probable arguments list is empty literal array. This replacement will introduce a deoptimization check to make sure the length of arguments list is 0 at runtime.
This CL change this optimization to a diamond speculation which may help avoid deoptimization once and keep the fast path. This change may benefit a following usecase,
function calcMax(testArray) {
Array.max = function(array) {
return Math.max.apply(Math, array);
};
var result = [];
for (var i = 0; i < testArray.length - 3; i++) {
var positiveNumbers = [];
for (var j = 0; j < 3; j++) {
if (testArray[i + j] > 0) {
positiveNumbers.push(testArray[i + j]);
}
}
result.push(Array.max(positiveNumbers));
}
return result;
}
testArray = [-1, 2, 3, -4, -5, -6, -7, -8, -9, 10];
for (var i = 0; i < 1000000; i++) {
calcMax(testArray);
}
Bug: v8:9974
Change-Id: I595627e2fd937527350c8f8652d701c791b41dd3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2967757
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75636}
If we underestimate the size of the assembler buffer when compiling
directly on the GC heap, we fallback to off-heap compilation and
the Code object is incomplete in the memory.
We know a Code object is incomplete when its relocation_info is
undefined.
Bug: v8:11872
Change-Id: I282fd442e0bf227d9d2cca5a47b3139030f5d64e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3013937
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75634}
Add an option to use Liftoff instead of the interpreter as the reference
tier for fuzzing. The tier to use is chosen based on the input data
before generating the module. This way, the module can use features
depending on what is available in the reference tier, and we still get a
chance to find correctness issues that would only be detected by the
interpreter.
R=clemensb@chromium.org
Bug: v8:11856
Change-Id: I2e9878345355a37caec5fdb338dda42a84e8e63a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3008645
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75633}
Trap handling is not implemented yet for memory64. Make sure that no
code tries to use it, by setting {NativeModule::bounds_checks_}
accordingly.
This requires some changes to tests to make sure that the
{WasmModule::is_memory64} field is set before creating the corresponding
{NativeModule}.
R=ahaas@chromium.org
Bug: v8:10949
Change-Id: I11d9544b603fc471e3368bb4e7487da4711293a0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3011167
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75632}
This reverts commit 8d3c809349.
Reason for revert: Fails on UBSan (nullptr on memcpy): https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20UBSan/17246/overview
Original change's description:
> [factory] Make NewByteArray return canonical empty byte array
>
> ... for length = 0, analogously to what e.g. NewFixedArray does.
>
> Simplify some call sites that had special handling for this case
> (there are others that didn't).
>
> Change-Id: Ib3de5506300e967aca072fad53df7ab04ef68839
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3009225
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75629}
Change-Id: I0cb1667b98a2f9285706c2623671d532419d1395
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3013358
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75631}
... for length = 0, analogously to what e.g. NewFixedArray does.
Simplify some call sites that had special handling for this case
(there are others that didn't).
Change-Id: Ib3de5506300e967aca072fad53df7ab04ef68839
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3009225
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75629}
This is a reland of 036e578314.
Key JSBoundFunctionRef methods have been changed to return an optional
type, replacing the bogus always-true serialized() method.
Original change's description:
> [compiler] Make JSDataViewRef and JSBoundFunctionRef bg-serialized
>
> ... but keep/make subclass-specific methods do direct reads.
>
> Bug: v8:7790
> Change-Id: Ia4b9d207ce75cf28f6f0f33027ab05e27db49ce9
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2959621
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75457}
Bug: v8:11960, v8:7790
Change-Id: I1f29283b2fb6e5fe3644e2f4e33341fce2641775
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3013313
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75628}
The first CL https://chromium-review.googlesource.com/c/v8/v8/+/3010281
had a small mistake: the GC predicate alone doesn't yet guarantee that
Ref creation will succeed (due to JSFunction still being fg-serialized).
Bug: chromium:1227279, v8:11957, v8:7790
Change-Id: I81772baa66e0f778b92a03ea7941a199d92d4857
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3013353
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75627}
This reverts commit 819c3ae2f8.
Reason for revert: Sorry Patrick, still failing on some layout tests :( https://test-results.appspot.com/data/layout_results/mac-rel/726365/blink_web_tests%20%28retry%20shards%20with%20patch%29/layout-test-results/results.html
Original change's description:
> Reland "Reland "Improve error messages for property access on null/undefined""
>
> This is a reland of 8b18c5e6a5
>
> Original change's description:
> > Reland "Improve error messages for property access on null/undefined"
> >
> > This is a reland of 24c626c1f7
> >
> > Original change's description:
> > > Improve error messages for property access on null/undefined
> > >
> > > Only print the property name when accessing null/undefined if we can
> > > convert it to a string without causing side effects.
> > > If we can't, omit the property name in the error message.
> > > This should avoid confusion when the key is an object with toString().
> > > E.g. undefined[{toString:()=>'a'}] doesn't print 'read property [object
> > > Object]' anymore, which was misleading since the property accessed would
> > > be 'a', but we can't evaluate the key without side effects.
> > >
> > > Bug: v8:11365
> > > Change-Id: If82d1adb42561d4851e2bd2ca297a1c71738aee8
> > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2960211
> > > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> > > Commit-Queue: Patrick Thier <pthier@chromium.org>
> > > Cr-Commit-Position: refs/heads/master@{#75250}
> >
> > Bug: v8:11365
> > Change-Id: Ie2312337f4f1915faa31528a728d90833d80dbd1
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2979599
> > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> > Commit-Queue: Patrick Thier <pthier@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#75571}
>
> Bug: v8:11365
> Change-Id: I90360641ecd870bd93247aa6d91dfb0ad049cfb8
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3008219
> Auto-Submit: Patrick Thier <pthier@chromium.org>
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75604}
Bug: v8:11365
Change-Id: I7d7c0f201288384c2aa38a51418b582a64213ae0
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3013352
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75626}
According to go/kqovk, the builder name should be '(reclient)' instead
of '- reclient'.
Bug: chromium:1222951
Change-Id: I22e119d50fd48103f195bb03bc3ccc584a596e57
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3012340
Auto-Submit: Yoshisato Yanagisawa <yyanagisawa@chromium.org>
Commit-Queue: Liviu Rau <liviurau@chromium.org>
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75625}
Rolling v8/build: 8969ad2..dc699aa
Rolling v8/buildtools: fd3f3c1..2500c1d
Rolling v8/buildtools/third_party/libc++/trunk: 8fa8794..79a2e92
Rolling v8/buildtools/third_party/libc++abi/trunk: d87a06d..cb34896
Rolling v8/tools/clang: ccc7ba2..293314a
Rolling v8/tools/luci-go: git_revision:3501536c6f762461d322d6694711bb384ffce6f2..git_revision:6808332cfd84a07aeefa906674273fc762510c8c
Rolling v8/tools/luci-go: git_revision:3501536c6f762461d322d6694711bb384ffce6f2..git_revision:6808332cfd84a07aeefa906674273fc762510c8c
Rolling v8/tools/luci-go: git_revision:3501536c6f762461d322d6694711bb384ffce6f2..git_revision:6808332cfd84a07aeefa906674273fc762510c8c
TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com
Change-Id: I9e62582c0f092257334fe50e998baa7aeb7c46ec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3010323
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75623}
- Allows for differentiating committed and physical (resident) size on
a page. This change merely adjusts the API surface and does not
implement resident set size tracking.
- Add object types on page level as well which helps diagnosing almost
empty pages.
Bug: chromium:1056170
Change-Id: I64c69dc55873a0ce97d2064356bfcd957e10cbf9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3011164
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75621}
This makes jco on gdb behave the same as jco on lldb.
Bug: v8:11879
Change-Id: Id6a338878d518984986d2b719588966ee09de3c6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3000956
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75620}
We had some (dead) logic to create different parameter values pending on
the position of the parameter. As it was not used any more, it got
removed in https://crrev.com/c/3003464.
This CL changes the existing logic for creating default parameter values
to use a similar logic, which matches what --wasm-fuzzer-gen-test
creates and has a slightly higher chance of triggering interesting
behaviour.
R=ahaas@chromium.org
Change-Id: Ibb4394c1978f25d70166a03002e084211bfe7e1e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3003465
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75619}
A few fixes are applied in this CL:
1- Instructions which use UIM in V8 only use bits 16 to 19 inclusive.
2- get_simd_register is set to return a reference and not a copy.
3- On vector extract and insert instructions, UIM could be used
to select specific bytes as starting point which may not reflect a lane.
Vector splat uses UIM as a lane selector which remains
unchanged in this CL.
Change-Id: Ieb43afb977dac11d3ea10a2f265c2823f64457e3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3011166
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#75618}
This is a reland of 1532f8ff92
Changes since revert:
- Fix race in initialization
Original change's description:
> [heap] Tie process-wide CodeRange lifetime to any remaining Heaps
>
> Currently the process-wide CodeRange, once created, lives until process
> shutdown. This CL changes it to be alive as long as there is a Heap,
> when the last Heap is gone it gets destroyed and will be recreated the
> next time a Heap is created. This behavior is shared with
> SingleCopyReadOnlyArtifacts.
>
> Bug: v8:11929
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2989103
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75522}
Bug: v8:11929
Change-Id: If250d8901044bcba1f7d7f797b398c29cc2c5a61
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3003910
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75616}
The bugfix yesterday missed a case (CL
758816f438).
A better approach is to compute the ideal representation of the
value, then check if it can be in-place changed to the
recorded representation.
Bug: chromium:1226988, v8:7790
Change-Id: I90e58b8efb83892c033693a1a0f946b3059a330c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3011162
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75615}
Behind a new --experimental-wasm-nn-locals flag.
The checking policy implemented here is that locals count as
initialized until the end of the current control structure,
as described here:
https://github.com/WebAssembly/function-references/issues/44#issuecomment-801977331
Bug: v8:7748
Change-Id: I954fdf1b4e02ed4b45ef61b8379b7c0bbe802400
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3010283
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75613}
... by recording dependencies not based on whether the caller
remembered to pass non-null CompilationDependencies* but on whether
the method is called in serialization mode or not.
Bug: v8:7790
Change-Id: I841fe8fab57e94fff03dc3ce8dc8a02c49677560
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3009223
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75610}
We can't create Refs inside a DisallowGarbageCollection scope since
the MapData constructor uses a parking mutex (which may park the local
heap and let GC run).
Bug: v8:11957, v8:7790
Change-Id: I300b76a15f0f63514ca049f78099e1e6125a6569
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3010281
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75609}
This CL implements GC in a shared heap. A shared GC is started from
an attached client isolate that fails to allocate a shared object. In
order to perform a shared GC all other running client isolates need
to be stopped and their roots need to be scanned.
Bug: v8:11708
Change-Id: I45ac50e6b4a1e9270f9e39b69f9b8ee5e6e14134
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2964816
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75606}
This is still incomplete, but already able to pass all tests on x64.
Sparkplug (on pointer compression) only generates two relocation types:
FULL_EMBEDDED_OBJECT and RUNTIME_ENTRY.
Bug: v8:11872
Change-Id: I6aefbbc9690511a06b2a4a942c48fef85d536bef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3009221
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75605}
This is a reland of 8b18c5e6a5
Original change's description:
> Reland "Improve error messages for property access on null/undefined"
>
> This is a reland of 24c626c1f7
>
> Original change's description:
> > Improve error messages for property access on null/undefined
> >
> > Only print the property name when accessing null/undefined if we can
> > convert it to a string without causing side effects.
> > If we can't, omit the property name in the error message.
> > This should avoid confusion when the key is an object with toString().
> > E.g. undefined[{toString:()=>'a'}] doesn't print 'read property [object
> > Object]' anymore, which was misleading since the property accessed would
> > be 'a', but we can't evaluate the key without side effects.
> >
> > Bug: v8:11365
> > Change-Id: If82d1adb42561d4851e2bd2ca297a1c71738aee8
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2960211
> > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> > Commit-Queue: Patrick Thier <pthier@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#75250}
>
> Bug: v8:11365
> Change-Id: Ie2312337f4f1915faa31528a728d90833d80dbd1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2979599
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Patrick Thier <pthier@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75571}
Bug: v8:11365
Change-Id: I90360641ecd870bd93247aa6d91dfb0ad049cfb8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3008219
Auto-Submit: Patrick Thier <pthier@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75604}
We did not handle conflicts between regular register moves and the
cached instance / cached memory start correctly. This could lead to us
overwriting a regular register when restoring the cached instance, which
results in either crashes or miscalculations afterwards.
R=ahaas@chromium.org
Bug: chromium:1217064
Change-Id: Icd4b08b97a47726108a50d51b3a7ba410d132f98
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3003158
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75602}
The {TestingModuleBuilder} had separate logic to compute the bounds
checking strategy. This can lead to compiled code that does not match
the bounds checking strategy stored in the NativeModule. Hence, tests
should use {NativeModule::bounds_checks_} for initializing their
compilation environment.
R=ahaas@chromium.org
Change-Id: I366c2ea5d06062273fa21e388871fc1adab54fef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3009222
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75601}
To avoid external-reference.cc having to depend on code-assembler.h,
this moves ObjectType and CheckObjectType into a separate
objects/object-type.h/.cc.
Bug: v8:11879
Change-Id: Ia086b37f72c330eefef2ce4d35cdf31d2a0ebe62
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3009220
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75599}
