Instead of doing multiple separate checks with branches, turn the
name check into a single range check.
This means that the symbols and strings for properties than can
invalidate protectors need to be allocated consecutively in memory.
Change-Id: Id3a2003534bab5ecf83393a60167f779d636fc4b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695360
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81185}
This can happen in concurrent compilation, we should fall back to
generic LoadGlobal when it's the case.
Drive-by refactor the property cell load builder to return false on
failure.
Bug: v8:7700
Change-Id: Iad3fc4bc794e4ec8c4061f2dce1561c15593e215
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3706616
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81183}
The CL fixes PMF regressions that happend after increasing
the AgeTable size.
Bug: chromium:1336529
Change-Id: If1f099b43bfcb3a8c7dd4a1c229fcb08735eb744
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3707098
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81180}
This CL explicitly disables the --freeze-flags-after-init flag for cases
where we modify flags after initialization. This is only tests, fuzzers,
and special options to d8, thus not security relevant.
These should be the last blockers for enabling the flag globally.
R=cbruni@chromium.org
Bug: v8:12887
Change-Id: I1d8a03dcc20e524d30c967f6fe15f6401de77612
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3706619
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81179}
Flags need to be set before initializing V8.
R=cbruni@chromium.org
Bug: v8:12887
Change-Id: Idb815a6a85ccb86c79d826da487a7bbc6fab7d1a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3707096
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81178}
Now that the cage is shared, its metadata must be thread-safe.
Bug: chromium:1336529
Change-Id: I0650462d1faf171fc3325808ca45ebe044e91f45
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3707097
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81176}
It should be V8_TARGET_OS_ANDROID instead of V8_OS_ANDROID.
Bug: chromium:1218005
Change-Id: I4b92977c5d8b70ca5023e30a966508965ea9f0fe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3706618
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81175}
We may want to access their deopt checkpoint to create a tagged value
during merging.
Bug: v8:7700
Change-Id: I0f81e3ea5e871b775e1509044fa1d1f7bb70db4e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3706617
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81174}
--no-use-map-space should now be fixed, it is already enabled with
--future.
Bug: v8:12578, chromium:1317880
Change-Id: I9ea10dfaebf7b17cb1c953e272bc3358932a10b5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3702232
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81173}
We are always passing a valid buffer to WasmMemoryObject::New, hence
make it a Handle instead of MaybeHandle, and remove the code to allocate
an empty buffer if none was passed.
R=ahaas@chromium.org
Bug: v8:10949
Change-Id: Ic10dfda741773a8f3d3895f81a83048cfe0eb293
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3702805
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81172}
This is a reland of commit dac6155649
This is a straight-up reland with no changes, because:
1) The failure doesn't reproduce locally
2) The failing flaky test that triggered the revert is not related
to the code modified by this CL and should (in theory) not be
impacted.
Original change's description:
> [inspector] Allow Debugger.setScriptSource to edit top-most function
>
> This CL adds a new boolean flag on the Debugger.setScriptSource CDP
> method that gets piped all the way through to the live-edit mechanism.
> The new flag enables live-editing of the top-most function while
> paused.
>
> The CL adds a couple of tests that cover the new core use cases for
> this flag.
>
> R=jarin@chromium.org
>
> Bug: chromium:1334484
> Change-Id: I12fec591b2b6550d89748714620e629548e1b9c1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695354
> Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81127}
Bug: chromium:1334484
Change-Id: I9a9bf7e03d81c86adb4819b9756dd9afcf6fa021
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3706398
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81171}
... which alone requires up to 12 KB of stack space.
Bug: chromium:1327833
Change-Id: I6a565fdc590f89804b1207eeddd23400dd6f9553
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3702807
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81170}
This class is just dead code.
Bug: v8:12926
Change-Id: Ic780c0b1bf5b1e517aa919b820fad4ec083d9ef7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3689581
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81169}
CreateJob() is similar to PostJob() but doesn't schedule anything
until Join() or Notify*() is called.
This allows
- CreateJob().Join() without too many worker.
- Early 'empty' CreateJob() for initialization
without causing spurious calls to GetMaxConcurrency()
Bug: chromium:1287665
Change-Id: I8fd8b139392ad30218f0cf8f580b2d76f1078777
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3668842
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81166}
For FixedDoubleArrays that are not aligned on 8 bytes, the SIMD fast
path of array.IndexOf actually falls back on a scalar loop. Because of
how this loop was written, it was failing to see that 0.0 == -0.0.
Bug: chromium:1335445
Change-Id: Idf70fd3ed9950e5b2b7cc72bb2ebca6879b3a04e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3702803
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81163}
This fixes an ODR violation: the macro V8_TARGET_ARCH_ARM64 was only
visible when building V8, but not outside it. The CL implements a quick
fix that relies on compiler-based macros (__aarch64__). The proper fix
would be to make these target macros be part of the public config.
Bug: chromium:1336222
Change-Id: I46ba6c1a3cd1ac4fcd3aced60ee112e6098eba6c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3705540
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81162}
"Function:" and "LazyCompile:" are confusing by now and use up too
much space.# Enter a description of the change.
This also changes the function names visible when using linux-perf
Change-Id: Ib2d4b7df39068c27b5b06db578fc550d2973ebb4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3693705
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81161}
Shrink life range of worklists and add IsEmpty-CHECKs for them. Also
move some logic into its own method ProcessChunksWithEmptyBuckets.
Bug: chromium:1336158
Change-Id: Ia2f34c824f5b1c5d61391a1a1243a46881040de1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3704511
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81158}
This prevents accidental use for release branch merging, which
works but shouldn't.
Change-Id: I4db99bb721c935a8a1c7c44c1b4d909f44a8bf9c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3705382
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81157}
roll_merge_gerrit.py now loops, waiting for the merge to be submitted.
Once it is, it adds a tag with the version number.
Bug: v8:12849
Change-Id: I7c2765877efad2ccbe082b984642f5e989dc3c8a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3705379
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81150}
- removed some 'feature envy' instances:
- created a AugmentedOptions class to take care of non trivial option look-ups
- moved some calculation closer the the actual data
- promoted parameter that was passed around a lot (options) to filed in the offending class
- similar object creation looks a bit more similar
- CommandContext provides a wrapper that ensures resource de-allocation
- separate tests from standard and num_fuzz runners
- added a couple of more tests to improve coverage
This is still in flux. But further changes risk creating a disconnect between the original implementation and further refactorings.
Bug: v8:12785
Change-Id: I0ec2e9c6a81604a5cd1d4a80982dd3329c1b48db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3686411
Commit-Queue: Liviu Rau <liviurau@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81148}
The chromium.tests pool migrates to Windows 1909 (Windows-10-18363). We switch to the same version due to higher bot availability (for now).
Bug: chromium:1335886,chromium:1124829
Change-Id: I82177ad9a86b438a46747998b1fbd4108911d17b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3704498
Auto-Submit: Alexander Schulze <alexschulze@chromium.org>
Commit-Queue: Alexander Schulze <alexschulze@chromium.org>
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81146}
The CHECK was checking that we return the exception sentinel if an
exception is pending. The other way is actually equally important: If we
return the exception sentinel, a pending exception must be scheduled.
Since the CEntry stub assumes that all values returned from runtime
functions are valid tagged values (pointing into the JS heap), do also
check that. This check would have prevented the linked issue.
Bug: chromium:1311960
R=jkummerow@chromium.org
CC=cbruni@chromium.org
Change-Id: I833d2968529e3b73f3009e0104b46182197c2d23
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3675098
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81145}
The names we returned in WasmOpcodes::OpcodeName(...) for Atomics opcodes
did not match the spec. This patch fixes that.
This matters in particular when we want to provide disassembly of
modules.
Bug: v8:6532
Change-Id: Ia8791feee617b75d598ad373bafba7da5687f523
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3704496
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81142}
Asynchronous WebAssembly compilation returns the compilation result
through resolving a result promise. So far the result promise was
resolved through V8-internal APIs. This caused problems, because
resolving promises requires correct handling of microtasks, and
microtasks are controlled by the embedder, and not by V8.
This CL adds an API to allow the embedder to resolve the result
promise itself, and handle microtasks as necessary.
The use of the new API is available in a full CL, without API dance:
https://chromium-review.googlesource.com/c/v8/v8/+/3694975R=cbruni@chromium.org
Bug: v8:12953
Change-Id: Ie9a56041f2d3e0c46664f1938e995f1e2c22f981
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695584
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81141}
rep stos appears to be much slower for small stacks. Use pushq instead,
in a loop, unrolled to push eight at a time.
Bug: v8:7700
Change-Id: Ieddf52ed514cb86f5c1dd7b159cc9a1a1c440103
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3702440
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81140}
We already make code pages writable & executable for concurrent
Sparkplug. We can use the same mechanism for sweeping of code pages on
the background thread, instead of scheduling incremental tasks on the
main thread. This allows us to remove almost all special
handling for code pages in the sweeper and allows us to off-load more
work from the main thread.
Bug: v8:12967
Change-Id: Idb8e9f8e2eadbec26a386f2de683a80087f671f3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695557
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81139}
