This CL temporarily skips the fast-api-calls mjsunit test, as it
fails on GC stress bots for unrelated CLs (see
https://chromium-review.googlesource.com/c/v8/v8/+/2814740).
Change-Id: I884827a0a5fb030d676f9ded738f644cd4086ec6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2814564
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73877}
Use the newer method getBestMatchResult() and
makeResolvedLocale() to resolve the locale instead.
Bug: v8:11584
Change-Id: Ifbd7a9b0d05506d83c2603c301b4d9e4caf2d689
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2783662
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73876}
Rolling v8/build: 77edba1..0006b44
Rolling v8/third_party/aemu-linux-x64: SeLS6a0f6IL-PCOUKbMTN5LYgjjJbDSnb3DGf5q9pwsC..SCU6888HuyC5TF12MrqnyC2eTRFiqzg1KUCITYThpxIC
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/41a5e5e..868d5d0
Rolling v8/third_party/depot_tools: 98a52e2..1cabb17
Rolling v8/tools/clang: a387faa..3b0c35b
Rolling v8/tools/luci-go: git_revision:d6d24b11ecded4d89f3dfd1b2e5a0072a3d4ab15..git_revision:0f11e003d56071a19f4403570ebfdb8f197c2f87
Rolling v8/tools/luci-go: git_revision:d6d24b11ecded4d89f3dfd1b2e5a0072a3d4ab15..git_revision:0f11e003d56071a19f4403570ebfdb8f197c2f87
Rolling v8/tools/luci-go: git_revision:d6d24b11ecded4d89f3dfd1b2e5a0072a3d4ab15..git_revision:0f11e003d56071a19f4403570ebfdb8f197c2f87
TBR=v8-waterfall-sheriff@grotations.appspotmail.com
Change-Id: I84f879faeaf0ab23dd1ae37976dbb8e822a85c34
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2816303
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73875}
For consistency with the PtrComprCageBase struct and the upcoming
PtrComprCage.
Bug: v8:11460
Change-Id: I2e393331c36481ee911edeaf9fb3ff971cfdba83
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2787701
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73874}
Adds explicit tests that check that an object is marked as in
construction while running the constructor.
Bug: chromium:1056170
Change-Id: I7f7340832e1bc31cec98784c261ed86deb402e72
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2811238
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73869}
Implantation now includes using a combination of
multiplly even and odd flowed by a vector merge low or high.
vector merge instructions are also added to the simulator.
Change-Id: I144c5d07e5e6bd978788a70aacabd61463f93289
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2815562
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/master@{#73868}
input needs to be casted into the result type before
doing the multiplication.
Change-Id: I797e8d3586678508f35c51d7890ad0d31fc7f1ea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2815559
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#73867}
This is a reland of f41bc94b13
The remaining test failures where fixed.
Original change's description:
> Reland "[test] Extend testing on Mac on arm64"
>
> This is a reland of f187d0a13f
>
> The cctest breakage got fixed in the meantime.
>
> Original change's description:
> > [test] Extend testing on Mac on arm64
> >
> > Ensure more testing of --future for different test types on Mac.
> >
> > No-Try: true
> > Bug: v8:11527
> > Change-Id: Iac499dc48dde3342ad2057f86ef1ad5fa43b4eac
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2772981
> > Reviewed-by: Igor Sheludko <ishell@chromium.org>
> > Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#73514}
>
> No-Try: true
> Bug: v8:11527
> Change-Id: Ie82c69e652f84a7ac43436d28806e70f27aa3e72
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2807601
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73806}
No-Try: true
Bug: v8:11527
Change-Id: I6ca48bb0917d9bf2950302127d108d844bd6eebc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2814559
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73865}
Port 05265d8824
Original Commit Message:
This removes all wasm-related flags in no-wasm builds.
We could have made them read-only, but fully removing them actually
forces us to consider the no-wasm case at every use site, which often
hints at further cleanups.
R=clemensb@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N
Change-Id: Ib68968683023f602f2226f0fa8d7c26bcc04b170
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2814899
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#73864}
This reverts commit d5457f5fb7.
Reason for revert:
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20gc%20stress/32999
Original change's description:
> [api] JSFunction PromiseHook for v8::Context
>
> This will enable Node.js to get much better performance from async_hooks
> as currently PromiseHook delegates to C++ for the hook function and then
> Node.js delegates it right back to JavaScript, introducing several
> unnecessary barrier hops in code that gets called very, very frequently
> in modern, promise-heavy applications.
>
> This API mirrors the form of the original C++ function based PromiseHook
> API, however it is intentionally separate to allow it to use JSFunctions
> triggered within generated code to, as much as possible, avoid entering
> runtime functions entirely.
>
> Because PromiseHook has internal use also, beyond just the Node.js use,
> I have opted to leave the existing API intact and keep this separate to
> avoid conflicting with any possible behaviour expectations of other API
> users.
>
> The design ideas for this new API stemmed from discussion with some V8
> team members at a previous Node.js Diagnostics Summit hosted by Google
> in Munich, and the relevant documentation of the discussion can be found
> here: https://docs.google.com/document/d/1g8OrG5lMIUhRn1zbkutgY83MiTSMx-0NHDs8Bf-nXxM/edit#heading=h.w1bavzz80l1e
>
> A summary of the reasons for why this new design is important can be
> found here: https://docs.google.com/document/d/1vtgoT4_kjgOr-Bl605HR2T6_SC-C8uWzYaOPDK5pmRo/edit?usp=sharing
>
> Bug: v8:11025
> Change-Id: I0b403b00c37d3020b5af07b654b860659d3a7697
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2759188
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Anton Bikineev <bikineev@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73858}
Bug: v8:11025
Change-Id: Ie7345c4505f39c973f9f0dbca745b591cff63f3f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2814740
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73862}
Flushing of the builtins code needs to happen while the code pages
are writeable.
Bug: 889460, v8:11619
Change-Id: Iaff40d66f3f1bd36ec0f3017684e236f9e4b773e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2810786
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73861}
There are fives bytes total which are expected to be different from
zero. We were only handling one of them when checking random positions
in the array. This was leading to random failures.
R=manoskouk@chromium.org
Bug: v8:11621
Change-Id: Iac231d8b35fcbfbbc837c8e9134401cb8a2519ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2810783
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73860}
This will enable Node.js to get much better performance from async_hooks
as currently PromiseHook delegates to C++ for the hook function and then
Node.js delegates it right back to JavaScript, introducing several
unnecessary barrier hops in code that gets called very, very frequently
in modern, promise-heavy applications.
This API mirrors the form of the original C++ function based PromiseHook
API, however it is intentionally separate to allow it to use JSFunctions
triggered within generated code to, as much as possible, avoid entering
runtime functions entirely.
Because PromiseHook has internal use also, beyond just the Node.js use,
I have opted to leave the existing API intact and keep this separate to
avoid conflicting with any possible behaviour expectations of other API
users.
The design ideas for this new API stemmed from discussion with some V8
team members at a previous Node.js Diagnostics Summit hosted by Google
in Munich, and the relevant documentation of the discussion can be found
here: https://docs.google.com/document/d/1g8OrG5lMIUhRn1zbkutgY83MiTSMx-0NHDs8Bf-nXxM/edit#heading=h.w1bavzz80l1e
A summary of the reasons for why this new design is important can be
found here: https://docs.google.com/document/d/1vtgoT4_kjgOr-Bl605HR2T6_SC-C8uWzYaOPDK5pmRo/edit?usp=sharing
Bug: v8:11025
Change-Id: I0b403b00c37d3020b5af07b654b860659d3a7697
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2759188
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73858}
The test doesn't fail anymore after it was updated to check platforms
with page size > 4096:
402806e87f
("[cppgc][unittests] Only expect guard pages support on 4k platforms.")
R=jkummerow@chromium.org
Bug: v8:11587
Change-Id: I6be93e9561b9db0d0f948c5e12fea6a067eb0a76
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2813538
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73857}
The only valid way to define a GCed type T is by inheriting from
GarbageCollected<T>. Since this is prone to typos (see tests), add a
simple check that covers most interesting use cases.
The static assert covers
A -> B -> GarbageCollected<C>
The static assert does not cover
A -> B -> C -> GarbageCollected<B>
(In order to do so, we would need __direct_bases() support which is
not yet available for C++.)
Bug: pdfium:1670, chromium:1056170
Change-Id: I494de48992f8ba9a1f0f9daad60584d828717403
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2810415
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73854}
This is a reland of f645d0b857
The issue was that converting an i64 to an i32 didn't clear the upper
bits on arm64. This was not necessary before because we did the zero
extension as part of the load operand, but this is required now that
we use the full register.
Original change's description:
> [liftoff][arm64] Use 64 bit offset reg in mem op
>
> Accessing the Wasm memory with a 64 bit offset was truncated to 32 bit,
> which is fine if we check bounds first, but not if we rely on the
> trap handler to catch the OOB.
>
> R=clemensb@chromium.org
>
> Bug: v8:11587
> Change-Id: I82a3a2906e55d9d640c30e770a5c93532e3a442c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2808942
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73829}
Bug: v8:11587
Change-Id: Ibc182475745c6f697a0ba6d75c260b74ddf8fe52
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2810846
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73853}
This is part of moving towards MapUpdater as the bottleneck for map
updates.
Drive-by: Move helpers.
Drive-by: Use a plain std::queue instead of a ZoneQueue in
UpdateFieldType.
Bug: v8:7790
Change-Id: Iff80a6e9bf3390a010305f7998d6f6dad2bce09f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2807602
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73851}
This CL fixes a segfault when Wasm tried to generate a builtin call
from background compilation job when the Isolate was already teared
down by the main thread.
Drive-by: Use CallBuiltin in RegExpMacroAssemblerARM64.
Bug: v8:11527, chromium:1195552
Change-Id: I8048ffcb212bda4d19d07b5ec6b487d6fb16b30d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2811739
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73850}
Lookarounds rewind the position after matching, and thus don't play
well with eats_at_least (EAL). This CL disables EAL propagation from
lookarounds.
In the future we could be a bit smarter by skipping over lookarounds
instead of resetting to 0.
Bug: v8:11290
Change-Id: I935400a7f9cda96d9c5a80e412ba7d04de70a84f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2808944
Reviewed-by: Seth Brenith <seth.brenith@microsoft.com>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73849}
The eats_at_least (EAL) value is applied in forward-directions only.
Two reasons for that which are relevant to this CL:
- EAL's of neighboring nodes are combined additively, irrespective of
their read_backward value.
- EatsAtLeastPropagator::VisitText uses the successor's
eats_at_least_from_not_start value, which doesn't work properly for
read_backwards successors (which may end at the start).
A symptom of this bug was that we applied an incorrect EAL of 255
starting at the initial 'x' of /x(?<=^x{4})/); for subject strings
shorter than 255 chars, this would result in an incorrect failure
result.
Bug: v8:11616
Change-Id: I4b2b1b78f0cea8f59e4beb1037ee46035d83c927
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2807596
Reviewed-by: Seth Brenith <seth.brenith@microsoft.com>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73848}
Rolling v8/build: 52bfb9d..77edba1
Rolling v8/buildtools/third_party/libc++abi/trunk: a136a3b..d0f3388
Rolling v8/third_party/aemu-linux-x64: RQd3qSR12Rp6wgHjC31u-jwbITCfk3M-ZJyL6s1ju4sC..SeLS6a0f6IL-PCOUKbMTN5LYgjjJbDSnb3DGf5q9pwsC
Rolling v8/third_party/depot_tools: 3f562c0..98a52e2
Rolling v8/third_party/icu: d879aac..81d6568
Rolling v8/third_party/instrumented_libraries: 6900bf4..084aee0TBR=v8-waterfall-sheriff@grotations.appspotmail.com
Change-Id: I6c9e9ef51ca70bdab1bf6cd0b5d1c178177fb137
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2811464
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73847}
If SSE4.2 is enabled, all the previous extensions should also be
enabled. In particular, you cannot have --enable-sse4_1 and
--no-enable-sse3.
Bug: chromium:1195579
Change-Id: Id3e10db24cee2aee14449a77c9e7cff82e97edff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2808621
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73840}
This CL completes Jobs cleanup for deprecated and pure virtual functions in
v8 platform.
Bug: chromium:1196703
Change-Id: I823ab06b56077181e92eee5a6468096a355634fc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2810155
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73839}
Now that all users are migrated to Jobs API.
Bug: chromium:1196703
Change-Id: Ic48cce441c1793b1b33f0fc3d6a60847f2eefb2f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2810156
Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73838}
From PPC ABI:
>The condition code register fields CR0, CR1, CR5, CR6,
and CR7 are volatile. The condition code register fields
CR2, CR3, and CR4 are nonvolatile.
We can safely clear Cr field 6 without the need to save its
content first. Clearing the entire CR register will cause
crashes if it's not restored properly.
Change-Id: I854f5631294f56f542b1a6f4e23dd7dbcf000d7d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2810802
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#73837}
The inspector has some magic to add a special __proto__ property to
object value mirrors as long as the object itself has a [[Prototype]].
However it doesn't check whether the object already has a regular
property named __proto__ and thus confuses the front-end by sending two
properties with the same name.
Fixed: chromium:1193250
Change-Id: I75a1cd78ba94aeda4afedcc0f1e69b8dadb6673f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2810784
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73836}
This reverts commit f645d0b857.
Reason for revert:
https://ci.chromium.org/p/v8/builders/ci/V8%20Mac%20-%20arm64%20-%20release/3544
Original change's description:
> [liftoff][arm64] Use 64 bit offset reg in mem op
>
> Accessing the Wasm memory with a 64 bit offset was truncated to 32 bit,
> which is fine if we check bounds first, but not if we rely on the
> trap handler to catch the OOB.
>
> R=clemensb@chromium.org
>
> Bug: v8:11587
> Change-Id: I82a3a2906e55d9d640c30e770a5c93532e3a442c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2808942
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73829}
Bug: v8:11587
Change-Id: If7396981d43833f32ebc525c20abdbe78020e717
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2810785
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73835}
Add a flag similar to the tiering mask to choose between regular
baseline code or debug code in Liftoff.
R=clemensb@chromium.org
Bug: chromium:1183774
Change-Id: I0e87154e2e1cd57679ce0c57bb1e075a97691248
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2807603
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73833}
If bounds checks are completely disabled (for performance testing) we
would still emit protected instructions which generate landing pads for
trap handlers in code generation. This CL fixes that by implicitly
disabling trap handling if stack checks are disabled.
R=ahaas@chromium.org
Bug: v8:10949
Change-Id: I1172087fb14ab56e9117c6eee388f71099568a13
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2808946
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73832}
This CL fixes the behaviour of the d8.test.fast_c_api constructor when
the global object has been modified by not allowing calls to it without
the `new` keyword.
Bug: chromium:1196597
Change-Id: I49b4a412d501f5c9adaa72b63beec1483ab4c449
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2808943
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73831}
Accessing the Wasm memory with a 64 bit offset was truncated to 32 bit,
which is fine if we check bounds first, but not if we rely on the
trap handler to catch the OOB.
R=clemensb@chromium.org
Bug: v8:11587
Change-Id: I82a3a2906e55d9d640c30e770a5c93532e3a442c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2808942
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73829}
