This reverts commit 331c577e1d.
Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20-%20debug%20-%20single%20generation%20-%20builder/9912/overview
Original change's description:
> [static-roots] Allow creating isolates from existing r/o snapshot
>
> This adds the ability to create an isolate from scratch, except the
> read only roots, which are initialized from a read_only_data snapshot.
> To do this we split the heap setup in a read/only part and the rest.
> The goal of these changes is to later support writing serializer tests,
> even if the read only roots are static and have to be loaded from a
> fixed snapshot.
>
> Bug: v8:13466
> Change-Id: I078695b95710e5281da013ca0c08af0e153b4725
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4037271
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Olivier Flückiger <olivf@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#84750}
Bug: v8:13466
Change-Id: I91512140abb98993578d27e65e6080e1d3f317e6
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4089967
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84751}
This adds the ability to create an isolate from scratch, except the
read only roots, which are initialized from a read_only_data snapshot.
To do this we split the heap setup in a read/only part and the rest.
The goal of these changes is to later support writing serializer tests,
even if the read only roots are static and have to be loaded from a
fixed snapshot.
Bug: v8:13466
Change-Id: I078695b95710e5281da013ca0c08af0e153b4725
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4037271
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Olivier Flückiger <olivf@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84750}
Test ids would get an uniform format between different kinds of tests:
prefix//test_id//suffix
- prefix:
- empty for regular tests
- or 'special test' token, as in 'numfuzz'
- test_id is the full name of the test as generated by test runner:
- suite_name/path/to/actual/test_name
- suffix is anything a test runner processor might want to add to the name:
- numfuzz processor will add 'analysis' of a numeric value
- variant processor will add the variant name
Bug: v8:13316
Change-Id: Ied8f958173f82d8e26c62e39ccc21167ca2928ab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4084763
Commit-Queue: Liviu Rau <liviurau@google.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84736}
TSLint has been deprecated and so the presubmit script will not
run because of tslint:recommended. Removing this allows the
explicit rules to be run but does not properly fix the use of
TSLint. Also fix the issues that do not pass the linter.
Bug: v8:7327
Change-Id: I9f463ba9520ee2caa4141b21b81fd15012afedff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4085145
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: George Wort <george.wort@arm.com>
Cr-Commit-Position: refs/heads/main@{#84725}
Add the option to swap what is displayed on which
axis and increase the density in the horizontal axis
when displaying live ranges in turbolizer.
Bug: v8:7327
Change-Id: I47ac94d93942bdf760ad330a19f8f567078fd531
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4085144
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: George Wort <george.wort@arm.com>
Cr-Commit-Position: refs/heads/main@{#84721}
Data added:
- subtest_id as it is generated by Processors
- processor_name to trace back the processors that generate subtests
- path of the test
- test_id suffixes introduced by processors:
- numfuzz will have
- an `analysis` suffix for analysis phase
- a number suffix for the variants generated after analysis
- variant processor adds a suffix for every variant
- subtests will inherit suffixes from the parent tests (origin)
V8-Recipe-Flags: resultdb
Cq-Include-Trybots: luci.v8.try:v8_numfuzz_dbg,v8_numfuzz_rel,v8_numfuzz_tsan_compile_rel,v8_numfuzz_tsan_rel
Bug: v8:13316
Change-Id: I67d8b92b575c31b201238cfbcfc76cd076a2f7af
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4081127
Commit-Queue: Liviu Rau <liviurau@google.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84720}
Promoted pages are iterated to record slots containing old to new and
old to shared references. This takes a significant amount of time during
the atomic pause.
Instead we offload this task to the concurrent sweepers, record slots to
a local cache, and merge it when finalizing sweeping.
Array buffer sweeping depends on iteration of promoted pages, so it is
frozen until iteration is done.
See design doc at https://docs.google.com/document/d/1JzXZHguAnNAZUfS7kLeaPVXFfCYbf5bGCtyKgyiMDH4/edit?usp=sharing
Bug: v8:12612
Change-Id: Icdc79a7a70c53352e3a1b3961cfe369e8563b65b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4062041
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84706}
The test is failing due to a bug in dbghelp.dll. I don't think there's
anything we can do about that except disable the test until we've
upgraded to a fixed version.
Bug: v8:13484
Change-Id: I8017c3ad2c934701985adadc6ba3f68d2d53099d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4061543
Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#84704}
The zone should just be a member of {WasmModule} instead of a
heap-allocated second object.
R=ahaas@chromium.org
Change-Id: I9cf7d5145ea9131a5ae3382c6f5aa63b816d9aa4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4080032
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84690}
Shared heap is not available without write barriers, therefore skip all
tests that require shared heap when write barriers are disabled.
Change-Id: I66a9a94941ffab792ced964f12df6930b13c92cb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4079120
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84682}
This adds new modes to run gcmole on multiple hosts:
- collect: Parse source files and store partial raw call graph in
a binary output file.
- merge: Read multiple partial call graphs stored by 'collect', merge
them and store the gc-suspect information.
- check: Use the stored suspect information to check source files for
problems.
The modes 'collect' and 'check' support sharding parameters, so that
each shard runs on a deterministic fraction of the source files.
The previous way of running gcmole locally is unchanged as 'full'
run. All modes also support the --test-run parameter, running against
a test double.
The parameter to reuse suspects is removed as the new 'check' mode
makes it redundant.
This also adds python tests to verify most additions for merging
call graphs and for distributing source files to shards.
The new API is used on the infra side via the gcmole_v3 config, which
we configure now in parallel to the previous version to test for
equality.
Based on the builders.pyl change, these additions also run on the
v8_linux_rel trybot on this CL.
Bug: v8:12660
Change-Id: Ibe66292cb00830fa1c23451081a8de4cbc4766a1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4075907
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84674}
Drive by: refactor framework_name propagation. The property was already injected in the TestSuite objects. Since it finally got attached to the result record it was natural to have it attached on the TestCase object at creation time. This eliminates the need to inject it through progress objects.
Change-Id: Ic4028d24589a241fb6225dc53ccef2215728d569
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4079228
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Liviu Rau <liviurau@google.com>
Cr-Commit-Position: refs/heads/main@{#84670}
It looks like the server-provided information changed back to what
it was before crrev.com/c/4023861, but rather than just revert that,
this patch makes the logic in our script even more robust.
No-Try: true
Change-Id: I9d60b1c61f85d9bde1275695dbd18c62fa4569bf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4080387
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84656}
The test-run mode was broken after output improvements and the
introduction of pathlib.
This fixes the string concatenation with paths and updates the test
output to match the status quo. This also changes the test-run mode
to run exclusively when the --test-run option is passed. Now it's
either a test run or a normal run. Like that we can add the test run
as a separate test step on a bot. If both are needed in sequence
for something, gcmole could be called twice.
Bug: v8:12660
Change-Id: I58179d50950fa76d8f66b974325a8fed84dc91b6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4075727
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84655}
This (micro)optimizes data dependencies of gcmole in two ways:
1. Only bundle icu folders 'common' and 'i18n', omitting particularly
icu's data and test folder, which aren't needed for running gcmole.
This reduces gcmole bundle size from 377MB to 239MB, reducing upload
and download times by a few seconds on g1 bots.
2. Process gcmole data dependencies during GN time only when gcmole
is configured via gn flag. Currently, the dependency files are also
processed on all other bots that aren't running gcmole.
Bug: v8:12660
Change-Id: Ib708fa2957e6e33698e51b2aee45929f4d467935
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4076331
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84648}
This is a reland of commit 347142f647
This CL fix a bug for bolck onclick event, and improve compatibility
for old turbo-x.json files.
Original change's description:
> [turbolizer] Show basic block id in schedule phase
>
> In the schedule phase of turbolizer, there is only RPO number was
> shown, when we want to debug Builtin PGO or other modules, we
> would like to see the block id instead of RPO number.
>
> this CL add the support for displaying basic block id for schedule
> phase in turbolizer.
>
> Change-Id: I7a71f259230564400b683d598f68b6d064f1eb4d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4068103
> Commit-Queue: Wenqin Yang <wenqin.yang@intel.com>
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#84625}
Change-Id: Ibaee4826678169d65e809bcad1e29587e480663f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4073861
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Wenqin Yang <wenqin.yang@intel.com>
Cr-Commit-Position: refs/heads/main@{#84645}
This reverts commit 347142f647.
Reason for revert: <There is a bug for onclick event.>
Original change's description:
> [turbolizer] Show basic block id in schedule phase
>
> In the schedule phase of turbolizer, there is only RPO number was
> shown, when we want to debug Builtin PGO or other modules, we
> would like to see the block id instead of RPO number.
>
> this CL add the support for displaying basic block id for schedule
> phase in turbolizer.
>
> Change-Id: I7a71f259230564400b683d598f68b6d064f1eb4d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4068103
> Commit-Queue: Wenqin Yang <wenqin.yang@intel.com>
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#84625}
Change-Id: If6b3674e7bc333be7d323714e3d2ca5327826892
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4078511
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84629}
In the schedule phase of turbolizer, there is only RPO number was
shown, when we want to debug Builtin PGO or other modules, we
would like to see the block id instead of RPO number.
this CL add the support for displaying basic block id for schedule
phase in turbolizer.
Change-Id: I7a71f259230564400b683d598f68b6d064f1eb4d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4068103
Commit-Queue: Wenqin Yang <wenqin.yang@intel.com>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84625}
In a local debugging session, it happened to be be in frame 8, so was
slighly missed. Looking through the first 10 frames instead of 7 should
not hurt anyone but fixes that problem.
My stack trace:
#0 __pthread_kill_implementation
#1 __pthread_kill_internal
#2 __GI___pthread_kill
#3 ??
#4 __GI_abort
#5 v8::base::OS::Abort
#6 V8_Fatal
#7 v8::base::(anonymous namespace)::DefaultDcheckHandler
#8 V8_Dcheck
R=leszeks@chromium.org
No-Try: true
Change-Id: I6d8bfb482fe4c926a8ecfad8757286618a98f2c3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4061894
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84613}
As Wasm module can live longer than the isolate that initially created
them, it generally makes sense to use the WasmEngine's accounting
allocator for the decoded WasmModule.
Instead of passing that allocator through many functions, we can just
get it directly from the one global WasmEngine when we need it.
R=ahaas@chromium.org
Change-Id: I552f8e19072f2305a3186b821c2f5b3969eac83f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4071464
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84611}
This is a reland of commit 48a6193e67.
PS2 fixes the use-after-free by using the WasmEngine's allocator instead
of the Isolate's. The module can live longer than the isolate, so on
module destruction we would otherwise potentially access an already
deleted allocator.
Original change's description:
> [wasm] Remove StartDecoding method
>
> Move it into the constructor instead, to simplify the API.
>
> R=ahaas@chromium.org
>
> Bug: v8:13447
> Change-Id: I563a409c57c3cfdd91998c7c459f4e099211ccf7
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4062042
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#84589}
Bug: v8:13447
Change-Id: I33c3c641ab6de6b6e30365fe967a579469039740
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4070264
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84604}
This is split out from
https://chromium-review.googlesource.com/c/v8/v8/+/3963708, and
implements only the change to using a dispatcher code stub for different
object types in GetOwnPropertyDescriptor, which returns a
PropertyDescriptor struct, and converts the descriptor into a JSObject
in the final step of Reflect.getOwnPropertyDescriptor or
Object.getOwnPropertyDescriptor.
This does not include the path in the dispatcher for Proxy objects, and
thus Proxy objects are still handled in the runtime.
Change-Id: I3960615aa0941d02d32717ccea291f6b63ae180e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4024866
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84602}
Move it into the constructor instead, to simplify the API.
R=ahaas@chromium.org
Bug: v8:13447
Change-Id: I563a409c57c3cfdd91998c7c459f4e099211ccf7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4062042
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84589}
This is a reland of commit 5dbba8b007
Excluding ICU from UBSAN as there are new failures reported, until they are addressed in bug chromium:1394654.
Bug: chromium:1394654
Original change's description:
> Update V8 DEPS (trusted)
>
> Rolling v8/build: 0efbd89..f27bbaf
>
> Rolling v8/buildtools: f2fe6dd..531b10a
>
> Rolling v8/buildtools/linux64: git_revision:1c4151ff5c1d6fbf7fa800b8d4bb34d3abc03a41..git_revision:70d6c60823c0233a0f35eccc25b2b640d2980bdc
>
> Rolling v8/buildtools/third_party/libc++/trunk: c2e1032..325733d
>
> Rolling v8/buildtools/third_party/libc++abi/trunk: 7362046..9231726
>
> Rolling v8/buildtools/third_party/libunwind/trunk: 5870472..fd49ee4
>
> Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/41982a4..4431cae
>
> Rolling v8/third_party/depot_tools: 9a6aa08..141be0c
>
> Rolling v8/third_party/fuchsia-sdk/sdk: version:10.20221128.1.1..version:10.20221129.1.1
>
> Rolling v8/tools/clang: 6846e1e..1b8faee
>
> Rolling v8/tools/luci-go: git_revision:f8f64a8c560d2bf68a3ad1137979d17cffb36d30..git_revision:7a04ca7c0fd3e73cc09c817542a74d947e68b8c9
>
> Rolling v8/tools/luci-go: git_revision:f8f64a8c560d2bf68a3ad1137979d17cffb36d30..git_revision:7a04ca7c0fd3e73cc09c817542a74d947e68b8c9
>
> Change-Id: I3d89ad61526c3288c7788480c1355d94ad39fb1e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4063722
> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
> Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
> Cr-Commit-Position: refs/heads/main@{#84559}
Change-Id: Ifa89aa3e1e7cc69a6afd72c161027e5874d3c541
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4067041
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84574}
This ensures that V8_EXPORT lines generated by
gen-postmortem-metadata.py have a deterministic order (the original
order) while removing duplicates.
Bug: chromium:1394626
Change-Id: I6d634962ed9f9f97c2b0dfa3b6d9c32b5894df54
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4061864
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84568}
Profiles for 64/32 bits architectures are not interchangeable but
profiles collected for x64/x86 can be used for arm64/arm respectively.
Attempt to use an incompatible profile is now a fatal build error.
Note that some Float64RoundXXX instructions that are available on
arm64 are not available on x64, so we generate a bunch of code
containing branches instead. This means that we are safe to use x64
profiles for arm64 but not the other way round, otherwise we'll miss
the profile info for the subgraph that's not generated on arm64.
Bug: v8:10470
Change-Id: I6a34836866363207b5ed767e343100b406ac7990
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4055274
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84564}
We currently add two samples: One for the overall wire bytes size and
one for the number of declared functions. Both is not only available
during decoding, but also to the caller. Hence separate the update of
counters and events from actual decoding. This will make it simpler to
decode a module (for re-validation) without updating counters.
R=ahaas@chromium.org
Bug: v8:13447
Change-Id: Ib00f4150cf2ad5452090f0aff8198b31d075b49d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4061687
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84538}
The debug_helper library is intended to be used from a debugger process
which is attached to the debuggee process that includes V8 content. When
reading memory from the debuggee process, debug_helper should use the
MemoryAccessor function which reads remote memory rather than
dereferencing pointers into the debugger's memory space and potentially
crashing. I recently noticed that v8windbg crashes on external strings
because the sandbox has been enabled, and the debug_helper code for
external strings was incorrectly reading memory from the debugger
process rather than the debuggee.
You might ask: why wasn't this caught in automated tests? There is a
test, cctest/test-debug-helper, which exercises this exact code, but it
does so with the debugger and debuggee in the same process. Setting up a
proper cross-process test would be much more complex and
platform-specific, and this class of bug has never turned up before, so
I think the existing test coverage is adequate.
Change-Id: Ib8730dd47a925f4229962d27b576a759c5a9a9ad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4043821
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84520}
After fixing all known bugs found by fuzzers for
--shared-string-table we can enable this flag on all fuzzers again.
Bug: v8:13267
Change-Id: Ie2c361bbd2cf349d2c5d517fb6c71f88a3381626
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4061310
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Auto-Submit: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84514}
Adding the crash status and type to the test result with dummy values,
with the intention of populating these values with data from
ClusterFuzz analyzer or our own logic.
Bug: v8:12313
Change-Id: I8a537734a9c48393b77d582516ae45638986aa55
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4047486
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84511}
The flag --harmony-struct changes the global object which is
observable when doing differential fuzzing. The flag will now be
ignored to close ongoing false positives. It could be enabled in
the future if the global object stays equal in all compared
configurations, which could be faked behind the flag:
--correctness-fuzzer-suppressions.
No-Try: true
Bug: chromium:1393020
Change-Id: Ib5f3325a742dd32cac34febca58bf99e0184ac97
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4055627
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84478}
This validity cell is already invalidated from its creation, which
means this object is actually immutable. Move it into RO space to make
use of this property.
There was one store to that object which simply overwrote that
invalid marker with the same value. This CL changes this into a
conditional store.
Bug: v8:13267
Change-Id: I12ab5a41bd9fc0a62523a4ac35607c4b38b2acee
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4055895
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84461}
This reverts commit 5e07bb70e5.
Reason for revert: --struct-harmony caused an initial flood of
bugs on the correctness fuzzer. Let's reland this once we've
sorted out those.
Original change's description:
> [heap] Enable shared heap flags on more fuzzers
>
> Enable --shared-string-table and --struct-harmony on more fuzzers.
>
> Bug: v8:13267
> Change-Id: Iedea33f5c06563aac4d0f0d0eb880f7ee6208d9f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4043902
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#84412}
Bug: v8:13267
Change-Id: Id7973fa312cdddff6c49b672d0496c33fc8828e4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4051202
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#84436}
... instead of computing them on the fly. This approach seems to
perform slightly better because it requires less code.
Bug: v8:7703, v8:11460
Change-Id: If31a06fbc748251c491c011e9e3f118665e20159
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4020456
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84413}
Enable --shared-string-table and --struct-harmony on more fuzzers.
Bug: v8:13267
Change-Id: Iedea33f5c06563aac4d0f0d0eb880f7ee6208d9f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4043902
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84412}
With shared space (instead of the shared isolate), the AccessorInfo
implementation of SharedArray's length property is no longer threadsafe.
Until AccessorInfos can be put into shared or RO space, go back to
storing the length field as a per-instance in-object field, which is
unfrotunately a little wasteful.
Bug: v8:12547
Change-Id: I99c1cbf26047da48a4b4c11e14ab7def7d4e4f60
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4039309
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84408}
This factors out a call graph from the suspects collector which in
a future CL can be serialized as a partial call graph and later
merged.
Bug: v8:12660
Change-Id: Ie6f682195a900ba0711b8f828c63bf41f142f2b1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4035131
Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84403}
1) Pass {WasmFeatures} by value, it's a single word.
2) Pass a {base::Vector} instead of {start} and {end} pair.
3) Remove a redundant constructor (just pass an empty wire bytes vector
instead).
R=thibaudm@chromium.org
Change-Id: I337c3c86960505ae23c88cb6adc5646a61111f76
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4030434
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84382}
In a follow up we want to introduce a mode for just collecting or
processing. In the infrastructure however, we still call the wrapper
script with old arguments on release branches. This ensures that
we stay backwards compatible.
Bug: v8:12660
Change-Id: I08da713719d10cb58c2cd5ea7f711570bd57572c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4035976
Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84380}
