These tests test allocation failure and time out on TSAN.
Bug: v8:11852
Change-Id: I81e0af3ab8130c05488c6a117dd1c6ef12aba33b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3188071
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77104}
After the parameter processing, the arraybuffer may have been detached.
TypedArray copyWithin/fill should throw in that condition. TypedArray
includes should return false if the search element is not undefined.
Change-Id: If507d0efa1dafbe3dcefcd368e5ea27406bb3df8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3144315
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77103}
Bug: v8:7790
Change-Id: Ibf6e842c2bec780a9a52643494def8efbab92466
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3185920
Auto-Submit: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77102}
Prepare the Torque compiler to generate Kythe artifacts to be consumed
by CodeSearch.
Drive-by changes.
* Extend SourcePosition by an offset in the input string, as this is
required by the Kythe graph.
* Correctly set missing identifier positions in Declarations.
Bug: v8:12261
Change-Id: Ida0a4a562c99f58ab924ddde36f3146f3d3fd415
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3181102
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#77099}
Don't really have a good name for this inner TryCatch.
Bug: v8:12244
Change-Id: I4c1353bcd98e78e49d0354e285249302a8ee0dd8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3183522
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77097}
Activate argument count consistency (receiver is always included in
JS argument count) for arm and arm64.
Bug: v8:11112
Change-Id: I4b019721422a0a4653d59e81cde2f7d57708e625
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3186436
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Patrick Thier <pthier@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77089}
... an ObjectVisitor subclass that takes care of caching values of
both the main pointer compression cage base and code cage base
(when the external code space is enabled).
Drive-by: this CL also changes signature of
RelocInfo::target_object_no_host(...) to accept PtrComprCageBase
instead of Isolate*.
Bug: v8:11880
Change-Id: I3fbb382e0a0170e28542bc495d8fecfd24da8a07
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3182231
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77088}
1. Now there is no serializer/deserializer-specific buffer size limit.
2. Update AUTHORS
Ref: https://github.com/nodejs/node/issues/40059
Change-Id: Iad4c6d8f68a91ef21d3c404fb7945949e69ad9e2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3170411
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77084}
.. by turning `masm_` into a unique_ptr s.t. it's freed after the
NoRootArrayScope which references it.
Fixed: chromium:1252620
Change-Id: I24580c5a96d76a973b2b083e7a76b95f93bb6068
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3185459
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77082}
When cloning objects using spread and update properties (e.g.
obj = {...o, x: 0}), we wrongly used the setter for the update argument
if one was set.
This CL changes the behaviour such that all arguments following the
spread are treated as dynamic arguments.
Bug: chromium:1251366
Change-Id: I76a6d02606dca0faa0a256f465834d85d3df4f6f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3178969
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77079}
Rolling v8/build: c4acc0e..32fc064
Rolling v8/buildtools/linux64: git_revision:69ec4fca1fa69ddadae13f9e6b7507efa0675263..git_revision:de86ec4176235871a7cb335756987e41246dae4a
Rolling v8/third_party/abseil-cpp: 4402489..a46a633
Rolling v8/third_party/aemu-linux-x64: 35rwW0ni0eziJ2doq4bSBym86edze8jHjf2fyZhjl8kC..y7X4kitLsRPSZc6ksrVllZRbH7mvEXlq9-4wOg7zR5cC
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/3d49e1c..444aba8
Rolling v8/third_party/depot_tools: a6baf70..f35d350
Rolling v8/third_party/googletest/src: 159c9ad..e4717df
Rolling v8/third_party/zlib: 77c1323..dfa96e8
Rolling v8/tools/luci-go: git_revision:028cd41e0f4b2bec99d94c780caf2f978e09b182..git_revision:e9585787c808e21d6eaa2c7d7a928dbc19999172
Rolling v8/tools/luci-go: git_revision:028cd41e0f4b2bec99d94c780caf2f978e09b182..git_revision:e9585787c808e21d6eaa2c7d7a928dbc19999172
Rolling v8/tools/luci-go: git_revision:028cd41e0f4b2bec99d94c780caf2f978e09b182..git_revision:e9585787c808e21d6eaa2c7d7a928dbc19999172
TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com
Change-Id: I4ea1bfbd22da816afaf413bd6e86c63aa91d4a39
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3182608
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#77068}
After https://crrev.com/c/3182223 gcc might throw the following
error during compilation:
```
error: variable 'is_on_heap' set but not used
```
Bug: v8:11749
Change-Id: I31a2bef4adb1bfcb2b35115b4dea6df80f84f681
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3183165
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#77067}
Bug: v8:12244
Change-Id: I463eceb5b90f4b5b0efddcad7b1734e14d36944d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3183526
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77066}
Drive-by clean-up to move ADD_CODE, which is defined the same way in
multiple files, into wasm-run-utils.h.
R=adamk@chromium.org
Bug: v8:12244
Change-Id: I61d54cf2c589c3f8b69950fba097d8754bb99c5a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3183524
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77065}
Rename the kNone enum in SimdPrefix to kNoPrefix
R=adamk@chromium.org
Bug: v8:12244
Change-Id: I8604dfadea24ce5f00c710de4d3c38da9d8a27a7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3182886
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77064}
Off heap members are "safe" to reference dead objects since they are not
connected to the object graph and do not ressurect the object.
This is needed becuase Members are used as temporary on stack variables
in Blink, e.g. when querying if a HeapHashMap contains a key.
Bug: v8:11749
Change-Id: I7ab2559d00c366480a3efbc0512bb1d1f63b64e7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3182223
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77063}
Bug: v8:12244,v8:12245
Change-Id: I3d9223f32bdc0d1cf7e5083996bc5707ab361e52
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3183162
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77062}
Port a0ace8a8a5
Original Message:
In Liftoff, the result of table.grow was smi-untagged and sign-extended
to a ptr-sized value. However the result is typed as i32, so the upper
32 bits should be cleared on 64 bit platforms. In particular this is
observable when the value is used as an index for a memory operand,
which leads to the repro in the attached issue.
Match the TF behavior by untagging the value as a 32-bit int.
Change-Id: I73ee1d29b830eae1fd4e680634b78317b04c069c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3183160
Reviewed-by: Milad Fa <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#77058}
Many instructions are declared using DECLARE_INSTRUCTION (via
ASSEMBLER_INSTRUCTION_LIST), and each of them currently defined eight
templates for different sizes and different number of arguments.
This CL reduces this to three variadic templates per instruction.
R=zhin@chromium.org
Bug: v8:12244
Change-Id: Ibd75c55e757f917eb1e9b54c0a1a79632a1ba6d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3181103
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77057}
Some macros are redundant or unused.
- WASM_RETURN1 is identical to WASM_RETURN.
- WASM_RETURNN has an unused {count} parameter, and is otherwise
identical to WASM_RETURN.
- WASM_IFB is identical to WASM_IF.
- WASM_CASE and WASM_CASE_BR are unused.
- WASM_BR_TABLEV is unused.
R=thibaudm@chromium.org
Bug: v8:12244
Change-Id: Ie7be00351f2dfe38d6e84d80e157a85df37233a9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3178860
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77056}
