Make sure we have no pending promises if correctness fuzzing is active.
Due to fast-paths we might not create all intermediate promises
that aren't spec visible. However, promise hooks might expose them
and cause different output which in turn breaks correctness fuzzing.
Drive-by-fix:
- Replace IsAnyPromiseHookEnabledOrDebugIsActiveOrHasAsyncEventDelegate
with NeedsAnyPromiseHooks
Bug: v8:1207791
Change-Id: I5b956336c43348e029c3e283993d4140a8897439
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2886862
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74565}
Calling SharedFunctionInfoRef::GetBytecodeArray is expensive as it
needs to call HeapBroker::GetOrCreateData each time. Instead have
bytecode graph builder save the bytecode_array and use it instead.
BUG=v8:9684,v8:7790
Change-Id: I1e847a8e371142f0108fbfbb1e151edf1c55beb8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2892667
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74564}
Various WebAssembly APIs that don't have observable side-effects aren't
marked as such, leading to the inability of DevTools front-end to
generate eager evaluation previews in the Console, and also making them
unusable in conditional breakpoints and logpoints.
Bug: chromium:1164241
Change-Id: I8f0675d2ed5b362b34a6f6c756d372a61e9e8564
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891571
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74563}
Added a CSA assertion to disallow page access when FLAG_enable_third_party_heap = true.
Also skipped two PageFromAddress callers in CSA that is not necessary when barriers are disabled.
Bug: v8:11641
Change-Id: Ib0e3ff7a7dbacb7c6e7a53a720b95e51cdf2e645
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2878757
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Wenyu Zhao <wenyu.zhao@anu.edu.au>
Cr-Commit-Position: refs/heads/master@{#74562}
Rolling v8/build: 80d2921..00d8280
Rolling v8/buildtools: 9b15350..b0912f9
Rolling v8/third_party/aemu-linux-x64: KMQBSqcXw7u61OKLUonbaZeROpW1KXX9tM-8Klzxus8C..JANUSSL6vlpZwl7eeXT1Jv3TTKfhHXjW18WlDQyun4kC
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/52e67e7..affd272
Rolling v8/third_party/depot_tools: f5c054c..5974ca0
Rolling v8/third_party/zlib: c830e4e..3e6d345
Rolling v8/tools/clang: 06d525c..f6e0cbe
Rolling v8/tools/luci-go: git_revision:e03dc36a7374fdf2331886695fa8b13457e15b92..git_revision:d7393d163ecb11c44626b3b221f86efdd2861565
Rolling v8/tools/luci-go: git_revision:e03dc36a7374fdf2331886695fa8b13457e15b92..git_revision:d7393d163ecb11c44626b3b221f86efdd2861565
Rolling v8/tools/luci-go: git_revision:e03dc36a7374fdf2331886695fa8b13457e15b92..git_revision:d7393d163ecb11c44626b3b221f86efdd2861565
TBR=v8-waterfall-sheriff@grotations.appspotmail.com
Change-Id: I9405aae219860c21833081ad67e006d7b1048b71
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2895357
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74561}
This reverts commit a61aa4919f.
Reason for revert: Did not fix the original issue with chromium
tests toggling jitless mode after V8 has already been initialized
on Win64.
Original change's description:
> [ptr-cage] Better support sharing CodeRange with re-embedded builtins
>
> If a shared CodeRange is already allocated when creating an Isolate in
> jitless mode, the CodeRange will be used. This is to better support the
> following use pattern:
>
> ```
> FLAG_jitless = false;
> v8::Isolate::New();
> FLAG_jitless = true;
> v8::Isolate::New();
> ```
>
> Note that the other direction of toggling jitless from true to false is
> unsupported and may have undefined behavior.
>
> Bug: v8:11460
> Change-Id: I1c451c53bc160be4122056d8b309323a94d4b8b6
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2890591
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74535}
TBR=ishell@chromium.org
Bug: v8:11460
Change-Id: I0acd7d0d444efbf6b9860bcc5e91034319b78601
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2893827
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74559}
xxbrq includes a constant value of `31` as part the opcode. This CL
includes this constant within constants-ppc instead of adding
it while emitting code.
Change-Id: I897f5f86165c7b006a829dcb2ee2a0c9dc2ef1b3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891935
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#74558}
vnegw and vnegd are also added to the opcode list as well
as the disassembler and the simulator.
Change-Id: I852fbe4469b2dd3c3872aa846a0b680e35e1dba6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2892630
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#74556}
OutputRegister does not always exist, so we add a TempRegister to store
the comparison result.
Change-Id: I47b2500c28be85a66cab1de669ed62401f878e1a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2885475
Auto-Submit: Liu yu <liuyu@loongson.cn>
Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#74554}
Rolling v8/build: 4e27ee8..80d2921
Rolling v8/buildtools: e72cd45..9b15350
Rolling v8/third_party/aemu-linux-x64: pwjSs3IapHTvM0wB7z3723g8rjsQnCWikZJhQxtBetsC..KMQBSqcXw7u61OKLUonbaZeROpW1KXX9tM-8Klzxus8C
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/302ca09..52e67e7
Rolling v8/third_party/depot_tools: b65bbfe..f5c054c
Rolling v8/third_party/icu: cd9f9a9..f022e29
Rolling v8/third_party/zlib: 618ddec..c830e4e
Rolling v8/tools/clang: 53a9334..06d525c
Rolling v8/tools/luci-go: git_revision:37e5f238829f911f85b62d66670d2fbd88354ef1..git_revision:e03dc36a7374fdf2331886695fa8b13457e15b92
Rolling v8/tools/luci-go: git_revision:37e5f238829f911f85b62d66670d2fbd88354ef1..git_revision:e03dc36a7374fdf2331886695fa8b13457e15b92
Rolling v8/tools/luci-go: git_revision:37e5f238829f911f85b62d66670d2fbd88354ef1..git_revision:e03dc36a7374fdf2331886695fa8b13457e15b92
TBR=v8-waterfall-sheriff@grotations.appspotmail.com
Change-Id: I0fc0fff630915f8fedea52785a54085a9cb7aafd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2892384
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74551}
In debug mode, these will currently cause a DCHECK failure or a
segmentation fault.
See also: https://github.com/riscv/v8/issues/490
Change-Id: I2a4b8e0c9b0fb85393b41b1016b2caa2f013bcc4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2881505
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74550}
This is a reland of 054ff044bc
Change since revert:
- Remove assignment to FLAG_enable_short_builtins in test since
it's write-once in CFI.
Original change's description:
> Reland^2 "[ptr-cage] Turn on shared pointer cage by default for arm64 and x64"
>
> This is a reland of 1f504c36da
>
> Changes since revert:
>
> - Removed disabling of RO heap sharing when --stress-snapshot is passed;
> was fixed by f4a6c628c9
> - Fixed crashing tests that caused revert separately in
> a61aa4919f
>
> Original change's description:
> > > [ptr-cage] Turn on shared pointer cage by default for arm64 and x64
> > >
> > > Reviewed-on:
> > https://chromium-review.googlesource.com/c/v8/v8/+/2873226
> > > Reviewed-by: Igor Sheludko <ishell@chromium.org>
> > > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> > > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> > > Cr-Commit-Position: refs/heads/master@{#74422}
> >
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2878855
> > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> > Reviewed-by: Adam Klein <adamk@chromium.org>
> > Reviewed-by: Igor Sheludko <ishell@chromium.org>
> > Reviewed-by: Dan Elphick <delphick@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#74448}
>
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891460
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74546}
TBR=adamk@chromium.org
Bug: v8:11460
Change-Id: Ib7526270d421a562cb00aec9a28b4fc2296e4a86
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2893567
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74548}
This is a reland of 1f504c36da
Changes since revert:
- Removed disabling of RO heap sharing when --stress-snapshot is passed;
was fixed by f4a6c628c9
- Fixed crashing tests that caused revert separately in
a61aa4919f
Original change's description:
> > [ptr-cage] Turn on shared pointer cage by default for arm64 and x64
> >
> > Reviewed-on:
> https://chromium-review.googlesource.com/c/v8/v8/+/2873226
> > Reviewed-by: Igor Sheludko <ishell@chromium.org>
> > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#74422}
>
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2878855
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Dan Elphick <delphick@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74448}
Bug: v8:11460
Change-Id: I4e491574437f4c832e24b29815de6bdfd8975511
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891460
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74546}
This is a reland of 3356078ae1.
The fix is in PS2:
- fix the DCHECK to be triggered only if dst != src, the dcheck
is meant to prevent rep from being overwritten, which happens only
if dst != src
- fix instruction selector for f64x2.replace_lane, require SameAsFirst
only for non-AVX, which makes dst == src, saving a move
- on x64 we also require all registers, since the macro-assembler
helper only handles registers
Original change's description:
> [wasm-simd][x64][ia32] Factor f64x2.replace_lane into shared code
>
> This pblendw/movlhps combination has lower latency and requires less
> unop than pinsrq (1 v.s. 2).
>
> Bug: v8:11589
> Change-Id: I770b0c20a286774afefbac5ef0adffe463318f21
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2828871
> Reviewed-by: Bill Budge <bbudge@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74049}
Bug: v8:11589
Change-Id: I51cba0539d5241242dc4d7d971ede1940b9ac1fd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2842264
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74545}
Replaces Payload* terminiology with Object* terminology.
HoH::ObjectSize = just the object, without the header.
HoH::AllocatedSize = both the object and the header.
Payload terminology is retained only for pages.
Bug: chromium:1056170
Change-Id: I568a324ae8728f098be642b024493c375ec873cb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2892079
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74538}
We would use a payload size of 0 and end up walking up the stack till
we crash.
Bug: chromium:1056170
Change-Id: I12a69ada24697faaf05e2f4ab210045d54cf34e5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891657
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74537}
As mentioned in this CL https://crrev.com/c/2510070,
PPC_OWNERS file is the only necessary file applied
to all *-ppc* files.
Change-Id: I2052186660c6d186e3ead3e8e127a9129814377f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2892602
Reviewed-by: Junliang Yan <junyan@redhat.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#74536}
If a shared CodeRange is already allocated when creating an Isolate in
jitless mode, the CodeRange will be used. This is to better support the
following use pattern:
```
FLAG_jitless = false;
v8::Isolate::New();
FLAG_jitless = true;
v8::Isolate::New();
```
Note that the other direction of toggling jitless from true to false is
unsupported and may have undefined behavior.
Bug: v8:11460
Change-Id: I1c451c53bc160be4122056d8b309323a94d4b8b6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2890591
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74535}
The previous fix resolved the register conflict in favor of moving
kInterpreterBytecodeArrayRegister instead of kSpeculationPoisonRegister,
which regressed interpreter performance. This CL resolves the conflict
in favor of moving kSpeculationPoisonRegister.
Bug: v8:11726
Change-Id: I1975c386c758144d6ade12101957ab03ce7aa4c3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2886660
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74534}
I found no way to speed up the (relaxed) atomic accesses, so the only
way to get back the original performance is having a separate path for
the non-shared case.
R=ulan@chromium.org
Bug: v8:11704, chromium:1206552, chromium:1207351
Change-Id: I2ea0ecf07583dfe24f4085533491a1d5709c9ffb
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2878750
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74533}
Reporting to V8 may trigger GCs and thus also synchronously invoke
callbacks. Since such callbacks may allocate they can add to
allocated bytes. If the counter is reset after the call to the GC,
then those bytes are not properly recorded anywhere and can trigger an
underflow in case they are explicitly freed later on.
Bug: chromium:1056170
Change-Id: Id384eaeffa129e5b75f6ca16d43eb1c89e0fffec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891838
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74532}
This can be reverted once TryMakeRef checks the heap predicate.
I'm not reverting the previous CL because newer changes already depend
on it.
Tbr: jgruber@chromium.org
Bug: v8:11765, v8:7790
Change-Id: Iacc6a78a70fe6f40c9421258889c2175fb400b04
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891579
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74531}
Rel/acq is needed to guarantee the memcpy for re-embedding builtins
should be visible to all threads once embedded_blob_code_copy_ is
observed to have the address of the copy.
Bug: v8:11460
Change-Id: I68d0c532b7c7bba3d2cafeb0ff83533a67a1447d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2890590
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74529}
Loop unrolling did not work properly with floating control. Seeing as
very few spots in the wasm compiler introduced floating control, we
decided to disallow it altogether.
Changes:
- When lowering 64-bit rol/ror/clz/ctz in 32-bit platforms, we use a
diamond operator, which used to introduce floating control. This CL
adds a control edge to these operators so that the diamond can be
chained to that control instead.
- During loop analysis, as an additional safety check, we check that the
explored loop does not have floating control. Exceptionally, floating
control pointing directly do start() is allowed.
- Change wasm-compiler so that generated floating projections point to
start() even after stack check patch-in.
Bug: chromium:1184929, v8:11298
Change-Id: I1ee063f5250037ae6c84d2f16b0bd8fff3923117
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2876851
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74527}
The callback IsolateData::ModuleResolveCallback, used by the fuzzer,
can return an empty MaybeLocal.
In this case v8::internal::SourceTextModule::PrepareInstantiate expects
it to have thrown an exception, and DCHECKs.
The fuzzer can hit this case because it doesn't load the entire module
graph before starting to tell V8 to instantiate modules. So if a module
fails to compile or load, another module trying to import it will hit
this DCHECK because we didn't bail out prior to module instantiation
like we should have.
This doesn't happen in Chromium because Blink loads the entire module
graph before trying to instantiate/link modules, ensuring that the
'real' ModuleRecord::ResolveModuleCallback never fails; indeed this is
mandated by the spec (see
https://html.spec.whatwg.org/#fetch-the-descendants-of-and-link-a-module-script).
To satisfy the fuzzer, this change makes
IsolateData::ModuleResolveCallback throw if it can't find the module.
Note, the bug's testcase doesn't involve import assertions. I don't
think this issue is new with my change
9d72d08a8c
but maybe that changed the crash stack or something in a way that
caused the issue to be reported.
Bug: chromium:1207078
Change-Id: I1fbc80faa099e040cdc489c965a5f2f5daafb38e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2890589
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Dan Clark <daniec@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#74526}
Reads from the compiler thread require either 1. the last write to
happen before the compiler thread starts, or 2. acquire-release
semantics. For simplicity, this CL converts all NativeContext field
writes to be acq-rel. With the usual exception of writes from
generated code (these are limited for NativeContexts though).
The situation of context sets/gets is still somewhat complex:
- Context::get/set are relaxed (but don't use the corresponding tag)
- Context::get(.., kAcquireLoad) and Context::set(.., kReleaseStore)
are acquire-release.
- Context::set_foo (defined for all native context fields) uses
kReleaseStore underneath.
- Context::get_foo (defined for all native context fields) uses
the default relaxed getter. The get_foo(kAcquireLoad) variant uses
the acquire getter.
- NativeContext hides the default relaxed setter since all
NativeContext sets should be acq-rel.
Ideally (future work), this should be simplified and made more explicit.
For example, get/set_foo could move to the NativeContext class, and we
could reevaluate whether we really need both relaxed and acq-rel
semantics (the pairing non-atomic/acq-rel feels more natural lets
tsan find concurrency issues).
Bug: v8:7790
Change-Id: I25efd37ece758da5a11dc11c6ae913e4975f4d20
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891575
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74524}
The HeapProfiler.startSampling method accepts a samplingInterval
parameter, which is assumed to be a positive (non-zero) number,
but doesn't validate the input (the renderer process just crashes
hard on a CHECK instead).
Fixed: chromium:1197392
Change-Id: Ib8e34f4b9881cd195214791ca0a3892e7b49bf55
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891573
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Kim-Anh Tran <kimanh@chromium.org>
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74523}
Also delete undefined ContextRef methods and make
Context::set_previous private (it is only used when
creating a new context).
Bug: v8:7790
Change-Id: I25a701f317f0f4e82432f7537eec1d63c5ef63f4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2886860
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74521}
Marking on allocation was missing the top level scope.
Also adding a dedicated scope for on allocation to more clearly
distinguish it in traces.
Bug: chromium:1056170
Change-Id: I1b7d80c9f171f81988826de0174ef5b00d6f1d34
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891572
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Auto-Submit: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74520}
This CL enhances the fast C API in a way to allow passing the receiver
to the fast callback as Local<Object> instead of Local<Value>. It also
fixes documentation comments.
Bug: chromium:1052746
Change-Id: I424aa83023c2e6633b9df08ee040bf170db32b3d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2887510
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74519}
We just asked if saves_fp was different than 0 two lines above.
Change-Id: I8cca5206041d3436ac7b2d619ab82f5955e99aaf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2888285
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74518}
The WebAssembly specification requires the "name" property of (exported)
function wrappers to hold the index of the function within the module,
and the default ToString algorithm for Function instances thus generates
something along the lines of `function 42() { [native code] }`, which is
technically correct, but not very useful to developers to diagnose
(humans don't think of functions in a module in terms of their indices).
With this CL, we change the description returned for Wasm (exported)
functions to use the debug name of the Wasm function instead.
Screenshot: https://imgur.com/a/FVPeXDU.png
Doc: http://bit.ly/devtools-wasm-entities
Fixed: chromium:1206620
Bug: chromium:1164241
Change-Id: I096abc287ea077556c13c71f8d71f64452ab4831
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891570
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74517}
Drive-by-fix: Remove command line API fn.toString() override, which was
still in place from the early days when much of the inspector was
implemented in JavaScript.
Fixed: chromium:1207867
Bug: chromium:1206620
Change-Id: I8429f109da5f021f729f184fd824160a24e60897
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2887508
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74516}
