If a {NativeModule} dies while a GC is running, we could leave behind
references to code of that deleted module. This CL fixes that.
This issue was found by running with --stress-wasm-code-gc.
R=mstarzinger@chromium.org
Bug: v8:8217
Change-Id: I7f0d98977e6510899170306952936c4a7f7d3c10
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585722
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61041}
The function {memory_copy_wrapper} is called directly from WebAssembly.
Before calling {memory_copy_wrapper} we do not reset the
tread-in-wasm flag. On asan builds on Windows this causes the problem
observed in the crash report.
My theory is the following: asan on Windows uses exceptions to allocate
shadow memory lazily. When {memory_copy_wrapper} accesses memory, asan
causes an exception to allocate shadow memory. This exception is first
caught by the WebAssembly trap handler, which resets the
thread-in-wasm flag but then does not handle the exception because it
cannot find a proper landing pad. Asan then handles the exception and
continues execution. However. the thread-in-wasm flag is not set
anymore. A later check of the thread-in-wasm flag then fails.
This CL disables asan for {memory_copy_wrapper} and thereby fixes the
problem. As indicated above, another solution would be to reset and set
the thread-in-wasm flag before and after the call to the C function,
respectively. However, we do not do that for other uses of direct calls
to C.
R=binji@chromium.org
Bug: chromium:952342
Change-Id: I2adb2eccf2ac25be58392d21f8f43a04414c7811
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1584326
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61040}
Add a flag which causes wasm code gc to be triggered whenever any code
is found to be potentially dead. This mode found several bugs already,
and I plan to enable it in 'gc-stress' mode once all issues are fixed.
R=mstarzinger@chromium.org
Bug: v8:8217
Change-Id: If28d980ded98b77b9efe7446da74d857e3c5e1b7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585720
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61039}
This reverts commit da7322c05f.
Reason for revert: Breaking the pointer compression bots, e.g.:
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20-%20pointer%20compression/3047
Original change's description:
> [csa] verify skipped write-barriers in MemoryOptimizer
>
> With very few exceptions, this verifies all skipped write-barriers in
> CSA and Torque, showing that the MemoryOptimizer together with some
> type information on the stored value are enough to avoid unsafe skipped
> write-barriers.
>
> Changes to CSA:
> SKIP_WRITE_BARRIER and Store*NoWriteBarrier are verified by the
> MemoryOptimizer by default.
> Type information about the stored values (TNode<Smi>) is exploited to
> safely skip write barriers for stored Smi values.
> In some cases, the code is re-structured to make it easier to consume
> for the MemoryOptimizer (manual branch and load elimination).
>
> Changes to the MemoryOptimizer:
> Improve the MemoryOptimizer to remove write barriers:
> - When the store happens to a CSA-generated InnerAllocate, by ignoring
> Bitcasts and additions.
> - When the stored value is the HeapConstant of an immortal immovable root.
> - When the stored value is a SmiConstant (recognized by BitcastToTaggedSigned).
> - Fast C-calls are treated as non-allocating.
> - Runtime calls can be white-listed as non-allocating.
>
> Remaining missing cases:
> - C++-style iterator loops with inner pointers.
> - Inner allocates that are reloaded from a field where they were just stored
> (for example an elements backing store). Load elimination would fix that.
> - Safe stored value types that cannot be expressed in CSA (e.g., Smi|Hole).
> We could handle that in Torque.
> - Double-aligned allocations, which are not lowered in the MemoryOptimizer
> but in CSA.
>
> Drive-by change: Avoid Smi suffix for StoreFixedArrayElement since this
> can be handled by overload resolution (in Torque and C++).
>
> R=jarin@chromium.org
> TBR=mvstanton@chromium.org
>
> Change-Id: I0af9b710673f350e0fe81c2e59f37da93c024b7c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1571414
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61016}
TBR=mvstanton@chromium.org,jarin@chromium.org,tebbi@chromium.org
Change-Id: I36877cd6d08761726ef8dce8a3e3f2ce3eebe6cf
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585732
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61038}
This is part of the refactoring needed to implement a feature that allows
re-running benchmarks until needed confidence is reached.
R=machenbach@chromium.org
No-Try: true
No-Tree-Checks: true
Bug: chromium:880724
Change-Id: I45f584a3503ecf567f4c2661a302a74fc5e516af
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1581605
Commit-Queue: Sergiy Belozorov <sergiyb@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61037}
The `Script::InitLineEnds(Handle<Script>(script, isolate));` line
may lead to objects being moved around on the heap, so it’s necessary
to use a `Handle` to track that.
This was causing crashes in Node.js in Debug mode when using the
code cache in combination with the CPU profiler.
Refs: https://github.com/nodejs/node/issues/27307
Change-Id: I392b4c00c6ebad44753f87fcbf2e3278ea7799a6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1575698
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61036}
Peeling away layers of indirection. More to follow.
Change-Id: Ide15b9ece926f51d957de8fdc37829f02d86ca49
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1573700
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61035}
This fixes a deadlock that was detected by layout tests executing with
--future (hence enabling wasm code gc). It did not fail anywhere in v8
because GC is only triggered once we have > 1MB potentially dead code.
I plan to add a '--stress-wasm-code-gc' flag, which lowers this limit
to zero, thereby triggering GC when finding a single potentially dead
code. This mode found this issue, but also finds more, so I need to fix
other issues before enabling these stress tests.
R=mstarzinger@chromium.org
Bug: v8:8217
Change-Id: I373955b90c8b79d7b9e16184729f45db947eeeab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1583728
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61034}
This reverts commit 2974a184fd.
Reason for revert: For this change to land, layout tests have to
be changed on the chromium side:
https://ci.chromium.org/p/v8/builders/ci/V8-Blink%20Linux%2064/31448https://test-results.appspot.com/data/layout_results/V8-Blink_Linux_64/31448/webkit_layout_tests%20%28with%20patch%29/layout-test-results/results.html
Original change's description:
> [Inspector] Adjust the length of some of the console functions.
>
> The function lengths on a number of the console methods was set to 1.
> The arguments to these functions are either variadic or optional so they
> should have length of 0.
>
> R=dgozman@chromium.org,ulan@chromium.org
> BUG=chromium:948678
>
> Change-Id: I183262e230145a565732396688a0541034931500
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1548948
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Pavel Feldman OOO <pfeldman@chromium.org>
> Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Commit-Queue: Dave Tapuska <dtapuska@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61021}
TBR=dgozman@chromium.org,ulan@chromium.org,pfeldman@chromium.org,yangguo@chromium.org,dtapuska@chromium.org,kozyatinskiy@chromium.org
Change-Id: Iba25e9351641c5d2730eb727f3da91f86d5b1203
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:948678
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585719
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61029}
Refactors logging suppression and profiling state tracking on isolates
to be tied to a RAII ProfilerScope. Fixes the case where multiple
concurrent profilers on the same isolate restore the wrong value of
is_logging.
Change-Id: I34b59422a4e6e077ae0abb46eb09d78a77870d46
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1575918
Commit-Queue: Andrew Comminos <acomminos@fb.com>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61027}
Bug: v8:9060
Change-Id: I37282dd362cfdd0a162a76b122870f643ef5c8eb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1582483
Commit-Queue: Adam Klein <adamk@chromium.org>
Auto-Submit: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61024}
An additional wpt test (console-label-conversion.any.js) verifies that
calling toString will cause exception propagation.
Remove the TryCatch block.
BUG=chromium:948257
R=dgozman@chromium.org
Change-Id: Idaaf264b7675f7df8ead128c085ac4d4c044005d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1579541
Commit-Queue: Dave Tapuska <dtapuska@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61023}
The function lengths on a number of the console methods was set to 1.
The arguments to these functions are either variadic or optional so they
should have length of 0.
R=dgozman@chromium.org,ulan@chromium.org
BUG=chromium:948678
Change-Id: I183262e230145a565732396688a0541034931500
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1548948
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Pavel Feldman OOO <pfeldman@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Commit-Queue: Dave Tapuska <dtapuska@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61021}
The generation of unwind info to enable stack walking on Windows/x64
(https://chromium-review.googlesource.com/c/v8/v8/+/1469329) was implemented
behind a temporary flag, in order to coordinate these changes with the
corresponding changes in Chromium.
The required changes to Chromium
(https://chromium-review.googlesource.com/c/chromium/src/+/1474703) have also
been merged, so we can now remove the flag and enable the generation of stack
unwinding info by default on Windows/x64.
Bug: v8:3598
Change-Id: I88814aaeabecc007f5262227aa0681a1d16156d5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1573138
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#61020}
Simplify accounting for compilation progress. Instead of complicated
logic in {OnUnitsFinished} the compilation progress is initialized in
{InitializeCompilationProgress}. We now keep tack of
- the required baseline tier,
- the required top tier, and
- the currently reached tier.
With this information {OnUnitsFinished} determines whether baseline and
top tier compilation are completed.
Bug: v8:9003
Change-Id: I3d147613f30363aade9ad5bf65be6e4d105e561e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1583722
Commit-Queue: Frederik Gossen <frgossen@google.com>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61019}
There was an issue where the perfetto unit tests would be built when
the gn target was 'all' despite us not pulling them in intentionally.
This CL rolls perfetto to the tip-of-tree which contains a fix for
this issue.
Bug: chromium:932115
Change-Id: I0195c623999f0bb1711c51ac25ea443b6580fc29
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1584321
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Auto-Submit: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61018}
This reverts commit 4f9d7a94a1.
Reason for revert: breaks roll:
https://chromium-review.googlesource.com/c/chromium/src/+/1583053
Original change's description:
> [snapshot] Align internal snapshot data
>
> When the snapshot blob is not aligned properly, loading it can cause a
> crash on platforms such as arm.
>
> This was exposed by a SIGBUS/BUS_ADRALN crash on arm when accessing
> the blob_data symbol (declared as a byte array) through a reinterpret
> cast to uintptr_t in an internal snapshot build.
>
> Thanks to florian.dold@gmail.com for the initial patch.
>
> Bug: v8:9171
> Change-Id: I99b071dec3733416f2f01b58a770e30d8f2dcdf2
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1582402
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Auto-Submit: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Dan Elphick <delphick@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61000}
TBR=jgruber@chromium.org,delphick@chromium.org
Change-Id: Ie329fa8948b46d5434a0db72d4bfb539bd25a967
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9171
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1584324
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61017}
With very few exceptions, this verifies all skipped write-barriers in
CSA and Torque, showing that the MemoryOptimizer together with some
type information on the stored value are enough to avoid unsafe skipped
write-barriers.
Changes to CSA:
SKIP_WRITE_BARRIER and Store*NoWriteBarrier are verified by the
MemoryOptimizer by default.
Type information about the stored values (TNode<Smi>) is exploited to
safely skip write barriers for stored Smi values.
In some cases, the code is re-structured to make it easier to consume
for the MemoryOptimizer (manual branch and load elimination).
Changes to the MemoryOptimizer:
Improve the MemoryOptimizer to remove write barriers:
- When the store happens to a CSA-generated InnerAllocate, by ignoring
Bitcasts and additions.
- When the stored value is the HeapConstant of an immortal immovable root.
- When the stored value is a SmiConstant (recognized by BitcastToTaggedSigned).
- Fast C-calls are treated as non-allocating.
- Runtime calls can be white-listed as non-allocating.
Remaining missing cases:
- C++-style iterator loops with inner pointers.
- Inner allocates that are reloaded from a field where they were just stored
(for example an elements backing store). Load elimination would fix that.
- Safe stored value types that cannot be expressed in CSA (e.g., Smi|Hole).
We could handle that in Torque.
- Double-aligned allocations, which are not lowered in the MemoryOptimizer
but in CSA.
Drive-by change: Avoid Smi suffix for StoreFixedArrayElement since this
can be handled by overload resolution (in Torque and C++).
R=jarin@chromium.orgTBR=mvstanton@chromium.org
Change-Id: I0af9b710673f350e0fe81c2e59f37da93c024b7c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1571414
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61016}
Adds a new flag to CpuProfiler to control whether or not "debug" names
(potentially inferred from scope) are used for captured frames
associated with a SharedFunctionInfo instance.
Bug: v8:9135
Change-Id: Ia1db20e389f3d0beb60eb47798820fb11d501c88
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1583042
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61015}
The main change is the reduction of the number of declared classes by
four by using templatized 'using' declarations instead of subtypes.
This also uses 'constexpr' to define constants, uses the defined
constants consistently, and adds static asserts.
R=jkummerow@chromium.org
Bug: v8:8834
Change-Id: I3868c9069f25261d428ec0847dea46de2cbc7a44
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1583763
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61014}
Introduce {CompileStrategy} to determine whether functions or an entire
module is compiled lazily. This replaces the previously used function
{IsLazyCompilation} and allows to introduce other compile strategies in
the future.
Bug: v8:9003
Change-Id: I3b8a32f1ccb55530afba07a02ccd7a0c10be3fac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1583720
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Frederik Gossen <frgossen@google.com>
Cr-Commit-Position: refs/heads/master@{#61013}
This CL fixes a crash that happens on a goto definition lookup for a
file with no data attached to it.
Drive-by: Collect language server data even on compilation failures.
R=tebbi@chromium.org
Bug: v8:8880
Change-Id: Ia6323204391da3e64058e1fe47f87162186c15cd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1583721
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61012}
This is a reland of 3d846115d6
Reland changes mjsunit.status to skip the regression test on
all bots except ASAN.
Original change's description:
> [typedarray] Fix crash when sorting SharedArrayBuffers
>
> TypedArray#sort has a fast-path when the user does not provide a
> comparison function. This fast-path utilizes std::sort which operates
> directly on the raw data. Per spec, std::sort requires the "less than"
> operation to be anti-symmetric and transitive.
>
> When sorting SharedArrayBuffers (SAB) that are concurrently modified during
> sorting, the "less than" operator stops being consistent as the
> underlying data is constantly modified. This breaks some invariants
> in std::sort resulting in infinite loops or straight out segfaults.
>
> This CL fixes this by copying the data before sorting SABs and
> writing the sorted result back.
>
> Note: The added regression test is tailored for ASAN bots as a
> normal build would need too many iterations to consistently crash.
>
> R=neis@chromium.org, petermarshall@chromium.org
>
> Bug: v8:9161
> Change-Id: Ic089928652f75865bfdb11e7453806faa6ecb988
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1581641
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61004}
Bug: v8:9161
Change-Id: Idffc3fbb5f28f4966c8f1ac6770d5b5d6003a7e7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1583726
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61011}
Verify that baseline and top tier compilation are finished when
expected. Test cases will use the newly exposed functions
{baseline_compilation_finished} and {top_tier_compilation_finished} for
this.
Bug: v8:9003
Change-Id: I023af3390ed5e087a3b40efe7c340d7e93071a51
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1581941
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Frederik Gossen <frgossen@google.com>
Cr-Commit-Position: refs/heads/master@{#61010}
This reverts commit 3d846115d6.
Reason for revert: The test hangs flakily on windows:
https://ci.chromium.org/p/v8/builders/ci/V8%20Win32/20612https://ci.chromium.org/p/v8/builders/ci/V8%20Win32%20-%20nosnap%20-%20shared/33147https://ci.chromium.org/p/v8/builders/ci/V8%20Win32%20-%20debug/19945
Original change's description:
> [typedarray] Fix crash when sorting SharedArrayBuffers
>
> TypedArray#sort has a fast-path when the user does not provide a
> comparison function. This fast-path utilizes std::sort which operates
> directly on the raw data. Per spec, std::sort requires the "less than"
> operation to be anti-symmetric and transitive.
>
> When sorting SharedArrayBuffers (SAB) that are concurrently modified during
> sorting, the "less than" operator stops being consistent as the
> underlying data is constantly modified. This breaks some invariants
> in std::sort resulting in infinite loops or straight out segfaults.
>
> This CL fixes this by copying the data before sorting SABs and
> writing the sorted result back.
>
> Note: The added regression test is tailored for ASAN bots as a
> normal build would need too many iterations to consistently crash.
>
> R=neis@chromium.org, petermarshall@chromium.org
>
> Bug: v8:9161
> Change-Id: Ic089928652f75865bfdb11e7453806faa6ecb988
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1581641
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61004}
TBR=neis@chromium.org,petermarshall@chromium.org,szuend@chromium.org
Change-Id: I046da3e4228bb1a8a3aa89d9c9d8de11875a9273
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9161
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1583725
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61007}
An email pattern like *@*foo.bar matches unintended addresses such as
bla@foofoo.bar. Split it into *@foo.bar and *@*.foo.bar instead.
This corresponds to what is done in chromium's AUTHORS file.
Change-Id: I2f463fbc41cfcfced1151542f64d054dbe85e563
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1581642
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61006}
It shipped in Chrome 73.
Bug: v8:6890
Change-Id: Idd8c98cf05a0d6e8fa58c5b0a34d079631f68b1b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1582879
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Cr-Commit-Position: refs/heads/master@{#61005}
TypedArray#sort has a fast-path when the user does not provide a
comparison function. This fast-path utilizes std::sort which operates
directly on the raw data. Per spec, std::sort requires the "less than"
operation to be anti-symmetric and transitive.
When sorting SharedArrayBuffers (SAB) that are concurrently modified during
sorting, the "less than" operator stops being consistent as the
underlying data is constantly modified. This breaks some invariants
in std::sort resulting in infinite loops or straight out segfaults.
This CL fixes this by copying the data before sorting SABs and
writing the sorted result back.
Note: The added regression test is tailored for ASAN bots as a
normal build would need too many iterations to consistently crash.
R=neis@chromium.org, petermarshall@chromium.org
Bug: v8:9161
Change-Id: Ic089928652f75865bfdb11e7453806faa6ecb988
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1581641
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61004}
This CL refactors and extends the infrastructure around sending
diagnostic notifications. This enables publishing lint errors as
warnings after a compilation run.
R=sigurds@chromium.org, tebbi@chromium.org
Bug: v8:8880
Change-Id: Ia64d2d490c1449021c92f5dc45eb7f8dab21e60a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1582405
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61003}
When the snapshot blob is not aligned properly, loading it can cause a
crash on platforms such as arm.
This was exposed by a SIGBUS/BUS_ADRALN crash on arm when accessing
the blob_data symbol (declared as a byte array) through a reinterpret
cast to uintptr_t in an internal snapshot build.
Thanks to florian.dold@gmail.com for the initial patch.
Bug: v8:9171
Change-Id: I99b071dec3733416f2f01b58a770e30d8f2dcdf2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1582402
Commit-Queue: Dan Elphick <delphick@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61000}
This reverts commit 7a2651cbf5.
Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Android%20Arm64%20-%20N5X/4126
Original change's description:
> [arm64] Cleanup TODO around handling of x18
>
> Use `padreg` instead of x18 to maintain alignment in the CPURegList.
>
> Also clean up some comments and tidy up RequiredStackSizeForCallerSaved
> and PushCallerSaved.
>
> Change-Id: I80a780e5649e69a1746c43f37c2d1d875120c7a0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1581609
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
> Cr-Commit-Position: refs/heads/master@{#60987}
TBR=jgruber@chromium.org,martyn.capewell@arm.com,joey.gouly@arm.com
Change-Id: Id95ac26142717f6503d284d20ca03b9de33a9122
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1582403
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60999}
Make sure to adapt the formal parameters for the Promise.allSettled
method.
Bug: v8:7834
Change-Id: I255fc695f5ac0d62ed18f5aad78665feb38c241a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1580239
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60996}
