[base] Remove reinterpret_casts and undefined behaviour resulting from calling a function through a pointer of the wrong type from LazyInstanceImpl #20
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…m calling a function through a pointer of the wrong type from LazyInstanceImpl
hubot
pushed a commit
that referenced
this pull request
Dec 21, 2017
Revision: 14ac02c BUG=v8:6623 LOG=N NOTRY=true NOPRESUBMIT=true NOTREECHECKS=true [email protected] Change-Id: I8fa6ee60ad2c3e364a60721a273e4327ebb789d7 Reviewed-on: https://chromium-review.googlesource.com/833398 Reviewed-by: Yang Guo <[email protected]> Cr-Commit-Position: refs/branch-heads/6.4@{#20} Cr-Branched-From: 0407506-refs/heads/6.4.388@{#1} Cr-Branched-From: a5fc4e0-refs/heads/master@{#49724}
hubot
pushed a commit
that referenced
this pull request
Jan 31, 2018
[email protected] Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: I275042dfb24c1e858304577f22f52eeaafbcb183 Reviewed-on: https://chromium-review.googlesource.com/896444 Reviewed-by: v8 autoroll <[email protected]> Cr-Commit-Position: refs/branch-heads/6.5@{#20} Cr-Branched-From: 73c55f5-refs/heads/6.5.254@{#1} Cr-Branched-From: 594a1a0-refs/heads/master@{#50664}
kisg
pushed a commit
to paul99/v8mips
that referenced
this pull request
Feb 21, 2018
Add support for CSDB, equivalent to HINT v8#20, in the system instruction space. Additionally, relax the "unallocated" identification of hint instructions that we don't support, such that they'll now disassemble as "unimplemented (System)" rather than "unallocated". Change-Id: Ia36d13fe17a98edb872f234e7cdda33d033618e8 Reviewed-on: https://chromium-review.googlesource.com/926806 Reviewed-by: Ross McIlroy <[email protected]> Commit-Queue: Martyn Capewell <[email protected]> Cr-Commit-Position: refs/heads/master@{#51420}
hubot
pushed a commit
that referenced
this pull request
Mar 12, 2018
[email protected] Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: I7ddcc7142a9af139d5371deffbfa7cc158205e8d Reviewed-on: https://chromium-review.googlesource.com/959158 Reviewed-by: v8 autoroll <[email protected]> Cr-Commit-Position: refs/branch-heads/6.6@{#20} Cr-Branched-From: d500271-refs/heads/6.6.346@{#1} Cr-Branched-From: 265ef0b-refs/heads/master@{#51624}
hubot
pushed a commit
that referenced
this pull request
Apr 17, 2018
Revision: 2279dda NOTRY=true NOPRESUBMIT=true NOTREECHECKS=true Change-Id: I63e764830b65ee8717c1390d95b923a58e30ee06 Bug: v8:7656 Reviewed-on: https://chromium-review.googlesource.com/1013925 Reviewed-by: Michael Achenbach <[email protected]> Cr-Commit-Position: refs/branch-heads/6.7@{#20} Cr-Branched-From: 8457e81-refs/heads/6.7.288@{#2} Cr-Branched-From: e921be5-refs/heads/master@{#52547}
hubot
pushed a commit
that referenced
this pull request
Jun 7, 2018
[email protected] Change-Id: Iec28e212b22b4f7278808c291ab2a486ed4f41d4 Reviewed-on: https://chromium-review.googlesource.com/1090815 Reviewed-by: v8 autoroll <[email protected]> Cr-Commit-Position: refs/branch-heads/6.8@{#20} Cr-Branched-From: 44d7d7d-refs/heads/6.8.275@{#1} Cr-Branched-From: 5754f66-refs/heads/master@{#53286}
kisg
pushed a commit
to paul99/v8mips
that referenced
this pull request
Jul 4, 2018
This reverts commit 52a10e5. Reason for revert: https://test-results.appspot.com/data/layout_results/V8-Blink_Linux_64__dbg_/12434/layout-test-results/results.html Crash e.g. in http/tests/devtools/oopif/oopif-performance-cpu-profiles.js crash log for devtools (pid <unknown>): STDOUT: <empty> STDERR: STDERR: STDERR: # STDERR: # Fatal error in ../../v8/src/compilation-dependencies.cc, line 281 STDERR: # Debug check failed: descriptor == owner->LastAdded() (10 vs. 22). STDERR: # STDERR: # STDERR: # STDERR: #FailureMessage Object: 0x7fff86878630#0 0x0000031c642c base::debug::StackTrace::StackTrace() STDERR: #1 0x0000046a56bb gin::(anonymous namespace)::PrintStackTrace() STDERR: v8#2 0x00000469c528 V8_Fatal() STDERR: v8#3 0x00000469c285 v8::base::(anonymous namespace)::DefaultDcheckHandler() STDERR: v8#4 0x000001cc5253 v8::internal::CompilationDependencies::DependOnFieldType() STDERR: v8#5 0x000001cdcc46 v8::internal::compiler::AccessInfoFactory::ComputePropertyAccessInfo() STDERR: v8#6 0x000001cde661 v8::internal::compiler::AccessInfoFactory::ComputePropertyAccessInfos() STDERR: v8#7 0x000001dd982b v8::internal::compiler::JSNativeContextSpecialization::ReduceNamedAccess() STDERR: v8#8 0x000001ddb715 v8::internal::compiler::JSNativeContextSpecialization::ReduceNamedAccessFromNexus() STDERR: v8#9 0x000001dd656d v8::internal::compiler::JSNativeContextSpecialization::ReduceJSLoadNamed() STDERR: v8#10 0x000001d53872 v8::internal::compiler::GraphReducer::Reduce() STDERR: v8#11 0x000001d534a5 v8::internal::compiler::GraphReducer::ReduceTop() STDERR: v8#12 0x000001d52e58 v8::internal::compiler::GraphReducer::ReduceNode() STDERR: v8#13 0x000001e4c201 v8::internal::compiler::InliningPhase::Run() STDERR: v8#14 0x000001e44f79 v8::internal::compiler::PipelineImpl::Run<>() STDERR: v8#15 0x000001e41058 v8::internal::compiler::PipelineImpl::CreateGraph() STDERR: v8#16 0x000001e40c75 v8::internal::compiler::PipelineCompilationJob::PrepareJobImpl() STDERR: v8#17 0x000001ccd437 v8::internal::OptimizedCompilationJob::PrepareJob() STDERR: v8#18 0x000001cd071e v8::internal::(anonymous namespace)::GetOptimizedCode() STDERR: v8#19 0x000001cd0c6f v8::internal::Compiler::CompileOptimized() STDERR: v8#20 0x00000231fb62 v8::internal::__RT_impl_Runtime_CompileOptimized_Concurrent() STDERR: v8#21 0x00000288e535 <unknown> Original change's description: > [turbofan] Rewrite CompilationDependencies > > Instead of installing code dependencies during graph reduction, > install them after code generation. > > Bug: v8:7902, v8:7790 > Change-Id: I8a3798254abb5b9ec7c295a1592aeb6b51f24c7a > Reviewed-on: https://chromium-review.googlesource.com/1119913 > Commit-Queue: Georg Neis <[email protected]> > Reviewed-by: Jaroslav Sevcik <[email protected]> > Reviewed-by: Michael Starzinger <[email protected]> > Cr-Commit-Position: refs/heads/master@{#54170} [email protected],[email protected],[email protected] Change-Id: Ic58c2bfadbd34bb6ba7dc0d2b74871cc90b0a74f No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:7902, v8:7790 Reviewed-on: https://chromium-review.googlesource.com/1125680 Reviewed-by: Yang Guo <[email protected]> Commit-Queue: Yang Guo <[email protected]> Cr-Commit-Position: refs/heads/master@{#54192}
hubot
pushed a commit
that referenced
this pull request
Jul 31, 2018
[email protected] Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: Icaa24934bc47cfe3caa99886c95fab320c9f15bc Reviewed-on: https://chromium-review.googlesource.com/1157260 Reviewed-by: V8 Autoroller <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/branch-heads/6.9@{#20} Cr-Branched-From: d7b61ab-refs/heads/6.9.427@{#1} Cr-Branched-From: b7e108d-refs/heads/master@{#54504}
peterwmwong
pushed a commit
to peterwmwong/v8
that referenced
this pull request
Dec 9, 2018
This reverts commit caed2cc. Reason for revert: Breaks layout tests, e.g. https://test-results.appspot.com/data/layout_results/V8-Blink_Linux_64__dbg_/14924/webkit_layout_tests%20%28with%20patch%29/layout-test-results/results.html crash log for renderer (pid <unknown>): STDOUT: <empty> STDERR: STDERR: STDERR: # STDERR: # Fatal error in ../../v8/src/base/platform/elapsed-timer.h, line 24 STDERR: # Debug check failed: !IsStarted(). STDERR: # STDERR: # STDERR: # STDERR: #FailureMessage Object: 0x7ffc46707640#0 0x565409263b6f base::debug::StackTrace::StackTrace() STDERR: #1 0x56540a8a32fb gin::(anonymous namespace)::PrintStackTrace() STDERR: #2 0x56540a8980d8 V8_Fatal() STDERR: #3 0x56540a897e35 v8::base::(anonymous namespace)::DefaultDcheckHandler() STDERR: v8#4 0x565407971f02 v8::base::ElapsedTimer::Start() STDERR: v8#5 0x565407d08edf v8::internal::TimedHistogram::Start() STDERR: v8#6 0x565407e500d5 v8::internal::IncrementalMarking::AdvanceIncrementalMarkingOnAllocation() STDERR: v8#7 0x565407e4f977 v8::internal::IncrementalMarking::Observer::Step() STDERR: v8#8 0x565407e48092 v8::internal::AllocationObserver::AllocationStep() STDERR: v8#9 0x565407eb0751 v8::internal::SpaceWithLinearArea::InlineAllocationStep() STDERR: v8#10 0x565407eb3e44 v8::internal::NewSpace::EnsureAllocation() STDERR: v8#11 0x565407e258ff v8::internal::NewSpace::AllocateRaw() STDERR: v8#12 0x565407e06b2d v8::internal::Heap::AllocateRaw() STDERR: v8#13 0x565407e432ef v8::internal::Heap::AllocateRawWithLightRetry() STDERR: v8#14 0x565407e433cf v8::internal::Heap::AllocateRawWithRetryOrFail() STDERR: v8#15 0x565407e04d48 v8::internal::Factory::NewFixedArrayWithFiller() STDERR: v8#16 0x565407fd6339 v8::internal::HashTable<>::New() STDERR: v8#17 0x565407fd7be8 v8::internal::HashTable<>::EnsureCapacity() STDERR: v8#18 0x565407fc7e95 v8::internal::Dictionary<>::Add() STDERR: v8#19 0x565407fcf453 v8::internal::BaseNameDictionary<>::Add() STDERR: v8#20 0x565407f89ee4 v8::internal::LookupIterator::ApplyTransitionToDataProperty() STDERR: v8#21 0x5654080036e2 v8::internal::Object::AddDataProperty() STDERR: v8#22 0x56540793061f v8::internal::(anonymous namespace)::DefineDataProperty() STDERR: v8#23 0x56540792da59 v8::internal::(anonymous namespace)::InstantiateObject() STDERR: v8#24 0x56540792b75a v8::internal::(anonymous namespace)::InstantiateFunction() STDERR: v8#25 0x56540792b4db v8::internal::ApiNatives::InstantiateFunction() STDERR: v8#26 0x5654079594bf v8::FunctionTemplate::GetFunction() STDERR: v8#27 0x56540a7af74e blink::V8ObjectConstructor::CreateInterfaceObject() STDERR: v8#28 0x56540a7afe01 blink::V8PerContextData::ConstructorForTypeSlowCase() STDERR: v8#29 0x56540a7afdd6 blink::V8PerContextData::ConstructorForTypeSlowCase() STDERR: v8#30 0x56540a7afdd6 blink::V8PerContextData::ConstructorForTypeSlowCase() STDERR: v8#31 0x56540a7afcb4 blink::V8PerContextData::CreateWrapperFromCacheSlowCase() STDERR: v8#32 0x56540a7aef73 blink::V8DOMWrapper::CreateWrapper() STDERR: v8#33 0x56540a7abf6b blink::ScriptWrappable::Wrap() STDERR: v8#34 0x56540a677199 blink::V8Document::documentElementAttributeGetterCallback() STDERR: v8#35 0x565407a0aec3 v8::internal::FunctionCallbackArguments::Call() STDERR: v8#36 0x565407a097be v8::internal::(anonymous namespace)::HandleApiCallHelper<>() STDERR: v8#37 0x565407a0877b v8::internal::Builtins::InvokeApiFunction() STDERR: v8#38 0x565407fe785a v8::internal::Object::GetPropertyWithAccessor() STDERR: v8#39 0x565407fe697e v8::internal::Object::GetProperty() STDERR: v8#40 0x565407ec8c71 v8::internal::LoadIC::Load() STDERR: v8#41 0x565407ed6401 v8::internal::__RT_impl_Runtime_LoadIC_Miss() STDERR: v8#42 0x5654087593f2 <unknown> STDERR: [16162:16185:1122/143518.356897:WARNING:crash_handler_host_linux.cc(341)] Could not translate tid, attempt = 1 retry ... Original change's description: > [heap] Improve embedder tracing during incremental marking > > Add a path into embedder tracing on allocation. This is safe as as Blink > is not allowed to call into V8 during object construction. > > Bug: chromium:843903 > Change-Id: I5af053c3169f5a33778ebce5d7c5c43e4efb1aa4 > Reviewed-on: https://chromium-review.googlesource.com/c/1348749 > Commit-Queue: Michael Lippautz <[email protected]> > Reviewed-by: Ulan Degenbaev <[email protected]> > Cr-Commit-Position: refs/heads/master@{#57757} [email protected],[email protected] Change-Id: Ide2c0b284b52bee17573adcc89f14be4e40dab91 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:843903 Reviewed-on: https://chromium-review.googlesource.com/c/1349189 Reviewed-by: Yang Guo <[email protected]> Commit-Queue: Yang Guo <[email protected]> Cr-Commit-Position: refs/heads/master@{#57759}
junhuaw
pushed a commit
to junhuaw/v8
that referenced
this pull request
Feb 6, 2019
TBR=v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com Change-Id: I0bf6bcd57e781904587e139492c78e5e38057f6e Reviewed-on: https://chromium-review.googlesource.com/c/1371544 Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/branch-heads/7.2@{v8#20} Cr-Branched-From: 6acd03c-refs/heads/7.2.502@{#1} Cr-Branched-From: b03041d-refs/heads/master@{#57910}
Teemperor
pushed a commit
to Teemperor/v8
that referenced
this pull request
May 25, 2019
TBR=v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com Change-Id: I3012e23ed262edca04b9ef89f24420b75018578d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1530197 Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/branch-heads/7.4@{v8#20} Cr-Branched-From: 3e8a733-refs/heads/7.4.288@{#1} Cr-Branched-From: d077f9b-refs/heads/master@{#60039}
billti
pushed a commit
to billti/v8
that referenced
this pull request
Apr 6, 2020
TBR=v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com Change-Id: I4ed7f05dbb4a71d6d776850a345a065812d44d68 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2060548 Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/branch-heads/8.1@{v8#20} Cr-Branched-From: a4dcd39-refs/heads/8.1.307@{#1} Cr-Branched-From: f22c213-refs/heads/master@{#66031}
lazyparser
pushed a commit
to ISRC-CAS/v8-riscv
that referenced
this pull request
Jul 18, 2020
Temporarily add patch here to simplify setup
Kwizatz
pushed a commit
to AeonGames/v8
that referenced
this pull request
Sep 2, 2020
(cherry picked from commit 93c0be4) The unregister_token slot is iterated as a custom weak pointer slot, which means the heap verifier treats it as a strong slot. Currently, popped WeakCells (that is, WeakCells for which the owning FinalizationRegistry's finalizer has already been invoked) neither clears out the unregister_token slot nor marks it, which trips the heap verifier. Bug: chromium:1102161 Change-Id: I0a803f12379fc9df6935bc8331b3d5ecb199571a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2284202 Commit-Queue: Ulan Degenbaev <[email protected]> Reviewed-by: Ulan Degenbaev <[email protected]> Auto-Submit: Shu-yu Guo <[email protected]> Cr-Original-Commit-Position: refs/heads/master@{#68723} Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2295459 Commit-Queue: Shu-yu Guo <[email protected]> Cr-Commit-Position: refs/branch-heads/8.5@{v8#20} Cr-Branched-From: a7f8bc4-refs/heads/8.5.210@{#1} Cr-Branched-From: dd58472-refs/heads/master@{#68510}
ceejatec
pushed a commit
to couchbasedeps/v8-mirror
that referenced
this pull request
Sep 24, 2020
TBR=v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com Change-Id: I88c0dbfb9683d48cf5e4c0bc87df6b9d43a5b215 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1826845 Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/branch-heads/7.8@{v8#20} Cr-Branched-From: 73694fd-refs/heads/7.8.279@{#1} Cr-Branched-From: 2314928-refs/heads/master@{#63555}
ceejatec
pushed a commit
to couchbasedeps/v8-mirror
that referenced
this pull request
Sep 24, 2020
TBR=v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com Change-Id: I4f05928eaa82e0ebcb8d1823cf704b5937ea93f1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1782731 Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/branch-heads/7.7@{v8#20} Cr-Branched-From: 4035531-refs/heads/7.7.299@{#1} Cr-Branched-From: 1320c91-refs/heads/master@{#62881}
ceejatec
pushed a commit
to couchbasedeps/v8-mirror
that referenced
this pull request
Sep 24, 2020
TBR=v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com Change-Id: Ife8535fcc46d726e2b304c5b21a57d30178efb01 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1874835 Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/branch-heads/7.9@{v8#20} Cr-Branched-From: be181e2-refs/heads/7.9.317@{#1} Cr-Branched-From: 0d7889d-refs/heads/master@{#64307}
ceejatec
pushed a commit
to couchbasedeps/v8-mirror
that referenced
this pull request
Sep 24, 2020
The {cmp} instruction might add an entry to the constant pool at a time
where we didn't expect any entries to be added.
This can be fixed by moving the {CheckConstPool} call *after* the {cmp}.
TBR=[email protected]
(cherry picked from commit 2d89d8a)
Bug: chromium:1034394
No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Change-Id: I905fd6d531c5e7b57e9911b861b3f22abdb5a650
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1992424
Commit-Queue: Clemens Backes <[email protected]>
Reviewed-by: Clemens Backes <[email protected]>
Cr-Commit-Position: refs/branch-heads/8.0@{v8#20}
Cr-Branched-From: 69827db-refs/heads/8.0.426@{v8#2}
Cr-Branched-From: 2fe1552-refs/heads/master@{#65318}
ceejatec
pushed a commit
to couchbasedeps/v8-mirror
that referenced
this pull request
Sep 24, 2020
Revision: 8a3c4d9 BUG=chromium:924905 LOG=N NOTRY=true NOPRESUBMIT=true NOTREECHECKS=true [email protected] Change-Id: I80d8653d0509c68aa0177e57204ec025693bca5a Reviewed-on: https://chromium-review.googlesource.com/c/1475472 Reviewed-by: Andreas Haas <[email protected]> Cr-Commit-Position: refs/branch-heads/7.3@{v8#20} Cr-Branched-From: 9df9418-refs/heads/7.3.492@{v8#2} Cr-Branched-From: be213cf-refs/heads/master@{#59024}
ceejatec
pushed a commit
to couchbasedeps/v8-mirror
that referenced
this pull request
Sep 24, 2020
NOTRY=true NOPRESUBMIT=true TBR=santa Change-Id: I5b0c7f6d6f313e3c924f0b66caa6e3e8155ba555 Reviewed-on: https://chromium-review.googlesource.com/c/1301479 Reviewed-by: Michael Achenbach <[email protected]> Commit-Queue: Michael Achenbach <[email protected]> Cr-Commit-Position: refs/branch-heads/7.1@{v8#20} Cr-Branched-From: f70aaa8-refs/heads/7.1.302@{#1} Cr-Branched-From: 1dbcc78-refs/heads/master@{#56462}
ceejatec
pushed a commit
to couchbasedeps/v8-mirror
that referenced
this pull request
Sep 24, 2020
Revision: 1e37ca2 BUG=chromium:974627 LOG=N NOTRY=true NOPRESUBMIT=true NOTREECHECKS=true [email protected] Change-Id: Ia2ef8f1fe2288cf7ab8e178266cfb5b57c3e9893 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1672934 Reviewed-by: Leszek Swirski <[email protected]> Cr-Commit-Position: refs/branch-heads/7.6@{v8#20} Cr-Branched-From: 2cb2573-refs/heads/7.6.303@{#1} Cr-Branched-From: 201c509-refs/heads/master@{#61902}
ceejatec
pushed a commit
to couchbasedeps/v8-mirror
that referenced
this pull request
Sep 24, 2020
…oritative." Revision: f59744f NOTRY=true NOPRESUBMIT=true NOTREECHECKS=true [email protected] [email protected], [email protected], [email protected] Change-Id: Id544a8f7b9bb64c99ccfc1155fd892d1cf1e638f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1598750 Reviewed-by: Peter Marshall <[email protected]> Cr-Commit-Position: refs/branch-heads/7.5@{v8#20} Cr-Branched-From: 35b9bf5-refs/heads/7.5.288@{#1} Cr-Branched-From: 912b391-refs/heads/master@{#60911}
ceejatec
pushed a commit
to couchbasedeps/v8-mirror
that referenced
this pull request
Sep 24, 2020
(cherry picked from commit 85bc1b0) Bug: chromium:1086890 TBR: [email protected] No-Try: true No-Presubmit: true No-Tree-Checks: true Change-Id: If08ae887bf47630f4db8fb2de9a2e241a43a716e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2238571 Commit-Queue: Tobias Tebbi <[email protected]> Reviewed-by: Tobias Tebbi <[email protected]> Cr-Commit-Position: refs/branch-heads/8.3@{v8#20} Cr-Branched-From: 1668abd-refs/heads/8.3.110@{#1} Cr-Branched-From: 04a7a68-refs/heads/master@{#66926}
ceejatec
pushed a commit
to couchbasedeps/v8-mirror
that referenced
this pull request
Sep 24, 2020
This reverts commit 2966ed0. Reason for revert: broke presubmit check. Original change's description: > Merged: [torque] check FixedArray length > > (cherry picked from commit 85bc1b0) > > Bug: chromium:1086890 > TBR: [email protected] > No-Try: true > No-Presubmit: true > No-Tree-Checks: true > Change-Id: If08ae887bf47630f4db8fb2de9a2e241a43a716e > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2238571 > Commit-Queue: Tobias Tebbi <[email protected]> > Reviewed-by: Tobias Tebbi <[email protected]> > Cr-Commit-Position: refs/branch-heads/8.3@{v8#20} > Cr-Branched-From: 1668abd-refs/heads/8.3.110@{#1} > Cr-Branched-From: 04a7a68-refs/heads/master@{#66926} [email protected],[email protected] Change-Id: I6f0406c22e8ad877c93d672fe6ded8b1561f0e75 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:1086890 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2239575 Reviewed-by: Tobias Tebbi <[email protected]> Commit-Queue: Tobias Tebbi <[email protected]> Cr-Commit-Position: refs/branch-heads/8.3@{v8#22} Cr-Branched-From: 1668abd-refs/heads/8.3.110@{#1} Cr-Branched-From: 04a7a68-refs/heads/master@{#66926}
ceejatec
pushed a commit
to couchbasedeps/v8-mirror
that referenced
this pull request
Sep 24, 2020
Bug: chromium:1086890 (cherry picked from commit 85bc1b0) Change-Id: Ie9553f61008c4c370891484040b22a5d26c0f38e TBR: [email protected] No-Try: true No-Presubmit: true No-Tree-Checks: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2228495 Reviewed-by: Tobias Tebbi <[email protected]> Commit-Queue: Tobias Tebbi <[email protected]> Cr-Commit-Position: refs/branch-heads/8.4@{v8#20} Cr-Branched-From: 88ed2e3-refs/heads/8.4.371@{#1} Cr-Branched-From: 35f88bf-refs/heads/master@{#67773}
Kwizatz
pushed a commit
to AeonGames/v8
that referenced
this pull request
Oct 28, 2020
Preparing for tail call is usually done by emitting the gap moves and then moving the stack pointer to its new position. An optimization consists in moving the stack pointer first and transforming some of the moves into pushes. In the attached case it looks like this (arm): 138 add sp, sp, v8#40 13c str r6, [sp, #-4]! 140 str r6, [sp, #-4]! 144 str r6, [sp, #-4]! 148 str r6, [sp, #-4]! 14c str r6, [sp, #-4]! ... 160 vldr d1, [sp - 4*3] The last line is a gap reload, but because the stack pointer was already moved, the slot is now below the stack pointer. This is invalid and triggers this DCHECK: Fatal error in ../../v8/src/codegen/arm/assembler-arm.cc, line 402 Debug check failed: 0 <= offset (0 vs. -12). A comment already explains that we skip the optimization if the gap contains stack moves to prevent this, but the code only checks for non-FP slots. This is fixed by replacing "source.IsStackSlot()" with "source.IsAnyStackSlot()": 108 vldr d1, [sp + 4*2] ... 118 str r0, [sp, #+36] 11c str r0, [sp, #+32] 120 str r0, [sp, #+28] 124 str r0, [sp, #+24] 128 str r0, [sp, #+20] ... 134 add sp, sp, v8#20 [email protected] Bug: chromium:1137608 Change-Id: If2b85dde49bf31a6bd3f5e0255407f9390727f9d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2474784 Reviewed-by: Jakob Gruber <[email protected]> Commit-Queue: Thibaud Michaud <[email protected]> Cr-Commit-Position: refs/heads/master@{#70603}
Kwizatz
pushed a commit
to AeonGames/v8
that referenced
this pull request
Oct 28, 2020
Merged: [test] Make finding build directory more flexible Revision: 4f015e8 Merged: [test] Use the correct precedence for choosing the build directory Revision: 7b24b13 Merged: [test] Add fallback to legacy output directory Revision: bf3adea Merged: [gcmole] Fix gcmole after property change Revision: c87bdbc Merged: [test] Overhaul mode processing in test runner Revision: 608b732 Merged: [test] Switch to flattened json output Revision: 373a9a8 BUG=chromium:1132088,v8:10893 NOTRY=true NOTREECHECKS=true [email protected] Change-Id: I3c1de04ca4fe62e36da29e706a20daec0b3d4d98 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2461745 Reviewed-by: Liviu Rau <[email protected]> Commit-Queue: Michael Achenbach <[email protected]> Cr-Commit-Position: refs/branch-heads/8.6@{v8#20} Cr-Branched-From: a64aed2-refs/heads/8.6.395@{#1} Cr-Branched-From: a626bc0-refs/heads/master@{#69472}
patrik-lengweiler
pushed a commit
to hexagon-geo-surv/v8
that referenced
this pull request
May 31, 2023
Revision: a224eff BUG=chromium:744584 LOG=N NOTRY=true NOPRESUBMIT=true NOTREECHECKS=true [email protected] Change-Id: I3f3ec437c780a615b98767345b5eb88a05c2b0e6 Reviewed-on: https://chromium-review.googlesource.com/586329 Reviewed-by: Jaroslav Sevcik <[email protected]> Commit-Queue: Tobias Tebbi <[email protected]> Cr-Commit-Position: refs/branch-heads/6.1@{v8#20} Cr-Branched-From: 1bf2e10-refs/heads/6.1.534@{#1} Cr-Branched-From: e825c43-refs/heads/master@{#46746}
patrik-lengweiler
pushed a commit
to hexagon-geo-surv/v8
that referenced
this pull request
May 31, 2023
Change-Id: I3e82df5f4e75dcb86f69389e3953c003f492901a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4352708 Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/branch-heads/11.2@{v8#20} Cr-Branched-From: 755511a-refs/heads/11.2.214@{#1} Cr-Branched-From: e6b1cce-refs/heads/main@{#86014}
patrik-lengweiler
pushed a commit
to hexagon-geo-surv/v8
that referenced
this pull request
May 31, 2023
…handling Fixed: chromium:1417908 (cherry picked from commit 3ef88bc) Change-Id: I1114a6302f5448a4bd8bfc7457eb623c96a91927 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4288777 Reviewed-by: Jakob Kummerow <[email protected]> Cr-Commit-Position: refs/branch-heads/11.1@{v8#20} Cr-Branched-From: c77793a-refs/heads/11.1.277@{#1} Cr-Branched-From: 95b79bf-refs/heads/main@{#85479}
patrik-lengweiler
pushed a commit
to hexagon-geo-surv/v8
that referenced
this pull request
May 31, 2023
(cherry picked from commit 8fe2791) No-Try: true Bug: chromium:1406448 Change-Id: Ife4643913e340c382eaf8738b13bdb47b4b6f46d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4154411 Auto-Submit: Michael Achenbach <[email protected]> Commit-Queue: Alexander Schulze <[email protected]> Commit-Queue: Michael Achenbach <[email protected]> Reviewed-by: Alexander Schulze <[email protected]> Cr-Original-Commit-Position: refs/heads/main@{#85198} Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4194555 Cr-Commit-Position: refs/branch-heads/10.9@{v8#20} Cr-Branched-From: 8ade6bf-refs/heads/10.9.194@{#1} Cr-Branched-From: 9ff2515-refs/heads/main@{#84164}
patrik-lengweiler
pushed a commit
to hexagon-geo-surv/v8
that referenced
this pull request
May 31, 2023
[email protected] Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: Ib521ef62ea9ae1c5ef75efbbd89ba955bdf4d58d Reviewed-on: https://chromium-review.googlesource.com/668662 Reviewed-by: v8 autoroll <[email protected]> Cr-Commit-Position: refs/branch-heads/6.2@{v8#20} Cr-Branched-From: efa2ac4-refs/heads/6.2.414@{#1} Cr-Branched-From: a861ebb-refs/heads/master@{#47693}
patrik-lengweiler
pushed a commit
to hexagon-geo-surv/v8
that referenced
this pull request
May 31, 2023
Revision: eadaef5 NOTRY=true NOPRESUBMIT=true NOTREECHECKS=true Bug: v8:14008 Change-Id: I5e0626e28eba974f33b7ddb125ce265311060ded Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4543312 Reviewed-by: Junliang Yan <[email protected]> Commit-Queue: Milad Farazmand <[email protected]> Cr-Commit-Position: refs/branch-heads/11.4@{v8#20} Cr-Branched-From: 8a8a1e7-refs/heads/11.4.183@{#1} Cr-Branched-From: 5483d8e-refs/heads/main@{#87241}
patrik-lengweiler
pushed a commit
to hexagon-geo-surv/v8
that referenced
this pull request
May 31, 2023
patrik-lengweiler
pushed a commit
to hexagon-geo-surv/v8
that referenced
this pull request
May 31, 2023
…t32Key. Revision: a3de183 BUG=chromium:774459 LOG=N NOTRY=true NOPRESUBMIT=true NOTREECHECKS=true [email protected] Change-Id: Ia785eaaa6effe18f31ec59fdb9544ffc36b5195f Reviewed-on: https://chromium-review.googlesource.com/723593 Reviewed-by: Camillo Bruni <[email protected]> Cr-Commit-Position: refs/branch-heads/6.3@{v8#20} Cr-Branched-From: 094a7c9-refs/heads/6.3.292@{#1} Cr-Branched-From: 18b8fbb-refs/heads/master@{#48432}
patrik-lengweiler
pushed a commit
to hexagon-geo-surv/v8
that referenced
this pull request
May 31, 2023
patrik-lengweiler
pushed a commit
to hexagon-geo-surv/v8
that referenced
this pull request
May 31, 2023
... by using JavaScript spec compliant JSReceiver::DefineOwnProperty. Drive-by: - cleanup comments in include/v8-object.h, insert links to respective pages of https://tc39.es/ecma262/ when referencing spec, - rename JSObject::DefineAccessor() to JSObject::DefineOwnAccessorIgnoreAttributes(). Bug: chromium:1433211 (cherry picked from commit b8020e1) Change-Id: Idf273d320e094d1553dee2d198945c4bdbcd65f7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4502804 Reviewed-by: Toon Verwaest <[email protected]> Commit-Queue: Igor Sheludko <[email protected]> Cr-Commit-Position: refs/branch-heads/11.3@{v8#20} Cr-Branched-From: b0a3a06-refs/heads/11.3.244@{#1} Cr-Branched-From: 0326cf6-refs/heads/main@{#86647}
patrik-lengweiler
pushed a commit
to hexagon-geo-surv/v8
that referenced
this pull request
May 31, 2023
Merged: Trigger OOM crash if no memory returned in v8::ArrayBuffer::New and v8::SharedArrayBuffer::New. Revision: ca0f957 Merged: ValueSerializer: Fail decode if no memory is available when decoding ArrayBuffer. Revision: 5e30385 BUG=chromium:681843 LOG=N NOTRY=true NOPRESUBMIT=true NOTREECHECKS=true [email protected] Review-Url: https://codereview.chromium.org/2657463004 . Cr-Commit-Position: refs/branch-heads/5.7@{v8#20} Cr-Branched-From: 975e9a3-refs/heads/5.7.492@{#1} Cr-Branched-From: 8d76f0e-refs/heads/master@{#42426}
patrik-lengweiler
pushed a commit
to hexagon-geo-surv/v8
that referenced
this pull request
Jun 24, 2023
Bug: chromium:1452137 (cherry picked from commit c7c4477) Change-Id: I022863daf8da14feb68862b45bf3d3504a25540c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4637890 Reviewed-by: Toon Verwaest <[email protected]> Auto-Submit: Igor Sheludko <[email protected]> Commit-Queue: Toon Verwaest <[email protected]> Commit-Queue: Igor Sheludko <[email protected]> Cr-Commit-Position: refs/branch-heads/11.5@{v8#20} Cr-Branched-From: 0c4044b-refs/heads/11.5.150@{#1} Cr-Branched-From: b71d303-refs/heads/main@{#87781}
patrik-lengweiler
pushed a commit
to hexagon-geo-surv/v8
that referenced
this pull request
Jul 25, 2023
The new.target may not be in the correct state for fast instantiation. (cherry picked from commit ed93bef) Bug: v8:7700, chromium:1465326 Change-Id: I09f92576c0b5573e902ae3b2210a7b5fdbd1e415 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4694007 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4711047 Auto-Submit: Toon Verwaest <[email protected]> Reviewed-by: Leszek Swirski <[email protected]> Commit-Queue: Leszek Swirski <[email protected]> Cr-Commit-Position: refs/branch-heads/11.6@{v8#20} Cr-Branched-From: e29c028-refs/heads/11.6.189@{v8#3} Cr-Branched-From: 95cbef2-refs/heads/main@{#88340}
reposynch bot
pushed a commit
to hexagon-geo-surv/v8
that referenced
this pull request
Sep 3, 2023
…ucer ExplicitTruncationReducer was allocating a 256KB buffer. The cost of this allocation for small graphs was actually quite high, causing compile time increases of up to 30% on small(ish) functions (ie, on functions were compilation was super fast). Bug: v8:12783 (cherry picked from commit fa0d18c) Change-Id: Icbe594cbd0d6d6255642ef665cb166ad4be5d56d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4821586 Reviewed-by: Nico Hartmann <[email protected]> Commit-Queue: Nico Hartmann <[email protected]> Auto-Submit: Darius Mercadier <[email protected]> Cr-Commit-Position: refs/branch-heads/11.7@{v8#20} Cr-Branched-From: fe60869-refs/heads/11.7.439@{#1} Cr-Branched-From: aeb4552-refs/heads/main@{#89415}
reposynch bot
pushed a commit
to hexagon-geo-surv/v8
that referenced
this pull request
Oct 1, 2023
…g check The 'EnterFrame' function of loong64 and mips64 port doesn't push context pointer on the stack. Bug: v8:14340 (cherry picked from commit ab15dc3) Change-Id: Ibfea9f3d84468f4fb8e76ffc3d75b407827002a4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4899638 Auto-Submit: Zhao Jiazhong <[email protected]> Reviewed-by: Lutz Vahl <[email protected]> Commit-Queue: Lutz Vahl <[email protected]> Cr-Commit-Position: refs/branch-heads/11.8@{v8#20} Cr-Branched-From: 935bdbf-refs/heads/11.8.172@{#1} Cr-Branched-From: b82a911-refs/heads/main@{#89779}
reposynch bot
pushed a commit
to hexagon-geo-surv/v8
that referenced
this pull request
Dec 17, 2023
The previous fix in crrev.com/c/5067474 was not complete. When writing the deopt information we need to get it from the actual values' location and not the Identity's one. (cherry picked from commit 085407f) Fixed: chromium:1506538 Change-Id: I27978331f700831ad976d39083dc2f6254d85009 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5079308 Reviewed-by: Darius Mercadier <[email protected]> Auto-Submit: Olivier Flückiger <[email protected]> Commit-Queue: Darius Mercadier <[email protected]> Cr-Original-Commit-Position: refs/heads/main@{#91341} Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5115199 Commit-Queue: Olivier Flückiger <[email protected]> Cr-Commit-Position: refs/branch-heads/12.1@{v8#20} Cr-Branched-From: b74ef6f-refs/heads/12.1.285@{#1} Cr-Branched-From: 32857fb-refs/heads/main@{#91313}
reposynch bot
pushed a commit
to hexagon-geo-surv/v8
that referenced
this pull request
Dec 17, 2023
…de-effects Side-effects in the 1st else block were not taken into account. Drive-by: minor cleanups to StructuralOptimizationReducer. Bug: v8:12783, chromium:1509576 (cherry picked from commit 4a664b3) Change-Id: Id4e230ee0fd408c821747d3350d688c8b0098ae3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5114883 Reviewed-by: Matthias Liedtke <[email protected]> Commit-Queue: Matthias Liedtke <[email protected]> Auto-Submit: Darius Mercadier <[email protected]> Cr-Commit-Position: refs/branch-heads/12.0@{v8#20} Cr-Branched-From: ed7b4ca-refs/heads/12.0.267@{#1} Cr-Branched-From: 210e75b-refs/heads/main@{#90651}
reposynch bot
pushed a commit
to hexagon-geo-surv/v8
that referenced
this pull request
Feb 4, 2024
The MachineOperatorReducer can create the situation that an atomic store has both an index and a displacement, which the ia32 instruction selector didn't support. Fixed: chromium:1520312 (cherry picked from commit 25bf4a6) Change-Id: I245de625bb0a1a1dc671049d521fd288c2a00826 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5253189 Commit-Queue: Darius Mercadier <[email protected]> Commit-Queue: Jakob Kummerow <[email protected]> Reviewed-by: Darius Mercadier <[email protected]> Auto-Submit: Jakob Kummerow <[email protected]> Cr-Commit-Position: refs/branch-heads/12.2@{v8#20} Cr-Branched-From: 6eb5a96-refs/heads/12.2.281@{#1} Cr-Branched-From: 44cf56d-refs/heads/main@{#91934}
hubot
pushed a commit
that referenced
this pull request
Mar 20, 2024
In InterpreterAssembler::OnStackReplacement, code is checked whether it's marked for deoptimization before calling Budget Interrupt. And, the interrupt can trigger GC and deoptimize the OSR code when running baseline compile, which will lead to jumping to the deoptimized OSR code. Thus, avoid baseline compilation if the function has optimized OSR code. (cherry picked from commit 78efe86) Bug: chromium:1507779 Change-Id: Ife40cff04763917949ebc41fbb7624b13daeb802 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5381523 Reviewed-by: Toon Verwaest <[email protected]> Commit-Queue: Choongwoo Han <[email protected]> Cr-Commit-Position: refs/branch-heads/12.3@{#20} Cr-Branched-From: a86e197-refs/heads/12.3.219@{#1} Cr-Branched-From: 21869f7-refs/heads/main@{#92385}
hubot
pushed a commit
that referenced
this pull request
Apr 9, 2024
…t types In case multiple inputs of the same phi are hoisted, they might require different hoist types. Fixed: chromium:331836788 (cherry picked from commit de461a0) Change-Id: Ife8ab1ddd179194dac1d86762d2ae508c9e95f49 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5438374 Auto-Submit: Olivier Flückiger <[email protected]> Reviewed-by: Darius Mercadier <[email protected]> Reviewed-by: Igor Sheludko <[email protected]> Commit-Queue: Igor Sheludko <[email protected]> Cr-Commit-Position: refs/branch-heads/12.4@{#20} Cr-Branched-From: 309640d-refs/heads/12.4.254@{#1} Cr-Branched-From: 5dc2470-refs/heads/main@{#92862}
hubot
pushed a commit
that referenced
this pull request
May 22, 2024
A few of these should account for the possibility of the object not being a JSObject. Some of them were simply redundant. (cherry picked from commit fe67713) Bug: 339753685 Change-Id: Ib53211edf4bff2294466ef560c4d36e83f993741 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5557063 Reviewed-by: Jakob Kummerow <[email protected]> Reviewed-by: Michael Lippautz <[email protected]> Commit-Queue: Matthias Liedtke <[email protected]> Cr-Commit-Position: refs/branch-heads/12.5@{#20} Cr-Branched-From: 15b9756-refs/heads/12.5.227@{#1} Cr-Branched-From: 497d857-refs/heads/main@{#93350}
hubot
pushed a commit
that referenced
this pull request
Jun 6, 2024
…zations Fixed: 342602616 (cherry picked from commit 3b037e1) Change-Id: I25d2c40c4b9f6a111b730ba88bca3af7a7cbb122 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5602673 Auto-Submit: Matthias Liedtke <[email protected]> Reviewed-by: Eva Herencsárová <[email protected]> Commit-Queue: Eva Herencsárová <[email protected]> Cr-Commit-Position: refs/branch-heads/12.6@{#20} Cr-Branched-From: 3c9fa12-refs/heads/12.6.228@{#2} Cr-Branched-From: 981bb15-refs/heads/main@{#93835}
hubot
pushed a commit
that referenced
this pull request
Jul 3, 2024
…eBind Bug: chromium:344664770 (cherry picked from commit a832ff9) Change-Id: I7c95a22e059805776680494c177f5fe8b0496594 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5669906 Reviewed-by: Toon Verwaest <[email protected]> Auto-Submit: Darius Mercadier <[email protected]> Commit-Queue: Toon Verwaest <[email protected]> Cr-Commit-Position: refs/branch-heads/12.7@{#20} Cr-Branched-From: 35cc908-refs/heads/12.7.224@{#1} Cr-Branched-From: 6d60e67-refs/heads/main@{#94324}
hubot
pushed a commit
that referenced
this pull request
Aug 13, 2024
The first call to ZeroExtendsWord32ToWord64 produces a correct result, but leaves some incorrect values in phi_states_. To avoid incorrect behavior, we should clear those values when starting anew. I think that the performance impact of this change on compilation time should be small, because calls to ZeroExtendsWord32ToWord64 are infrequent. Here is a histogram showing, per function compiled in Octane, how often this new code is run: 0: 74.7% 1: 13.1% 2: 6.3% 3: 2.5% 4 or 5: 1.7% 6 to 9: 0.9% 11 to 33: 0.8% (cherry picked from commit 780d560) Bug: 356196918 Change-Id: I00a9e74652025bf8a32cb083a6e01c0273e44043 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5766478 Commit-Queue: Seth Brenith <[email protected]> Reviewed-by: Nico Hartmann <[email protected]> Cr-Original-Commit-Position: refs/heads/main@{#95528} Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5782657 Commit-Queue: Deepti Gandluri <[email protected]> Reviewed-by: Deepti Gandluri <[email protected]> Cr-Commit-Position: refs/branch-heads/12.8@{#20} Cr-Branched-From: 70cbb39-refs/heads/12.8.374@{#1} Cr-Branched-From: 451b63e-refs/heads/main@{#95151}
hubot
pushed a commit
that referenced
this pull request
Sep 4, 2024
When a js-to-wasm wrapper tiers up, we also set the newly compiled wrapper as the target for other exports that have the same signature. This assumed that all exports have type WasmExportedFunction, but they can also have type WasmJSFunction in the case of a re-exported WebAssembly.Function import. [email protected] Fixed: 362539773 (cherry picked from commit 7860c96) Change-Id: Ie9b7c3edcefd40cad00e55d070f59edb35722698 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5835722 Reviewed-by: Clemens Backes <[email protected]> Commit-Queue: Thibaud Michaud <[email protected]> Cr-Commit-Position: refs/branch-heads/12.9@{#20} Cr-Branched-From: 64a21d7-refs/heads/12.9.202@{#1} Cr-Branched-From: da4200b-refs/heads/main@{#95679}
hubot
pushed a commit
that referenced
this pull request
Sep 24, 2024
Change-Id: I8e7bc8f36f83bffb83809aa1bd6f6cb9c18742e4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5886696 Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/branch-heads/13.0@{#20} Cr-Branched-From: 4be854b-refs/heads/13.0.245@{#1} Cr-Branched-From: 1f5183f-refs/heads/main@{#96103}
hubot
pushed a commit
that referenced
this pull request
Nov 26, 2024
Maglev uses scope infos to detect if two contexts may alias. This is only correct if we are guaranteed to have unique scope infos. This in turn relies on the machinery behind `v8_flags.reuse_scope_infos`. Bug: 379758212 (cherry picked from commit 30de523) Change-Id: I0c9e9eb5d39e21abd96e745cb4a742e84edb8a43 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/6039240 Reviewed-by: Olivier Flückiger <[email protected]> Commit-Queue: Igor Sheludko <[email protected]> Cr-Commit-Position: refs/branch-heads/13.1@{#20} Cr-Branched-From: 7998da6-refs/heads/13.1.201@{#1} Cr-Branched-From: 5e9af2a-refs/heads/main@{#96554}
hubot
pushed a commit
that referenced
this pull request
Nov 26, 2024
`GetMemOp` returns an `Operand` which can contain `kScratchRegister`. We should hence not clobber that register until after the last use of the `Operand`. This CL changes the scratch register to `kScratchRegister2` which has much fewer uses, and in particular none which collides with `GetMemOp`. [email protected] Bug: 378779897 (cherry picked from commit 57a017e) Change-Id: Ie3fc35d5822c09cfea4ce8faf955b0bb0d44a1be Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/6050180 Commit-Queue: Clemens Backes <[email protected]> Reviewed-by: Matthias Liedtke <[email protected]> Cr-Commit-Position: refs/branch-heads/13.2@{#20} Cr-Branched-From: 24068c5-refs/heads/13.2.152@{#1} Cr-Branched-From: 6054ba9-refs/heads/main@{#97085}
hubot
pushed a commit
that referenced
this pull request
Jan 17, 2025
…rapper The generic js-to-wasm wrapper can be used for calls from JavaScript to any WebAssembly function. It does that by interpreting the signature of the WebAssembly function, and by converting all incoming parameters according to that signature. The converted parameter then get stored in a byte buffer, which gets loaded into the correct registers and stack slots in a small assembly snippet. A WebAssembly function is allowed to have 1000 parameters, and the byte buffer has to have enough space for that case. A byte buffer for 1000 parameters is, however, too big to be allocated on the stack. For signatures with more than 10 parameters a ByteArray could therefore be allocated on the V8 heap. However, a ByteArray on the V8 heap could be used for a sandbox escape. Alternatively a byte array could be stored in the isolate, and then used by the generic wrapper. However, multiple activations of the generic wrapper could exist at the same time, so a single buffer would be insufficient*. With this CL, a buffer gets allocated dynamically in C++, and deallocated before the generic wrapper returns. For that the implementation of the generic wrapper gets wrapped into a try-catch, to make sure the buffer also gets freed when an exception happened. After deallocating the buffer, an exception gets re-thrown. * A simple recursion that alternates between JS and wasm would not be a problem, a single buffer would be sufficient for that. However, the conversion of each argument could trigger the execution of arbitrary JS, including calls to wasm, and for this scenario a single buffer is insufficient. [email protected] [email protected] Bug: 385256110 (cherry picked from commit 14cbf9b) Change-Id: I5e5984b606acc8b8e1f3556954d47ce956a2533f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/6182060 Reviewed-by: Jakob Kummerow <[email protected]> Commit-Queue: Andreas Haas <[email protected]> Reviewed-by: Clemens Backes <[email protected]> Cr-Commit-Position: refs/branch-heads/13.3@{#20} Cr-Branched-From: 41dacff-refs/heads/13.3.415@{#1} Cr-Branched-From: 3348638-refs/heads/main@{#97937}
hubot
pushed a commit
that referenced
this pull request
Feb 14, 2025
... functions are not supported yet. cherry picked from commits: 9a58e25 013e438 Change-Id: Ic1d52647f59d7ad46b76aba4a80ed62f2e81b99c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/6269978 Commit-Queue: Milad Farazmand <[email protected]> Reviewed-by: Leszek Swirski <[email protected]> Cr-Commit-Position: refs/branch-heads/13.4@{#20} Cr-Branched-From: 0f87a54-refs/heads/13.4.114@{#1} Cr-Branched-From: 27af2e9-refs/heads/main@{#98459}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.