Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: v8/v8
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 11.6.105
Choose a base ref
...
head repository: v8/v8
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 11.6.112
Choose a head ref
Checking mergeability… Don’t worry, you can still create the pull request.
  • 19 commits
  • 140 files changed
  • 12 contributors

Commits on Jun 9, 2023

  1. [pku] Track JS JIT allocations for validation 

    We keep metadata about all executable allocations in thread isolated memory (e.g. pkey-tagged). This CL is implementing the JS side.
This allows us to perform validation on code allocation (no overlaps,
no dangling ptrs on the shadow stack) and later on various code writes
(e.g. relocations).

Drive-by: check for V8_HEAP_USE_PKU_JIT_WRITE_PROTECT in ThreadIsolation::Enabled() and remove it on the caller sides.

Bug: v8:13355
Change-Id: I55467af1f33758ccc7b90c9f0f4459decfbac32a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4589152
Reviewed-by: Samuel Groß <[email protected]>
Reviewed-by: Michael Lippautz <[email protected]>
Commit-Queue: Stephen Röttger <[email protected]>
Cr-Commit-Position: refs/heads/main@{#88137}
    @sroettger
    sroettger authored and V8 LUCI CQ committed Jun 9, 2023
    Configuration menu
    Copy the full SHA
    e13f5aa View commit details
    Browse the repository at this point in the history

  2. [maglev] Share code for deopt frame building 

    Move deopt frame building to helper methods, which are called both for
the recursive deopt frame walk, and for the lazy deopt top-frame walk.

Also, add a helper for building the start of the translation, and inline
input location increments to BuildDeoptFrameSingleValue to avoid having
to do it in each caller.

Bug: v8:7700
Change-Id: I52ee4971d3866264087795a698eb29cda3453275
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4597970
Commit-Queue: Darius Mercadier <[email protected]>
Auto-Submit: Leszek Swirski <[email protected]>
Reviewed-by: Darius Mercadier <[email protected]>
Cr-Commit-Position: refs/heads/main@{#88138}
    @LeszekSwirski
    LeszekSwirski authored and V8 LUCI CQ committed Jun 9, 2023
    Configuration menu
    Copy the full SHA
    e026541 View commit details
    Browse the repository at this point in the history

  3. [maglev] Fix TransitionElementsKind simplification 

    Keep any_map_for_any_node_is_unstable up to date.

Bug: v8:7700,chromium:1451644
Change-Id: I67e1c5c1339ff4b5dba5862017e0fc2c0c746b9e
Fixed: chromium:1451644
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4604008
Commit-Queue: Marja Hölttä <[email protected]>
Commit-Queue: Leszek Swirski <[email protected]>
Auto-Submit: Marja Hölttä <[email protected]>
Reviewed-by: Leszek Swirski <[email protected]>
Cr-Commit-Position: refs/heads/main@{#88139}
    @marjakh
    marjakh authored and V8 LUCI CQ committed Jun 9, 2023
    Configuration menu
    Copy the full SHA
    4917bfe View commit details
    Browse the repository at this point in the history

  4. cppgc: Add Visitor::TraceMultiple 

    Trace method can be used to dispatch to consecutive fields of the same
type with a single virtual call.

Bug: chromium:1451709
Change-Id: Iacc8f0caa47fbb7e2f6cd2b967aee3f7115b56c6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4590633
Reviewed-by: Anton Bikineev <[email protected]>
Commit-Queue: Michael Lippautz <[email protected]>
Cr-Commit-Position: refs/heads/main@{#88140}
    @mlippautz
    mlippautz authored and V8 LUCI CQ committed Jun 9, 2023
    Configuration menu
    Copy the full SHA
    e0407b1 View commit details
    Browse the repository at this point in the history

  5. [builtins] Port HandleApiCall to CSA 

    ... in order to let it access the caller JS frame directly to ease the
caller context computation (will be implemented in a follow-up CL).

Additional changes related to CallApiCallbackGeneric:

1) introduce ApiCallbackExit frame so that Api functions called via
   CallApiCallbackGeneric could appear in the exception stack traces
   and to allow CallApiCallbackGeneric perform callback side effects
   checking when necessary,

2) add reference from CallHandlerInfo to FunctionTemplateInfo or
   ObjectTemplateInfo, so that CallApiCallbackGeneric could find the
   respective "function" object for side effects checking,

3) remove CSA::IsSideEffectFreeDebuggingActive() because
   CallApiCallbackGeneric is now able to handle side effects checking.

Bug: v8:13825
Change-Id: I5a96051c60a8b361e27077ff76103ad93e599843
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4582948
Reviewed-by: Marja Hölttä <[email protected]>
Commit-Queue: Igor Sheludko <[email protected]>
Cr-Commit-Position: refs/heads/main@{#88141}
    @isheludko
    isheludko authored and V8 LUCI CQ committed Jun 9, 2023
    Configuration menu
    Copy the full SHA
    7b42c0b View commit details
    Browse the repository at this point in the history

  6. [pku] disable V8_HEAP_USE_PKU_JIT_WRITE_PROTECT again 

    This was accidentally enabled in
https://chromium-review.googlesource.com/c/v8/v8/+/4589152?tab=comments

Change-Id: I153fabb57c04457c96572a8e53716259ec1fb1d1
Bug: v8:13355
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4604092
Reviewed-by: Samuel Groß <[email protected]>
Commit-Queue: Stephen Röttger <[email protected]>
Cr-Commit-Position: refs/heads/main@{#88142}
    @sroettger
    sroettger authored and V8 LUCI CQ committed Jun 9, 2023
    Configuration menu
    Copy the full SHA
    60ba5b3 View commit details
    Browse the repository at this point in the history

  7. [maglev] Use CheckInt32IsSmi instead 

    The arch independent implementation in https://crrev.com/c/4597276
was wrong. JumpIf[Not] requires a tagged value as input instead of
an int32.

Fixed: chromium:1452155
Bug: v8:7700
Change-Id: I4a7119adc7837b3b0cf25d2d1725e543b5a75ed0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4604091
Commit-Queue: Victor Gomes <[email protected]>
Auto-Submit: Victor Gomes <[email protected]>
Reviewed-by: Darius Mercadier <[email protected]>
Cr-Commit-Position: refs/heads/main@{#88143}
    @victorgomes
    victorgomes authored and V8 LUCI CQ committed Jun 9, 2023
    Configuration menu
    Copy the full SHA
    423eb07 View commit details
    Browse the repository at this point in the history

  8. [sandbox] First step towards sandbox CFI 

    This CL implements very basic code pointer sandboxing to ensure that
indirect control-flow transfers inside the sandbox always land on a
valid code entrypoint. This is achieved by setting up a dedicated code
pointer table (CPT) that contains the code entrypoints and then using
CodePointerHandles (i.e., table indices) to reference these entries from
inside the sandbox. This is essentially the same mechanism used for the
external pointer table (EPT), except that the CPT doesn't use type tags.

This CL does not yet implement full memory management for the CPT, which
will be done in follow-up CLs. For now, CPT entries are never reclaimed.
Until fully implemented, code pointer sandboxing is therefore put behind
a new compile-time flag (v8_code_pointer_sandboxing).

Further, this initial version of code pointer sandboxing is quite slow
as it adds one memory access to the JS function call path (the load from
the CPT), resulting in a roughly 1% overall regression on Speedometer2.
Follow-up CLs will attempt to reduce this overhead by "caching" the
handle in the JSFunction objects so that it doesn't need to be fetched
from the Code object when the sandbox is enabled.

Bug: chromium:1395058
Change-Id: Iad82741ed91c086bf1fe7b6de8759c0455ed8eb3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4513077
Reviewed-by: Igor Sheludko <[email protected]>
Commit-Queue: Samuel Groß <[email protected]>
Reviewed-by: Michael Lippautz <[email protected]>
Cr-Commit-Position: refs/heads/main@{#88144}
    Samuel Groß authored and V8 LUCI CQ committed Jun 9, 2023
    Configuration menu
    Copy the full SHA
    ee48926 View commit details
    Browse the repository at this point in the history

  9. Reland "[runtime] Use ThrowCalledNonCallable" 

    This is a reland of commit a11e68f

Relanding without changes, but instead disabling (crrev.com/c/4595081)
and afterward rebaselining (crrev.com/c/4595842) tests in Chromium.

Original change's description:
> [runtime] Use ThrowCalledNonCallable
>
> Call the ThrowCalledNonCallable runtime function where appropriate,
> rather than the generic ThrowNewError. This ensures that it does the
> appropriate call site rendering.
>
> Change-Id: I25ef5150ce7b87779f7591a18deb1595dac3705f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4596060
> Auto-Submit: Leszek Swirski <[email protected]>
> Commit-Queue: Leszek Swirski <[email protected]>
> Commit-Queue: Tobias Tebbi <[email protected]>
> Reviewed-by: Tobias Tebbi <[email protected]>
> Cr-Commit-Position: refs/heads/main@{#88112}

Change-Id: Id68c68a0315ffd671243b8c57ae62a1f5f50d0ab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4594631
Reviewed-by: Tobias Tebbi <[email protected]>
Commit-Queue: Leszek Swirski <[email protected]>
Cr-Commit-Position: refs/heads/main@{#88145}
    @LeszekSwirski
    LeszekSwirski authored and V8 LUCI CQ committed Jun 9, 2023
    Configuration menu
    Copy the full SHA
    9fdb4cc View commit details
    Browse the repository at this point in the history

  10. [maglev] Fix "unused variable" error 

    Bug: v8:7700
Change-Id: I734b8c17c8a99f7184d705a37d73d20bf1b59bca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4604650
Commit-Queue: Leszek Swirski <[email protected]>
Commit-Queue: Darius Mercadier <[email protected]>
Auto-Submit: Leszek Swirski <[email protected]>
Reviewed-by: Darius Mercadier <[email protected]>
Cr-Commit-Position: refs/heads/main@{#88146}
    @LeszekSwirski
    LeszekSwirski authored and V8 LUCI CQ committed Jun 9, 2023
    Configuration menu
    Copy the full SHA
    ae17cee View commit details
    Browse the repository at this point in the history

  11. [win][msvc] fix cross-compilation for arm64 

    Cross-compiling x64 to ARM64 on Windows fails with MSVC. The reason is
the ProbeMemory function which uses asm() code prohibited in this case.
This change adds conditionalizing on V8_TRAP_HANDLER_SUPPORTED thus
removing the problematic parts of the code in MSVC cross-compilation.

This extends https://chromium-review.googlesource.com/c/v8/v8/+/3964232
in a way, as it wraps ProbeMemory usage inside of the "#ifdef
V8_TRAP_HANDLER_VIA_SIMULATOR" blocks.

This follows https://chromium-review.googlesource.com/c/v8/v8/+/4403215
and https://chromium-review.googlesource.com/c/v8/v8/+/4489305 as a part
of an effort to completely fix cross-compilation with MSVC.

Change-Id: I59d9a995fbc8ee1cee2807429fd44d8043c178fb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4574697
Reviewed-by: Andreas Haas <[email protected]>
Reviewed-by: Mark Seaborn <[email protected]>
Commit-Queue: Mark Seaborn <[email protected]>
Cr-Commit-Position: refs/heads/main@{#88147}
    @StefanStojanovic
    StefanStojanovic authored and V8 LUCI CQ committed Jun 9, 2023
    Configuration menu
    Copy the full SHA
    15e31d6 View commit details
    Browse the repository at this point in the history

  12. Revert "[arm64][turbofan] Word[32|64]Select support" 

    This reverts commit 1f26e44.

Reason for revert: https://crbug.com/1453645#c12

Original change's description:
> [arm64][turbofan] Word[32|64]Select support
>
> Enable the use of csel.
>
> Change-Id: I6c2d3cc835149ce4beeb7334985ad2c11300d2c8
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4374179
> Reviewed-by: Thibaud Michaud <[email protected]>
> Commit-Queue: Martyn Capewell <[email protected]>
> Reviewed-by: Andreas Haas <[email protected]>
> Cr-Commit-Position: refs/heads/main@{#87165}

Bug: chromium:1451929, chromium:1453645
Change-Id: Icf9c8a38b9f03f8da0f6d1443b1d6b0a509c2495
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4604924
Auto-Submit: Adam Klein <[email protected]>
Commit-Queue: Adam Klein <[email protected]>
Commit-Queue: Deepti Gandluri <[email protected]>
Reviewed-by: Deepti Gandluri <[email protected]>
Cr-Commit-Position: refs/heads/main@{#88148}
    @ajklein
    ajklein authored and V8 LUCI CQ committed Jun 9, 2023
    Configuration menu
    Copy the full SHA
    51311a8 View commit details
    Browse the repository at this point in the history

  13. [Fuchsia] Replace downloading gn SDK with core SDK 

    Attempt to reland https://crrev.com/c/4598035 with updated gn-sdk and
build repos

Bug: chromium:1432399
Change-Id: I79e2feb705e28b1173f7fc2580aaf4ab6d656a67
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4606093
Auto-Submit: Chong Gu <[email protected]>
Reviewed-by: Adam Klein <[email protected]>
Commit-Queue: Chong Gu <[email protected]>
Cr-Commit-Position: refs/heads/main@{#88149}
    Chong Gu authored and V8 LUCI CQ committed Jun 9, 2023
    Configuration menu
    Copy the full SHA
    0b3e756 View commit details
    Browse the repository at this point in the history

  14. [cleanup] Remove unused StringAtAccessor std::function declaration 

    Change-Id: I9e76fd6e5e144fbf4a3d3aadf43aaff9afd9c29a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4606007
Reviewed-by: Rezvan Mahdavi Hezaveh <[email protected]>
Commit-Queue: Adam Klein <[email protected]>
Cr-Commit-Position: refs/heads/main@{#88150}
    @ajklein
    ajklein authored and V8 LUCI CQ committed Jun 9, 2023
    Configuration menu
    Copy the full SHA
    aa2af2e View commit details
    Browse the repository at this point in the history

  15. Skip flaky gbemu and pdfjs octane benchmarks on predictable bot 

    Bug: v8:13234
Change-Id: I34f01f9638523e98d8ba169798c534a25ecc9b7d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4606012
Bot-Commit: Rubber Stamper <[email protected]>
Commit-Queue: Rubber Stamper <[email protected]>
Auto-Submit: Adam Klein <[email protected]>
Cr-Commit-Position: refs/heads/main@{#88151}
    @ajklein
    ajklein authored and V8 LUCI CQ committed Jun 9, 2023
    Configuration menu
    Copy the full SHA
    ccac362 View commit details
    Browse the repository at this point in the history

  16. Skip mjsunit/readonly under gc_stress 

    Bug: v8:13916
Change-Id: I27bbee478154a8649399267e29ea8a04f711d59e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4606453
Bot-Commit: Rubber Stamper <[email protected]>
Auto-Submit: Adam Klein <[email protected]>
Commit-Queue: Rubber Stamper <[email protected]>
Cr-Commit-Position: refs/heads/main@{#88152}
    @ajklein
    ajklein authored and V8 LUCI CQ committed Jun 9, 2023
    Configuration menu
    Copy the full SHA
    80466ba View commit details
    Browse the repository at this point in the history

Commits on Jun 10, 2023

  1. PPC/s390: [builtins] Port HandleApiCall to CSA 

    Port 7b42c0b

Original Commit Message:

    ... in order to let it access the caller JS frame directly to ease the
    caller context computation (will be implemented in a follow-up CL).

    Additional changes related to CallApiCallbackGeneric:

    1) introduce ApiCallbackExit frame so that Api functions called via
       CallApiCallbackGeneric could appear in the exception stack traces
       and to allow CallApiCallbackGeneric perform callback side effects
       checking when necessary,

    2) add reference from CallHandlerInfo to FunctionTemplateInfo or
       ObjectTemplateInfo, so that CallApiCallbackGeneric could find the
       respective "function" object for side effects checking,

    3) remove CSA::IsSideEffectFreeDebuggingActive() because
       CallApiCallbackGeneric is now able to handle side effects checking.

[email protected], [email protected], [email protected], [email protected]
BUG=
LOG=N

Change-Id: Ic376a0fd1e8c24e577389bb9509a7637e71ce9ea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4605052
Reviewed-by: Junliang Yan <[email protected]>
Commit-Queue: Milad Farazmand <[email protected]>
Cr-Commit-Position: refs/heads/main@{#88153}
    Milad Fa authored and V8 LUCI CQ committed Jun 10, 2023
    Configuration menu
    Copy the full SHA
    042ca80 View commit details
    Browse the repository at this point in the history

  2. Update V8 DEPS (trusted) 

    Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/1a35bf2..474334a

Rolling v8/buildtools/linux64: git_revision:e5aee7bbd8033e0365d5d631871e409934dc3283..git_revision:1cd35c1b722472e714c30d12031af81443bb20ae

Rolling v8/buildtools/reclient: re_client_version:0.107.1.0b39c4c-gomaip..re_client_version:0.108.0.7cdbbe9-gomaip

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/a52fe89..f51324c

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/eac2c9e..6eaeb04

Rolling v8/tools/luci-go: git_revision:0ecab437ae2532a879b1203efc48f54bc6cadb77..git_revision:e99800d3fd42249c9cdda3f58ba31c674b4876f6

Rolling v8/tools/luci-go: git_revision:0ecab437ae2532a879b1203efc48f54bc6cadb77..git_revision:e99800d3fd42249c9cdda3f58ba31c674b4876f6

Change-Id: I3ffbd5f52c709bf72ef08d3d74b519b310530ed3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4604031
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#88154}
    v8-ci-autoroll-builder authored and V8 LUCI CQ committed Jun 10, 2023
    Configuration menu
    Copy the full SHA
    97d3321 View commit details
    Browse the repository at this point in the history

  3. Version 11.6.112 

    Change-Id: Idbeef80045a766a0b243584197469722e43805c1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4606754
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/11.6.112@{#1}
Cr-Branched-From: 97d3321-refs/heads/main@{#88154}
    v8-ci-autoroll-builder committed Jun 10, 2023
    Configuration menu
    Copy the full SHA
    bf307a1 View commit details
    Browse the repository at this point in the history
Loading