[v14.x] Backport V8 8.6 LTS commits #38275
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
nodejs-github-bot
added
build
|
Looks like some more commits are needed to fix the build |
|
Everything should be fixed! |
I spoke too soon... The V8 tests now run but some of them fail. It will take some time to check whether the tests or the code must be fixed. |
Original commit message:
Merged: [wasm-simd][x64] Check for register when emitting shuffles
Some shuffles take have either register or memory operand for second
input, but the codegen incorrectly assumes that it is always a register.
Bug: v8:10824
(cherry picked from commit ddf30bea13902829eeb71aa0ec747155e27e5a68)
Change-Id: I897c4290a8b91ff2ab839e98b16a9696c0bae511
No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2391280
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/branch-heads/8.6@{#6}
Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
Refs: v8/v8@516b5d3
Original commit message:
Merged: [compiler] Fix bug in SimplifiedLowering's overflow computation
Revision: e371325bcb03f20a362ebfa48225159702c6fde7
BUG=chromium:1126249
NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true
R=tebbi@chromium.org
Change-Id: I411d9233f77992e73da12784cef59c885999b556
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2415988
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/branch-heads/8.6@{#8}
Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
Refs: v8/v8@a59e3ac
Original commit message:
Merged: [turbofan] Fix bug in inlining
Revision: 219b28bfe2ea76de63f034eb75b67e8ded339d94
BUG=chromium:1127319
NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true
R=tebbi@chromium.org
Change-Id: I98e77bac81e2cf822a4a4987115e0cf01b1dbc52
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2416383
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/branch-heads/8.6@{#12}
Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
Refs: v8/v8@abb4d0a
Original commit message:
Merged: Squashed multiple commits.
Merged: Prepare renaming "V8 Linux64 TSAN - concurrent marking" bot
Revision: 165d8f5b5ab5ba6fa19acd7ae6b17aa1a1b18428
Merged: [test] Remove entry of renamed builder
Revision: 375579f940b96224b2c525a6133650b760a5d865
NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true
TBR=neis@chromium.org
Change-Id: If7c8296c495d087c2e4dc6cde3512bc3f8a469fc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2418098
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/branch-heads/8.6@{#14}
Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
Refs: v8/v8@33f4064
Original commit message:
Merged: Squashed multiple commits.
Merged: [test] Make finding build directory more flexible
Revision: 4f015e85faf1d64466eafd897d1d59b1d77071f3
Merged: [test] Use the correct precedence for choosing the build directory
Revision: 7b24b13981e411602fc77db1305d0ae034a92fd8
Merged: [test] Add fallback to legacy output directory
Revision: bf3adea58aab3d21e36e23c60e1e0bbc994cd5b8
Merged: [gcmole] Fix gcmole after property change
Revision: c87bdbcf0d1d8f8bcc927f6b364d27e72c22736d
Merged: [test] Overhaul mode processing in test runner
Revision: 608b732d141689e8e10ee918afc8ed1fae1ab80c
Merged: [test] Switch to flattened json output
Revision: 373a9a8cfc8db3ef65fcdca0ec0c4ded9e4acc89
BUG=chromium:1132088,v8:10893
NOTRY=true
NOTREECHECKS=true
R=liviurau@chromium.org
Change-Id: I3c1de04ca4fe62e36da29e706a20daec0b3d4d98
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2461745
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/branch-heads/8.6@{nodejs#20}
Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
Refs: v8/v8@d724820
Original commit message:
Merged: [parser] Fix AST func reindexing for function fields
AST reindexing has to skip visiting fields that are already in the
member initializer, as they will have already been visited when
visiting said initializer. This is the case for private fields and
fields with computed names.
However, the reindexer was incorrectly assuming that all properties
with a FunctionLiteral value are methods (and thus not fields, and
can safely be visited). This is not the case for fields with
function expression values.
Now, we correctly use the class property's "kind" when making this
visitation decision.
(cherry picked from commit a769ea7a4462115579ba87bc16fbffbae01310c1)
Bug: chromium:1132111
Tbr: leszeks@chromium.org
No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Change-Id: I33ac5664bb5334e964d351de1ba7e2c57f3398f8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2465056
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/branch-heads/8.6@{nodejs#24}
Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
Refs: v8/v8@6a4cd97
Original commit message:
Merged: [ia32][wasm-simd] Fix aligned moves in codegen
For SIMD instructions that use aligned moves (like movaps or movapd), we
don't have correct memory alignment for SIMD moves yet. Switch to to
movupd.
TBR=bbudge@chromium.org,adamk@chromium.org
Bug: v8:9198
Bug: v8:10831
Bug: chromium:1134039
(cherry picked from commit ab23ff3c0eed141361365241d13e3211efd608cf)
Change-Id: Icc038b4a32364b8bc66b723403ccc11f954b080d
No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2469600
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/branch-heads/8.6@{nodejs#30}
Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
Refs: v8/v8@ed3eeda
Original commit message:
Merged: [codegen] Skip invalid optimization in tail calls
Preparing for tail call is usually done by emitting the gap moves and
then moving the stack pointer to its new position. An optimization
consists in moving the stack pointer first and transforming some of the
moves into pushes. In the attached case it looks like this (arm):
138 add sp, sp, nodejs#40
13c str r6, [sp, #-4]!
140 str r6, [sp, #-4]!
144 str r6, [sp, #-4]!
148 str r6, [sp, #-4]!
14c str r6, [sp, #-4]!
...
160 vldr d1, [sp - 4*3]
The last line is a gap reload, but because the stack pointer was already
moved, the slot is now below the stack pointer. This is invalid and
triggers this DCHECK:
Fatal error in ../../v8/src/codegen/arm/assembler-arm.cc, line 402
Debug check failed: 0 <= offset (0 vs. -12).
A comment already explains that we skip the optimization if the gap
contains stack moves to prevent this, but the code only checks for
non-FP slots. This is fixed by replacing "source.IsStackSlot()" with
"source.IsAnyStackSlot()":
108 vldr d1, [sp + 4*2]
...
118 str r0, [sp, #+36]
11c str r0, [sp, #+32]
120 str r0, [sp, #+28]
124 str r0, [sp, #+24]
128 str r0, [sp, #+20]
...
134 add sp, sp, nodejs#20
TBR=jgruber@chromium.org
(cherry picked from commit 7506e063d0d7fb00e4b9c06735c91e1953296867)
Change-Id: I66ed6187755af956e245207e940c83ea0697a5e6
Bug: chromium:1137608
No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2505976
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/branch-heads/8.6@{nodejs#42}
Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
Refs: v8/v8@8c725f7
Original commit message:
Merged: [map] Try to in-place transition during map update
When searching for a target map during map update, attempt to
update field representations in-place to the more general
representation, where possible.
Bug: chromium:1143772
No-Try: true
No-Presubmit: true
No-Tree-Checks: true
TBR=leszeks@chromium.org, fgm@chromium.org
(cherry picked from commit 8e3ae62d294818733a0322d8e8abd53d4e410f19)
Change-Id: I659890c2f08c14d1cf94242fb875c19837df2dbb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2509599
Reviewed-by: Francis McCabe <fgm@chromium.org>
Reviewed-by: Michael Hablich <hablich@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/branch-heads/8.6@{nodejs#44}
Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
Refs: v8/v8@3ba21a1
Original commit message:
Merged: [compiler] Fix a bug in SimplifiedLowering
Revision: ba1b2cc09ab98b51ca3828d29d19ae3b0a7c3a92
BUG=chromium:1150649
NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true
(cherry picked from commit 966d0eb98dd2630e861d267288fa2c63be9b5465)
Change-Id: Ic903e61ee00b7c240bed96633d1eab582c295308
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557985
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Original-Commit-Position: refs/branch-heads/8.8@{#10}
Cr-Original-Branched-From: 2dbcdc105b963ee2501c82139eef7e0603977ff0-refs/heads/8.8.278@{#1}
Cr-Original-Branched-From: 366d30c99049b3f1c673f8a93deb9f879d0fa9f0-refs/heads/master@{#71094}
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2624749
Reviewed-by: Jana Grill <janagrill@chromium.org>
Reviewed-by: Achuith Bhandarkar <achuith@chromium.org>
Commit-Queue: Victor-Gabriel Savu <vsavu@google.com>
Cr-Commit-Position: refs/branch-heads/8.6@{nodejs#52}
Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
Refs: v8/v8@c449afa
Original commit message:
[bigint] Fix possibly-uninitialized leading digit on right shift
(cherry picked from commit e82a3b4d47a93ab64f07d8c03e3cd17b6b961c3f)
(cherry picked from commit 1162c460dee4218abd798b51b88926aef5c8bd61)
No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Fixed: chromium:1151890
Change-Id: I26f5c76494a9ff3f5a141f381e1c9a543e368571
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2561618
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Original-Original-Commit-Position: refs/heads/master@{#71422}
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2565245
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Original-Commit-Position: refs/branch-heads/8.7@{nodejs#57}
Cr-Original-Branched-From: 0d81cd72688512abcbe1601015baee390c484a6a-refs/heads/8.7.220@{#1}
Cr-Original-Branched-From: 942c2ef85caef00fcf02517d049f05e9a3d4b440-refs/heads/master@{#70196}
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2624611
Commit-Queue: Victor-Gabriel Savu <vsavu@google.com>
Cr-Commit-Position: refs/branch-heads/8.6@{nodejs#54}
Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
Refs: v8/v8@412ac52
Original commit message:
Merged: [wasm-simd] Fix loading fp pair registers
We were incorrectly clearing the high reg from the list of regs to load.
The intention was to prevent double (and incorrect) loading - loading
128 bits from the low fp and the loading 128 bits from the high fp.
But this violates the assumption that the two regs in a pair would be
set or unset at the same time.
The fix here is to introduce a new enum for register loads, a nop, which
does nothing. The high fp of the fp pair will be tied to this nop, so as
we iterate down the reglist, we load 128 bits using the low fp, then
don't load anything for the high fp.
Bug: chromium:1161654
(cherry picked from commit 8c698702ced0de085aa91370d8cb44deab3fcf54)
(cherry picked from commit ffd6ff5a61b9343ccc62e6c03b71a33682c6084d)
Change-Id: Ib8134574b24f74f24ca9efd34b3444173296d8f1
No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2619416
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Original-Commit-Position: refs/branch-heads/8.8@{nodejs#28}
Cr-Original-Branched-From: 2dbcdc105b963ee2501c82139eef7e0603977ff0-refs/heads/8.8.278@{#1}
Cr-Original-Branched-From: 366d30c99049b3f1c673f8a93deb9f879d0fa9f0-refs/heads/master@{#71094}
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2649176
Reviewed-by: Victor-Gabriel Savu <vsavu@google.com>
Commit-Queue: Achuith Bhandarkar <achuith@chromium.org>
Cr-Commit-Position: refs/branch-heads/8.6@{nodejs#55}
Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
Refs: v8/v8@482e5c7
Original commit message:
Merged: [deoptimizer] Stricter checks during deoptimization
Revision: 506e893b812e03dbebe34b11d8aa9d4eb6869d89
BUG=chromium:1161357
NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true
R=mythria@chromium.org
(cherry picked from commit 44d052c19df0801fafdf2be54c899db65e79c67a)
Change-Id: I97b69ae11d85bc0acd4a0c7bd28e1b692433de80
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2616219
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Original-Commit-Position: refs/branch-heads/8.8@{nodejs#23}
Cr-Original-Branched-From: 2dbcdc105b963ee2501c82139eef7e0603977ff0-refs/heads/8.8.278@{#1}
Cr-Original-Branched-From: 366d30c99049b3f1c673f8a93deb9f879d0fa9f0-refs/heads/master@{#71094}
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2649571
Reviewed-by: Victor-Gabriel Savu <vsavu@google.com>
Commit-Queue: Achuith Bhandarkar <achuith@chromium.org>
Cr-Commit-Position: refs/branch-heads/8.6@{nodejs#56}
Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
Refs: v8/v8@ad2c5da
targos
added a commit
that referenced
this pull request
Apr 30, 2021
Original commit message:
Merged: [parser] Fix AST func reindexing for function fields
AST reindexing has to skip visiting fields that are already in the
member initializer, as they will have already been visited when
visiting said initializer. This is the case for private fields and
fields with computed names.
However, the reindexer was incorrectly assuming that all properties
with a FunctionLiteral value are methods (and thus not fields, and
can safely be visited). This is not the case for fields with
function expression values.
Now, we correctly use the class property's "kind" when making this
visitation decision.
(cherry picked from commit a769ea7a4462115579ba87bc16fbffbae01310c1)
Bug: chromium:1132111
Tbr: leszeks@chromium.org
No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Change-Id: I33ac5664bb5334e964d351de1ba7e2c57f3398f8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2465056
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/branch-heads/8.6@{#24}
Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
Refs: v8/v8@6a4cd97
PR-URL: #38275
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Shelley Vohr <codebytere@gmail.com>
targos
added a commit
that referenced
this pull request
Apr 30, 2021
Original commit message:
Merged: [ia32][wasm-simd] Fix aligned moves in codegen
For SIMD instructions that use aligned moves (like movaps or movapd), we
don't have correct memory alignment for SIMD moves yet. Switch to to
movupd.
TBR=bbudge@chromium.org,adamk@chromium.org
Bug: v8:9198
Bug: v8:10831
Bug: chromium:1134039
(cherry picked from commit ab23ff3c0eed141361365241d13e3211efd608cf)
Change-Id: Icc038b4a32364b8bc66b723403ccc11f954b080d
No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2469600
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/branch-heads/8.6@{#30}
Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
Refs: v8/v8@ed3eeda
PR-URL: #38275
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Shelley Vohr <codebytere@gmail.com>
targos
added a commit
that referenced
this pull request
Apr 30, 2021
Original commit message:
Merged: [codegen] Skip invalid optimization in tail calls
Preparing for tail call is usually done by emitting the gap moves and
then moving the stack pointer to its new position. An optimization
consists in moving the stack pointer first and transforming some of the
moves into pushes. In the attached case it looks like this (arm):
138 add sp, sp, #40
13c str r6, [sp, #-4]!
140 str r6, [sp, #-4]!
144 str r6, [sp, #-4]!
148 str r6, [sp, #-4]!
14c str r6, [sp, #-4]!
...
160 vldr d1, [sp - 4*3]
The last line is a gap reload, but because the stack pointer was already
moved, the slot is now below the stack pointer. This is invalid and
triggers this DCHECK:
Fatal error in ../../v8/src/codegen/arm/assembler-arm.cc, line 402
Debug check failed: 0 <= offset (0 vs. -12).
A comment already explains that we skip the optimization if the gap
contains stack moves to prevent this, but the code only checks for
non-FP slots. This is fixed by replacing "source.IsStackSlot()" with
"source.IsAnyStackSlot()":
108 vldr d1, [sp + 4*2]
...
118 str r0, [sp, #+36]
11c str r0, [sp, #+32]
120 str r0, [sp, #+28]
124 str r0, [sp, #+24]
128 str r0, [sp, #+20]
...
134 add sp, sp, #20
TBR=jgruber@chromium.org
(cherry picked from commit 7506e063d0d7fb00e4b9c06735c91e1953296867)
Change-Id: I66ed6187755af956e245207e940c83ea0697a5e6
Bug: chromium:1137608
No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2505976
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/branch-heads/8.6@{#42}
Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
Refs: v8/v8@8c725f7
PR-URL: #38275
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Shelley Vohr <codebytere@gmail.com>
targos
added a commit
that referenced
this pull request
Apr 30, 2021
Original commit message:
Merged: [map] Try to in-place transition during map update
When searching for a target map during map update, attempt to
update field representations in-place to the more general
representation, where possible.
Bug: chromium:1143772
No-Try: true
No-Presubmit: true
No-Tree-Checks: true
TBR=leszeks@chromium.org, fgm@chromium.org
(cherry picked from commit 8e3ae62d294818733a0322d8e8abd53d4e410f19)
Change-Id: I659890c2f08c14d1cf94242fb875c19837df2dbb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2509599
Reviewed-by: Francis McCabe <fgm@chromium.org>
Reviewed-by: Michael Hablich <hablich@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/branch-heads/8.6@{#44}
Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
Refs: v8/v8@3ba21a1
PR-URL: #38275
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Shelley Vohr <codebytere@gmail.com>
targos
added a commit
that referenced
this pull request
Apr 30, 2021
Original commit message:
Merged: [compiler] Fix a bug in SimplifiedLowering
Revision: ba1b2cc09ab98b51ca3828d29d19ae3b0a7c3a92
BUG=chromium:1150649
NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true
(cherry picked from commit 966d0eb98dd2630e861d267288fa2c63be9b5465)
Change-Id: Ic903e61ee00b7c240bed96633d1eab582c295308
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557985
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Original-Commit-Position: refs/branch-heads/8.8@{#10}
Cr-Original-Branched-From: 2dbcdc105b963ee2501c82139eef7e0603977ff0-refs/heads/8.8.278@{#1}
Cr-Original-Branched-From: 366d30c99049b3f1c673f8a93deb9f879d0fa9f0-refs/heads/master@{#71094}
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2624749
Reviewed-by: Jana Grill <janagrill@chromium.org>
Reviewed-by: Achuith Bhandarkar <achuith@chromium.org>
Commit-Queue: Victor-Gabriel Savu <vsavu@google.com>
Cr-Commit-Position: refs/branch-heads/8.6@{#52}
Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
Refs: v8/v8@c449afa
PR-URL: #38275
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Shelley Vohr <codebytere@gmail.com>
targos
added a commit
that referenced
this pull request
Apr 30, 2021
Original commit message:
[bigint] Fix possibly-uninitialized leading digit on right shift
(cherry picked from commit e82a3b4d47a93ab64f07d8c03e3cd17b6b961c3f)
(cherry picked from commit 1162c460dee4218abd798b51b88926aef5c8bd61)
No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Fixed: chromium:1151890
Change-Id: I26f5c76494a9ff3f5a141f381e1c9a543e368571
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2561618
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Original-Original-Commit-Position: refs/heads/master@{#71422}
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2565245
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Original-Commit-Position: refs/branch-heads/8.7@{#57}
Cr-Original-Branched-From: 0d81cd72688512abcbe1601015baee390c484a6a-refs/heads/8.7.220@{#1}
Cr-Original-Branched-From: 942c2ef85caef00fcf02517d049f05e9a3d4b440-refs/heads/master@{#70196}
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2624611
Commit-Queue: Victor-Gabriel Savu <vsavu@google.com>
Cr-Commit-Position: refs/branch-heads/8.6@{#54}
Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
Refs: v8/v8@412ac52
PR-URL: #38275
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Shelley Vohr <codebytere@gmail.com>
targos
added a commit
that referenced
this pull request
Apr 30, 2021
Original commit message:
Merged: [wasm-simd] Fix loading fp pair registers
We were incorrectly clearing the high reg from the list of regs to load.
The intention was to prevent double (and incorrect) loading - loading
128 bits from the low fp and the loading 128 bits from the high fp.
But this violates the assumption that the two regs in a pair would be
set or unset at the same time.
The fix here is to introduce a new enum for register loads, a nop, which
does nothing. The high fp of the fp pair will be tied to this nop, so as
we iterate down the reglist, we load 128 bits using the low fp, then
don't load anything for the high fp.
Bug: chromium:1161654
(cherry picked from commit 8c698702ced0de085aa91370d8cb44deab3fcf54)
(cherry picked from commit ffd6ff5a61b9343ccc62e6c03b71a33682c6084d)
Change-Id: Ib8134574b24f74f24ca9efd34b3444173296d8f1
No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2619416
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Original-Commit-Position: refs/branch-heads/8.8@{#28}
Cr-Original-Branched-From: 2dbcdc105b963ee2501c82139eef7e0603977ff0-refs/heads/8.8.278@{#1}
Cr-Original-Branched-From: 366d30c99049b3f1c673f8a93deb9f879d0fa9f0-refs/heads/master@{#71094}
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2649176
Reviewed-by: Victor-Gabriel Savu <vsavu@google.com>
Commit-Queue: Achuith Bhandarkar <achuith@chromium.org>
Cr-Commit-Position: refs/branch-heads/8.6@{#55}
Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
Refs: v8/v8@482e5c7
PR-URL: #38275
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Shelley Vohr <codebytere@gmail.com>
targos
added a commit
that referenced
this pull request
Apr 30, 2021
Original commit message:
Merged: [deoptimizer] Stricter checks during deoptimization
Revision: 506e893b812e03dbebe34b11d8aa9d4eb6869d89
BUG=chromium:1161357
NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true
R=mythria@chromium.org
(cherry picked from commit 44d052c19df0801fafdf2be54c899db65e79c67a)
Change-Id: I97b69ae11d85bc0acd4a0c7bd28e1b692433de80
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2616219
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Original-Commit-Position: refs/branch-heads/8.8@{#23}
Cr-Original-Branched-From: 2dbcdc105b963ee2501c82139eef7e0603977ff0-refs/heads/8.8.278@{#1}
Cr-Original-Branched-From: 366d30c99049b3f1c673f8a93deb9f879d0fa9f0-refs/heads/master@{#71094}
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2649571
Reviewed-by: Victor-Gabriel Savu <vsavu@google.com>
Commit-Queue: Achuith Bhandarkar <achuith@chromium.org>
Cr-Commit-Position: refs/branch-heads/8.6@{#56}
Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
Refs: v8/v8@ad2c5da
PR-URL: #38275
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Shelley Vohr <codebytere@gmail.com>
targos
added a commit
that referenced
this pull request
Apr 30, 2021
Original commit message:
Merged: [liftoff][arm] Release temp registers after use
The {ParallelRegisterMove} at the end of {AtomicLoad} might need a
temporary scratch register for spilling values to the stack. Make sure
that one is available by giving up the scratch register used for the
address of the atomic access.
TBR=ahaas@chromium.org
(cherry picked from commit 63166010061d2af4fef6a713d448ebf074a9d2cb)
(cherry picked from commit 953f7a9dcb1425616e3be67fdfe6ef8d820f0daa)
Bug: chromium:1153442
Change-Id: Ie312b37857e226058581b300b5adb1f14476c155
No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2584959
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Original-Commit-Position: refs/branch-heads/8.7@{#60}
Cr-Original-Branched-From: 0d81cd72688512abcbe1601015baee390c484a6a-refs/heads/8.7.220@{#1}
Cr-Original-Branched-From: 942c2ef85caef00fcf02517d049f05e9a3d4b440-refs/heads/master@{#70196}
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2656263
Reviewed-by: Victor-Gabriel Savu <vsavu@google.com>
Commit-Queue: Artem Sumaneev <asumaneev@google.com>
Cr-Commit-Position: refs/branch-heads/8.6@{#58}
Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
Refs: v8/v8@5c6c99a
PR-URL: #38275
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Shelley Vohr <codebytere@gmail.com>
targos
added a commit
that referenced
this pull request
Apr 30, 2021
Original commit message:
Merged: [interpreter] Store accumulator to callee after optional chain checks
Revision: df98901c19ce17ca995ee6750379b0f004210d68
BUG=chromium:1171954
NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true
R=rmcilroy@chromium.org
(cherry picked from commit f309db52c2ccab8c9a04fcd236e89deb077061f9)
Change-Id: If09e1503ca07b47a112362495ec0bb9d502118c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2674008
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Original-Commit-Position: refs/branch-heads/8.9@{#33}
Cr-Original-Branched-From: 16b9bbbd581c25391981aa03180b76aa60463a3e-refs/heads/8.9.255@{#1}
Cr-Original-Branched-From: d16a2a688498bd1c3e6a49edb25d8c4ca56232dc-refs/heads/master@{#72039}
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2706110
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Achuith Bhandarkar <achuith@chromium.org>
Cr-Commit-Position: refs/branch-heads/8.6@{#62}
Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
Refs: v8/v8@e527ba4
PR-URL: #38275
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Shelley Vohr <codebytere@gmail.com>
targos
added a commit
that referenced
this pull request
Apr 30, 2021
Original commit message:
Reland "[regexp] Hard-crash on invalid offsets in AdvanceCurrentPosition"
This is a reland of 164cf80bbb0a6e091300bfc4cbbe70a6e6bd3e49
The reland fixes UB (left-shift of negative integer type) with a
static_cast<uint32_t>.
Original change's description:
> [regexp] Hard-crash on invalid offsets in AdvanceCurrentPosition
>
> Drive-by: Range checks in `Emit(byte, twenty_four_bits)` to ensure the
> given packed bits actually fit into 24 bits.
>
> Bug: chromium:1166138
> Change-Id: I2e711e6466bb48d7b9897f68dfe621d12bd92508
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2625877
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Auto-Submit: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#72064}
(cherry picked from commit ff8d0f92d423774cf773b5b4fb48b6744971e27a)
No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Tbr: leszeks@chromium.org
Bug: chromium:1166138
Change-Id: I514495e14bb99dfc9588fdb4a9f35d67d8d64acb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2626663
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#72088}
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2742954
Reviewed-by: Jana Grill <janagrill@chromium.org>
Commit-Queue: Victor-Gabriel Savu <vsavu@google.com>
Cr-Commit-Position: refs/branch-heads/8.6@{#64}
Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
Refs: v8/v8@53c4d05
PR-URL: #38275
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Shelley Vohr <codebytere@gmail.com>
targos
added a commit
that referenced
this pull request
Apr 30, 2021
Original commit message:
[macro-assembler] Avoid using the isolate in CallRecordWriteStub
CallRecordWriteStub is used in a background compile thread for
JS-to-Wasm wrapper compilation, so it should avoid accessing the
isolate.
Call the builtin using CallBuiltin which does not require a Handle<Code>
object and instead gets the call target directly from the embedded data.
R=clemensb@chromium.org
(cherry picked from commit 6b3994e8507b32dfb956329395dbe33a2a8fee14)
No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Bug: chromium:1146813
Change-Id: I4ee59084e4184f2e9039208e4e6db43482cefde6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2593333
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#71785}
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2731535
Commit-Queue: Victor-Gabriel Savu <vsavu@google.com>
Reviewed-by: Jana Grill <janagrill@chromium.org>
Cr-Commit-Position: refs/branch-heads/8.6@{#66}
Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
Refs: v8/v8@d2283ba
PR-URL: #38275
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Shelley Vohr <codebytere@gmail.com>
targos
added a commit
that referenced
this pull request
Apr 30, 2021
Original commit message:
[macro-assembler] Avoid using the isolate in CallRecordWriteStub
CallRecordWriteStub is used in a background compile thread for
JS-to-Wasm wrapper compilation, so it should avoid accessing the
isolate.
Call the builtin using CallBuiltin which does not require a Handle<Code>
object and instead gets the call target directly from the embedded data.
R=clemensb@chromium.org
(cherry picked from commit 6b3994e8507b32dfb956329395dbe33a2a8fee14)
No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Bug: chromium:1146813
Change-Id: I4ee59084e4184f2e9039208e4e6db43482cefde6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2593333
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#71785}
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2731535
Commit-Queue: Victor-Gabriel Savu <vsavu@google.com>
Reviewed-by: Jana Grill <janagrill@chromium.org>
Cr-Commit-Position: refs/branch-heads/8.6@{#66}
Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
Refs: v8/v8@8130669
PR-URL: #38275
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Shelley Vohr <codebytere@gmail.com>
targos
added a commit
that referenced
this pull request
Apr 30, 2021
Original commit message:
[M86 LTS] Disable failing tests
Disable failing tests backported from ToT. No existing tests
are disabled.
No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Bug: None
Change-Id: I94d2cd4827ce6fd1875c66912b4841a4a7c72ab3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2764754
Reviewed-by: Artem Sumaneev <asumaneev@google.com>
Commit-Queue: Victor-Gabriel Savu <vsavu@google.com>
Cr-Commit-Position: refs/branch-heads/8.6@{#70}
Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
Refs: v8/v8@5678ebe
PR-URL: #38275
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Shelley Vohr <codebytere@gmail.com>
targos
added a commit
that referenced
this pull request
Apr 30, 2021
Original commit message:
Merged: [deoptimizer] Fix bug in OptimizedFrame::Summarize
Revision: 3353a7d0b017146d543434be4036a81aaf7d25ae
BUG=chromium:1182647
NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true
R=bmeurer@chromium.org
(cherry picked from commit c0c96b768a7d3463b11403874549e6496529740d)
Change-Id: I86abd6a3f34169be5f99aa9f54bb7bb3706fa85a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2780300
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Original-Commit-Position: refs/branch-heads/8.9@{#49}
Cr-Original-Branched-From: 16b9bbbd581c25391981aa03180b76aa60463a3e-refs/heads/8.9.255@{#1}
Cr-Original-Branched-From: d16a2a688498bd1c3e6a49edb25d8c4ca56232dc-refs/heads/master@{#72039}
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2794427
Reviewed-by: Victor-Gabriel Savu <vsavu@google.com>
Commit-Queue: Artem Sumaneev <asumaneev@google.com>
Cr-Commit-Position: refs/branch-heads/8.6@{#72}
Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
Refs: v8/v8@254c794
PR-URL: #38275
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Shelley Vohr <codebytere@gmail.com>
targos
added a commit
that referenced
this pull request
Apr 30, 2021
Original commit message:
[LTS-M86][compiler][x64] Fix bug in InstructionSelector::ChangeInt32ToInt64
(cherry picked from commit 02f84c745fc0cae5927a66dc4a3e81334e8f60a6)
No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Bug: chromium:1196683
Change-Id: Ib4ea738b47b64edc81450583be4c80a41698c3d1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2820971
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#73903}
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2821959
Commit-Queue: Jana Grill <janagrill@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Victor-Gabriel Savu <vsavu@google.com>
Cr-Commit-Position: refs/branch-heads/8.6@{#75}
Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
Refs: v8/v8@3066b7b
PR-URL: #38275
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Shelley Vohr <codebytere@gmail.com>
targos
added a commit
that referenced
this pull request
Apr 30, 2021
Original commit message:
[LTS-M86][builtins] Harden Array.prototype.concat.
Defence in depth patch to prevent JavaScript from executing
from within IterateElements.
R=ishell@chromium.org
R=cbruni@chromium.org
(cherry picked from commit 8284359ed0607e452a4dda2ce89811fb019b4aaa)
No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Bug: chromium:1195977
Change-Id: Ie59d468b73b94818cea986a3ded0804f6dddd10b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2819941
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#73898}
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2821961
Commit-Queue: Jana Grill <janagrill@chromium.org>
Reviewed-by: Victor-Gabriel Savu <vsavu@google.com>
Cr-Commit-Position: refs/branch-heads/8.6@{#76}
Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
Refs: v8/v8@1e35f64
PR-URL: #38275
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Shelley Vohr <codebytere@gmail.com>
targos
added a commit
that referenced
this pull request
Apr 30, 2021
Original commit message:
[LTS-M86][builtins] Fix Array.prototype.concat with @@species
(cherry picked from commit 7989e04979c3195e60a6814e8263063eb91f7b47)
No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Bug: chromium:1195977
Change-Id: I16843bce2e9f776abca0f2b943b898ab5e597e42
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2810787
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#73842}
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2823829
Commit-Queue: Jana Grill <janagrill@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Victor-Gabriel Savu <vsavu@google.com>
Cr-Commit-Position: refs/branch-heads/8.6@{#77}
Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
Refs: v8/v8@8ebd894
PR-URL: #38275
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Shelley Vohr <codebytere@gmail.com>
targos
added a commit
that referenced
this pull request
Apr 30, 2021
Original commit message:
Merged: [runtime] Fix sorted order of DescriptorArray entries
Revision: 518d67ad652fc24b7eb03e48bb342f952d4ccf74
This is a reland of the previous merge which addresses the cctest link
failure in component build mode.
BUG=chromium:1133527
NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true
R=verwaest@chromium.org
Change-Id: Icbbc69fd5403fd0c2ab6d07d4340292b2b8c72b9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2504264
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/branch-heads/8.6@{#40}
Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
Refs: v8/v8@1a7d55a
PR-URL: #38275
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Shelley Vohr <codebytere@gmail.com>
targos
added a commit
that referenced
this pull request
Apr 30, 2021
Original commit message:
[wasm][ia32][liftoff] Implement AtomicCompareExchange
As there are not enough registers on ia32 to execute the platform-
independent code, the CL also adds ia32-specific code to
liftoff-compiler.cc. For this we first retrieve the memory index from
the stack, do a bounds check, and calculate the final address. Only
afterwards we pop all other values from the stack and pass them to the
platform-dependent code.
R=clemensb@chromium.org
Bug: v8:10108
Change-Id: I741266a9523c8b5c46acc0b29817fd143a75752e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2316305
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69047}
Refs: v8/v8@93b2105
PR-URL: #38275
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Shelley Vohr <codebytere@gmail.com>
targos
added a commit
that referenced
this pull request
Apr 30, 2021
Original commit message:
Merged: [wasm][liftoff][ia32] Fix register allocation of CompareExchange
The register that holds the {new_value} for the AtomicCompareExchange8U
has to be a byte register on ia32. There was code to guarantee that, but
after that code there was code that frees the {eax} register, and that
code moved the {new_value} to a different register again. With this CL
we first free {eax}, and then find a byte register for the {new_value}.
R=clemensb@chromium.org
NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true
(cherry picked from commit 70a389ac8778064e470a95412d40e17f97898142)
Bug: chromium:1140549
Change-Id: I1679f3f9ab26c5416ea251c7925366ff43336d85
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2491031
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#70721}
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2504512
Cr-Commit-Position: refs/branch-heads/8.6@{#38}
Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
Refs: v8/v8@f44fcbf
PR-URL: #38275
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Shelley Vohr <codebytere@gmail.com>
targos
added a commit
that referenced
this pull request
Apr 30, 2021
Original commit message:
[wasm][liftoff][cleanup] Remove default parameter of GetUnusedRegister
This CL removes the default parameter of GetUnusedRegister to avoid bugs
where the default parameter is used accidentially. With "{}" the default
value of the parameter is easy to write, and also not much more difficult to read.
R=clemensb@chromium.org
Bug: v8:10506
Change-Id: I3debe5eb91578c82abdac81dc6c252435fdf30d6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2202991
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67822}
Refs: v8/v8@6771d3e
PR-URL: #38275
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Shelley Vohr <codebytere@gmail.com>
targos
added a commit
that referenced
this pull request
Apr 30, 2021
Original commit message:
Merged: [wasm][liftoff] Fix register usage for i64_addi
The arm implementation made the assumption that the {lhs} and {dst}
registers are either the same, or there is no overlap. This assumption
does not hold.
ia32 on the other hand has a lot of complicated logic (and unnecessary
code generation) for different cases of overlap.
This CL fixes the arm issue *and* simplifies the ia32 logic by making
the arm assumption hold, and using it to eliminate special handling on
ia32.
R=thibaudm@chromium.org
(cherry picked from commit 89ca48c907e25ef94a135255092c4e150654c4fc)
Bug: chromium:1146861
Change-Id: I96c4985fb8ff710b98e009e457444fc8804bce58
No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2584242
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/branch-heads/8.6@{#50}
Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
Refs: v8/v8@eddb823
PR-URL: #38275
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Shelley Vohr <codebytere@gmail.com>
targos
added a commit
that referenced
this pull request
Apr 30, 2021
Original commit message:
[compiler] Test linear searches in a DescriptorArray in the background
This CL adds a linear search test in a DescriptorArray in a known flat
object in the background thread, while the main thread exercises the
same DescriptorArray.
Also sets the foundation for the follow-ups tests in background threads.
Bug: v8:7790
Change-Id: I0e99508204808baaf605161d2eeb717eabe712fb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2207147
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68299}
Refs: v8/v8@4e24c35
PR-URL: #38275
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Shelley Vohr <codebytere@gmail.com>
targos
added a commit
that referenced
this pull request
Apr 30, 2021
Original commit message:
[compiler][cleanup] Move Make(String|Name) helper methods to cctest.h
Several tests were using them and we can dedup code.
Change-Id: I4ef5ae5772856d1f36e965b6b62ff5895b4e04fb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2215173
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67974}
Refs: v8/v8@be91c6c
PR-URL: #38275
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Shelley Vohr <codebytere@gmail.com>
targos
added a commit
that referenced
this pull request
Apr 30, 2021
Original commit message:
M86-LTS: [compiler] Fix bug in RepresentationChanger::GetWord32RepresentationFor
We have to respect the TypeCheckKind.
(cherry picked from commit fd29e246f65a7cee130e72cd10f618f3b82af232)
No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Bug: chromium:1195777
Change-Id: If1eed719fef79b7c61d99c29ba869ddd7985c413
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2817791
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#73909}
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2838235
Owners-Override: Achuith Bhandarkar <achuith@chromium.org>
Reviewed-by: Artem Sumaneev <asumaneev@google.com>
Commit-Queue: Achuith Bhandarkar <achuith@chromium.org>
Cr-Commit-Position: refs/branch-heads/8.6@{#79}
Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
Refs: v8/v8@bbc59d1
PR-URL: #38275
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Shelley Vohr <codebytere@gmail.com>
targos
added a commit
that referenced
this pull request
Apr 30, 2021
It was removed upstream and is now inferred from the build config. PR-URL: #35705 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Jiawen Geng <technicalcute@gmail.com> Reviewed-By: Beth Griggs <bgriggs@redhat.com> Reviewed-By: Daijiro Wachi <daijiro.wachi@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com> PR-URL: #38275 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Shelley Vohr <codebytere@gmail.com>
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This backports almost all of V8 backmerges from the 8.6 LTS branch.
There are a few additional commits to avoid merge conflicts and a few missing commits because they were either
too difficult to backport or weren't relevant for V8 8.4.