-
Notifications
You must be signed in to change notification settings - Fork 30.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[v14.x] Backport V8 8.6 LTS commits #38275
Closed
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
nodejs-github-bot
added
build
Issues and PRs related to build files or the CI.
needs-ci
PRs that need a full CI run.
v14.x
v8 engine
Issues and PRs related to the V8 dependency.
labels
Apr 17, 2021
mcollina
approved these changes
Apr 17, 2021
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
Looks like some more commits are needed to fix the build |
Everything should be fixed! |
I spoke too soon... The V8 tests now run but some of them fail. It will take some time to check whether the tests or the code must be fixed. |
Original commit message: Merged: [wasm-simd][x64] Check for register when emitting shuffles Some shuffles take have either register or memory operand for second input, but the codegen incorrectly assumes that it is always a register. Bug: v8:10824 (cherry picked from commit ddf30bea13902829eeb71aa0ec747155e27e5a68) Change-Id: I897c4290a8b91ff2ab839e98b16a9696c0bae511 No-Try: true No-Presubmit: true No-Tree-Checks: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2391280 Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/branch-heads/8.6@{#6} Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1} Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472} Refs: v8/v8@516b5d3
Original commit message: Merged: [compiler] Fix bug in SimplifiedLowering's overflow computation Revision: e371325bcb03f20a362ebfa48225159702c6fde7 BUG=chromium:1126249 NOTRY=true NOPRESUBMIT=true NOTREECHECKS=true R=tebbi@chromium.org Change-Id: I411d9233f77992e73da12784cef59c885999b556 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2415988 Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/branch-heads/8.6@{#8} Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1} Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472} Refs: v8/v8@a59e3ac
Original commit message: Merged: [turbofan] Fix bug in inlining Revision: 219b28bfe2ea76de63f034eb75b67e8ded339d94 BUG=chromium:1127319 NOTRY=true NOPRESUBMIT=true NOTREECHECKS=true R=tebbi@chromium.org Change-Id: I98e77bac81e2cf822a4a4987115e0cf01b1dbc52 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2416383 Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/branch-heads/8.6@{#12} Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1} Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472} Refs: v8/v8@abb4d0a
Original commit message: Merged: Squashed multiple commits. Merged: Prepare renaming "V8 Linux64 TSAN - concurrent marking" bot Revision: 165d8f5b5ab5ba6fa19acd7ae6b17aa1a1b18428 Merged: [test] Remove entry of renamed builder Revision: 375579f940b96224b2c525a6133650b760a5d865 NOTRY=true NOPRESUBMIT=true NOTREECHECKS=true TBR=neis@chromium.org Change-Id: If7c8296c495d087c2e4dc6cde3512bc3f8a469fc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2418098 Reviewed-by: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/branch-heads/8.6@{#14} Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1} Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472} Refs: v8/v8@33f4064
Original commit message: Merged: Squashed multiple commits. Merged: [test] Make finding build directory more flexible Revision: 4f015e85faf1d64466eafd897d1d59b1d77071f3 Merged: [test] Use the correct precedence for choosing the build directory Revision: 7b24b13981e411602fc77db1305d0ae034a92fd8 Merged: [test] Add fallback to legacy output directory Revision: bf3adea58aab3d21e36e23c60e1e0bbc994cd5b8 Merged: [gcmole] Fix gcmole after property change Revision: c87bdbcf0d1d8f8bcc927f6b364d27e72c22736d Merged: [test] Overhaul mode processing in test runner Revision: 608b732d141689e8e10ee918afc8ed1fae1ab80c Merged: [test] Switch to flattened json output Revision: 373a9a8cfc8db3ef65fcdca0ec0c4ded9e4acc89 BUG=chromium:1132088,v8:10893 NOTRY=true NOTREECHECKS=true R=liviurau@chromium.org Change-Id: I3c1de04ca4fe62e36da29e706a20daec0b3d4d98 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2461745 Reviewed-by: Liviu Rau <liviurau@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/branch-heads/8.6@{nodejs#20} Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1} Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472} Refs: v8/v8@d724820
Original commit message: Merged: [parser] Fix AST func reindexing for function fields AST reindexing has to skip visiting fields that are already in the member initializer, as they will have already been visited when visiting said initializer. This is the case for private fields and fields with computed names. However, the reindexer was incorrectly assuming that all properties with a FunctionLiteral value are methods (and thus not fields, and can safely be visited). This is not the case for fields with function expression values. Now, we correctly use the class property's "kind" when making this visitation decision. (cherry picked from commit a769ea7a4462115579ba87bc16fbffbae01310c1) Bug: chromium:1132111 Tbr: leszeks@chromium.org No-Try: true No-Presubmit: true No-Tree-Checks: true Change-Id: I33ac5664bb5334e964d351de1ba7e2c57f3398f8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2465056 Commit-Queue: Adam Klein <adamk@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/branch-heads/8.6@{nodejs#24} Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1} Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472} Refs: v8/v8@6a4cd97
Original commit message: Merged: [ia32][wasm-simd] Fix aligned moves in codegen For SIMD instructions that use aligned moves (like movaps or movapd), we don't have correct memory alignment for SIMD moves yet. Switch to to movupd. TBR=bbudge@chromium.org,adamk@chromium.org Bug: v8:9198 Bug: v8:10831 Bug: chromium:1134039 (cherry picked from commit ab23ff3c0eed141361365241d13e3211efd608cf) Change-Id: Icc038b4a32364b8bc66b723403ccc11f954b080d No-Try: true No-Presubmit: true No-Tree-Checks: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2469600 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/branch-heads/8.6@{nodejs#30} Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1} Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472} Refs: v8/v8@ed3eeda
Original commit message: Merged: [codegen] Skip invalid optimization in tail calls Preparing for tail call is usually done by emitting the gap moves and then moving the stack pointer to its new position. An optimization consists in moving the stack pointer first and transforming some of the moves into pushes. In the attached case it looks like this (arm): 138 add sp, sp, nodejs#40 13c str r6, [sp, #-4]! 140 str r6, [sp, #-4]! 144 str r6, [sp, #-4]! 148 str r6, [sp, #-4]! 14c str r6, [sp, #-4]! ... 160 vldr d1, [sp - 4*3] The last line is a gap reload, but because the stack pointer was already moved, the slot is now below the stack pointer. This is invalid and triggers this DCHECK: Fatal error in ../../v8/src/codegen/arm/assembler-arm.cc, line 402 Debug check failed: 0 <= offset (0 vs. -12). A comment already explains that we skip the optimization if the gap contains stack moves to prevent this, but the code only checks for non-FP slots. This is fixed by replacing "source.IsStackSlot()" with "source.IsAnyStackSlot()": 108 vldr d1, [sp + 4*2] ... 118 str r0, [sp, #+36] 11c str r0, [sp, #+32] 120 str r0, [sp, #+28] 124 str r0, [sp, #+24] 128 str r0, [sp, #+20] ... 134 add sp, sp, nodejs#20 TBR=jgruber@chromium.org (cherry picked from commit 7506e063d0d7fb00e4b9c06735c91e1953296867) Change-Id: I66ed6187755af956e245207e940c83ea0697a5e6 Bug: chromium:1137608 No-Try: true No-Presubmit: true No-Tree-Checks: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2505976 Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/branch-heads/8.6@{nodejs#42} Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1} Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472} Refs: v8/v8@8c725f7
Original commit message: Merged: [map] Try to in-place transition during map update When searching for a target map during map update, attempt to update field representations in-place to the more general representation, where possible. Bug: chromium:1143772 No-Try: true No-Presubmit: true No-Tree-Checks: true TBR=leszeks@chromium.org, fgm@chromium.org (cherry picked from commit 8e3ae62d294818733a0322d8e8abd53d4e410f19) Change-Id: I659890c2f08c14d1cf94242fb875c19837df2dbb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2509599 Reviewed-by: Francis McCabe <fgm@chromium.org> Reviewed-by: Michael Hablich <hablich@chromium.org> Reviewed-by: Bill Budge <bbudge@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/branch-heads/8.6@{nodejs#44} Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1} Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472} Refs: v8/v8@3ba21a1
Original commit message: Merged: [compiler] Fix a bug in SimplifiedLowering Revision: ba1b2cc09ab98b51ca3828d29d19ae3b0a7c3a92 BUG=chromium:1150649 NOTRY=true NOPRESUBMIT=true NOTREECHECKS=true (cherry picked from commit 966d0eb98dd2630e861d267288fa2c63be9b5465) Change-Id: Ic903e61ee00b7c240bed96633d1eab582c295308 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557985 Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Original-Commit-Position: refs/branch-heads/8.8@{#10} Cr-Original-Branched-From: 2dbcdc105b963ee2501c82139eef7e0603977ff0-refs/heads/8.8.278@{#1} Cr-Original-Branched-From: 366d30c99049b3f1c673f8a93deb9f879d0fa9f0-refs/heads/master@{#71094} Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2624749 Reviewed-by: Jana Grill <janagrill@chromium.org> Reviewed-by: Achuith Bhandarkar <achuith@chromium.org> Commit-Queue: Victor-Gabriel Savu <vsavu@google.com> Cr-Commit-Position: refs/branch-heads/8.6@{nodejs#52} Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1} Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472} Refs: v8/v8@c449afa
Original commit message: [bigint] Fix possibly-uninitialized leading digit on right shift (cherry picked from commit e82a3b4d47a93ab64f07d8c03e3cd17b6b961c3f) (cherry picked from commit 1162c460dee4218abd798b51b88926aef5c8bd61) No-Try: true No-Presubmit: true No-Tree-Checks: true Fixed: chromium:1151890 Change-Id: I26f5c76494a9ff3f5a141f381e1c9a543e368571 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2561618 Auto-Submit: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Original-Original-Commit-Position: refs/heads/master@{#71422} Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2565245 Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Original-Commit-Position: refs/branch-heads/8.7@{nodejs#57} Cr-Original-Branched-From: 0d81cd72688512abcbe1601015baee390c484a6a-refs/heads/8.7.220@{#1} Cr-Original-Branched-From: 942c2ef85caef00fcf02517d049f05e9a3d4b440-refs/heads/master@{#70196} Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2624611 Commit-Queue: Victor-Gabriel Savu <vsavu@google.com> Cr-Commit-Position: refs/branch-heads/8.6@{nodejs#54} Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1} Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472} Refs: v8/v8@412ac52
Original commit message: Merged: [wasm-simd] Fix loading fp pair registers We were incorrectly clearing the high reg from the list of regs to load. The intention was to prevent double (and incorrect) loading - loading 128 bits from the low fp and the loading 128 bits from the high fp. But this violates the assumption that the two regs in a pair would be set or unset at the same time. The fix here is to introduce a new enum for register loads, a nop, which does nothing. The high fp of the fp pair will be tied to this nop, so as we iterate down the reglist, we load 128 bits using the low fp, then don't load anything for the high fp. Bug: chromium:1161654 (cherry picked from commit 8c698702ced0de085aa91370d8cb44deab3fcf54) (cherry picked from commit ffd6ff5a61b9343ccc62e6c03b71a33682c6084d) Change-Id: Ib8134574b24f74f24ca9efd34b3444173296d8f1 No-Try: true No-Presubmit: true No-Tree-Checks: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2619416 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Original-Commit-Position: refs/branch-heads/8.8@{nodejs#28} Cr-Original-Branched-From: 2dbcdc105b963ee2501c82139eef7e0603977ff0-refs/heads/8.8.278@{#1} Cr-Original-Branched-From: 366d30c99049b3f1c673f8a93deb9f879d0fa9f0-refs/heads/master@{#71094} Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2649176 Reviewed-by: Victor-Gabriel Savu <vsavu@google.com> Commit-Queue: Achuith Bhandarkar <achuith@chromium.org> Cr-Commit-Position: refs/branch-heads/8.6@{nodejs#55} Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1} Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472} Refs: v8/v8@482e5c7
Original commit message: Merged: [deoptimizer] Stricter checks during deoptimization Revision: 506e893b812e03dbebe34b11d8aa9d4eb6869d89 BUG=chromium:1161357 NOTRY=true NOPRESUBMIT=true NOTREECHECKS=true R=mythria@chromium.org (cherry picked from commit 44d052c19df0801fafdf2be54c899db65e79c67a) Change-Id: I97b69ae11d85bc0acd4a0c7bd28e1b692433de80 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2616219 Reviewed-by: Mythri Alle <mythria@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Original-Commit-Position: refs/branch-heads/8.8@{nodejs#23} Cr-Original-Branched-From: 2dbcdc105b963ee2501c82139eef7e0603977ff0-refs/heads/8.8.278@{#1} Cr-Original-Branched-From: 366d30c99049b3f1c673f8a93deb9f879d0fa9f0-refs/heads/master@{#71094} Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2649571 Reviewed-by: Victor-Gabriel Savu <vsavu@google.com> Commit-Queue: Achuith Bhandarkar <achuith@chromium.org> Cr-Commit-Position: refs/branch-heads/8.6@{nodejs#56} Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1} Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472} Refs: v8/v8@ad2c5da
targos
added a commit
that referenced
this pull request
Apr 30, 2021
Original commit message: Merged: [parser] Fix AST func reindexing for function fields AST reindexing has to skip visiting fields that are already in the member initializer, as they will have already been visited when visiting said initializer. This is the case for private fields and fields with computed names. However, the reindexer was incorrectly assuming that all properties with a FunctionLiteral value are methods (and thus not fields, and can safely be visited). This is not the case for fields with function expression values. Now, we correctly use the class property's "kind" when making this visitation decision. (cherry picked from commit a769ea7a4462115579ba87bc16fbffbae01310c1) Bug: chromium:1132111 Tbr: leszeks@chromium.org No-Try: true No-Presubmit: true No-Tree-Checks: true Change-Id: I33ac5664bb5334e964d351de1ba7e2c57f3398f8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2465056 Commit-Queue: Adam Klein <adamk@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/branch-heads/8.6@{#24} Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1} Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472} Refs: v8/v8@6a4cd97 PR-URL: #38275 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Jiawen Geng <technicalcute@gmail.com> Reviewed-By: Shelley Vohr <codebytere@gmail.com>
targos
added a commit
that referenced
this pull request
Apr 30, 2021
Original commit message: Merged: [ia32][wasm-simd] Fix aligned moves in codegen For SIMD instructions that use aligned moves (like movaps or movapd), we don't have correct memory alignment for SIMD moves yet. Switch to to movupd. TBR=bbudge@chromium.org,adamk@chromium.org Bug: v8:9198 Bug: v8:10831 Bug: chromium:1134039 (cherry picked from commit ab23ff3c0eed141361365241d13e3211efd608cf) Change-Id: Icc038b4a32364b8bc66b723403ccc11f954b080d No-Try: true No-Presubmit: true No-Tree-Checks: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2469600 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/branch-heads/8.6@{#30} Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1} Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472} Refs: v8/v8@ed3eeda PR-URL: #38275 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Jiawen Geng <technicalcute@gmail.com> Reviewed-By: Shelley Vohr <codebytere@gmail.com>
targos
added a commit
that referenced
this pull request
Apr 30, 2021
Original commit message: Merged: [codegen] Skip invalid optimization in tail calls Preparing for tail call is usually done by emitting the gap moves and then moving the stack pointer to its new position. An optimization consists in moving the stack pointer first and transforming some of the moves into pushes. In the attached case it looks like this (arm): 138 add sp, sp, #40 13c str r6, [sp, #-4]! 140 str r6, [sp, #-4]! 144 str r6, [sp, #-4]! 148 str r6, [sp, #-4]! 14c str r6, [sp, #-4]! ... 160 vldr d1, [sp - 4*3] The last line is a gap reload, but because the stack pointer was already moved, the slot is now below the stack pointer. This is invalid and triggers this DCHECK: Fatal error in ../../v8/src/codegen/arm/assembler-arm.cc, line 402 Debug check failed: 0 <= offset (0 vs. -12). A comment already explains that we skip the optimization if the gap contains stack moves to prevent this, but the code only checks for non-FP slots. This is fixed by replacing "source.IsStackSlot()" with "source.IsAnyStackSlot()": 108 vldr d1, [sp + 4*2] ... 118 str r0, [sp, #+36] 11c str r0, [sp, #+32] 120 str r0, [sp, #+28] 124 str r0, [sp, #+24] 128 str r0, [sp, #+20] ... 134 add sp, sp, #20 TBR=jgruber@chromium.org (cherry picked from commit 7506e063d0d7fb00e4b9c06735c91e1953296867) Change-Id: I66ed6187755af956e245207e940c83ea0697a5e6 Bug: chromium:1137608 No-Try: true No-Presubmit: true No-Tree-Checks: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2505976 Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/branch-heads/8.6@{#42} Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1} Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472} Refs: v8/v8@8c725f7 PR-URL: #38275 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Jiawen Geng <technicalcute@gmail.com> Reviewed-By: Shelley Vohr <codebytere@gmail.com>
targos
added a commit
that referenced
this pull request
Apr 30, 2021
Original commit message: Merged: [map] Try to in-place transition during map update When searching for a target map during map update, attempt to update field representations in-place to the more general representation, where possible. Bug: chromium:1143772 No-Try: true No-Presubmit: true No-Tree-Checks: true TBR=leszeks@chromium.org, fgm@chromium.org (cherry picked from commit 8e3ae62d294818733a0322d8e8abd53d4e410f19) Change-Id: I659890c2f08c14d1cf94242fb875c19837df2dbb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2509599 Reviewed-by: Francis McCabe <fgm@chromium.org> Reviewed-by: Michael Hablich <hablich@chromium.org> Reviewed-by: Bill Budge <bbudge@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/branch-heads/8.6@{#44} Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1} Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472} Refs: v8/v8@3ba21a1 PR-URL: #38275 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Jiawen Geng <technicalcute@gmail.com> Reviewed-By: Shelley Vohr <codebytere@gmail.com>
targos
added a commit
that referenced
this pull request
Apr 30, 2021
Original commit message: Merged: [compiler] Fix a bug in SimplifiedLowering Revision: ba1b2cc09ab98b51ca3828d29d19ae3b0a7c3a92 BUG=chromium:1150649 NOTRY=true NOPRESUBMIT=true NOTREECHECKS=true (cherry picked from commit 966d0eb98dd2630e861d267288fa2c63be9b5465) Change-Id: Ic903e61ee00b7c240bed96633d1eab582c295308 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557985 Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Original-Commit-Position: refs/branch-heads/8.8@{#10} Cr-Original-Branched-From: 2dbcdc105b963ee2501c82139eef7e0603977ff0-refs/heads/8.8.278@{#1} Cr-Original-Branched-From: 366d30c99049b3f1c673f8a93deb9f879d0fa9f0-refs/heads/master@{#71094} Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2624749 Reviewed-by: Jana Grill <janagrill@chromium.org> Reviewed-by: Achuith Bhandarkar <achuith@chromium.org> Commit-Queue: Victor-Gabriel Savu <vsavu@google.com> Cr-Commit-Position: refs/branch-heads/8.6@{#52} Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1} Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472} Refs: v8/v8@c449afa PR-URL: #38275 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Jiawen Geng <technicalcute@gmail.com> Reviewed-By: Shelley Vohr <codebytere@gmail.com>
targos
added a commit
that referenced
this pull request
Apr 30, 2021
Original commit message: [bigint] Fix possibly-uninitialized leading digit on right shift (cherry picked from commit e82a3b4d47a93ab64f07d8c03e3cd17b6b961c3f) (cherry picked from commit 1162c460dee4218abd798b51b88926aef5c8bd61) No-Try: true No-Presubmit: true No-Tree-Checks: true Fixed: chromium:1151890 Change-Id: I26f5c76494a9ff3f5a141f381e1c9a543e368571 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2561618 Auto-Submit: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Original-Original-Commit-Position: refs/heads/master@{#71422} Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2565245 Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Original-Commit-Position: refs/branch-heads/8.7@{#57} Cr-Original-Branched-From: 0d81cd72688512abcbe1601015baee390c484a6a-refs/heads/8.7.220@{#1} Cr-Original-Branched-From: 942c2ef85caef00fcf02517d049f05e9a3d4b440-refs/heads/master@{#70196} Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2624611 Commit-Queue: Victor-Gabriel Savu <vsavu@google.com> Cr-Commit-Position: refs/branch-heads/8.6@{#54} Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1} Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472} Refs: v8/v8@412ac52 PR-URL: #38275 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Jiawen Geng <technicalcute@gmail.com> Reviewed-By: Shelley Vohr <codebytere@gmail.com>
targos
added a commit
that referenced
this pull request
Apr 30, 2021
Original commit message: Merged: [wasm-simd] Fix loading fp pair registers We were incorrectly clearing the high reg from the list of regs to load. The intention was to prevent double (and incorrect) loading - loading 128 bits from the low fp and the loading 128 bits from the high fp. But this violates the assumption that the two regs in a pair would be set or unset at the same time. The fix here is to introduce a new enum for register loads, a nop, which does nothing. The high fp of the fp pair will be tied to this nop, so as we iterate down the reglist, we load 128 bits using the low fp, then don't load anything for the high fp. Bug: chromium:1161654 (cherry picked from commit 8c698702ced0de085aa91370d8cb44deab3fcf54) (cherry picked from commit ffd6ff5a61b9343ccc62e6c03b71a33682c6084d) Change-Id: Ib8134574b24f74f24ca9efd34b3444173296d8f1 No-Try: true No-Presubmit: true No-Tree-Checks: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2619416 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Original-Commit-Position: refs/branch-heads/8.8@{#28} Cr-Original-Branched-From: 2dbcdc105b963ee2501c82139eef7e0603977ff0-refs/heads/8.8.278@{#1} Cr-Original-Branched-From: 366d30c99049b3f1c673f8a93deb9f879d0fa9f0-refs/heads/master@{#71094} Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2649176 Reviewed-by: Victor-Gabriel Savu <vsavu@google.com> Commit-Queue: Achuith Bhandarkar <achuith@chromium.org> Cr-Commit-Position: refs/branch-heads/8.6@{#55} Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1} Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472} Refs: v8/v8@482e5c7 PR-URL: #38275 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Jiawen Geng <technicalcute@gmail.com> Reviewed-By: Shelley Vohr <codebytere@gmail.com>
targos
added a commit
that referenced
this pull request
Apr 30, 2021
Original commit message: Merged: [deoptimizer] Stricter checks during deoptimization Revision: 506e893b812e03dbebe34b11d8aa9d4eb6869d89 BUG=chromium:1161357 NOTRY=true NOPRESUBMIT=true NOTREECHECKS=true R=mythria@chromium.org (cherry picked from commit 44d052c19df0801fafdf2be54c899db65e79c67a) Change-Id: I97b69ae11d85bc0acd4a0c7bd28e1b692433de80 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2616219 Reviewed-by: Mythri Alle <mythria@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Original-Commit-Position: refs/branch-heads/8.8@{#23} Cr-Original-Branched-From: 2dbcdc105b963ee2501c82139eef7e0603977ff0-refs/heads/8.8.278@{#1} Cr-Original-Branched-From: 366d30c99049b3f1c673f8a93deb9f879d0fa9f0-refs/heads/master@{#71094} Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2649571 Reviewed-by: Victor-Gabriel Savu <vsavu@google.com> Commit-Queue: Achuith Bhandarkar <achuith@chromium.org> Cr-Commit-Position: refs/branch-heads/8.6@{#56} Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1} Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472} Refs: v8/v8@ad2c5da PR-URL: #38275 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Jiawen Geng <technicalcute@gmail.com> Reviewed-By: Shelley Vohr <codebytere@gmail.com>
targos
added a commit
that referenced
this pull request
Apr 30, 2021
Original commit message: Merged: [liftoff][arm] Release temp registers after use The {ParallelRegisterMove} at the end of {AtomicLoad} might need a temporary scratch register for spilling values to the stack. Make sure that one is available by giving up the scratch register used for the address of the atomic access. TBR=ahaas@chromium.org (cherry picked from commit 63166010061d2af4fef6a713d448ebf074a9d2cb) (cherry picked from commit 953f7a9dcb1425616e3be67fdfe6ef8d820f0daa) Bug: chromium:1153442 Change-Id: Ie312b37857e226058581b300b5adb1f14476c155 No-Try: true No-Presubmit: true No-Tree-Checks: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2584959 Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Original-Commit-Position: refs/branch-heads/8.7@{#60} Cr-Original-Branched-From: 0d81cd72688512abcbe1601015baee390c484a6a-refs/heads/8.7.220@{#1} Cr-Original-Branched-From: 942c2ef85caef00fcf02517d049f05e9a3d4b440-refs/heads/master@{#70196} Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2656263 Reviewed-by: Victor-Gabriel Savu <vsavu@google.com> Commit-Queue: Artem Sumaneev <asumaneev@google.com> Cr-Commit-Position: refs/branch-heads/8.6@{#58} Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1} Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472} Refs: v8/v8@5c6c99a PR-URL: #38275 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Jiawen Geng <technicalcute@gmail.com> Reviewed-By: Shelley Vohr <codebytere@gmail.com>
targos
added a commit
that referenced
this pull request
Apr 30, 2021
Original commit message: Merged: [interpreter] Store accumulator to callee after optional chain checks Revision: df98901c19ce17ca995ee6750379b0f004210d68 BUG=chromium:1171954 NOTRY=true NOPRESUBMIT=true NOTREECHECKS=true R=rmcilroy@chromium.org (cherry picked from commit f309db52c2ccab8c9a04fcd236e89deb077061f9) Change-Id: If09e1503ca07b47a112362495ec0bb9d502118c9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2674008 Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Original-Commit-Position: refs/branch-heads/8.9@{#33} Cr-Original-Branched-From: 16b9bbbd581c25391981aa03180b76aa60463a3e-refs/heads/8.9.255@{#1} Cr-Original-Branched-From: d16a2a688498bd1c3e6a49edb25d8c4ca56232dc-refs/heads/master@{#72039} Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2706110 Reviewed-by: Mythri Alle <mythria@chromium.org> Commit-Queue: Achuith Bhandarkar <achuith@chromium.org> Cr-Commit-Position: refs/branch-heads/8.6@{#62} Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1} Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472} Refs: v8/v8@e527ba4 PR-URL: #38275 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Jiawen Geng <technicalcute@gmail.com> Reviewed-By: Shelley Vohr <codebytere@gmail.com>
targos
added a commit
that referenced
this pull request
Apr 30, 2021
Original commit message: Reland "[regexp] Hard-crash on invalid offsets in AdvanceCurrentPosition" This is a reland of 164cf80bbb0a6e091300bfc4cbbe70a6e6bd3e49 The reland fixes UB (left-shift of negative integer type) with a static_cast<uint32_t>. Original change's description: > [regexp] Hard-crash on invalid offsets in AdvanceCurrentPosition > > Drive-by: Range checks in `Emit(byte, twenty_four_bits)` to ensure the > given packed bits actually fit into 24 bits. > > Bug: chromium:1166138 > Change-Id: I2e711e6466bb48d7b9897f68dfe621d12bd92508 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2625877 > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Commit-Queue: Leszek Swirski <leszeks@chromium.org> > Auto-Submit: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Leszek Swirski <leszeks@chromium.org> > Cr-Commit-Position: refs/heads/master@{#72064} (cherry picked from commit ff8d0f92d423774cf773b5b4fb48b6744971e27a) No-Try: true No-Presubmit: true No-Tree-Checks: true Tbr: leszeks@chromium.org Bug: chromium:1166138 Change-Id: I514495e14bb99dfc9588fdb4a9f35d67d8d64acb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2626663 Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#72088} Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2742954 Reviewed-by: Jana Grill <janagrill@chromium.org> Commit-Queue: Victor-Gabriel Savu <vsavu@google.com> Cr-Commit-Position: refs/branch-heads/8.6@{#64} Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1} Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472} Refs: v8/v8@53c4d05 PR-URL: #38275 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Jiawen Geng <technicalcute@gmail.com> Reviewed-By: Shelley Vohr <codebytere@gmail.com>
targos
added a commit
that referenced
this pull request
Apr 30, 2021
Original commit message: [macro-assembler] Avoid using the isolate in CallRecordWriteStub CallRecordWriteStub is used in a background compile thread for JS-to-Wasm wrapper compilation, so it should avoid accessing the isolate. Call the builtin using CallBuiltin which does not require a Handle<Code> object and instead gets the call target directly from the embedded data. R=clemensb@chromium.org (cherry picked from commit 6b3994e8507b32dfb956329395dbe33a2a8fee14) No-Try: true No-Presubmit: true No-Tree-Checks: true Bug: chromium:1146813 Change-Id: I4ee59084e4184f2e9039208e4e6db43482cefde6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2593333 Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#71785} Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2731535 Commit-Queue: Victor-Gabriel Savu <vsavu@google.com> Reviewed-by: Jana Grill <janagrill@chromium.org> Cr-Commit-Position: refs/branch-heads/8.6@{#66} Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1} Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472} Refs: v8/v8@d2283ba PR-URL: #38275 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Jiawen Geng <technicalcute@gmail.com> Reviewed-By: Shelley Vohr <codebytere@gmail.com>
targos
added a commit
that referenced
this pull request
Apr 30, 2021
Original commit message: [macro-assembler] Avoid using the isolate in CallRecordWriteStub CallRecordWriteStub is used in a background compile thread for JS-to-Wasm wrapper compilation, so it should avoid accessing the isolate. Call the builtin using CallBuiltin which does not require a Handle<Code> object and instead gets the call target directly from the embedded data. R=clemensb@chromium.org (cherry picked from commit 6b3994e8507b32dfb956329395dbe33a2a8fee14) No-Try: true No-Presubmit: true No-Tree-Checks: true Bug: chromium:1146813 Change-Id: I4ee59084e4184f2e9039208e4e6db43482cefde6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2593333 Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#71785} Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2731535 Commit-Queue: Victor-Gabriel Savu <vsavu@google.com> Reviewed-by: Jana Grill <janagrill@chromium.org> Cr-Commit-Position: refs/branch-heads/8.6@{#66} Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1} Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472} Refs: v8/v8@8130669 PR-URL: #38275 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Jiawen Geng <technicalcute@gmail.com> Reviewed-By: Shelley Vohr <codebytere@gmail.com>
targos
added a commit
that referenced
this pull request
Apr 30, 2021
Original commit message: [M86 LTS] Disable failing tests Disable failing tests backported from ToT. No existing tests are disabled. No-Try: true No-Presubmit: true No-Tree-Checks: true Bug: None Change-Id: I94d2cd4827ce6fd1875c66912b4841a4a7c72ab3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2764754 Reviewed-by: Artem Sumaneev <asumaneev@google.com> Commit-Queue: Victor-Gabriel Savu <vsavu@google.com> Cr-Commit-Position: refs/branch-heads/8.6@{#70} Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1} Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472} Refs: v8/v8@5678ebe PR-URL: #38275 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Jiawen Geng <technicalcute@gmail.com> Reviewed-By: Shelley Vohr <codebytere@gmail.com>
targos
added a commit
that referenced
this pull request
Apr 30, 2021
Original commit message: Merged: [deoptimizer] Fix bug in OptimizedFrame::Summarize Revision: 3353a7d0b017146d543434be4036a81aaf7d25ae BUG=chromium:1182647 NOTRY=true NOPRESUBMIT=true NOTREECHECKS=true R=bmeurer@chromium.org (cherry picked from commit c0c96b768a7d3463b11403874549e6496529740d) Change-Id: I86abd6a3f34169be5f99aa9f54bb7bb3706fa85a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2780300 Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Original-Commit-Position: refs/branch-heads/8.9@{#49} Cr-Original-Branched-From: 16b9bbbd581c25391981aa03180b76aa60463a3e-refs/heads/8.9.255@{#1} Cr-Original-Branched-From: d16a2a688498bd1c3e6a49edb25d8c4ca56232dc-refs/heads/master@{#72039} Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2794427 Reviewed-by: Victor-Gabriel Savu <vsavu@google.com> Commit-Queue: Artem Sumaneev <asumaneev@google.com> Cr-Commit-Position: refs/branch-heads/8.6@{#72} Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1} Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472} Refs: v8/v8@254c794 PR-URL: #38275 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Jiawen Geng <technicalcute@gmail.com> Reviewed-By: Shelley Vohr <codebytere@gmail.com>
targos
added a commit
that referenced
this pull request
Apr 30, 2021
Original commit message: [LTS-M86][compiler][x64] Fix bug in InstructionSelector::ChangeInt32ToInt64 (cherry picked from commit 02f84c745fc0cae5927a66dc4a3e81334e8f60a6) No-Try: true No-Presubmit: true No-Tree-Checks: true Bug: chromium:1196683 Change-Id: Ib4ea738b47b64edc81450583be4c80a41698c3d1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2820971 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#73903} Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2821959 Commit-Queue: Jana Grill <janagrill@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Victor-Gabriel Savu <vsavu@google.com> Cr-Commit-Position: refs/branch-heads/8.6@{#75} Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1} Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472} Refs: v8/v8@3066b7b PR-URL: #38275 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Jiawen Geng <technicalcute@gmail.com> Reviewed-By: Shelley Vohr <codebytere@gmail.com>
targos
added a commit
that referenced
this pull request
Apr 30, 2021
Original commit message: [LTS-M86][builtins] Harden Array.prototype.concat. Defence in depth patch to prevent JavaScript from executing from within IterateElements. R=ishell@chromium.org R=cbruni@chromium.org (cherry picked from commit 8284359ed0607e452a4dda2ce89811fb019b4aaa) No-Try: true No-Presubmit: true No-Tree-Checks: true Bug: chromium:1195977 Change-Id: Ie59d468b73b94818cea986a3ded0804f6dddd10b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2819941 Reviewed-by: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#73898} Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2821961 Commit-Queue: Jana Grill <janagrill@chromium.org> Reviewed-by: Victor-Gabriel Savu <vsavu@google.com> Cr-Commit-Position: refs/branch-heads/8.6@{#76} Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1} Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472} Refs: v8/v8@1e35f64 PR-URL: #38275 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Jiawen Geng <technicalcute@gmail.com> Reviewed-By: Shelley Vohr <codebytere@gmail.com>
targos
added a commit
that referenced
this pull request
Apr 30, 2021
Original commit message: [LTS-M86][builtins] Fix Array.prototype.concat with @@species (cherry picked from commit 7989e04979c3195e60a6814e8263063eb91f7b47) No-Try: true No-Presubmit: true No-Tree-Checks: true Bug: chromium:1195977 Change-Id: I16843bce2e9f776abca0f2b943b898ab5e597e42 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2810787 Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#73842} Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2823829 Commit-Queue: Jana Grill <janagrill@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Victor-Gabriel Savu <vsavu@google.com> Cr-Commit-Position: refs/branch-heads/8.6@{#77} Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1} Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472} Refs: v8/v8@8ebd894 PR-URL: #38275 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Jiawen Geng <technicalcute@gmail.com> Reviewed-By: Shelley Vohr <codebytere@gmail.com>
targos
added a commit
that referenced
this pull request
Apr 30, 2021
Original commit message: Merged: [runtime] Fix sorted order of DescriptorArray entries Revision: 518d67ad652fc24b7eb03e48bb342f952d4ccf74 This is a reland of the previous merge which addresses the cctest link failure in component build mode. BUG=chromium:1133527 NOTRY=true NOPRESUBMIT=true NOTREECHECKS=true R=verwaest@chromium.org Change-Id: Icbbc69fd5403fd0c2ab6d07d4340292b2b8c72b9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2504264 Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/branch-heads/8.6@{#40} Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1} Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472} Refs: v8/v8@1a7d55a PR-URL: #38275 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Jiawen Geng <technicalcute@gmail.com> Reviewed-By: Shelley Vohr <codebytere@gmail.com>
targos
added a commit
that referenced
this pull request
Apr 30, 2021
Original commit message: [wasm][ia32][liftoff] Implement AtomicCompareExchange As there are not enough registers on ia32 to execute the platform- independent code, the CL also adds ia32-specific code to liftoff-compiler.cc. For this we first retrieve the memory index from the stack, do a bounds check, and calculate the final address. Only afterwards we pop all other values from the stack and pass them to the platform-dependent code. R=clemensb@chromium.org Bug: v8:10108 Change-Id: I741266a9523c8b5c46acc0b29817fd143a75752e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2316305 Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#69047} Refs: v8/v8@93b2105 PR-URL: #38275 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Jiawen Geng <technicalcute@gmail.com> Reviewed-By: Shelley Vohr <codebytere@gmail.com>
targos
added a commit
that referenced
this pull request
Apr 30, 2021
Original commit message: Merged: [wasm][liftoff][ia32] Fix register allocation of CompareExchange The register that holds the {new_value} for the AtomicCompareExchange8U has to be a byte register on ia32. There was code to guarantee that, but after that code there was code that frees the {eax} register, and that code moved the {new_value} to a different register again. With this CL we first free {eax}, and then find a byte register for the {new_value}. R=clemensb@chromium.org NOTRY=true NOPRESUBMIT=true NOTREECHECKS=true (cherry picked from commit 70a389ac8778064e470a95412d40e17f97898142) Bug: chromium:1140549 Change-Id: I1679f3f9ab26c5416ea251c7925366ff43336d85 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2491031 Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#70721} Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2504512 Cr-Commit-Position: refs/branch-heads/8.6@{#38} Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1} Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472} Refs: v8/v8@f44fcbf PR-URL: #38275 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Jiawen Geng <technicalcute@gmail.com> Reviewed-By: Shelley Vohr <codebytere@gmail.com>
targos
added a commit
that referenced
this pull request
Apr 30, 2021
Original commit message: [wasm][liftoff][cleanup] Remove default parameter of GetUnusedRegister This CL removes the default parameter of GetUnusedRegister to avoid bugs where the default parameter is used accidentially. With "{}" the default value of the parameter is easy to write, and also not much more difficult to read. R=clemensb@chromium.org Bug: v8:10506 Change-Id: I3debe5eb91578c82abdac81dc6c252435fdf30d6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2202991 Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#67822} Refs: v8/v8@6771d3e PR-URL: #38275 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Jiawen Geng <technicalcute@gmail.com> Reviewed-By: Shelley Vohr <codebytere@gmail.com>
targos
added a commit
that referenced
this pull request
Apr 30, 2021
Original commit message: Merged: [wasm][liftoff] Fix register usage for i64_addi The arm implementation made the assumption that the {lhs} and {dst} registers are either the same, or there is no overlap. This assumption does not hold. ia32 on the other hand has a lot of complicated logic (and unnecessary code generation) for different cases of overlap. This CL fixes the arm issue *and* simplifies the ia32 logic by making the arm assumption hold, and using it to eliminate special handling on ia32. R=thibaudm@chromium.org (cherry picked from commit 89ca48c907e25ef94a135255092c4e150654c4fc) Bug: chromium:1146861 Change-Id: I96c4985fb8ff710b98e009e457444fc8804bce58 No-Try: true No-Presubmit: true No-Tree-Checks: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2584242 Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/branch-heads/8.6@{#50} Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1} Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472} Refs: v8/v8@eddb823 PR-URL: #38275 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Jiawen Geng <technicalcute@gmail.com> Reviewed-By: Shelley Vohr <codebytere@gmail.com>
targos
added a commit
that referenced
this pull request
Apr 30, 2021
Original commit message: [compiler] Test linear searches in a DescriptorArray in the background This CL adds a linear search test in a DescriptorArray in a known flat object in the background thread, while the main thread exercises the same DescriptorArray. Also sets the foundation for the follow-ups tests in background threads. Bug: v8:7790 Change-Id: I0e99508204808baaf605161d2eeb717eabe712fb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2207147 Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/master@{#68299} Refs: v8/v8@4e24c35 PR-URL: #38275 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Jiawen Geng <technicalcute@gmail.com> Reviewed-By: Shelley Vohr <codebytere@gmail.com>
targos
added a commit
that referenced
this pull request
Apr 30, 2021
Original commit message: [compiler][cleanup] Move Make(String|Name) helper methods to cctest.h Several tests were using them and we can dedup code. Change-Id: I4ef5ae5772856d1f36e965b6b62ff5895b4e04fb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2215173 Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#67974} Refs: v8/v8@be91c6c PR-URL: #38275 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Jiawen Geng <technicalcute@gmail.com> Reviewed-By: Shelley Vohr <codebytere@gmail.com>
targos
added a commit
that referenced
this pull request
Apr 30, 2021
Original commit message: M86-LTS: [compiler] Fix bug in RepresentationChanger::GetWord32RepresentationFor We have to respect the TypeCheckKind. (cherry picked from commit fd29e246f65a7cee130e72cd10f618f3b82af232) No-Try: true No-Presubmit: true No-Tree-Checks: true Bug: chromium:1195777 Change-Id: If1eed719fef79b7c61d99c29ba869ddd7985c413 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2817791 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#73909} Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2838235 Owners-Override: Achuith Bhandarkar <achuith@chromium.org> Reviewed-by: Artem Sumaneev <asumaneev@google.com> Commit-Queue: Achuith Bhandarkar <achuith@chromium.org> Cr-Commit-Position: refs/branch-heads/8.6@{#79} Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1} Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472} Refs: v8/v8@bbc59d1 PR-URL: #38275 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Jiawen Geng <technicalcute@gmail.com> Reviewed-By: Shelley Vohr <codebytere@gmail.com>
targos
added a commit
that referenced
this pull request
Apr 30, 2021
It was removed upstream and is now inferred from the build config. PR-URL: #35705 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Jiawen Geng <technicalcute@gmail.com> Reviewed-By: Beth Griggs <bgriggs@redhat.com> Reviewed-By: Daijiro Wachi <daijiro.wachi@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com> PR-URL: #38275 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Shelley Vohr <codebytere@gmail.com>
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This backports almost all of V8 backmerges from the 8.6 LTS branch.
There are a few additional commits to avoid merge conflicts and a few missing commits because they were either
too difficult to backport or weren't relevant for V8 8.4.