Original commit message:
[heap] Perform GCs on v8::BackingStore allocation
This adds heuristics to perform young and full GCs on allocation
of external ArrayBuffer backing stores.
Young GCs are performed proactively based on the external backing
store bytes for the young generation. Full GCs are performed only
if the allocation fails. Subsequent CLs will add heuristics to
start incremental full GCs based on the external backing store bytes.
This will allow us to remove AdjustAmountOfExternalMemory for
ArrayBuffers.
Bug: v8:9701, chromium:1008938
Change-Id: I0e8688f582989518926c38260b5cf14e2ca93f84
Reviewed-on: 1803614
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65480}
PR-URL: https://github.com/nodejs/node/pull/31007
Refs: 687d865fe2
Refs: https://github.com/nodejs/node/issues/1671
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Gus Caplan <me@gus.host>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Original commit message:
[coverage] Fix coverage with default arguments
In the presence of default arguments, the body of the function gets
wrapped into another block. This caused our trailing-range-after-return
optimization to not apply, because the wrapper block had no source
range assigned. This CL correctly assignes a source range to that block,
which allows already present code to handle it correctly.
Note that this is not a real coverage bug; we've just been reporting
whitespace as uncovered. We're fixing it for consistency.
Originally reported on github.com/bcoe/c8/issues/66
Bug: v8:9952
Change-Id: Iab3905f558eb99126e0dad8072d03d0a312fdcd3
Reviewed-on: 1903430
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64836}
Refs: 0dfd9ea512
PR-URL: https://github.com/nodejs/node/pull/30713
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Original commit message:
[heap] Ensure SyntheticModule is initialized before next allocation
Ensure that all fields of `SyntheticModule` are set before creating
the exports hash table for it, because the latter may trigger
garbage collection, leading to crashes.
This has been causing failures in the Node.js CI over the last weeks,
after making the creating of synthetic modules part of Node’s
startup sequence.
(I am generally not very familiar with this part of the V8
code and there might be a better way, or possibly a way to add a
reliable regression test, that I am not aware of.)
Refs: https://github.com/nodejs/node/issues/30498
Refs: https://github.com/nodejs/node/issues/30648
Change-Id: I32da4b7bd888c6ec1421f34f5bd52e7bad154c1e
Reviewed-on: 1939752
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65247}
Refs: https://github.com/v8/v8/commit/ \
ca5b0ec2722d2af4551c01ca78921fa16a26ae72
Fixes: https://github.com/nodejs/node/issues/30498
Fixes: https://github.com/nodejs/node/issues/30648
PR-URL: https://github.com/nodejs/node/pull/30708
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Gus Caplan <me@gus.host>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Original commit message:
[api] Fix handle leak when getting Context embedder data
The `Context::SlowGetAlignedPointerFromEmbedderData()` method returns
a pointer, so the fact that it allocates handles is not obvious to
the caller.
Since this is the slow path anyway, simply add a handle scope inside
of it.
The tests are also modified to perform the same check for the
`Object` equivalent of this method.
Change-Id: I5f03c9a7b70b3a17315609df021606a53c9feb2d
Reviewed-on: 1879902
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64583}
Refs: e5dbc95cc0
Fixes: https://github.com/nodejs/node/issues/30127
PR-URL: https://github.com/nodejs/node/pull/30130
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Original commit message:
Make SetSyntheticModuleExport throw instead of crash for nonexistent export name
Per spec, Module::SetSyntheticModuleExport should throw a ReferenceError
when called with an export name that was not supplied when constructing
that SyntheticModule. Instead, the current implementation crashes with
a failed CHECK().
Add a new Module::SyntheticModuleSetExport that throws (without an ensuing
crash) for this case, and deprecate the old
Module::SetSyntheticModuleExport.
Bug: v8:9828
Change-Id: I3b3d353064c3851882781818099bd8f6ee74c809
Reviewed-on: 1860996
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Dan Clark <daniec@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#64438}
Refs: 777fa98cc4
PR-URL: https://github.com/nodejs/node/pull/30020
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Original commit message:
[api] Add possibility for BackingStore to keep Allocator alive
Add an `array_buffer_allocator_shared` field to the
`Isolate::CreateParams` struct that allows embedders to share
ownership of the ArrayBuffer::Allocator with V8, and which in
particular means that when this method is used that the
BackingStore deleter will not perform an use-after-free access to the
Allocator under certain circumstances.
For Background:
tl;dr: This is necessary for Node.js to perform the transition to
V8 7.9, because of the way that ArrayBuffer::Allocators and their
lifetimes currently work there.
In Node.js, each Worker thread has its own ArrayBuffer::Allocator.
Changing that would currently be impractical, as each allocator
depends on per-Isolate state. However, now that backing stores
are managed globally and keep a pointer to the original
ArrayBuffer::Allocator, this means that when transferring an
ArrayBuffer (e.g. from one Worker to another through postMessage()),
the original Allocator has to be kept alive until the ArrayBuffer
no longer exists in the receiving Isolate (or until that Isolate
is disposed). See [1] for an example Node.js test that fails with
V8 7.9.
This problem also existed for SharedArrayBuffers, where Node.js
was broken by V8 earlier for the same reasons (see [2] for the bug
report on that and [3] for the resolution in Node.js).
For SharedArrayBuffers, we already had extensive tracking logic,
so adding a shared_ptr to keep alive the ArrayBuffer::Allocator
was not a significant amount of work. However, the mechanism for
transferring non-shared ArrayBuffers is quite different, and
it seems both easier for us and better for V8 from an API standpoint
to keep the Allocator alive from where it is being referenced.
By sharing memory with the custom deleter function/data pair,
this comes at no memory overhead.
[1]: https://github.com/nodejs/node/pull/30044
[2]: https://github.com/nodejs/node-v8/issues/115
[3]: https://github.com/nodejs/node/pull/29637
Bug: v8:9380
Change-Id: Ibc2c4fb6341b53653cbd637bd8cb3d4ac43809c7
Reviewed-on: 1874347
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64542}
Refs: 6b0a9535e6
PR-URL: https://github.com/nodejs/node/pull/30020
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Original commit message:
[api] Add API functions for constructing standalone BackingStores
These are useful for the cases when an embedder works with backing
stores without creating JS ArrayBuffer objects.
Bug: v8:9380
Change-Id: I452bd911e7b20fb38568f18f9d15ea1a7ffb5a57
Reviewed-on: 1825339
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64460}
Refs: bba5f1f43d
PR-URL: https://github.com/nodejs/node/pull/30020
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Original commit message:
[api] Fix handle leak when getting Context embedder data
The `Context::SlowGetAlignedPointerFromEmbedderData()` method returns
a pointer, so the fact that it allocates handles is not obvious to
the caller.
Since this is the slow path anyway, simply add a handle scope inside
of it.
The tests are also modified to perform the same check for the
`Object` equivalent of this method.
Change-Id: I5f03c9a7b70b3a17315609df021606a53c9feb2d
Reviewed-on: 1879902
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64583}
Refs: e5dbc95cc0
Fixes: https://github.com/nodejs/node/issues/30127
PR-URL: https://github.com/nodejs/node/pull/30130
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Original commit message:
Make SetSyntheticModuleExport throw instead of crash for nonexistent export name
Per spec, Module::SetSyntheticModuleExport should throw a ReferenceError
when called with an export name that was not supplied when constructing
that SyntheticModule. Instead, the current implementation crashes with
a failed CHECK().
Add a new Module::SyntheticModuleSetExport that throws (without an ensuing
crash) for this case, and deprecate the old
Module::SetSyntheticModuleExport.
Bug: v8:9828
Change-Id: I3b3d353064c3851882781818099bd8f6ee74c809
Reviewed-on: 1860996
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Dan Clark <daniec@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#64438}
Refs: 777fa98cc4
PR-URL: https://github.com/nodejs/node/pull/30062
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Gus Caplan <me@gus.host>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Original commit message:
[regexp] Fix the order of named captures on the groups object
Named capture properties on the groups object should be ordered by the
capture index (and not alpha-sorted). This was accidentally broken in
https://crrev.com/c/1687413.
Bug: v8:9822,v8:9423
Change-Id: Iac6f866f077a1b7ce557ba47e8ba5d7e7014b3ce
Reviewed-on: 1864829
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64306}
Refs: ed40ab1583
Fixes: https://github.com/nodejs/node/issues/29878
PR-URL: https://github.com/nodejs/node/pull/30064
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Gus Caplan <me@gus.host>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Original commit message:
[debugger] Fix code coverage for break/return inside switch-case
Case statements have a list of statements associated with them, but are
not blocks, and were hence not fixed-up correctly for code coverage.
This CL also applies the fix-up to the "body" of case statements,
in this way removing ranges reported as uncovered between the final
break/return in a case and the next case (or end of function).
Drive-by: Add optional pretty printing to code coverage test results.
Change-Id: I5f4002d4e17b7253ed516d99f7c389ab2264be10
Bug: v8:9705
Reviewed-on: 1798426
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63719}
Refs: deac757bc7
PR-URL: https://github.com/nodejs/node/pull/29626
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Shelley Vohr <codebytere@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Original commit message:
[debugger] Fix code coverage for break/return inside switch-case
Case statements have a list of statements associated with them, but are
not blocks, and were hence not fixed-up correctly for code coverage.
This CL also applies the fix-up to the "body" of case statements,
in this way removing ranges reported as uncovered between the final
break/return in a case and the next case (or end of function).
Drive-by: Add optional pretty printing to code coverage test results.
Change-Id: I5f4002d4e17b7253ed516d99f7c389ab2264be10
Bug: v8:9705
Reviewed-on: 1798426
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63719}
Refs: deac757bc7
PR-URL: https://github.com/nodejs/node/pull/29626
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Shelley Vohr <codebytere@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Original commit message:
[api] Get ScriptOrModule from CompileFunctionInContext
Adds a new out param which allows accessing the ScriptOrModule
of a function, which allows an embedder such as Node.js to use
the function's i::Script lifetime.
Refs: https://github.com/nodejs/node-v8/issues/111
Change-Id: I34346d94d76e8f9b8377c97d948673f4b95eb9d5
Reviewed-on: 1699698
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62830}
Refs: b33af60dd9
PR-URL: https://github.com/nodejs/node/pull/28016
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Refael Ackermann (רפאל פלחי) <refack@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Original commit message:
[api] Get ScriptOrModule from CompileFunctionInContext
Adds a new out param which allows accessing the ScriptOrModule
of a function, which allows an embedder such as Node.js to use
the function's i::Script lifetime.
Refs: https://github.com/nodejs/node-v8/issues/111
Change-Id: I34346d94d76e8f9b8377c97d948673f4b95eb9d5
Reviewed-on: 1699698
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62830}
Refs: b33af60dd9
PR-URL: https://github.com/nodejs/node/pull/28671
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Guy Bedford <guybedford@gmail.com>
Original commit message:
[api] Implement StartupData::CanBeRehashed() for the snapshot blob
This enables the embedder to check if the snapshot generated
from SnapshotCreator::CreateBlob() can be rehashed and the seed
can be recomputed during deserialization.
The lack of this functionality resulted in a temporary vunerability
in Node.js: https://github.com/nodejs/node/pull/27365
Change-Id: I88d52337217c40f79c26438be3c87d2db874d980
Reviewed-on: 1578661
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61175}
Refs: e0a109c058
PR-URL: https://github.com/nodejs/node/pull/27533
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Refael Ackermann (רפאל פלחי) <refack@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Original commit message:
[ic] Fix handling of +0/-0 when constant field tracking is enabled
... and ensure that runtime behaviour is in sync with the IC code.
Bug: chromium:950747, v8:9113
Change-Id: Ied66c9514cbe3a4d75fc71d4fc3b19ea1538f9b2
Reviewed-on: 1561319
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60768}
PR-URL: https://github.com/nodejs/node/pull/27792
Fixes: https://github.com/nodejs/node/issues/27784
Refs: 94c87fe074
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Gus Caplan <me@gus.host>
Cherry-pick ad49f12.
Original commit message:
[cleanup] Move Compressed[XXX]Slot definitions to separate header
... and fix header includes to please the respective bot.
Drive-by-fix: decompression implementation is now MSVC friendly.
Bug: v8:7703, v8:8834
Change-Id: Iaf589138e5bafb32b0d9feab5cf074b71f241a3c
Reviewed-on: 1505579
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60074}
Refs: ad49f12908
Cherry-pick 14f07a8.
Original commit message:
[ptr-compr] Define kTaggedPayloadOffset correctly on Big Endian
smi size is sill 8 bytes when V8_COMPRESS_POINTERS is undefined.
Bug: v8:7703
Change-Id: I0d1e757e42e8b1e6b10960420135245e24553175
Reviewed-on: 1508572
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Auto-Submit: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60097}
Refs: 14f07a8b30
Cherry-pick 676014b.
Original commit message:
[ptr-compr] Fix MSVC build
... which complained about truncating uintptr_t constant to uint32_t.
Bug: v8:7703
Change-Id: I6fae2bf1e5de79e6131479b84a8d8aa5b9de909f
Reviewed-on: 1508672
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60100}
Refs: 676014b36f
Cherry-pick 4e6a1a7.
Original commit message:
[heap] Clean-up some weak map entries in scavenger
This change enables clean-up of weak map entries in the
scavenger of the weak map is in the young generation.
With this change, the scavenger treats keys in ephemerons as
weak instead of strong, but does not implement full ephemeron
semantics: Values are treated always as strong, independently
of whether the key is live or not.
This approach ensures that no value is cleaned up accidentally.
After scavenging, all entries with dead keys are removed from
weak maps. After that, some values that are not referenced anywhere
anymore might still be in the heap, and those can be cleaned up
in the next scavenge.
What the scavenger does, amounts to one iteration of the
fixed-point algorithm required to implement ephemeron semantics.
We hope that this is a reasonable trade-off between time spent
tracing and cleaned-up entries.
This change does not affect weak maps that reside in old space.
Bug: v8:8557
Change-Id: Ic5618b3b863ad8c314c87449571150e756fecbf0
Reviewed-on: 1467182
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60101}
Refs: 4e6a1a75cd
Cherry-pick afbfd75.
Original commit message:
[ptr-compr] Fix ptr-compr broken by 4e6a1a75
(1467182)
Bug: v8:7703
Change-Id: Ia6b74b985735af67bde56b30e4a709247eb591be
Reviewed-on: 1508674
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60102}
Refs: afbfd7563d
Cherry-pick f792eb8.
Original commit message:
[ptr-compr][arm64] Update pointer compression arm64's implementation
Since kTaggedSize got shrinked and we are actually compressing
the pointers (as oppposed to zeroing their upper bits),
we need to update the arm64 codebase to accommodate this change.
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:7703
Change-Id: I890f3ab8c046f47232e80f85830f9ae8f4dbced4
Reviewed-on: 1499498
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60172}
Refs: f792eb83a6
PR-URL: https://github.com/nodejs/node/pull/26685
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Original commit message:
[api] Add unique_ptr constructor for StreamedSource
Since StreamedSource takes ownership of the ExternalSourceStream
passed into it, it should take it by unique_ptr rather than raw
pointer to signal this transfer of ownership. The old constructor
is now deprecated.
Change-Id: I24681926c2f3141f7dd3664f72019a4c6deabfd7
Reviewed-on: 1520713
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60232}
Refs: d82c9afb8c
PR-URL: https://github.com/nodejs/node/pull/26685
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Original commit message:
[ubsan] Fix various ClusterFuzz-found issues
Fixing a few float and int overflows.
Drive-by fix: with --experimental-wasm-bigint, Number values
may not be used to initialize i64-typed globals. The existing
code for doing that relied on UB; since it's a spec violation
the fix is to throw instead.
No regression test for 933103 because it will OOM anyway.
No regression test for 932896 because it would be extremely slow.
Bug: chromium:927894, chromium:927996, chromium:930086, chromium:932679, chromium:932896, chromium:933103, chromium:933134
Change-Id: Iae1c1ff1038af4512a52d3e56b8c4b75f2233314
Reviewed-on: 1495911
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60075}
Refs: 91f0cd0082
PR-URL: https://github.com/nodejs/node/pull/26685
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Original commit message:
Deprecate MicrotasksCompletedCallback in favor to use *WithData version
This adds overloads of v8::Isolate::{Add,Remove}MicrotaskCompletedCallback,
that use MicrotasksCompletedCallbackWithData, and marks the original one
as V8_DEPRECATE_SOON for transition.
Bug: v8:8124
Change-Id: I124c3108545e1a2b29cd95620f36901431663c65
Reviewed-on: 1493766
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60045}
Refs: 2f79d68664
PR-URL: https://github.com/nodejs/node/pull/26685
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Original commit message:
[coverage] Extend SourceRangeAstVisitor for throw statements
The SourceRangeAstVisitor has custom logic for blocks ending with a
statement that has a continuation range. In these cases, the trailing
continuation is removed which makes the reported coverage ranges a bit
nicer.
throw Error('foo') consists of an ExpressionStatement, with a
Throw expression stored within the statement. The source range itself
is stored with the Throw, not the statement.
We now properly extract the correct AST node for trailing throw
statements.
R=jgruber@chromium.org, neis@chromium.org, yangguo@chromium.org
Bug: v8:8691
Change-Id: Ibcbab79fbe54719a8993045040349c863b139011
Reviewed-on: https://chromium-review.googlesource.com/c/1480632
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59936}
Refs: 2d08967d4a
PR-URL: https://github.com/nodejs/node/pull/26413
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Gus Caplan <me@gus.host>
Reviewed-By: James M Snell <jasnell@gmail.com>
Original commit message:
[api] Add `Isolate::GetArrayBufferAllocator()`
This allows non-monolithic embedders to always allocate memory
for ArrayBuffer instances using the right allocation method.
This is based on a patch that Electron is currently using.
Refs: 1898f91620/patches/common/v8/array_buffer.patch
Change-Id: I39a614343118a0594aab48699a99cc2aad5b7ba9
Reviewed-on: https://chromium-review.googlesource.com/c/1462003
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59697}
Refs: d3308d042c
PR-URL: https://github.com/nodejs/node/pull/25852
Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
Original commit message:
Fix preview of set entries
Set entries return an array with the value as first and second entry.
As such these are considered key value pairs to align with maps
entries iterator.
So far the return value was identical to the values iterator and that
is misleading.
This also adds tests to verify the results and improves the coverage
a tiny bit by testing different iterators.
Refs: https://github.com/nodejs/node/issues/24629R=yangguo@chromium.org
Change-Id: I669a724bb4afaf5a713e468b1f51691d22c25253
Reviewed-on: https://chromium-review.googlesource.com/c/1350790
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59311}
Refs: 74571c80a9
PR-URL: https://github.com/nodejs/node/pull/25852
Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
Original commit message:
[coverage] Extend SourceRangeAstVisitor for throw statements
The SourceRangeAstVisitor has custom logic for blocks ending with a
statement that has a continuation range. In these cases, the trailing
continuation is removed which makes the reported coverage ranges a bit
nicer.
throw Error('foo') consists of an ExpressionStatement, with a
Throw expression stored within the statement. The source range itself
is stored with the Throw, not the statement.
We now properly extract the correct AST node for trailing throw
statements.
R=jgruber@chromium.org, neis@chromium.org, yangguo@chromium.org
Bug: v8:8691
Change-Id: Ibcbab79fbe54719a8993045040349c863b139011
Reviewed-on: https://chromium-review.googlesource.com/c/1480632
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59936}
Refs: 2d08967d4a
PR-URL: https://github.com/nodejs/node/pull/26413
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Gus Caplan <me@gus.host>
Reviewed-By: James M Snell <jasnell@gmail.com>
Original commit message:
[api] Add `Isolate::GetArrayBufferAllocator()`
This allows non-monolithic embedders to always allocate memory
for ArrayBuffer instances using the right allocation method.
This is based on a patch that Electron is currently using.
Refs: 1898f91620/patches/common/v8/array_buffer.patch
Change-Id: I39a614343118a0594aab48699a99cc2aad5b7ba9
Reviewed-on: https://chromium-review.googlesource.com/c/1462003
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59697}
Refs: d3308d042c
PR-URL: https://github.com/nodejs/node/pull/26207
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Original commit message:
Fix preview of set entries
Set entries return an array with the value as first and second entry.
As such these are considered key value pairs to align with maps
entries iterator.
So far the return value was identical to the values iterator and that
is misleading.
This also adds tests to verify the results and improves the coverage
a tiny bit by testing different iterators.
Refs: https://github.com/nodejs/node/issues/24629R=yangguo@chromium.org
Change-Id: I669a724bb4afaf5a713e468b1f51691d22c25253
Reviewed-on: https://chromium-review.googlesource.com/c/1350790
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59311}
Refs: 74571c80a9
PR-URL: https://github.com/nodejs/node/pull/25941
Fixes: https://github.com/nodejs/node/issues/24629
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Original commit message 9365d09:
[coverage] Rework continuation counter handling
This changes a few bits about how continuation counters are handled.
It introduces a new mechanism that allows removal of a continuation
range after it has been created. If coverage is enabled, we run a first
post-processing pass on the AST immediately after parsing, which
removes problematic continuation ranges in two situations:
1. nested continuation counters - only the outermost stays alive.
2. trailing continuation counters within a block-like structure are
removed if the containing structure itself has a continuation.
R=bmeurer@chromium.org, jgruber@chromium.org, yangguo@chromium.org
Bug: v8:8381, v8:8539
Change-Id: I6bcaea5060d8c481d7bae099f6db9f993cc30ee3
Reviewed-on: https://chromium-review.googlesource.com/c/1339119
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58443}
Refs: v8/v8@9365d09
Original commit message aac2f8c:
[coverage] Filter out singleton ranges that alias full ranges
Block coverage is based on a system of ranges that can either have
both a start and end position, or only a start position (so-called
singleton ranges). When formatting coverage information, singletons
are expanded until the end of the immediate full parent range. E.g.
in:
{0, 10} // Full range.
{5, -1} // Singleton range.
the singleton range is expanded to {5, 10}.
Singletons are produced mostly for continuation counters that track
whether we execute past a specific language construct.
Unfortunately, continuation counters can turn up in spots that confuse
our post-processing. For example:
if (true) { ... block1 ... } else { ... block2 ... }
If block1 produces a continuation counter, it could end up with the
same start position as the else-branch counter. Since we merge
identical blocks, the else-branch could incorrectly end up with an
execution count of one.
We need to avoid merging such cases. A full range should always take
precedence over a singleton range; a singleton range should never
expand to completely fill a full range. An additional post-processing
pass ensures this.
Bug: v8:8237
Change-Id: Idb3ec7b2feddc0585313810b9c8be1e9f4ec64bf
Reviewed-on: https://chromium-review.googlesource.com/c/1273095
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56531}
Refs: v8/v8@aac2f8c
deps: V8: backport 47d34a3
Original commit message:
Revert "[coverage] change block range to avoid ambiguity."
This reverts commit 471fef0469d04d7c487f3a08e81f3d77566a2f50.
Reason for revert: A more general fix incoming at https://crrev.com/c/1273095.
Original change's description:
> [coverage] change block range to avoid ambiguity.
>
> By moving the block range end to left of closing bracket,
> we can avoid ambiguity where an open-ended singleton range
> could be both interpreted as inside the parent range, or
> next to it.
>
> R=<U+200B>verwaest@chromium.org
>
> Bug: v8:8237
> Change-Id: Ibc9412b31efe900b6d8bff0d8fa8c52ddfbf460a
> Reviewed-on: https://chromium-review.googlesource.com/1254127
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#56347}
TBR=yangguo@chromium.org,neis@chromium.org,verwaest@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:8237
Change-Id: I39310cf3c2f06a0d98ff314740aaeefbfffc0834
Reviewed-on: https://chromium-review.googlesource.com/c/1273096
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56513}
Refs: 47d34a317e
PR-URL: https://github.com/nodejs/node/pull/25429
Reviewed-By: Yang Guo <yangguo@chromium.org>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
