diff options
Diffstat (limited to 'chromium/v8/src/runtime')
| -rw-r--r-- | chromium/v8/src/runtime/runtime-debug.cc | 9 | ||||
| -rw-r--r-- | chromium/v8/src/runtime/runtime-internal.cc | 3 | ||||
| -rw-r--r-- | chromium/v8/src/runtime/runtime-object.cc | 13 | ||||
| -rw-r--r-- | chromium/v8/src/runtime/runtime-promise.cc | 12 | ||||
| -rw-r--r-- | chromium/v8/src/runtime/runtime-scopes.cc | 43 | ||||
| -rw-r--r-- | chromium/v8/src/runtime/runtime-test.cc | 162 | ||||
| -rw-r--r-- | chromium/v8/src/runtime/runtime-wasm.cc | 44 | ||||
| -rw-r--r-- | chromium/v8/src/runtime/runtime.cc | 6 | ||||
| -rw-r--r-- | chromium/v8/src/runtime/runtime.h | 7 |
9 files changed, 206 insertions, 93 deletions
diff --git a/chromium/v8/src/runtime/runtime-debug.cc b/chromium/v8/src/runtime/runtime-debug.cc index 3b8eefcee15..e60256b0d9c 100644 --- a/chromium/v8/src/runtime/runtime-debug.cc +++ b/chromium/v8/src/runtime/runtime-debug.cc @@ -241,7 +241,7 @@ MaybeHandle<JSArray> Runtime::GetInternalProperties(Isolate* isolate, Handle<FixedArray> result = factory->NewFixedArray(2 * 3); Handle<String> generator_status = - factory->NewStringFromAsciiChecked("[[GeneratorStatus]]"); + factory->NewStringFromAsciiChecked("[[GeneratorState]]"); result->set(0, *generator_status); Handle<String> status_str = factory->NewStringFromAsciiChecked(status); result->set(1, *status_str); @@ -261,7 +261,7 @@ MaybeHandle<JSArray> Runtime::GetInternalProperties(Isolate* isolate, const char* status = JSPromise::Status(promise->status()); Handle<FixedArray> result = factory->NewFixedArray(2 * 2); Handle<String> promise_status = - factory->NewStringFromAsciiChecked("[[PromiseStatus]]"); + factory->NewStringFromAsciiChecked("[[PromiseState]]"); result->set(0, *promise_status); Handle<String> status_str = factory->NewStringFromAsciiChecked(status); result->set(1, *status_str); @@ -271,7 +271,7 @@ MaybeHandle<JSArray> Runtime::GetInternalProperties(Isolate* isolate, : promise->result(), isolate); Handle<String> promise_value = - factory->NewStringFromAsciiChecked("[[PromiseValue]]"); + factory->NewStringFromAsciiChecked("[[PromiseResult]]"); result->set(2, *promise_value); result->set(3, *value_obj); return factory->NewJSArrayWithElements(result); @@ -495,7 +495,8 @@ int ScriptLinePosition(Handle<Script> script, int line) { if (line < 0) return -1; if (script->type() == Script::TYPE_WASM) { - return GetWasmFunctionOffset(script->wasm_native_module()->module(), line); + // Wasm positions are relative to the start of the module. + return 0; } Script::InitLineEnds(script->GetIsolate(), script); diff --git a/chromium/v8/src/runtime/runtime-internal.cc b/chromium/v8/src/runtime/runtime-internal.cc index bdb2931e200..08086fadfe3 100644 --- a/chromium/v8/src/runtime/runtime-internal.cc +++ b/chromium/v8/src/runtime/runtime-internal.cc @@ -332,7 +332,8 @@ RUNTIME_FUNCTION(Runtime_BytecodeBudgetInterrupt) { CONVERT_ARG_HANDLE_CHECKED(JSFunction, function, 0); function->raw_feedback_cell().set_interrupt_budget(FLAG_interrupt_budget); if (!function->has_feedback_vector()) { - JSFunction::EnsureFeedbackVector(function); + IsCompiledScope is_compiled_scope(function->shared().is_compiled_scope()); + JSFunction::EnsureFeedbackVector(function, &is_compiled_scope); // Also initialize the invocation count here. This is only really needed for // OSR. When we OSR functions with lazy feedback allocation we want to have // a non zero invocation count so we can inline functions. diff --git a/chromium/v8/src/runtime/runtime-object.cc b/chromium/v8/src/runtime/runtime-object.cc index 2dfa9e53bec..a147991c322 100644 --- a/chromium/v8/src/runtime/runtime-object.cc +++ b/chromium/v8/src/runtime/runtime-object.cc @@ -1188,6 +1188,19 @@ RUNTIME_FUNCTION(Runtime_CreateDataProperty) { return *value; } +RUNTIME_FUNCTION(Runtime_SetOwnPropertyIgnoreAttributes) { + HandleScope scope(isolate); + DCHECK_EQ(4, args.length()); + CONVERT_ARG_HANDLE_CHECKED(JSObject, o, 0); + CONVERT_ARG_HANDLE_CHECKED(String, key, 1); + CONVERT_ARG_HANDLE_CHECKED(Object, value, 2); + CONVERT_ARG_HANDLE_CHECKED(Smi, attributes, 3); + + RETURN_RESULT_OR_FAILURE( + isolate, JSObject::SetOwnPropertyIgnoreAttributes( + o, key, value, PropertyAttributes(attributes->value()))); +} + RUNTIME_FUNCTION(Runtime_GetOwnPropertyDescriptor) { HandleScope scope(isolate); diff --git a/chromium/v8/src/runtime/runtime-promise.cc b/chromium/v8/src/runtime/runtime-promise.cc index 4d1c5ea9d2a..dcc2c69013e 100644 --- a/chromium/v8/src/runtime/runtime-promise.cc +++ b/chromium/v8/src/runtime/runtime-promise.cc @@ -217,10 +217,8 @@ RUNTIME_FUNCTION(Runtime_PromiseHookBefore) { return ReadOnlyRoots(isolate).undefined_value(); Handle<JSPromise> promise = Handle<JSPromise>::cast(maybe_promise); if (isolate->debug()->is_active()) isolate->PushPromise(promise); - if (promise->IsJSPromise()) { - isolate->RunPromiseHook(PromiseHookType::kBefore, promise, - isolate->factory()->undefined_value()); - } + isolate->RunPromiseHook(PromiseHookType::kBefore, promise, + isolate->factory()->undefined_value()); return ReadOnlyRoots(isolate).undefined_value(); } @@ -232,10 +230,8 @@ RUNTIME_FUNCTION(Runtime_PromiseHookAfter) { return ReadOnlyRoots(isolate).undefined_value(); Handle<JSPromise> promise = Handle<JSPromise>::cast(maybe_promise); if (isolate->debug()->is_active()) isolate->PopPromise(); - if (promise->IsJSPromise()) { - isolate->RunPromiseHook(PromiseHookType::kAfter, promise, - isolate->factory()->undefined_value()); - } + isolate->RunPromiseHook(PromiseHookType::kAfter, promise, + isolate->factory()->undefined_value()); return ReadOnlyRoots(isolate).undefined_value(); } diff --git a/chromium/v8/src/runtime/runtime-scopes.cc b/chromium/v8/src/runtime/runtime-scopes.cc index 4b1f6f2231f..b78ca1d5340 100644 --- a/chromium/v8/src/runtime/runtime-scopes.cc +++ b/chromium/v8/src/runtime/runtime-scopes.cc @@ -18,6 +18,8 @@ #include "src/objects/module-inl.h" #include "src/objects/smi.h" #include "src/runtime/runtime-utils.h" +#include "torque-generated/exported-class-definitions-tq-inl.h" +#include "torque-generated/exported-class-definitions-tq.h" namespace v8 { namespace internal { @@ -408,20 +410,19 @@ Handle<JSObject> NewSloppyArguments(Isolate* isolate, Handle<JSFunction> callee, if (argument_count > 0) { if (parameter_count > 0) { int mapped_count = Min(argument_count, parameter_count); - Handle<FixedArray> parameter_map = isolate->factory()->NewFixedArray( - mapped_count + 2, AllocationType::kYoung); - parameter_map->set_map( - ReadOnlyRoots(isolate).sloppy_arguments_elements_map()); - result->set_map(isolate->native_context()->fast_aliased_arguments_map()); - result->set_elements(*parameter_map); // Store the context and the arguments array at the beginning of the // parameter map. Handle<Context> context(isolate->context(), isolate); Handle<FixedArray> arguments = isolate->factory()->NewFixedArray( argument_count, AllocationType::kYoung); - parameter_map->set(0, *context); - parameter_map->set(1, *arguments); + + Handle<SloppyArgumentsElements> parameter_map = + isolate->factory()->NewSloppyArgumentsElements( + mapped_count, context, arguments, AllocationType::kYoung); + + result->set_map(isolate->native_context()->fast_aliased_arguments_map()); + result->set_elements(*parameter_map); // Loop over the actual parameters backwards. int index = argument_count - 1; @@ -438,7 +439,8 @@ Handle<JSObject> NewSloppyArguments(Isolate* isolate, Handle<JSFunction> callee, // arguments object. for (int i = 0; i < mapped_count; i++) { arguments->set(i, parameters[i]); - parameter_map->set_the_hole(i + 2); + parameter_map->set_mapped_entries( + i, *isolate->factory()->the_hole_value()); } // Walk all context slots to find context allocated parameters. Mark each @@ -449,7 +451,7 @@ Handle<JSObject> NewSloppyArguments(Isolate* isolate, Handle<JSFunction> callee, if (parameter >= mapped_count) continue; arguments->set_the_hole(parameter); Smi slot = Smi::FromInt(scope_info->ContextHeaderLength() + i); - parameter_map->set(parameter + 2, slot); + parameter_map->set_mapped_entries(parameter, slot); } } else { // If there is no aliasing, the arguments object elements are not @@ -610,40 +612,35 @@ RUNTIME_FUNCTION(Runtime_NewFunctionContext) { return *isolate->factory()->NewFunctionContext(outer, scope_info); } +// TODO(jgruber): Rename these functions to 'New...Context'. RUNTIME_FUNCTION(Runtime_PushWithContext) { HandleScope scope(isolate); DCHECK_EQ(2, args.length()); CONVERT_ARG_HANDLE_CHECKED(JSReceiver, extension_object, 0); CONVERT_ARG_HANDLE_CHECKED(ScopeInfo, scope_info, 1); Handle<Context> current(isolate->context(), isolate); - Handle<Context> context = - isolate->factory()->NewWithContext(current, scope_info, extension_object); - isolate->set_context(*context); - return *context; + return *isolate->factory()->NewWithContext(current, scope_info, + extension_object); } +// TODO(jgruber): Rename these functions to 'New...Context'. RUNTIME_FUNCTION(Runtime_PushCatchContext) { HandleScope scope(isolate); DCHECK_EQ(2, args.length()); CONVERT_ARG_HANDLE_CHECKED(Object, thrown_object, 0); CONVERT_ARG_HANDLE_CHECKED(ScopeInfo, scope_info, 1); Handle<Context> current(isolate->context(), isolate); - Handle<Context> context = - isolate->factory()->NewCatchContext(current, scope_info, thrown_object); - isolate->set_context(*context); - return *context; + return *isolate->factory()->NewCatchContext(current, scope_info, + thrown_object); } - +// TODO(jgruber): Rename these functions to 'New...Context'. RUNTIME_FUNCTION(Runtime_PushBlockContext) { HandleScope scope(isolate); DCHECK_EQ(1, args.length()); CONVERT_ARG_HANDLE_CHECKED(ScopeInfo, scope_info, 0); Handle<Context> current(isolate->context(), isolate); - Handle<Context> context = - isolate->factory()->NewBlockContext(current, scope_info); - isolate->set_context(*context); - return *context; + return *isolate->factory()->NewBlockContext(current, scope_info); } diff --git a/chromium/v8/src/runtime/runtime-test.cc b/chromium/v8/src/runtime/runtime-test.cc index db804490f4c..63a4ae35653 100644 --- a/chromium/v8/src/runtime/runtime-test.cc +++ b/chromium/v8/src/runtime/runtime-test.cc @@ -323,7 +323,7 @@ RUNTIME_FUNCTION(Runtime_OptimizeFunctionOnNextCall) { function->set_code(*BUILTIN_CODE(isolate, InterpreterEntryTrampoline)); } - JSFunction::EnsureFeedbackVector(function); + JSFunction::EnsureFeedbackVector(function, &is_compiled_scope); function->MarkForOptimization(concurrency_mode); return ReadOnlyRoots(isolate).undefined_value(); @@ -353,7 +353,7 @@ bool EnsureFeedbackVector(Handle<JSFunction> function) { // Ensure function has a feedback vector to hold type feedback for // optimization. - JSFunction::EnsureFeedbackVector(function); + JSFunction::EnsureFeedbackVector(function, &is_compiled_scope); return true; } @@ -369,8 +369,9 @@ RUNTIME_FUNCTION(Runtime_EnsureFeedbackVectorForFunction) { RUNTIME_FUNCTION(Runtime_PrepareFunctionForOptimization) { HandleScope scope(isolate); - DCHECK(args.length() == 1 || args.length() == 2); - if (!args[0].IsJSFunction()) return CrashUnlessFuzzing(isolate); + if ((args.length() != 1 && args.length() != 2) || !args[0].IsJSFunction()) { + return CrashUnlessFuzzing(isolate); + } CONVERT_ARG_HANDLE_CHECKED(JSFunction, function, 0); bool allow_heuristic_optimization = false; @@ -457,7 +458,8 @@ RUNTIME_FUNCTION(Runtime_OptimizeOsr) { function->ShortPrint(scope.file()); PrintF(scope.file(), " for non-concurrent optimization]\n"); } - JSFunction::EnsureFeedbackVector(function); + IsCompiledScope is_compiled_scope(function->shared().is_compiled_scope()); + JSFunction::EnsureFeedbackVector(function, &is_compiled_scope); function->MarkForOptimization(ConcurrencyMode::kNotConcurrent); // Make the profiler arm all back edges in unoptimized code. @@ -752,38 +754,21 @@ RUNTIME_FUNCTION(Runtime_DebugPrint) { bool weak = maybe_object.IsWeak(); #ifdef OBJECT_PRINT - if (object.IsString() && !isolate->context().is_null()) { - DCHECK(!weak); - // If we have a string, assume it's a code "marker" - // and print some interesting cpu debugging info. - object.Print(os); - JavaScriptFrameIterator it(isolate); - JavaScriptFrame* frame = it.frame(); - os << "fp = " << reinterpret_cast<void*>(frame->fp()) - << ", sp = " << reinterpret_cast<void*>(frame->sp()) - << ", caller_sp = " << reinterpret_cast<void*>(frame->caller_sp()) - << ": "; - } else { - os << "DebugPrint: "; - if (weak) { - os << "[weak] "; - } - object.Print(os); - } + os << "DebugPrint: "; + if (weak) os << "[weak] "; + object.Print(os); if (object.IsHeapObject()) { HeapObject::cast(object).map().Print(os); } #else - if (weak) { - os << "[weak] "; - } + if (weak) os << "[weak] "; // ShortPrint is available in release mode. Print is not. os << Brief(object); #endif } os << std::endl; - return args[0]; // return TOS + return args[0]; } RUNTIME_FUNCTION(Runtime_PrintWithNameForAssert) { @@ -931,13 +916,12 @@ int StackSize(Isolate* isolate) { return n; } -void PrintIndentation(Isolate* isolate) { - const int nmax = 80; - int n = StackSize(isolate); - if (n <= nmax) { - PrintF("%4d:%*s", n, n, ""); +void PrintIndentation(int stack_size) { + const int max_display = 80; + if (stack_size <= max_display) { + PrintF("%4d:%*s", stack_size, stack_size, ""); } else { - PrintF("%4d:%*s", n, nmax, "..."); + PrintF("%4d:%*s", stack_size, max_display, "..."); } } @@ -946,24 +930,126 @@ void PrintIndentation(Isolate* isolate) { RUNTIME_FUNCTION(Runtime_TraceEnter) { SealHandleScope shs(isolate); DCHECK_EQ(0, args.length()); - PrintIndentation(isolate); + PrintIndentation(StackSize(isolate)); JavaScriptFrame::PrintTop(isolate, stdout, true, false); PrintF(" {\n"); return ReadOnlyRoots(isolate).undefined_value(); } - RUNTIME_FUNCTION(Runtime_TraceExit) { SealHandleScope shs(isolate); DCHECK_EQ(1, args.length()); CONVERT_ARG_CHECKED(Object, obj, 0); - PrintIndentation(isolate); + PrintIndentation(StackSize(isolate)); PrintF("} -> "); obj.ShortPrint(); PrintF("\n"); return obj; // return TOS } +namespace { + +int WasmStackSize(Isolate* isolate) { + // TODO(wasm): Fix this for mixed JS/Wasm stacks with both --trace and + // --trace-wasm. + int n = 0; + for (StackTraceFrameIterator it(isolate); !it.done(); it.Advance()) { + if (it.is_wasm()) n++; + } + return n; +} + +} // namespace + +RUNTIME_FUNCTION(Runtime_WasmTraceEnter) { + HandleScope shs(isolate); + DCHECK_EQ(0, args.length()); + PrintIndentation(WasmStackSize(isolate)); + + // Find the caller wasm frame. + wasm::WasmCodeRefScope wasm_code_ref_scope; + StackTraceFrameIterator it(isolate); + DCHECK(!it.done()); + DCHECK(it.is_wasm()); + WasmFrame* frame = WasmFrame::cast(it.frame()); + + // Find the function name. + int func_index = frame->function_index(); + const wasm::WasmModule* module = frame->wasm_instance().module(); + wasm::ModuleWireBytes wire_bytes = + wasm::ModuleWireBytes(frame->native_module()->wire_bytes()); + wasm::WireBytesRef name_ref = + module->lazily_generated_names.LookupFunctionName( + wire_bytes, func_index, VectorOf(module->export_table)); + wasm::WasmName name = wire_bytes.GetNameOrNull(name_ref); + + wasm::WasmCode* code = frame->wasm_code(); + PrintF(code->is_liftoff() ? "~" : "*"); + + if (name.empty()) { + PrintF("wasm-function[%d] {\n", func_index); + } else { + PrintF("wasm-function[%d] \"%.*s\" {\n", func_index, name.length(), + name.begin()); + } + + return ReadOnlyRoots(isolate).undefined_value(); +} + +RUNTIME_FUNCTION(Runtime_WasmTraceExit) { + HandleScope shs(isolate); + DCHECK_EQ(1, args.length()); + CONVERT_ARG_CHECKED(Smi, value_addr_smi, 0); + + PrintIndentation(WasmStackSize(isolate)); + PrintF("}"); + + // Find the caller wasm frame. + wasm::WasmCodeRefScope wasm_code_ref_scope; + StackTraceFrameIterator it(isolate); + DCHECK(!it.done()); + DCHECK(it.is_wasm()); + WasmFrame* frame = WasmFrame::cast(it.frame()); + int func_index = frame->function_index(); + const wasm::FunctionSig* sig = + frame->wasm_instance().module()->functions[func_index].sig; + + size_t num_returns = sig->return_count(); + if (num_returns == 1) { + wasm::ValueType return_type = sig->GetReturn(0); + switch (return_type.kind()) { + case wasm::ValueType::kI32: { + int32_t value = ReadUnalignedValue<int32_t>(value_addr_smi.ptr()); + PrintF(" -> %d\n", value); + break; + } + case wasm::ValueType::kI64: { + int64_t value = ReadUnalignedValue<int64_t>(value_addr_smi.ptr()); + PrintF(" -> %" PRId64 "\n", value); + break; + } + case wasm::ValueType::kF32: { + float_t value = ReadUnalignedValue<float_t>(value_addr_smi.ptr()); + PrintF(" -> %f\n", value); + break; + } + case wasm::ValueType::kF64: { + double_t value = ReadUnalignedValue<double_t>(value_addr_smi.ptr()); + PrintF(" -> %f\n", value); + break; + } + default: + PrintF(" -> Unsupported type\n"); + break; + } + } else { + // TODO(wasm) Handle multiple return values. + PrintF("\n"); + } + + return ReadOnlyRoots(isolate).undefined_value(); +} + RUNTIME_FUNCTION(Runtime_HaveSameMap) { SealHandleScope shs(isolate); DCHECK_EQ(2, args.length()); @@ -1384,7 +1470,7 @@ RUNTIME_FUNCTION(Runtime_WasmTierDownModule) { CONVERT_ARG_HANDLE_CHECKED(WasmInstanceObject, instance, 0); auto* native_module = instance->module_object().native_module(); native_module->SetTieringState(wasm::kTieredDown); - native_module->TriggerRecompilation(); + native_module->RecompileForTiering(); CHECK(!native_module->compilation_state()->failed()); return ReadOnlyRoots(isolate).undefined_value(); } @@ -1395,7 +1481,7 @@ RUNTIME_FUNCTION(Runtime_WasmTierUpModule) { CONVERT_ARG_HANDLE_CHECKED(WasmInstanceObject, instance, 0); auto* native_module = instance->module_object().native_module(); native_module->SetTieringState(wasm::kTieredUp); - native_module->TriggerRecompilation(); + native_module->RecompileForTiering(); CHECK(!native_module->compilation_state()->failed()); return ReadOnlyRoots(isolate).undefined_value(); } diff --git a/chromium/v8/src/runtime/runtime-wasm.cc b/chromium/v8/src/runtime/runtime-wasm.cc index 96c88357003..2431cc12b23 100644 --- a/chromium/v8/src/runtime/runtime-wasm.cc +++ b/chromium/v8/src/runtime/runtime-wasm.cc @@ -209,15 +209,12 @@ RUNTIME_FUNCTION(Runtime_WasmCompileLazy) { } // Should be called from within a handle scope -Handle<JSArrayBuffer> GetSharedArrayBuffer(Handle<WasmInstanceObject> instance, - Isolate* isolate, uint32_t address) { +Handle<JSArrayBuffer> GetArrayBuffer(Handle<WasmInstanceObject> instance, + Isolate* isolate, uint32_t address) { DCHECK(instance->has_memory_object()); Handle<JSArrayBuffer> array_buffer(instance->memory_object().array_buffer(), isolate); - // Validation should have failed if the memory was not shared. - DCHECK(array_buffer->is_shared()); - // Should have trapped if address was OOB DCHECK_LT(address, array_buffer->byte_length()); return array_buffer; @@ -231,8 +228,12 @@ RUNTIME_FUNCTION(Runtime_WasmAtomicNotify) { CONVERT_NUMBER_CHECKED(uint32_t, address, Uint32, args[1]); CONVERT_NUMBER_CHECKED(uint32_t, count, Uint32, args[2]); Handle<JSArrayBuffer> array_buffer = - GetSharedArrayBuffer(instance, isolate, address); - return FutexEmulation::Wake(array_buffer, address, count); + GetArrayBuffer(instance, isolate, address); + if (array_buffer->is_shared()) { + return FutexEmulation::Wake(array_buffer, address, count); + } else { + return Smi::FromInt(0); + } } RUNTIME_FUNCTION(Runtime_WasmI32AtomicWait) { @@ -245,7 +246,12 @@ RUNTIME_FUNCTION(Runtime_WasmI32AtomicWait) { CONVERT_ARG_HANDLE_CHECKED(BigInt, timeout_ns, 3); Handle<JSArrayBuffer> array_buffer = - GetSharedArrayBuffer(instance, isolate, address); + GetArrayBuffer(instance, isolate, address); + + // Trap if memory is not shared + if (!array_buffer->is_shared()) { + return ThrowWasmError(isolate, MessageTemplate::kAtomicsWaitNotAllowed); + } return FutexEmulation::WaitWasm32(isolate, array_buffer, address, expected_value, timeout_ns->AsInt64()); } @@ -260,7 +266,12 @@ RUNTIME_FUNCTION(Runtime_WasmI64AtomicWait) { CONVERT_ARG_HANDLE_CHECKED(BigInt, timeout_ns, 3); Handle<JSArrayBuffer> array_buffer = - GetSharedArrayBuffer(instance, isolate, address); + GetArrayBuffer(instance, isolate, address); + + // Trap if memory is not shared + if (!array_buffer->is_shared()) { + return ThrowWasmError(isolate, MessageTemplate::kAtomicsWaitNotAllowed); + } return FutexEmulation::WaitWasm64(isolate, array_buffer, address, expected_value->AsInt64(), timeout_ns->AsInt64()); @@ -344,6 +355,9 @@ RUNTIME_FUNCTION(Runtime_WasmTableInit) { CONVERT_ARG_HANDLE_CHECKED(WasmInstanceObject, instance, 0); CONVERT_UINT32_ARG_CHECKED(table_index, 1); CONVERT_UINT32_ARG_CHECKED(elem_segment_index, 2); + static_assert( + wasm::kV8MaxWasmTableSize < kSmiMaxValue, + "Make sure clamping to Smi range doesn't make an invalid call valid"); CONVERT_UINT32_ARG_CHECKED(dst, 3); CONVERT_UINT32_ARG_CHECKED(src, 4); CONVERT_UINT32_ARG_CHECKED(count, 5); @@ -363,6 +377,9 @@ RUNTIME_FUNCTION(Runtime_WasmTableCopy) { CONVERT_ARG_HANDLE_CHECKED(WasmInstanceObject, instance, 0); CONVERT_UINT32_ARG_CHECKED(table_dst_index, 1); CONVERT_UINT32_ARG_CHECKED(table_src_index, 2); + static_assert( + wasm::kV8MaxWasmTableSize < kSmiMaxValue, + "Make sure clamping to Smi range doesn't make an invalid call valid"); CONVERT_UINT32_ARG_CHECKED(dst, 3); CONVERT_UINT32_ARG_CHECKED(src, 4); CONVERT_UINT32_ARG_CHECKED(count, 5); @@ -440,14 +457,13 @@ RUNTIME_FUNCTION(Runtime_WasmDebugBreak) { // Enter the debugger. DebugScope debug_scope(isolate->debug()); - const auto undefined = ReadOnlyRoots(isolate).undefined_value(); WasmFrame* frame = frame_finder.frame(); auto* debug_info = frame->native_module()->GetDebugInfo(); if (debug_info->IsStepping(frame)) { - debug_info->ClearStepping(); + debug_info->ClearStepping(isolate); isolate->debug()->ClearStepping(); isolate->debug()->OnDebugBreak(isolate->factory()->empty_fixed_array()); - return undefined; + return ReadOnlyRoots(isolate).undefined_value(); } // Check whether we hit a breakpoint. @@ -455,7 +471,7 @@ RUNTIME_FUNCTION(Runtime_WasmDebugBreak) { Handle<FixedArray> breakpoints; if (WasmScript::CheckBreakPoints(isolate, script, position) .ToHandle(&breakpoints)) { - debug_info->ClearStepping(); + debug_info->ClearStepping(isolate); isolate->debug()->ClearStepping(); if (isolate->debug()->break_points_active()) { // We hit one or several breakpoints. Notify the debug listeners. @@ -474,7 +490,7 @@ RUNTIME_FUNCTION(Runtime_WasmDebugBreak) { debug_info->RemoveBreakpoint(frame->function_index(), position, isolate); } - return undefined; + return ReadOnlyRoots(isolate).undefined_value(); } } // namespace internal diff --git a/chromium/v8/src/runtime/runtime.cc b/chromium/v8/src/runtime/runtime.cc index bd6853de8e8..63be622b0df 100644 --- a/chromium/v8/src/runtime/runtime.cc +++ b/chromium/v8/src/runtime/runtime.cc @@ -192,10 +192,10 @@ bool Runtime::MayAllocate(FunctionId id) { } } -bool Runtime::IsWhitelistedForFuzzing(FunctionId id) { - CHECK(FLAG_allow_natives_for_fuzzing); +bool Runtime::IsAllowListedForFuzzing(FunctionId id) { + CHECK(FLAG_fuzzing); switch (id) { - // Runtime functions whitelisted for all fuzzers. Only add functions that + // Runtime functions allowlisted for all fuzzers. Only add functions that // help increase coverage. case Runtime::kArrayBufferDetach: case Runtime::kDeoptimizeFunction: diff --git a/chromium/v8/src/runtime/runtime.h b/chromium/v8/src/runtime/runtime.h index 8f8903d9656..75f9c39bc13 100644 --- a/chromium/v8/src/runtime/runtime.h +++ b/chromium/v8/src/runtime/runtime.h @@ -329,6 +329,7 @@ namespace internal { F(SetDataProperties, 2, 1) \ F(SetKeyedProperty, 3, 1) \ F(SetNamedProperty, 3, 1) \ + F(SetOwnPropertyIgnoreAttributes, 4, 1) \ F(StoreDataPropertyInLiteral, 3, 1) \ F(ShrinkPropertyDictionary, 1, 1) \ F(ToFastProperties, 1, 1) \ @@ -542,6 +543,8 @@ namespace internal { F(WasmTierDownModule, 1, 1) \ F(WasmTierUpFunction, 2, 1) \ F(WasmTierUpModule, 1, 1) \ + F(WasmTraceEnter, 0, 1) \ + F(WasmTraceExit, 1, 1) \ F(WasmTraceMemory, 1, 1) \ I(DeoptimizeNow, 0, 1) @@ -718,9 +721,9 @@ class Runtime : public AllStatic { // allocation. static bool MayAllocate(FunctionId id); - // Check if a runtime function with the given {id} is whitelisted for + // Check if a runtime function with the given {id} is allowlisted for // using it with fuzzers. - static bool IsWhitelistedForFuzzing(FunctionId id); + static bool IsAllowListedForFuzzing(FunctionId id); // Get the intrinsic function with the given name. static const Function* FunctionForName(const unsigned char* name, int length); |