Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Backport] Fix High Resolution touchpad scrolling in XWayland #1

Open
wants to merge 1 commit into
base: 80-based
Choose a base branch
from

Conversation

@satmandu satmandu changed the title Fix High Resolution touchpad scrolling in XWayland [Backport] Fix High Resolution touchpad scrolling in XWayland May 7, 2020
qtprojectorg pushed a commit that referenced this pull request Feb 19, 2021
Partial cherry-pick (leaving out tests) of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/2674008:
Merged: [interpreter] Store accumulator to callee after optional chain checks

Revision: df98901c19ce17ca995ee6750379b0f004210d68

BUG=chromium:1171954
NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true
R=rmcilroy@chromium.org

Change-Id: If09e1503ca07b47a112362495ec0bb9d502118c9
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/branch-heads/8.9@{#33}
Cr-Branched-From: 16b9bbbd581c25391981aa03180b76aa60463a3e-refs/heads/8.9.255@{#1}
Cr-Branched-From: d16a2a688498bd1c3e6a49edb25d8c4ca56232dc-refs/heads/master@{#72039}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
qtprojectorg pushed a commit that referenced this pull request Apr 1, 2021
Partial cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/2780300:
Merged: [deoptimizer] Fix bug in OptimizedFrame::Summarize

Revision: 3353a7d0b017146d543434be4036a81aaf7d25ae

BUG=chromium:1182647
NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true
R=bmeurer@chromium.org

Change-Id: I86abd6a3f34169be5f99aa9f54bb7bb3706fa85a
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/branch-heads/8.9@{#49}
Cr-Branched-From: 16b9bbbd581c25391981aa03180b76aa60463a3e-refs/heads/8.9.255@{#1}
Cr-Branched-From: d16a2a688498bd1c3e6a49edb25d8c4ca56232dc-refs/heads/master@{#72039}
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
qtprojectorg pushed a commit that referenced this pull request Apr 1, 2021
Partial cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/2748077:
Merged: Squashed multiple commits.

Merged: [const-tracking] Mark const field as mutable when reconfiguring
Revision: 7535b91f7cb22274de734d5da7d0324d8653d626

Merged: [const-tracking] Fix incorrect DCHECK in MapUpdater
Revision: f95db8916a731e6e5ccc0282616bc907ce06012f

BUG=chromium:1161847,chromium:1185463,v8:9233
NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true
R=ishell@chromium.org

Change-Id: I4a34bafb3b072f2e788b47949947c76110f1b85c
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/branch-heads/9.0@{#18}
Cr-Branched-From: bd0108b4c88e0d6f2350cb79b5f363fbd02f3eb7-refs/heads/9.0.257@{#1}
Cr-Branched-From: 349bcc6a075411f1a7ce2d866c3dfeefc2efa39d-refs/heads/master@{#73001}
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
qtprojectorg pushed a commit that referenced this pull request Apr 6, 2021
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/2674169:
[Merged ][wasm] PostMessage of Memory.buffer should throw

PostMessage of an ArrayBuffer that is not detachable should result
in a DataCloneError.

TBR=gdeepti@chromium.org

(cherry picked from commit dfcf1e86fac0a7b067caf8fdfc13eaf3e3f445e4)

Bug: chromium:1170176, chromium:961059
No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Change-Id: Ife852df032841b7001375acd5e101d614c4b0771
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/branch-heads/8.8@{#30}
Cr-Branched-From: 2dbcdc105b963ee2501c82139eef7e0603977ff0-refs/heads/8.8.278@{#1}
Cr-Branched-From: 366d30c99049b3f1c673f8a93deb9f879d0fa9f0-refs/heads/master@{#71094}
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg pushed a commit that referenced this pull request Apr 9, 2021
Partial cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/2780300:
Merged: [deoptimizer] Fix bug in OptimizedFrame::Summarize

Revision: 3353a7d0b017146d543434be4036a81aaf7d25ae

BUG=chromium:1182647
NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true
R=bmeurer@chromium.org

Change-Id: I86abd6a3f34169be5f99aa9f54bb7bb3706fa85a
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/branch-heads/8.9@{#49}
Cr-Branched-From: 16b9bbbd581c25391981aa03180b76aa60463a3e-refs/heads/8.9.255@{#1}
Cr-Branched-From: d16a2a688498bd1c3e6a49edb25d8c4ca56232dc-refs/heads/master@{#72039}
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
qtprojectorg pushed a commit that referenced this pull request Apr 9, 2021
Partial cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/2748077:
Merged: Squashed multiple commits.

Merged: [const-tracking] Mark const field as mutable when reconfiguring
Revision: 7535b91f7cb22274de734d5da7d0324d8653d626

Merged: [const-tracking] Fix incorrect DCHECK in MapUpdater
Revision: f95db8916a731e6e5ccc0282616bc907ce06012f

BUG=chromium:1161847,chromium:1185463,v8:9233
NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true
R=ishell@chromium.org

Change-Id: I4a34bafb3b072f2e788b47949947c76110f1b85c
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/branch-heads/9.0@{#18}
Cr-Branched-From: bd0108b4c88e0d6f2350cb79b5f363fbd02f3eb7-refs/heads/9.0.257@{#1}
Cr-Branched-From: 349bcc6a075411f1a7ce2d866c3dfeefc2efa39d-refs/heads/master@{#73001}
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
qtprojectorg pushed a commit that referenced this pull request Apr 14, 2021
… in V8 for x86_64

Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/2821959:
Fix bug in InstructionSelector::ChangeInt32ToInt64

(cherry picked from commit 02f84c745fc0cae5927a66dc4a3e81334e8f60a6)

No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Bug: chromium:1196683
Change-Id: Ib4ea738b47b64edc81450583be4c80a41698c3d1
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#73903}
Commit-Queue: Jana Grill <janagrill@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Victor-Gabriel Savu <vsavu@google.com>
Cr-Commit-Position: refs/branch-heads/8.6@{#75}
Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
qtprojectorg pushed a commit that referenced this pull request Apr 21, 2021
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/2838235:
M86-LTS: [compiler] Fix bug in RepresentationChanger::GetWord32RepresentationFor

We have to respect the TypeCheckKind.

(cherry picked from commit fd29e246f65a7cee130e72cd10f618f3b82af232)

No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Bug: chromium:1195777
Change-Id: If1eed719fef79b7c61d99c29ba869ddd7985c413
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#73909}
Owners-Override: Achuith Bhandarkar <achuith@chromium.org>
Reviewed-by: Artem Sumaneev <asumaneev@google.com>
Commit-Queue: Achuith Bhandarkar <achuith@chromium.org>
Cr-Commit-Position: refs/branch-heads/8.6@{#79}
Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
qtprojectorg pushed a commit that referenced this pull request Apr 21, 2021
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/2823829:
[LTS-M86][builtins] Fix Array.prototype.concat with @@species

(cherry picked from commit 7989e04979c3195e60a6814e8263063eb91f7b47)

No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Bug: chromium:1195977
Change-Id: I16843bce2e9f776abca0f2b943b898ab5e597e42
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#73842}
Commit-Queue: Jana Grill <janagrill@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Victor-Gabriel Savu <vsavu@google.com>
Cr-Commit-Position: refs/branch-heads/8.6@{#77}
Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
qtprojectorg pushed a commit that referenced this pull request Apr 21, 2021
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/2821961:
[LTS-M86][builtins] Harden Array.prototype.concat.

Defence in depth patch to prevent JavaScript from executing
from within IterateElements.

R=ishell@chromium.org
R=cbruni@chromium.org

(cherry picked from commit 8284359ed0607e452a4dda2ce89811fb019b4aaa)

No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Bug: chromium:1195977
Change-Id: Ie59d468b73b94818cea986a3ded0804f6dddd10b
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#73898}
Commit-Queue: Jana Grill <janagrill@chromium.org>
Reviewed-by: Victor-Gabriel Savu <vsavu@google.com>
Cr-Commit-Position: refs/branch-heads/8.6@{#76}
Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
qtprojectorg pushed a commit that referenced this pull request Apr 27, 2021
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/2839559:
Merged: [compiler] Fix a bug in VisitSpeculativeIntegerAdditiveOp

Revision: 9313c4ce3f32ad81df1c65becccec7e129181ce3

BUG=chromium:1199345
NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true
R=nicohartmann@chromium.org

Change-Id: I0ee9f13815b1a7d248d4caa506c6930697e1866c
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/branch-heads/9.0@{#41}
Cr-Branched-From: bd0108b4c88e0d6f2350cb79b5f363fbd02f3eb7-refs/heads/9.0.257@{#1}
Cr-Branched-From: 349bcc6a075411f1a7ce2d866c3dfeefc2efa39d-refs/heads/master@{#73001}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
qtprojectorg pushed a commit that referenced this pull request Apr 27, 2021
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/2833911:
Merged: [turbofan] Harden ArrayPrototypePop and ArrayPrototypeShift

Revision: d4aafa4022b718596b3deadcc3cdcb9209896154

TBR=glazunov@chromium.org
BUG=chromium:1198696
NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true

Change-Id: I1840ffabbed3a3caab75b0abea1d37d9ed446d3f
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/branch-heads/9.0@{#39}
Cr-Branched-From: bd0108b4c88e0d6f2350cb79b5f363fbd02f3eb7-refs/heads/9.0.257@{#1}
Cr-Branched-From: 349bcc6a075411f1a7ce2d866c3dfeefc2efa39d-refs/heads/master@{#73001}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
qtprojectorg pushed a commit that referenced this pull request Apr 27, 2021
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/2827899:
Merged: [TurboFan] Fix SpeculativeNumberEqual[Number] with undefined

(cherry picked from commit 7c7cdec5373127ad24e75edb2d2d75b25d604850)

Bug: chromium:1198309, v8:5660
No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Change-Id: I9cb5f66643c0c0ab9b18ca953cf85d2f6aa84b42
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#74038}
Cr-Commit-Position: refs/branch-heads/9.0@{#45}
Cr-Branched-From: bd0108b4c88e0d6f2350cb79b5f363fbd02f3eb7-refs/heads/9.0.257@{#1}
Cr-Branched-From: 349bcc6a075411f1a7ce2d866c3dfeefc2efa39d-refs/heads/master@{#73001}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
qtprojectorg pushed a commit that referenced this pull request May 7, 2021
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/2839559:
Merged: [compiler] Fix a bug in VisitSpeculativeIntegerAdditiveOp

Revision: 9313c4ce3f32ad81df1c65becccec7e129181ce3

BUG=chromium:1199345
NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true
R=nicohartmann@chromium.org

Change-Id: I0ee9f13815b1a7d248d4caa506c6930697e1866c
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/branch-heads/9.0@{#41}
Cr-Branched-From: bd0108b4c88e0d6f2350cb79b5f363fbd02f3eb7-refs/heads/9.0.257@{#1}
Cr-Branched-From: 349bcc6a075411f1a7ce2d866c3dfeefc2efa39d-refs/heads/master@{#73001}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
qtprojectorg pushed a commit that referenced this pull request May 7, 2021
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/2833911:
Merged: [turbofan] Harden ArrayPrototypePop and ArrayPrototypeShift

Revision: d4aafa4022b718596b3deadcc3cdcb9209896154

TBR=glazunov@chromium.org
BUG=chromium:1198696
NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true

Change-Id: I1840ffabbed3a3caab75b0abea1d37d9ed446d3f
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/branch-heads/9.0@{#39}
Cr-Branched-From: bd0108b4c88e0d6f2350cb79b5f363fbd02f3eb7-refs/heads/9.0.257@{#1}
Cr-Branched-From: 349bcc6a075411f1a7ce2d866c3dfeefc2efa39d-refs/heads/master@{#73001}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
qtprojectorg pushed a commit that referenced this pull request May 26, 2021
Cherry-pick of commit originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/2883780:
Reland "[compiler] Fix more truncation bugs in SimplifiedLowering"

This is a reland of 47077d94492cb604e3a7f02c0d7c3c495ff6b713 without
changes. The revert was false alarm.

[M86]: Resolved simple conflicts.

Original change's description:
> [compiler] Fix more truncation bugs in SimplifiedLowering
>
> Bug: chromium:1200490
> Change-Id: I3555b6d99bdb4b4e7c302a43a82c17e8bff84ebe
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2840452
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74097}

(cherry picked from commit e4a580c9104e42968e8e13b8c7d933f0b2eda2a3)

(cherry picked from commit 97ad04543438f7b235b21346fdd198f81028cd5e)

Bug: chromium:1200490
Tbr: nicohartmann@chromium.org
No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Change-Id: Iedddcf2d0117fa59dc9d7a3604ef203808ad2903
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Original-Commit-Position: refs/branch-heads/9.0@{#47}
Cr-Original-Branched-From: bd0108b4c88e0d6f2350cb79b5f363fbd02f3eb7-refs/heads/9.0.257@{#1}
Cr-Original-Branched-From: 349bcc6a075411f1a7ce2d866c3dfeefc2efa39d-refs/heads/master@{#73001}
Reviewed-by: Jana Grill <janagrill@google.com>
Commit-Queue: Victor-Gabriel Savu <vsavu@google.com>
Cr-Commit-Position: refs/branch-heads/8.6@{#95}
Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
qtprojectorg pushed a commit that referenced this pull request May 28, 2021
Reland "M86-LTS: [const-tracking] Ensure map is updated before generalizing constness"

This reverts commit 4b4ad58888faf938a76e0d792c3c3a639c79e2e4.

M86 merge conflicts and resolution:
* src/objects/map-updater.cc
  Map::instance_descriptor with kRelaxedLoad dispatcher was introduced after
  8.6 branch: https://crrev.com/c/2424130. Before the patch
  Map::instance_descriptor without distpacher was used. Do the same
  here.
* test/mjsunit/regress/regress-crbug-1195331.js
  HasOwnConstDataProperty did not exist in 8.6. Add it from
  https://crrev.com/c/2566757.

Original change's description:
> Revert "M86-LTS: [const-tracking] Ensure map is updated before generalizing constness"
>
> This reverts commit 69a043b410ff83f31ceba23eab410163403c1db0.
>
> Reason for revert: causes compilation errors. kRelaxedLoad is missing.
>
> Original change's description:
> > M86-LTS: [const-tracking] Ensure map is updated before generalizing constness
> >
> > Revision: db2acd7a046d42a8013da76c3f47d2970cef5447
> >
> > BUG=chromium:1195331
> > NOTRY=true
> > NOPRESUBMIT=true
> > NOTREECHECKS=true
> > R=​​leszeks@chromium.org
> >
> > (cherry picked from commit 5a0dd788cdae65bbfa37fbbd47a5e5dde15dd894)
> >
> > Change-Id: I7ce1b36b8860a49838d208bc7857021e03f83916
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2831474
> > Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> > Cr-Original-Commit-Position: refs/branch-heads/9.0@{#37}
> > Cr-Original-Branched-From: bd0108b4c88e0d6f2350cb79b5f363fbd02f3eb7-refs/heads/9.0.257@{#1}
> > Cr-Original-Branched-From: 349bcc6a075411f1a7ce2d866c3dfeefc2efa39d-refs/heads/master@{#73001}
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2850705
> > Reviewed-by: Igor Sheludko <ishell@chromium.org>
> > Reviewed-by: Victor-Gabriel Savu <vsavu@google.com>
> > Commit-Queue: Artem Sumaneev <asumaneev@google.com>
> > Cr-Commit-Position: refs/branch-heads/8.6@{#82}
> > Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
> > Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
>
> Bug: chromium:1195331
> Change-Id: Id7170c30d67329b784e9a283c0171fed010970dc
> No-Presubmit: true
> No-Tree-Checks: true
> No-Try: true
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2853588
> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
> Commit-Queue: Artem Sumaneev <asumaneev@google.com>
> Cr-Commit-Position: refs/branch-heads/8.6@{#84}
> Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
> Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}

No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:1195331
Change-Id: Ie103a7795893860c4c4834eefe9dc327c5c46d19
Reviewed-by: Victor-Gabriel Savu <vsavu@google.com>
Commit-Queue: Victor-Gabriel Savu <vsavu@google.com>
Cr-Commit-Position: refs/branch-heads/8.6@{#93}
Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg pushed a commit that referenced this pull request May 28, 2021
Manual cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/2875210:
Merged: [liftoff] Fix >=2GB memory accesses on 32-bit

We were inconsistent in handling offsets >= 2GB on 32-bit systems. The
code was still relying on this being detected as statically out of
bounds, but with the increase of {kV8MaxWasmMemoryPages} to support 4GB
memories, this is not the case any more.

This CL fixes this by again detecting such situations as statically OOB.
We do not expect to be able to allocate memories of size >2GB on such
systems. If this assumptions turns out to be wrong, we will erroneously
trap. If that happens, we will have to explicitly disallow memories of
such size on 32-bit systems.

Tbr: jkummerow@chromium.org

(cherry picked from commit 7ad5b961553d7d9bc30da1bb839726be2b92bb51)

Bug: v8:7881, chromium:1201340
Change-Id: I8a91dd067a1c63a6d1caacb874a27b44b0983774
No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/branch-heads/9.0@{#51}
Cr-Branched-From: bd0108b4c88e0d6f2350cb79b5f363fbd02f3eb7-refs/heads/9.0.257@{#1}
Cr-Branched-From: 349bcc6a075411f1a7ce2d866c3dfeefc2efa39d-refs/heads/master@{#73001}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
qtprojectorg pushed a commit that referenced this pull request May 28, 2021
Manual cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/2880214:
Merged: [const-tracking] Generalize constness when delete properties

Revision: d570bbe0c74ec4ae40d1abc34bea617ff2d63f26

BUG=chromium:1201938
NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true
R=leszeks@chromium.org

Change-Id: I2745bd574d9f971b3f1e41d5084ec9e9fbbeef07
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/branch-heads/9.0@{#55}
Cr-Branched-From: bd0108b4c88e0d6f2350cb79b5f363fbd02f3eb7-refs/heads/9.0.257@{#1}
Cr-Branched-From: 349bcc6a075411f1a7ce2d866c3dfeefc2efa39d-refs/heads/master@{#73001}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
qtprojectorg pushed a commit that referenced this pull request Aug 2, 2021
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/2940882:
M86-LTS: [debugger] Return ServerError if debugger agent is disabled

This returns a server error on setting breakpoints if the
agent is disabled.

(cherry picked from commit 5aa2de8128f885c44df79d38fb4aa5c6a5d94306)

Also-by: bmeurer@chromium.org
Fixed: chromium:1202534
No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Change-Id: I87c80a4bd785fa5c59a8dd0d5ac5f4b31b015ed8
Commit-Queue: Kim-Anh Tran <kimanh@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Kim-Anh Tran <kimanh@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#74399}
Reviewed-by: Achuith Bhandarkar <achuith@chromium.org>
Commit-Queue: Artem Sumaneev <asumaneev@google.com>
Cr-Commit-Position: refs/branch-heads/8.6@{#105}
Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg pushed a commit that referenced this pull request Aug 2, 2021
Manual cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/2948652:
M86-LTS] Reland "Merged: [compiler] Always record constness dependency for FastDataConstant"

This is a reland of 638d1b238d510a349bdd38648add8d5c85bc5f7d after a
one-character change. A local variable still has a non-optional type
in this version of V8.

Original change's description:
> Merged: [compiler] Always record constness dependency for FastDataConstant
>
> Revision: 1bfa5139966fe0c9e8036fe6362b61c483675775
>
> BUG=chromium:1209558
> NOTRY=true
> NOPRESUBMIT=true
> NOTREECHECKS=true
>
> Change-Id: If4f7243647bcc12ed482796c1353f0717630f6b9
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2919823
> Commit-Queue: Georg Neis <neis@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/branch-heads/9.1@{#59}
> Cr-Branched-From: 0e4ac64a8cf298b14034a22f9fe7b085d2cb238d-refs/heads/9.1.269@{#1}
> Cr-Branched-From: f565e72d5ba88daae35a59d0f978643e2343e912-refs/heads/master@{#73847}

NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true

(cherry picked from commit 73666e3f6d6bdbc93ab81cf8b3803dd04930e293)

Bug: chromium:1209558
Change-Id: I0c81353882b0f17942fd92ad4181732f941bcb1d
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Original-Commit-Position: refs/branch-heads/9.1@{#63}
Cr-Original-Branched-From: 0e4ac64a8cf298b14034a22f9fe7b085d2cb238d-refs/heads/9.1.269@{#1}
Cr-Original-Branched-From: f565e72d5ba88daae35a59d0f978643e2343e912-refs/heads/master@{#73847}
Reviewed-by: Artem Sumaneev <asumaneev@google.com>
Commit-Queue: Victor-Gabriel Savu <vsavu@google.com>
Cr-Commit-Position: refs/branch-heads/8.6@{#108}
Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg pushed a commit that referenced this pull request Aug 2, 2021
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/2940899:
Merged: Squashed multiple commits.

Merged: Disable left-trimming when optimizing compile jobs exist
Revision: ac0605a1a486b8d074f116cc365de9d2b6d7c9e5

Merged: [heap] Don't assume that optimizing-compile-dispatcher exists
Revision: 022b312d55e75935cfa99cca7729ae2d3f795bd0

BUG=chromium:1211215,chromium:1215514
NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true
R=dinfuehr@chromium.org

Change-Id: I3b3a37d64402ea464c8e653517928522a1c5e0da
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/branch-heads/9.1@{#67}
Cr-Branched-From: 0e4ac64a8cf298b14034a22f9fe7b085d2cb238d-refs/heads/9.1.269@{#1}
Cr-Branched-From: f565e72d5ba88daae35a59d0f978643e2343e912-refs/heads/master@{#73847}
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg pushed a commit that referenced this pull request Aug 4, 2021
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/3027260:
Merged: [compiler] Fix a bug in CodeGenerator::AddTranslationForOperand

(cherry picked from commit 374354bfe4a30740b96936b33e522d6fcd1cda67)

Bug: chromium:1228407
No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Change-Id: I358d8736b7b5f87300496cbb39a7689d8207d85f
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/branch-heads/9.1@{#77}
Cr-Branched-From: 0e4ac64a8cf298b14034a22f9fe7b085d2cb238d-refs/heads/9.1.269@{#1}
Cr-Branched-From: f565e72d5ba88daae35a59d0f978643e2343e912-refs/heads/master@{#73847}
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg pushed a commit that referenced this pull request Aug 12, 2021
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/2993033:
Merged: [JSON] Fix GC issue in BuildJsonObject

We must ensure that the sweeper is not running or has already swept
mutable_double_buffer. Otherwise the GC can add it to the free list.

Change-Id: If0fc7617acdb6690f0567215b78f8728e1643ec0
No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Bug: v8:11837, chromium:1214842
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/branch-heads/9.1@{#75}
Cr-Branched-From: 0e4ac64a8cf298b14034a22f9fe7b085d2cb238d-refs/heads/9.1.269@{#1}
Cr-Branched-From: f565e72d5ba88daae35a59d0f978643e2343e912-refs/heads/master@{#73847}
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg pushed a commit that referenced this pull request Aug 19, 2021
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/3080564:
Merged: [compiler] Fix a bug in MachineOperatorReducer's BitfieldCheck

Revision: 574ca6b71c6160d38b5fcf4b8e133bc7f6ba2387

BUG=chromium:1234770
NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true
R=nicohartmann@chromium.org

Change-Id: I15af5a94e89b54c2a540442c3544ed459b832e0a
Reviewed-by: Lutz Vahl <vahl@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/branch-heads/9.3@{#21}
Cr-Branched-From: 7744dce208a555494e4a33e24fadc71ea20b3895-refs/heads/9.3.345@{#1}
Cr-Branched-From: 4b6b4cabf3b6a20cdfda72b369df49f3311c4344-refs/heads/master@{#75728}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
qtprojectorg pushed a commit that referenced this pull request Sep 3, 2021
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/3027260:
Merged: [compiler] Fix a bug in CodeGenerator::AddTranslationForOperand

(cherry picked from commit 374354bfe4a30740b96936b33e522d6fcd1cda67)

Bug: chromium:1228407
No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Change-Id: I358d8736b7b5f87300496cbb39a7689d8207d85f
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/branch-heads/9.1@{#77}
Cr-Branched-From: 0e4ac64a8cf298b14034a22f9fe7b085d2cb238d-refs/heads/9.1.269@{#1}
Cr-Branched-From: f565e72d5ba88daae35a59d0f978643e2343e912-refs/heads/master@{#73847}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
qtprojectorg pushed a commit that referenced this pull request Sep 3, 2021
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/3067222:
Fix GC issue in BuildJsonObject

We must ensure that the sweeper is not running or has already swept
mutable_double_buffer. Otherwise the GC can add it to the free list.

(cherry picked from commit 81181a8ad80ac978a6a8732d05f615c645df95d2)

Bug: v8:11837
Bug: chromium:1214842
No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Change-Id: Ifd9cf15f1c94f664fd6489c70bb38b59730cdd78
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#74859}
Commit-Queue: Roger Felipe Zanoni da Silva <rzanoni@google.com>
Reviewed-by: Achuith Bhandarkar <achuith@chromium.org>
Reviewed-by: Jana Grill <janagrill@google.com>
Cr-Commit-Position: refs/branch-heads/9.0@{#68}
Cr-Branched-From: bd0108b4c88e0d6f2350cb79b5f363fbd02f3eb7-refs/heads/9.0.257@{#1}
Cr-Branched-From: 349bcc6a075411f1a7ce2d866c3dfeefc2efa39d-refs/heads/master@{#73001}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
qtprojectorg pushed a commit that referenced this pull request Sep 3, 2021
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/3101487:
[M90-LTS] [deoptimizer] Finish concurrent sweeping before overwriting ByteArrays

(cherry picked from commit b63a59619530cb26bf5d51f39ef4cb4c20952d5f)

Bug: chromium:1228036
No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Change-Id: I5abe7009920d2c8f81f024c9ae7bb6b13607da1a
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#75932}
Commit-Queue: Zakhar Voit <voit@google.com>
Reviewed-by: Achuith Bhandarkar <achuith@chromium.org>
Cr-Commit-Position: refs/branch-heads/9.0@{#75}
Cr-Branched-From: bd0108b4c88e0d6f2350cb79b5f363fbd02f3eb7-refs/heads/9.0.257@{#1}
Cr-Branched-From: 349bcc6a075411f1a7ce2d866c3dfeefc2efa39d-refs/heads/master@{#73001}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
qtprojectorg pushed a commit that referenced this pull request Jun 15, 2023
Partial manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/4567879:
[M108-LTS][runtime] Fix handling of interceptors

Drive-by: simplify creation of LookupIterator copies.

(cherry picked from commit d125c7329f6e22af4523de3c55de3a22f168acc9)

Bug: chromium:1440695
Change-Id: Icadab9c8b682f87524eed4c508e27be3a8c5b2d7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4537324
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Original-Commit-Position: refs/heads/main@{#87701}
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4567879
Commit-Queue: Roger Felipe Zanoni da Silva <rzanoni@google.com>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/branch-heads/10.8@{#60}
Cr-Branched-From: f1bc03fd6b4c201abd9f0fd9d51fb989150f97b9-refs/heads/10.8.168@{#1}
Cr-Branched-From: 237de893e1c0a0628a57d0f5797483d3add7f005-refs/heads/main@{#83672}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/481571
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg pushed a commit that referenced this pull request Jun 20, 2023
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/4590637:
Fix store handler selection for arguments objects

M108 merge issues:
    src/diagnostics/objects-printer.cc:
      Type conflicts for the handler variable on and
      the IsWeakFixedArray() check isn't present in 108; kept
      the code changes from the fix.

Drive-by: fix printing of handlers in --trace-feedback-updates mode.

(cherry picked from commit e144f3b71e64e01d6ffd247eb15ca1ff56f6287b)

Bug: chromium:1450481
Change-Id: I1c0084701f7f8959da508481cab7a81a2bca3c8d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4584248
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Original-Commit-Position: refs/heads/main@{#88021}
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4590637
Commit-Queue: Roger Felipe Zanoni da Silva <rzanoni@google.com>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/branch-heads/10.8@{#66}
Cr-Branched-From: f1bc03fd6b4c201abd9f0fd9d51fb989150f97b9-refs/heads/10.8.168@{#1}
Cr-Branched-From: 237de893e1c0a0628a57d0f5797483d3add7f005-refs/heads/main@{#83672}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/486078
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
qtprojectorg pushed a commit that referenced this pull request Jun 22, 2023
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/4590637:
Fix store handler selection for arguments objects

M108 merge issues:
src/diagnostics/objects-printer.cc:
  Type conflicts for the handler variable on and
  the IsWeakFixedArray() check isn't present in 108; kept
  the code changes from the fix.

Drive-by: fix printing of handlers in --trace-feedback-updates mode.

(cherry picked from commit e144f3b71e64e01d6ffd247eb15ca1ff56f6287b)

Bug: chromium:1450481
Change-Id: I1c0084701f7f8959da508481cab7a81a2bca3c8d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4584248
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Original-Commit-Position: refs/heads/main@{#88021}
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4590637
Commit-Queue: Roger Felipe Zanoni da Silva <rzanoni@google.com>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/branch-heads/10.8@{#66}
Cr-Branched-From: f1bc03fd6b4c201abd9f0fd9d51fb989150f97b9-refs/heads/10.8.168@{#1}
Cr-Branched-From: 237de893e1c0a0628a57d0f5797483d3add7f005-refs/heads/main@{#83672}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/487335
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg pushed a commit that referenced this pull request Jul 11, 2023
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/4637129:
Merged: [compiler] StackCheck can have side effects

Bug: chromium:1452137
(cherry picked from commit e548943e473b020fdc1de6e5543ca31b24d8b7f9)

Change-Id: Ibd7c9b02efd12341b452e4c34a635a58a817649f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4637129
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/branch-heads/11.4@{#49}
Cr-Branched-From: 8a8a1e7086dacc426965d3875914efa66663c431-refs/heads/11.4.183@{#1}
Cr-Branched-From: 5483d8e816e0bbce865cbbc3fa0ab357e6330bab-refs/heads/main@{#87241}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/489358
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
qtprojectorg pushed a commit that referenced this pull request Aug 25, 2023
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/webm/libwebp/+/4634862:
EncodeAlphaInternal: add missing error check

VP8LBitWriterFinish() may cause the VP8LBitWriter's buffer to be grown.
If that allocation fails, VP8LBitWriterNumBytes() will return a size
larger than the current allocation resulting in a heap overwrite of the
missing bytes.

==13==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x61900005b880 at pc 0x00000049ffc1 bp 0x7fff144f5b40 sp 0x7fff144f5310
READ of size 1028 at 0x61900005b880 thread T0
    #0 0x49ffc0 in __asan_memcpy
    #1 0x695861 in VP8BitWriterAppend src/utils/bit_writer_utils.c:186:3
    #2 0x65acf9 in EncodeAlphaInternal src/enc/alpha_enc.c:169:14

Found by Nallocfuzz (https://github.com/catenacyber/nallocfuzz).

This is the same issue that was fixed in the non-alpha lossless path in:
d49cfbb3 vp8l_enc,WriteImage: add missing error check

Bug: chromium:1455619
Change-Id: I6bd10de213707d3d6b7ce3d0d2b3942af45d317f
(cherry picked from commit c3bd7cff2e57b4bf1b744e70dd379570d83fb0e4)
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/499078
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
qtprojectorg pushed a commit that referenced this pull request Sep 1, 2023
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/webm/libwebp/+/4634862:
EncodeAlphaInternal: add missing error check

VP8LBitWriterFinish() may cause the VP8LBitWriter's buffer to be grown.
If that allocation fails, VP8LBitWriterNumBytes() will return a size
larger than the current allocation resulting in a heap overwrite of the
missing bytes.

==13==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x61900005b880 at pc 0x00000049ffc1 bp 0x7fff144f5b40 sp 0x7fff144f5310
READ of size 1028 at 0x61900005b880 thread T0
    #0 0x49ffc0 in __asan_memcpy
    #1 0x695861 in VP8BitWriterAppend src/utils/bit_writer_utils.c:186:3
    #2 0x65acf9 in EncodeAlphaInternal src/enc/alpha_enc.c:169:14

Found by Nallocfuzz (https://github.com/catenacyber/nallocfuzz).

This is the same issue that was fixed in the non-alpha lossless path in:
d49cfbb3 vp8l_enc,WriteImage: add missing error check

Bug: chromium:1455619
Change-Id: I6bd10de213707d3d6b7ce3d0d2b3942af45d317f
(cherry picked from commit c3bd7cff2e57b4bf1b744e70dd379570d83fb0e4)
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/500280
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg pushed a commit that referenced this pull request Jan 8, 2024
Manual cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/5110982:
Merged: [promises, async stack traces] Fix the case when the closure has run

We were using the closure pointing to NativeContext as a marker that the
closure has run, but async stack trace code was confused about it.

(cherry picked from commit bde3d360097607f36cd1d17cbe8412b84eae0a7f)

Bug: chromium:1501326
Change-Id: I30d438f3b2e3fdd7562ea9a79dde4561ce9b0083
Cr-Original-Commit-Position: refs/heads/main@{#90949}
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5110982
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/branch-heads/12.0@{#18}
Cr-Branched-From: ed7b4caf1fb8184ad9e24346c84424055d4d430a-refs/heads/12.0.267@{#1}
Cr-Branched-From: 210e75b19db4352c9b78dce0bae11c2dc3077df4-refs/heads/main@{#90651}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/526277
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg pushed a commit that referenced this pull request Jan 8, 2024
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/5110982:
Fix the case when the closure has run

M114 changes:
- replace IsNativeContext(*context) by context->IsNativeContext()

We were using the closure pointing to NativeContext as a marker that the
closure has run, but async stack trace code was confused about it.

(cherry picked from commit bde3d360097607f36cd1d17cbe8412b84eae0a7f)

Bug: chromium:1501326
Change-Id: I30d438f3b2e3fdd7562ea9a79dde4561ce9b0083
Cr-Original-Commit-Position: refs/heads/main@{#90949}
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5110982
Commit-Queue: Marja Hölttä <marja@chromium.org>
Auto-Submit: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/branch-heads/12.0@{#18}
Cr-Branched-From: ed7b4caf1fb8184ad9e24346c84424055d4d430a-refs/heads/12.0.267@{#1}
Cr-Branched-From: 210e75b19db4352c9b78dce0bae11c2dc3077df4-refs/heads/main@{#90651}
(cherry picked from commit cbd09b2ca928f1fd929ef52e173aa81213e38cb8)
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/526344
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg pushed a commit that referenced this pull request Jan 8, 2024
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/5110982:
Fix the case when the closure has run

M114 changes:
- replace IsNativeContext(*context) by context->IsNativeContext()

We were using the closure pointing to NativeContext as a marker that the
closure has run, but async stack trace code was confused about it.

(cherry picked from commit bde3d360097607f36cd1d17cbe8412b84eae0a7f)

Bug: chromium:1501326
Change-Id: I30d438f3b2e3fdd7562ea9a79dde4561ce9b0083
Cr-Original-Commit-Position: refs/heads/main@{#90949}
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5110982
Commit-Queue: Marja Hölttä <marja@chromium.org>
Auto-Submit: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/branch-heads/12.0@{#18}
Cr-Branched-From: ed7b4caf1fb8184ad9e24346c84424055d4d430a-refs/heads/12.0.267@{#1}
Cr-Branched-From: 210e75b19db4352c9b78dce0bae11c2dc3077df4-refs/heads/main@{#90651}
(cherry picked from commit cbd09b2ca928f1fd929ef52e173aa81213e38cb8)
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/526350
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg pushed a commit that referenced this pull request Jan 8, 2024
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/5110982:
[M114-LTS][promises, async stack traces] Fix the case when the closure has run

M114 changes:
- replace IsNativeContext(*context) by context->IsNativeContext()

We were using the closure pointing to NativeContext as a marker that the
closure has run, but async stack trace code was confused about it.

(cherry picked from commit bde3d360097607f36cd1d17cbe8412b84eae0a7f)

Bug: chromium:1501326
Change-Id: I30d438f3b2e3fdd7562ea9a79dde4561ce9b0083
Cr-Original-Commit-Position: refs/heads/main@{#90949}
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5110982
Commit-Queue: Marja Hölttä <marja@chromium.org>
Auto-Submit: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/branch-heads/12.0@{#18}
Cr-Branched-From: ed7b4caf1fb8184ad9e24346c84424055d4d430a-refs/heads/12.0.267@{#1}
Cr-Branched-From: 210e75b19db4352c9b78dce0bae11c2dc3077df4-refs/heads/main@{#90651}
(cherry picked from commit cbd09b2ca928f1fd929ef52e173aa81213e38cb8)
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/526232
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg pushed a commit that referenced this pull request Jan 16, 2024
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/5114883:
Merged: [turboshaft] Fix StructuralOptimization because of ignored side-effects

Side-effects in the 1st else block were not taken into account.

Drive-by: minor cleanups to StructuralOptimizationReducer.

Bug: v8:12783, chromium:1509576
(cherry picked from commit 4a664b390577de3d3572010da0dc1138d78ab2c4)

Change-Id: Id4e230ee0fd408c821747d3350d688c8b0098ae3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5114883
Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Auto-Submit: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/branch-heads/12.0@{#20}
Cr-Branched-From: ed7b4caf1fb8184ad9e24346c84424055d4d430a-refs/heads/12.0.267@{#1}
Cr-Branched-From: 210e75b19db4352c9b78dce0bae11c2dc3077df4-refs/heads/main@{#90651}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/530060
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
qtprojectorg pushed a commit that referenced this pull request Jan 18, 2024
Manual cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/5192447:
Merged: [runtime] Drop fast last-property deletion

This interacts badly with other optimizations and isn't particularly
common.

Bug: chromium:1517354
(cherry picked from commit 389ea9be7d68bb189e16da79f6414edbd4f7594f)

Change-Id: Ie16aa38e8984c4879491c0d9a0ca9df0e041fd1d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5192447
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/branch-heads/12.0@{#32}
Cr-Branched-From: ed7b4caf1fb8184ad9e24346c84424055d4d430a-refs/heads/12.0.267@{#1}
Cr-Branched-From: 210e75b19db4352c9b78dce0bae11c2dc3077df4-refs/heads/main@{#90651}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/531577
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg pushed a commit that referenced this pull request Jan 22, 2024
Manual cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/5192447:
Merged: [runtime] Drop fast last-property deletion

This interacts badly with other optimizations and isn't particularly
common.

Bug: chromium:1517354
(cherry picked from commit 389ea9be7d68bb189e16da79f6414edbd4f7594f)

Change-Id: Ie16aa38e8984c4879491c0d9a0ca9df0e041fd1d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5192447
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/branch-heads/12.0@{#32}
Cr-Branched-From: ed7b4caf1fb8184ad9e24346c84424055d4d430a-refs/heads/12.0.267@{#1}
Cr-Branched-From: 210e75b19db4352c9b78dce0bae11c2dc3077df4-refs/heads/main@{#90651}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/532072
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
qtprojectorg pushed a commit that referenced this pull request Jan 22, 2024
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/5185558:
Merged: [maglev] Fix allocation folding in derived constructors

Bug: v8:7700
Fixed: chromium:1515930
(cherry picked from commit 78dd4b31847ab1f5b06ef3d8742a9f3835fb6919)

Change-Id: Ia5d80719f97a6676a778e46698ecd6f6999e90d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5185558
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/branch-heads/12.0@{#30}
Cr-Branched-From: ed7b4caf1fb8184ad9e24346c84424055d4d430a-refs/heads/12.0.267@{#1}
Cr-Branched-From: 210e75b19db4352c9b78dce0bae11c2dc3077df4-refs/heads/main@{#90651}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/531978
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg pushed a commit that referenced this pull request Jan 22, 2024
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/5180369:
Merged: [codegen] Install BytecodeArray last in SharedFunctionInfo

Maglev assumes that when a SharedFunctionInfo has a BytecodeArray,
then it should also have FeedbackMetadata. However, this may not
hold with concurrent compilation when the SharedFunctionInfo is
re-compiled after being flushed. Here the BytecodeArray was installed
on the SFI before the FeedbackMetadata and a concurrent thread could
observe the BytecodeArray but not the FeedbackMetadata.

Drive-by: Reset the age field before setting the BytecodeArray as
well. This ensures that the concurrent marker will not observe the
old age for the new BytecodeArray.

Bug: chromium:1507412
(cherry picked from commit 46cb67e3b296e50d7fda5a58233d18b9f3dab0d5)

Change-Id: Ide73ac1c6b0a68a1fcf847c8351ec65016e55762
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5180369
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/branch-heads/12.0@{#28}
Cr-Branched-From: ed7b4caf1fb8184ad9e24346c84424055d4d430a-refs/heads/12.0.267@{#1}
Cr-Branched-From: 210e75b19db4352c9b78dce0bae11c2dc3077df4-refs/heads/main@{#90651}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/531979
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg pushed a commit that referenced this pull request Jan 22, 2024
Manual cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/5192447:
Merged: [runtime] Drop fast last-property deletion

This interacts badly with other optimizations and isn't particularly
common.

Bug: chromium:1517354
(cherry picked from commit 389ea9be7d68bb189e16da79f6414edbd4f7594f)

Change-Id: Ie16aa38e8984c4879491c0d9a0ca9df0e041fd1d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5192447
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/branch-heads/12.0@{#32}
Cr-Branched-From: ed7b4caf1fb8184ad9e24346c84424055d4d430a-refs/heads/12.0.267@{#1}
Cr-Branched-From: 210e75b19db4352c9b78dce0bae11c2dc3077df4-refs/heads/main@{#90651}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/531980
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
qtprojectorg pushed a commit that referenced this pull request Jan 22, 2024
Manual cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/5192447:
Merged: [runtime] Drop fast last-property deletion

This interacts badly with other optimizations and isn't particularly
common.

Bug: chromium:1517354
(cherry picked from commit 389ea9be7d68bb189e16da79f6414edbd4f7594f)

Change-Id: Ie16aa38e8984c4879491c0d9a0ca9df0e041fd1d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5192447
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/branch-heads/12.0@{#32}
Cr-Branched-From: ed7b4caf1fb8184ad9e24346c84424055d4d430a-refs/heads/12.0.267@{#1}
Cr-Branched-From: 210e75b19db4352c9b78dce0bae11c2dc3077df4-refs/heads/main@{#90651}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/532059
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
qtprojectorg pushed a commit that referenced this pull request Mar 12, 2024
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/5300311:
Merged: [wasm] Use correct signature index for tier-up of wasm-to-js wrapper

The wasm-to-js wrapper tierup used the canonicalized signature id lookup
for module-independent signatures to look up the canonicalized signature
id of module-specific signatures. With this CL the signature id is
looked up with the function index of imported functions and from the
dispatch table for indirect function calls instead.

R=jkummerow@chromium.org

Bug: 324596281
(cherry picked from commit 2109613ad4622028778a38fb418956fab8b478b6)

Change-Id: I3fb7e4f02596f62e13ffe60015f96bac5efbc598
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5300311
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/branch-heads/12.2@{#32}
Cr-Branched-From: 6eb5a9616aa6f8c705217aeb7c7ab8c037a2f676-refs/heads/12.2.281@{#1}
Cr-Branched-From: 44cf56d850167c6988522f8981730462abc04bcc-refs/heads/main@{#91934}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/546082
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg pushed a commit that referenced this pull request Mar 12, 2024
Manual cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/5323850:
Merged: [wasm] Add bounds check in tier-up of wasm-to-js wrapper

The entry index in the WasmApiFunctionRef was used to look for the given
WasmApiFunctionRef in the indirect function tables, but it was not
considered that the indirect function tables can have different lengths.

R=clemensb@chromium.org

Bug: 325893559

(cherry picked from commit 7330f46163e8a2c10a3d40ecbf554656f0ac55e8)

Change-Id: I52355890e21490c75566216985680c64e0b0db75
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5323850
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/branch-heads/12.2@{#38}
Cr-Branched-From: 6eb5a9616aa6f8c705217aeb7c7ab8c037a2f676-refs/heads/12.2.281@{#1}
Cr-Branched-From: 44cf56d850167c6988522f8981730462abc04bcc-refs/heads/main@{#91934}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/546083
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg pushed a commit that referenced this pull request Apr 9, 2024
Manual cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/5401859:
Merged: [runtime] Recreate enum cache on map update if any previous map had one

If any previous map in the transition tree had an enum cache, then we
recreate one when updating the map.

Bug: 330760873
(cherry picked from commit 807cf7d0b7d96212c98ed2119e07f9b2c6a23f61)

Change-Id: Ia9ea4cf17fef60166a0c037318eb539866aac37a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5401859
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/branch-heads/12.2@{#52}
Cr-Branched-From: 6eb5a9616aa6f8c705217aeb7c7ab8c037a2f676-refs/heads/12.2.281@{#1}
Cr-Branched-From: 44cf56d850167c6988522f8981730462abc04bcc-refs/heads/main@{#91934}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/553307
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg pushed a commit that referenced this pull request Apr 9, 2024
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/5380190:
Merged: [wasm] Check for type-definition count limit

(cherry picked from commit b852ad701db21d6db5b34e66f4ec1cdccd2ec4d4)

Bug: chromium:330575498
Change-Id: I395f0ed6d823b7d1e139da6551486e3627d65724
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5378419
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Manos Koukoutos <manoskouk@chromium.org>
Cr-Original-Commit-Position: refs/heads/main@{#92941}
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5380190
Reviewed-by: Francis McCabe <fgm@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/branch-heads/12.2@{#50}
Cr-Branched-From: 6eb5a9616aa6f8c705217aeb7c7ab8c037a2f676-refs/heads/12.2.281@{#1}
Cr-Branched-From: 44cf56d850167c6988522f8981730462abc04bcc-refs/heads/main@{#91934}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/553292
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg pushed a commit that referenced this pull request Apr 9, 2024
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/5401859:
Merged: [runtime] Recreate enum cache on map update if any previous map had one

If any previous map in the transition tree had an enum cache, then we
recreate one when updating the map.

Bug: 330760873
(cherry picked from commit 807cf7d0b7d96212c98ed2119e07f9b2c6a23f61)

Change-Id: Ia9ea4cf17fef60166a0c037318eb539866aac37a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5401859
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/branch-heads/12.2@{#52}
Cr-Branched-From: 6eb5a9616aa6f8c705217aeb7c7ab8c037a2f676-refs/heads/12.2.281@{#1}
Cr-Branched-From: 44cf56d850167c6988522f8981730462abc04bcc-refs/heads/main@{#91934}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/553296
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg pushed a commit that referenced this pull request Apr 10, 2024
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/5380190:
Merged: [wasm] Check for type-definition count limit

(cherry picked from commit b852ad701db21d6db5b34e66f4ec1cdccd2ec4d4)

Bug: chromium:330575498
Change-Id: I395f0ed6d823b7d1e139da6551486e3627d65724
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5378419
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Manos Koukoutos <manoskouk@chromium.org>
Cr-Original-Commit-Position: refs/heads/main@{#92941}
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5380190
Reviewed-by: Francis McCabe <fgm@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/branch-heads/12.2@{#50}
Cr-Branched-From: 6eb5a9616aa6f8c705217aeb7c7ab8c037a2f676-refs/heads/12.2.281@{#1}
Cr-Branched-From: 44cf56d850167c6988522f8981730462abc04bcc-refs/heads/main@{#91934}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/553298
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg pushed a commit that referenced this pull request Apr 10, 2024
Manual cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/5401859:
Merged: [runtime] Recreate enum cache on map update if any previous map had one

If any previous map in the transition tree had an enum cache, then we
recreate one when updating the map.

Bug: 330760873
(cherry picked from commit 807cf7d0b7d96212c98ed2119e07f9b2c6a23f61)

Change-Id: Ia9ea4cf17fef60166a0c037318eb539866aac37a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5401859
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/branch-heads/12.2@{#52}
Cr-Branched-From: 6eb5a9616aa6f8c705217aeb7c7ab8c037a2f676-refs/heads/12.2.281@{#1}
Cr-Branched-From: 44cf56d850167c6988522f8981730462abc04bcc-refs/heads/main@{#91934}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/553302
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg pushed a commit that referenced this pull request Jun 11, 2024
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/5380190:
Merged: [wasm] Check for type-definition count limit

(cherry picked from commit b852ad701db21d6db5b34e66f4ec1cdccd2ec4d4)

Bug: chromium:330575498
Change-Id: I395f0ed6d823b7d1e139da6551486e3627d65724
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5378419
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Manos Koukoutos <manoskouk@chromium.org>
Cr-Original-Commit-Position: refs/heads/main@{#92941}
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5380190
Reviewed-by: Francis McCabe <fgm@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/branch-heads/12.2@{#50}
Cr-Branched-From: 6eb5a9616aa6f8c705217aeb7c7ab8c037a2f676-refs/heads/12.2.281@{#1}
Cr-Branched-From: 44cf56d850167c6988522f8981730462abc04bcc-refs/heads/main@{#91934}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/554624
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg pushed a commit that referenced this pull request Jun 11, 2024
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/5410311:
Merged: [wasm][gc] Scan the code field of the WasmInternalFunction

The code field in the WasmInternalFunction is a code pointer since
https://crrev.com/c/5110559, so it has to be scanned explicitly.

Bug: 329130358
(cherry picked from commit b93975a48c722c2e5fe9b39437738eb2e23dac74)

Change-Id: I0795d2188a8af3480c513d1dbaccfcef1da04473
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5410311
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/branch-heads/12.2@{#54}
Cr-Branched-From: 6eb5a9616aa6f8c705217aeb7c7ab8c037a2f676-refs/heads/12.2.281@{#1}
Cr-Branched-From: 44cf56d850167c6988522f8981730462abc04bcc-refs/heads/main@{#91934}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/554648
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg pushed a commit that referenced this pull request Jun 11, 2024
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/5401859:
Merged: [runtime] Recreate enum cache on map update if any previous map had one

If any previous map in the transition tree had an enum cache, then we
recreate one when updating the map.

Bug: 330760873
(cherry picked from commit 807cf7d0b7d96212c98ed2119e07f9b2c6a23f61)

Change-Id: Ia9ea4cf17fef60166a0c037318eb539866aac37a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5401859
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/branch-heads/12.2@{#52}
Cr-Branched-From: 6eb5a9616aa6f8c705217aeb7c7ab8c037a2f676-refs/heads/12.2.281@{#1}
Cr-Branched-From: 44cf56d850167c6988522f8981730462abc04bcc-refs/heads/main@{#91934}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/554649
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg pushed a commit that referenced this pull request Oct 21, 2024
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/5872631:
Merged: [wasm] Do not inline wrappers with 'ref extern' parameter type

This was introduced in https://crrev.com/c/4212394.

The wrapper would need to test for null and throw a type error but
doesn't do that correctly.
(The test case added only tested that a null check happens either in
the wrapper or in the cast instruction because the test case was trying
to test both cases without duplicating too much which was a bad design
choice.)

For simplicity, just disallow inlining of wrappers with parameters
typed 'ref extern'. (Users should use `externref` aka 'ref null extern'
instead anyways as the non-nullability doesn't add any benefits.)

(cherry picked from commit 3eee872739ac3523af126d7f25a623c18f5bee39)

Bug: 366635354
Change-Id: I58deec223e9c01c5292239eebee895febc880215
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5872631
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/branch-heads/13.0@{#2}
Cr-Branched-From: 4be854bd71ea878a25b236a27afcecffa2e29360-refs/heads/13.0.245@{#1}
Cr-Branched-From: 1f5183f7ad6cca21029fd60653d075730c644432-refs/heads/main@{#96103}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/597922
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg pushed a commit that referenced this pull request Oct 21, 2024
Manual cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/5872631:
Merged: [wasm] Do not inline wrappers with 'ref extern' parameter type

This was introduced in https://crrev.com/c/4212394.

The wrapper would need to test for null and throw a type error but
doesn't do that correctly.
(The test case added only tested that a null check happens either in
the wrapper or in the cast instruction because the test case was trying
to test both cases without duplicating too much which was a bad design
choice.)

For simplicity, just disallow inlining of wrappers with parameters
typed 'ref extern'. (Users should use `externref` aka 'ref null extern'
instead anyways as the non-nullability doesn't add any benefits.)

(cherry picked from commit 3eee872739ac3523af126d7f25a623c18f5bee39)

Bug: 366635354
Change-Id: I58deec223e9c01c5292239eebee895febc880215
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5872631
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/branch-heads/13.0@{#2}
Cr-Branched-From: 4be854bd71ea878a25b236a27afcecffa2e29360-refs/heads/13.0.245@{#1}
Cr-Branched-From: 1f5183f7ad6cca21029fd60653d075730c644432-refs/heads/main@{#96103}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/597950
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
Copy link

cla-assistant bot commented Nov 15, 2024

CLA assistant check
All committers have signed the CLA.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

1 participant