1. 26 Jan, 2021 1 commit
  2. 20 Jan, 2021 1 commit
    • Jakob Gruber's avatar
      [compiler] Rename type BailoutId to BytecodeOffset · 727d22be
      Jakob Gruber authored
      This reflects the actual contents of the type, which is an offset into
      the bytecode (or certain marker values). Historically, in the days of
      FCG the bailout id used to refer to node ids - this is why certain
      tracing output still calls the bailout id 'node id' and 'ast id'.
      These spots will be fixed in a follow-up CL.
      
      This change is mechanical:
      
       git grep -l BailoutId | while read f; do \
        sed -i 's/BailoutId/BytecodeOffset/g' $f; done
      
      With a manual component of updating the DeoptimizationData method
      name from 'BytecodeOffset' to 'GetBytecodeOffset'.
      
      Bug: v8:11332
      Change-Id: I956b947a480bf52263159c0eb1e895360bcbe6d2
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2639754
      Commit-Queue: Jakob Gruber <jgruber@chromium.org>
      Reviewed-by: 's avatarNico Hartmann <nicohartmann@chromium.org>
      Reviewed-by: 's avatarMythri Alle <mythria@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#72189}
      727d22be
  3. 19 Jan, 2021 1 commit
  4. 30 Nov, 2020 1 commit
    • Seth Brenith's avatar
      Require the first three fields of ScopeInfo to be present · 2bbf3333
      Seth Brenith authored
      ScopeInfo objects generally start with three fields: flags, parameter
      count, and local variable count. But a single read-only ScopeInfo
      instance has none of those fields. This is the empty ScopeInfo, which is
      used for contexts that don't correspond to any scope (the native context
      and contexts for builtin functions). Since there is only ever a single
      instance of the empty ScopeInfo, the memory savings of omitting these
      fields is trivial, and we can simplify logic somewhat by including them.
      Rather than checking for length to be zero, this change introduces a new
      flag indicating that a ScopeInfo instance is the empty one.
      
      On its own, this change doesn't provide a whole lot of value. However,
      it sets us up for two further improvements, which are consistent with
      the goals outlined in [1]:
      
      1. We should fully describe ScopeInfo fields in Torque. Getting rid of
      the requirement to check for emptiness would substantially simplify the
      indexed field expressions.
      
      2. ScopeInfo shouldn't inherit from FixedArray, and shouldn't begin with
      a `length` field when the length can be computed from the other fields.
      This would save a small amount of heap memory and avoid any possibility
      of a mismatch between the two ways of computing the length.
      
      [1] https://docs.google.com/document/d/1tiGK7_lubxPHnInI2vscUwMHfadn8gIEa1apmI8HxR4/edit#heading=h.n63k76b3zfwa
      
      Bug: v8:8952
      Change-Id: I018127698a5d91fb2a91684bc3aec2e27ee27c41
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2561598Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
      Cr-Commit-Position: refs/heads/master@{#71500}
      2bbf3333
  5. 20 Nov, 2020 1 commit
  6. 06 Nov, 2020 1 commit
  7. 30 Oct, 2020 1 commit
    • Martin Bidlingmaier's avatar
      [regexp] Add 'l' flag to force experimental engine · 5720d205
      Martin Bidlingmaier authored
      This commit adds the 'l' (linear) RegExp flag (as in e.g. /asdf|123/l)
      that forces execution in linear time.  These regexps are handled by the
      experimental engine.  If the experimental engine cannot handle the
      pattern, an exception is thrown on creation of the regexp.
      
      The commit also adds a new global V8 flag and changes an existing one:
      * --enable-experimental-engine, which turns on recognition of the RegExp
        'l' flag.  Previously this flag also caused all supported regexps to
        be executed by the experimental engine; this is not the case anymore.
      * --default-to-experimental-regexp-engine takes over the previous
        semantics of --enable-experimental-regexp-engine:  We execute all
        supported regexps with the experimental engine.
      
      Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel_ng
      Bug: v8:10765
      Change-Id: I5622a89b19404105e8be280d454e9fdd63c003b3
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2461244Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
      Reviewed-by: 's avatarSimon Zünd <szuend@chromium.org>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Commit-Queue: Martin Bidlingmaier <mbid@google.com>
      Cr-Commit-Position: refs/heads/master@{#70892}
      5720d205
  8. 06 Aug, 2020 1 commit
    • Leszek Swirski's avatar
      [runtime] Move string table off-heap · 1546be9c
      Leszek Swirski authored
      Changes the isolate's string table into an off-heap structure. This
      allows the string table to be resized without allocating on the V8 heap,
      and potentially triggering a GC. This allows existing strings to be
      inserted into the string table without requiring allocation.
      
      This has two important benefits:
      
        1) It allows the deserializer to insert strings directly into the
           string table, rather than having to defer string insertion until
           deserialization completes.
      
        2) It simplifies the concurrent string table lookup to allow resizing
           the table inside the write lock, therefore eliminating the race
           where two concurrent lookups could both resize the table.
      
      The off-heap string table has the following properties:
      
        1) The general hashmap behaviour matches the HashTable, i.e. open
           addressing, power-of-two sized, quadratic probing. This could, of
           course, now be changed.
      
        2) The empty and deleted sentinels are changed to Smi 0 and 1,
           respectively, to make those comparisons a bit cheaper and not
           require roots access.
      
        3) When the HashTable is resized, the old elements array is kept
           alive in a linked list of previous arrays, so that concurrent
           lookups don't lose the data they're accessing. This linked list
           is cleared by the GC, as then we know that all threads are in
           a safepoint.
      
        4) The GC treats the hash table entries as weak roots, and only walks
           them for non-live reference clearing and for evacuation.
      
        5) Since there is no longer a FixedArray to serialize for the startup
           snapshot, there is now a custom serialization of the string table,
           and the string table root is considered unserializable during weak
           root iteration. As a bonus, the custom serialization is more
           efficient, as it skips non-string entries.
      
      As a drive-by, rename LookupStringExists_NoAllocate to
      TryStringToIndexOrLookupExisting, to make it clearer that it returns
      a non-string for the case when the string is an array index. As another
      drive-by, extract StringSet into a separate header.
      
      Bug: v8:10729
      Change-Id: I9c990fb2d74d1fe222920408670974a70e969bca
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339104
      Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#69270}
      1546be9c
  9. 22 Jun, 2020 1 commit
  10. 10 Jun, 2020 1 commit
  11. 14 Apr, 2020 1 commit
    • Andreas Haas's avatar
      [wasm] Fix return value of concurrent memory.grow · 401190ba
      Andreas Haas authored
      When memory.grow was executed concurrently on multiple threads a data
      race could happen such that two memory.grow operations result in the
      same return value. With this CL the return value of memory.grow is
      unique, given that memory.grow actually grows the memory.
      
      As a concrete example, assume a shared WebAssembly memory initially has
      a size of 100. Assume two threads call memory.grow concurrently with a
      parameter `10`. Then with the existing code, memory would grow correctly
      to a size of 120, but the data race may cause both memory.grow
      operations to return 100. With the change in this CL one memory.grow
      operation would return 100, the other would return 110.
      
      R=gdeepti@chromium.org
      CC=rreverser@google.com
      
      Bug: chromium:1067621
      Change-Id: Ib22b5135714a56799e0818ccb39e5dce327e5f8e
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2144113Reviewed-by: 's avatarBen Smith <binji@chromium.org>
      Reviewed-by: 's avatarDeepti Gandluri <gdeepti@chromium.org>
      Commit-Queue: Andreas Haas <ahaas@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#67135}
      401190ba
  12. 09 Mar, 2020 1 commit
    • Dan Elphick's avatar
      [api] Create v8::String::NewFromLiteral that returns Local<String> · b097a8e5
      Dan Elphick authored
      String::NewFromLiteral is a templated function that takes a char[N]
      argument that can be used as an alternative to String::NewFromUtf8 and
      returns a Local<String> rather than a MaybeLocal<String> reducing the
      number of ToLocalChecked() or other checks.
      
      Since the string length is known at compile time, it can statically
      assert that the length is less than String::kMaxLength, which means that
      it can never fail at runtime.
      
      This also converts all found uses of NewFromUtf8 taking a string literal
      or a variable initialized from a string literal to use the new API. In
      some cases the types of stored string literals are changed from const
      char* to const char[] to ensure the size is retained.
      
      This API does introduce a small difference compared to NewFromUtf8. For
      a case like "abc\0def", NewFromUtf8 (using length -1 to infer length)
      would treat this as a 3 character string, whereas the new API will treat
      it as a 7 character string.
      
      As a drive-by fix, this also fixes all redundant uses of
      v8::NewStringType::kNormal when passed to any of the String::New*
      functions.
      
      Change-Id: Id96a44bc068d9c4eaa634aea688e024675a0e5b3
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2089935
      Commit-Queue: Dan Elphick <delphick@chromium.org>
      Reviewed-by: 's avatarMathias Bynens <mathias@chromium.org>
      Reviewed-by: 's avatarMythri Alle <mythria@chromium.org>
      Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#66622}
      b097a8e5
  13. 22 Jan, 2020 4 commits
  14. 08 Jan, 2020 1 commit
    • Dominik Inführ's avatar
      [objects] Compact and shrink script_list · fb26d0bb
      Dominik Inführ authored
      So far creating scripts always grew the script_list without ever
      reusing cleared slots or shrinking. While this is probably not a
      problem with script_list in practice, this is still a memory leak.
      
      Fix this leak by using WeakArrayList::Append instead of AddToEnd.
      Append adds to the end of the array, but potentially compacts and
      shrinks the list as well. Other WeakArrayLists can use this method as
      well, as long as they are not using indices into this array.
      
      Bug: v8:10031
      Change-Id: If743c4cc3f8d67ab735522f0ded038b2fb43e437
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1967385
      Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#65640}
      fb26d0bb
  15. 09 Dec, 2019 1 commit
    • Simon Zünd's avatar
      Introduce stack locals black list field on the ScopeInfo object · 73f3d2b1
      Simon Zünd authored
      This CL is a prepatory step towards moving the stack locals blacklist
      from the DebugEvaluateContext to the respective {ScopeInfo} objects.
      
      The locals blacklist is used during local debug evaluate to
      decide whether a context lookup can advance the context chain
      upwards, or if lookup needs to stop at the current scope.
      
      This CL also introduces a "Recreate" static helper method, that
      allows an existing ScopeInfo to be cloned, but with a locals
      blacklist attached. This will be needed since blacklists are only
      created on-demand during debugging.
      
      R=leszeks@chromium.org
      
      Bug: chromium:1027475, v8:9938
      Change-Id: I673dbc99ce9fdc84cb5cda3f9710ba2b76ab92ee
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1946349
      Commit-Queue: Simon Zünd <szuend@chromium.org>
      Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#65380}
      73f3d2b1
  16. 29 Oct, 2019 1 commit
  17. 11 Oct, 2019 2 commits
    • Seth Brenith's avatar
      [torque] Generate instance types · 8c7ae314
      Seth Brenith authored
      Design doc:
      https://docs.google.com/document/d/1ZU6rCvF2YHBGMLujWqqaxlPsjFfjKDE9C3-EugfdlAE/edit
      
      Changes from the design doc:
      - Changed to use 'class' declarations rather than 'type' declarations
        for things that need instance types but whose layout is not known to
        Torque. These declarations end with a semicolon rather than having a
        full set of methods and fields surrounded by {}. If the class's name
        should not be treated as a class name in generated output (because
        it's actually a template, or doesn't exist at all), we use the
        standard 'generates' clause to declare the most appropriate C++ class.
      - Removed @instanceTypeName.
      - @highestInstanceType became @highestInstanceTypeWithinParentClassRange
        to indicate a semantic change: it no longer denotes the highest
        instance type globally, but only within the range of values for its
        immediate parent class. This lets us use it for Oddball, which is
        expected to be the highest primitive type.
      - Added new abstract classes JSCustomElementsObject and JSSpecialObject
        to help with some range checks.
      - Added @lowestInstanceTypeWithinParentClassRange so we can move the new
        classes JSCustomElementsObject and JSSpecialObject to the beginning of
        the JSObject range. This seems like the least-brittle way to establish
        ranges that also include JSProxy (and these ranges are verified with
        static assertions in instance-type.h).
      - Renamed @instanceTypeValue to @apiExposedInstanceTypeValue.
      - Renamed @instanceTypeFlags to @reserveBitsInInstanceType.
      
      This change introduces the new annotations and adds the ability for
      Torque to assign instance types that satisfy those annotations. Torque
      now emits two new macros:
      - TORQUE_ASSIGNED_INSTANCE_TYPES, which is used to define the
        InstanceType enumeration
      - TORQUE_ASSIGNED_INSTANCE_TYPE_LIST, which replaces the non-String
        parts of INSTANCE_TYPE_LIST
      
      The design document mentions a couple of other macro lists that could
      easily be replaced, but I'd like to defer those to a subsequent checkin
      because this one is already pretty large.
      
      Bug: v8:7793
      Change-Id: Ie71d93a9d5b610e62be0ffa3bb36180c3357a6e8
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1757094
      Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
      Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Reviewed-by: 's avatarSathya Gunasekaran  <gsathya@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#64258}
      8c7ae314
    • Ulan Degenbaev's avatar
      Refactor construction of [Shared]ArrayBuffers. · 77ff0a55
      Ulan Degenbaev authored
      The backing store is now propagated to the constructors directly,
      instead of being attached after the construction. This ensures that
      the backing store is allocated before the array buffer so that we can
      trigger GCs on backing store allocation (if allocation fails).
      
      The only exception is builtin where we have to allocate the array buffer
      before the backing store to comply with the spec.
      
      Bug: v8:9380
      Tbr: verwaest@chromium.org
      Change-Id: Ib37db65853f3673dd769368cc3e8b6538ad07ff2
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1853444
      Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      Reviewed-by: 's avatarJakob Kummerow <jkummerow@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#64240}
      77ff0a55
  18. 10 Oct, 2019 1 commit
  19. 27 Sep, 2019 3 commits
    • Mythri A's avatar
      Reland "[compiler] Cache OSR optimized code" · fcff2437
      Mythri A authored
      This is a reland of cfb10028
      with a fix for failures in lite mode.
      
      Original change's description:
      > [compiler] Cache OSR optimized code
      >
      > With lazy feedback allocation, for functions that get OSRed we may
      > not have feedback for the initial part of the functions since feedback
      > vectors might be allocated after the function started executing. Hence
      > we would not be able to optimize the function on the next call. This
      > means we may have to OSR twice before we actually optimize function.
      > This cl introduces OSR cache, so we could reuse the optimized code. One
      > side effect of this cl is that the OSRed code won't be function context
      > specialized anymore.
      >
      > Bug: chromium:987523
      > Change-Id: Ic1e2abca85ccfa0a66a0fa83f7247392cc1e7cb2
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1796329
      > Commit-Queue: Mythri Alle <mythria@chromium.org>
      > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
      > Reviewed-by: Georg Neis <neis@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#64014}
      
      Bug: chromium:987523
      Change-Id: I9c782242b07b24d15247533ab4ee044334b429ff
      TBR: rmcilroy@chromium.org
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1826898
      Commit-Queue: Mythri Alle <mythria@chromium.org>
      Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#64023}
      fcff2437
    • Michael Achenbach's avatar
      Revert "[compiler] Cache OSR optimized code" · f8a08223
      Michael Achenbach authored
      This reverts commit cfb10028.
      
      Reason for revert:
      https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm%20-%20sim%20-%20lite/6483
      
      Original change's description:
      > [compiler] Cache OSR optimized code
      > 
      > With lazy feedback allocation, for functions that get OSRed we may
      > not have feedback for the initial part of the functions since feedback
      > vectors might be allocated after the function started executing. Hence
      > we would not be able to optimize the function on the next call. This
      > means we may have to OSR twice before we actually optimize function.
      > This cl introduces OSR cache, so we could reuse the optimized code. One
      > side effect of this cl is that the OSRed code won't be function context
      > specialized anymore.
      > 
      > Bug: chromium:987523
      > Change-Id: Ic1e2abca85ccfa0a66a0fa83f7247392cc1e7cb2
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1796329
      > Commit-Queue: Mythri Alle <mythria@chromium.org>
      > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
      > Reviewed-by: Georg Neis <neis@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#64014}
      
      TBR=rmcilroy@chromium.org,neis@chromium.org,mythria@chromium.org
      
      Change-Id: Ib3692e7570bed5d3e88ca8a0247b185d70497a04
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: chromium:987523
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1826668Reviewed-by: 's avatarMichael Achenbach <machenbach@chromium.org>
      Commit-Queue: Michael Achenbach <machenbach@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#64015}
      f8a08223
    • Mythri A's avatar
      [compiler] Cache OSR optimized code · cfb10028
      Mythri A authored
      With lazy feedback allocation, for functions that get OSRed we may
      not have feedback for the initial part of the functions since feedback
      vectors might be allocated after the function started executing. Hence
      we would not be able to optimize the function on the next call. This
      means we may have to OSR twice before we actually optimize function.
      This cl introduces OSR cache, so we could reuse the optimized code. One
      side effect of this cl is that the OSRed code won't be function context
      specialized anymore.
      
      Bug: chromium:987523
      Change-Id: Ic1e2abca85ccfa0a66a0fa83f7247392cc1e7cb2
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1796329
      Commit-Queue: Mythri Alle <mythria@chromium.org>
      Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
      Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#64014}
      cfb10028
  20. 19 Sep, 2019 1 commit
  21. 09 Sep, 2019 1 commit
    • Ulan Degenbaev's avatar
      Reland x6 [arraybuffer] Rearchitect backing store ownership · b6b7de0d
      Ulan Degenbaev authored
      This reverts commit 9da34831
      
      Original change's description:
      > "Reland x4 [arraybuffer] Rearchitect backing store ownership"
      >
      > This is a reland of bc33f5ae
      >
      > Contributed by titzer@chromium.org
      >
      > Original change's description:
      > > [arraybuffer] Rearchitect backing store ownership
      > >
      > > This CL completely rearchitects the ownership of array buffer backing stores,
      > > consolidating ownership into a {BackingStore} C++ object that is tracked
      > > throughout V8 using unique_ptr and shared_ptr where appropriate.
      > >
      > > Overall, lifetime management is simpler and more explicit. The numerous
      > > ways that array buffers were initialized have been streamlined to one
      > > Attach() method on JSArrayBuffer. The array buffer tracker in the
      > > GC implementation now manages std::shared_ptr<BackingStore> pointers,
      > > and the construction and destruction of the BackingStore object itself
      > > handles the underlying page or embedder-allocated memory.
      > >
      > > The embedder API remains unchanged for now. We use the
      > > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
      > > keep the backing store alive properly, even in the case of aliases
      > > from live heap objects. Thus the embedder has a lower chance of making
      > > a mistake. Long-term, we should move the embedder to a model where they
      > > manage backing stores using shared_ptr to an opaque backing store object.
      >
      > TBR=yangguo@chromium.org
      >
      > BUG=v8:9380,v8:9221,chromium:986318
      >
      > Change-Id: If671a4a9ca0476e8f084efae46e0d2bf99ed99ef
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1731005
      > Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      > Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
      > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
      
      > Cr-Commit-Position: refs/heads/master@{#63041}
      
      TBR=yangguo@chromium.org
      
      Change-Id: I3cc4bb80081c662b1751234bc16a821c20e744be
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1792166
      Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#63617}
      b6b7de0d
  22. 30 Aug, 2019 1 commit
    • Ulan Degenbaev's avatar
      Revert "Reland x5 [arraybuffer] Rearchitect backing store ownership" · 9da34831
      Ulan Degenbaev authored
      This reverts commit 62e16830.
      
      Reason for revert: it will be relanded after branch
      
      Original change's description:
      > Reland x5 [arraybuffer] Rearchitect backing store ownership
      > 
      > This reverts commit 8fdb2387.
      > 
      > Original change's description:
      > > "Reland x4 [arraybuffer] Rearchitect backing store ownership"
      > >
      > > This is a reland of bc33f5ae
      > >
      > > Contributed by titzer@chromium.org
      > >
      > > Original change's description:
      > > > [arraybuffer] Rearchitect backing store ownership
      > > >
      > > > This CL completely rearchitects the ownership of array buffer backing stores,
      > > > consolidating ownership into a {BackingStore} C++ object that is tracked
      > > > throughout V8 using unique_ptr and shared_ptr where appropriate.
      > > >
      > > > Overall, lifetime management is simpler and more explicit. The numerous
      > > > ways that array buffers were initialized have been streamlined to one
      > > > Attach() method on JSArrayBuffer. The array buffer tracker in the
      > > > GC implementation now manages std::shared_ptr<BackingStore> pointers,
      > > > and the construction and destruction of the BackingStore object itself
      > > > handles the underlying page or embedder-allocated memory.
      > > >
      > > > The embedder API remains unchanged for now. We use the
      > > > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
      > > > keep the backing store alive properly, even in the case of aliases
      > > > from live heap objects. Thus the embedder has a lower chance of making
      > > > a mistake. Long-term, we should move the embedder to a model where they
      > > > manage backing stores using shared_ptr to an opaque backing store object.
      > >
      > > TBR=yangguo@chromium.org
      > >
      > > BUG=v8:9380,v8:9221,chromium:986318
      > >
      > > Change-Id: If671a4a9ca0476e8f084efae46e0d2bf99ed99ef
      > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1731005
      > > Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      > > Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
      > > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
      > > Cr-Commit-Position: refs/heads/master@{#63041}
      > 
      > TBR=yangguo@chromium.org,clemensh@chromium.org,mstarzinger@chromium.org
      > 
      > Change-Id: Iba55c7ab71e5642b5cb6aeb699d6fc9cf9061486
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1771795
      > Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
      > Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#63461}
      
      TBR=ulan@chromium.org,mlippautz@chromium.org
      
      Change-Id: Id8f67a68ab398032eb2975b1b24ee125394d9c4b
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1776095Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#63471}
      9da34831
  23. 29 Aug, 2019 1 commit
    • Ulan Degenbaev's avatar
      Reland x5 [arraybuffer] Rearchitect backing store ownership · 62e16830
      Ulan Degenbaev authored
      This reverts commit 8fdb2387.
      
      Original change's description:
      > "Reland x4 [arraybuffer] Rearchitect backing store ownership"
      >
      > This is a reland of bc33f5ae
      >
      > Contributed by titzer@chromium.org
      >
      > Original change's description:
      > > [arraybuffer] Rearchitect backing store ownership
      > >
      > > This CL completely rearchitects the ownership of array buffer backing stores,
      > > consolidating ownership into a {BackingStore} C++ object that is tracked
      > > throughout V8 using unique_ptr and shared_ptr where appropriate.
      > >
      > > Overall, lifetime management is simpler and more explicit. The numerous
      > > ways that array buffers were initialized have been streamlined to one
      > > Attach() method on JSArrayBuffer. The array buffer tracker in the
      > > GC implementation now manages std::shared_ptr<BackingStore> pointers,
      > > and the construction and destruction of the BackingStore object itself
      > > handles the underlying page or embedder-allocated memory.
      > >
      > > The embedder API remains unchanged for now. We use the
      > > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
      > > keep the backing store alive properly, even in the case of aliases
      > > from live heap objects. Thus the embedder has a lower chance of making
      > > a mistake. Long-term, we should move the embedder to a model where they
      > > manage backing stores using shared_ptr to an opaque backing store object.
      >
      > TBR=yangguo@chromium.org
      >
      > BUG=v8:9380,v8:9221,chromium:986318
      >
      > Change-Id: If671a4a9ca0476e8f084efae46e0d2bf99ed99ef
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1731005
      > Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      > Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
      > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#63041}
      
      TBR=yangguo@chromium.org,clemensh@chromium.org,mstarzinger@chromium.org
      
      Change-Id: Iba55c7ab71e5642b5cb6aeb699d6fc9cf9061486
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1771795Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
      Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#63461}
      62e16830
  24. 05 Aug, 2019 1 commit
    • Ulan Degenbaev's avatar
      Revert ""Reland x4 [arraybuffer] Rearchitect backing store ownership"" · 8fdb2387
      Ulan Degenbaev authored
      This reverts commit 5611f70b.
      
      Reason for revert: flaky tests: v8:9588, v8:9587
      
      Original change's description:
      > "Reland x4 [arraybuffer] Rearchitect backing store ownership"
      > 
      > This is a reland of bc33f5ae
      > 
      > Contributed by titzer@chromium.org
      > 
      > Original change's description:
      > > [arraybuffer] Rearchitect backing store ownership
      > >
      > > This CL completely rearchitects the ownership of array buffer backing stores,
      > > consolidating ownership into a {BackingStore} C++ object that is tracked
      > > throughout V8 using unique_ptr and shared_ptr where appropriate.
      > >
      > > Overall, lifetime management is simpler and more explicit. The numerous
      > > ways that array buffers were initialized have been streamlined to one
      > > Attach() method on JSArrayBuffer. The array buffer tracker in the
      > > GC implementation now manages std::shared_ptr<BackingStore> pointers,
      > > and the construction and destruction of the BackingStore object itself
      > > handles the underlying page or embedder-allocated memory.
      > >
      > > The embedder API remains unchanged for now. We use the
      > > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
      > > keep the backing store alive properly, even in the case of aliases
      > > from live heap objects. Thus the embedder has a lower chance of making
      > > a mistake. Long-term, we should move the embedder to a model where they
      > > manage backing stores using shared_ptr to an opaque backing store object.
      > 
      > TBR=yangguo@chromium.org
      > 
      > BUG=v8:9380,v8:9221,chromium:986318
      > 
      > Change-Id: If671a4a9ca0476e8f084efae46e0d2bf99ed99ef
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1731005
      > Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      > Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
      > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#63041}
      
      TBR=ulan@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org,clemensh@chromium.org
      
      # Not skipping CQ checks because original CL landed > 1 day ago.
      
      Bug: v8:9380, v8:9221, chromium:986318
      Change-Id: Ic7381239f4e90d0c437b7e47a5ac6e8bce60f882
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1736747Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Reviewed-by: 's avatarClemens Hammacher <clemensh@chromium.org>
      Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#63081}
      8fdb2387
  25. 02 Aug, 2019 1 commit
    • Ulan Degenbaev's avatar
      "Reland x4 [arraybuffer] Rearchitect backing store ownership" · 5611f70b
      Ulan Degenbaev authored
      This is a reland of bc33f5ae
      
      Contributed by titzer@chromium.org
      
      Original change's description:
      > [arraybuffer] Rearchitect backing store ownership
      >
      > This CL completely rearchitects the ownership of array buffer backing stores,
      > consolidating ownership into a {BackingStore} C++ object that is tracked
      > throughout V8 using unique_ptr and shared_ptr where appropriate.
      >
      > Overall, lifetime management is simpler and more explicit. The numerous
      > ways that array buffers were initialized have been streamlined to one
      > Attach() method on JSArrayBuffer. The array buffer tracker in the
      > GC implementation now manages std::shared_ptr<BackingStore> pointers,
      > and the construction and destruction of the BackingStore object itself
      > handles the underlying page or embedder-allocated memory.
      >
      > The embedder API remains unchanged for now. We use the
      > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
      > keep the backing store alive properly, even in the case of aliases
      > from live heap objects. Thus the embedder has a lower chance of making
      > a mistake. Long-term, we should move the embedder to a model where they
      > manage backing stores using shared_ptr to an opaque backing store object.
      
      TBR=yangguo@chromium.org
      
      BUG=v8:9380,v8:9221,chromium:986318
      
      Change-Id: If671a4a9ca0476e8f084efae46e0d2bf99ed99ef
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1731005
      Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      Reviewed-by: 's avatarClemens Hammacher <clemensh@chromium.org>
      Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#63041}
      5611f70b
  26. 31 Jul, 2019 2 commits
    • Francis McCabe's avatar
      Revert ""Reland x3 [arraybuffer] Rearchitect backing store ownership"" · 195679de
      Francis McCabe authored
      This reverts commit df8e6177.
      
      Reason for revert: Multiple flakes in apparently related areas:
      
      https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket.appspot.com/8906409837768155568/+/steps/Check__flakes_/0/logs/BackingStoreTest.RacyGrowWasmMem.../0
      
      Original change's description:
      > "Reland x3 [arraybuffer] Rearchitect backing store ownership"
      > 
      > This is a reland of bc33f5ae
      > 
      > Original change's description:
      > > [arraybuffer] Rearchitect backing store ownership
      > >
      > > This CL completely rearchitects the ownership of array buffer backing stores,
      > > consolidating ownership into a {BackingStore} C++ object that is tracked
      > > throughout V8 using unique_ptr and shared_ptr where appropriate.
      > >
      > > Overall, lifetime management is simpler and more explicit. The numerous
      > > ways that array buffers were initialized have been streamlined to one
      > > Attach() method on JSArrayBuffer. The array buffer tracker in the
      > > GC implementation now manages std::shared_ptr<BackingStore> pointers,
      > > and the construction and destruction of the BackingStore object itself
      > > handles the underlying page or embedder-allocated memory.
      > >
      > > The embedder API remains unchanged for now. We use the
      > > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
      > > keep the backing store alive properly, even in the case of aliases
      > > from live heap objects. Thus the embedder has a lower chance of making
      > > a mistake. Long-term, we should move the embedder to a model where they
      > > manage backing stores using shared_ptr to an opaque backing store object.
      > 
      > R=​mlippautz@chromium.org
      > BUG=v8:9380,v8:9221,chromium:986318
      > TBR=ulan@chromium.org
      > 
      > Change-Id: I6c49e2425029b5664ef1c68dab8b5146f4ed0ff2
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1719191
      > Reviewed-by: Ben Titzer <titzer@chromium.org>
      > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
      > Commit-Queue: Ben Titzer <titzer@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#63007}
      
      TBR=mstarzinger@chromium.org,titzer@chromium.org,mlippautz@chromium.org
      
      Change-Id: If0266e5893b1325a332d5986337fa7ece2cb6943
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: v8:9380, v8:9221, chromium:986318
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1729549Reviewed-by: 's avatarFrancis McCabe <fgm@chromium.org>
      Commit-Queue: Francis McCabe <fgm@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#63011}
      195679de
    • Ben L. Titzer's avatar
      "Reland x3 [arraybuffer] Rearchitect backing store ownership" · df8e6177
      Ben L. Titzer authored
      This is a reland of bc33f5ae
      
      Original change's description:
      > [arraybuffer] Rearchitect backing store ownership
      >
      > This CL completely rearchitects the ownership of array buffer backing stores,
      > consolidating ownership into a {BackingStore} C++ object that is tracked
      > throughout V8 using unique_ptr and shared_ptr where appropriate.
      >
      > Overall, lifetime management is simpler and more explicit. The numerous
      > ways that array buffers were initialized have been streamlined to one
      > Attach() method on JSArrayBuffer. The array buffer tracker in the
      > GC implementation now manages std::shared_ptr<BackingStore> pointers,
      > and the construction and destruction of the BackingStore object itself
      > handles the underlying page or embedder-allocated memory.
      >
      > The embedder API remains unchanged for now. We use the
      > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
      > keep the backing store alive properly, even in the case of aliases
      > from live heap objects. Thus the embedder has a lower chance of making
      > a mistake. Long-term, we should move the embedder to a model where they
      > manage backing stores using shared_ptr to an opaque backing store object.
      
      R=mlippautz@chromium.org
      BUG=v8:9380,v8:9221,chromium:986318
      TBR=ulan@chromium.org
      
      Change-Id: I6c49e2425029b5664ef1c68dab8b5146f4ed0ff2
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1719191Reviewed-by: 's avatarBen Titzer <titzer@chromium.org>
      Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
      Commit-Queue: Ben Titzer <titzer@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#63007}
      df8e6177
  27. 23 Jul, 2019 1 commit
  28. 22 Jul, 2019 1 commit
    • Ben L. Titzer's avatar
      Reland "Reland "[arraybuffer] Rearchitect backing store ownership"" · 306cf403
      Ben L. Titzer authored
      This is a reland of bc33f5ae
      
      Original change's description:
      > Reland "[arraybuffer] Rearchitect backing store ownership"
      > 
      > This is a reland of 31cd5d83
      > 
      > Original change's description:
      > > [arraybuffer] Rearchitect backing store ownership
      > > 
      > > This CL completely rearchitects the ownership of array buffer backing stores,
      > > consolidating ownership into a {BackingStore} C++ object that is tracked
      > > throughout V8 using unique_ptr and shared_ptr where appropriate.
      > > 
      > > Overall, lifetime management is simpler and more explicit. The numerous
      > > ways that array buffers were initialized have been streamlined to one
      > > Attach() method on JSArrayBuffer. The array buffer tracker in the
      > > GC implementation now manages std::shared_ptr<BackingStore> pointers,
      > > and the construction and destruction of the BackingStore object itself
      > > handles the underlying page or embedder-allocated memory.
      > > 
      > > The embedder API remains unchanged for now. We use the
      > > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
      > > keep the backing store alive properly, even in the case of aliases
      > > from live heap objects. Thus the embedder has a lower chance of making
      > > a mistake. Long-term, we should move the embedder to a model where they
      > > manage backing stores using shared_ptr to an opaque backing store object.
      > > 
      > > R=mlippautz@chromium.org
      > > BUG=v8:9380,v8:9221
      > > 
      > > Change-Id: I48fae5ac85dcf6172a83f252439e77e7c1a16ccd
      > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1584323
      > > Commit-Queue: Ben Titzer <titzer@chromium.org>
      > > Reviewed-by: Ben Titzer <titzer@chromium.org>
      > > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
      > > Reviewed-by: Yang Guo <yangguo@chromium.org>
      > > Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
      > > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > > Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
      > > Cr-Commit-Position: refs/heads/master@{#62572}
      > 
      > Bug: v8:9380, v8:9221
      > Change-Id: If3f72967a8ebeb067c0edcfc16ed631e36829dbc
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1691906
      > Commit-Queue: Ben Titzer <titzer@chromium.org>
      > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
      > Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
      > Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
      > Reviewed-by: Yang Guo <yangguo@chromium.org>
      > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#62809}
      
      Bug: v8:9380, v8:9221
      Change-Id: I9a2525753ae2424108d074fa81df5f25d945c824
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1709409
      Commit-Queue: Ben Titzer <titzer@chromium.org>
      Reviewed-by: 's avatarYang Guo <yangguo@chromium.org>
      Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#62847}
      306cf403
  29. 18 Jul, 2019 2 commits
    • Clemens Hammacher's avatar
      Revert "Reland "[arraybuffer] Rearchitect backing store ownership"" · 6e0473f3
      Clemens Hammacher authored
      This reverts commit bc33f5ae.
      
      Reason for revert: Still failing (OOM on win32): https://ci.chromium.org/p/v8/builders/ci/V8%20Win32/22210
      
      Original change's description:
      > Reland "[arraybuffer] Rearchitect backing store ownership"
      > 
      > This is a reland of 31cd5d83
      > 
      > Original change's description:
      > > [arraybuffer] Rearchitect backing store ownership
      > > 
      > > This CL completely rearchitects the ownership of array buffer backing stores,
      > > consolidating ownership into a {BackingStore} C++ object that is tracked
      > > throughout V8 using unique_ptr and shared_ptr where appropriate.
      > > 
      > > Overall, lifetime management is simpler and more explicit. The numerous
      > > ways that array buffers were initialized have been streamlined to one
      > > Attach() method on JSArrayBuffer. The array buffer tracker in the
      > > GC implementation now manages std::shared_ptr<BackingStore> pointers,
      > > and the construction and destruction of the BackingStore object itself
      > > handles the underlying page or embedder-allocated memory.
      > > 
      > > The embedder API remains unchanged for now. We use the
      > > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
      > > keep the backing store alive properly, even in the case of aliases
      > > from live heap objects. Thus the embedder has a lower chance of making
      > > a mistake. Long-term, we should move the embedder to a model where they
      > > manage backing stores using shared_ptr to an opaque backing store object.
      > > 
      > > R=mlippautz@chromium.org
      > > BUG=v8:9380,v8:9221
      > > 
      > > Change-Id: I48fae5ac85dcf6172a83f252439e77e7c1a16ccd
      > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1584323
      > > Commit-Queue: Ben Titzer <titzer@chromium.org>
      > > Reviewed-by: Ben Titzer <titzer@chromium.org>
      > > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
      > > Reviewed-by: Yang Guo <yangguo@chromium.org>
      > > Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
      > > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > > Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
      > > Cr-Commit-Position: refs/heads/master@{#62572}
      > 
      > Bug: v8:9380, v8:9221
      > Change-Id: If3f72967a8ebeb067c0edcfc16ed631e36829dbc
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1691906
      > Commit-Queue: Ben Titzer <titzer@chromium.org>
      > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
      > Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
      > Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
      > Reviewed-by: Yang Guo <yangguo@chromium.org>
      > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#62809}
      
      TBR=ulan@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org,titzer@chromium.org,gdeepti@chromium.org,mlippautz@chromium.org
      
      Change-Id: Iea755df9aaa1e95d284135bd0a6681b1340b6832
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: v8:9380, v8:9221
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1708487Reviewed-by: 's avatarClemens Hammacher <clemensh@chromium.org>
      Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#62811}
      6e0473f3
    • Ben L. Titzer's avatar
      Reland "[arraybuffer] Rearchitect backing store ownership" · bc33f5ae
      Ben L. Titzer authored
      This is a reland of 31cd5d83
      
      Original change's description:
      > [arraybuffer] Rearchitect backing store ownership
      > 
      > This CL completely rearchitects the ownership of array buffer backing stores,
      > consolidating ownership into a {BackingStore} C++ object that is tracked
      > throughout V8 using unique_ptr and shared_ptr where appropriate.
      > 
      > Overall, lifetime management is simpler and more explicit. The numerous
      > ways that array buffers were initialized have been streamlined to one
      > Attach() method on JSArrayBuffer. The array buffer tracker in the
      > GC implementation now manages std::shared_ptr<BackingStore> pointers,
      > and the construction and destruction of the BackingStore object itself
      > handles the underlying page or embedder-allocated memory.
      > 
      > The embedder API remains unchanged for now. We use the
      > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
      > keep the backing store alive properly, even in the case of aliases
      > from live heap objects. Thus the embedder has a lower chance of making
      > a mistake. Long-term, we should move the embedder to a model where they
      > manage backing stores using shared_ptr to an opaque backing store object.
      > 
      > R=mlippautz@chromium.org
      > BUG=v8:9380,v8:9221
      > 
      > Change-Id: I48fae5ac85dcf6172a83f252439e77e7c1a16ccd
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1584323
      > Commit-Queue: Ben Titzer <titzer@chromium.org>
      > Reviewed-by: Ben Titzer <titzer@chromium.org>
      > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
      > Reviewed-by: Yang Guo <yangguo@chromium.org>
      > Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
      > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#62572}
      
      Bug: v8:9380, v8:9221
      Change-Id: If3f72967a8ebeb067c0edcfc16ed631e36829dbc
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1691906
      Commit-Queue: Ben Titzer <titzer@chromium.org>
      Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
      Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
      Reviewed-by: 's avatarDeepti Gandluri <gdeepti@chromium.org>
      Reviewed-by: 's avatarYang Guo <yangguo@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#62809}
      bc33f5ae
  30. 12 Jul, 2019 1 commit
  31. 10 Jul, 2019 1 commit
  32. 09 Jul, 2019 1 commit