- 30 Jan, 2020 20 commits
-
-
Ng Zhi An authored
On backends that do not have s128 support in Liftoff, tests will bail out to TurboFan, so tests will continue running and passing. Bug: v8:9909 Change-Id: I3b596a73b6cb2e8645a99c65a935026f9e1a8d55 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2029332Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#66056}
-
Ng Zhi An authored
If Wasm simd128 is not supported on this particular hardware, we bail out to TurboFan. Bug: v8:9909 Change-Id: Ie46e154426783ba099b7c0facc906670cda1bdd0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2029427Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#66055}
-
Eric Leese authored
This reverts commit 410ca4c5. Reason for revert: This was causing Chrome to hang when debugging large wasm binaries. Clean revert except for modification to test/debugger/debugger.status Bug: chromium:1047210, v8:9654 Original change's description: > [wasm] Tierdown wasm module upon "Debugger.enable" > > Put a logic in Wasm Engine to tier down all existing modules per isolate > when debugger is enabled. This CL does not handle new module added after > debugger is enabled yet. > > Bug: v8:9654 > Change-Id: I87060f5c416506543fcaf231bff9999d06ba4c0d > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2013692 > Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com> > Reviewed-by: Simon Zünd <szuend@chromium.org> > Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> > Reviewed-by: Clemens Backes <clemensb@chromium.org> > Cr-Commit-Position: refs/heads/master@{#66017} TBR=clemensb@chromium.org,bmeurer@chromium.org,duongn@microsoft.com,szuend@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: v8:9654 Change-Id: Id49e8c69f8212e95e698d7e7267056fb2eb7e60a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2030737 Auto-Submit: Eric Leese <leese@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Reviewed-by: Simon Zünd <szuend@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#66054}
-
Michael Achenbach authored
This uses the most common bottleneck for intercepting range-error creation in correctness fuzzing. Previous abort conditions didn't cover all cases, e.g. they didn't cover the generic NewError called by wasm-results. This also moves code for error-message suppression to the same location for readability. In a follow up we'll remove the other redundant abort conditions that are scattered through the code. Bug: chromium:1044942, chromium:1047197 Change-Id: I1b898247a304fd35112facd4048de3a02d512c96 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2030728Reviewed-by: Clemens Backes <clemensb@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#66053}
-
Milad Farazmand authored
Port c10153b4 R=zhin@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG= LOG=N Change-Id: I6668e7d7b260b62838d609e27e240bb670977250 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2030744Reviewed-by: Joran Siu <joransiu@ca.ibm.com> Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#66052}
-
Michael Hablich authored
TBR=machenbach@chromium.org Change-Id: I2a60152b04301c835fa21c03cd879b3530c436bf Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2030726Reviewed-by: Michael Hablich <hablich@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Hablich <hablich@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Auto-Submit: Michael Hablich <hablich@chromium.org> Cr-Commit-Position: refs/heads/master@{#66051}
-
Thibaud Michaud authored
This reverts commit 9781aa07. Reason for revert: tsan bot failure: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/30110 Original change's description: > Reland "[wasm] Cache streaming compilation result" > > This is a reland of 015f379a > > Original change's description: > > [wasm] Cache streaming compilation result > > > > Before compiling the code section, check whether the > > bytes received so far match a cached module. If they do, delay > > compilation until we receive the full bytes, since we are likely to find > > a cache entry for them. > > > > R=clemensb@chromium.org > > > > Bug: v8:6847 > > Change-Id: Ie5170d1274da3da6d52ff1b408abc7cb441bbe3c > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002823 > > Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> > > Reviewed-by: Clemens Backes <clemensb@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#66000} > > Bug: v8:6847 > Change-Id: I0b5acffa01aeb7dade3dc966392814383d900015 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2022951 > Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> > Reviewed-by: Clemens Backes <clemensb@chromium.org> > Cr-Commit-Position: refs/heads/master@{#66047} TBR=clemensb@chromium.org,thibaudm@chromium.org Change-Id: I76e3561835815ac3d5bca74e76079e82f9f3d581 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:6847 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2030727Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/master@{#66050}
-
Andreas Haas authored
There was a bug in the function body decoder where type checking of brtable only happened if the brtable instruction is reachable. However, type checking is required in all cases where brtable "not unreachable". The difference between reachable and "not unreachable" is a state called spec-reachable where a clever compiler can already infer that the code will be unreachable (e.g. a memory access is out of bounds just by the offset and therefore unconditionally traps), but the spec can not. If an instruction is only spec-reachable, it still has to be type checked. R=clemensb@chromium.org FIX=chromium:1046472 Change-Id: I7e9f1108597871615c0d443a0e94de35a0207b5e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2027990 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#66049}
-
Milad Farazmand authored
Change-Id: I22598152bd8763ae50b16adb84fa9c74a7bd26b3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2028835Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#66048}
-
Thibaud Michaud authored
This is a reland of 015f379a Original change's description: > [wasm] Cache streaming compilation result > > Before compiling the code section, check whether the > bytes received so far match a cached module. If they do, delay > compilation until we receive the full bytes, since we are likely to find > a cache entry for them. > > R=clemensb@chromium.org > > Bug: v8:6847 > Change-Id: Ie5170d1274da3da6d52ff1b408abc7cb441bbe3c > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002823 > Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> > Reviewed-by: Clemens Backes <clemensb@chromium.org> > Cr-Commit-Position: refs/heads/master@{#66000} Bug: v8:6847 Change-Id: I0b5acffa01aeb7dade3dc966392814383d900015 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2022951 Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#66047}
-
Dominik Inführ authored
The JSArrayBuffer extension stores a pointer to native memory. Set it to null before serialization and then restore the old value. Bug: v8:10064 Change-Id: I11b6d5a02cad7da119308b280269a72e24ee2a80 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2029410Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#66046}
-
Ulan Degenbaev authored
MarkingWorklistHolder has two references to the shared marking worklist: 1) as a standalone worklist for general marking, 2) as a context worklist for per-context mode marking. Because of that the shared worklist gets updated twice and breaks the invariants of UpdateMarkingWorklistAfterScavenge. Bug: chromium:1046791, chromium:973627 Change-Id: I61a8423f8b4d355adb5e8004bf200c67453c1e27 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2029411Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#66045}
-
Ulan Degenbaev authored
This patch adds a new BackingStore::Reallocate function that internally uses a new ArrayBuffer::Allocator::Reallocate provided by the embedder. The default implementation of the function simply copies the backing store. The embedder can override the function and provide a more efficient implementation e.g. using realloc. Bug: v8:9908, v8:9380 Change-Id: I2179c80ba199c045b6900c620a813916150e7098 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2007274 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#66044}
-
Igor Sheludko authored
... by using random seed provided via --gtest_random_seed= flag. Bug: chromium:1043117 Change-Id: I6114e9c71f3196a386a8457a6ec6f9e1fc80f6ea Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2027991Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#66043}
-
Leszek Swirski authored
Remove AstConsString "internalization", and instead make the conversion to heap String be on-demand with an Allocate method. We never actually need the heapified cons string more than once, so there's no need to do the internalization walk or do the next/string union dance in the AstConsString class. This also allows us to specify how we want to allocate the String at the call site. In particular, it allows us to allocate a flat SeqString rather rather than a ConsString. This allows us to avoid allocating ConsStrings which will just be passed to a flatten call, and especially avoid allocating dead ConsStrings in the off-thread old space. Bug: chromium:1011762 Bug: chromium:1043168 Change-Id: Id851f2f7529d92ad7e5388eb22823fd6d1959cd0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2020953Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#66042}
-
Peter Marshall authored
'resumed' events are sent to the renderer from V8 and stored in a queue. We didn't flush this queue previously, meaning these events would sit in the queue until another message coincidentally flushed the queue. Under some circumstances, the resumed event would not get flushed and the UI would still be in a paused state, even when JS had resumed. Bug: chromium:1044989 Change-Id: I5d92fcc0a40d4e3816501da98f6be8a46f227e0f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2023563Reviewed-by: Simon Zünd <szuend@chromium.org> Commit-Queue: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#66041}
-
Liviu Rau authored
We will be able to collect test duration and later upload them in BQ. Change-Id: Ie5610d4e872259857bf3f26ba698fa65d23058be Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2020952Reviewed-by: Tamer Tas <tmrts@chromium.org> Commit-Queue: Liviu Rau <liviurau@chromium.org> Cr-Commit-Position: refs/heads/master@{#66040}
-
Georg Neis authored
- Debugger stepping assumes that the pc points to the instruction that should get executed next, so we need to increment it when we hit a stop or a bkpt instruction or else we'll end up in an infinite loop. - The "break" and the "stop unstop" command write into code space, so they need to temporarily make code space writable or else they just crash. (Note that this doesn't work for embedded builtins.) Bug: v8:10164 Change-Id: Id77f5e97892076a9fdf8de0230632e0ce979da43 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2026732 Auto-Submit: Georg Neis <neis@chromium.org> Reviewed-by: Dan Elphick <delphick@chromium.org> Commit-Queue: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#66039}
-
Jan Krems authored
When the file begins with a hashbang, the scanner is in a failed state when SkipHashbang() is called. This is usually not an issue but when the parser encounters an ILLEGAL token, it will reset the SyntaxError location because of it. Bug: v8:10110 Change-Id: I1c7344bf5ad20079cff80130c991f3bff4d7e9a8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1995312Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#66038}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/2f17606..25075ce Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/2e0a0cb..707a874 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/ea8b58b..1a0daf7 Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/535dbf1..953ea7a TBR=machenbach@chromium.org,tmrts@chromium.org Change-Id: Ic908ce11f46097bf4b21189879220c21a90b7578 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2028530Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#66037}
-
- 29 Jan, 2020 20 commits
-
-
Ng Zhi An authored
Bug: v8:9909 Change-Id: I53d3b95e1f22e0194ac1a2ed7b556189acb8f9ad Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2023399Reviewed-by: Clemens Backes <clemensb@chromium.org> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#66036}
-
Ng Zhi An authored
Change-Id: I78a33d10b2c73d2fa0cb364a7a4b23de0c01d94c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2028516Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#66035}
-
Deepti Gandluri authored
This reverts commit e8832647. Reason for revert: Causes flaky fails on the tree, reverting as this test should be deterministic pass/fail. https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket.appspot.com/8889903130443940000/+/steps/Check_-_nosse3__flakes_/0/logs/simd-call/0 Original change's description: > [wasm-simd] Fix scalar lowering of kParameter > > Lowers the call descriptor of a wasm function if it contains simd. > > Also fixes a couple of issues with the lowering of kParameter: > - the old_index == new_index check is incorrect, it would only work if > the s128 parameter is the first parameter > - the old_index was also not adjusted to account for Parameter[0] being > the wasm instance object > - new_index needs to be adjusted to account for the instance object too > > These fixes make it more similar to the lowering of kParameter in > int64-lowering.c. > > Also add a new mjsunit test to exercise this logic. > > Bug: v8:10154 > Change-Id: Ia767a464c26a6a78fd931eab9e6897890a0904e8 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2020521 > Commit-Queue: Zhi An Ng <zhin@chromium.org> > Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> > Reviewed-by: Andreas Haas <ahaas@chromium.org> > Cr-Commit-Position: refs/heads/master@{#66032} TBR=gdeepti@chromium.org,ahaas@chromium.org,zhin@chromium.org Change-Id: I69589e2331c857c0f197ac53b8fb8a241376c632 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:10154 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2028830Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Commit-Queue: Deepti Gandluri <gdeepti@chromium.org> Cr-Commit-Position: refs/heads/master@{#66034}
-
Andrew Comminos authored
This data is duplicated across the code map, and not actually required for some esoteric types of CodeEntry objects (e.g. inline stacks). Unify sourcing of this data from the code map instead. Change-Id: I75fddc03221d1d6b7dab77d16fa05ad6eb3dd2a9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2026416Reviewed-by: Peter Marshall <petermarshall@chromium.org> Commit-Queue: Andrew Comminos <acomminos@fb.com> Cr-Commit-Position: refs/heads/master@{#66033}
-
Ng Zhi An authored
Lowers the call descriptor of a wasm function if it contains simd. Also fixes a couple of issues with the lowering of kParameter: - the old_index == new_index check is incorrect, it would only work if the s128 parameter is the first parameter - the old_index was also not adjusted to account for Parameter[0] being the wasm instance object - new_index needs to be adjusted to account for the instance object too These fixes make it more similar to the lowering of kParameter in int64-lowering.c. Also add a new mjsunit test to exercise this logic. Bug: v8:10154 Change-Id: Ia767a464c26a6a78fd931eab9e6897890a0904e8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2020521 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#66032}
-
Joshua Litt authored
Bug: v8:9838 Change-Id: Idc6bda122354a54dd24e39b0356f35b0f54ef089 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2012596 Commit-Queue: Joshua Litt <joshualitt@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#66031}
-
Michael Achenbach authored
Bug: chromium:1044942 Change-Id: I6bc5f9a83e56a67996bb23ff46e1c58c719a2dfb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2027988 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#66030}
-
Dominik Inführ authored
Bug: chromium:1045937 Change-Id: Ic30db61ec77cb684f927bae0ed45446abcb2e426 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2027989Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#66029}
-
Milad Farazmand authored
Tests need to be disable until liftoff is fully implemented. Change-Id: Ib906b7d4ef2abae1359fbfb1a61031eeb5d5e70c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2028289 Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#66028}
-
Jakob Kummerow authored
Copying one object's named properties is always fine, even if one of the names could be a large index on a TypedArray. Mark the LookupIterator as OWN_SKIP_INTERCEPTOR to avoid the DCHECK. Bug: chromium:1044909 Change-Id: I6918186a4b50df7865de3572cb674fd7d6eadb78 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2023558 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Auto-Submit: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#66027}
-
Jakob Kummerow authored
Bumping the max TypedArray length caused the typer to make different representation decisions, which caused inefficient back-and-forth conversions. This patch repairs the microbenchmark where this was most significant. There might be additional future work to ensure that TypedArray accesses that actually use huge indices remain on the fast path as well. Bug: chromium:1045934 Change-Id: Ic6dccaae35fcdf74a26d47388477a1969bf0aa9f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2026728 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Auto-Submit: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#66026}
-
Leszek Swirski authored
In the case of function names, we allocate ConsStrings only to flatten them during finalization. Allocating these ConsStrings in old space appears to have regressed some benchmarks (especially memory benchmarks), but is necessary for off-thread allocation which doesn't have a young space. Ideally, we would avoid allocating these ConsStrings in the first place, and would flatten the data directly from the AstConsString. For now, we make them allocate in old space for off-thread allocation only, to revert the regressions. In the future we can investigate smarter flattening. Bug: chromium:1011762 Bug: chromium:1044477, chromium:1044147, chromium:1043573, chromium:1043168 Change-Id: If24b738d6f2eeb8c0fea042a711deb2a19015fbd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2020948 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#66025}
-
Igor Sheludko authored
... using up-to-date git cl format. Bug: v8:10155 Change-Id: Ie29b492a7831fe2d7c0de247d16f9b7be9e42a5b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2026730Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#66024}
-
Igor Sheludko authored
... which didn't check writability of array length on appending a new element to an array. Bug: chromium:1041251 Change-Id: I6935e505a4844e5b22abe9d4a42786619499daa6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2023551Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#66023}
-
Jakob Gruber authored
This reverts commit 7d1f95d6. Reason for revert: Speculative revert for https://crbug.com/1046678 Original change's description: > [regexp] Correctly escape a backslash-newline sequence > > When printing the source string, a backslash-newline sequence ('\\\n', > '\\\r', '\\\u2028', '\\\u2029') should be formatted as '\n', '\r', > '\u2028', '\u2029', respectively. Prior to this CL it was formatted as > a backslash followed by the literal newline character. > > Bug: v8:8615 > Change-Id: Iac90195c56ea1707ea8469066b0cc967ea87fc73 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2016583 > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Auto-Submit: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/master@{#65986} TBR=neis@chromium.org,jgruber@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: v8:8615,chromium:1046678 Change-Id: If28626a1c6868ed848310c0d30cf61a73326f2c1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2027452Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#66022}
-
Georg Neis authored
The compiler assumes (for loads) that the property cell of a non-configurable global property never gets invalidated. Bug: chromium:1044919 Change-Id: I27f6ce30fb9a21e2c1e5310f25e9bb973ebbc266 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2023562Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#66021}
-
Jakob Kummerow authored
Converting an object to an array length can freeze the array whose length is being set, but SetLength for the frozen elements accessor is supposedly unreachable. This fix extends the existing special handling for suddenly-readonly lengths to cover this case as well. Prior art: https://codereview.chromium.org/2543553002 Bug: chromium:1044911 Change-Id: I85d2e79446a8d9c1d22cd86ddf828328bf51a1a1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2023555 Auto-Submit: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#66020}
-
Ulan Degenbaev authored
Currently objects that belong to the untracked contexts (i.e. contexts for which measurement was not requested) are accounted in the shared context. This CL introduces a dummy kOtherContext and attributes such objects to that context. Bug: chromium:973627 Change-Id: I9801ab317d95b944336b79a5e17721511d4897c3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2025370Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#66019}
-
Ulan Degenbaev authored
The existing legacy performance.memory API accounts external string and array buffer backing store bytes. This CL adds per-context tracking of external bytes Bug: chromium:973627 Change-Id: I2b308dc540454e7b0b66406b83a18bf8f8d55d8e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2025369Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#66018}
-
Z Nguyen-Huu authored
Put a logic in Wasm Engine to tier down all existing modules per isolate when debugger is enabled. This CL does not handle new module added after debugger is enabled yet. Bug: v8:9654 Change-Id: I87060f5c416506543fcaf231bff9999d06ba4c0d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2013692 Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com> Reviewed-by: Simon Zünd <szuend@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#66017}
-