- 20 Mar, 2020 1 commit
-
-
Victor Gomes authored
Bug: v8:10201 Change-Id: I72cbe15912395b9b06ffdccce935abae6e7a050e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2093508Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Victor Gomes <victorgomes@chromium.org> Cr-Commit-Position: refs/heads/master@{#66808}
-
- 26 Feb, 2020 1 commit
-
-
Victor Gomes authored
This adds static types to the argument class that accesss the arguments in the stack. kRuntime arguments are used by runtime functions and kJS arguments are used to access the JS stack (eg. builtins). The distinction allows the reversal of arguments in the JS stack without changing the runtime arguments order. Bug: v8:10201 Change-Id: I7c08164d53c4071c7910836fa733dee8ff7fa680 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2066985 Commit-Queue: Victor Gomes <victorgomes@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Auto-Submit: Victor Gomes <victorgomes@chromium.org> Cr-Commit-Position: refs/heads/master@{#66470}
-
- 09 Jan, 2020 1 commit
-
-
Jakob Kummerow authored
This CL factors out the decision-making logic whether a property key should be treated as a "property" or "element" into LookupIterator::Key, which can be constructed on its own, allowing use sites to take this distinction into account before constructing a LookupIterator from the Key, without needing to duplicate the logic. This also makes the assortment of LookupIterator constructors more uniform. Bug: chromium:1031175 Change-Id: I81d7b11ab7e4915f5c05668138e6e0c51ae11821 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1962272 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#65672}
-
- 26 Nov, 2019 1 commit
-
-
Jakob Kummerow authored
Bug: v8:4153 Change-Id: I036b3f464a635414e050972cee2dffbf3b44cafd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1918250 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#65164}
-
- 20 Nov, 2019 1 commit
-
-
Jakob Kummerow authored
They have to be in sync, so this patch updates both systems. Bug: v8:4153 Change-Id: I09252e41a710e79f823fe6818c1c6c0038faeb31 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1903434Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#65078}
-
- 15 Nov, 2019 1 commit
-
-
Maya Lekova authored
This helps reduce the number of false positives encountered by the dead variable analysis in gcmole. TBR=jgruber@chromium.org, verwaest@chromium.org, yangguo@chromium.org Bug: v8:9810 Change-Id: I1a34ccaab340e6abc37832b4ce1a0cabc56fa438 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1917146 Commit-Queue: Maya Lekova <mslekova@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#64981}
-
- 11 Sep, 2019 1 commit
-
-
Joshua Litt authored
Also converts ACP from a Cell to a PropertyCell. Bug: v8:9463 Change-Id: I6cd26d4e4fd8869a17bf75f83cc177524f8082d7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1795742Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Joshua Litt <joshualitt@chromium.org> Cr-Commit-Position: refs/heads/master@{#63675}
-
- 06 Aug, 2019 1 commit
-
-
Jakob Gruber authored
The HandleScope lets objects allocated within the slow loop be collected prior to loop termination. Drive-by: Use the appropriate kMaxElementCount constant. Drive-by: Switch to less-or-equal comparison against it. Bug: chromium:948810 Change-Id: I2449408b87e7e82dead5ee76d8c92129fa3243fc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1736749 Auto-Submit: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#63103}
-
- 27 May, 2019 3 commits
-
-
Benedikt Meurer authored
This is a reland of 4b86fea5 with copy&paste typo in CodeStubAssembler::AllocateByteArray() fixed (bug led to holes in new space, which was crashing reproducibly on the ia32 bot). Original change's description: > [typedarray] Move external/data pointer to JSTypedArray. > > As the next step in supporting huge typed arrays in V8, this moves the > external/data pointer from the FixedTypedArrayBase backing store to the > JSTypedArray instance itself, and replaces the special backing stores > with a plain ByteArray (removing all the code for the FixedTypedArrayBase > class hierarchy). By doing so, we can drastically simplify the system > around typed arrays. > > Note: Several places in the code base used to check the instance type > of the elements backing store of a JSTypedArray instead of checking the > elements kind on the JSTypedArray map directly. Those had to be fixed, > since the backing store is now always a ByteArray. > > Drive-by-fix: Move all the typed elements access related code into the > elements.cc file to properly encapsulate the accesses. > > Doc: http://doc/1Z-wM2qwvAuxH46e9ivtkYvKzzwYZg8ymm0x0wJaomow > Bug: chromium:951196, chromium:965583, v8:4153, v8:7881, v8:9183 > Change-Id: I8cc06b190c53e34155000b4560f5f3ef40621646 > Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627535 > Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> > Reviewed-by: Peter Marshall <petermarshall@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Simon Zünd <szuend@chromium.org> > Cr-Commit-Position: refs/heads/master@{#61855} Tbr: petermarshall@chromium.org Bug: chromium:951196, chromium:965583, v8:4153, v8:7881, v8:9183 Change-Id: I87fcdb28532c5f08cc227332a4d59546cb423810 Cq-Include-Trybots: luci.chromium.try:linux-rel, win7-rel Cq-Include-Trybots: luci.v8.try:v8_linux_shared_compile_rel Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631592Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#61864}
-
Clemens Hammacher authored
This reverts commit 4b86fea5. Reason for revert: Fails on linux shared: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20shared/31045 Original change's description: > [typedarray] Move external/data pointer to JSTypedArray. > > As the next step in supporting huge typed arrays in V8, this moves the > external/data pointer from the FixedTypedArrayBase backing store to the > JSTypedArray instance itself, and replaces the special backing stores > with a plain ByteArray (removing all the code for the FixedTypedArrayBase > class hierarchy). By doing so, we can drastically simplify the system > around typed arrays. > > Note: Several places in the code base used to check the instance type > of the elements backing store of a JSTypedArray instead of checking the > elements kind on the JSTypedArray map directly. Those had to be fixed, > since the backing store is now always a ByteArray. > > Drive-by-fix: Move all the typed elements access related code into the > elements.cc file to properly encapsulate the accesses. > > Doc: http://doc/1Z-wM2qwvAuxH46e9ivtkYvKzzwYZg8ymm0x0wJaomow > Bug: chromium:951196, chromium:965583, v8:4153, v8:7881, v8:9183 > Change-Id: I8cc06b190c53e34155000b4560f5f3ef40621646 > Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627535 > Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> > Reviewed-by: Peter Marshall <petermarshall@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Simon Zünd <szuend@chromium.org> > Cr-Commit-Position: refs/heads/master@{#61855} TBR=ulan@chromium.org,yangguo@chromium.org,titzer@chromium.org,sigurds@chromium.org,petermarshall@chromium.org,bmeurer@chromium.org,szuend@chromium.org Change-Id: I0bc1f935de6063acf75a0f4bb8c0ba67428603fd No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:951196, chromium:965583, v8:4153, v8:7881, v8:9183 Cq-Include-Trybots: luci.chromium.try:linux-rel, win7-rel Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631427Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#61856}
-
Benedikt Meurer authored
As the next step in supporting huge typed arrays in V8, this moves the external/data pointer from the FixedTypedArrayBase backing store to the JSTypedArray instance itself, and replaces the special backing stores with a plain ByteArray (removing all the code for the FixedTypedArrayBase class hierarchy). By doing so, we can drastically simplify the system around typed arrays. Note: Several places in the code base used to check the instance type of the elements backing store of a JSTypedArray instead of checking the elements kind on the JSTypedArray map directly. Those had to be fixed, since the backing store is now always a ByteArray. Drive-by-fix: Move all the typed elements access related code into the elements.cc file to properly encapsulate the accesses. Doc: http://doc/1Z-wM2qwvAuxH46e9ivtkYvKzzwYZg8ymm0x0wJaomow Bug: chromium:951196, chromium:965583, v8:4153, v8:7881, v8:9183 Change-Id: I8cc06b190c53e34155000b4560f5f3ef40621646 Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627535 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Peter Marshall <petermarshall@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#61855}
-
- 24 May, 2019 3 commits
-
-
Simon Zünd authored
This is a reland of 2b0ac2fb The layout test that caused this revert was fixed with: https://crrev.com/c/1627386 Original change's description: > [array] Move Array#sort pre-processing to Torque > > This CL removes the "PrepareElementsForSort" runtime function, and > replaces it with a simpler version in Torque. The biggest difference > is that certain sparse configurations no longer have a fast-path. > > The Torque pre-processing step replaces the existing Torque mechanism that > copied already pre-processed elements into the "work" FixedArray. The Torque > compacting works as follows: > - Iterate all elements from 0 to {length} > - If the element is the hole: Do nothing. > - If the element is "undefined": Increment undefined counter. > - In all other cases, push the element into the "work" FixedArray. > > Then the "work" FixedArray is sorted as before. Writing the elements from > the "work" array back into the receiver, after sorting, has three steps: > 1. Copy the sorted elements from the "work" FixedArray to the receiver. > 2. Add previously counted number of "undefined" to the receiver. > 3. Depending on the backing store either delete properties or > set them to the Hole up to {length}. > > Bug: v8:8714 > Change-Id: I14eccb7cfd2e4618bce2a85cba0689d7e0380ad2 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619756 > Commit-Queue: Simon Zünd <szuend@chromium.org> > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/master@{#61812} TBR: jgruber@chromium.org Bug: v8:8714 Change-Id: If7613f6e5f37c5e0d649e8192195594bc6c32100 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627977 Commit-Queue: Simon Zünd <szuend@chromium.org> Auto-Submit: Simon Zünd <szuend@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#61827}
-
Simon Zünd authored
This reverts commit 2b0ac2fb. Reason for revert: Breaks scrollingcoordinator/non-fast-scrollable-region-nested.html layout test on https://ci.chromium.org/p/v8/builders/ci/V8-Blink%20Linux%2064/32241 Original change's description: > [array] Move Array#sort pre-processing to Torque > > This CL removes the "PrepareElementsForSort" runtime function, and > replaces it with a simpler version in Torque. The biggest difference > is that certain sparse configurations no longer have a fast-path. > > The Torque pre-processing step replaces the existing Torque mechanism that > copied already pre-processed elements into the "work" FixedArray. The Torque > compacting works as follows: > - Iterate all elements from 0 to {length} > - If the element is the hole: Do nothing. > - If the element is "undefined": Increment undefined counter. > - In all other cases, push the element into the "work" FixedArray. > > Then the "work" FixedArray is sorted as before. Writing the elements from > the "work" array back into the receiver, after sorting, has three steps: > 1. Copy the sorted elements from the "work" FixedArray to the receiver. > 2. Add previously counted number of "undefined" to the receiver. > 3. Depending on the backing store either delete properties or > set them to the Hole up to {length}. > > Bug: v8:8714 > Change-Id: I14eccb7cfd2e4618bce2a85cba0689d7e0380ad2 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619756 > Commit-Queue: Simon Zünd <szuend@chromium.org> > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/master@{#61812} TBR=peter.wm.wong@gmail.com,jgruber@chromium.org,tebbi@chromium.org,szuend@chromium.org Change-Id: If1c1bc07f38dfbd4bf6b6ce8f9d70714e7526877 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:8714 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627976Reviewed-by: Simon Zünd <szuend@chromium.org> Commit-Queue: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#61814}
-
Simon Zünd authored
This CL removes the "PrepareElementsForSort" runtime function, and replaces it with a simpler version in Torque. The biggest difference is that certain sparse configurations no longer have a fast-path. The Torque pre-processing step replaces the existing Torque mechanism that copied already pre-processed elements into the "work" FixedArray. The Torque compacting works as follows: - Iterate all elements from 0 to {length} - If the element is the hole: Do nothing. - If the element is "undefined": Increment undefined counter. - In all other cases, push the element into the "work" FixedArray. Then the "work" FixedArray is sorted as before. Writing the elements from the "work" array back into the receiver, after sorting, has three steps: 1. Copy the sorted elements from the "work" FixedArray to the receiver. 2. Add previously counted number of "undefined" to the receiver. 3. Depending on the backing store either delete properties or set them to the Hole up to {length}. Bug: v8:8714 Change-Id: I14eccb7cfd2e4618bce2a85cba0689d7e0380ad2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619756 Commit-Queue: Simon Zünd <szuend@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#61812}
-
- 23 May, 2019 2 commits
-
-
Yang Guo authored
TBR=bmeurer@chromium.org,leszeks@chromium.org Bug: v8:9247 Change-Id: I8d14d0192ea8c705f8274e8e61a162531826edb6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1624220Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#61769}
-
Clemens Hammacher authored
This CL was generated by an automatic clang AST rewriter using this matcher expression: callExpr( callee( cxxMethodDecl( hasName("operator->"), ofClass(isSameOrDerivedFrom("v8::internal::Object")) ) ), argumentCountIs(1) ) The "->" at the expression location was then rewritten to ".". R=jkummerow@chromium.org TBR=mstarzinger@chromium.org,verwaest@chromium.org,yangguo@chromium.org Bug: v8:9183, v8:3770 No-Try: true No-Tree-Checks: true Change-Id: I0a7ecabdeafe51d0cf427f5280af0c7cab96869e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1624209Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#61764}
-
- 22 May, 2019 1 commit
-
-
Yang Guo authored
Bug: v8:9247 Change-Id: I79e0553e8a0d6dac2aa16b94a6c0e05b6ccde4a1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1621934 Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#61725}
-
- 20 May, 2019 4 commits
-
-
Simon Zünd authored
This CL also removes "HasComplexElements" helpers on JSReceiver and NumberDictionary. Drive-by: Remove unused SmiLexicographicCompare runtime function. The C++ funtion is still used, but it is entered using a fast C call from Array#sort. Bug: v8:9183 Change-Id: Ibb5d54cca623486806587bc90506af8d97910dc2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617929 Commit-Queue: Simon Zünd <szuend@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Auto-Submit: Simon Zünd <szuend@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#61644}
-
Yang Guo authored
TBR=verwaest@chromium.org,rmcilroy@chromium.org NOTREECHECKS=true NOPRESUBMIT=true Bug: v8:9247 Change-Id: I9ddfb6e56ca8e47c4ac186a8df5f442d26420a69 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617661 Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#61642}
-
Yang Guo authored
Code that is being moved primarily deal with layout of a JSObject, accessing properties and elements, and map transitions. NOTREECHECKS=true NOTRY=true Bug: v8:9247 Change-Id: Ibce5d5926ac4021c8d40c4dd109948775ce1da58 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1613994 Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#61638}
-
Simon Zünd authored
This CL also removes the ElementsAccessor "slice" implementation, as the runtime function is the last use site. R=verwaest@chromium.org Bug: v8:9183 Change-Id: If268e20120e7c7bb4a58d9560482b35896b0992f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617662Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#61635}
-
- 17 May, 2019 4 commits
-
-
Simon Zünd authored
R=jgruber@chromium.org Bug: v8:9183 Change-Id: I773af2e44bbfb780a3cf375e6412274fe917d397 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617250 Commit-Queue: Simon Zünd <szuend@chromium.org> Auto-Submit: Simon Zünd <szuend@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#61616}
-
Simon Zünd authored
R=yangguo@chromium.org Bug: v8:9183 Change-Id: I0f06c9a32983f7131a36ace1fd6873e88e375fe3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617259 Commit-Queue: Yang Guo <yangguo@chromium.org> Auto-Submit: Simon Zünd <szuend@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#61610}
-
Yang Guo authored
This reverts commit 5f285395. Reason for revert: presubmit failure Original change's description: > Move logging and diagnostics related source files > > This also introduces a COMMON_OWNERS file, which is derived from the > current top-level OWNERS file. It is to be used for parts of the > codebase that is not sensitive to domain-specific expertise. > > NOPRESUBMIT=true > TBR=verwaest@chromium.org > > Bug: v8:9247 > Change-Id: I34a5eaa7cb1509a80d15094a2aceedd62665b17c > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1613987 > Reviewed-by: Yang Guo <yangguo@chromium.org> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> > Commit-Queue: Yang Guo <yangguo@chromium.org> > Cr-Commit-Position: refs/heads/master@{#61600} TBR=rmcilroy@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org,verwaest@chromium.org Change-Id: I3827c3af4fd63b18aa48c49617f318a01746e813 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:9247 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617247Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#61601}
-
Yang Guo authored
This also introduces a COMMON_OWNERS file, which is derived from the current top-level OWNERS file. It is to be used for parts of the codebase that is not sensitive to domain-specific expertise. NOPRESUBMIT=true TBR=verwaest@chromium.org Bug: v8:9247 Change-Id: I34a5eaa7cb1509a80d15094a2aceedd62665b17c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1613987Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#61600}
-
- 15 May, 2019 1 commit
-
-
Yang Guo authored
R=bmeurer@chromium.org, clemensh@chromium.org, jkummerow@chromium.org, sigurds@chromium.org, ulan@chromium.org, verwaest@chromium.org Bug: v8:9247 Change-Id: I153a6bbfc55989fe7a86c052f95c5cb8ee61e841 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1613244 Commit-Queue: Yang Guo <yangguo@chromium.org> Auto-Submit: Yang Guo <yangguo@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#61557}
-
- 07 May, 2019 1 commit
-
-
Peter Marshall authored
This is a reland of ad44c258 Patchset 2 is the original CL Patchset 3 fixes some misuses of FixedArrayBase::length() and adds some DCHECKS to flush out any more misuses. Patchset 4 adds the PPC/S390 port by miladfar@ca.ibm.com. Original change's description: > [typedarray] Make JSTypedArray::length authoritative. > > This is the first step towards full huge typed array support in V8. > Before this change, the JSTypedArray::length and the elements backing > store length (FixedTypedArrayBase::length) were used more or less > interchangeably to determine the number of elements in a JSTypedArray. > > With this change we disentangle these two lengths, and instead make > JSTypedArray::length authoritative. For on-heap typed arrays, the > FixedTypedArrayBase::length will remain the number of elements in the > backing store, but for the off-heap typed arrays, this length will be > set to 0 (matching the fact that the FixedTypedArrayBase instance does > not contain any elements itself). > > This also unifies the JSTypedArray::set_/length() and length_value() > methods to only have JSTypedArray::set_/length() which returns/takes > size_t values. Currently this still requires the values to be in Smi > range, but later we will extend this to allow arbitrary size_t values > (in the safe integer range). > > Bug: v8:4153, v8:7881 > Change-Id: Iff9089130bb31fa9e08e0cf913e7ab52c3dbf107 > Cq-Include-Trybots: luci.chromium.try:linux-blink-rel > Doc: http://doc/1Z-wM2qwvAuxH46e9ivtkYvKzzwYZg8ymm0x0wJaomow > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1543729 > Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> > Reviewed-by: Peter Marshall <petermarshall@chromium.org> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> > Reviewed-by: Ben Titzer <titzer@chromium.org> > Reviewed-by: Hannes Payer <hpayer@chromium.org> > Cr-Commit-Position: refs/heads/master@{#60648} Bug: v8:4153, v8:7881, v8:9105 Change-Id: Ic38f833071a723642ebc6f82a4012dbc0878ef98 Cq-Include-Trybots: luci.chromium.try:linux-blink-rel Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1594435Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#61275}
-
- 12 Mar, 2019 1 commit
-
-
Hannes Payer authored
Bug: v8:8945 Change-Id: I14ca4b29f1b12ff95e718d431f65d88ab1238c53 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1511478Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Hannes Payer <hpayer@chromium.org> Cr-Commit-Position: refs/heads/master@{#60177}
-
- 08 Mar, 2019 1 commit
-
-
Jakob Kummerow authored
RotateRight32 needs a "number of bits" operand in the range 0..31. Thankfully that's how x86 shift instructions behave anyway, and how the bitwise shift operators in JavaScript are spec'ed, so this fix is unobservable in non-UBSan builds. RemoveArrayHolesGeneric can be used for length values anywhere in the uint32_t range, so it must not implicitly cast those to int. That actually caused an observable bug where a proxy's traps would not get called at all, but only for huge "length" properties, where the entire operation would also be painfully slow. Bug: chromium:935133, chromium:937652 Change-Id: I13f74ca27eae6b2b089d58217842b699b2574509 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1510272 Auto-Submit: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#60112}
-
- 15 Feb, 2019 1 commit
-
-
Jakob Kummerow authored
This takes heap-inl.h out of the "Giant Include Cluster". Naturally, that means adding a bunch of explicit includes in a bunch of places that relied on transitively including them before. As of this patch, no header file outside src/heap/ includes heap-inl.h. Bug: v8:8562,v8:8499 Change-Id: I65fa763f90e66afc30d105b9277792721f05a6d4 Reviewed-on: https://chromium-review.googlesource.com/c/1459659 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#59617}
-
- 29 Jan, 2019 1 commit
-
-
Ulan Degenbaev authored
This replaces InNewSpace with InYoungGeneration, which is a prerequisite for young large objects. Additional changes: - FROM_SPACE, TO_SPACE flags are renamed to FROM_PAGE, TO_PAGE. - A new LARGE_PAGE flag is added. - The external string table is refactored to track young string instead of new space strings. Bug: chromium:924547 Change-Id: Ia4e3ba1b72995c3400257a1f98559f091533e811 Reviewed-on: https://chromium-review.googlesource.com/c/1437274Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#59156}
-
- 25 Jan, 2019 1 commit
-
-
Mythri authored
Inferring the language mode involves iterating the stack to find the closure. This is an expensive operation and should be done only when required. This cl changes the implementation to infer the language mode only when we can't defer it any further. Currently, we infer the language mode when throwing an exception or when passing this information to PropertyCallbackArguments. This cl also changes the language mode parameter to SetProperty related methods to Maybe<ShouldThrow>. We only use the language mode to decide if we need to throw and using ShouldThrow instead of language mode simplifies the code by avoiding conversions from Maybe<ShouldThrow> to Maybe<LanguageMode> and vice-versa. Bug: v8:8580, chromium:923820, chromium:925289 Change-Id: I72497497f62fe0d86fcecd57b06b3183b7531f7b Reviewed-on: https://chromium-review.googlesource.com/c/1425912 Commit-Queue: Mythri Alle <mythria@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#59094}
-
- 22 Jan, 2019 1 commit
-
-
Simon Zünd authored
This CL enables the pre-processing step of copying from the prototype chain for JSArrays. Previously, this was done for everything BUT JSArrays. This brings Array#sort more in line with other engines in the case of undefined behavior. R=jgruber@chromium.org Bug: v8:8666 Change-Id: I832d470dc02111b64dc4919e84e7e3e47c8fdd47 Reviewed-on: https://chromium-review.googlesource.com/c/1426119 Commit-Queue: Simon Zünd <szuend@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Mathias Bynens <mathias@chromium.org> Cr-Commit-Position: refs/heads/master@{#58999}
-
- 18 Jan, 2019 1 commit
-
-
Simon Zünd authored
This CL removes a CHECK_LE that does not hold in all cases. After moving all elements to the front, current_pos will point to the next free spot. In the case where an object is 'packed', i.e. each index has a non-undefined value, and the length is smaller then the max index, current_pos will be greater than the length (limit in the code). Sidenote: The block after taking the minimum (where the counted undefineds get set) will not be affected. In the case where num_undefined > 0, current_pos should be guaranteed to be smaller than limit, as long there are no accessors with side-effects. R=jgruber@chromium.org Bug: chromium:923265 Change-Id: Id533cdc4db6c6c6f266cf7c6a8ab6ecbbeee7016 Reviewed-on: https://chromium-review.googlesource.com/c/1420679Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#58912}
-
- 17 Jan, 2019 1 commit
-
-
Simon Zünd authored
This CL fixes two bugs. First, when looking for a free spot while moving elements to the front, the prototype chain was also considered, even though an object at a specific index might have a hole (free spot). Second, when moving an element to the front, we are not allowed to delete it immediately (to preserve semantics when interacting with non-extensible objects). Such an element is then a free spot, but won't be recognised as such. This CL sets that element to undefined after it was moved, to mark it as a free spot. R=jgruber@chromium.org Bug: chromium:897512,v8:8369 Change-Id: I79207215b8b0a3c714f064450d8fe5ca0ea4a096 Reviewed-on: https://chromium-review.googlesource.com/c/1417171 Commit-Queue: Simon Zünd <szuend@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#58878}
-
- 26 Dec, 2018 1 commit
-
-
Jakob Kummerow authored
Tbr: ahaas@chromium.org,leszeks@chromium.org,verwaest@chromium.org Bug: v8:3770 Change-Id: Ia6530fbb70dac05e9972283781c3550d8b50e1eb Reviewed-on: https://chromium-review.googlesource.com/c/1390116 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Alexei Filippov <alph@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#58470}
-
- 08 Dec, 2018 1 commit
-
-
Jakob Kummerow authored
Bug: v8:3770 Change-Id: I1d74ffe9e5478b4b8bc0acbf088d20919d458d50 Reviewed-on: https://chromium-review.googlesource.com/c/1363822 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#58112}
-
- 07 Dec, 2018 3 commits
-
-
Jakob Gruber authored
This is a reland of f849396c Original change's description: > [nojit] Remove code stubs > > All stubs have been migrated to builtins. This CL removes most related > code. > > Bug: v8:7777, v8:5784 > Change-Id: I4470cfef34788e6c8e0fd5fd09e40e250d088dad > Reviewed-on: https://chromium-review.googlesource.com/c/1365284 > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Reviewed-by: Yang Guo <yangguo@chromium.org> > Cr-Commit-Position: refs/heads/master@{#58093} Tbr: mstarzinger@chromium.org,yangguo@chromium.org,jkummerow@chromium.org,bmeurer@chromium.org Bug: v8:7777, v8:5784 Change-Id: I005ee2a820d49a75a90481d262a310e4ccfd1391 Reviewed-on: https://chromium-review.googlesource.com/c/1367746Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#58101}
-
Jakob Gruber authored
This reverts commit f849396c. Reason for revert: arm64: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/24229 Original change's description: > [nojit] Remove code stubs > > All stubs have been migrated to builtins. This CL removes most related > code. > > Bug: v8:7777, v8:5784 > Change-Id: I4470cfef34788e6c8e0fd5fd09e40e250d088dad > Reviewed-on: https://chromium-review.googlesource.com/c/1365284 > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Reviewed-by: Yang Guo <yangguo@chromium.org> > Cr-Commit-Position: refs/heads/master@{#58093} TBR=jkummerow@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org,jarin@chromium.org,jgruber@chromium.org,bmeurer@chromium.org Change-Id: I52c3abd3f4e5872fe26ed7e527a58b118e02b387 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:7777, v8:5784 Reviewed-on: https://chromium-review.googlesource.com/c/1367804Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#58095}
-
Jakob Gruber authored
All stubs have been migrated to builtins. This CL removes most related code. Bug: v8:7777, v8:5784 Change-Id: I4470cfef34788e6c8e0fd5fd09e40e250d088dad Reviewed-on: https://chromium-review.googlesource.com/c/1365284 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#58093}
-