- 18 Oct, 2018 40 commits
-
-
Sathya Gunasekaran authored
Bug: v8:5367 Change-Id: I92a73692e9714b929316d8971a2258e3241bc8c6 Reviewed-on: https://chromium-review.googlesource.com/c/1288643 Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Reviewed-by: Daniel Ehrenberg <littledan@chromium.org> Cr-Commit-Position: refs/heads/master@{#56790}
-
Benedikt Meurer authored
When InferReceiverMaps doesn't provide us with reliable maps for the resolution, we can still utilize the information if all the maps that are found are stable - aka leaf - maps. But in that case we need to make sure that we add proper dependencies on the stability of these maps. Bug: v8:7253 Change-Id: I6f5825583acc3f2575e83a244d55609ac64d04d3 Reviewed-on: https://chromium-review.googlesource.com/c/1288633Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#56789}
-
Sergey Ulanov authored
By default zx_vmo_create() creates resizable VMOs, which may be hazardous in some cases. It's safer to use ZX_VMO_NON_RESIZABLE unless VMO needs to be resizable. It doesn't make much difference in OS::Allocate() because it drops the VMO handle immediately after mapping it, still it's better to use ZX_VMO_NON_RESIZABLE for consistency. Change-Id: I688ee44b08042a9df7e3fae0b1b3298271b53b1c Reviewed-on: https://chromium-review.googlesource.com/c/1277605Reviewed-by: Hannes Payer <hpayer@chromium.org> Commit-Queue: Sergey Ulanov <sergeyu@chromium.org> Cr-Commit-Position: refs/heads/master@{#56788}
-
Ross McIlroy authored
Make sure we wait for the worker thread to finish compilation before removing aborted jobs. BUG=v8:8317,v8:8041 Change-Id: I42f30c4d430b7787ea5e724bdfda6460e5461233 Reviewed-on: https://chromium-review.googlesource.com/c/1288812Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#56787}
-
Toon Verwaest authored
Change-Id: Ibf0ee76cc19799be405f45bcba7a1d3a7c5c4d38 Reviewed-on: https://chromium-review.googlesource.com/c/1288390 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#56786}
-
Toon Verwaest authored
Since ValidateExpression just throws the only queued (first) expression error, we can delay throwing it until the latest possible moment. That's right before the matching expression classifier dies (goes out of scope or accumulates). Change-Id: I4538de333b789ae786278b94b76b4799ccdf4903 Reviewed-on: https://chromium-review.googlesource.com/c/1286678 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#56785}
-
Alexey Kozyatinskiy authored
Async tail might be long. On frontend side we use only top frame so we can report tail using id. R=dgozman@chromium.org Bug: chromium:873865 Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel Change-Id: Ie9e6b5c4c000cc6bedce2d5fec9f3fa22ea21768 Reviewed-on: https://chromium-review.googlesource.com/c/1286959 Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> Reviewed-by: Dmitry Gozman <dgozman@chromium.org> Cr-Commit-Position: refs/heads/master@{#56784}
-
Toon Verwaest authored
- Use token-range checks - Delay ValidateExpression until after the loop - Only queue classifier errors at the beginning - Only inline Token-range check rather than the entire ParseMemberExpressionContinuation to reduce binary size. Change-Id: Ib81ce071851fe5c13b4bb405cd883df7a82c84c9 Reviewed-on: https://chromium-review.googlesource.com/c/1286677 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#56783}
-
Toon Verwaest authored
This also changes Consume to bypass the stackoverflow check. Otherwise the following pattern wouldn't work: if (peek() == expected) { f() } f() { Consume(expected); } since the call to f can cause the overflow. Change-Id: If2fd3181ecdf1fd681f584b630e83e0af4e4bf9d Reviewed-on: https://chromium-review.googlesource.com/c/1286684 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#56782}
-
cjihrig authored
See: https://github.com/nodejs/node-v8/pull/84 Change-Id: Ia1d4b110367c795e952e8e3d0a067f601a306077 Reviewed-on: https://chromium-review.googlesource.com/c/1278014 Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#56781}
-
Toon Verwaest authored
This separates the fast-non-asan path from the asan path so it can be inlined. Additionally avoid updating allocation_size_ on each Zone::New call. Inlining Zone::New actually reduces binary size by 50kb... Change-Id: Ie5d58638284e5a1a5e0198c24080b0f600d79092 Reviewed-on: https://chromium-review.googlesource.com/c/1288641Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#56780}
-
Toon Verwaest authored
Change-Id: Ib41ddbf15c6f9395b747b78c081e466a9f2e44bd Reviewed-on: https://chromium-review.googlesource.com/c/1286682 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#56779}
-
Benedikt Meurer authored
Teach TurboFan about the maps produced by JSPerformPromiseThen and JSCreatePromise, which yields a ~1-2% improvement on the doxbee promises benchmark by removing the redundant checks from the optimized code with promise chaining. Bug: v8:7253 Change-Id: If0edce8ba15917c1b7e76b9d06490cfffe911650 Reviewed-on: https://chromium-review.googlesource.com/c/1288639Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#56778}
-
Peter Marshall authored
This will be rewritten soon to not use the sampling processor, we can reenable it then. Bug: v8:5193 Change-Id: I1d50cf39048e7b5ddeea8d333dcf808fe5c28396 Reviewed-on: https://chromium-review.googlesource.com/c/1288636 Commit-Queue: Peter Marshall <petermarshall@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#56777}
-
peterwmwong authored
Additionally, introduce IntPtrDiv to CodeAssembler. Change-Id: I9396f77b90a2fadb0179028d44475e616be3d081 Reviewed-on: https://chromium-review.googlesource.com/c/1285400 Commit-Queue: Peter Wong <peter.wm.wong@gmail.com> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#56776}
-
Jakob Gruber authored
Addendum to https://chromium-review.googlesource.com/c/1283050. TBR=sigurds@chromium.org Bug: v8:6666 Change-Id: I93073e481cbead3c966914a2ee3f7faa1ac5df0f Reviewed-on: https://chromium-review.googlesource.com/c/1288634Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#56775}
-
Michael Achenbach authored
This reverts commit fad1c1c9. Reason for revert: Debug printing not needed anymore. Original change's description: > [test] Be more chatty when killing hanging tests > > Bug: v8:8292 > Change-Id: I74fd304692e90adfb694b73ecf5e7858e3b66607 > Reviewed-on: https://chromium-review.googlesource.com/c/1275814 > Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org> > Reviewed-by: Maya Lekova <mslekova@chromium.org> > Commit-Queue: Michael Achenbach <machenbach@chromium.org> > Cr-Commit-Position: refs/heads/master@{#56562} TBR=machenbach@chromium.org,sergiyb@chromium.org,mslekova@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: v8:8292 Change-Id: Ieaba51f866b93d49fe168b6370bd126752993afb Reviewed-on: https://chromium-review.googlesource.com/c/1288632Reviewed-by: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#56774}
-
Benedikt Meurer authored
It seems that the Promise.resolve() lowering in JSCallReducer was no longer called. Bug: v8:7253 Change-Id: I3c80aed085d15fb54d88245b9d71b9caed7de075 Reviewed-on: https://chromium-review.googlesource.com/c/1288452Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#56773}
-
Marja Hölttä authored
If the user's cleanup function didn't iterate all available WeakCells, we need to schedule the cleanup task again at some point. The previous condition resulted it never being scheduled. BUG=v8:8179 Change-Id: I8f5f4c01d1eb6a3cca8bd21bdc52c38663889882 Reviewed-on: https://chromium-review.googlesource.com/c/1286686 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#56772}
-
Marja Hölttä authored
BUG=v8:8179 Change-Id: I43861e114b9f46847df9b02d0337709a685feb72 Reviewed-on: https://chromium-review.googlesource.com/c/1278810Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#56771}
-
Hai Dang authored
Change-Id: Ic7d90d479b090670339200e4b6255fb1fb2441a5 Reviewed-on: https://chromium-review.googlesource.com/c/1288352Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Hai Dang <dhai@google.com> Cr-Commit-Position: refs/heads/master@{#56770}
-
Jakob Gruber authored
In preparation for enabling embedded builtins on ia32 by default, this switches all embed bots to noembed to keep some coverage in this brave new world. Bug: v8:6666 Change-Id: I61ef21aea49e6f7d471f1fd284a097fcd63c6073 Reviewed-on: https://chromium-review.googlesource.com/c/1288591 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#56769}
-
peterwmwong authored
When creating the buffer for the fall back, the initial entry was not considered when calculating the size. Bug: chromium:896181 Change-Id: I7f15bb1bdf31b3255db91b1fe8dcd68c76033980 Reviewed-on: https://chromium-review.googlesource.com/c/1286957Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Peter Wong <peter.wm.wong@gmail.com> Cr-Commit-Position: refs/heads/master@{#56768}
-
Sigurd Schneider authored
This is necessary for the arguments adaptor, as there are only 5 gp registers available and a call to the arguments adaptor trampoline that does not have the trampoline address as a immediate needs 6 (4 arguments + esi as context + register to call through). Bug: v8:6666 Change-Id: Ie96cf0352c323e07e0daf369953df8f4ee9acb81 Reviewed-on: https://chromium-review.googlesource.com/c/1283050 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#56767}
-
Georg Neis authored
I had forgotten to upload this to my previous CL. TBR: mslekova@chromium.org Change-Id: I1195ffd947ad82226af41cd7103b389a6733f4e4 Reviewed-on: https://chromium-review.googlesource.com/c/1288590Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#56766}
-
Sigurd Schneider authored
Change-Id: I4464932425f1fa0f05a644983262742fe7f25364 Bug: v8:6666 Reviewed-on: https://chromium-review.googlesource.com/c/1286679 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#56765}
-
Peter Marshall authored
Change-Id: I42697b4692ff30c390ded25568b8d424b03bbf19 Reviewed-on: https://chromium-review.googlesource.com/c/1288450Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#56764}
-
Creddy authored
Adding test to confirm that no one-shot optimizations are not done for functions enclosed in parentheses but not immediately invoked in an assignment. Bug: v8:8072 Change-Id: I282132a7cc570b59290f2ec314462be060d48e5a Reviewed-on: https://chromium-review.googlesource.com/c/1238576 Commit-Queue: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#56763}
-
Michael Achenbach authored
Flags are copied from infra side's builders.py. They will be removed afterwards with: https://crrev.com/c/1288412 NOTRY=true TBR=sergiyb@chromium.org Bug: chromium:830557 Change-Id: If9794e4f9f396770219cf0563a37d6304b6a96ff Reviewed-on: https://chromium-review.googlesource.com/c/1288589Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#56762}
-
Georg Neis authored
This lets us remove the unsafe object<T>() getter. Bug: v8:7790 Change-Id: Ie438c68d4c96f1525eee5afd252523b222dc8f53 Reviewed-on: https://chromium-review.googlesource.com/c/1288411Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#56761}
-
Toon Verwaest authored
Change-Id: I8f5da41d11df5fce7df4f7757717fb165a6043d9 Reviewed-on: https://chromium-review.googlesource.com/c/1288391Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#56760}
-
Hai Dang authored
AllocateJSArray always allocates in new space, so we bailout of the fast path for strings if the new array does not fit in new space. Bug found by ClusterFuzz. Regression test added. This also switches to the BranchIf pattern to avoid materialize a bool. Bug: chromium:895860, v8:7980 Change-Id: Ic7c41268c394ac2796b7694252390ab50fd74838 Reviewed-on: https://chromium-review.googlesource.com/c/1286337Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Hai Dang <dhai@google.com> Cr-Commit-Position: refs/heads/master@{#56759}
-
Benedikt Meurer authored
We can strength-reduce JSResolvePromise(p,v) to JSFulfillPromise(p,v) if the v is known to be a primitive. This not only avoids the dynamic checks for v inside JSResolvePromise, but also removes the need to have a frame state, as the JSFulfillPromise operation cannot call back into arbitrary JavaScript, and thus cannot deoptimize lazily. This triggers for example for async functions where the return value is known (to TurboFan) to be a primitive value. Bug: v8:7253 Change-Id: I4698d6026e0632ab3e2fef6c7f4aaacf6c2a508c Reviewed-on: https://chromium-review.googlesource.com/c/1288449 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#56758}
-
Frank Tang authored
Design doc https://goo.gl/fgc2Cp Bug: v8:6891 Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng Change-Id: I8bc5ea3137fd1b66213403ae9ea3461f40efc977 Reviewed-on: https://chromium-review.googlesource.com/c/1257923 Commit-Queue: Frank Tang <ftang@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#56757}
-
Georg Neis authored
We use the object<T>() getter to extract the handle from an ObjectRef instance and cast it to Handle<T>. In DEBUG mode, the cast does a type check which accesses the heap. We must not access the heap though. This CL is a quick fix that skips the type check. Eventually we should replace the templatized accessor with a subclass-specific one to have some safety. Bug: v8:7790, v8:8316 Change-Id: I71048be2bc36570cce33b0e680824dd6bc407d14 Reviewed-on: https://chromium-review.googlesource.com/c/1282963 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#56756}
-
Toon Verwaest authored
We'll automatically figure out that we can't parse an expression at the EOS anyway. Change-Id: I663e3b9d030ee048b28472710071778bfc511747 Reviewed-on: https://chromium-review.googlesource.com/c/1286681Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#56755}
-
Takuto Ikuta authored
This is a preparation CL to remove -Wno-unused-lambda-capture warning suppression. Bug: chromium:681136 Change-Id: Iacd0933363cfe7e4a17191f83f567f2834dee6aa Reviewed-on: https://chromium-review.googlesource.com/c/1288209 Commit-Queue: Takuto Ikuta <tikuta@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#56754}
-
Ross McIlroy authored
Non-Android platforms are protected in Chrome by site isolation, therefore we can disable the untrusted code mitigations. We still enable them on Android, and on simulator builds since that is where we do much of the correctness testing for Android. Mitigations for ia32 are disabled since they conflict with upcoming work on an ia32 root register. BUG=chromium:860429, v8:6666 Change-Id: I7831071ec1c4490b7d303314c53c27078fa04979 Reviewed-on: https://chromium-review.googlesource.com/c/1276470Reviewed-by: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#56753}
-
Georg Neis authored
We forgot to eliminate the read accesses of these two cells. Bug: v8:7790, v8:8315 Change-Id: Id175e4d96461f88759b2d29ab1d407ba4c54e733 Reviewed-on: https://chromium-review.googlesource.com/c/1286680Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#56752}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/4ebebc9..5839d1c Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/b273e0c..5195651 Rolling v8/third_party/fuchsia-sdk: https://chromium.googlesource.com/chromium/src/third_party/fuchsia-sdk/+log/9647596..6f8b55e TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org Change-Id: Ib6c47e8fbe111eed904cc368adef9c1825d41801 Reviewed-on: https://chromium-review.googlesource.com/c/1288189Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#56751}
-