- 20 Sep, 2018 2 commits
-
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/786a3d9..64006c6 Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/c968ea0..582a06e Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/79c6513..f837545 Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/b170cc8..35ffce8 TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org Change-Id: I9a7f15b78303a1ec31250f21306e090b7b58ab19 Reviewed-on: https://chromium-review.googlesource.com/1235377 Commit-Queue: V8 Autoroller <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Reviewed-by: V8 Autoroller <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#56057}
-
Sam Clegg authored
Previously we only supported strings and not filenames. This changes the default to filename and adds a new `type: string` which can be passed `options` to allow for strings to be passed in test code. See: https://developer.mozilla.org/en-US/docs/Web/API/Worker/Worker Bug: v8:8020 Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng Change-Id: Ie8818885c5c5c071b6614852322cb45aeb01a647 Reviewed-on: https://chromium-review.googlesource.com/1185980 Commit-Queue: Sam Clegg <sbc@chromium.org> Reviewed-by: Ben Smith <binji@chromium.org> Cr-Commit-Position: refs/heads/master@{#56056}
-
- 19 Sep, 2018 38 commits
-
-
Junliang Yan authored
R=joransiu@ca.ibm.com Change-Id: Id88187906f82cc9956ffbc9c70e4a1fdd8b20b30 Reviewed-on: https://chromium-review.googlesource.com/1234974Reviewed-by: Joran Siu <joransiu@ca.ibm.com> Commit-Queue: Junliang Yan <jyan@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#56055}
-
Junliang Yan authored
Port fef047a4 Original Commit Message: This CL implements the following design doc: https://docs.google.com/document/d/1h5kdfemMQMpUd15PSKW1lqikJW5hsGwrmOvoqhGFRts/edit?ts=5b978756#heading=h.urs7r34mx9p R=mslekova@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com BUG= LOG=N Change-Id: Iac369feb7a0bfb1d878a3c0fb4a6efbee6371128 Reviewed-on: https://chromium-review.googlesource.com/1234973Reviewed-by: Joran Siu <joransiu@ca.ibm.com> Commit-Queue: Junliang Yan <jyan@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#56054}
-
Creddy authored
The LogAll test is flaky on windows build, disable one-shot optimization to check if the issue is related to one-shot or not. Change-Id: Ia963faf4158277d8d5e8bcbd3cf6ce99b69a4d39 Reviewed-on: https://chromium-review.googlesource.com/1234416Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Chandan Reddy <chandanreddy@google.com> Cr-Commit-Position: refs/heads/master@{#56053}
-
Hannes Payer authored
Change-Id: I039bf7e25884dd2c7c22f22e458048b75c0ca904 Reviewed-on: https://chromium-review.googlesource.com/1233833 Commit-Queue: Hannes Payer <hpayer@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#56052}
-
Bill Budge authored
- Uses a temp register to hold esp so we can align it to a 8-byte boundary. Bug: v8:8015 Change-Id: I487789250aca89c360a70614d7b0bd382705febf Reviewed-on: https://chromium-review.googlesource.com/1229614Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#56051}
-
Florian Sattler authored
Fixing clang-tidy warning. Bug: v8:8015 Change-Id: I829fe79b95a0275ccc94e32fea2cdc74affef714 Reviewed-on: https://chromium-review.googlesource.com/1228066Reviewed-by: Andreas Haas <ahaas@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Florian Sattler <sattlerf@google.com> Cr-Commit-Position: refs/heads/master@{#56050}
-
Sam Clegg authored
This prevents the contents of these files showing up in the output of `git grep`. This makes git grep much more useful as these files are minified into a single line which is not human readable. Change-Id: I54047fe32d090570fa70935ce108455a47e4d888 Reviewed-on: https://chromium-review.googlesource.com/1232674Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Sam Clegg <sbc@chromium.org> Cr-Commit-Position: refs/heads/master@{#56049}
-
Clemens Hammacher authored
Those two methods are spread over the code base, and their purpose is often not clear. Historically, they were used to turn pointers into integers in order to do computations on them. Today we have {Address} which is uintptr_t, so we can compute directly on that. This also makes the {RoundUp} and {RoundDown} macros only work on integral values (including {Address}). R=mlippautz@chromium.org Bug: v8:8015 Change-Id: Ia98fb826793ee5d3a2a5b18c09c329d088443772 Reviewed-on: https://chromium-review.googlesource.com/1233914Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#56048}
-
Sigurd Schneider authored
This CL ensures that the InterpreterEntryTrampoline, as well as InterpreterPushArgsThenCall and InterpreterPushArgs preserve the kRootRegister (ebx). Bug: v8:6666 Change-Id: I1e5b63f1002ffbe4dac84f039f373b6b77e67d8a Reviewed-on: https://chromium-review.googlesource.com/1233793Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#56047}
-
Florian Sattler authored
Fixing clang-tidy warning. Bug: v8:8015 Change-Id: I5645a85ca7d85ca9abf2cde9ed4191b1ae06ca73 Reviewed-on: https://chromium-review.googlesource.com/1224170Reviewed-by: Hannes Payer <hpayer@chromium.org> Commit-Queue: Florian Sattler <sattlerf@google.com> Cr-Commit-Position: refs/heads/master@{#56046}
-
Simon Zünd authored
R=jgruber@chromium.org Bug: v8:6666 Change-Id: I51db8fdf5e649884aa94cb6c9e5cc733250b7ce9 Reviewed-on: https://chromium-review.googlesource.com/1233757 Commit-Queue: Simon Zünd <szuend@google.com> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#56045}
-
Clemens Hammacher authored
This is a reland of 3bb5cb63 Original change's description: > [wasm] Introduce a soft limit on reserved memory > > Currently, wasm memory and wasm code use a shared limit for the total > size of reservations. This can cause wasm code reservations to fail > because wasm memories used all available reservation space. > This CL introduces a soft limit which is used when allocating wasm > memory with full guards. If this limit is reached and the respective > flag is set, we fall back to allocation without full guards and check > against the hard limit. Code reservations always check against the hard > limit. > > R=ahaas@chromium.org > > Bug: v8:8196 > Change-Id: I3fcbaeaa6f72c972d408d291af5d6b788d43151d > Reviewed-on: https://chromium-review.googlesource.com/1233614 > Reviewed-by: Andreas Haas <ahaas@chromium.org> > Commit-Queue: Clemens Hammacher <clemensh@chromium.org> > Cr-Commit-Position: refs/heads/master@{#56028} Bug: v8:8196 Change-Id: If8baf429b02e23b344346f7335bc911b99ae5579 Reviewed-on: https://chromium-review.googlesource.com/1233756Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#56044}
-
Michael Lippautz authored
Concurrently process objects and only read embedder fields on the main thread. Also prepares the concurrent marking infrastructure to plug this processing into different types. Bug: chromium:885125, chromium:843903 Change-Id: I23b7f778c16cff118dec93e11e2bbd02aaf11a78 Reviewed-on: https://chromium-review.googlesource.com/1231175Reviewed-by: Hannes Payer <hpayer@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#56043}
-
Benedikt Meurer authored
This adds a new external_pointer field to every JSDataView instance which points directly into the backing store at the given view's byte_offset. This was the DataView performance is now almost on par with the TypedArray performance for accessing aligned memory (with appropriate endianess). This also serves as prepatory work to enable full 64-bit addressing of DataView backing stores in optimized code (soonish). This change optimizes the bounds checking sequence in TurboFan in such a way that it further improves the DataView set/get performance by around 10%, almost closing the remaining gap between DataViews and TypedArrays. Drive-by-fix: Get rid of the code duplication around DataView inlining in the JSCallReducer and have only a single bottleneck method now. Bug: chromium:225811, v8:4153, v8:7881, v8:8171 Change-Id: I9118efd4d19e93f0e51c931a9bec1a56a0f4593e Reviewed-on: https://chromium-review.googlesource.com/1231994 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#56042}
-
Sergiy Byelozyorov authored
R=machenbach@chromium.org Bug: chromium:878303, chromium:877964 Change-Id: I9f0de35780861f3f121daa9952af70b332c11e98 Reviewed-on: https://chromium-review.googlesource.com/1231176Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org> Cr-Commit-Position: refs/heads/master@{#56041}
-
Jakob Gruber authored
As part of this, we also update all InvokeFunctionCode callers to pass ecx as the expected-argc register. Drive-by: Inline InvokeFunction overload into its single use. Bug: v8:6666 Change-Id: I67590ecc3f4981d014642c9e18d3ed6db9831e54 Reviewed-on: https://chromium-review.googlesource.com/1233653 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#56040}
-
Jakob Gruber authored
OnStackReplacement itself was dead code. Bug: v8:6666 Change-Id: I72df335f23fb749e652899a170bb3dc800992ba7 Reviewed-on: https://chromium-review.googlesource.com/1232635 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#56039}
-
Jakob Gruber authored
Not much to do here. This CL bakes in incompatibility between poisoning and embedded builtins, since we cannot unconditionally reset the poison register (which we reused as kRootRegister) as we used to. It also exposes a bug introduced in [0] where we set Isolate::c_function to a garbage value. [0] https://chromium-review.googlesource.com/1185011 Bug: v8:6666 Change-Id: Ia606f5d0e86c7ff68aa2af22acb89c2844519bf5 Reviewed-on: https://chromium-review.googlesource.com/1233255 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#56038}
-
Jakob Gruber authored
This also adds checks that ebx contains the root pointer during indirect load. And we work around a few spots where we create an ebx Register but do not actually reference it (e.g. when emitting xmm3, which has the same code as ebx). Bug: v8:6666 Change-Id: I7ec9e644c2e9c59d6395a71c6c5f479fac711d8d Reviewed-on: https://chromium-review.googlesource.com/1231093 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#56037}
-
Michael Achenbach authored
Failed once here: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Android%20Arm64%20-%20N5X/852 Test allocates a lot of memory. The output suggests that OS killed it. NOTRY=true TBR=rmcilroy@chromium.org Change-Id: Id177d381133a2671a5c4e3f0cac2cc3ea6cd6ee7 Reviewed-on: https://chromium-review.googlesource.com/1233759Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#56036}
-
Jakob Gruber authored
Bug: v8:6666 Change-Id: I6a6ece9ebb573fc6bbd18840400774952778a7e1 Reviewed-on: https://chromium-review.googlesource.com/1230914Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#56035}
-
Georg Neis authored
This is behind the --concurrent-compiler-frontend flag, which is disabled by default (but implied by --future). Bug: v8:7790 Change-Id: Ic7934ecfea042be4897b00095b8afca66862a9d5 Reviewed-on: https://chromium-review.googlesource.com/1233735Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#56034}
-
Sigurd Schneider authored
This CL ensures that ConstructBoundFunction and ConstructedNonConstructable preserve the kRootRegister (ebx). Bug: v8:6666 Change-Id: I5aaee07aee9377f62028c98ccc8c6fdfe23dbc6d Reviewed-on: https://chromium-review.googlesource.com/1233615 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#56033}
-
Benedikt Meurer authored
Make the RedundancyElimination handle all simplified operators that are listed in the SIMPLIFIED_CHECKED_OP_LIST, and fix a couple of bugs and oversights in the code. This also adds a lot of test coverage for all the cases that we care about in RedundancyElimination (with respect to Check/Checked simplified operators). Bug: v8:8015 Change-Id: I57d29113389841b09abcd013313bf5dd1c67735f Reviewed-on: https://chromium-review.googlesource.com/1233655Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#56032}
-
Leszek Swirski authored
This reverts commit 3bb5cb63. Reason for revert: Breaks Win64 bot https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Win64/26418 Original change's description: > [wasm] Introduce a soft limit on reserved memory > > Currently, wasm memory and wasm code use a shared limit for the total > size of reservations. This can cause wasm code reservations to fail > because wasm memories used all available reservation space. > This CL introduces a soft limit which is used when allocating wasm > memory with full guards. If this limit is reached and the respective > flag is set, we fall back to allocation without full guards and check > against the hard limit. Code reservations always check against the hard > limit. > > R=ahaas@chromium.org > > Bug: v8:8196 > Change-Id: I3fcbaeaa6f72c972d408d291af5d6b788d43151d > Reviewed-on: https://chromium-review.googlesource.com/1233614 > Reviewed-by: Andreas Haas <ahaas@chromium.org> > Commit-Queue: Clemens Hammacher <clemensh@chromium.org> > Cr-Commit-Position: refs/heads/master@{#56028} TBR=ahaas@chromium.org,clemensh@chromium.org Change-Id: If645e738b4a5800eceabd993738ac2285f4a63bc No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:8196 Reviewed-on: https://chromium-review.googlesource.com/1233834Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#56031}
-
Marja Hölttä authored
Unification: now BodyDescriptor deals with all weakness types. This doesn't replace the weak list pointers with in-place weak references, since it would cause extra work: we anyway recreate the lists after GC, so we shouldn't track them at all during GC. BUG=v8:7308 Change-Id: Ifb2f573d3e7ee311136b59e185cc659487c9cab3 Reviewed-on: https://chromium-review.googlesource.com/1229894Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#56030}
-
Georg Neis authored
Instead, remember the canonical handle during SerializeStandardObjects. Bug: v8:7790 Change-Id: Id57d861e92088fbc64c05fbee1612376000c06c9 Reviewed-on: https://chromium-review.googlesource.com/1233494Reviewed-by: Maya Lekova <mslekova@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#56029}
-
Clemens Hammacher authored
Currently, wasm memory and wasm code use a shared limit for the total size of reservations. This can cause wasm code reservations to fail because wasm memories used all available reservation space. This CL introduces a soft limit which is used when allocating wasm memory with full guards. If this limit is reached and the respective flag is set, we fall back to allocation without full guards and check against the hard limit. Code reservations always check against the hard limit. R=ahaas@chromium.org Bug: v8:8196 Change-Id: I3fcbaeaa6f72c972d408d291af5d6b788d43151d Reviewed-on: https://chromium-review.googlesource.com/1233614Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#56028}
-
Michael Achenbach authored
TBR=sathya@chromium.org NOTRY=true Bug: v8:8197 Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel Change-Id: I3bb3f8e551e34ba3a1b5d05703121989ecfe4e3c Reviewed-on: https://chromium-review.googlesource.com/1233734 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#56027}
-
Stephan Herhut authored
When module instantiation fails, we need to throw an exception or raise an error additionally to just returning an empty handle. This change adds an extra DCHECK to make sure this is not forgotten. Bug: v8:8015 Change-Id: Ib5d580ccfa2fb689e01c2bdabe856c8c4a47a853 Reviewed-on: https://chromium-review.googlesource.com/1233259Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Stephan Herhut <herhut@chromium.org> Cr-Commit-Position: refs/heads/master@{#56026}
-
Clemens Hammacher authored
This is a reland of 15d6d7b4. Original change's description: > [wasm] Increase code space limit to 1024 MB > > Liftoff increases code size, and people start deploying bigger modules. > Increase the wasm code space limit from 512 MB to 1024 MB to account > for this. > > R=titzer@chromium.org > > Bug: chromium:883639, chromium:872684 > Change-Id: I3a2ca29d456635f7f3aa1daef5fa2b0249dc1645 > Reviewed-on: https://chromium-review.googlesource.com/1226971 > Commit-Queue: Clemens Hammacher <clemensh@chromium.org> > Reviewed-by: Ben Titzer <titzer@chromium.org> > Cr-Commit-Position: refs/heads/master@{#56003} TBR=titzer@chromium.org Bug: chromium:883639, chromium:872684 Change-Id: I54461d2a5f32eeaf90c71768eb9f37223dd5ebb6 Reviewed-on: https://chromium-review.googlesource.com/1233256Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#56025}
-
Creddy authored
IIFE`s within a function are not guaranteed to be executed only once. They can be called multiple times and compiler can inline them. Do the one-shot optimizations only for IIFE`s from top-level code. Bug: v8:8072, chromium:886580 Change-Id: I02370681cc3eab270edcc75ee120ca7ad768ed52 Reviewed-on: https://chromium-review.googlesource.com/1231174 Commit-Queue: Chandan Reddy <chandanreddy@google.com> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#56024}
-
Simon Zünd authored
This CL is part of the effort to remove the usage of 'ebx' as it will be the kRootRegister on ia32. R=jgruber@chromium.org Bug: v8:6666 Change-Id: Iad3d4718423a22790908d5028b2ec9e8b2253126 Reviewed-on: https://chromium-review.googlesource.com/1233258Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Simon Zünd <szuend@google.com> Cr-Commit-Position: refs/heads/master@{#56023}
-
Benedikt Meurer authored
Teach TurboFan about representation changes from Float64 to Word64 where the input value is already known to be within the Int64 or Uint64 range. While not all of these values have representations in Float64, those that do can be converted to Word64 without loss of precision. Same is true for Tagged to Word64 conversions, although here we don't (currently) need the case for Uint64 ranges, so we can skip adding an operator for that until it becomes necessary (there's a hard check in the code so it'll not silently cause trouble). Bug: v8:8178 Change-Id: Ie99b0bc9af096bd927f63b26b0a61e66454bc4ae Reviewed-on: https://chromium-review.googlesource.com/1231593Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#56022}
-
Maya Lekova authored
This CL implements the following design doc: https://docs.google.com/document/d/1h5kdfemMQMpUd15PSKW1lqikJW5hsGwrmOvoqhGFRts/edit?ts=5b978756#heading=h.urs7r34mx9p Bug: v8:7790 Change-Id: I5f758c6d906ea9275c30b28f339063c64a2dc8d8 Reviewed-on: https://chromium-review.googlesource.com/1221807Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#56021}
-
Sigurd Schneider authored
Change-Id: I09cb1ea773c84891cefc54e8bc016b5b201280bd Bug: v8:7327 NOTRY=true Change-Id: I09cb1ea773c84891cefc54e8bc016b5b201280bd Reviewed-on: https://chromium-review.googlesource.com/1227973Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#56020}
-
Benedikt Meurer authored
The JSTypedArray instance is created early on in the TypedArray constructors, using EmitFastNewObject, which puts Undefined into all slots. But the code might still produce an exception afterwards leaving the JSTypedArray in a weird state. It's not a security issue since the object doesn't escape, but it confuses the heap verifier. Bug: chromium:885404, v8:4153, v8:7881, v8:8171 Change-Id: I5fb8131fcae69edf4a92602ed477dca305c3d6c7 Reviewed-on: https://chromium-review.googlesource.com/1233257 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#56019}
-
Michael Lippautz authored
The flag was not used anymore and any CollectGarbage call will finalize marking. Change-Id: I29ee60b187c9038acc4b42b8334546498f54f117 Reviewed-on: https://chromium-review.googlesource.com/1228013Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#56018}
-