1. 28 Jun, 2021 1 commit
  2. 24 Jun, 2021 2 commits
  3. 18 Jun, 2021 1 commit
  4. 25 May, 2021 1 commit
  5. 29 Jan, 2021 1 commit
  6. 22 Jun, 2020 1 commit
  7. 06 May, 2020 1 commit
    • Jakob Gruber's avatar
      [snapshot] Clear reconstructable data prior to d8 stress_snapshot run · 3c422d1c
      Jakob Gruber authored
      The serializer currently cannot handle a heap state containing
      arbitrary compiled Code objects. As a quick fix for the
      --stress-snapshot d8 flag, we clear compiled data from the isolate
      prior to the serialize-deserialize-verify pass.
      
      With this change, mjsunit tests pass on x64.
      
      The %SerializeDeserializeNow() runtime function would require more
      work, since it is not possible to mutate the heap to this extent while
      still preserving a runnable host context and isolate. We will need
      another solution there.
      
      Drive-by: Skip the stress_snapshot variant except for the mjsunit
      suite.
      
      Tbr: machenbach@chromium.org
      Bug: v8:10493,v8:10416
      Change-Id: Ie110da8b51613fcd69c7f391d3cf8589d6b04dd8
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2182429Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Commit-Queue: Jakob Gruber <jgruber@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#67585}
      3c422d1c
  8. 13 Dec, 2019 1 commit
  9. 04 Nov, 2019 1 commit
  10. 22 Oct, 2019 1 commit
  11. 16 Oct, 2019 1 commit
  12. 12 Sep, 2019 1 commit
  13. 05 Sep, 2019 1 commit
  14. 09 Jul, 2019 1 commit
  15. 24 May, 2019 3 commits
    • Simon Zünd's avatar
      Reland "[array] Move Array#sort pre-processing to Torque" · 843b6646
      Simon Zünd authored
      This is a reland of 2b0ac2fb
      
      The layout test that caused this revert was fixed with:
      https://crrev.com/c/1627386
      
      Original change's description:
      > [array] Move Array#sort pre-processing to Torque
      >
      > This CL removes the "PrepareElementsForSort" runtime function, and
      > replaces it with a simpler version in Torque. The biggest difference
      > is that certain sparse configurations no longer have a fast-path.
      >
      > The Torque pre-processing step replaces the existing Torque mechanism that
      > copied already pre-processed elements into the "work" FixedArray. The Torque
      > compacting works as follows:
      >   - Iterate all elements from 0 to {length}
      >     - If the element is the hole: Do nothing.
      >     - If the element is "undefined": Increment undefined counter.
      >     - In all other cases, push the element into the "work" FixedArray.
      >
      > Then the "work" FixedArray is sorted as before. Writing the elements from
      > the "work" array back into the receiver, after sorting, has three steps:
      >   1. Copy the sorted elements from the "work" FixedArray to the receiver.
      >   2. Add previously counted number of "undefined" to the receiver.
      >   3. Depending on the backing store either delete properties or
      >      set them to the Hole up to {length}.
      >
      > Bug: v8:8714
      > Change-Id: I14eccb7cfd2e4618bce2a85cba0689d7e0380ad2
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619756
      > Commit-Queue: Simon Zünd <szuend@chromium.org>
      > Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
      > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#61812}
      
      TBR: jgruber@chromium.org
      Bug: v8:8714
      Change-Id: If7613f6e5f37c5e0d649e8192195594bc6c32100
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627977
      Commit-Queue: Simon Zünd <szuend@chromium.org>
      Auto-Submit: Simon Zünd <szuend@chromium.org>
      Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#61827}
      843b6646
    • Simon Zünd's avatar
      Revert "[array] Move Array#sort pre-processing to Torque" · 70eeb22d
      Simon Zünd authored
      This reverts commit 2b0ac2fb.
      
      Reason for revert: Breaks scrollingcoordinator/non-fast-scrollable-region-nested.html layout test on https://ci.chromium.org/p/v8/builders/ci/V8-Blink%20Linux%2064/32241 
      
      Original change's description:
      > [array] Move Array#sort pre-processing to Torque
      > 
      > This CL removes the "PrepareElementsForSort" runtime function, and
      > replaces it with a simpler version in Torque. The biggest difference
      > is that certain sparse configurations no longer have a fast-path.
      > 
      > The Torque pre-processing step replaces the existing Torque mechanism that
      > copied already pre-processed elements into the "work" FixedArray. The Torque
      > compacting works as follows:
      >   - Iterate all elements from 0 to {length}
      >     - If the element is the hole: Do nothing.
      >     - If the element is "undefined": Increment undefined counter.
      >     - In all other cases, push the element into the "work" FixedArray.
      > 
      > Then the "work" FixedArray is sorted as before. Writing the elements from
      > the "work" array back into the receiver, after sorting, has three steps:
      >   1. Copy the sorted elements from the "work" FixedArray to the receiver.
      >   2. Add previously counted number of "undefined" to the receiver.
      >   3. Depending on the backing store either delete properties or
      >      set them to the Hole up to {length}.
      > 
      > Bug: v8:8714
      > Change-Id: I14eccb7cfd2e4618bce2a85cba0689d7e0380ad2
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619756
      > Commit-Queue: Simon Zünd <szuend@chromium.org>
      > Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
      > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#61812}
      
      TBR=peter.wm.wong@gmail.com,jgruber@chromium.org,tebbi@chromium.org,szuend@chromium.org
      
      Change-Id: If1c1bc07f38dfbd4bf6b6ce8f9d70714e7526877
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: v8:8714
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627976Reviewed-by: 's avatarSimon Zünd <szuend@chromium.org>
      Commit-Queue: Simon Zünd <szuend@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#61814}
      70eeb22d
    • Simon Zünd's avatar
      [array] Move Array#sort pre-processing to Torque · 2b0ac2fb
      Simon Zünd authored
      This CL removes the "PrepareElementsForSort" runtime function, and
      replaces it with a simpler version in Torque. The biggest difference
      is that certain sparse configurations no longer have a fast-path.
      
      The Torque pre-processing step replaces the existing Torque mechanism that
      copied already pre-processed elements into the "work" FixedArray. The Torque
      compacting works as follows:
        - Iterate all elements from 0 to {length}
          - If the element is the hole: Do nothing.
          - If the element is "undefined": Increment undefined counter.
          - In all other cases, push the element into the "work" FixedArray.
      
      Then the "work" FixedArray is sorted as before. Writing the elements from
      the "work" array back into the receiver, after sorting, has three steps:
        1. Copy the sorted elements from the "work" FixedArray to the receiver.
        2. Add previously counted number of "undefined" to the receiver.
        3. Depending on the backing store either delete properties or
           set them to the Hole up to {length}.
      
      Bug: v8:8714
      Change-Id: I14eccb7cfd2e4618bce2a85cba0689d7e0380ad2
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619756
      Commit-Queue: Simon Zünd <szuend@chromium.org>
      Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#61812}
      2b0ac2fb
  16. 02 May, 2019 1 commit
    • Michael Achenbach's avatar
      Reland "[test] Remove longer timeout on bots" · 393f788c
      Michael Achenbach authored
      This is a reland of e632f8f4
      
      Original change's description:
      > [test] Remove longer timeout on bots
      >
      > CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_linux_gc_stress_dbg
      > CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_linux_gcc_rel
      > CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_linux64_msan_rel
      > CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_linux64_tsan_rel
      > CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_linux_arm64_dbg
      > CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_mac64_asan_rel
      > CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_win64_dbg
      > CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_android_arm64_n5x_rel_ng
      > CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_linux64_cfi_rel_ng
      > CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_linux64_ubsan_rel_ng
      > CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_linux_arm_lite_rel_ng
      > CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_linux_noi18n_rel_ng
      > CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_mac64_dbg_ng
      >
      > Bug: v8:9145
      > Change-Id: I6efee8579d9d9e0aad0431f6b87c152141d4ec7f
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1581261
      > Commit-Queue: Michael Achenbach <machenbach@chromium.org>
      > Reviewed-by: Tamer Tas <tmrts@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#61107}
      
      Bug: v8:9145
      Change-Id: Id8f0468bbf2d67f62141e7f7c42417d351c3fffa
      Cq-Include-Trybots: luci.v8.try:v8_linux_gc_stress_dbg
      Cq-Include-Trybots: luci.v8.try:v8_linux_gcc_rel
      Cq-Include-Trybots: luci.v8.try:v8_linux64_msan_rel
      Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel
      Cq-Include-Trybots: luci.v8.try:v8_linux_arm64_dbg
      Cq-Include-Trybots: luci.v8.try:v8_mac64_asan_rel
      Cq-Include-Trybots: luci.v8.try:v8_win64_dbg
      Cq-Include-Trybots: luci.v8.try:v8_android_arm64_n5x_rel_ng
      Cq-Include-Trybots: luci.v8.try:v8_linux64_cfi_rel_ng
      Cq-Include-Trybots: luci.v8.try:v8_linux64_ubsan_rel_ng
      Cq-Include-Trybots: luci.v8.try:v8_linux_arm_lite_rel_ng
      Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
      Cq-Include-Trybots: luci.v8.try:v8_mac64_dbg_ng
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1588429Reviewed-by: 's avatarTamer Tas <tmrts@chromium.org>
      Commit-Queue: Michael Achenbach <machenbach@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#61167}
      393f788c
  17. 26 Apr, 2019 2 commits
  18. 03 Apr, 2019 1 commit
  19. 20 Mar, 2019 1 commit
  20. 26 Feb, 2019 1 commit
  21. 20 Feb, 2019 1 commit
  22. 19 Feb, 2019 1 commit
  23. 06 Feb, 2019 1 commit
    • Tamer Tas's avatar
      Reland "Reland "[test] refactor testsuite configuration"" · df630e67
      Tamer Tas authored
      This is a reland of 81eec150
      
      Original change's description:
      > Reland "[test] refactor testsuite configuration"
      >
      > This is a reland of 7f92ad0a
      >
      > Original change's description:
      > > [test] refactor testsuite configuration
      > >
      > > Every testsuite configuration consist of at least 30% code duplication.
      > >
      > > The code age ranges from 10 years old to 5 years old. Implementing anything that
      > > touches the testsuite code becomes a technical fight to the death.
      > >
      > > This CL removes all the duplication by refactoring the common functionality.
      > >
      > > This CL contains structural changes without any logical changes % small bug
      > > fixes.
      > >
      > > R=machenbach@chromium.org
      > > CC=yangguo@chromium.org,sergiyb@chromium.org
      > >
      > > Bug: v8:8174, v8:8769
      > > Change-Id: Iee299569caa7abdc0307ecf606136669034a28a2
      > > Reviewed-on: https://chromium-review.googlesource.com/c/1445881
      > > Commit-Queue: Sergiy Belozorov <sergiyb@chromium.org>
      > > Reviewed-by: Michael Achenbach <machenbach@chromium.org>
      > > Cr-Commit-Position: refs/heads/master@{#59361}
      >
      > Bug: v8:8174, v8:8769
      > Change-Id: I8e7078cfb875ceb3777e57084e6f8dfac09693e7
      > Reviewed-on: https://chromium-review.googlesource.com/c/1454485
      > Reviewed-by: Michael Achenbach <machenbach@chromium.org>
      > Commit-Queue: Tamer Tas <tmrts@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#59369}
      
      Bug: v8:8174, v8:8790
      Change-Id: I38ab9d37bca76057441a970f26e2102e4387a857
      Reviewed-on: https://chromium-review.googlesource.com/c/1454724
      Commit-Queue: Michael Achenbach <machenbach@chromium.org>
      Reviewed-by: 's avatarMichael Achenbach <machenbach@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#59387}
      df630e67
  24. 05 Feb, 2019 4 commits
    • Tamer Tas's avatar
      Revert "Reland "[test] refactor testsuite configuration"" · ea4412ad
      Tamer Tas authored
      This reverts commit 81eec150.
      
      Reason for revert: windows mozilla test failures
      
      Original change's description:
      > Reland "[test] refactor testsuite configuration"
      > 
      > This is a reland of 7f92ad0a
      > 
      > Original change's description:
      > > [test] refactor testsuite configuration
      > > 
      > > Every testsuite configuration consist of at least 30% code duplication.
      > > 
      > > The code age ranges from 10 years old to 5 years old. Implementing anything that
      > > touches the testsuite code becomes a technical fight to the death.
      > > 
      > > This CL removes all the duplication by refactoring the common functionality.
      > > 
      > > This CL contains structural changes without any logical changes % small bug
      > > fixes.
      > > 
      > > R=machenbach@chromium.org
      > > CC=yangguo@chromium.org,sergiyb@chromium.org
      > > 
      > > Bug: v8:8174, v8:8769
      > > Change-Id: Iee299569caa7abdc0307ecf606136669034a28a2
      > > Reviewed-on: https://chromium-review.googlesource.com/c/1445881
      > > Commit-Queue: Sergiy Belozorov <sergiyb@chromium.org>
      > > Reviewed-by: Michael Achenbach <machenbach@chromium.org>
      > > Cr-Commit-Position: refs/heads/master@{#59361}
      > 
      > Bug: v8:8174, v8:8769
      > Change-Id: I8e7078cfb875ceb3777e57084e6f8dfac09693e7
      > Reviewed-on: https://chromium-review.googlesource.com/c/1454485
      > Reviewed-by: Michael Achenbach <machenbach@chromium.org>
      > Commit-Queue: Tamer Tas <tmrts@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#59369}
      
      TBR=machenbach@chromium.org,sergiyb@chromium.org,tmrts@chromium.org
      
      Change-Id: I8f5650b5f46be299c004e2fa8b708fa2c17a4dc2
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: v8:8174, v8:8769
      Reviewed-on: https://chromium-review.googlesource.com/c/1454607Reviewed-by: 's avatarMichael Achenbach <machenbach@chromium.org>
      Commit-Queue: Tamer Tas <tmrts@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#59370}
      ea4412ad
    • Tamer Tas's avatar
      Reland "[test] refactor testsuite configuration" · 81eec150
      Tamer Tas authored
      This is a reland of 7f92ad0a
      
      Original change's description:
      > [test] refactor testsuite configuration
      > 
      > Every testsuite configuration consist of at least 30% code duplication.
      > 
      > The code age ranges from 10 years old to 5 years old. Implementing anything that
      > touches the testsuite code becomes a technical fight to the death.
      > 
      > This CL removes all the duplication by refactoring the common functionality.
      > 
      > This CL contains structural changes without any logical changes % small bug
      > fixes.
      > 
      > R=machenbach@chromium.org
      > CC=yangguo@chromium.org,sergiyb@chromium.org
      > 
      > Bug: v8:8174, v8:8769
      > Change-Id: Iee299569caa7abdc0307ecf606136669034a28a2
      > Reviewed-on: https://chromium-review.googlesource.com/c/1445881
      > Commit-Queue: Sergiy Belozorov <sergiyb@chromium.org>
      > Reviewed-by: Michael Achenbach <machenbach@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#59361}
      
      Bug: v8:8174, v8:8769
      Change-Id: I8e7078cfb875ceb3777e57084e6f8dfac09693e7
      Reviewed-on: https://chromium-review.googlesource.com/c/1454485Reviewed-by: 's avatarMichael Achenbach <machenbach@chromium.org>
      Commit-Queue: Tamer Tas <tmrts@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#59369}
      81eec150
    • Tamer Tas's avatar
      Revert "[test] refactor testsuite configuration" · 97068800
      Tamer Tas authored
      This reverts commit 7f92ad0a.
      
      Reason for revert: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Win32/19148
      
      Original change's description:
      > [test] refactor testsuite configuration
      >
      > Every testsuite configuration consist of at least 30% code duplication.
      >
      > The code age ranges from 10 years old to 5 years old. Implementing anything that
      > touches the testsuite code becomes a technical fight to the death.
      >
      > This CL removes all the duplication by refactoring the common functionality.
      >
      > This CL contains structural changes without any logical changes % small bug
      > fixes.
      >
      > R=​machenbach@chromium.org
      > CC=​yangguo@chromium.org,sergiyb@chromium.org
      >
      > Bug: v8:8174, v8:8769
      > Change-Id: Iee299569caa7abdc0307ecf606136669034a28a2
      > Reviewed-on: https://chromium-review.googlesource.com/c/1445881
      > Commit-Queue: Sergiy Belozorov <sergiyb@chromium.org>
      > Reviewed-by: Michael Achenbach <machenbach@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#59361}
      
      TBR=machenbach@chromium.org,sergiyb@chromium.org,tmrts@chromium.org,v8-reviews@chromium.org
      
      Change-Id: I473f0d4c6b9c0239923b8c03699dbc38b7f85030
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: v8:8174, v8:8769
      Reviewed-on: https://chromium-review.googlesource.com/c/1454599
      Commit-Queue: Tamer Tas <tmrts@chromium.org>
      Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
      Reviewed-by: 's avatarClemens Hammacher <clemensh@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#59362}
      97068800
    • Tamer Tas's avatar
      [test] refactor testsuite configuration · 7f92ad0a
      Tamer Tas authored
      Every testsuite configuration consist of at least 30% code duplication.
      
      The code age ranges from 10 years old to 5 years old. Implementing anything that
      touches the testsuite code becomes a technical fight to the death.
      
      This CL removes all the duplication by refactoring the common functionality.
      
      This CL contains structural changes without any logical changes % small bug
      fixes.
      
      R=machenbach@chromium.org
      CC=yangguo@chromium.org,sergiyb@chromium.org
      
      Bug: v8:8174, v8:8769
      Change-Id: Iee299569caa7abdc0307ecf606136669034a28a2
      Reviewed-on: https://chromium-review.googlesource.com/c/1445881
      Commit-Queue: Sergiy Belozorov <sergiyb@chromium.org>
      Reviewed-by: 's avatarMichael Achenbach <machenbach@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#59361}
      7f92ad0a
  25. 30 Nov, 2018 1 commit
    • Peter Marshall's avatar
      Revert "[runtime] Reduce spread/apply call max arguments" · ff0cf00c
      Peter Marshall authored
      This reverts commit 4e3a17d0.
      
      Reason for revert: Web compact issues, see crbug.com/910252
      
      Original change's description:
      > [runtime] Reduce spread/apply call max arguments
      > 
      > Bug: chromium:906043
      > Change-Id: I308b29af0644c318d73926b27e65a94913c760c7
      > Reviewed-on: https://chromium-review.googlesource.com/c/1346115
      > Commit-Queue: Peter Marshall <petermarshall@chromium.org>
      > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
      > Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
      > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#57731}
      
      TBR=jarin@chromium.org,jgruber@chromium.org,petermarshall@chromium.org,bmeurer@chromium.org
      
      # Not skipping CQ checks because original CL landed > 1 day ago.
      
      Bug: chromium:906043
      Change-Id: I240c1b55c10fd3e108e3c49f93ce1d9ca9c61780
      Reviewed-on: https://chromium-review.googlesource.com/c/1356502Reviewed-by: 's avatarPeter Marshall <petermarshall@chromium.org>
      Commit-Queue: Peter Marshall <petermarshall@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#57956}
      ff0cf00c
  26. 22 Nov, 2018 1 commit
  27. 07 Sep, 2018 1 commit
  28. 06 Sep, 2018 1 commit
    • Simon Zünd's avatar
      [array] Move Array.p.unshift fall-back to Torque · cfe71156
      Simon Zünd authored
      This CL implements a generic baseline version of Array.p.unshift
      in Torque, enabling us to remove the JS fall-back.
      
      The elements-accessor fast-path is still used, but the check whether
      to use it is also moved to Torque.
      
      Support for sparse JSArrays is removed.
      
      Drive-by change: Small refactoring in builtins-array that will
      get extended to other array builtins in a follow-up CL.
      
      R=cbruni@chromium.org, jgruber@chromium.org
      
      Bug: v8:7624
      Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
      Change-Id: I7b23ce15e7b922eb333f61a408050dedec77c95a
      Reviewed-on: https://chromium-review.googlesource.com/1189902
      Commit-Queue: Simon Zünd <szuend@google.com>
      Reviewed-by: 's avatarCamillo Bruni <cbruni@chromium.org>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#55670}
      cfe71156
  29. 04 Sep, 2018 1 commit
    • Mike Stanton's avatar
      [builtins] Enable Torque Array.prototype.splice · fd334b32
      Mike Stanton authored
      Before, splice was implemented with a C++ fast path and a
      comprehensive JavaScript version.
      
      This impl. is entirely in Torque with a fastpath for SMI,
      DOUBLE and OBJECT arrays, and a comprehensive slow path.
      The same level of "sparse" array support as given by the
      array.js implementation is included.
      
      This reland addresses several issues:
      
      * Removed "sparse" array support from splice.
      * Addressed ClusterFuzz issue 876443:
        The test and code that uses the fix is in this CL.
        The fix in isolation can be seen here:
        https://chromium-review.googlesource.com/c/v8/v8/+/1199403
      * Removed dead code in elements.cc
      
      BUG=chromium:876443, v8:8131, v8:1956, v8:7221
      
      Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
      Change-Id: I2d4a66c24ba1edabeca34e27e6ff8ee6136ed5f1
      Reviewed-on: https://chromium-review.googlesource.com/1201783
      Commit-Queue: Michael Stanton <mvstanton@chromium.org>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#55610}
      fd334b32
  30. 29 Aug, 2018 1 commit
  31. 11 Jul, 2018 1 commit
  32. 08 May, 2018 1 commit
  33. 06 Apr, 2018 1 commit