- 11 Dec, 2018 7 commits
-
-
Jakob Gruber authored
This: - documents removal of Code's stub key field. - removes SerializedCodeData's CodeStubKeys field. - removes masm's custom self-reference marker mechanism. Bug: v8:7777 Change-Id: Ie5c51bc895e508acdeb3994cf5558a2cf4c21540 Reviewed-on: https://chromium-review.googlesource.com/c/1367744 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#58145}
-
Michael Achenbach authored
When using correctness fuzzing, this makes sure all non-object arguments to typed array constructors are bound by 1MiB when interpreted as numbers. NOTRY=true Bug: chromium:910962 Change-Id: I66e87ece27aae7c5fa88429c5d1f1f478de702ae Reviewed-on: https://chromium-review.googlesource.com/c/1369959 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Mathias Bynens <mathias@chromium.org> Reviewed-by: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#58144}
-
Clemens Hammacher authored
The class declaration regexp in cpplint did not catch classes decorated by V8_EXPORT, V8_EXPORT_PRIVATE or any other decorator containing digits. This will be fixed in https://github.com/google/styleguide/pull/422. This CL already prepares the code base by fixing all errors that will be found after that change. Some follow-up changes were needed to fix implicit conversion that are not taken any more now. R=mstarzinger@chromium.org Bug: v8:8562 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: I03713bd04dbc3f54b89a6c857a93463139aa5efd Reviewed-on: https://chromium-review.googlesource.com/c/1367751Reviewed-by: Adam Klein <adamk@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#58143}
-
Clemens Hammacher authored
This callback is not being used by now, so we can just change it without the deprecation dance. Instead of the WasmModuleObject, it now receives the new CompiledWasmModule wrapper which contains a shared pointer to the NativeModule. This is all that's needed for serialization. Some classes are pulled out of WasmModuleObject to allow reuse. R=adamk@chromium.org, mstarzinger@chromium.org CC=bbudge@chromium.org Bug: chromium:912031 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: Icedb64efa92e66bec45cf8742942a07ae22f59c8 Reviewed-on: https://chromium-review.googlesource.com/c/1363140Reviewed-by: Adam Klein <adamk@chromium.org> Reviewed-by: Bill Budge <bbudge@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#58142}
-
Stephen Martinis authored
This was deleted source side in https://crrev.com/c/1308912 with seemingly no ill effects. Bug: chromium:718157 Change-Id: Ic2516b391b76a8fb72df97f6f090af3c24f35766 Reviewed-on: https://chromium-review.googlesource.com/c/1371035Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#58141}
-
Yang Guo authored
We no longer implement part of the debugger in JS. Therefore we can remove the infrastructure to support this in the bootstrapper. Also includes some drive-by cleanups. Bug: v8:5530 R=petermarshall@chromium.org Change-Id: I06628a559c17f99c70029fcc94848b0c78f1d3e9 Reviewed-on: https://chromium-review.googlesource.com/c/1369945 Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#58140}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/6fd29b2..510ff4c Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/e09a3df..74c92bb Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/03ee2d6..fed2cb3 TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org Change-Id: I71575232dba9e58d428e7d832537b550e082b9eb Reviewed-on: https://chromium-review.googlesource.com/c/1370692Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#58139}
-
- 10 Dec, 2018 24 commits
-
-
Sven Sauleau authored
Fix and re-enable tests for WebAssembly's memory/constructor and table/constructor js-api. It introduces the '[EnforceRange] unsigned long' algorithm used to validate initial and maximum properties. The initial property is now required, by the switch to the Web IDL specification. Most of the input validations errors are now considered TypeError instead of RangeError. The WasmTableObject and WasmMemoryObject APIs use more consistently uint32_t to ensure integer range and remove the need for bounds checks. Cq-Include-Trybots: luci.chromium.try:linux-blink-rel Bug: v8:8319 Change-Id: Iedd3ee6484ef688a5e96f93006eb6ca66d805a48 Reviewed-on: https://chromium-review.googlesource.com/c/1354043 Commit-Queue: Adam Klein <adamk@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#58138}
-
Ben Smith authored
This implementation currently only supports the optimized tier. Bug: v8:7747 Change-Id: Ia1af29b11a5d3e8a48b122f6cf3240c9f5948bfb Reviewed-on: https://chromium-review.googlesource.com/c/1364710Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Ben Smith <binji@chromium.org> Cr-Commit-Position: refs/heads/master@{#58137}
-
Igor Sheludko authored
because RelocInfo does not need host Code object for updating pointers to heap objects embedded into code. This CL also simplifies typed slot iteration callback signature. Bug: v8:8518, v8:8262 Change-Id: I59fe9e3b4e9b69e3d87b5449c80bed14e311516f Reviewed-on: https://chromium-review.googlesource.com/c/1370037Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#58136}
-
Michael Starzinger authored
R=ahaas@chromium.org Change-Id: Ie8407bb05dc0a1aeda4066f29e239e9ee085d946 Reviewed-on: https://chromium-review.googlesource.com/c/1369955 Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#58135}
-
Michael Achenbach authored
TBR=sergiyb@chromium.org NOTRY=true Bug: v8:7783 Change-Id: I96a42759b8e1eecb74fdce5d8c43a6d93b6af0d6 Reviewed-on: https://chromium-review.googlesource.com/c/1370038Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#58134}
-
Maya Lekova authored
This is the longest running test on arm64, possibly contributing to a timeout: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20debug/13906 Temporarily disabling it until there's a better solution for arm64 timeouts. Bug: v8:7783 Change-Id: Ia5755c7d0e09a64e607345a3a3185a6e86832939 R=leszeks@chromium.org NOTRY=true Change-Id: Ia5755c7d0e09a64e607345a3a3185a6e86832939 Reviewed-on: https://chromium-review.googlesource.com/c/1369956Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#58133}
-
Clemens Hammacher authored
Just pass a pointer to the current stack. This makes it easier to reuse the {DoReturn} method for breaks to the outermost block. R=titzer@chromium.org Bug: v8:8423 Change-Id: Ide8533b154daa227e044820bb9c181f836ba654a Reviewed-on: https://chromium-review.googlesource.com/c/1370028 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Ben Titzer <titzer@chromium.org> Cr-Commit-Position: refs/heads/master@{#58132}
-
Clemens Hammacher authored
This loop is redundant in {GetNodes}. R=titzer@chromium.org Bug: v8:8423 Change-Id: Ia624fbe145ae2cd77ea099c3f109899ea6fac9c0 Reviewed-on: https://chromium-review.googlesource.com/c/1370031Reviewed-by: Ben Titzer <titzer@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#58131}
-
Igor Sheludko authored
and a bit of drive-by cleanup. Bug: v8:8518 Change-Id: I46873f0a5e56509d75f2d169dc7a4372cc94efbc Reviewed-on: https://chromium-review.googlesource.com/c/1370027Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#58130}
-
Clemens Hammacher authored
Instead of branching to the end merge of the outermost block, we should return directly. This often generates shorter and faster code, since the merge is omitted. R=titzer@chromium.org Bug: v8:6600, v8:8423 Change-Id: Id5e92b05d3fbbcdb69e4a8bf48629d6031d85291 Reviewed-on: https://chromium-review.googlesource.com/c/1358411Reviewed-by: Ben Titzer <titzer@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#58129}
-
Clemens Hammacher authored
Names of external references are statically known, so there is no need to store them in the dynamically generated ExternalReferenceTable. This saves 7.4kB per Isolate, plus ~46.4kB binary size. R=mstarzinger@chromium.org Bug: v8:8562 Change-Id: Ia494de38474e0a7308563ab6d1797ff488b0a072 Reviewed-on: https://chromium-review.googlesource.com/c/1369947Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#58128}
-
Andreas Haas authored
When the --debug-code flag is turned on, we create code now which checks if the thread-in-wasm flag has the expected value. If not, we abort execution. R=clemensh@chromium.org Bug: v8:5277, v8:8554 Change-Id: I74c4e6a60b874b48f13ded9b5cee81f602e4c9fd Reviewed-on: https://chromium-review.googlesource.com/c/1370025Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#58127}
-
Dan Elphick authored
Bug: chromium:911416 Change-Id: I04d3faa5ee042c99a400294e2a6dbed99c8d7020 Reviewed-on: https://chromium-review.googlesource.com/c/1366616 Commit-Queue: Dan Elphick <delphick@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#58126}
-
Predrag Rudic authored
MIPS32 doesn't have instructions to properly handle 64-bit atomic instructions. Skipping those test on MIPS64 simulator because they have flaky TIMEOUT on buildbots. Change-Id: I31511dfce70a933b9326a7c270509c5f31af743a Reviewed-on: https://chromium-review.googlesource.com/c/1367450Reviewed-by: Stephan Herhut <herhut@chromium.org> Commit-Queue: Predrag Rudic <prudic@wavecomp.com> Cr-Commit-Position: refs/heads/master@{#58125}
-
Leszek Swirski authored
This reverts commit 92db073f. Reason for revert: Breaks devtools test https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8-Blink%20Win/15539 Devtools seems to parse our error messages, e.g. https://cs.chromium.org/chromium/src/third_party/blink/renderer/devtools/front_end/object_ui/JavaScriptAutocomplete.js?type=cs&q=isExpressionComplete+javascriptautocomplete&sq=package:chromium&g=0&l=612 Original change's description: > [parser] Improve error message for unclosed function bodies > > This patch changes the output from: > > function fn() { > ^ > SyntaxError: Unexpected end of input > > to: > > function fn() { > ^ > SyntaxError: missing '}' after function body > > Bug: v8:6513, v8:7321 > Change-Id: I4ca8a40fa0be246da2a3ff776b3fb3c87b4ba4e0 > Also-By: gsathya@chromium.org > Reviewed-on: https://chromium-review.googlesource.com/c/1367448 > Commit-Queue: Mathias Bynens <mathias@chromium.org> > Reviewed-by: Marja Hölttä <marja@chromium.org> > Cr-Commit-Position: refs/heads/master@{#58116} TBR=marja@chromium.org,gsathya@chromium.org,mathias@chromium.org Change-Id: Ia2ac413d67fda39eda903c056002ae632df73df9 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:6513, v8:7321 Reviewed-on: https://chromium-review.googlesource.com/c/1370026Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#58124}
-
Igor Sheludko authored
which used to treat off-heap slots as on-heap ones and implement embedded objects visitation in derived visitor classes. Bug: v8:8518 Change-Id: Ia40d8135078379cca990e9167d3f1bebb3b5be0a Reviewed-on: https://chromium-review.googlesource.com/c/1367747Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#58123}
-
Michael Starzinger authored
This is a reland of 9c2c8f15 Original change's description: > [wasm] Support encoding s128 simd types in exceptions. > > This adds support for having simd type values (i.e. s128) stored in an > exception. It is the natural combination of the simd propsal and the > exception handling proposal. > > R=clemensh@chromium.org > TEST=mjsunit/wasm/exceptions-simd > BUG=v8:8390 > > Change-Id: I01079f82a6ba4d9152de4dae63e3db1584ca7cd8 > Reviewed-on: https://chromium-review.googlesource.com/c/1363141 > Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> > Reviewed-by: Clemens Hammacher <clemensh@chromium.org> > Cr-Commit-Position: refs/heads/master@{#58098} Bug: v8:8390 Change-Id: I333c50cd766055f74b023df626d0fd90fdef3bac Reviewed-on: https://chromium-review.googlesource.com/c/1370024Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#58122}
-
Igor Sheludko authored
which used to treat off-heap slots as on-heap ones and implement code target visitation in derived visitor classes. Bug: v8:8518 Change-Id: I477bf3a4a8a3de0c67bc15e2e20d8ecee6493da8 Reviewed-on: https://chromium-review.googlesource.com/c/1367745Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#58121}
-
Andreas Haas authored
CompileJsToWasmWrappers only needs a WasmModule, so we should not pass in a NativeModule. R=clemensh@chromium.org Bug: v8:8562 Change-Id: Ic38f1bee2eab3a06921c27f56fd175b51688ad5f Reviewed-on: https://chromium-review.googlesource.com/c/1367748Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#58120}
-
Peter Marshall authored
Right now, this is the limit implicitly imposed for spread/apply calls as to actually do a spread/apply call through CallVarargs, you need to pass a FixedArray with the args to be pushed. Likewise, turbofan can only materialize an arguments object with a backing store of length FixedArray::kMaxLength. The practical limit that users will actually hit is the stack - this change doesn't change that, it just documents what the actual limit is. This would actually allow an embedder/custom fork to increase stack size and still be able to make spread/apply calls with a large number of args. Change-Id: If5e66a61ed3f9df36031eb098646d48fc2ca2507 Reviewed-on: https://chromium-review.googlesource.com/c/1367451Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#58119}
-
Michael Starzinger authored
R=clemensh@chromium.org Change-Id: Ie4f40314eb41957c6983796e43eeefe655458160 Reviewed-on: https://chromium-review.googlesource.com/c/1367806 Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#58118}
-
Yang Guo authored
R=delphick@chromium.org, jgruber@chromium.org Bug: chromium:911416 Change-Id: Ib23ba11f3219fde183b4b9b352b13564b6e9e1e2 Reviewed-on: https://chromium-review.googlesource.com/c/1362952Reviewed-by: Dan Elphick <delphick@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#58117}
-
Mathias Bynens authored
This patch changes the output from: function fn() { ^ SyntaxError: Unexpected end of input to: function fn() { ^ SyntaxError: missing '}' after function body Bug: v8:6513, v8:7321 Change-Id: I4ca8a40fa0be246da2a3ff776b3fb3c87b4ba4e0 Also-By: gsathya@chromium.org Reviewed-on: https://chromium-review.googlesource.com/c/1367448 Commit-Queue: Mathias Bynens <mathias@chromium.org> Reviewed-by: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#58116}
-
v8-ci-autoroll-builder authored
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/c017b42..e09a3df TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org Change-Id: I065c6b38f01a05c9faeb27776a893bb9dee07740 Reviewed-on: https://chromium-review.googlesource.com/c/1369334Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#58115}
-
- 09 Dec, 2018 2 commits
-
-
Daniel Clifford authored
Bug: v8:7793 Change-Id: I31cae67edfce6a0ba925df34d496d3d62bc7d5ef Reviewed-on: https://chromium-review.googlesource.com/c/1358519 Commit-Queue: Daniel Clifford <danno@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#58114}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/70dc33c..6fd29b2 Rolling v8/test/wasm-js/data: https://chromium.googlesource.com/external/github.com/WebAssembly/spec/+log/89ae39c..4408f60 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/4be60ee..03ee2d6 TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org Change-Id: I204383a4f19ff008c8c213128ce561e7f0acc3fc Reviewed-on: https://chromium-review.googlesource.com/c/1369092Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#58113}
-
- 08 Dec, 2018 3 commits
-
-
Jakob Kummerow authored
Bug: v8:3770 Change-Id: I1d74ffe9e5478b4b8bc0acbf088d20919d458d50 Reviewed-on: https://chromium-review.googlesource.com/c/1363822 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#58112}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/9e9ea82..70dc33c Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/5d7bcad..c017b42 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/f94f910..4be60ee Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/f6641a3..1bc365f TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org Change-Id: Ia24ad0df626f9b89d7f93a6f9e27b47cf13439a6 Reviewed-on: https://chromium-review.googlesource.com/c/1369088Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#58111}
-
Alexei Filippov authored
That should prevent leak of objects when page is reloaded. BUG=chromium:906847 Change-Id: I90928a5c4979c0ddc01c201bf60a693e2b03863a Reviewed-on: https://chromium-review.googlesource.com/c/1366449 Commit-Queue: Alexei Filippov <alph@chromium.org> Reviewed-by: Dmitry Gozman <dgozman@chromium.org> Cr-Commit-Position: refs/heads/master@{#58110}
-
- 07 Dec, 2018 4 commits
-
-
Vasili Skurydzin authored
Change-Id: I3b504d7d22da475b317f5877bc0a5a642017754f Reviewed-on: https://chromium-review.googlesource.com/c/1363531Reviewed-by: Junliang Yan <jyan@ca.ibm.com> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Junliang Yan <jyan@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#58109}
-
Clemens Hammacher authored
If we create a second foreground task, only the second one will be registered with the AsyncCompileJob, so the first one will not be cancelled, which can lead to use-after-free of the AsyncCompileJob. In a debug build, a DCHECK will fail when creating the second foreground task. R=ahaas@chromium.org Bug: chromium:907937, chromium:910920 Change-Id: Iefefc4a85e7b35b32051cfe8cd5cbbfc4e95b843 Reviewed-on: https://chromium-review.googlesource.com/c/1367684 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#58108}
-
Mythri authored
Updates the following bytecode handlers to handle cases when feedback vector is not allocated: StaDataPropertyLiteral CreateRegExpLiteral CreateArrayLiteral EmptyArrayLiteral CreateObjectLiteral GetTemplateObject ForInPrepare ForInNext Bug: v8:8394 Change-Id: I854cca8dd69539f7e8a17dd8eddb0f9f6d42f762 Reviewed-on: https://chromium-review.googlesource.com/c/1362992 Commit-Queue: Mythri Alle <mythria@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#58107}
-
Daniel Clifford authored
Moving Frame-inspection functionality to Torque is a prerequisite for porting the CSA-based arguments code, which is a great candidate to simplify/cleanup with Torque. Change-Id: I1f4cb94cb357aae5864c2e84f3bf5a07549b27f8 Reviewed-on: https://chromium-review.googlesource.com/c/1357050 Commit-Queue: Daniel Clifford <danno@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#58106}
-