- 16 Dec, 2019 1 commit
-
-
Dominik Inführ authored
PrototypeUsers::Add now iterates the WeakArrayList to find empty slots before growing the array. Not reusing empty slots caused a memory leak. It might also be desirable to shrink the WeakArrayList in the future. Right now it is only compacted when invoking CreateBlob. Also removed unused PrototypeUsers::IsEmptySlot declaration. Bug: v8:10031 Change-Id: I570ec78fca37e8f0c794f1f40846a4daab47c225 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1967317Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#65456}
-
- 04 Dec, 2019 2 commits
-
-
Joyee Cheung authored
This patch implements inspector support for private instance methods: - Previously to implement brand checking for instances with private instance methods we store the brand both as the value with the brand itself as the key in the stances. Now we make the value the context associated with the class instead. - To retrieve the private instance methods and accessors from the instances at runtime, we look into the contexts stored with the brands, and analyze the scope info to get the names as well as context slot indices of them. - This patch extends the `PrivatePropertyDescriptor` in the inspector protocol to include optional `get` and `set` fields, and make the `value` field optional (similar to `PropertyDescriptor`s). Private fields or private instance methods are returned in the `value` field while private accessors are returned in the `get` and/or `set` field. Property previews for the instaces containing private instance methods and accessors are also updated similarly, although no additional protocol change is necessary since the `PropertyPreview` type can already be used to display accessors. Design doc: https://docs.google.com/document/d/1N91LObhQexnB0eE7EvGe57HsvNMFX16CaWu-XCTnnmY/edit Bug: v8:9839, v8:8330 Change-Id: If37090bd23833a18f75deb1249ca5c4405ca2bf2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1934407 Commit-Queue: Joyee Cheung <joyee@igalia.com> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#65337}
-
Leszek Swirski authored
Looks like even the small amount of logic needed to extract ReadOnlyRoots from a const Isolate* (e.g. a HeapObject check) is enough to cause regressions. Revert these predicates to take non-const Isolate*, while keeping const Isolate* elsewhere. If we ever need const Isolate* for the oddball predicates, we can add it in addition to the non-const one. Bug: chromium:1029457 Bug: chromium:1030001 Bug: chromium:1030003 Bug: chromium:1030102 Change-Id: Ia6fa45f282a1a1961c0afa8ed973baebf6fbafd3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1948721Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#65331}
-
- 27 Nov, 2019 1 commit
-
-
Leszek Swirski authored
To indicate that the Isolate* in getters might not be a "real" isolate, but rather a calculated one from GetIsolateForPtrCompr only used for calculating the isolate root, make that function return a const Isolate* and change field getters, Object::IsFoo predicates, and related functions to all take a const Isolate* instead of an Isolate* With this change, we can slightly more confidently use Objects that are in OffThreadSpace, without having to worry too much about having an Isolate* floating around that could accidentally be used. This is a slight abuse of const semantics, but it allows implicit conversion from Isolate* arguments to the const Isolate* parameter. Bug: v8:7703 Bug: chromium:1011762 Change-Id: I54d4a65d2299477195f4d754cabe64ce34fdaa4c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1939455 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#65199}
-
- 26 Nov, 2019 1 commit
-
-
Jakob Kummerow authored
Bug: v8:4153 Change-Id: I036b3f464a635414e050972cee2dffbf3b44cafd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1918250 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#65164}
-
- 21 Nov, 2019 1 commit
-
-
Joshua Litt authored
This is a reland of f2a74165 Original change's description: > [regexp] Re-execute regexp when '.indices' is accessed. > > Instead of storing a pointer to the last_match_info, which may > change, this cl modifies JSRegExpResult to store a pointer to > the original JSRegExp which generated it, as well as additional > data needed to re-execute the match. > > Basically a straight copy and tidy off jgruber@'s prototype: > https://chromium-review.googlesource.com/c/v8/v8/+/1876810 > > Bug: v8:9548 > Change-Id: I11b7deae681b8287e41e8d0e342291ff484751fb > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910129 > Commit-Queue: Joshua Litt <joshualitt@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/master@{#65053} Bug: v8:9548 Change-Id: Ieeba4b1ae59ef0c7946d654dc314adfae09d24b5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1925554Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Joshua Litt <joshualitt@chromium.org> Cr-Commit-Position: refs/heads/master@{#65096}
-
- 20 Nov, 2019 2 commits
-
-
Jakob Kummerow authored
They have to be in sync, so this patch updates both systems. Bug: v8:4153 Change-Id: I09252e41a710e79f823fe6818c1c6c0038faeb31 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1903434Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#65078}
-
Joshua Litt authored
This reverts commit f2a74165. Reason for revert: Clusterfuzz Bug: chromium:1026479 Original change's description: > [regexp] Re-execute regexp when '.indices' is accessed. > > Instead of storing a pointer to the last_match_info, which may > change, this cl modifies JSRegExpResult to store a pointer to > the original JSRegExp which generated it, as well as additional > data needed to re-execute the match. > > Basically a straight copy and tidy off jgruber@'s prototype: > https://chromium-review.googlesource.com/c/v8/v8/+/1876810 > > Bug: v8:9548 > Change-Id: I11b7deae681b8287e41e8d0e342291ff484751fb > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910129 > Commit-Queue: Joshua Litt <joshualitt@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/master@{#65053} TBR=jgruber@chromium.org,joshualitt@chromium.org Change-Id: I6294e3d7ac0b3e2bd9404697823b8d3cc2545c16 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:9548 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1925651Reviewed-by: Joshua Litt <joshualitt@chromium.org> Commit-Queue: Joshua Litt <joshualitt@chromium.org> Cr-Commit-Position: refs/heads/master@{#65057}
-
- 19 Nov, 2019 1 commit
-
-
Joshua Litt authored
Instead of storing a pointer to the last_match_info, which may change, this cl modifies JSRegExpResult to store a pointer to the original JSRegExp which generated it, as well as additional data needed to re-execute the match. Basically a straight copy and tidy off jgruber@'s prototype: https://chromium-review.googlesource.com/c/v8/v8/+/1876810 Bug: v8:9548 Change-Id: I11b7deae681b8287e41e8d0e342291ff484751fb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910129 Commit-Queue: Joshua Litt <joshualitt@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#65053}
-
- 15 Nov, 2019 2 commits
-
-
Dan Elphick authored
utils.h itself is fairly large and contains lots of unrelated functions as well as having a fair number of dependencies itself, so this splits bounds checking and bit field operations into their own headers in base and replaces uses of utils.h with the more appropriate header where possible. (Also fixes some cases where other headers were previously brought in transitively). Bug: v8:9810, v8:8912 Change-Id: I76c53f953848a57e2c5bfad6ce45abcd6d2a4f1b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1916604Reviewed-by: Clemens Backes <clemensb@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#64983}
-
Maya Lekova authored
This helps reduce the number of false positives encountered by the dead variable analysis in gcmole. TBR=jgruber@chromium.org, verwaest@chromium.org, yangguo@chromium.org Bug: v8:9810 Change-Id: I1a34ccaab340e6abc37832b4ce1a0cabc56fa438 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1917146 Commit-Queue: Maya Lekova <mslekova@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#64981}
-
- 12 Nov, 2019 1 commit
-
-
Leszek Swirski authored
After allocation of an object, we need to initialize it to make it safe for the GC to see it. For complex objects like SharedFunctionInfo, this initialization code is long and requires understanding of the object. So, it makes sense for the initialization to live in the SharedFunctionInfo code itself (as an Init method) rather than in the factory. Aside from being a neat cleanup, this will allow us to share this initialization logic between different allocation methods, as part of the off-thread allocation project: https://docs.google.com/document/d/1-_96kok0AcavkbcdqqZvpqt_2q-_XWAsAJwbRXlfwCo/ Bug: chromium:1011762 Change-Id: Ie276eb711423272f85abfeb3d88df1826a77b984 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1872402 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#64926}
-
- 11 Nov, 2019 2 commits
-
-
Joyee Cheung authored
This patch excludes brand symbols from the result of JSReceiver::GetPrivateEntries so that the brands do not show up when the instances are inspected from the DevTools (e.g. via `Runtime.getProperties()`). To implement this, we use a bit in the Symbols to denote whether it's a brand symbol. A brand symbol is also a private name symbol so that we can just reuse the IC for accessing private names and do not need to jump through extra ORs. Design doc: https://docs.google.com/document/d/1N91LObhQexnB0eE7EvGe57HsvNMFX16CaWu-XCTnnmY/edit Bug: v8:8671, v8:9839, v8:8330 Change-Id: I24346aeedce3602395289052d1e1350ae9390354 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1909757Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Joyee Cheung <joyee@igalia.com> Cr-Commit-Position: refs/heads/master@{#64899}
-
Sathya Gunasekaran authored
Instead of changing all of TryToName to do the conversion to array index, this patch narrows this fast path just to the element load IC handler. This patch also restores the HeapNumber conversion in TryToIntPtr and in Turbofan inlining as per the original state of things. Bug: v8:9449, chromium:1016738, chromium:1016709 Change-Id: Ibf3a2c38637fc36e0ee037dc740f273848d1e8a5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1902386 Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#64896}
-
- 06 Nov, 2019 2 commits
-
-
Sathya Gunasekaran authored
This reverts commit 0457bed1. Reason for revert: doesn't help perf too much Original change's description: > [ic] Inline loads for heapnumber and cached string as ArrayIndex > > Bug: chromium:1016738, chromium:1016709, v8:9449 > Change-Id: I5b50f21b3e40651e16201e63b4a7010b1bf0c639 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1897890 > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> > Cr-Commit-Position: refs/heads/master@{#64766} TBR=neis@chromium.org,gsathya@chromium.org,verwaest@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: chromium:1016738, chromium:1016709, v8:9449 Change-Id: I8a68cac329f06fa47516ecd9708f1e91e5d15b77 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1901276Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#64821}
-
Ulan Degenbaev authored
The (age, context) pair has to be added atomically in to the weak array of detached contexts. Otherwise, GC may happen after insertion of age and observe inconsistent state. Bug: chromium:1016703 Change-Id: Icb20bed4359904b2d976986a236558542e314bbf Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1895573 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#64820}
-
- 05 Nov, 2019 3 commits
-
-
Benedikt Meurer authored
This removes the feature that we log precise information about functions and scripts in "v8.compile", since it comes at a significant cost and is not going to be used anytime soon. If we ever decide that we need this, we will have to come up with a cheaper way of doing this. Fixed: v8:9874 Tbr: yangguo@chromium.org Bug: v8:8598, v8:9039, v8:9325, v8:9874 Change-Id: I3481570b6fda2a050f05d2ae84cf3e9245f67d52 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1898652Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#64783}
-
Eric Leese authored
Currently there are two ways wasm locations are represented in the inspector. This remains unchanged for now. Also, currently there are multiple ways location is represented within V8, with the line number sometimes being a function index and sometimes being 0, and the column number being a byte offset which is sometimes function relative and sometimes module relative. With this change, the line number is never used within V8 (it is always 0), and the column number is always a byte offset from the beginning of the module. This simplifies translation logic and keeps it in one place, and will simplify future changes to wasm location representation in the inspector API. Bug: chromium:1013527 Change-Id: I8813d47c881988f9ab49d7529fb81fe10dbbccff Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1886915 Commit-Queue: Eric Leese <leese@chromium.org> Reviewed-by: Simon Zünd <szuend@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#64774}
-
Sathya Gunasekaran authored
Bug: chromium:1016738, chromium:1016709, v8:9449 Change-Id: I5b50f21b3e40651e16201e63b4a7010b1bf0c639 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1897890Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#64766}
-
- 01 Nov, 2019 1 commit
-
-
Mythri Alle authored
This reverts commit b8ac4eb4. Reason for revert: https://bugs.chromium.org/p/chromium/issues/detail?id=1020533 Original change's description: > [runtime] Correctly handle global stores when global object has proxies > > When global object has proxies we should first call hasProperty and > then call SetProperty if has property returns true. This cl fixes both > StoreGlobal and StoreLookupGlobal to correctly handle these cases. > > Bug: chromium:1018871 > Change-Id: I140514e2119c6bab2125abcdc1b19d46526be5ff > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1889885 > Commit-Queue: Mythri Alle <mythria@chromium.org> > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Cr-Commit-Position: refs/heads/master@{#64687} TBR=mythria@chromium.org,verwaest@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: chromium:1018871 Change-Id: I5abbf9275cba17576e1b1e492abd36d6bc1ca1bf Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1893194Reviewed-by: Mythri Alle <mythria@chromium.org> Commit-Queue: Mythri Alle <mythria@chromium.org> Cr-Commit-Position: refs/heads/master@{#64714}
-
- 31 Oct, 2019 2 commits
-
-
Mythri A authored
When global object has proxies we should first call hasProperty and then call SetProperty if has property returns true. This cl fixes both StoreGlobal and StoreLookupGlobal to correctly handle these cases. Bug: chromium:1018871 Change-Id: I140514e2119c6bab2125abcdc1b19d46526be5ff Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1889885 Commit-Queue: Mythri Alle <mythria@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#64687}
-
Mythri A authored
JSProxy::HasProperty returns Nothing<bool>() when there is an exception when executing has trap handler. We should not treat these cases similar to not found cases. Bug: chromium:1018871 Change-Id: I5510e707c96576d2dca4c8402e21a89065cc9b90 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1886919Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Mythri Alle <mythria@chromium.org> Cr-Commit-Position: refs/heads/master@{#64670}
-
- 30 Oct, 2019 2 commits
-
-
Gus Caplan authored
Change-Id: I2a1ad1835b751237b350e56d64e3475459bfb7a6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1873715 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#64636}
-
Clemens Backes authored
{Smi::ToInt} has only one character more. R=mstarzinger@chromium.org Bug: v8:9810 Change-Id: I1e91bb3623a354ceeee1dc93822011a6809281d5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1886922Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#64633}
-
- 29 Oct, 2019 1 commit
-
-
Clemens Backes authored
The {IsWasmFrame} check in {ComputeLocationFromStackTrace} only returned true for compiled frames, but not for interpreted ones. Thus, for interpreted frames we would run into the code for JS frames, which assumes that a {JSFunction} is available. This CL fixes this issue by renaming {IsWasmFrame} to {IsWasmCompiledFrame}, and introducing a new {IsWasmFrame} method which returns true for both compiled and interpreted frames. R=mstarzinger@chromium.org Bug: chromium:1018227 Change-Id: If83b4129edaad775a212ccb741f3c62eabc2addb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1883892Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#64607}
-
- 28 Oct, 2019 3 commits
-
-
Seth Brenith authored
This change begins making use of the fact that Torque now knows about the relationship between classes and instance types, to replace a few repetitive lists: - Instance type checkers (single and range), defined in src/objects/instance-type.h - Verification dispatch in src/diagnostics/objects-debug.cc - Printer dispatch in src/diagnostics/objects-printer.cc - Postmortem object type detection in tools/debug_helper/get-object-properties.cc Torque is updated to generate four macro lists for the instance types, representing all of the classes separated in two dimensions: classes that correspond to a single instance type versus those that have a range, and classes that are fully defined in Torque (with fields and methods inside '{}') versus those that are only declared. The latter distinction is useful because fully-defined classes are guaranteed to correspond to real C++ classes, whereas only-declared classes are not. A few other changes were required to make the lists above work: - Renamed IsFiller to IsFreeSpaceOrFiller to better reflect what it does and avoid conflicts with the new macro-generated IsFiller method. This is the part I'm most worried about: I think the new name is an improvement for clarity and consistency, but I could imagine someone typing IsFiller out of habit and introducing a bug. If we'd prefer to keep the name IsFiller, my other idea is to rename FreeSpace to VariableSizeFiller and Filler to FixedSizeFiller. - Made Tuple3 extend from Struct, not Tuple2, because IsTuple2 is expected to check for only TUPLE2_TYPE and not include TUPLE3_TYPE. - Normalized the dispatched behavior for BigIntBase and HeapNumber. - Added a few new object printers. Bug: v8:7793 Change-Id: I5462bb105f8a314baa59bd6ab6ab6215df6f313c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1860314 Commit-Queue: Seth Brenith <seth.brenith@microsoft.com> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Dan Elphick <delphick@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#64597}
-
Mythri A authored
When global object has proxies we should first call hasProperty and then call GetProperty according to spec. This cl fixes both LoadGlobal and LoadLookupGlobal to correctly handle these cases. Also fixes tests that didn't expect hasProperty to be called. Change-Id: I3a45df7ae24be74dd46cf04cafbf8c2d7018b3af Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1876059 Commit-Queue: Mythri Alle <mythria@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#64580}
-
Victor Gomes authored
A bit was added in the context length slot to indicate if the context had an extension slot. It turns out that we need this information much earlier and so this flag is now in the scope info instead. This CL removes this bit from length, since it was not used anymore. I also renamed HasContextExtension to HasContextExtensionSlot to differentiate from Context::has_extension which returns true only if the context has an extension slot and the extension is not the undefined object. Bug: v8:9744 Change-Id: I7c37105b7afed34e8f480a64596fab285388f21b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1879935 Commit-Queue: Victor Gomes <victorgomes@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#64577}
-
- 22 Oct, 2019 1 commit
-
-
Georg Neis authored
Instead of logging when SFI inlineability is computed, log when that result is actually used. Moreover, log something in some cases where we logged nothing so far (e.g. when we can't inline due to missing feedback vector). Change-Id: Id93119f4ead17aa9e721eb4fcc20774c54178665 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1873693Reviewed-by: Michael Stanton <mvstanton@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#64466}
-
- 21 Oct, 2019 1 commit
-
-
Jakob Gruber authored
V8 uses a backtracking regexp engine, which has the caveat that some regexp patterns can have exponential runtime behavior when excessive backtracking is involved. Especially when regexp patterns are user-controlled, it would be useful to be able to set an upper limit for a single regexp execution. This CL takes an initial step in that direction by adding a backtracking limit (intended to approximate execution time): - The limit is stored in the JSRegExp's data array. - A limit can currently only be set through the %NewRegExpWithLimit runtime function. - The limit is applied during interpreter execution. When exceeded, the interpreter stops execution and returns FAILURE (even if continued execution would at some later point have resulted in SUCCESS). In follow-up CLs, this mechanism will be extended to work in jitted regexp code, and exposed through the V8 API. Bug: v8:9695 Change-Id: Iadb5c100052f4a63b26f1ec49cf97c6713a66b9b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864934 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Auto-Submit: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#64417}
-
- 16 Oct, 2019 2 commits
-
-
Sathya Gunasekaran authored
Updates CSA::TryToIntptr to handle array indices that are less than INT_MAX which allows to handle string keys in the ICs. Updates ICs to go monomorphic for string keys that are array indices. Updates Turbofan to handle array indices when lowering element access. Change-Id: Ibdde20130e075d0d645ab4a8266a968335eaad84 Bug: v8:9449 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1813018Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#64320}
-
Jakob Kummerow authored
for "entries", i.e. indices into the backing store (as opposed to "public indices" going into the hash function). This improves consistency and compiler-enforced type safety; no change in behavior is intended. Change-Id: I25e57e3ddcf18a406e2dfbd66786b6980c4e9615 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1852768 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#64317}
-
- 11 Oct, 2019 2 commits
-
-
Leszek Swirski authored
Bug: chromium:1012301 Change-Id: I805affc8b18130d9d4de995eed8a905d7fcd4d75 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1856005 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#64249}
-
Jakob Kummerow authored
This is for consistency and compiler-enforced type safety. No change in behavior intended. Change-Id: I31467832ba6c63fd5f97df9fee6221559b283d67 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1852766 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#64244}
-
- 08 Oct, 2019 2 commits
-
-
Jakob Kummerow authored
This is useful for the upcoming "huge TypedArrays" support, to be able to quickly decide in stubs/generated code whether a string used as the key for a property load/store can possibly be an exotic integer index. Bug: v8:4153 Change-Id: I50ce655d2f78fb36e5615fd580f22c9290216c84 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1821460 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#64165}
-
Mythri A authored
Empty slow element dictionary had the sticky bit set. This bit was used to indicate that the dictionary cannot go to the fast mode either because the dictionary had elements with attributed or elements at large indices. There is no reason for the empty dictionary to have this bit set. This causes bugs in some corner cases. Bug: chromium:1003732 Change-Id: Ib29e1cda784869b9deb9361d8e6b5539f7154a38 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1833686Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Mythri Alle <mythria@chromium.org> Cr-Commit-Position: refs/heads/master@{#64158}
-
- 07 Oct, 2019 1 commit
-
-
Seth Brenith authored
Just mechanical conversion to remove boilerplate code. When .tq and .h files didn't agree on what a field is named, I used the name from the .h file. In a couple of cases the generated accessor became slightly more specific (HeapObject instead of Object), and I had to update the code that uses those accessors accordingly. Change-Id: Ie3af1590e3889887b167c9d045b07860b01f7d15 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1776479Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com> Cr-Commit-Position: refs/heads/master@{#64142}
-
- 26 Sep, 2019 2 commits
-
-
Joshua Litt authored
Bug: v8:9463 Change-Id: I62290f29086c370b1f4f773de9a4d8f926edf313 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1818732Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Joshua Litt <joshualitt@chromium.org> Cr-Commit-Position: refs/heads/master@{#64005}
-
Victor Gomes authored
This is a reland of d7b67ce2 Original change's description: > [Context] Add a bit flag to indicate if extension might exist > > Checking the bit flag instead of comparing pointers should improve performance. > This will also allow us to remove the extension slot in Context and save memory. > > Bug: v8:9744 > Change-Id: I7ab9feeadfb934955798d877d13bc0e1d78a191c > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1814918 > Commit-Queue: Victor Gomes <victorgomes@google.com> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Leszek Swirski <leszeks@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63906} Bug: v8:9744 Change-Id: Ic4725ad5730a8f8fff6288d6af2205c230aff79d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1815256Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Victor Gomes <victorgomes@google.com> Cr-Commit-Position: refs/heads/master@{#63993}
-
- 18 Sep, 2019 1 commit
-
-
Michael Starzinger authored
This introduces {GetContainingWasmFunction} to replace the above method, since calculating offsets into the wire bytes is independent of the concrete module object and hence only needs the shared decoded module. R=clemensh@chromium.org BUG=v8:6847 Change-Id: I145d527506289686653979dbb135480cc42ea4c8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1809369 Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#63870}
-