- 29 Jun, 2021 1 commit
-
-
Peter Kasting authored
This is a reland of edab8730 It was speculatively reverted but the issue turned out to just be slow tests. Original change's description: > Fix -Wimplicit-int-float-conversions. > > Bug: chromium:989932 > Change-Id: Ief917b023cb079f5ff87dc8963d74f225d074d7a > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2989096 > Reviewed-by: Bill Budge <bbudge@chromium.org> > Reviewed-by: Sigurd Schneider <sigurds@chromium.org> > Auto-Submit: Peter Kasting <pkasting@chromium.org> > Commit-Queue: Peter Kasting <pkasting@chromium.org> > Cr-Commit-Position: refs/heads/master@{#75413} Bug: chromium:989932 Change-Id: Iec8ac8ee32705c6a699a2df2f292ffe07cde99f7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2994802Reviewed-by: Bill Budge <bbudge@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#75443}
-
- 28 Jun, 2021 2 commits
-
-
Francis McCabe authored
This reverts commit edab8730. Reason for revert: appears to be causing additional TSAN flakes: see https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20stress-incremental-marking/3772 Original change's description: > Fix -Wimplicit-int-float-conversions. > > Bug: chromium:989932 > Change-Id: Ief917b023cb079f5ff87dc8963d74f225d074d7a > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2989096 > Reviewed-by: Bill Budge <bbudge@chromium.org> > Reviewed-by: Sigurd Schneider <sigurds@chromium.org> > Auto-Submit: Peter Kasting <pkasting@chromium.org> > Commit-Queue: Peter Kasting <pkasting@chromium.org> > Cr-Commit-Position: refs/heads/master@{#75413} Bug: chromium:989932 Change-Id: I43d16b151f3c2d7bd68d0007af18a06de65da442 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2991342 Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Commit-Queue: Francis McCabe <fgm@chromium.org> Cr-Commit-Position: refs/heads/master@{#75419}
-
Peter Kasting authored
Bug: chromium:989932 Change-Id: Ief917b023cb079f5ff87dc8963d74f225d074d7a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2989096Reviewed-by: Bill Budge <bbudge@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Auto-Submit: Peter Kasting <pkasting@chromium.org> Commit-Queue: Peter Kasting <pkasting@chromium.org> Cr-Commit-Position: refs/heads/master@{#75413}
-
- 23 Jun, 2021 1 commit
-
-
Igor Sheludko authored
... which didn't properly handle non-Smi integer indices with JSTypedArray receivers. The addition of new JSReceiver::OrdinaryDefineOwnProperty() overload with LookupIterator::Key caused circular dependency between lookup.h and js-objects.h, so the LookupIterator::Key was moved out of the LookupIterator class in order to make it forward-declarable. Bug: chromium:1209405 Change-Id: I265f0c00f65ab6476c8f1d0ca1264f555d43465f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2972727 Auto-Submit: Igor Sheludko <ishell@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#75326}
-
- 19 May, 2021 1 commit
-
-
Victor Gomes authored
This is a follow-up to https://chromium-review.googlesource.com/c/v8/v8/+/2833920 Bug: chromium:1209210, chromium:1198188 Change-Id: I43f18649434b06431dac6cae7946505fc4b5b398 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2905607 Auto-Submit: Victor Gomes <victorgomes@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#74678}
-
- 07 May, 2021 1 commit
-
-
Victor Gomes authored
This is a reland of b271648e Unfortunately the test can still throw a fatal error, since there are other possible paths for OOM. Original change's description: > [runtime] Add length check in ConvertElementsWithCapacity > > This also propagates the exception through all the users of > ConvertElementsWithCapacity. > > Bug: chromium:1201626 > Change-Id: Ie44ba4327a4c3a20f1376477f45d3cd95d0da3b3 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2857961 > Commit-Queue: Victor Gomes <victorgomes@chromium.org> > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Cr-Commit-Position: refs/heads/master@{#74412} Bug: chromium:1201626 Change-Id: I164ca1aca21ad6f45ccf8893fb07a47cd5ed079a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2877833Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Victor Gomes <victorgomes@chromium.org> Cr-Commit-Position: refs/heads/master@{#74433}
-
- 06 May, 2021 2 commits
-
-
Clemens Backes authored
This reverts commit b271648e. Reason for revert: New test fails: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20shared/42282/overview Original change's description: > [runtime] Add length check in ConvertElementsWithCapacity > > This also propagates the exception through all the users of > ConvertElementsWithCapacity. > > Bug: chromium:1201626 > Change-Id: Ie44ba4327a4c3a20f1376477f45d3cd95d0da3b3 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2857961 > Commit-Queue: Victor Gomes <victorgomes@chromium.org> > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Cr-Commit-Position: refs/heads/master@{#74412} Bug: chromium:1201626 Change-Id: I764256e9d0dcc69ea3a2f3c77afaca73a910bb66 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2876861 Auto-Submit: Clemens Backes <clemensb@chromium.org> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#74414}
-
Victor Gomes authored
This also propagates the exception through all the users of ConvertElementsWithCapacity. Bug: chromium:1201626 Change-Id: Ie44ba4327a4c3a20f1376477f45d3cd95d0da3b3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2857961 Commit-Queue: Victor Gomes <victorgomes@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#74412}
-
- 14 Oct, 2020 1 commit
-
-
Victor Gomes authored
Change-Id: I2f262f4545de9e421310094d0dfab2f6147869b5 Bug: v8:10201 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2466116Reviewed-by: Junliang Yan <junyan@redhat.com> Reviewed-by: Andreas Haas <ahaas@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Victor Gomes <victorgomes@chromium.org> Cr-Commit-Position: refs/heads/master@{#70502}
-
- 20 Mar, 2020 1 commit
-
-
Victor Gomes authored
Bug: v8:10201 Change-Id: I72cbe15912395b9b06ffdccce935abae6e7a050e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2093508Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Victor Gomes <victorgomes@chromium.org> Cr-Commit-Position: refs/heads/master@{#66808}
-
- 26 Feb, 2020 1 commit
-
-
Victor Gomes authored
This adds static types to the argument class that accesss the arguments in the stack. kRuntime arguments are used by runtime functions and kJS arguments are used to access the JS stack (eg. builtins). The distinction allows the reversal of arguments in the JS stack without changing the runtime arguments order. Bug: v8:10201 Change-Id: I7c08164d53c4071c7910836fa733dee8ff7fa680 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2066985 Commit-Queue: Victor Gomes <victorgomes@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Auto-Submit: Victor Gomes <victorgomes@chromium.org> Cr-Commit-Position: refs/heads/master@{#66470}
-
- 09 Jan, 2020 1 commit
-
-
Jakob Kummerow authored
This CL factors out the decision-making logic whether a property key should be treated as a "property" or "element" into LookupIterator::Key, which can be constructed on its own, allowing use sites to take this distinction into account before constructing a LookupIterator from the Key, without needing to duplicate the logic. This also makes the assortment of LookupIterator constructors more uniform. Bug: chromium:1031175 Change-Id: I81d7b11ab7e4915f5c05668138e6e0c51ae11821 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1962272 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#65672}
-
- 26 Nov, 2019 1 commit
-
-
Jakob Kummerow authored
Bug: v8:4153 Change-Id: I036b3f464a635414e050972cee2dffbf3b44cafd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1918250 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#65164}
-
- 20 Nov, 2019 1 commit
-
-
Jakob Kummerow authored
They have to be in sync, so this patch updates both systems. Bug: v8:4153 Change-Id: I09252e41a710e79f823fe6818c1c6c0038faeb31 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1903434Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#65078}
-
- 15 Nov, 2019 1 commit
-
-
Maya Lekova authored
This helps reduce the number of false positives encountered by the dead variable analysis in gcmole. TBR=jgruber@chromium.org, verwaest@chromium.org, yangguo@chromium.org Bug: v8:9810 Change-Id: I1a34ccaab340e6abc37832b4ce1a0cabc56fa438 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1917146 Commit-Queue: Maya Lekova <mslekova@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#64981}
-
- 11 Sep, 2019 1 commit
-
-
Joshua Litt authored
Also converts ACP from a Cell to a PropertyCell. Bug: v8:9463 Change-Id: I6cd26d4e4fd8869a17bf75f83cc177524f8082d7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1795742Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Joshua Litt <joshualitt@chromium.org> Cr-Commit-Position: refs/heads/master@{#63675}
-
- 06 Aug, 2019 1 commit
-
-
Jakob Gruber authored
The HandleScope lets objects allocated within the slow loop be collected prior to loop termination. Drive-by: Use the appropriate kMaxElementCount constant. Drive-by: Switch to less-or-equal comparison against it. Bug: chromium:948810 Change-Id: I2449408b87e7e82dead5ee76d8c92129fa3243fc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1736749 Auto-Submit: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#63103}
-
- 27 May, 2019 3 commits
-
-
Benedikt Meurer authored
This is a reland of 4b86fea5 with copy&paste typo in CodeStubAssembler::AllocateByteArray() fixed (bug led to holes in new space, which was crashing reproducibly on the ia32 bot). Original change's description: > [typedarray] Move external/data pointer to JSTypedArray. > > As the next step in supporting huge typed arrays in V8, this moves the > external/data pointer from the FixedTypedArrayBase backing store to the > JSTypedArray instance itself, and replaces the special backing stores > with a plain ByteArray (removing all the code for the FixedTypedArrayBase > class hierarchy). By doing so, we can drastically simplify the system > around typed arrays. > > Note: Several places in the code base used to check the instance type > of the elements backing store of a JSTypedArray instead of checking the > elements kind on the JSTypedArray map directly. Those had to be fixed, > since the backing store is now always a ByteArray. > > Drive-by-fix: Move all the typed elements access related code into the > elements.cc file to properly encapsulate the accesses. > > Doc: http://doc/1Z-wM2qwvAuxH46e9ivtkYvKzzwYZg8ymm0x0wJaomow > Bug: chromium:951196, chromium:965583, v8:4153, v8:7881, v8:9183 > Change-Id: I8cc06b190c53e34155000b4560f5f3ef40621646 > Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627535 > Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> > Reviewed-by: Peter Marshall <petermarshall@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Simon Zünd <szuend@chromium.org> > Cr-Commit-Position: refs/heads/master@{#61855} Tbr: petermarshall@chromium.org Bug: chromium:951196, chromium:965583, v8:4153, v8:7881, v8:9183 Change-Id: I87fcdb28532c5f08cc227332a4d59546cb423810 Cq-Include-Trybots: luci.chromium.try:linux-rel, win7-rel Cq-Include-Trybots: luci.v8.try:v8_linux_shared_compile_rel Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631592Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#61864}
-
Clemens Hammacher authored
This reverts commit 4b86fea5. Reason for revert: Fails on linux shared: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20shared/31045 Original change's description: > [typedarray] Move external/data pointer to JSTypedArray. > > As the next step in supporting huge typed arrays in V8, this moves the > external/data pointer from the FixedTypedArrayBase backing store to the > JSTypedArray instance itself, and replaces the special backing stores > with a plain ByteArray (removing all the code for the FixedTypedArrayBase > class hierarchy). By doing so, we can drastically simplify the system > around typed arrays. > > Note: Several places in the code base used to check the instance type > of the elements backing store of a JSTypedArray instead of checking the > elements kind on the JSTypedArray map directly. Those had to be fixed, > since the backing store is now always a ByteArray. > > Drive-by-fix: Move all the typed elements access related code into the > elements.cc file to properly encapsulate the accesses. > > Doc: http://doc/1Z-wM2qwvAuxH46e9ivtkYvKzzwYZg8ymm0x0wJaomow > Bug: chromium:951196, chromium:965583, v8:4153, v8:7881, v8:9183 > Change-Id: I8cc06b190c53e34155000b4560f5f3ef40621646 > Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627535 > Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> > Reviewed-by: Peter Marshall <petermarshall@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Simon Zünd <szuend@chromium.org> > Cr-Commit-Position: refs/heads/master@{#61855} TBR=ulan@chromium.org,yangguo@chromium.org,titzer@chromium.org,sigurds@chromium.org,petermarshall@chromium.org,bmeurer@chromium.org,szuend@chromium.org Change-Id: I0bc1f935de6063acf75a0f4bb8c0ba67428603fd No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:951196, chromium:965583, v8:4153, v8:7881, v8:9183 Cq-Include-Trybots: luci.chromium.try:linux-rel, win7-rel Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631427Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#61856}
-
Benedikt Meurer authored
As the next step in supporting huge typed arrays in V8, this moves the external/data pointer from the FixedTypedArrayBase backing store to the JSTypedArray instance itself, and replaces the special backing stores with a plain ByteArray (removing all the code for the FixedTypedArrayBase class hierarchy). By doing so, we can drastically simplify the system around typed arrays. Note: Several places in the code base used to check the instance type of the elements backing store of a JSTypedArray instead of checking the elements kind on the JSTypedArray map directly. Those had to be fixed, since the backing store is now always a ByteArray. Drive-by-fix: Move all the typed elements access related code into the elements.cc file to properly encapsulate the accesses. Doc: http://doc/1Z-wM2qwvAuxH46e9ivtkYvKzzwYZg8ymm0x0wJaomow Bug: chromium:951196, chromium:965583, v8:4153, v8:7881, v8:9183 Change-Id: I8cc06b190c53e34155000b4560f5f3ef40621646 Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627535 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Peter Marshall <petermarshall@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#61855}
-
- 24 May, 2019 3 commits
-
-
Simon Zünd authored
This is a reland of 2b0ac2fb The layout test that caused this revert was fixed with: https://crrev.com/c/1627386 Original change's description: > [array] Move Array#sort pre-processing to Torque > > This CL removes the "PrepareElementsForSort" runtime function, and > replaces it with a simpler version in Torque. The biggest difference > is that certain sparse configurations no longer have a fast-path. > > The Torque pre-processing step replaces the existing Torque mechanism that > copied already pre-processed elements into the "work" FixedArray. The Torque > compacting works as follows: > - Iterate all elements from 0 to {length} > - If the element is the hole: Do nothing. > - If the element is "undefined": Increment undefined counter. > - In all other cases, push the element into the "work" FixedArray. > > Then the "work" FixedArray is sorted as before. Writing the elements from > the "work" array back into the receiver, after sorting, has three steps: > 1. Copy the sorted elements from the "work" FixedArray to the receiver. > 2. Add previously counted number of "undefined" to the receiver. > 3. Depending on the backing store either delete properties or > set them to the Hole up to {length}. > > Bug: v8:8714 > Change-Id: I14eccb7cfd2e4618bce2a85cba0689d7e0380ad2 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619756 > Commit-Queue: Simon Zünd <szuend@chromium.org> > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/master@{#61812} TBR: jgruber@chromium.org Bug: v8:8714 Change-Id: If7613f6e5f37c5e0d649e8192195594bc6c32100 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627977 Commit-Queue: Simon Zünd <szuend@chromium.org> Auto-Submit: Simon Zünd <szuend@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#61827}
-
Simon Zünd authored
This reverts commit 2b0ac2fb. Reason for revert: Breaks scrollingcoordinator/non-fast-scrollable-region-nested.html layout test on https://ci.chromium.org/p/v8/builders/ci/V8-Blink%20Linux%2064/32241 Original change's description: > [array] Move Array#sort pre-processing to Torque > > This CL removes the "PrepareElementsForSort" runtime function, and > replaces it with a simpler version in Torque. The biggest difference > is that certain sparse configurations no longer have a fast-path. > > The Torque pre-processing step replaces the existing Torque mechanism that > copied already pre-processed elements into the "work" FixedArray. The Torque > compacting works as follows: > - Iterate all elements from 0 to {length} > - If the element is the hole: Do nothing. > - If the element is "undefined": Increment undefined counter. > - In all other cases, push the element into the "work" FixedArray. > > Then the "work" FixedArray is sorted as before. Writing the elements from > the "work" array back into the receiver, after sorting, has three steps: > 1. Copy the sorted elements from the "work" FixedArray to the receiver. > 2. Add previously counted number of "undefined" to the receiver. > 3. Depending on the backing store either delete properties or > set them to the Hole up to {length}. > > Bug: v8:8714 > Change-Id: I14eccb7cfd2e4618bce2a85cba0689d7e0380ad2 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619756 > Commit-Queue: Simon Zünd <szuend@chromium.org> > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/master@{#61812} TBR=peter.wm.wong@gmail.com,jgruber@chromium.org,tebbi@chromium.org,szuend@chromium.org Change-Id: If1c1bc07f38dfbd4bf6b6ce8f9d70714e7526877 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:8714 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627976Reviewed-by: Simon Zünd <szuend@chromium.org> Commit-Queue: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#61814}
-
Simon Zünd authored
This CL removes the "PrepareElementsForSort" runtime function, and replaces it with a simpler version in Torque. The biggest difference is that certain sparse configurations no longer have a fast-path. The Torque pre-processing step replaces the existing Torque mechanism that copied already pre-processed elements into the "work" FixedArray. The Torque compacting works as follows: - Iterate all elements from 0 to {length} - If the element is the hole: Do nothing. - If the element is "undefined": Increment undefined counter. - In all other cases, push the element into the "work" FixedArray. Then the "work" FixedArray is sorted as before. Writing the elements from the "work" array back into the receiver, after sorting, has three steps: 1. Copy the sorted elements from the "work" FixedArray to the receiver. 2. Add previously counted number of "undefined" to the receiver. 3. Depending on the backing store either delete properties or set them to the Hole up to {length}. Bug: v8:8714 Change-Id: I14eccb7cfd2e4618bce2a85cba0689d7e0380ad2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619756 Commit-Queue: Simon Zünd <szuend@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#61812}
-
- 23 May, 2019 2 commits
-
-
Yang Guo authored
TBR=bmeurer@chromium.org,leszeks@chromium.org Bug: v8:9247 Change-Id: I8d14d0192ea8c705f8274e8e61a162531826edb6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1624220Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#61769}
-
Clemens Hammacher authored
This CL was generated by an automatic clang AST rewriter using this matcher expression: callExpr( callee( cxxMethodDecl( hasName("operator->"), ofClass(isSameOrDerivedFrom("v8::internal::Object")) ) ), argumentCountIs(1) ) The "->" at the expression location was then rewritten to ".". R=jkummerow@chromium.org TBR=mstarzinger@chromium.org,verwaest@chromium.org,yangguo@chromium.org Bug: v8:9183, v8:3770 No-Try: true No-Tree-Checks: true Change-Id: I0a7ecabdeafe51d0cf427f5280af0c7cab96869e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1624209Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#61764}
-
- 22 May, 2019 1 commit
-
-
Yang Guo authored
Bug: v8:9247 Change-Id: I79e0553e8a0d6dac2aa16b94a6c0e05b6ccde4a1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1621934 Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#61725}
-
- 20 May, 2019 4 commits
-
-
Simon Zünd authored
This CL also removes "HasComplexElements" helpers on JSReceiver and NumberDictionary. Drive-by: Remove unused SmiLexicographicCompare runtime function. The C++ funtion is still used, but it is entered using a fast C call from Array#sort. Bug: v8:9183 Change-Id: Ibb5d54cca623486806587bc90506af8d97910dc2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617929 Commit-Queue: Simon Zünd <szuend@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Auto-Submit: Simon Zünd <szuend@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#61644}
-
Yang Guo authored
TBR=verwaest@chromium.org,rmcilroy@chromium.org NOTREECHECKS=true NOPRESUBMIT=true Bug: v8:9247 Change-Id: I9ddfb6e56ca8e47c4ac186a8df5f442d26420a69 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617661 Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#61642}
-
Yang Guo authored
Code that is being moved primarily deal with layout of a JSObject, accessing properties and elements, and map transitions. NOTREECHECKS=true NOTRY=true Bug: v8:9247 Change-Id: Ibce5d5926ac4021c8d40c4dd109948775ce1da58 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1613994 Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#61638}
-
Simon Zünd authored
This CL also removes the ElementsAccessor "slice" implementation, as the runtime function is the last use site. R=verwaest@chromium.org Bug: v8:9183 Change-Id: If268e20120e7c7bb4a58d9560482b35896b0992f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617662Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#61635}
-
- 17 May, 2019 4 commits
-
-
Simon Zünd authored
R=jgruber@chromium.org Bug: v8:9183 Change-Id: I773af2e44bbfb780a3cf375e6412274fe917d397 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617250 Commit-Queue: Simon Zünd <szuend@chromium.org> Auto-Submit: Simon Zünd <szuend@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#61616}
-
Simon Zünd authored
R=yangguo@chromium.org Bug: v8:9183 Change-Id: I0f06c9a32983f7131a36ace1fd6873e88e375fe3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617259 Commit-Queue: Yang Guo <yangguo@chromium.org> Auto-Submit: Simon Zünd <szuend@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#61610}
-
Yang Guo authored
This reverts commit 5f285395. Reason for revert: presubmit failure Original change's description: > Move logging and diagnostics related source files > > This also introduces a COMMON_OWNERS file, which is derived from the > current top-level OWNERS file. It is to be used for parts of the > codebase that is not sensitive to domain-specific expertise. > > NOPRESUBMIT=true > TBR=verwaest@chromium.org > > Bug: v8:9247 > Change-Id: I34a5eaa7cb1509a80d15094a2aceedd62665b17c > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1613987 > Reviewed-by: Yang Guo <yangguo@chromium.org> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> > Commit-Queue: Yang Guo <yangguo@chromium.org> > Cr-Commit-Position: refs/heads/master@{#61600} TBR=rmcilroy@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org,verwaest@chromium.org Change-Id: I3827c3af4fd63b18aa48c49617f318a01746e813 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:9247 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617247Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#61601}
-
Yang Guo authored
This also introduces a COMMON_OWNERS file, which is derived from the current top-level OWNERS file. It is to be used for parts of the codebase that is not sensitive to domain-specific expertise. NOPRESUBMIT=true TBR=verwaest@chromium.org Bug: v8:9247 Change-Id: I34a5eaa7cb1509a80d15094a2aceedd62665b17c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1613987Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#61600}
-
- 15 May, 2019 1 commit
-
-
Yang Guo authored
R=bmeurer@chromium.org, clemensh@chromium.org, jkummerow@chromium.org, sigurds@chromium.org, ulan@chromium.org, verwaest@chromium.org Bug: v8:9247 Change-Id: I153a6bbfc55989fe7a86c052f95c5cb8ee61e841 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1613244 Commit-Queue: Yang Guo <yangguo@chromium.org> Auto-Submit: Yang Guo <yangguo@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#61557}
-
- 07 May, 2019 1 commit
-
-
Peter Marshall authored
This is a reland of ad44c258 Patchset 2 is the original CL Patchset 3 fixes some misuses of FixedArrayBase::length() and adds some DCHECKS to flush out any more misuses. Patchset 4 adds the PPC/S390 port by miladfar@ca.ibm.com. Original change's description: > [typedarray] Make JSTypedArray::length authoritative. > > This is the first step towards full huge typed array support in V8. > Before this change, the JSTypedArray::length and the elements backing > store length (FixedTypedArrayBase::length) were used more or less > interchangeably to determine the number of elements in a JSTypedArray. > > With this change we disentangle these two lengths, and instead make > JSTypedArray::length authoritative. For on-heap typed arrays, the > FixedTypedArrayBase::length will remain the number of elements in the > backing store, but for the off-heap typed arrays, this length will be > set to 0 (matching the fact that the FixedTypedArrayBase instance does > not contain any elements itself). > > This also unifies the JSTypedArray::set_/length() and length_value() > methods to only have JSTypedArray::set_/length() which returns/takes > size_t values. Currently this still requires the values to be in Smi > range, but later we will extend this to allow arbitrary size_t values > (in the safe integer range). > > Bug: v8:4153, v8:7881 > Change-Id: Iff9089130bb31fa9e08e0cf913e7ab52c3dbf107 > Cq-Include-Trybots: luci.chromium.try:linux-blink-rel > Doc: http://doc/1Z-wM2qwvAuxH46e9ivtkYvKzzwYZg8ymm0x0wJaomow > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1543729 > Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> > Reviewed-by: Peter Marshall <petermarshall@chromium.org> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> > Reviewed-by: Ben Titzer <titzer@chromium.org> > Reviewed-by: Hannes Payer <hpayer@chromium.org> > Cr-Commit-Position: refs/heads/master@{#60648} Bug: v8:4153, v8:7881, v8:9105 Change-Id: Ic38f833071a723642ebc6f82a4012dbc0878ef98 Cq-Include-Trybots: luci.chromium.try:linux-blink-rel Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1594435Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#61275}
-
- 12 Mar, 2019 1 commit
-
-
Hannes Payer authored
Bug: v8:8945 Change-Id: I14ca4b29f1b12ff95e718d431f65d88ab1238c53 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1511478Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Hannes Payer <hpayer@chromium.org> Cr-Commit-Position: refs/heads/master@{#60177}
-
- 08 Mar, 2019 1 commit
-
-
Jakob Kummerow authored
RotateRight32 needs a "number of bits" operand in the range 0..31. Thankfully that's how x86 shift instructions behave anyway, and how the bitwise shift operators in JavaScript are spec'ed, so this fix is unobservable in non-UBSan builds. RemoveArrayHolesGeneric can be used for length values anywhere in the uint32_t range, so it must not implicitly cast those to int. That actually caused an observable bug where a proxy's traps would not get called at all, but only for huge "length" properties, where the entire operation would also be painfully slow. Bug: chromium:935133, chromium:937652 Change-Id: I13f74ca27eae6b2b089d58217842b699b2574509 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1510272 Auto-Submit: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#60112}
-
- 15 Feb, 2019 1 commit
-
-
Jakob Kummerow authored
This takes heap-inl.h out of the "Giant Include Cluster". Naturally, that means adding a bunch of explicit includes in a bunch of places that relied on transitively including them before. As of this patch, no header file outside src/heap/ includes heap-inl.h. Bug: v8:8562,v8:8499 Change-Id: I65fa763f90e66afc30d105b9277792721f05a6d4 Reviewed-on: https://chromium-review.googlesource.com/c/1459659 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#59617}
-
- 29 Jan, 2019 1 commit
-
-
Ulan Degenbaev authored
This replaces InNewSpace with InYoungGeneration, which is a prerequisite for young large objects. Additional changes: - FROM_SPACE, TO_SPACE flags are renamed to FROM_PAGE, TO_PAGE. - A new LARGE_PAGE flag is added. - The external string table is refactored to track young string instead of new space strings. Bug: chromium:924547 Change-Id: Ia4e3ba1b72995c3400257a1f98559f091533e811 Reviewed-on: https://chromium-review.googlesource.com/c/1437274Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#59156}
-