- 02 May, 2019 33 commits
-
-
Clemens Hammacher authored
This reverts commit b6fb2707. Reason for revert: TSan issues, e.g. https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/26177 Original change's description: > [wasm][gc] Free WasmCode objects > > This adds the next step to freeing code: We free the actual C++ > {WasmCode} objects. This will cause UAF if any C++ code uses stale > references. > The underlying machine code will still not be freed. > > For simplicity, this CL changes the vector of owned_code to an ordered > set, such that lookup and removal is much simpler. The drawback is that > insertion is now more expensive. > > R=mstarzinger@chromium.org > > Bug: v8:8217 > Change-Id: I07fc81167816637fbaad6c06ff79e3f952f2fde8 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593080 > Commit-Queue: Clemens Hammacher <clemensh@chromium.org> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Cr-Commit-Position: refs/heads/master@{#61165} TBR=mstarzinger@chromium.org,clemensh@chromium.org Change-Id: I167a8d806a8c6ac1c90e0743cdf86d492389bbed No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:8217, v8:9200 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593305Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#61176}
-
Joyee Cheung authored
This enables the embedder to check if the snapshot generated from SnapshotCreator::CreateBlob() can be rehashed and the seed can be recomputed during deserialization. The lack of this functionality resulted in a temporary vunerability in Node.js: https://github.com/nodejs/node/pull/27365 Change-Id: I88d52337217c40f79c26438be3c87d2db874d980 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1578661 Commit-Queue: Joyee Cheung <joyee@igalia.com> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#61175}
-
Georg Neis authored
When asked to start at the receiver and the receiver is a primitive, the dependency should be taken on the primitive map (which is a no-op) rather than the wrapper object's map. Bug: chromium:958716 Change-Id: I9c8b2b56436d134b2f79dbe458c0c527fe6d17a1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593086 Commit-Queue: Georg Neis <neis@chromium.org> Auto-Submit: Georg Neis <neis@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#61174}
-
Milad Farazmand authored
Port 381a7f9e Original Commit Message: On Arm/64 the last return address is stored in a link register instead of being pushed to the top-of-stack like on x64/ia32. Extend the support in the tick sampler to check for samples in a frameless bytecode handler with support for checking the link register if it exists instead of top-of-stack. In addition, make the x64/ia32 check more robust by ensuring we only apply the change if the pc is a bytecode handler and the top frame isn't a bytecode handler (stub) frame. R=rmcilroy@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG=v8:9162 LOG=N Change-Id: I893b45af40a48415fbbc2c9f5e9e5cd72ed8d9e7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1588888Reviewed-by: Junliang Yan <jyan@ca.ibm.com> Reviewed-by: Peter Marshall <petermarshall@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#61173}
-
Peter Marshall authored
This reverts commit ad44c258. Reason for revert: Missed some users: crbug.com/v8/9105 Original change's description: > [typedarray] Make JSTypedArray::length authoritative. > > This is the first step towards full huge typed array support in V8. > Before this change, the JSTypedArray::length and the elements backing > store length (FixedTypedArrayBase::length) were used more or less > interchangeably to determine the number of elements in a JSTypedArray. > > With this change we disentangle these two lengths, and instead make > JSTypedArray::length authoritative. For on-heap typed arrays, the > FixedTypedArrayBase::length will remain the number of elements in the > backing store, but for the off-heap typed arrays, this length will be > set to 0 (matching the fact that the FixedTypedArrayBase instance does > not contain any elements itself). > > This also unifies the JSTypedArray::set_/length() and length_value() > methods to only have JSTypedArray::set_/length() which returns/takes > size_t values. Currently this still requires the values to be in Smi > range, but later we will extend this to allow arbitrary size_t values > (in the safe integer range). > > Bug: v8:4153, v8:7881 > Change-Id: Iff9089130bb31fa9e08e0cf913e7ab52c3dbf107 > Cq-Include-Trybots: luci.chromium.try:linux-blink-rel > Doc: http://doc/1Z-wM2qwvAuxH46e9ivtkYvKzzwYZg8ymm0x0wJaomow > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1543729 > Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> > Reviewed-by: Peter Marshall <petermarshall@chromium.org> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> > Reviewed-by: Ben Titzer <titzer@chromium.org> > Reviewed-by: Hannes Payer <hpayer@chromium.org> > Cr-Commit-Position: refs/heads/master@{#60648} TBR=jarin@chromium.org,titzer@chromium.org,hpayer@chromium.org,petermarshall@chromium.org,bmeurer@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. TBR=jarin@chromium.org, szuend@chromium.org Bug: v8:4153, v8:7881 Change-Id: I96992bff15b4a2765ae4a557d2c37e78269c927d Cq-Include-Trybots: luci.chromium.try:linux-blink-rel Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593294 Commit-Queue: Peter Marshall <petermarshall@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#61172}
-
Georg Neis authored
Bug: chromium:958021 Change-Id: I6cc6ff2666750b508786db010e202b1e8e1e9536 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593293Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#61171}
-
Ulan Degenbaev authored
This is a reland of 7c426286 Original change's description: > [heap] Use normal marking write barrier for fixed array elements > > This simplifies the marking write barrier for elements to mark the > values instead of revisiting the array. > > Bug: chromium:918485 > > Change-Id: Id5da0d5b9ff8385a256fe14f4bf7171f9f6343e1 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1588459 > Commit-Queue: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Hannes Payer <hpayer@chromium.org> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Cr-Commit-Position: refs/heads/master@{#61125} Bug: chromium:918485 Change-Id: I8075e0333b3a05bc6193eb4bc030bfdcd72e64d8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593088Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#61170}
-
Simon Zünd authored
This enables "goto definition" navigation for parent types. R=sigurds@chromium.org Bug: v8:8880 Change-Id: I3207ec8b85f0e36cbab3519b89af98bba1666406 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593081 Commit-Queue: Simon Zünd <szuend@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#61169}
-
Alexander Neville authored
This patch ports the following builtins to torque: - Math.acos() - Math.acosh() - Math.asin() - Math.asinh() - Math.atan() - Math.atan2() - Math.atanh() - Math.cbrt() - Math.cos() - Math.cosh() - Math.exp() - Math.expm1() - Math.fround() - Math.log() - Math.log1p() - Math.log10() - Math.log2() - Math.sin() - Math.sinh() - Math.sqrt() - Math.tan() - Math.tanh() Change-Id: Ia7b0246744e4b0cace696dc309622e287397be1f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1584169 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#61168}
-
Michael Achenbach authored
This is a reland of e632f8f4 Original change's description: > [test] Remove longer timeout on bots > > CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_linux_gc_stress_dbg > CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_linux_gcc_rel > CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_linux64_msan_rel > CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_linux64_tsan_rel > CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_linux_arm64_dbg > CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_mac64_asan_rel > CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_win64_dbg > CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_android_arm64_n5x_rel_ng > CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_linux64_cfi_rel_ng > CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_linux64_ubsan_rel_ng > CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_linux_arm_lite_rel_ng > CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_linux_noi18n_rel_ng > CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_mac64_dbg_ng > > Bug: v8:9145 > Change-Id: I6efee8579d9d9e0aad0431f6b87c152141d4ec7f > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1581261 > Commit-Queue: Michael Achenbach <machenbach@chromium.org> > Reviewed-by: Tamer Tas <tmrts@chromium.org> > Cr-Commit-Position: refs/heads/master@{#61107} Bug: v8:9145 Change-Id: Id8f0468bbf2d67f62141e7f7c42417d351c3fffa Cq-Include-Trybots: luci.v8.try:v8_linux_gc_stress_dbg Cq-Include-Trybots: luci.v8.try:v8_linux_gcc_rel Cq-Include-Trybots: luci.v8.try:v8_linux64_msan_rel Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel Cq-Include-Trybots: luci.v8.try:v8_linux_arm64_dbg Cq-Include-Trybots: luci.v8.try:v8_mac64_asan_rel Cq-Include-Trybots: luci.v8.try:v8_win64_dbg Cq-Include-Trybots: luci.v8.try:v8_android_arm64_n5x_rel_ng Cq-Include-Trybots: luci.v8.try:v8_linux64_cfi_rel_ng Cq-Include-Trybots: luci.v8.try:v8_linux64_ubsan_rel_ng Cq-Include-Trybots: luci.v8.try:v8_linux_arm_lite_rel_ng Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng Cq-Include-Trybots: luci.v8.try:v8_mac64_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1588429Reviewed-by: Tamer Tas <tmrts@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#61167}
-
Georg Neis authored
This fixes a memory leak. Bug: v8:9191, v8:7790 Change-Id: I0df49cd3a6791600638a67b4b7ad9687562e500b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1588426 Commit-Queue: Georg Neis <neis@chromium.org> Auto-Submit: Georg Neis <neis@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#61166}
-
Clemens Hammacher authored
This adds the next step to freeing code: We free the actual C++ {WasmCode} objects. This will cause UAF if any C++ code uses stale references. The underlying machine code will still not be freed. For simplicity, this CL changes the vector of owned_code to an ordered set, such that lookup and removal is much simpler. The drawback is that insertion is now more expensive. R=mstarzinger@chromium.org Bug: v8:8217 Change-Id: I07fc81167816637fbaad6c06ff79e3f952f2fde8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593080 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#61165}
-
Michael Achenbach authored
NOTRY=true Change-Id: I20f88cb163797690a3b91863c40f1ca7d201bb9b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593079Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#61164}
-
Michael Achenbach authored
This reverts commit b0c4a876. Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/26470 Original change's description: > [json] Speed up json parsing > > - scan using raw data pointers + GC callback > - scan using scanner tables > - cap internalizing large string values > - inline fast transitioning logic > > Fixes previous CL by moving AllowHeapAllocation to callers of > ReportUnexpectedCharacter where needed to make it clear we need to exit. > > Tbr: ulan@chromium.org > Change-Id: Icfbb7cd536e0fbe153f34acca5d0fab6b5453d71 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1591778 > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Commit-Queue: Toon Verwaest <verwaest@chromium.org> > Cr-Commit-Position: refs/heads/master@{#61159} TBR=ulan@chromium.org,ishell@google.com,ishell@chromium.org,verwaest@chromium.org Change-Id: Ibe823e187d9ab999be7278140b0ed31868440e9e No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593090Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#61163}
-
Georg Neis authored
Change-Id: I626e26fa2e1486365c858f3fc616422199242f5b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1588422 Auto-Submit: Georg Neis <neis@chromium.org> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#61162}
-
Ben L. Titzer authored
R=mstarzinger@chromium.org Change-Id: Ibb30a4413d1e40adab8802a84b7a962d3ea3f933 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593084 Commit-Queue: Ben Titzer <titzer@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#61161}
-
Clemens Hammacher authored
We won't remove the jump table for performance reasons. That would complicate a lot of code and remove options for tiering and code aging. Thus remove the TODO. R=titzer@chromium.org No-Try: true Change-Id: Ifbbfdeeeb17078feaea4f358169bc5943ba09ddb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593089Reviewed-by: Ben Titzer <titzer@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#61160}
-
Toon Verwaest authored
- scan using raw data pointers + GC callback - scan using scanner tables - cap internalizing large string values - inline fast transitioning logic Fixes previous CL by moving AllowHeapAllocation to callers of ReportUnexpectedCharacter where needed to make it clear we need to exit. Tbr: ulan@chromium.org Change-Id: Icfbb7cd536e0fbe153f34acca5d0fab6b5453d71 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1591778Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#61159}
-
Jaroslav Sevcik authored
The problem is with element kinds transitions without going through runtime (i.e., IC or optimizing compiler). Bug: chromium:952682 Change-Id: I6fe2bb30a0ea6fecb8f6e0750427cc50cc50f9e1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593083Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#61158}
-
Georg Neis authored
- Add missing uses of MapInference::NoChange. - Insert map checks even if inferred maps were reliable, because they were inferred for an earlier effect input. Bug: chromium:958420, chromium:958350, v8:9197 Change-Id: Id7677b1fc6f1e09dc12ae178f1155e4245b4e3e6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593077 Auto-Submit: Georg Neis <neis@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#61157}
-
Georg Neis authored
Replace the unsafe function NodeProperties::HasInstanceTypeWitness with a new safe method on MapInference. Bug: v8:9197 Change-Id: I937433c7721946139dc761750ea34032e58e275c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1591612Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Auto-Submit: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#61156}
-
Maciej Goszczycki authored
Bug: v8:9183 Change-Id: I1e47de782f0422369096b382427565d5816b99b9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1591614Reviewed-by: Dan Elphick <delphick@chromium.org> Commit-Queue: Dan Elphick <delphick@chromium.org> Auto-Submit: Maciej Goszczycki <goszczycki@google.com> Cr-Commit-Position: refs/heads/master@{#61155}
-
Georg Neis authored
R=jarin Change-Id: I36d4952f351cfa428532cfd56ecbb10c9fe3d39a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1588469 Auto-Submit: Georg Neis <neis@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#61154}
-
Pierre Langlois authored
Improve code generation for stores with write barriers slightly by using the assembler's dedicated scratch registers (x16 and x17 on Arm64, ip on Arm) instead of allocating temporaries. To do this, we've done two things: - Use ip as a scratch register when loading page flags. - TurboAssembler::CallRecordWriteStub() now takes the offset of the slot that's written to rather than its address, removing the need to allocate a temporary register for it. In essence, we've gone from: ``` ;; Do the store. stur x19, [x9, #15] ;; Check *destination* object page flags and jump out-of-line. and x4, x9, #0xfffffffffff80000 ldr x4, [x4, #8] tbnz x4, #2, #+0x1e7c | ;; Check *source* object page flags. | `-> and x4, x19, #0xfffffffffff80000 | ldr x4, [xM, #8] |,--- tbz x4, #1, #-0x1e80 | ;; Compute address of slot. | add x5, x9, #0xf (15) | ;; Setup arguments to RecordWrite | stp x2, x3, [sp, #-32]! | stp x4, lr, [sp, #16] | stp x0, x1, [sp, #-16]! | mov x0, x9 ;; Object address in x9 | mov x1, x5 ;; Slot address in x5 | movz x2, #0x0 | movz x3, #0x100000000 | ;; Call RecordWrite | ldr x16, pc+2056 | blr x16 ``` Which allocates x4 and x5 as temporaries. To: ``` stur x19, [x9, #15] and x16, x9, #0xfffffffffff80000 ;; Using x16 instead of allocating x4. ldr x16, [x16, #8] tbnz x16, #2, #+0x1e7c | `-> and x16, x19, #0xfffffffffff80000 | ldr x16, [xM, #8] |,--- tbz x16, #1, #-0x1e80 | stp x2, x3, [sp, #-32]! | stp x4, lr, [sp, #16] | stp x0, x1, [sp, #-16]! | mov x0, x9 ;; Object address still in x9. | add x1, x9, #0xf (15) ;; Compute the slot address directly. | movz x2, #0x0 | movz x3, #0x100000000 | ldr x16, pc+2056 | blr x16 ``` Finally, `RecordWriteField()` does not need an extra scratch register anymore. Change-Id: Icb71310e7b8ab1ca83ced250851456166b337d00 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1505793 Commit-Queue: Pierre Langlois <pierre.langlois@arm.com> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#61153}
-
Ben L. Titzer authored
R=mstarzinger@chromium.org Change-Id: Iefd80d3365369dbf9bfb9832640d90963253e603 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593082Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Ben Titzer <titzer@chromium.org> Cr-Commit-Position: refs/heads/master@{#61152}
-
Clemens Hammacher authored
The "stress_background_compile" variant runs on all our bots. We combine it with testing wasm code GC (which kind of fits into background compile stressing) to get more coverage for that. Both features are orthogonal, so we can test both at the same time without loosing any coverage. R=machenbach@chromium.org CC=rmcilroy@chromium.org Bug: v8:8217 Change-Id: Ib17decd4869978ff98e302694fa73d70ceec120e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1588472Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#61151}
-
v8-ci-autoroll-builder authored
Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/020b429..fe1dbe1 TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org Change-Id: I854de89cdf421d58e2205363ad0370ecf97b6b2f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593095Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#61150}
-
Dan Elphick authored
Fixes several warnings reported for internal repo by: * using vector::empty instead of vector::size() == 0 * removing redundant return; at the end of a function * making operator= return OriginalType& Bug: v8:9183 Change-Id: I8c725bd7b0bc011557fb2bb68a561ee413ab38f5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1589978 Auto-Submit: Dan Elphick <delphick@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Commit-Queue: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#61149}
-
Mythri A authored
With bytecode flushing and lazy feedback allocation, we need to call %PrepareForOptimization before we call %OptimizeFunctionOnNextCall Bug: v8:8801, v8:8394 Change-Id: I1f84477a8cef27b4cff61b54daf6fe1a9e5f8e76 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1591775 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#61148}
-
Simon Zünd authored
R=sigurds@chromium.org Bug: v8:7793 Change-Id: Id0ba3a7b9f168e661ca786a0f1e18cd58c9210aa Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593073Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#61147}
-
Clemens Hammacher authored
The index is an {int} initially. We then store it as {intptr_t}, and the accessor returns it as {size_t}. This CL consolidates everything to {int}, fixes naming of {HasTrapHandlerIndex} and defines the simple accessors inline. R=titzer@chromium.org Bug: v8:9183 Change-Id: I1afa792117201d4dda3fcc437a4e518489b9ff17 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1590079Reviewed-by: Ben Titzer <titzer@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#61146}
-
Tamer Tas authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/4087d63..d6fe3ed Rolling v8/test/test262/harness: https://chromium.googlesource.com/external/github.com/test262-utils/test262-harness-py/+log/9bd99c6..4555345 Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/5b26b37..5a34ef7 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/e49aed3..020b429 Rolling v8/third_party/googletest/src: https://chromium.googlesource.com/external/github.com/google/googletest/+log/a53e931..9997a83 Rolling v8/third_party/icu: https://chromium.googlesource.com/chromium/deps/icu/+log/35f7e13..ae4b77d TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org Change-Id: Ic24825a733ac1e0f6956de7096fc23952c673ff3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1591348 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Tamer Tas <tmrts@chromium.org> Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#61145}
-
Frank Tang authored
Two PR of test262 tests are in https://github.com/tc39/test262/pull/2139 and https://github.com/tc39/test262/pull/2134 Bug: v8:7729 Change-Id: Ic416be0cec0fda90ee89c03ba4c6bb3192bf871d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1589633Reviewed-by: Jungshik Shin <jshin@chromium.org> Reviewed-by: Mathias Bynens <mathias@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/master@{#61144}
-
- 01 May, 2019 5 commits
-
-
Milad Farazmand authored
Port 18c29ab9 Original Commit Message: Port ed319e84 Original Commit Message: Failure addressed by not exposing the new test to the jitless environment. (jgruber@ on TBR). New enum RelocInfo::COMPRESSED_EMBEDDED_OBJECT created to support compressed pointers in generated code. Enum name EMBEDDED_OBJECT changed to FULL_EMBEDDED_OBJECT. RelocInfo::[set_]target_object() abstract away the difference between FULL_EMBEDDED_OBJECT and COMPRESSED_EMBEDDED_OBJECT. Compressed embedded objects can only be created at this time on x64 with pointer compression turned on. Arm64 constant pools don't support compressed objects at this time. R=miladfar@ca.ibm.com, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG= LOG=N Change-Id: I97ef9b7394f384c2a1b97aab9fdac0eeb80eb734 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1591993Reviewed-by: Junliang Yan <jyan@ca.ibm.com> Commit-Queue: Junliang Yan <jyan@ca.ibm.com> Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#61143}
-
Milad Farazmand authored
Port 08756826 Original Commit Message: Port 4b0f9c85 Original Commit Message: Our {Vector} template provides both {start} and {begin} methods. They return exactly the same value. Since the {begin} method is needed for iteration, and is also what standard containers provide, this CL switches all uses of the {start} method to use {begin} instead. Patchset 1 was auto-generated by using this clang AST matcher: callExpr( callee( cxxMethodDecl( hasName("start"), ofClass(hasName("v8::internal::Vector"))) ), argumentCountIs(0)) Patchset 2 was created by running clang-format. Patchset 3 then removes the now unused {Vector::start} method. R=miladfar@ca.ibm.com, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG= LOG=N Change-Id: Ief052e7655ede161504cf058eddd81714e6e5929 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1590168 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#61142}
-
Milad Farazmand authored
Port 403cac98 Original Commit Message: This is an extension of 138d2dfc. R=joey.gouly@arm.com, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG= LOG=N Change-Id: If344e23bc4f96835125068497fabbd0d2ba0305a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1591413Reviewed-by: Junliang Yan <jyan@ca.ibm.com> Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#61141}
-
Georg Neis authored
This is a reland of 9284ad57, after adding a missing speculation mode check in ReduceCallApiFunction. Original change's description: > [turbofan] Avoid raw InferReceiverMaps in JSCallReducer > > Instead provide an abstraction that makes it hard to forget > dealing with unreliable maps. > > This also fixes a deopt loop in Function.prototype.bind and > one in Array.prototype.reduce. > > Bug: v8:9137 > Change-Id: If6a51182c8693a62e9fb6d302cec19b4d48e25cb > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1578501 > Commit-Queue: Georg Neis <neis@chromium.org> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> > Cr-Commit-Position: refs/heads/master@{#61106} Tbr: jarin@chromium.org Bug: v8:9137, v8:9197 Change-Id: I0db68d267055969553c0c1b85fad7b909075c062 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1589976 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#61140}
-
Sathya Gunasekaran authored
Bug: v8:5367, v8:5368 Change-Id: I86f25f9f658e21a05604f3014e6ebf74f1a8a1f7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1590164Reviewed-by: Mathias Bynens <mathias@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#61139}
-
- 30 Apr, 2019 2 commits
-
-
Johannes Henkel authored
New Rev: 8c3f1afc2dc5b8588bc2dc5f12a93255383d7236 Change-Id: I88fcc74b969d114cc6c491c9d1aa5872245f8f5c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1590624Reviewed-by: Alexei Filippov <alph@chromium.org> Commit-Queue: Johannes Henkel <johannes@chromium.org> Cr-Commit-Position: refs/heads/master@{#61138}
-
Sathya Gunasekaran authored
This reverts commit 36dd2bca. Reason for revert: msan still failing https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/26453 Original change's description: > Reland "[json] Speed up json parsing" > > This is a reland of de8aaef5 > > Original change's description: > > [json] Speed up json parsing > > > > - scan using raw data pointers + GC callback > > - scan using scanner tables > > - cap internalizing large string values > > - inline fast transitioning logic > > > > Change-Id: I545620017b38b80e4193dfaf19381411adf5ff89 > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1584320 > > Commit-Queue: Toon Verwaest <verwaest@chromium.org> > > Reviewed-by: Igor Sheludko <ishell@chromium.org> > > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#61132} > > Tbr: ulan@chromium.org > Change-Id: Iafd5e7c750a9f3eae706baf51dc4c9237c916132 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1588887 > Commit-Queue: Toon Verwaest <verwaest@chromium.org> > Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> > Cr-Commit-Position: refs/heads/master@{#61136} TBR=ulan@chromium.org,gsathya@chromium.org,ishell@chromium.org,verwaest@chromium.org Change-Id: If0a34e017fed7688873c21f4b65f62b246820732 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1590626Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#61137}
-