- 30 Apr, 2019 9 commits
-
-
Mythri A authored
With bytecode flushing and lazy feedback allocation, we need to call %PrepareForOptimization before we call %OptimizeFunctionOnNextCall Bug: v8:8801, v8:8394 Change-Id: I81918f174b2f97cbaa8b8ef2e459080c2581f535 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1588415 Commit-Queue: Mythri Alle <mythria@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#61122}
-
Sigurd Schneider authored
This reverts commit 9284ad57. Reason for revert: breaks blink tests: https://ci.chromium.org/p/v8/builders/ci/V8-Blink%20Win/16839 Original change's description: > [turbofan] Avoid raw InferReceiverMaps in JSCallReducer > > Instead provide an abstraction that makes it hard to forget > dealing with unreliable maps. > > This also fixes a deopt loop in Function.prototype.bind and > one in Array.prototype.reduce. > > Bug: v8:9137 > Change-Id: If6a51182c8693a62e9fb6d302cec19b4d48e25cb > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1578501 > Commit-Queue: Georg Neis <neis@chromium.org> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> > Cr-Commit-Position: refs/heads/master@{#61106} TBR=jarin@chromium.org,neis@chromium.org Change-Id: I97e0f47fb82eda76656905a3f7cc494babd92be6 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:9137 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1588433Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#61118}
-
Jaroslav Sevcik authored
This just adds the same case we already added in https://chromium-review.googlesource.com/c/v8/v8/+/1478192 for conversions to tagged representation. Bug: chromium:957559 Change-Id: I62a388ba47bd72d65fa07d0141362d7f1383c96e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1588428Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#61115}
-
Frederik Gossen authored
Fix recognition of lazy functions when {--wasm-lazy-compilation} is used. Bug: chromium:956771 Change-Id: I3f9bb25ccf3920a6c3d266876faace8841dcdc61 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585843Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Frederik Gossen <frgossen@google.com> Cr-Commit-Position: refs/heads/master@{#61114}
-
Andreas Haas authored
This CL refactors WasmTableObject::Grow to make it usable for the table.grow instruction of WebAssembly. The refactored version of WasmTableObject::Grow does additionally: * Check if growing is possible * Grow the FixedArray backing store of the table and initialize the new fields. * Calculate the return value of WasmTableObject::Grow. R=jkummerow@chromium.org Bug: v8:7581 Change-Id: Ic6c867b96c30bd987ea281d5b3515a04bc5a3900 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1588136 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#61112}
-
Yang Guo authored
This reverts commit e632f8f4. Reason for revert: Seems to cause some timeouts to trigger failures: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/26129 Original change's description: > [test] Remove longer timeout on bots > > CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_linux_gc_stress_dbg > CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_linux_gcc_rel > CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_linux64_msan_rel > CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_linux64_tsan_rel > CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_linux_arm64_dbg > CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_mac64_asan_rel > CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_win64_dbg > CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_android_arm64_n5x_rel_ng > CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_linux64_cfi_rel_ng > CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_linux64_ubsan_rel_ng > CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_linux_arm_lite_rel_ng > CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_linux_noi18n_rel_ng > CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_mac64_dbg_ng > > Bug: v8:9145 > Change-Id: I6efee8579d9d9e0aad0431f6b87c152141d4ec7f > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1581261 > Commit-Queue: Michael Achenbach <machenbach@chromium.org> > Reviewed-by: Tamer Tas <tmrts@chromium.org> > Cr-Commit-Position: refs/heads/master@{#61107} TBR=machenbach@chromium.org,tmrts@chromium.org Change-Id: I5e23aebc41e6ab15baa57093f7f056cdabd58f21 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:9145 Cq-Include-Trybots: luci.v8.try:v8_linux_gc_stress_dbg, luci.v8.try:v8_linux_gcc_rel, luci.v8.try:v8_linux64_msan_rel, luci.v8.try:v8_linux64_tsan_rel, luci.v8.try:v8_linux_arm64_dbg, luci.v8.try:v8_mac64_asan_rel, luci.v8.try:v8_win64_dbg, luci.v8.try:v8_android_arm64_n5x_rel_ng, luci.v8.try:v8_linux64_cfi_rel_ng, luci.v8.try:v8_linux64_ubsan_rel_ng, luci.v8.try:v8_linux_arm_lite_rel_ng, luci.v8.try:v8_linux_noi18n_rel_ng, luci.v8.try:v8_mac64_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1588425Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#61111}
-
Michael Achenbach authored
CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_linux_gc_stress_dbg CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_linux_gcc_rel CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_linux64_msan_rel CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_linux64_tsan_rel CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_linux_arm64_dbg CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_mac64_asan_rel CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_win64_dbg CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_android_arm64_n5x_rel_ng CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_linux64_cfi_rel_ng CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_linux64_ubsan_rel_ng CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_linux_arm_lite_rel_ng CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_linux_noi18n_rel_ng CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_mac64_dbg_ng Bug: v8:9145 Change-Id: I6efee8579d9d9e0aad0431f6b87c152141d4ec7f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1581261 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Tamer Tas <tmrts@chromium.org> Cr-Commit-Position: refs/heads/master@{#61107}
-
Georg Neis authored
Instead provide an abstraction that makes it hard to forget dealing with unreliable maps. This also fixes a deopt loop in Function.prototype.bind and one in Array.prototype.reduce. Bug: v8:9137 Change-Id: If6a51182c8693a62e9fb6d302cec19b4d48e25cb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1578501 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#61106}
-
Frederik Gossen authored
Ignore the error type in {assertThrows} only if it was not passed as an argument. If users do not care about the error type they can user the generic type {Error}. Before this change, an undefined error type would simply be ignored. A simple typo could therefore disable the error type assertion without being recognized. Change-Id: I9becfd0bf14dcaa511854e65ff94f94481cc79b0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585855 Commit-Queue: Frederik Gossen <frgossen@google.com> Reviewed-by: Mathias Bynens <mathias@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#61105}
-
- 29 Apr, 2019 2 commits
-
-
Benedikt Meurer authored
This adds a new %_CopyDataProperties intrinsic, that reuses most of the existing machinery that we already have in place for Object.assign() and computed property names in object literals. This speeds up the general case for object spread (where the spread is not the first item in an object literal) and brings it on par with Object.assign() at least - in most cases it's significantly faster than Object.assign(). In the test case [1] referenced from the bug, the performance goes from objectSpreadLast: 3624 ms. objectAssignLast: 1938 ms. to objectSpreadLast: 646 ms. objectAssignLast: 1944 ms. which corresponds to a **5-6x performance boost**, making object spread faster than Object.assign() in general. Drive-by-fix: This refactors the Object.assign() fast-path in a way that it can be reused appropriately for object spread, and adds another new builtin SetDataProperties, which does the core of the Object.assign() work. We can teach TurboFan to inline Object.assign() based on the new SetDataProperties builtin at some later point to further optimize Object.assign(). [1]: https://gist.github.com/bmeurer/0dae4a6b0e23f43d5a22d7c91476b6c0 Bug: v8:9167 Change-Id: I57bea7a8781c4a1e8ff3d394873c3cd4c5d73834 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1587376Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Auto-Submit: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#61100}
-
Frederik Gossen authored
Allow for a third compilation strategy that compiles baseline code lazily but initiates top tier compilation immediately. The strategy aims at reducing startup time. Bug: v8:9003 Change-Id: Ifd2060b25386c5221a45f6038c3849afeb956e69 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1571620Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Frederik Gossen <frgossen@google.com> Cr-Commit-Position: refs/heads/master@{#61077}
-
- 28 Apr, 2019 1 commit
-
-
Jaroslav Sevcik authored
This CL just updates the map to its non-deprecated counterpart before adding the integrity level transition. Bug: chromium:956426 Change-Id: I0aaaeb0451aed28c8893968bbcd9f6eb327da18b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585858Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#61057}
-
- 27 Apr, 2019 1 commit
-
-
Jaroslav Sevcik authored
This enables constant field tracking unconditionally. TBR=jgruber@chromium.org Bug: v8:8361 Change-Id: I02f35827d860c3e0f18a3d55cb156c088d48bc94 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585730 Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#61055}
-
- 26 Apr, 2019 4 commits
-
-
Z Duong Nguyen-Huu authored
This is reland of https://chromium-review.googlesource.com/c/v8/v8/+/1575036 which the flaky test is fixed by moving '%PrepareFunctionForOptimization' around Bug: v8:6831 Change-Id: I0e8c3d2452b14c86e8ff0851e1840294734435e2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1582481Reviewed-by: Simon Zünd <szuend@chromium.org> Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com> Cr-Commit-Position: refs/heads/master@{#61050}
-
Andreas Haas authored
The function {memory_copy_wrapper} is called directly from WebAssembly. Before calling {memory_copy_wrapper} we do not reset the tread-in-wasm flag. On asan builds on Windows this causes the problem observed in the crash report. My theory is the following: asan on Windows uses exceptions to allocate shadow memory lazily. When {memory_copy_wrapper} accesses memory, asan causes an exception to allocate shadow memory. This exception is first caught by the WebAssembly trap handler, which resets the thread-in-wasm flag but then does not handle the exception because it cannot find a proper landing pad. Asan then handles the exception and continues execution. However. the thread-in-wasm flag is not set anymore. A later check of the thread-in-wasm flag then fails. This CL disables asan for {memory_copy_wrapper} and thereby fixes the problem. As indicated above, another solution would be to reset and set the thread-in-wasm flag before and after the call to the C function, respectively. However, we do not do that for other uses of direct calls to C. R=binji@chromium.org Bug: chromium:952342 Change-Id: I2adb2eccf2ac25be58392d21f8f43a04414c7811 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1584326Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#61040}
-
Michael Achenbach authored
NOTRY=true Bug: v8:9145 Change-Id: I0751ad840bb5a93ae0d0988e1b69dd9b1b215f6a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585727 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#61032}
-
Michael Achenbach authored
Test was wrongly unskipped in: https://chromium-review.googlesource.com/c/v8/v8/+/1565892 TBR=sigurds@chromium.org NOTRY=true Bug: v8:9127 Change-Id: I2d223dafd248486ca9291af874278f1fd499f8ce Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585723Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#61031}
-
- 25 Apr, 2019 5 commits
-
-
Simon Zünd authored
This is a reland of 3d846115 Reland changes mjsunit.status to skip the regression test on all bots except ASAN. Original change's description: > [typedarray] Fix crash when sorting SharedArrayBuffers > > TypedArray#sort has a fast-path when the user does not provide a > comparison function. This fast-path utilizes std::sort which operates > directly on the raw data. Per spec, std::sort requires the "less than" > operation to be anti-symmetric and transitive. > > When sorting SharedArrayBuffers (SAB) that are concurrently modified during > sorting, the "less than" operator stops being consistent as the > underlying data is constantly modified. This breaks some invariants > in std::sort resulting in infinite loops or straight out segfaults. > > This CL fixes this by copying the data before sorting SABs and > writing the sorted result back. > > Note: The added regression test is tailored for ASAN bots as a > normal build would need too many iterations to consistently crash. > > R=neis@chromium.org, petermarshall@chromium.org > > Bug: v8:9161 > Change-Id: Ic089928652f75865bfdb11e7453806faa6ecb988 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1581641 > Reviewed-by: Peter Marshall <petermarshall@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Commit-Queue: Simon Zünd <szuend@chromium.org> > Cr-Commit-Position: refs/heads/master@{#61004} Bug: v8:9161 Change-Id: Idffc3fbb5f28f4966c8f1ac6770d5b5d6003a7e7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1583726Reviewed-by: Peter Marshall <petermarshall@chromium.org> Commit-Queue: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#61011}
-
Frederik Gossen authored
Print callee in mjsunit tests. Bug: v8:9003 Change-Id: I9d2abf52a61288f3a58bfd2aee7aeea4a19a25b0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1582410Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Frederik Gossen <frgossen@google.com> Cr-Commit-Position: refs/heads/master@{#61008}
-
Michael Achenbach authored
This reverts commit 3d846115. Reason for revert: The test hangs flakily on windows: https://ci.chromium.org/p/v8/builders/ci/V8%20Win32/20612 https://ci.chromium.org/p/v8/builders/ci/V8%20Win32%20-%20nosnap%20-%20shared/33147 https://ci.chromium.org/p/v8/builders/ci/V8%20Win32%20-%20debug/19945 Original change's description: > [typedarray] Fix crash when sorting SharedArrayBuffers > > TypedArray#sort has a fast-path when the user does not provide a > comparison function. This fast-path utilizes std::sort which operates > directly on the raw data. Per spec, std::sort requires the "less than" > operation to be anti-symmetric and transitive. > > When sorting SharedArrayBuffers (SAB) that are concurrently modified during > sorting, the "less than" operator stops being consistent as the > underlying data is constantly modified. This breaks some invariants > in std::sort resulting in infinite loops or straight out segfaults. > > This CL fixes this by copying the data before sorting SABs and > writing the sorted result back. > > Note: The added regression test is tailored for ASAN bots as a > normal build would need too many iterations to consistently crash. > > R=neis@chromium.org, petermarshall@chromium.org > > Bug: v8:9161 > Change-Id: Ic089928652f75865bfdb11e7453806faa6ecb988 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1581641 > Reviewed-by: Peter Marshall <petermarshall@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Commit-Queue: Simon Zünd <szuend@chromium.org> > Cr-Commit-Position: refs/heads/master@{#61004} TBR=neis@chromium.org,petermarshall@chromium.org,szuend@chromium.org Change-Id: I046da3e4228bb1a8a3aa89d9c9d8de11875a9273 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:9161 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1583725Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#61007}
-
peterwmwong authored
It shipped in Chrome 73. Bug: v8:6890 Change-Id: Idd8c98cf05a0d6e8fa58c5b0a34d079631f68b1b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1582879Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Mathias Bynens <mathias@chromium.org> Commit-Queue: Peter Wong <peter.wm.wong@gmail.com> Cr-Commit-Position: refs/heads/master@{#61005}
-
Simon Zünd authored
TypedArray#sort has a fast-path when the user does not provide a comparison function. This fast-path utilizes std::sort which operates directly on the raw data. Per spec, std::sort requires the "less than" operation to be anti-symmetric and transitive. When sorting SharedArrayBuffers (SAB) that are concurrently modified during sorting, the "less than" operator stops being consistent as the underlying data is constantly modified. This breaks some invariants in std::sort resulting in infinite loops or straight out segfaults. This CL fixes this by copying the data before sorting SABs and writing the sorted result back. Note: The added regression test is tailored for ASAN bots as a normal build would need too many iterations to consistently crash. R=neis@chromium.org, petermarshall@chromium.org Bug: v8:9161 Change-Id: Ic089928652f75865bfdb11e7453806faa6ecb988 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1581641Reviewed-by: Peter Marshall <petermarshall@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#61004}
-
- 24 Apr, 2019 10 commits
-
-
Sathya Gunasekaran authored
This reverts commit 98bbe37e. Reason for revert: breaks gc_stress bot https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20gc%20stress/22113 Original change's description: > Remove always-true --harmony-object-from-entries runtime flag > > It shipped in Chrome 73. > > Bug: v8:8021 > Change-Id: I82875829ff081ce055a0184170b15c65efca1c38 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1581647 > Commit-Queue: Mathias Bynens <mathias@chromium.org> > Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> > Auto-Submit: Mathias Bynens <mathias@chromium.org> > Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> > Cr-Commit-Position: refs/heads/master@{#60992} TBR=gsathya@chromium.org,mathias@chromium.org Change-Id: I812d62a7e8b70a8646e606da5f0f8812fac330c7 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:8021 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1582882 Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#60994}
-
Z Duong Nguyen-Huu authored
Bug: v8:6831 Change-Id: I4d4d9b65a346384b8f6c6dc2cfe0c1ce88116e18 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1574503 Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#60993}
-
Mathias Bynens authored
It shipped in Chrome 73. Bug: v8:8021 Change-Id: I82875829ff081ce055a0184170b15c65efca1c38 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1581647 Commit-Queue: Mathias Bynens <mathias@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Auto-Submit: Mathias Bynens <mathias@chromium.org> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#60992}
-
Clemens Hammacher authored
This reverts commit 81dd67db. Reason for revert: Breaks gc-stress: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20gc%20stress/22111 Original change's description: > Improve test coverage for non-extensible holey array in optimized code > > Bug: v8:6831 > Change-Id: Icb4b504771e623b3c9503c6daffd7b771fbef3a6 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1575036 > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com> > Cr-Commit-Position: refs/heads/master@{#60990} TBR=verwaest@chromium.org,duongn@microsoft.com Change-Id: I0a581c1e47d9883a2727000843ad4e9ede2e411d No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:6831 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1581648Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#60991}
-
Z Duong Nguyen-Huu authored
Bug: v8:6831 Change-Id: Icb4b504771e623b3c9503c6daffd7b771fbef3a6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1575036Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com> Cr-Commit-Position: refs/heads/master@{#60990}
-
Mathias Bynens authored
It shipped in Chrome 72. Bug: v8:7782 Change-Id: I9ddee4370dd65821020dd7292d9e9b9850d060df Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1581603Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Mathias Bynens <mathias@chromium.org> Cr-Commit-Position: refs/heads/master@{#60985}
-
Jaroslav Sevcik authored
This fixes the bounds check for the 'in' operator to handle the negative index case properly (by using the same machinery as the potentially out-of-bounds loads/stores use). Bug: chromium:952586 Change-Id: I2225acae8be7dcedbcde745e8ef202e789085041 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1581179Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#60978}
-
Michael Starzinger authored
This extends the existing test coverage of interactions between the exception handling and the reference type proposal. Now "any-func" and "except-ref" can both be encoded as an exception value. Missing switch cases have been added. R=clemensh@chromium.org TEST=mjsunit/wasm/exceptions-anyref[-interpreter] BUG=v8:8091,v8:7581 Change-Id: Ie2e9819fe66b4daab623390f27bb19007131f619 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1581600Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#60977}
-
Michael Starzinger authored
R=titzer@chromium.org TEST=mjsunit/regress/regress-9165 BUG=v8:9165 Change-Id: If6d7d56bf164a85675590e69bf9857c11fc1b218 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1578463Reviewed-by: Ben Titzer <titzer@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#60969}
-
Toon Verwaest authored
Change-Id: I34dc911d205ab507f668bfd422eb1838f660a6bf Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1571624 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#60964}
-
- 23 Apr, 2019 4 commits
-
-
Z Duong Nguyen-Huu authored
Bug: chromium:953888 Change-Id: If2aa613bac18e61ac733102b45b0ebb6553eae1a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1579539Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com> Cr-Commit-Position: refs/heads/master@{#60959}
-
Sathya Gunasekaran authored
In the PerformPromise{All, Race, AllSettled} operations, the resolve property of the constructor is looked up only once. In the implementation, for the fast path, where the constructor's resolve property is untainted, the resolve function is set to undefined. Since undefined can't be a valid value for the resolve function, we can switch on it (in CallResolve) to directly call the PromiseResolve builtin. If the resolve property is tainted, we do an observable property lookup, save this value, and call this property later (in CallResolve). I ran this CL against the test262 tests locally and they all pass: https://github.com/tc39/test262/pull/2131 Spec: - https://github.com/tc39/ecma262/pull/1506 - https://github.com/tc39/proposal-promise-allSettled/pull/40 Bug: v8:9152 Change-Id: Icb36a90b5a244a67a729611c7b3315d2c29de6e9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1574705 Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#60957}
-
Shiyu Zhang authored
Change-Id: I9480650b23da4f5aa38a0634c1a7662bf88189d7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1551407Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Shiyu Zhang <shiyu.zhang@intel.com> Cr-Commit-Position: refs/heads/master@{#60952}
-
Michael Starzinger authored
The WebAssembly JavaScript Interface specifies[1] that exported functions are not constructors, hence do not have the "prototype" property. This is not true for asm.js exported functions which are expected to look like normal functions (or constructors). [1] https://webassembly.github.io/spec/js-api/index.html#exported-function-exotic-objects R=clemensh@chromium.org TEST=mjsunit/regress/regress-crbug-935800 BUG=chromium:935800 Change-Id: Idecacfb7f5d4668540589af95fd59872334c21a3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1578499 Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#60943}
-
- 19 Apr, 2019 1 commit
-
-
tzik authored
MicrotaskQueue associated to Context may be null after DetachGlobal, and triggering FinalizationGroup clean up on the detached context causes a crash. This CL fixes the crash by cancelling the clean up on such a context. Bug: chromium:937784 Change-Id: I57883ae0caf6c6bb35e482e441b6e09e921d9def Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1552500Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Taiju Tsuiki <tzik@chromium.org> Cr-Commit-Position: refs/heads/master@{#60931}
-
- 18 Apr, 2019 3 commits
-
-
Maya Lekova authored
Bug: chromium:951400 Change-Id: Ib5454541e7c661649ccdb9771298ff90b3e9db5d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1571614 Commit-Queue: Maya Lekova <mslekova@chromium.org> Auto-Submit: Maya Lekova <mslekova@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#60923}
-
Frederik Gossen authored
Add lazy validation for lazily compiled functions. The code is validated only on first use. This applies to functions that are lazily compiled by compilation hint as well as to entirely lazy modules. Bug: v8:9003 Change-Id: If6a640db4bf4b846ac5e3805c138b8ac0a493cf9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1569427 Commit-Queue: Frederik Gossen <frgossen@google.com> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#60921}
-
Georg Neis authored
We see crashes in the wild that we suspect are caused by these changes. This is a manual revert because of conflicts. Revert "[turbofan] Fix incorrect CheckNonEmptyString lowering." This reverts commit b3b70118. Revert "[turbofan] Fix incorrect lowering of CheckNonEmptyString." This reverts commit 57582090. Revert "[turbofan] Significantly improve ConsString creation performance." This reverts commit d6a60a0e. Bug: v8:9147 Change-Id: I262c21e5406a9c4c8ad0e0f995582c5802f0fa1e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1571613Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#60919}
-