- 15 Sep, 2017 29 commits
-
-
Bill Budge authored
This reverts commit c87f8954. Reason for revert: LazyDeoptimizationMultithread failing. https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN%20-%20concurrent%20marking/builds/1876/steps/Bisect%20c87f8954.Retry/logs/LazyDeoptimizationMul.. Original change's description: > Deoptimization and multithreading. > > When using Lockers and Unlockers it is possible to create a > scenario where multiple threads point to the same optimized > code object. When that happens, if one of the threads triggers > deoptimization, then the stack replacement needs to happen in > the stacks of all threads. > With this CL, the deoptimizer visits all threads to do so. > The CL also adds three tests where V8 used to crash. > > Bug: v8:6563 > Change-Id: Iea88f47af2f31181c0ef06d898faccde9ad14432 > Reviewed-on: https://chromium-review.googlesource.com/657423 > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> > Commit-Queue: Juliana Patricia Vicente Franco <jupvfranco@google.com> > Cr-Commit-Position: refs/heads/master@{#48033} TBR=mstarzinger@chromium.org,jarin@chromium.org,bmeurer@chromium.org,jupvfranco@google.com Change-Id: I290c9e339c367f68c0d1b6f7c0780cdbbbdf3f8a No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:6563 Reviewed-on: https://chromium-review.googlesource.com/669399Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#48049}
-
Bill Budge authored
- Moves base::VirtualMemory to v8::internal::VirtualMemory. - Makes VirtualMemory platform-independent by moving internals to new OS:: static methods, for each platform. This will make it easier to delegate memory management in VirtualMemory to V8::Platform, so that embedders like Blink can override it. We can't depend on V8::Platform in base/platform. Bug: chromium:756050 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: Iadfe230b6850bd917727a373f277afded9883adf Reviewed-on: https://chromium-review.googlesource.com/653214 Commit-Queue: Bill Budge <bbudge@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#48048}
-
Scott Graham authored
Fuchsia changed their kernel name from Magenta to Zircon and all the functions and defines along with it. In order to be able to roll the SDK in Chromium, we first need to land with this define added in v8, so that can roll in to Chromium, then roll the Fuchsia SDK with this magic define set (CHROMIUM_ROLLING_MAGENTA_TO_ZIRCON), then actually update v8 to reference zx_ instead of mx_ and roll that again. Chromium-side for reference: https://chromium-review.googlesource.com/c/chromium/src/+/669139 Bug: chromium:765754, chromium:707030 Change-Id: I4ed5027f455d2346f431e7c700e87693348d5b79 Reviewed-on: https://chromium-review.googlesource.com/668751Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Scott Graham <scottmg@chromium.org> Cr-Commit-Position: refs/heads/master@{#48047}
-
Ali Ijaz Sheikh authored
Change-Id: If0bec38d41a415e9fbfff57ac891de0461bac13b Reviewed-on: https://chromium-review.googlesource.com/668836Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com> Cr-Commit-Position: refs/heads/master@{#48046}
-
Albert Mingkun Yang authored
This is a reland of dbfdd4f9 Original change's description: > [heap] Turn on v8_enable_csa_write_barrier > > With this commit, write barrier is switched to use CodeStubAssembler. > > Bug: chromium:749486 > Change-Id: I7e0914bee971e4f3a3257740ae7c83b31f791bd9 > Reviewed-on: https://chromium-review.googlesource.com/598088 > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Commit-Queue: Albert Mingkun Yang <albertnetymk@google.com> > Cr-Commit-Position: refs/heads/master@{#48006} Bug: chromium:749486 Change-Id: I00933d989568c82b5fbaf6203bb146c65f8e4282 Reviewed-on: https://chromium-review.googlesource.com/668636Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Albert Mingkun Yang <albertnetymk@google.com> Cr-Commit-Position: refs/heads/master@{#48045}
-
Albert Mingkun Yang authored
Since DeserializeLazy uses write barrier, deserializing write barrier lazily would cause cyclic dependency. This commit changes RecordWrite to be deserializd eagerly. Bug: chromium:765301 chromium:749486 Change-Id: I363692baf9b742289c0443afac634662f0026922 Reviewed-on: https://chromium-review.googlesource.com/668454 Commit-Queue: Albert Mingkun Yang <albertnetymk@google.com> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#48044}
-
Ali Ijaz Sheikh authored
Bug: chromium:633920 Change-Id: I9a2f4a89f6b9c0f63cb3b166b06a88a12f0a203c Reviewed-on: https://chromium-review.googlesource.com/631696 Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#48043}
-
Anna Henningsen authored
The `SaveContext` operation in `AsyncCompileJob::CompileTask` allocates a handle. However, the platform implementation may not be able to provide a `HandleScope`, since it cannot tell whether the isolate is disposed (and the task canceled) at the time it runs the task; so it is an API requirement of `CancelableTask` is that `RunInternal()` does not leak any handles into outside scopes. Change-Id: I86db36ddc71f774a31d5bc13b7399ef961374d6f Reviewed-on: https://chromium-review.googlesource.com/668397Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#48042}
-
Ulan Degenbaev authored
Empty slot set buckets can leak in the following scenarios. Scenario 1 (large object space): 1) A large array is allocated in the large object space. 2) The array is filled with old->new references, which allocates new slot set buckets. 3) The references are overwritten with smis or old space pointers, which make the slots set buckets empty. 4) Garbage collection (scavenge or mark-compact) iterates the slots set of the array and pre-frees the empty buckets. 5) Steps 2-4 repeated many times and leak arbitary many empty buckets. The fix to free empty buckets for large object space in mark-compact. Scenario 2 (no mark-compact): 1) A small array is allocated in the old space. 2) The array is filled with old->new references, which allocates new slot set buckets. 3) The references are overwritten with smis or old space pointers, which make the slots set buckets empty. 4) Scavenge iterates the slots set of the array and pre-frees the empty buckets. 5) Steps 2-4 repeated many times and leak arbitary many empty buckets. The fix to free empty buckets for swept pages in scavenger. Bug: v8:6800 TBR: mlippautz@chromium.org Change-Id: I48d94870f5acf4f6208858271886911c895a9126 Reviewed-on: https://chromium-review.googlesource.com/668442Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#48041}
-
Mike Stanton authored
Support inlining of Array.prototype.filter in TurboFan. Bug: v8:1956 Change-Id: Iba4d683aaa86c6104e8a1cf4d0f549a0c516576a Reviewed-on: https://chromium-review.googlesource.com/657021 Commit-Queue: Michael Stanton <mvstanton@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#48040}
-
Camillo Bruni authored
Given that the index we use is checked to be in array index range there is no need for a costly ToString conversion. All involved helpers for lookup up properties directly support Smi/HeapNumber indices directly. Cleanup: Rename GotoUnlessNumberLessThan => GotoIfNumberGreaterThanOrEqual Change-Id: Iaddc4940f5d984572aa218d568ca71bf694cee74 Reviewed-on: https://chromium-review.googlesource.com/640388 Commit-Queue: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#48039}
-
Sigurdur Asgeirsson authored
Bug: chromium:763010 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: I7d479f8abb16ffd7ffc19d3a6b58da01f5feddd0 Reviewed-on: https://chromium-review.googlesource.com/661054Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Sigurður Ásgeirsson <siggi@chromium.org> Cr-Commit-Position: refs/heads/master@{#48038}
-
Mike Stanton authored
Bug: v8:6409 Change-Id: I23b5c20022dcda5f46489596b3de4fb69be7e568 Reviewed-on: https://chromium-review.googlesource.com/660539 Commit-Queue: Michael Stanton <mvstanton@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#48037}
-
Albert Mingkun Yang authored
This reverts commit dbfdd4f9. Reason for revert: https://clusterfuzz.com/v2/testcase-detail/5493096547876864?noredirect=1 Original change's description: > [heap] Turn on v8_enable_csa_write_barrier > > With this commit, write barrier is switched to use CodeStubAssembler. > > Bug: chromium:749486 > Change-Id: I7e0914bee971e4f3a3257740ae7c83b31f791bd9 > Reviewed-on: https://chromium-review.googlesource.com/598088 > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Commit-Queue: Albert Mingkun Yang <albertnetymk@google.com> > Cr-Commit-Position: refs/heads/master@{#48006} TBR=ulan@chromium.org,albertnetymk@google.com # Not skipping CQ checks because original CL landed > 1 day ago. Bug: chromium:749486 Change-Id: I8cf6a3f1d2ea607a0160b37b797d743b88b004b5 Reviewed-on: https://chromium-review.googlesource.com/667018Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Albert Mingkun Yang <albertnetymk@google.com> Cr-Commit-Position: refs/heads/master@{#48036}
-
Toon Verwaest authored
Bug: Change-Id: I7ac2f30c70c76ea7c3156750b53ad34baeb046cb Reviewed-on: https://chromium-review.googlesource.com/667113Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#48035}
-
Ulan Degenbaev authored
Currently transition array targets have conditional weakness depending on the type of the target. Map targets are weak and all other targets are strong. This patch wraps maps in transitions arrays in weak cells, which allows us to treat all elements of transition arrays strongly. Conditional weakness is unsafe for concurrent marking because the condition can change during marking. Bug: chromium:694255 Change-Id: I64e5d0699698fc7c1758f3fbc52da43014c247af Reviewed-on: https://chromium-review.googlesource.com/641271 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#48034}
-
Juliana Franco authored
When using Lockers and Unlockers it is possible to create a scenario where multiple threads point to the same optimized code object. When that happens, if one of the threads triggers deoptimization, then the stack replacement needs to happen in the stacks of all threads. With this CL, the deoptimizer visits all threads to do so. The CL also adds three tests where V8 used to crash. Bug: v8:6563 Change-Id: Iea88f47af2f31181c0ef06d898faccde9ad14432 Reviewed-on: https://chromium-review.googlesource.com/657423Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Juliana Patricia Vicente Franco <jupvfranco@google.com> Cr-Commit-Position: refs/heads/master@{#48033}
-
Jaroslav Sevcik authored
Bug: chromium:765433 Change-Id: Iecc9540f6305bc24a0a5210c149b55403b9ce09d Reviewed-on: https://chromium-review.googlesource.com/667106Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#48032}
-
Jaideep Bajwa authored
When accessing the buffer in 1 byte increments, the order should be reversed for BE. R=petermarshall@chromium.org, yangguo@chromium.org BUG= LOG=N Change-Id: I27a57e12479d1c00488546a92428b9183d87f8bf Reviewed-on: https://chromium-review.googlesource.com/667902Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Jaideep Bajwa <bjaideep@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#48031}
-
sreten.kovacevic authored
Fixed issue with UseScratchRegisterScope that made test fail on r1 and wrong register usage on all arch variants. Bug: Change-Id: Id89ff84046d012dd0767b9031b2719f9a95a08b8 Reviewed-on: https://chromium-review.googlesource.com/667139Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@imgtec.com> Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@imgtec.com> Cr-Commit-Position: refs/heads/master@{#48030}
-
Michael Starzinger authored
R=ahaas@chromium.org Change-Id: Ifadde080f27e6cf37e1b72d656e3ff91d5f2ba15 Reviewed-on: https://chromium-review.googlesource.com/668359Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#48029}
-
Mathias Bynens authored
This patch ensures a `TypeError` is thrown when the argument passed to `Array.prototype.sort` or `%TypedArray%.prototype.sort` is neither a function nor `undefined`. Every other major JavaScript engine already threw in this case. Making V8’s behavior match increases interoperability. https://github.com/tc39/ecma262/pull/785 BUG=v8:6542 Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng Change-Id: I412a59810abdd118217c8d8361389ec6c2f640bd Reviewed-on: https://chromium-review.googlesource.com/668356 Commit-Queue: Mathias Bynens <mathias@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#48028}
-
Jakob Gruber authored
Don't inline these functions to avoid regressions in APK size. Bug: chromium:763185 Change-Id: I0a1ca16661a460728e56b67a7109be943397cbf5 Reviewed-on: https://chromium-review.googlesource.com/667109Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#48027}
-
Peter Marshall authored
This was supposedly a runtime flag, but we baked it into the snapshot anyway. Change-Id: I09d43183c4c2d59336c1077089119d6cb65dfd87 Reviewed-on: https://chromium-review.googlesource.com/664721Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#48026}
-
Michael Starzinger authored
R=marja@chromium.org Change-Id: I91da3f653cda2ca428be578b4cf9a37e784c70d8 Reviewed-on: https://chromium-review.googlesource.com/667108Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#48025}
-
Jakob Gruber authored
It's quite possible for DebugInfos to exist without the presence of a bytecode array, since DebugInfos are created for all functions for which we have a CoverageInfo. Free such objects properly. Also move the corresponding deletion of CoverageInfos on unload up before the early exit. Bug: v8:6000 Change-Id: Idde45b222290aa8b6828b61ff2251918b8ed2aed Reviewed-on: https://chromium-review.googlesource.com/664811Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#48024}
-
peterwmwong authored
- Removes S.p.repeat from string.js - Adds StringPrototypeRepeat TFJ Bug: v8:5049 Change-Id: I0b2d512bffd97dfc2c3ba6783e2e41c4db6c8faa Reviewed-on: https://chromium-review.googlesource.com/659097 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#48023}
-
Andreas Haas authored
In this CL I implement streaming compilation for WebAssembly, as described in the design doc I have sent out already. In this implementation the decoding of sections other than the code section is done immediately on the foreground thread. Eventually all decoding should happen in the background. I think it is acceptable to do the decoding on the foreground thread for now because I have finished it already, and decoding in the background would add even more complexity to this CL. Bug:v8:6785 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: I285e1e5e1a5a243113c92571b25ee9bae551d0ed Reviewed-on: https://chromium-review.googlesource.com/631721Reviewed-by: Mircea Trofin <mtrofin@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#48022}
-
cjihrig authored
See: https://github.com/nodejs/llnode/pull/130 Change-Id: Ibce294f7620cd6ab0db4408a8c2b457c3a5aebcd Reviewed-on: https://chromium-review.googlesource.com/650746 Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#48021}
-
- 14 Sep, 2017 11 commits
-
-
Jakob Kummerow authored
Other radixes require Divide/Remainder to be implemented first. Bug: v8:6791 Change-Id: I95f1fad39a0a4df556a194094805ed93bd46d0db Reviewed-on: https://chromium-review.googlesource.com/664037 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#48020}
-
Deepti Gandluri authored
- Validate that atomic ops can only be called when shared memory is declared - Throw Compile/Link erros on mismatch between declared, imported memory - Test harness helpers for setting shared memory, tests BUG=v8:6532 R=binji@chromium.org, bradnelson@chromium.org Change-Id: I43fe3d04bb7e3e0a2cecca0528578f98844d2608 Reviewed-on: https://chromium-review.googlesource.com/665379 Commit-Queue: Brad Nelson <bradnelson@chromium.org> Reviewed-by: Brad Nelson <bradnelson@chromium.org> Cr-Commit-Position: refs/heads/master@{#48019}
-
Sigurdur Asgeirsson authored
Bug: chromium:763010 Change-Id: Iafed5a0e8087f415cd2c11a0b1326c04bd01ef80 Reviewed-on: https://chromium-review.googlesource.com/665351Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Sigurður Ásgeirsson <siggi@chromium.org> Cr-Commit-Position: refs/heads/master@{#48018}
-
Myles Borins authored
Change-Id: I9778ce93243d434683e774e5bf9b7014a25e9b96 Bug: v8:6824 Change-Id: I9778ce93243d434683e774e5bf9b7014a25e9b96 Reviewed-on: https://chromium-review.googlesource.com/666961 Commit-Queue: Myles Borins <mborins@google.com> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#48017}
-
Michael Starzinger authored
R=ishell@chromium.org Change-Id: I3e69c94d43d4db7255ec46f94c43f1411795ca9d Reviewed-on: https://chromium-review.googlesource.com/666957Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#48016}
-
Georg Neis authored
The difference seems to matter at least in one benchmark. R=jarin@chromium.org Bug: chromium:764644 Change-Id: I6d74fbbd8026942637d2301da805b003a9e58af7 Reviewed-on: https://chromium-review.googlesource.com/666922Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#48015}
-
Jaideep Bajwa authored
Port bc69f345 R=mstarzinger@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG= LOG=N Change-Id: I88f0167a43fb7eb7967169a84466de3aedf00125 Reviewed-on: https://chromium-review.googlesource.com/666299 Commit-Queue: Jaideep Bajwa <bjaideep@ca.ibm.com> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#48014}
-
Franziska Hinkelmann authored
If TypeProfile goes out of scope, ScriptData and Entry still rely on TypeProfiles's type_profile_. Make type_profile_ a shared_ptr owned by all three classes to prevent use after free. Bug: v8:5933 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: Ida7d66dadc17a816cf4439a25e6f714edccffa2c Reviewed-on: https://chromium-review.googlesource.com/659937Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Franziska Hinkelmann <franzih@chromium.org> Cr-Commit-Position: refs/heads/master@{#48013}
-
Jaroslav Sevcik authored
This reverts commit 14b424c3. Reason for revert: Regresses benchmarks, e.g., Octane/gameboy Original change's description: > [turbofan] Lower monomorphic loads during graph building. > > We introduce an explicit LoweringResult data structure. Until this change, > the lowering result could be recovered from the node. However, lowering > monomorphic loads requires wiring different value and effect, so we need > a structure that can express such lowering result. > > Bug: v8:6357 > Change-Id: I92655800890b744d9203a778a1936a8dcd465ed3 > Reviewed-on: https://chromium-review.googlesource.com/637304 > Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Cr-Commit-Position: refs/heads/master@{#47992} TBR=mstarzinger@chromium.org,jarin@chromium.org,bmeurer@chromium.org Change-Id: I2b7db0278c13414e20c94a34d215ed92bd0d412b No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:6357 Reviewed-on: https://chromium-review.googlesource.com/667016Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#48012}
-
Franziska Hinkelmann authored
Bug: Change-Id: I597b2c1067e309c2545daef4223b3b883d15a6c1 Reviewed-on: https://chromium-review.googlesource.com/657761Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Franziska Hinkelmann <franzih@chromium.org> Cr-Commit-Position: refs/heads/master@{#48011}
-
Yang Guo authored
The serializer performs two passes over the code. The first pass copies out the code content verbatim, the second pass visits references recorded in the reloc info. So far the first pass is implicit and happens as part of the second pass, when we encounter a non-HeapObject reference when iterating the code object. That however does not work for internal references. So we hit an assertion if the first non-HeapObject reference we see is an internal reference. This change explicitly triggers the first pass. R=petermarshall@chromium.org Bug: v8:6817 Change-Id: I1ee9949e10b7d9409986da83be22ac6287785f9f Reviewed-on: https://chromium-review.googlesource.com/663867Reviewed-by: Peter Marshall <petermarshall@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#48010}
-