- 12 Aug, 2021 14 commits
-
-
Ross McIlroy authored
These are no longer enabled, so remove the code mitigation logic from the codebase. BUG=chromium:1003890 Change-Id: I536bb1732e8463281c21da446bbba8f47ede8ebe Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3045704 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#76256}
-
Camillo Bruni authored
d8 throws on unhandled rejected Promises since https://crrev.com/c/2238569 so no special handling beyond throwing in the async hooks themselves is needed. Drive-by-fix: Use v8::Isolate* as local variable. Bug: chromium:1238467 Change-Id: I271720cd9cfd1d30b58b5407c700b0f730910968 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3090333 Commit-Queue: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#76255}
-
Santiago Aboy Solanes authored
Bug: v8:12065 Change-Id: I88213ef7eeb37c280a89f08fed3ea256cc0997df Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3086460Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#76254}
-
Santiago Aboy Solanes authored
Bug: v8:7790 Change-Id: I4e25140a83a0ce851195e274a489ac13cacdf676 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3086477Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#76253}
-
Frank Tang authored
Move from recusion to loop to avoid stack overflow Bug: v8:12059 Change-Id: I44981f4271495adf00d7697114663f966b8f9f11 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3087937Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/master@{#76252}
-
Lutz Vahl authored
TBR=hablich@chromium.org, vahl@chromium.org Change-Id: I223f3018248459f03fab14003c59b27f7b9834ab Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3090329Reviewed-by: Lutz Vahl <vahl@chromium.org> Commit-Queue: Lutz Vahl <vahl@chromium.org> Cr-Commit-Position: refs/heads/master@{#76251}
-
Jakob Gruber authored
OSR and concurrent_inlining are not strictly related, thus remove the !is_osr condition when setting the concurrent_inlining flag. OSR jobs simply execute on the main thread, whether CI is enabled or not. Drive-by: Exhaustive CodeKind switch cases. Bug: v8:7790,v8:11981 Change-Id: Ia50e083f1c39d1d9845b1ef4e16ae8fd10798fb3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3086480 Auto-Submit: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#76250}
-
Leszek Swirski authored
The baseline compiler wasn't saving the accumulator when generating code for StaDataPropertyInLiteral. This could lead to issues in cases where the bytecode compiler optimized away loads of a register into the accumulator. Fixed: chromium:1236978 Change-Id: I8603a4c7446664f82b35db61f81cacefce2e4f3b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3090326 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Patrick Thier <pthier@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Patrick Thier <pthier@chromium.org> Cr-Commit-Position: refs/heads/master@{#76249}
-
Peter Kasting authored
Bug: chromium:1066980 Change-Id: I92570706da4e6f8380f100bec12c8414f6ff2edc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3086221 Auto-Submit: Peter Kasting <pkasting@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#76248}
-
Jakob Gruber authored
Bug: v8:7790 Change-Id: I9bd852d42cbc81ba12dc81166990a49a6b91168a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3089153 Auto-Submit: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#76247}
-
Thibaud Michaud authored
Make "emit_s128_set_if_nan" take LiftoffRegisters rather than Registers. The decoding of the FP register code is architecture dependent, and in particular we expect an FP pair on arm. R=clemensb@chromium.org Bug: v8:11856 Change-Id: I44a364c3ef3a0c41000ea1f6cead4916ee04145d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3089165Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/master@{#76246}
-
Camillo Bruni authored
All the flags are in place and we can disable the slow histogram to fix the expected regression we see on the perf bots. Bug: v8:11946, chromium:1238515 Change-Id: I063582b4dede32bf90b5d5d94ba3a9dfd9f56718 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3089155 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Auto-Submit: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#76245}
-
v8-ci-autoroll-builder authored
Rolling v8/third_party/google_benchmark/src: https://chromium.googlesource.com/external/github.com/google/benchmark/+log/4124223..2d054b6 Merge branch 'main' of github.com:google/benchmark (Dominic Hamon) https://chromium.googlesource.com/external/github.com/google/benchmark/+/2d054b6 preparing v1.5.6 release (Dominic Hamon) https://chromium.googlesource.com/external/github.com/google/benchmark/+/ddc76e5 Set theme jekyll-theme-modernist (Dominic Hamon) https://chromium.googlesource.com/external/github.com/google/benchmark/+/cb9afbb so much for googletest not failing any more (Dominic Hamon) https://chromium.googlesource.com/external/github.com/google/benchmark/+/07f833d turn back on strict mode for googletest as it no longer breaks (Dominic Hamon) https://chromium.googlesource.com/external/github.com/google/benchmark/+/d0db4e0 TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com,mlippautz@chromium.org Change-Id: I4cd2719542b4c8cf720db557c196147ad0082157 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3087602Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#76244}
-
Ng Zhi An authored
Move I32x4SConvertF32x4 into shared implementation, and takes care of both AVX and no-AVX implementation. Instruction selector still requires dst == src to save a move in codegen. Bug: v8:11589 Change-Id: Ie982682b3002192ab27700bf73f8c1e66aeba492 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3086732 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#76243}
-
- 11 Aug, 2021 26 commits
-
-
Junliang Yan authored
Change-Id: Ib0a630d0fb5e07e3cec77ce418827f746e64a656 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3088548Reviewed-by: Milad Fa <mfarazma@redhat.com> Commit-Queue: Junliang Yan <junyan@redhat.com> Cr-Commit-Position: refs/heads/master@{#76242}
-
Milad Fa authored
MovFloatToInt and MovIntToFloat have been optimized on Power8 and above to use VSX instructions instead if using the memory. Change-Id: I77af9aa20aa477f8f9e3ec9545445ef777aa0c72 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3087726 Commit-Queue: Milad Fa <mfarazma@redhat.com> Reviewed-by: Junliang Yan <junyan@redhat.com> Cr-Commit-Position: refs/heads/master@{#76241}
-
Junliang Yan authored
Change-Id: I6fb16c82e5c730e35d90a3de6c746f9c4415dc00 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3087725Reviewed-by: Milad Fa <mfarazma@redhat.com> Commit-Queue: Junliang Yan <junyan@redhat.com> Cr-Commit-Position: refs/heads/master@{#76240}
-
Clemens Backes authored
This adds dedicated histograms for measuring the memory consumption and compilation time for compiling "huge functions". Those are functions with a body of more than 100kB. They are a *very* small fraction of all functions (<0.01% according to current data), but their compile time is often unproportionally large. Since they would just disappear in the overall histograms, this CL adds dedicated histograms to make the compile time and memory consumption of those functions more visible. R=ecmziegler@chromium.org Bug: chromium:1238828 Change-Id: I30bd07792ef4d9d67ff60c49c9edd0892c5c6e6d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3089166Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#76239}
-
Junliang Yan authored
Change-Id: I5bab2fec2fc2b7256580982e6433f98f93b2c2f2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3088186Reviewed-by: Milad Fa <mfarazma@redhat.com> Commit-Queue: Junliang Yan <junyan@redhat.com> Cr-Commit-Position: refs/heads/master@{#76238}
-
Ng Zhi An authored
MIN_CONTEXT_SLOTS is set to be equals to EXTENSION_INDEX, which is 2, see https://source.chromium.org/chromium/chromium/src/+/main:v8/src/objects/contexts.h;l=519;drc=bb32a2dd632d7350dfb722c9b4ffe4d6e3633225 We check for the scope's ContextHeaderLength instead, and handle both cases where there is an extension slot or not. Change-Id: I0fe46cb49bfcd4b8321f777d47e375e0fd204d00 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3085626 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by: Victor Gomes <victorgomes@chromium.org> Cr-Commit-Position: refs/heads/master@{#76237}
-
Ng Zhi An authored
TurboFan currently calls into runtime for these two instructions, but there is a better 4-instruction lowering that Liftoff already uses. Move this into macro-assembler so we can share this across both compilers. We name this PopcntHelper because there isn't a Cnt on ARM64 that works on Word32/Word64. Bug: v8:12071 Change-Id: I182bf466b76cbad985d8c5b8ddae0f4352f71cd2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3087812Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#76236}
-
Clemens Backes authored
This is a reland of 1c0cca0f. It is modified now to use V8_HAS_PTHREAD_JIT_WRITE_PROTECT and is rebased on https://crrev.com/c/3085271 which fixes the definition of that macro. Original change's description: > Reland: [wasm] Check correctness of thread-local write protection > > The fix landed as a separate CL: https://crrev.com/c/3081522 > This is an unmodified reland. > > Original description: > We make an undocumented assumption in {CodeSpaceWriteScope} that a > single thread will only work on one module at a time. If this is > violated, the thread-local {code_space_write_nesting_level_} would > prevent the second module from being switched to writable. > > This CL adds a second thread local (in debug only) to check that if > there is already a {CodeSpaceWriteScope} open that it contains the same > {NativeModule} as any nested scope. > > R=jkummerow@chromium.org > > Bug: v8:11974 > Cq-Include-Trybots: luci.v8.try:v8_linux_gc_stress_dbg_ng > Cq-Include-Trybots: luci.v8.try:v8_mac64_gc_stress_dbg_ng > Change-Id: Id827b6ca472f695e4500584349aba159aa07eed1 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3080578 > Commit-Queue: Clemens Backes <clemensb@chromium.org> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> > Cr-Commit-Position: refs/heads/master@{#76177} Bug: v8:11974 Change-Id: Iffc510e85c8c56f26bfa88115ed3a8bdd33ef422 Cq-Include-Trybots: luci.v8.try:v8_linux_gc_stress_dbg_ng Cq-Include-Trybots: luci.v8.try:v8_mac64_gc_stress_dbg_ng Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_rel_ng Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3085269Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#76235}
-
Samuel Groß authored
When this is enabled, v8 reserves a large region of virtual address space during initialization, at the start of which it will place its 4GB pointer compression cage. The remainder of the cage is used to store ArrayBuffer backing stores and WASM memory buffers. This will later allow referencing these buffers from inside V8 through offsets from the cage base rather than through raw pointers. Bug: chromium:1218005 Change-Id: I300094b07f64985217104b14c320cc019f8438af Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3010195Reviewed-by: Clemens Backes <clemensb@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Samuel Groß <saelo@google.com> Cr-Commit-Position: refs/heads/master@{#76234}
-
Clemens Backes authored
The combination of --wasm-write-protect-code-memory and MAP_JIT was not handled correctly. We were trying to unnecessarily switch permissions, and a DCHECK was failing because the writers count was not increased previously (because the {CodeSpaceWriteScope} uses a separate implementation if MAP_JIT is available). This CL fixes the issues by explicitly setting {WasmCodeAllocator::protect_code_memory_} to false if MAP_JIT is being used. R=jkummerow@chromium.org Bug: v8:12070 Change-Id: Ifb05ba01f8e2e7781d7c29fe80d1144a3d65543b Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_rel_ng Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3089159Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#76233}
-
Manos Koukoutos authored
We add a map from condition nodes to respective BranchConditions in ControlPathConditions for faster lookup. Bug: v8:11510 Change-Id: I571514beb699b76f2a1a0245c4785f518b9d8b1b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3041676 Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#76232}
-
Jakob Gruber authored
We now have %FinalizeOptimization() to block until all concurrent compile jobs are done. Bug: v8:7790,v8:12004 Change-Id: Ibb9955be06957b3f395b680e9be570c7c3ec0dcb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3086478 Auto-Submit: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#76231}
-
Clemens Backes authored
This adds a comment to explain why the additional "ret" instruction added in https://crrev.com/c/3071202 is actually needed. R=mseaborn@chromium.org CC=ahaas@chromium.org Bug: v8:11955 Change-Id: Ifd874c499fd3094f7cf5383e991d6b193b23ca63 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3081601Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#76230}
-
Michael Lippautz authored
nullptr objects are considered alive to allow weakness to be used from stack while running into a conservative GC. Treating nullptr as dead would mean that e.g. custom collectins could not be strongified on stack. Bug: chromium:1231286 Change-Id: Ibeddef18fcbae366c3f54304bf36b75c47bd74ff Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3085280 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/master@{#76229}
-
Ross McIlroy authored
Got the data we need for now, reverting to enable --concurrent-inlining clean data on --future. BUG=v8:9684 Change-Id: I80b5bac1e852cb9f0915434a75115f6a59be8943 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3089154Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#76228}
-
Maya Lekova authored
This fixes a compilation error on GCC. Bug: v8:12072 Change-Id: Ief14968ba15776ad5f72b85b93c9158996833453 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3086475 Commit-Queue: Maya Lekova <mslekova@chromium.org> Auto-Submit: Maya Lekova <mslekova@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#76227}
-
legendecas authored
CallPrinter cannot determine the actual reason when the error is triggered by CallRuntime. In the case, throw iterator error by default instead of non-callable error to present more intuitive error messages. Bug: v8:12039 Change-Id: I240f9a729878b2dd606f4cc71236c8427bba316e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3086902Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#76226}
-
Jakob Gruber authored
Bug: v8:8888 Change-Id: I3ecbf73df482865d838a0b98b6acd45de7e186f2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3085270 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Auto-Submit: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#76225}
-
Jakob Gruber authored
.. to attempt to update deprecated maps. Used in JSHeapBroker::ReadFeedbackForPropertyAccess. Drive-by: Move Map::TryUpdate to MapUpdater to address an old TODO. Bug: v8:7790 Change-Id: Iaa791e204dd133f067014c0abdb23ef3b807a315 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3085274 Auto-Submit: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#76224}
-
Santiago Aboy Solanes authored
Bug: v8:7790, chromium:1236962 Change-Id: Idd84f7e154cc8977db7aef14d6b999ac929784dd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3075363 Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#76223}
-
Clemens Backes authored
This makes flako usable on Windows using standard test names. A workaround to bisecting to failures before this CL is to replace the test_name by something like "mjsunit/regress\regress-1138075", i.e. using this on the command line to trigger flako: -p 'test_name="mjsunit/regress\\regress-1138075"' R=liviurau@chromium.org Bug: v8:9218 Change-Id: I37596efcaeca780eeacb27c2841fe8302ddb1e49 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3081610 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Liviu Rau <liviurau@chromium.org> Cr-Commit-Position: refs/heads/master@{#76222}
-
Al Muthanna Athamina authored
Bug: chromium:1238360 Change-Id: Id81720d57e80c97ab46ef5b8cc8976b9305c53d4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3086468Reviewed-by: Liviu Rau <liviurau@chromium.org> Commit-Queue: Almothana Athamneh <almuthanna@chromium.org> Cr-Commit-Position: refs/heads/master@{#76221}
-
Nico Hartmann authored
When running d8 with --trace-deopt, any deopt will contain the id of the node that caused this deopt. These ids also show up in the deoptimization data table of when using --print-opt-code. Change-Id: I412ca7a4ff20427100fa63101d78ee3846569a8e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3024144Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/master@{#76220}
-
Michael Lippautz authored
Avoid stray sweeper tasks still accessing heap after teardown has been initiated. This reverts https://crrev.com/c/2297466 and restores the invariant that no GC is running during teardown. Bug: v8:12025 Change-Id: I9974a63ef385783a9c3ec09725dce118f754b25f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3081615Reviewed-by: Hannes Payer <hpayer@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#76219}
-
Georg Neis authored
One of the subtests relies on that. R=jgruber@chromium.org Bug: v8:12069 Change-Id: I648a766baf4d977f4df607754f666bd9e9102168 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3086473 Commit-Queue: Georg Neis <neis@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Auto-Submit: Georg Neis <neis@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#76218}
-
Igor Sheludko authored
... which didn't properly handle negative Smi indices with JSTypedArray receivers. The logic was broken by the spec violation fix https://chromium-review.googlesource.com/c/v8/v8/+/2972727 Bug: chromium:1227476, chromium:1209405 Change-Id: I9bfa57d56bebccad00ed29666489f2003694e0a9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3086472 Commit-Queue: Igor Sheludko <ishell@chromium.org> Commit-Queue: Victor Gomes <victorgomes@chromium.org> Auto-Submit: Igor Sheludko <ishell@chromium.org> Reviewed-by: Victor Gomes <victorgomes@chromium.org> Cr-Commit-Position: refs/heads/master@{#76217}
-