- 10 Apr, 2018 36 commits
-
-
Alexei Filippov authored
If it does not, the stack may be in an unconsistent state. Bailout if so. BUG=chromium:828881 Change-Id: Ia66077d3846bf9a1d556a37fd8e0ca856f9d2464 Reviewed-on: https://chromium-review.googlesource.com/1002535Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Alexei Filippov <alph@chromium.org> Cr-Commit-Position: refs/heads/master@{#52532}
-
Clemens Hammacher authored
The ImportedFunctionEntry and IndirectFunctionTableEntry stored handles internally, but were created from raw pointers. This is not allowed. The two options to fix this are to either handlify the whole interface, or do the opposite and use raw pointers everywhere. Since no current user depends on a handlified interface, and both objects are being used in performance critical code, this CL unhandlifies the interface and adds a DisallowHeapAllocation scope to enforce that no GC happens while any ImportedFunctionEntry or IndirectFunctionTableEntry is alive. R=mstarzinger@chromium.org CC=titzer@chromium.org Change-Id: I098c2abcdd28c4b117272ac3ea0358ff2e56b36c Reviewed-on: https://chromium-review.googlesource.com/1005075 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#52531}
-
Erik Luo authored
This whitelists Function-related builtins used by Blink callbacks at the DOM wrapping stage, and other BigInt methods. Bug: chromium:810176 Change-Id: If036114cd7f133f2c30247dff836698c2eb16a51 Reviewed-on: https://chromium-review.googlesource.com/1004000Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Erik Luo <luoe@chromium.org> Cr-Commit-Position: refs/heads/master@{#52530}
-
Junliang Yan authored
R=joransiu@ca.ibm.com Change-Id: I995c7ea23899a00a92b350cbd1878c41d56760c2 Reviewed-on: https://chromium-review.googlesource.com/1005279Reviewed-by: Joran Siu <joransiu@ca.ibm.com> Commit-Queue: Junliang Yan <jyan@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#52529}
-
Sigurd Schneider authored
This mjsunittest assumed specific internal types (i.e. Smi) for certain fields; it generates some dozens of variants of the test using new Function, but used the same property names in all of them. This causes V8 to sometimes learn more general types for fields (i.e. unboxed double), which the test did not expect. This commit uses unique field names for each of the test variants. Change-Id: Ib1ecb3ae33a57c8a1293a29a2233dad4e16a39fb Reviewed-on: https://chromium-review.googlesource.com/1004897 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#52528}
-
Michael Starzinger authored
This is in preparation of using some of these constants to compute values for the Liftoff assembler that are themselves constexpr. R=clemensh@chromium.org Change-Id: I573ef4ca164e0107968e482996963fde9a3960b0 Reviewed-on: https://chromium-review.googlesource.com/1005056Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#52527}
-
Ben L. Titzer authored
This CL fixes the pathological O(n^2) patching behavior that was introduced when simplifying the wasm instance/context data structures. It introduces a per-instance reverse mapping of function indexes to where they appear in import and indirect function tables. The mapping is created lazily and rebuild in response to too many failed lookups, which makes it robust to table mutations in the future. This CL also fixes a bug where the anonymous lazy compile stub was not being used for direct calls, confusing the indirect call patching mechanism. R=clemensh@chromium.org,mstarzinger@chromium.org Bug: v8:7424, chromium:830558 Change-Id: Ice0212593b31eb64687a3d52bd238020682a857f Reviewed-on: https://chromium-review.googlesource.com/1004294 Commit-Queue: Ben Titzer <titzer@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#52526}
-
Clemens Hammacher authored
Replace all uses by the existing RoundUp function. R=ulan@chromium.org Bug: v8:7570 Change-Id: I7ff5e76ebea7b429ff4e4f3a8157ee831e7891ae Reviewed-on: https://chromium-review.googlesource.com/1004898Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#52525}
-
Ulan Degenbaev authored
Change-Id: Ic10f599b6bb1c258082db61494a4e5c73220b00f Reviewed-on: https://chromium-review.googlesource.com/1005255Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#52524}
-
Igor Sheludko authored
... to see if it improves things in real-world area. Change-Id: Icf6a1ff47f35eb3f7e25b549d736f7404148f6ab Reviewed-on: https://chromium-review.googlesource.com/1004587 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#52523}
-
Sigurd Schneider authored
This CL adds a context slot to builtin continuation frames which stores the context, even for stub continuations. This context slot is used in NotifyDeoptimized to provide the JavaScript context. Bug: v8:7639 Change-Id: Ibdfe24141a759cda6d319db0933bea57919dc171 Reviewed-on: https://chromium-review.googlesource.com/1002776 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#52522}
-
Daniel Clifford authored
Change-Id: I170f47ee1c1e7e1a1296d5e5fc7fd1e2ab28a2f7 Reviewed-on: https://chromium-review.googlesource.com/1005076 Commit-Queue: Daniel Clifford <danno@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#52521}
-
peterwmwong authored
Bug: v8:6890 Change-Id: I0778aee65985852950c48b519baeb7fe6d81f8eb Reviewed-on: https://chromium-review.googlesource.com/998394 Commit-Queue: Peter Wong <peter.wm.wong@gmail.com> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#52520}
-
Marja Hölttä authored
New space objects which die after scavenging might contain weak references. IncrementalMarking::UpdateWeakReferencesAfterScavenge must drop the corresponding slot. This bug didn't surface before, since all weak slots are in the old space (but this will change soon). BUG=v8:7308 Change-Id: Ib1e507d4207e35547240dc0867ec7787b3f3103e Reviewed-on: https://chromium-review.googlesource.com/1005000Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#52519}
-
Jaroslav Sevcik authored
This re-enables stack pointer poisoning with untrusted code mitigations. Bug: chromium:798964 Change-Id: I68b60641efefccbf0c4fd81c54809777feabc4be Reviewed-on: https://chromium-review.googlesource.com/1002563Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#52518}
-
Daniel Clifford authored
Change-Id: Ic1f222e726694ffc5afe158ae1839ce9c55ec6d5 Reviewed-on: https://chromium-review.googlesource.com/1004996Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Daniel Clifford <danno@chromium.org> Cr-Commit-Position: refs/heads/master@{#52517}
-
v8-autoroll authored
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/b5c70ce..1bae362 TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org Change-Id: I963fd7e0240434546b1cc5620741f850b85ece23 Reviewed-on: https://chromium-review.googlesource.com/1004914Reviewed-by: v8 autoroll <v8-autoroll@chromium.org> Commit-Queue: v8 autoroll <v8-autoroll@chromium.org> Cr-Commit-Position: refs/heads/master@{#52516}
-
Jakob Gruber authored
This reverts commit 6823c0a4. Reason for revert: https://crbug.com/830499 Original change's description: > [runtime] Do some more StringTable shrinking > > This CL further lowers the kMaxEmptyFactor constant to more aggressively shrink > the StringTable when it's empty. > > Bug: v8:5443, chromium:818642 > Change-Id: I1c263a0afd7e6bed8a8bb857db032bf126c3ef4b > Reviewed-on: https://chromium-review.googlesource.com/995473 > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Commit-Queue: Camillo Bruni <cbruni@chromium.org> > Cr-Commit-Position: refs/heads/master@{#52401} TBR=mlippautz@chromium.org,cbruni@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: v8:5443, chromium:818642 Change-Id: Ibd009fe1e9fcd0b36f168ad425e1eb5e663a1ca8 Reviewed-on: https://chromium-review.googlesource.com/1004456Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#52515}
-
Daniel Clifford authored
Separating from main mega-CL for Torque to make landing it more manageable. Change-Id: Ic2cf2f5bff62613cb25cddd065479c85cfd9dd6c Reviewed-on: https://chromium-review.googlesource.com/963704Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Daniel Clifford <danno@chromium.org> Cr-Commit-Position: refs/heads/master@{#52514}
-
Jakob Gruber authored
This reverts commit 29308cf0. Reason for revert: Use existing runtime functions instead Original change's description: > Add boolean runtime checks for different element kinds. > > This will be used for Array.p.sort benchmarks to ensure that the > arrays will have the correct element kind. > > R=cbruni@chromium.org, jgruber@chromium.org > > Bug: v8:7382 > Change-Id: I4fe58d97d7f18fd193d4432964cf6b4f5335e0e7 > Reviewed-on: https://chromium-review.googlesource.com/1004754 > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/master@{#52511} TBR=cbruni@chromium.org,jgruber@chromium.org,szuend@google.com Change-Id: I45742879d3637470752335772f294d7e8ff3ce35 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:7382 Reviewed-on: https://chromium-review.googlesource.com/1004589Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#52513}
-
Ivica Bogosavljevic authored
Fix a6d974fe Change-Id: I0c8c5f3e86fcb4954f8854d7068c5267abb748a4 Reviewed-on: https://chromium-review.googlesource.com/1004580Reviewed-by: Sreten Kovacevic <sreten.kovacevic@mips.com> Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com> Cr-Commit-Position: refs/heads/master@{#52512}
-
Simon Zünd authored
This will be used for Array.p.sort benchmarks to ensure that the arrays will have the correct element kind. R=cbruni@chromium.org, jgruber@chromium.org Bug: v8:7382 Change-Id: I4fe58d97d7f18fd193d4432964cf6b4f5335e0e7 Reviewed-on: https://chromium-review.googlesource.com/1004754 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#52511}
-
Sigurd Schneider authored
Bug: v8:7570 Change-Id: I1653f216962b99161e21e0e8342164f10d5928cb Reviewed-on: https://chromium-review.googlesource.com/1004579Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#52510}
-
Ulan Degenbaev authored
The checked condition now more precisely corresponds to the actual ineffective GC detection heuristic. Change-Id: I727932c76ff3183e7b038437eefba564c9778ff7 Reviewed-on: https://chromium-review.googlesource.com/997634Reviewed-by: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#52509}
-
Igor Sheludko authored
Bug: chromium:823069 Change-Id: Ie5be40da1e64a11c7a3c6ba5d2bc193bd78ca737 Reviewed-on: https://chromium-review.googlesource.com/1002560Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#52508}
-
Clemens Hammacher authored
Came across this cast while checking a CFI issue. It reinterpret_casts between two identical function pointers, so it is redundant. R=ulan@chromium.org Bug: v8:7570 Change-Id: I2d92e93788027e41abdb12af8371251c0da6a709 Reviewed-on: https://chromium-review.googlesource.com/1004674Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#52507}
-
Marja Hölttä authored
The reloading was needed when GC would compact the Heap::retained_maps array. But that's no longer true; the compaction is done in Heap::AddRetainedMap, outside GC. So it's not possible that the length would change because of an allocation. (Pre-cleanup for in-place weak ref work.) BUG=v8:7308 Change-Id: I18554353014865992f9151002cc4097fb986faf1 Reviewed-on: https://chromium-review.googlesource.com/1002775Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#52506}
-
Clemens Hammacher authored
The deadlock should be fixed with https://crrev.com/c/1002174. This is a reland of 4d1c2907 Original change's description: > Reland "[d8][wasm] Test wasm compilation completion" > > This is a reland of ed2605f0 > > Original change's description: > > [d8][wasm] Test wasm compilation completion > > > > d8 was recently changed to keep running until wasm compilation has > > completed. This adds a message test to test that. > > > > R=ahaas@chromium.org > > > > Change-Id: I73af53b6df4ee5f9a6afd26cf2d71a269140465f > > Reviewed-on: https://chromium-review.googlesource.com/966184 > > Reviewed-by: Andreas Haas <ahaas@chromium.org> > > Commit-Queue: Clemens Hammacher <clemensh@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#52008} > > Change-Id: Iadbd5056dfa58da454956c4e89369af8b0455b35 > Reviewed-on: https://chromium-review.googlesource.com/975242 > Reviewed-by: Andreas Haas <ahaas@chromium.org> > Commit-Queue: Clemens Hammacher <clemensh@chromium.org> > Cr-Commit-Position: refs/heads/master@{#52154} Bug: chromium:824681 Change-Id: I4077645bcfcb2320f6573bb779027add36feee3f Reviewed-on: https://chromium-review.googlesource.com/999632 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#52505}
-
Hannes Payer authored
Bug: chromium:831072 Change-Id: I17c7174d2910d329a4567a4e0b9b84f3e94802f9 Reviewed-on: https://chromium-review.googlesource.com/1004576Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Hannes Payer <hpayer@chromium.org> Cr-Commit-Position: refs/heads/master@{#52504}
-
Michael Achenbach authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/6ae4520..c4de990 Rolling v8/buildtools: https://chromium.googlesource.com/chromium/buildtools/+log/10d701f..e8aa02e Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/1e3e74d..b5c70ce Rolling v8/third_party/googletest/src: https://chromium.googlesource.com/external/github.com/google/googletest/+log/a325ad2..7e5f90d This also ports: https://chromium-review.googlesource.com/c/chromium/src/+/1002612 TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org Change-Id: I24b44acfb898e476df5701860e41a39352081f6d Reviewed-on: https://chromium-review.googlesource.com/1004035 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Reviewed-by: v8 autoroll <v8-autoroll@chromium.org> Cr-Commit-Position: refs/heads/master@{#52503}
-
Andreas Haas authored
R=titzer@chromium.org Bug: v8:7581 Change-Id: I30482ddb95a5c8501f1764922cc579855c209fdf Reviewed-on: https://chromium-review.googlesource.com/998162 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Ben Titzer <titzer@chromium.org> Cr-Commit-Position: refs/heads/master@{#52502}
-
Andreas Haas authored
R=titzer@chromium.org Bug: v8:7581 Change-Id: I3a1fcffd3429907bcf9f92a904ab30568e6d4d07 Reviewed-on: https://chromium-review.googlesource.com/998914 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Ben Titzer <titzer@chromium.org> Cr-Commit-Position: refs/heads/master@{#52501}
-
Michael Achenbach authored
This is a reland of 59a56825 Original change's description: > [V8] Share windows runtime dlls with src/build > > Bug: chromium:653569 > Change-Id: I2fa288d3281c75d3e5d483fb94d29efe454c633b > Reviewed-on: https://chromium-review.googlesource.com/1000773 > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Commit-Queue: Michael Achenbach <machenbach@chromium.org> > Cr-Commit-Position: refs/heads/master@{#52464} TBR=jgruber@chromium.org Bug: chromium:653569 Change-Id: I74f67b25205c6505fc90e41c059fbb6f4e20c078 Reviewed-on: https://chromium-review.googlesource.com/1004454Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#52500}
-
Ben L. Titzer authored
This class was stateless, other than the frozen-for-testing field, which has been moved to the NativeModule. R=clemensh@chromium.org Change-Id: I68ff2b455a62915904aa4b61710b40e679414c3a Reviewed-on: https://chromium-review.googlesource.com/999536 Commit-Queue: Ben Titzer <titzer@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#52499}
-
jing.bao authored
Change-Id: I6f6c12c2a711a6089e625dd9912a4b3a887df447 Reviewed-on: https://chromium-review.googlesource.com/1002875Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Jing Bao <jing.bao@intel.com> Cr-Commit-Position: refs/heads/master@{#52498}
-
Alexey Kozyatinskiy authored
Some protocol clients would like to have preview for all objects. Preview for node was removed as part of work on inline values in sources, we can ignore them on frontend side. R=pfeldman@chromium.org Bug: none Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel Change-Id: Ic549ceb654a0e23e4929a2ae2048eed898822b7d Reviewed-on: https://chromium-review.googlesource.com/1003144Reviewed-by: Pavel Feldman <pfeldman@chromium.org> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> Cr-Commit-Position: refs/heads/master@{#52497}
-
- 09 Apr, 2018 4 commits
-
-
Junliang Yan authored
R=joransiu@ca.ibm.com Change-Id: Ie7387c92f9994cd72d6f0ba660ba7bd275dd429a Reviewed-on: https://chromium-review.googlesource.com/1001496Reviewed-by: Joran Siu <joransiu@ca.ibm.com> Commit-Queue: Junliang Yan <jyan@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#52496}
-
Eric Holk authored
Bug: chromium:813376 Change-Id: I7d32f2ea09f7e8a4b75b9826695e129adac69e50 Reviewed-on: https://chromium-review.googlesource.com/987628 Commit-Queue: Eric Holk <eholk@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#52495}
-
Ben Smith authored
See https://webassembly.github.io/mutable-global/js-api/index.html#globals for the current spec. Bug: v8:7625 Change-Id: I70f567a9a0c6fc44c04c245ff496386941a699a9 Reviewed-on: https://chromium-review.googlesource.com/999168 Commit-Queue: Ben Smith <binji@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#52494}
-
Clemens Hammacher authored
R=eholk@chromium.org Bug: chromium:769637 Change-Id: I347ed1cf6fe567f5a12a8191b224a27336a757d4 Reviewed-on: https://chromium-review.googlesource.com/1000700Reviewed-by: Eric Holk <eholk@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#52493}
-