- 11 Oct, 2019 31 commits
-
-
Deepti Gandluri authored
Bug: v8:9845 Change-Id: I638f9bc41023cd4faef46dcafe646c13f3e14573 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1857208Reviewed-by: Frank Tang <ftang@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/master@{#64260}
-
Ng Zhi An authored
This requires a change to instruction selector to UseUnique so that it does not shadow the temporary register. Bug: v8:9810 Change-Id: Iaceadbc39f0c51a92c2a73c4b1097d49a7397876 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1850614Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#64259}
-
Seth Brenith authored
Design doc: https://docs.google.com/document/d/1ZU6rCvF2YHBGMLujWqqaxlPsjFfjKDE9C3-EugfdlAE/edit Changes from the design doc: - Changed to use 'class' declarations rather than 'type' declarations for things that need instance types but whose layout is not known to Torque. These declarations end with a semicolon rather than having a full set of methods and fields surrounded by {}. If the class's name should not be treated as a class name in generated output (because it's actually a template, or doesn't exist at all), we use the standard 'generates' clause to declare the most appropriate C++ class. - Removed @instanceTypeName. - @highestInstanceType became @highestInstanceTypeWithinParentClassRange to indicate a semantic change: it no longer denotes the highest instance type globally, but only within the range of values for its immediate parent class. This lets us use it for Oddball, which is expected to be the highest primitive type. - Added new abstract classes JSCustomElementsObject and JSSpecialObject to help with some range checks. - Added @lowestInstanceTypeWithinParentClassRange so we can move the new classes JSCustomElementsObject and JSSpecialObject to the beginning of the JSObject range. This seems like the least-brittle way to establish ranges that also include JSProxy (and these ranges are verified with static assertions in instance-type.h). - Renamed @instanceTypeValue to @apiExposedInstanceTypeValue. - Renamed @instanceTypeFlags to @reserveBitsInInstanceType. This change introduces the new annotations and adds the ability for Torque to assign instance types that satisfy those annotations. Torque now emits two new macros: - TORQUE_ASSIGNED_INSTANCE_TYPES, which is used to define the InstanceType enumeration - TORQUE_ASSIGNED_INSTANCE_TYPE_LIST, which replaces the non-String parts of INSTANCE_TYPE_LIST The design document mentions a couple of other macro lists that could easily be replaced, but I'd like to defer those to a subsequent checkin because this one is already pretty large. Bug: v8:7793 Change-Id: Ie71d93a9d5b610e62be0ffa3bb36180c3357a6e8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1757094 Commit-Queue: Seth Brenith <seth.brenith@microsoft.com> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#64258}
-
Johannes Henkel authored
New rev: a14dad30f0e5b0fc05911856d5a20b1ffe89fd9b Change-Id: I92a70bb8e5fef13e7422d609d3899ea1092def8c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1847785 Auto-Submit: Johannes Henkel <johannes@chromium.org> Reviewed-by: Alexei Filippov <alph@chromium.org> Commit-Queue: Johannes Henkel <johannes@chromium.org> Cr-Commit-Position: refs/heads/master@{#64257}
-
Ng Zhi An authored
Increase the embedded vector size to 91 as that is the max size needed to print a s128 as a 32x4. - max value of uint32_t has 10 digits in decimal, 1 for a potential sign, 3 spaces in between 4 of them -> 3 + 4 * 11 = 47 - max value of uint32_t has 8 digits in hex, 3 spaces in between -> 3 + 4 * 8 = 35 - the prefix "v128:" -> 5 - " / " to separate the decimal and hex representation -> 3 - null byte 47 + 35 + 5 + 3 + 1 = 91 Bug: v8:9754 Change-Id: I153c30738fa8862b44fb5103cbe62ea0bcea9718 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1814885 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#64256}
-
Frank Tang authored
* Change the logic to reflect the spec change of https://github.com/tc39/proposal-intl-datetime-style/pull/37/ * Move enum value of kUndefined to 0 to make unset behavior the same as kUndefined. * Change the expectation of existing tests * Additional tests - https://github.com/tc39/test262/pull/2385 Bug: v8:9826 Change-Id: Ic437b5f6414aa641ae73766d8c5fd5b9d352a230 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1846722Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/master@{#64255}
-
Robert Sesek authored
The dispatch_semaphore_t is a higher-level, more-efficient semaphore primitive if the cross-process capabilities of semaphore_t are not needed. Bug: chromium:1012386 Change-Id: I9cc6f025f00159f9424c054a3395542b9db00b89 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1848211Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Robert Sesek <rsesek@chromium.org> Cr-Commit-Position: refs/heads/master@{#64254}
-
Frank Tang authored
setUnicodeKeywordValue doesn't remove unrelated keyword/value pairs when the locale is too long, which causes NumberFormat to fail when calling createInstance. Fix this by using LocaleBuilder to add keyword/value into a new locale instead of removing the keyword. Also see https://unicode-org.atlassian.net/browse/ICU-20862 Bug: chromium:1012579 Change-Id: I0f664f60dad8fe786443c8ca8b21ea43323cbf49 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1855586Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/master@{#64253}
-
Clemens Backes authored
The API was marked to be depracated soon in https://crrev.com/c/1847366. Chromium switched to the new APIs in https://crrev.com/c/1855822. R=ulan@chromium.org Bug: v8:9810 Change-Id: I0befb06e180b57ec21ca4c2d56fa8e10a36b0d9e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1856001Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#64252}
-
Igor Sheludko authored
This reverts commit d471ec9f. Reason for revert: Unexpected redness on non-ptr-compr bots. Original change's description: > [ptr-compr][x64] Temporarily enable pointer compression on x64 > > Bug: v8:7703 > Change-Id: Id7858d2d7324670d01836f7acbb952cd99c4a8b7 > Cq-Include-Trybots: luci.v8.try:v8_linux64_ubsan_rel_ng,v8_linux64_tsan_rel > Cq-Include-Trybots: luci.v8.try:v8_linux64_cfi_rel_ng > Cq-Include-Trybots: luci.chromium.try:fuchsia_x64,linux-rel,mac-rel > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1849522 > Commit-Queue: Igor Sheludko <ishell@chromium.org> > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Reviewed-by: Michael Achenbach <machenbach@chromium.org> > Cr-Commit-Position: refs/heads/master@{#64248} Tbr: verwaest@chromium.org,machenbach@chromium.org No-Tree-Checks: true Bug: v8:7703 Change-Id: I841d9722642f75f1277aedd70c4476aee041d946 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1857218Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#64251}
-
Seth Brenith authored
The pointer to the first page of code space is not consistent and therefore shouldn't be included in the mkgrokdump output. No-Tree-Checks: true Bug: v8:9844 Change-Id: I697c34e30e9b67b44e603e92d4bd3c7b81c1af3c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1856511 Commit-Queue: Seth Brenith <seth.brenith@microsoft.com> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#64250}
-
Leszek Swirski authored
Bug: chromium:1012301 Change-Id: I805affc8b18130d9d4de995eed8a905d7fcd4d75 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1856005 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#64249}
-
Igor Sheludko authored
Bug: v8:7703 Change-Id: Id7858d2d7324670d01836f7acbb952cd99c4a8b7 Cq-Include-Trybots: luci.v8.try:v8_linux64_ubsan_rel_ng,v8_linux64_tsan_rel Cq-Include-Trybots: luci.v8.try:v8_linux64_cfi_rel_ng Cq-Include-Trybots: luci.chromium.try:fuchsia_x64,linux-rel,mac-rel Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1849522 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#64248}
-
Ulan Degenbaev authored
TSAN complains about missing synchronization on access to the page flags because it does not support and recognize the memory fence we emit after page initialization. This adds a TSAN only acquire load to the code accesses page flags similar to the existing load in MarkObject. Bug: v8:9842 Change-Id: I34dac308ac1cce1d74a4a1bad95a482abc071595 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1856008Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#64247}
-
Igor Sheludko authored
When we allocate a large page we write a free space filler of the object's size which is encoded as a Smi. Previously the 1Gb didn't fit into 31-bit Smi. In addition, when pointer compression is enabled we should use the same limitation as we had for 32 bit architectures. Bug: v8:9767, chromium:1013042 Change-Id: I6e372324417f03977943f18816eaaf49540184ab Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1856007Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#64246}
-
Jiayao Lin authored
When building with GCC8.1, has error: variable ‘kUpperBoundIsMax’, ‘kLowerBoundIsMin’ set but not used [-Werror=unused-but-set-variable] so, using USE(var) to fix this error Change-Id: I05133d3cb5843f4c0a4a59591470b0fcaa21f16f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1848852 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#64245}
-
Jakob Kummerow authored
This is for consistency and compiler-enforced type safety. No change in behavior intended. Change-Id: I31467832ba6c63fd5f97df9fee6221559b283d67 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1852766 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#64244}
-
Igor Sheludko authored
In some cases operand of compress operation may be a decompress node of different representation. For example, after linearizing of CheckedTaggedToTagged[Signed|Pointer](value) we will proceed using |value| node which may have any other tagged representation. Bug: v8:8977, v8:7703 Change-Id: I3e276511f2c6127b3ecc1fe1cef4f64e7120d027 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1856003Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#64243}
-
Santiago Aboy Solanes authored
The root was moved to the beginning of a 4Gb reservation, which imapacts codegen https://chromium-review.googlesource.com/c/v8/v8/+/1835548 Since the tests are now passing, removed the SKIP on cctests. Bug: v8:9820, v8:9706 Change-Id: Icb45e5b078c405aee880bd7f1c333d28acb7c271 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1849527Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#64242}
-
Ulan Degenbaev authored
This makes allocation of backing stores more robust by perfoming GCs on allocation failure. The GCs help if there are existing large backing stores that are retained by dead JSArrayBuffer objects. Bug: chromium:1008938, v8:9380 Change-Id: Ic80b29214b8843427dfcdd141df71363821afe71 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1855998 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#64241}
-
Ulan Degenbaev authored
The backing store is now propagated to the constructors directly, instead of being attached after the construction. This ensures that the backing store is allocated before the array buffer so that we can trigger GCs on backing store allocation (if allocation fails). The only exception is builtin where we have to allocate the array buffer before the backing store to comply with the spec. Bug: v8:9380 Tbr: verwaest@chromium.org Change-Id: Ib37db65853f3673dd769368cc3e8b6538ad07ff2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1853444 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#64240}
-
Georg Neis authored
This reverts commit 12b22b51. Reason for revert: Experiment finished. Original change's description: > Disable --instruction-scheduling for mksnapshot > > This is an experiment to see the memory/performance impact. > > Bug: v8:9775 > Change-Id: I2ae61ae8bb5c6c1c55436e96c4b2d8201cbf4739 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1832177 > Reviewed-by: Michael Stanton <mvstanton@chromium.org> > Commit-Queue: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#64062} TBR=mvstanton@chromium.org,neis@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: v8:9775 Change-Id: Ife556af5f8c09c25f20756a9b2ac940cb74359e2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1855983Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#64239}
-
cjihrig authored
Update postmortem metadata constants for V8 7.8 in Node.js. Change-Id: Ia2bf5ef611f4f6d87783b1fd1b340ae42e4a92a0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1849139 Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#64238}
-
Dan Elphick authored
Bug: v8:6949 Change-Id: I6cafec59b063e46d55967b678b209202d0328cd3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1852770Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org> Commit-Queue: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#64237}
-
Jakob Kummerow authored
instead of plain uint32_t as entry. This provides some type safety, because the compiler will check that we are not mixing up indexes and entries. It also paves the way to consistently using size_t for TypedArray indexes. Bug: v8:4153 Change-Id: Ie0eb63693c871efda9860d3d288896819868b66a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1852765Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#64236}
-
Joey Gouly authored
Code from ARES-6 Basic: ldur w11, [x5, #15] asr w11, w11, #1 sxtw x11, w11 With this CL: ldur w11, [x5, #15] sbfx x11, x11, #1, #31 This increases performance of Ares6 Basic by ~2% on Cortex-A53. Also reduces the snapshot by ~2000 instructions. Change-Id: Ie9801da730f832337306422d2a9c63461d9e5690 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1849530Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Martyn Capewell <martyn.capewell@arm.com> Cr-Commit-Position: refs/heads/master@{#64235}
-
Dominik Inführ authored
When aborting evacuation of a page, the GC also needs to take care of invalidated objects and recorded slots on the page. Add a test to ensure that future changes do not break this behavior. Bug: chromium:1012081 Change-Id: I110db67157e4b8c7fdb4d1061e9df6955b532a70 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1855758Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#64234}
-
Michael Starzinger authored
R=mslekova@chromium.org BUG=v8:9810 Change-Id: Ia671189b25d4f212887e41a7b2d6a5b028f3c51c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1852771Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#64233}
-
Dan Elphick authored
Tweaks AdvanceBytecodeOffsetOrReturn so that the sequence of (cmp,beq)+ instructions is converted to (cmp, cmpne+, beq) saving an instruction for every return bytecode. In reality this just saves a single instruction. Bug: v8:9771 Change-Id: I7cf2d5ae27ff5495808792aa4c953b97c2bb5b71 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1853246 Commit-Queue: Dan Elphick <delphick@chromium.org> Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#64232}
-
Frank Tang authored
Bug: v8:9812 Change-Id: I6ca086a6efde614e8296c25aafa823349237e988 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1854896Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/master@{#64231}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/42a7475..b68f5d6 Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/df24b8a..788d15f Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/3481902..8e57b4b TBR=machenbach@chromium.org,tmrts@chromium.org Change-Id: I36e95d69961f85aa6444e557670a1b9efe2e1ebc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1853587Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#64230}
-
- 10 Oct, 2019 9 commits
-
-
Ng Zhi An authored
The vst1 and vld1 instruction does a post-increment access. What we intend is the usual access at (base+offset). This change adds a helper function that is called for load and stores of s128, which emits the add instruction to do base+offset, and then change the addressing mode of the load/store to Operand2_R, which generates the variant of vld1/vst1 without the offset register. This is similar to how kSimd128 values are loaded/stored in VisitUnalignedLoad and VisitUnalignedStore. We also remove kSimd128 cases from UnalignedLoad and UnalignedStore, since it is supported (see A3.2.1 Unaligned Data Access, ARM DDI 0406C.d) Bug: v8:9746 Bug: v8:9748 Change-Id: I60b987ac58a5eaacd498a940625163484a3dc2db Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1834771Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#64229}
-
Joyee Cheung authored
Bug: v8:8330 Change-Id: I958f9db0a4f768637ca50b2b19788793236afadf Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1854014Reviewed-by: Adam Klein <adamk@chromium.org> Commit-Queue: Joyee Cheung <joyee@igalia.com> Cr-Commit-Position: refs/heads/master@{#64228}
-
Joyee Cheung authored
Bug: v8:8330, v8:9611 Change-Id: Iec4771311a1be0a6d4fc299740c6a965aee6c291 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1854009Reviewed-by: Mathias Bynens <mathias@chromium.org> Reviewed-by: Shu-yu Guo <syg@chromium.org> Commit-Queue: Joyee Cheung <joyee@igalia.com> Cr-Commit-Position: refs/heads/master@{#64227}
-
Ng Zhi An authored
Bug: v8:9728 Change-Id: I56900b52d37f245cba228ec41a3acbfb7d47363b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1837718Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#64226}
-
Joyee Cheung authored
This patch implements https://github.com/tc39/proposal-class-fields/pull/269 and makes sure we always throw TypeError when there is invalid private name access in computed property keys. Before this patch, private name variables of private fields and methods are initialized together with computed property keys in the order they are declared. Accessing undefined private names in the computed property keys thus fail silently. After this patch, we initialize the private name variables of private fields before we initialize the computed property keys, so that invalid access to private fields in the computed keys can be checked in the IC. We now also initialize the brand early, so that invalid access to private methods or accessors in the computed keys throw TypeError during brand checks - and since these accesses are guarded by brand checks, we can create the private methods and accessors after the class is defined, and merge the home object setting with the creation of the closures. Bug: v8:8330, v8:9611 Change-Id: I01363f7befac6cf9dd28ec229b99a99102bcf012 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1846571 Commit-Queue: Joyee Cheung <joyee@igalia.com> Reviewed-by: Mythri Alle <mythria@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#64225}
-
Joshua Litt authored
Bug: v8:9547 Change-Id: Ib6db47dd18b26bfc231a501723002f9e51c856ea Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1849975Reviewed-by: Adam Klein <adamk@chromium.org> Commit-Queue: Joshua Litt <joshualitt@chromium.org> Cr-Commit-Position: refs/heads/master@{#64224}
-
Joshua Litt authored
While removing dead code, v8 currently removes jump targets, but leaves suspend points, resulting in bytecode analysis issues. This cl simply removes the suspend point if the remainder of the block is dead. Bug: v8:9825 Change-Id: Ib147ca01cf64c695c0316017852d61f52fd10cf4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1849197 Commit-Queue: Joshua Litt <joshualitt@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#64223}
-
Joshua Litt authored
This reverts commit fe7b8b80. Reason for revert: Clusterfuzz has exposed a number of issues. Bug: chromium:1013135, chromium:1013013, chromium:1013058, chromium:1013133 Original change's description: > [regexp] Stage regexp match indices. > > Bug: v8:9548 > Change-Id: I75fdb71154a728f34c5a5b02ae9d75f607b20c69 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1849838 > Reviewed-by: Adam Klein <adamk@chromium.org> > Commit-Queue: Joshua Litt <joshualitt@chromium.org> > Cr-Commit-Position: refs/heads/master@{#64204} TBR=adamk@chromium.org,joshualitt@chromium.org Change-Id: Icab215601d31a25ece9d21807285ca290ea21f9d No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:9548 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1852194Reviewed-by: Joshua Litt <joshualitt@chromium.org> Commit-Queue: Joshua Litt <joshualitt@chromium.org> Cr-Commit-Position: refs/heads/master@{#64222}
-
Dominik Inführ authored
When evacuation is aborted for a page, objects at the beginning of a page might have been evacuated. In addition to deleting recorded slots for this area, evacuated objects need to be removed from the set of invalidated objects since those objects store a forwarding pointer in their map word. Calls to Size() and IsValidSlot() in the subsequent "pointers updating"-phase would fail without a valid map pointer. Bug: chromium:1012081 Change-Id: I15df6f6840cbecf019437562190d4fc1f3b6e368 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1852764Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#64221}
-