- 28 Apr, 2020 1 commit
-
-
Georg Neis authored
... by making sure we deopt when the buffer is detached. Bug: chromium:1074736 Change-Id: I86e4e63014767766d7c079c3a3e38d947c76ef10 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2168874 Commit-Queue: Georg Neis <neis@chromium.org> Commit-Queue: Michael Stanton <mvstanton@chromium.org> Auto-Submit: Georg Neis <neis@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/master@{#67437}
-
- 06 Apr, 2020 1 commit
-
-
Georg Neis authored
Typed array iteration throws a TypeError if the receiver is not a typed array. The JSCallReducer didn't take that into account. Bug: chromium:1067544 Change-Id: Ib065ba1b7881dc0b62242fc416fa16023a7fa244 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2135632Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Auto-Submit: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#67010}
-
- 17 Mar, 2020 1 commit
-
-
Georg Neis authored
This is a reland of 2c834c53, in which node replacement was too aggressive. Original change's description: > [turbofan] Clean up ConstantFoldingReducer > > Change-Id: Iaf7f83cc157a6f6680da8933560347f7f3503d56 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2098736 > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > Commit-Queue: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#66706} Change-Id: I5d306092dde4119629af4c5e7e424a0e9a14310d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2106193 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#66742}
-
- 04 Mar, 2019 1 commit
-
-
Ross McIlroy authored
BUG=v8:8801 Change-Id: I9d9d9824c6c9ad0176bbfd3723da1b578b17c256 Reviewed-on: https://chromium-review.googlesource.com/c/1495555 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Cr-Commit-Position: refs/heads/master@{#60001}
-
- 01 Oct, 2018 1 commit
-
-
Mathias Bynens authored
It was shipped in Chrome 67. Bug: v8:6791, v8:8238 Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;luci.chromium.try:linux_chromium_rel_ng;luci.v8.try:v8_linux_noi18n_rel_ng;master.tryserver.blink:linux_trusty_blink_rel Change-Id: I94d8f0aa18570452403a35dea270b18f155c970a Reviewed-on: https://chromium-review.googlesource.com/1253604Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Mathias Bynens <mathias@chromium.org> Cr-Commit-Position: refs/heads/master@{#56310}
-
- 23 Nov, 2017 1 commit
-
-
Georg Neis authored
The typer's ToNumber (and thus ToInteger etc.) returns type None when the input type is BigInt, but we weren't quite ready for that in a few places. R=jarin@chromium.org Bug: v8:7121 Change-Id: Ib12c726338f1ec3dfb9ba5cf54b00cc8d1351a89 Reviewed-on: https://chromium-review.googlesource.com/785130 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#49604}
-
- 13 Jul, 2017 1 commit
-
-
Adam Klein authored
The tail call implementation is hidden behind the --harmony-tailcalls flag, which is off-by-default (and has been unstaged since February). It is known to be broken in a variety of cases, including clusterfuzz security issues (see sample Chromium issues below). To avoid letting the implementation bitrot further on trunk, this patch removes it. Bug: v8:4698, chromium:636914, chromium:724746 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng;master.tryserver.v8:v8_linux_noi18n_rel_ng Change-Id: I9cb547101456a582374fdf7b1a3f044a9ef33e5c Reviewed-on: https://chromium-review.googlesource.com/569069 Commit-Queue: Adam Klein <adamk@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#46651}
-
- 26 Jan, 2017 1 commit
-
-
bmeurer authored
BUG=chromium:685634 R=ishell@chromium.org Review-Url: https://codereview.chromium.org/2658853002 Cr-Commit-Position: refs/heads/master@{#42713}
-
- 16 Jan, 2017 1 commit
-
-
bmeurer authored
BUG=chromium:679378 R=jarin@chromium.org Review-Url: https://codereview.chromium.org/2634953002 Cr-Commit-Position: refs/heads/master@{#42365}
-
- 02 Jan, 2017 1 commit
-
-
bmeurer authored
When Crankshaft compiles a keyed load to arguments, it disabled optimization unless the KEYED_LOAD_IC for the access was monomorphic. But that's too restrictive, since it will also disable optimization for this function when the access is on a path that was never executed so far. This was spotted in the Node.js core function EventEmitter.prototype.emit, which was no longer optimizable with Crankshaft using latest V8. R=jarin@chromium.org BUG=v8:5790 Review-Url: https://codereview.chromium.org/2607303002 Cr-Commit-Position: refs/heads/master@{#42005}
-