- 18 Jul, 2018 21 commits
-
-
Leszek Swirski authored
ReadOnlyRoots means that some added Isolate parameters are no longer needed. So, we can remove them. This patch was generated mostly automatically with a bespoke tool. Bug: v8:7786 Bug: v8:7754 Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng Change-Id: Ia44fd2a66652253f780e3674bf7fb431caef0493 Reviewed-on: https://chromium-review.googlesource.com/1136305 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Dan Elphick <delphick@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#54526}
-
Leszek Swirski authored
For a script '()=>42', the anonymous arrow function has both start and end position the same as the script function itself. This causes issues when sorting the SourcePositionEvents of the function, in two ways: * If the start positions are the same, we should order by *furthest* end position to ensure the stack is in the right order * If both start and end are the same, we need to order by function literal id to make sure that start order and end order are inversed. Also, MapLiterals assumes that start+end position uniquely identifies a function, which is false in this case, so we process the top-level script function separately in MapLiterals. Change-Id: I2b2185dc2825018b7ea44c7d0918238e9b1dd972 Reviewed-on: https://chromium-review.googlesource.com/1141741 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> Cr-Commit-Position: refs/heads/master@{#54525}
-
Sigurd Schneider authored
This reverts commit 7f67cbd4. Reason for revert: Speculative revert because of https://ci.chromium.org/p/v8/builders/luci.v8.ci/Mac%20V8%20FYI%20Release%20(Intel)/1842 Original change's description: > [turbofan] More brokerization in JSCreateLowering. > > Brokerized ReduceJSCreateEmptyLiteralObject and added the scope > for ReduceJSCreateLiteralArrayOrObject. > > Bug: v8:7790 > Change-Id: Ife34a6b610678a3fe24152151cf343400ee515bd > Reviewed-on: https://chromium-review.googlesource.com/1140306 > Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#54507} TBR=jarin@chromium.org,neis@chromium.org,mslekova@chromium.org Change-Id: Ic4a89cd872b13e4b5f28636e0d91b3b013d6649a No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:7790 Reviewed-on: https://chromium-review.googlesource.com/1141964Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#54524}
-
Simon Zünd authored
R=jgruber@chromium.org Change-Id: If88adfb7cb9a30a50448a39c71bd899484d29510 Reviewed-on: https://chromium-review.googlesource.com/1139060 Commit-Queue: Simon Zünd <szuend@google.com> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#54523}
-
Simon Zünd authored
This CL moves Array.p.fill from JavaScript to a C++ builtin. It has a generic slow-path and fast-paths implemented via ElementsAccessor in elements.cc. R=cbruni@chromium.org Bug: v8:7624 Change-Id: I8820e1195d2cd9b41c254058923ad9875aab067c Reviewed-on: https://chromium-review.googlesource.com/1131130 Commit-Queue: Simon Zünd <szuend@google.com> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#54522}
-
Yang Guo authored
This is no longer necessary since we removed the debug context. R=jgruber@chromium.org Bug: v8:5530 Change-Id: Ibb9df3a1f139ee076296faedb80204e7fcc23197 Reviewed-on: https://chromium-review.googlesource.com/1134746Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#54521}
-
Frank Tang authored
Spec: http://tc39.github.io/proposal-intl-relative-time/ Design Doc: go/add-intl.relativetimeformat-to-v8 Test: test262/intl402/RelativeTimeFormat/*, intl/relative-time-format/* R=cira@chromium.org, gsathya@chromium.org Bug: v8:7869 Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng Change-Id: Ied95d601cf707db5d555f9d963b9b1f206e37331 Reviewed-on: https://chromium-review.googlesource.com/1124728Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/master@{#54520}
-
Frank Tang authored
Bug: v8:7684 Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng Change-Id: I8ee5aa4a2f481bbe4e47ab3889a9a6084b6b2943 Reviewed-on: https://chromium-review.googlesource.com/1137927Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/master@{#54519}
-
Andreas Haas authored
R=clemensh@chromium.org Change-Id: I4f1bda6f0ad420776eb181563d5efbc0d06a911e Reviewed-on: https://chromium-review.googlesource.com/1141582Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#54518}
-
Sergiy Byelozyorov authored
This reverts commit 1e1cca61. Reason for revert: breaks builders Original change's description: > [tools] Keep raw data in the generated JSON for debugging purposes > > R=machenbach@chromium.org > > Bug: chromium:861668 > Change-Id: Ic3225ed5919c21a7f6a9f21cba4aa491e1d6606d > Reviewed-on: https://chromium-review.googlesource.com/1140331 > Reviewed-by: Michael Achenbach <machenbach@chromium.org> > Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org> > Cr-Commit-Position: refs/heads/master@{#54508} TBR=machenbach@chromium.org,sergiyb@chromium.org Change-Id: I10dff94c9cfe08c4a6b6d4d225b429fe16b95d19 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:861668 Reviewed-on: https://chromium-review.googlesource.com/1141784Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org> Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org> Cr-Commit-Position: refs/heads/master@{#54517}
-
Maya Lekova authored
Bug: v8:7790 Change-Id: I12c159ade57a0974c6adc5b277a0b5fd74fd4dfb Reviewed-on: https://chromium-review.googlesource.com/1140313 Commit-Queue: Maya Lekova <mslekova@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#54516}
-
Clemens Hammacher authored
This helps debugging unexpected traps, as you can figure out which instruction triggered the trap. R=mstarzinger@chromium.org Change-Id: I61735f14e2838ace195f6b84b555b9ddfc06aa0f Reviewed-on: https://chromium-review.googlesource.com/1140296Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#54515}
-
Dan Elphick authored
Convert all remaining uses (in api.cc) to use private local implementations. These local uses all appear inside deprecated functions. Bug: v8:7786 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: I86bcafd4c8a737da32fcb8ab275ec708632f9e39 Reviewed-on: https://chromium-review.googlesource.com/1140319 Commit-Queue: Dan Elphick <delphick@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#54514}
-
Dan Elphick authored
Strictly speaking there are some left in api.cc, but they are in deprecated functions with non-deprecated alternatives. Apart from changes made using tooling, this also modifies FieldType::AsClass to return Map* rather than Handle<Map> and converts its call sites to create the Handle when they need it - currently several sites immediately dereference the Handle. Also marks WasmDebugInfo as NeverReadOnlySpaceObject so GetIsolate and GetHeap remain usable. Bug: v8:7786 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: I7ea5048f97f140c757f651712b8c33a5c7e0ebc1 Reviewed-on: https://chromium-review.googlesource.com/1140302Reviewed-by: Adam Klein <adamk@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#54513}
-
Michael Starzinger authored
This removes two pointers to Histograms from the memory tracker. These histograms are stored as part of the Isolate and their lifetime is also coupled to the Isolate. We cannot bind the pointers but need to pass them (or the Isolate) as a parameter instead. R=clemensh@chromium.org BUG=v8:7424 Change-Id: I6b141b924bd858234641d6603a25fcb08cdf40e3 Reviewed-on: https://chromium-review.googlesource.com/1140312 Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#54512}
-
Marja Hölttä authored
Now we can finally get rid of Map::weak_cell_cache! BUG=v8:7308 Change-Id: I87a06509bf638bf6833ea2ba1eca525fb4b15df1 Reviewed-on: https://chromium-review.googlesource.com/1128882 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#54511}
-
Leszek Swirski authored
The BodyDescriptor of an object should use its aligned size. Change-Id: If743ca130b3cb97c4f25054db6dc887d88fc5e32 Reviewed-on: https://chromium-review.googlesource.com/1140309Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#54510}
-
Marja Hölttä authored
BUG=v8:7754,v8:5402 Change-Id: Ib3f3a879e68d96cd5d82b1ee461b57dc7367ebe2 Reviewed-on: https://chromium-review.googlesource.com/1139059Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#54509}
-
Sergiy Byelozyorov authored
R=machenbach@chromium.org Bug: chromium:861668 Change-Id: Ic3225ed5919c21a7f6a9f21cba4aa491e1d6606d Reviewed-on: https://chromium-review.googlesource.com/1140331Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org> Cr-Commit-Position: refs/heads/master@{#54508}
-
Jaroslav Sevcik authored
Brokerized ReduceJSCreateEmptyLiteralObject and added the scope for ReduceJSCreateLiteralArrayOrObject. Bug: v8:7790 Change-Id: Ife34a6b610678a3fe24152151cf343400ee515bd Reviewed-on: https://chromium-review.googlesource.com/1140306 Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#54507}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/7315579..e4fb293 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/fb73403..302bb84 Rolling v8/third_party/fuchsia-sdk: https://chromium.googlesource.com/chromium/src/third_party/fuchsia-sdk/+log/8227701..976ce5e Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/c0b1d89..5d1ce93 TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org Change-Id: I202ee90eb4c3ea68e2677227dd0ad05cac352be2 Reviewed-on: https://chromium-review.googlesource.com/1141428Reviewed-by: V8 Autoroller <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: V8 Autoroller <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#54506}
-
- 17 Jul, 2018 19 commits
-
-
Alexey Kozyatinskiy authored
We try to prevent side effects by forbidding running any JavaScript when we get property from node object. In case of object node it is possible that by calling property we force internal object initialization which may force creation of new context, this initialization can not be made with forbided JavaScript and at the same time is side effect free. As workaround we can warmup dom objects first and then generate description. R=dgozman@chromium.org Bug: chromium:827585 Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel Change-Id: Ifd2c6317ffd5cb3822d2a2eedf3d0b0f36a201f1 Reviewed-on: https://chromium-review.googlesource.com/1041078Reviewed-by: Dmitry Gozman <dgozman@chromium.org> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> Cr-Commit-Position: refs/heads/master@{#54505}
-
Frank Tang authored
Fixes intl402/Locale/constructor-options-{casefirst,hourcycle,numeric}-invalid Bug: v8:7684 Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng Change-Id: I43317f4bb1bb8422940faab1e5afa4162ed9ea11 Reviewed-on: https://chromium-review.googlesource.com/1137476Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/master@{#54504}
-
Johannes Henkel authored
https://chromium.googlesource.com/deps/inspector_protocol/+/0d4255502019144a5dec5669d7992165ae8924e7 Change-Id: I3711883a4cff11f71cca10054e4aac11293f5293 Reviewed-on: https://chromium-review.googlesource.com/1139095Reviewed-by: Dmitry Gozman <dgozman@chromium.org> Commit-Queue: Johannes Henkel <johannes@chromium.org> Cr-Commit-Position: refs/heads/master@{#54503}
-
Mathias Bynens authored
This patch makes `d8` recognize files with the `.mjs` extension as modules instead of classic scripts. This change can be tested by saving the following JavaScript program as both `module.mjs` and as `script.js`: console.log(this === undefined ? 'strict' : 'sloppy'); Then, run these files in `d8` without passing the `--module` flag: $ d8 module.mjs strict $ d8 script.js sloppy The use of `.mjs` matches not just Google’s recommendation [1] but also the current modules implementation in Node.js [2]. [1] https://developers.google.com/web/fundamentals/primers/modules [2] https://nodejs.org/api/esm.html Bug: v8:7950 Change-Id: I8f39420dc24a5eedd7e88d3b1aa48207ebfeff6e Reviewed-on: https://chromium-review.googlesource.com/1140314 Commit-Queue: Mathias Bynens <mathias@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#54502}
-
Daniel Clifford authored
Struct are bundles of value types. They are essentially just shorthand for passing around a group of individually defined values. Struct types are declared like this: struct A { x: Smi; y: int32; } and can be constructed explicitly like this: A{0, 0} Structs can be used wherever other types are used (e.g. variables, parameters, return values) except for parameter/return types of builtins and runtime functions. Struct use field access notation to set/get their values like this: let a: A = A{0, 0}; let b: Smi = a.x; a.y = 0; Change-Id: I9fd36a6514c37882831256a49a50809c5db75b56 Reviewed-on: https://chromium-review.googlesource.com/1122133 Commit-Queue: Daniel Clifford <danno@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#54501}
-
Clemens Hammacher authored
i32 stack parameters can be loaded by Turbofan as 64-bit value, hence they would not be zero extended. If this loaded value is then passed to Liftoff (which assumes zero-extended i32 values), we could use it for memory accesses, which would be out of bounds. R=mstarzinger@chromium.org Bug: chromium:864509, v8:6600 Change-Id: I0f45a269b1fb1c2befc2e6bc660c559a88323767 Reviewed-on: https://chromium-review.googlesource.com/1140168 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#54500}
-
Brian Stell authored
Bug: v8:5751 Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng Change-Id: If71ab553f7f70dd148fb90a18ccd9b1c69791323 Reviewed-on: https://chromium-review.googlesource.com/1119103Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by: Jungshik Shin <jshin@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Brian Stell <bstell@chromium.org> Cr-Commit-Position: refs/heads/master@{#54499}
-
Sigurd Schneider authored
This reverts commit f5a8352b. Reason for revert: Performance issues Original change's description: > [embedded-builtins] Enable on all arches except x86 for benchmarks > > This CL enables embedded builtins to get benchmark feedback. We need > this feedback to identify and address remaining performance problems. > > Bug: v8:6666 > Change-Id: I8f77f218e656b55ddabe1236eb2a1d14a5ac6233 > Reviewed-on: https://chromium-review.googlesource.com/1105834 > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Commit-Queue: Sigurd Schneider <sigurds@chromium.org> > Cr-Commit-Position: refs/heads/master@{#53836} TBR=sigurds@chromium.org,jgruber@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: v8:6666 Change-Id: I0e0897eefa069b0b9ad2dd56b2ffc3e3617f9258 Reviewed-on: https://chromium-review.googlesource.com/1139974 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#54498}
-
Georg Neis authored
Bug: v8:7790 Change-Id: I747dccb8dcae74c5c0837c0cd7f3dd285a4bd9c0 Reviewed-on: https://chromium-review.googlesource.com/1140304Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#54497}
-
Michael Starzinger authored
This changes the ARM64-specific {TurboAssembler::AssertSpAligned} helper to not generate calls to the {Abort} builtin. It is needed to ensure all WebAssembly runtime stubs (e.g. {WasmGrowMemory}) are independent of the Isolate. In general calling the {Abort} builtin without a valid frame being present will produce bogus debug messages anyways. Hence we just unconditionally use traps for the debug code in question. R=sigurds@chromium.org Change-Id: I93eb87e8b87209da8506c9b28e2c800950d1118a Reviewed-on: https://chromium-review.googlesource.com/1140170 Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#54496}
-
Maya Lekova authored
We used to have an optimized version for ToString on number nodes which was allocating an object on the heap, therefore preventing this code from being executed on the compiler thread. Octane benchmark results show insignificant increase in performance (< 0.5%) without this optimization - see https://docs.google.com/spreadsheets/d/1MC5NrMoMSsqxZqw0ojoZvomBb7q2EOt1S0sFoJ8ld2c/edit#gid=1732639373 which leads to the conclusion we can safely remove the optimization for now. Bug: v8:7790 Change-Id: Ia1d53608f8d10ba20e0ff57cccb34583655382c6 Reviewed-on: https://chromium-review.googlesource.com/1139063 Commit-Queue: Maya Lekova <mslekova@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#54495}
-
Max Moroz authored
Bug: Chromium:798921 Change-Id: I6cd3dbe49f586cdedfc70c6c6ad83391240a65d9 Reviewed-on: https://chromium-review.googlesource.com/1138550Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Max Moroz <mmoroz@chromium.org> Cr-Commit-Position: refs/heads/master@{#54494}
-
Dan Elphick authored
Also moves ObjectVerify to GlobalHandles::CopyGlobal from V8::CopyPersistent (which was the only caller) so it can get hold of an Isolate*. Bug: v8:7786 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: I0758bf6e431bf6e617244741ab2e1583a3566b20 Reviewed-on: https://chromium-review.googlesource.com/1140295Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#54493}
-
Timothy Gu authored
Reland part of https://chromium-review.googlesource.com/c/v8/v8/+/816515. Change-Id: I72ad85ffd162fc0563fc25cdf35189e894f9dc82 Reviewed-on: https://chromium-review.googlesource.com/1138808 Commit-Queue: Timothy Gu <timothygu@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#54492}
-
Jaroslav Sevcik authored
Bug: v8:7790 Change-Id: Idb838dabab8aaaedd7b8b9677975064541cc6491 Reviewed-on: https://chromium-review.googlesource.com/1140154Reviewed-by: Maya Lekova <mslekova@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#54491}
-
Dan Elphick authored
Pass Isolate directly into several LayoutDescriptor methods so they don't call GetIsolate on unsafe objects. Also marks DebugInfo as non-read-only (so our GetIsolate removal tools stop trying to change BreakIterator::isolate() to call itself). Bug: v8:7786 Change-Id: I626a83d603ab74f648c72eb50d027b3866cedceb Reviewed-on: https://chromium-review.googlesource.com/1138326 Commit-Queue: Dan Elphick <delphick@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#54490}
-
Clemens Hammacher authored
The instruction selector currently sometimes emits a lea32 with an offset of 0, which the code generator just ignores (emits no code at all). This can result in the result of TruncateInt64ToInt32 to not be zero extended. This CL fixes that by disallowing lea32 instructions with 0 offset, and fixing the instruction selector to generate a movl or just no code for that case. R=jarin@chromium.org Bug: chromium:863810, v8:7947 Change-Id: I1b21fc5f0fda9ca3144917538c3d0bbf46601c33 Reviewed-on: https://chromium-review.googlesource.com/1137825Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#54489}
-
Dan Elphick authored
Ran GetIsolate/GetHeap removal script over all the header files included into objects.cc. Affected classes include: ScriptContextTable RuntimeCallTimerScope GlobalDictionaryShape Map LookupIterator PrototypeIterator FixedArrayBuilder Manually fixed up Map to mark its write operations as safe for GetIsolate since they modify the object as so can't be done in RO_SPACE. Bug: v8:7786 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;luci.v8.try:v8_linux_noi18n_rel_ng Change-Id: I2fd0960f085d1bcb4cf54b3418899ac0217917ca Reviewed-on: https://chromium-review.googlesource.com/1138076 Commit-Queue: Dan Elphick <delphick@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#54488}
-
Dan Elphick authored
Also deletes lots of code that attempts to detect when the heap is corrupt but would likely just crash if the heap was corrupt. Bug: v8:7786 Change-Id: I2e6bbea2e393b0f640a9d7180114560e7f6d3670 Reviewed-on: https://chromium-review.googlesource.com/1140061Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#54487}
-