- 30 Apr, 2018 10 commits
-
-
Ivica Bogosavljevic authored
Fix 3f99a376 A typo in the port caused failuire of about 300 tests. This CL fixes it. TEST=cctest/test-api/CatchExceptionFromWith,cctest/test-api/MessageHandler1 Change-Id: Ia2f4c9502d00fe1a6ee581f8a9b41a574b688dab Reviewed-on: https://chromium-review.googlesource.com/1033735Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com> Cr-Commit-Position: refs/heads/master@{#52884}
-
Jaroslav Sevcik authored
The idea is to mark all the branches and loads participating in array bounds checks, and let them contribute-to/use the poisoning register. In the code, the marks for array indexing operations now contain "Critical" in their name. By default (--untrusted-code-mitigations), we only instrument the "critical" operations with poisoning. With that in place, we also remove the array masking approach based on arithmetic. Since we do not propagate the poison through function calls, we introduce a node for poisoning an index that is passed through function call - the typical example is the bounds-checked index that is passed to the CharCodeAt builtin. Most of the code in this CL is threads through the three levels of protection (safe, critical, unsafe) for loads, branches and flags. Bug: chromium:798964 Change-Id: Ief68e2329528277b3ba9156115b2a6dcc540d52b Reviewed-on: https://chromium-review.googlesource.com/995413 Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#52883}
-
Andreas Haas authored
assertPromiseResult caused tests to timeout when the result of the promise was unexpected, e.g. rejected instead of the expected fulfillment. This CL cleans up the implementation of assertPromiseResult, adds better stack traces, and adds tests for all the important cases I can think of. R=mathias@chromium.org CC=clemensh@chromium.org Bug: v8:7570 Change-Id: I6ecb94fd3e5151502edf73c3bcdeb518b80fc81c Reviewed-on: https://chromium-review.googlesource.com/1032786 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Mathias Bynens <mathias@chromium.org> Cr-Commit-Position: refs/heads/master@{#52882}
-
Michael Starzinger authored
Now that we no longer clone {WasmCode} objects, the referenced protected instructions became unique to each such object. We no longer need to maintain a reference count on the protected instructions. R=clemensh@chromium.org Change-Id: Iaa5b9cd4b56cc06d75f7d0b71429b6147378c2ca Reviewed-on: https://chromium-review.googlesource.com/1034061 Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#52881}
-
Marja Hölttä authored
BUG=v8:7308 Change-Id: I55400096095619e2995a50adadf93253fc95d34c Reviewed-on: https://chromium-review.googlesource.com/1034057Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#52880}
-
Clemens Hammacher authored
Since the switch of Address from byte* to uintptr_t, we technically cannot differentiate between constant field addresses and non-constant ones. Thus remove the FIELD_ADDR_CONST macro, and use the identical FIELD_ADDR instead. R=jkummerow@chromium.org Bug: v8:7570 Change-Id: Iea4dde36b42c6d0f0ea80a965806f1dbd7adcd39 Reviewed-on: https://chromium-review.googlesource.com/1032746Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#52879}
-
Jaroslav Sevcik authored
This removes Type::operator-> which was used to split the change that removed undefined misuse of Type* to represent integers. Bug: v8:3770 Change-Id: I9a5bce5ccdc75461a7b939b4070cb58fe6040d99 Reviewed-on: https://chromium-review.googlesource.com/1033736Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#52878}
-
Michael Starzinger authored
This shares {NativeModule} and associated {WasmCode} objects across multiple WebAssembly instances in the same Isolate. It also removes support for cloning the aforementioned objects. R=clemensh@chromium.org BUG=v8:7424 Change-Id: I35334bd68f87e5871c244ee33dfcecb9da326b9f Reviewed-on: https://chromium-review.googlesource.com/1032780 Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#52877}
-
Marja Hölttä authored
BUG=v8:7490,v8:7570 Change-Id: I74fa43a747b0d399c700acc43eb82e15ea90ba16 Reviewed-on: https://chromium-review.googlesource.com/1032736Reviewed-by: Andreas Haas <ahaas@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#52876}
-
Predrag Rudic authored
Fix failing test mjsunit/skipping-inner-functions on big endian platforms. Change-Id: If35c5a663a296fab6ad6011cf0a101133ec6a237 Reviewed-on: https://chromium-review.googlesource.com/1029954 Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com> Reviewed-by: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#52875}
-
- 29 Apr, 2018 2 commits
-
-
Caitlin Potter authored
Without this change, we could disable slow paths required when symbols such as toStringTag are present on a receiver, but accessors or interceptors are not (added in 31800120) This change modifies this behaviour to not unset the previously set bit if these forced slow path conditions are not met. BUG=v8:7706 R=bmeurer@chromium.org Change-Id: Id7bceb0e749da52e2dbcde0a310a865a89f24066 Reviewed-on: https://chromium-review.googlesource.com/1034210Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Caitlin Potter <caitp@igalia.com> Cr-Commit-Position: refs/heads/master@{#52874}
-
v8-autoroll authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/fb6dc3a..725734c TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org Change-Id: I1f42691e880f0c9e038fb66ca7d2aa07a7cd6514 Reviewed-on: https://chromium-review.googlesource.com/1034217 Commit-Queue: v8 autoroll <v8-autoroll@chromium.org> Reviewed-by: v8 autoroll <v8-autoroll@chromium.org> Cr-Commit-Position: refs/heads/master@{#52873}
-
- 28 Apr, 2018 3 commits
-
-
Jaroslav Sevcik authored
This is part of the effort to decrease the amount of undefined behavior. that v8 relies on. The main change here is to represent types with class Type rather than with pointer Type*. To make the CL smaller, I used an operator overload hack to separate the change from `->` to `.`. I am working on a CL that will remove the operator and change all those arrows to dots. Bug: v8:3770 Change-Id: I71a197cb739a1467937bc95c2a757fab0469aa22 Reviewed-on: https://chromium-review.googlesource.com/1032551 Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#52872}
-
v8-autoroll authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/70ef8f2..fb6dc3a Rolling v8/buildtools: https://chromium.googlesource.com/chromium/buildtools/+log/ab7b6a7..b7d53a9 Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/846cec5..a4814ec TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org Change-Id: I911330b4529383347ca0b58660e78e6329a1751e Reviewed-on: https://chromium-review.googlesource.com/1034075 Commit-Queue: v8 autoroll <v8-autoroll@chromium.org> Reviewed-by: v8 autoroll <v8-autoroll@chromium.org> Cr-Commit-Position: refs/heads/master@{#52871}
-
jing.bao authored
I16x8SConvertI32x4, I16x8UConvertI32x4, I8x16SConvertI16x8, I8x16UConvertI16x8 Add packsswb/packssdw/packuswb/packusdw Change-Id: Ibb661a20fa032d732fec20b3d48190f44d2d4bd4 Reviewed-on: https://chromium-review.googlesource.com/1027123Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Jing Bao <jing.bao@intel.com> Cr-Commit-Position: refs/heads/master@{#52870}
-
- 27 Apr, 2018 25 commits
-
-
Eric Holk authored
This finishes off the fixes and adds a DCHECK to make sure future tests have page-sized memories. The one exception is for asm.js, because asm.js does not have the same page size restriction. Bug: v8:7704, v8:7570 Change-Id: I9f6d0f6c1744072fb1efa88abdfd2011938960df Reviewed-on: https://chromium-review.googlesource.com/1033827Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Commit-Queue: Eric Holk <eholk@chromium.org> Cr-Commit-Position: refs/heads/master@{#52869}
-
Eric Holk authored
Bug: v8:7704, v8:7570 Change-Id: I671f1355b9a95b0fcba56ac5fb3669b4563652dc Reviewed-on: https://chromium-review.googlesource.com/1033543 Commit-Queue: Eric Holk <eholk@chromium.org> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Cr-Commit-Position: refs/heads/master@{#52868}
-
Deepti Gandluri authored
Bug: v8:7704, v8:7570 Change-Id: I3543e101ba41b88710e4f5942929e4e128ef2a78 Reviewed-on: https://chromium-review.googlesource.com/1033356Reviewed-by: Eric Holk <eholk@chromium.org> Commit-Queue: Deepti Gandluri <gdeepti@chromium.org> Cr-Commit-Position: refs/heads/master@{#52867}
-
Jungshik Shin authored
Intl.PluralRules and Intl.NumberFormat.prototype.formatToParts were shipped in 6.3 and 6.4, respectively. Remove harmony_plural_rules and harmony_number_format_to_parts. Bug: v8:5601, v8:5244 Test: mjsunit/intl-pluralrules-select Test: mjsunit/intl-numberformat-formattoparts Test: test262/intl402/PluralRules/unit/harmony/intl-numberformat-formattoparts Test: test262/intl402/NumberFormat/prototype/formatToParts/* Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng Change-Id: I1752622484bf9a0a8b9d810db54fc238f4caf3f3 Reviewed-on: https://chromium-review.googlesource.com/1032260 Commit-Queue: Jungshik Shin <jshin@chromium.org> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#52866}
-
Ben Smith authored
* If the mutability of the global object doesn't match the module, then it should throw a LinkError. * There was a missing `return` when importing a Number as a mutable global. * All globals were being exported as immutable. * Attempting to set the value of an immutable global should throw a TypeError. * The length of the setter function should be 1. Bug: v8:7625 Change-Id: I08d6a428506a18db15eecadf4cbcee89e0658924 Reviewed-on: https://chromium-review.googlesource.com/1031626Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Ben Smith <binji@chromium.org> Cr-Commit-Position: refs/heads/master@{#52865}
-
Vincent Belliard authored
Bug: v8:6600 Change-Id: I3aa174e28db83ca9e9f7a7b65c8007af8227908a Reviewed-on: https://chromium-review.googlesource.com/1028764 Commit-Queue: Vincent Belliard <vincent.belliard@arm.com> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#52864}
-
Eric Holk authored
Bug: v8:7570 Change-Id: I90d9cb6c22c34017df2fd1613f3c94bb6a9afb52 Reviewed-on: https://chromium-review.googlesource.com/1033452Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Commit-Queue: Eric Holk <eholk@chromium.org> Cr-Commit-Position: refs/heads/master@{#52863}
-
Vasili Skurydzin authored
Related: https://chromium-review.googlesource.com/c/chromium/src/+/1004440 Change-Id: I6040414e5d980c7d98a7a38e136cd8d2349a5c4c Reviewed-on: https://chromium-review.googlesource.com/1017805 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#52862}
-
Vincent Belliard authored
Bug: v8:6600 Change-Id: Iec1804b89ed853833596a498bb1dfc15bb16c4ce Reviewed-on: https://chromium-review.googlesource.com/1028763 Commit-Queue: Vincent Belliard <vincent.belliard@arm.com> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#52861}
-
Bill Budge authored
- Alignment of code sections is only relative to start of header. Code should be aligned in the buffer. - Rewrites Reader/Writer classes to make global alignment easier. - Rewrites the native serialization to simplify things in preparation for switch to streaming serialization APIs. Bug: chromium:719007 Change-Id: I0397bc84a8d009b4fd7f5286bb5abc527bb0db95 Reviewed-on: https://chromium-review.googlesource.com/1027433 Commit-Queue: Bill Budge <bbudge@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#52860}
-
Andreas Haas authored
When WebAssembly.instantiate or WebAssembly.instantiateStreaming is called in JavaScript, internally we transfrom it into WebAssembly.compile(buffer).then(WebAssembly.instantiate). However, modifying the prototype of WebAssembly.Module can change the result of WebAssembly.compile(buffer). With this CL we make sure that even if the result of WebAssembly.compile is modified, there is still no type confusion. In the long term we have to do a refactoring and remove this internal transformation. R=mstarzinger@chromium.org Bug: chromium:837417 Change-Id: I376068b8b8b01b991ec450162da6a62ae7030c62 Reviewed-on: https://chromium-review.googlesource.com/1032392 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#52859}
-
Vincent Belliard authored
Bug: v8:6600 Change-Id: I2e18700344ce57c78c096fba1956d82f9e29ffa6 Reviewed-on: https://chromium-review.googlesource.com/1026469 Commit-Queue: Vincent Belliard <vincent.belliard@arm.com> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#52858}
-
Camillo Bruni authored
This reverts commit 9a7c4bfe. Reason for revert: <INSERT REASONING HERE> Original change's description: > Revert "[elements] Improve Array.prototype.splice speed" > > This reverts commit dcdabdc8. > > Reason for revert: broke tsan. > > Original change's description: > > [elements] Improve Array.prototype.splice speed > > > > By using memmove for SMI elements we get a roughly 3x speedup over the slower > > iterative copying with write barriers. > > > > Bug: chromium:835558 > > Change-Id: I73da07a1648a3495ff78212ffa1ed949d205a7d2 > > Reviewed-on: https://chromium-review.googlesource.com/1028236 > > Reviewed-by: Igor Sheludko <ishell@chromium.org> > > Commit-Queue: Camillo Bruni <cbruni@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#52792} > > TBR=cbruni@chromium.org,ishell@chromium.org > > Change-Id: I77c46fe3d47d651de3c39df9fbf5f30c340188e2 > No-Presubmit: true > No-Tree-Checks: true > No-Try: true > Bug: chromium:835558 > Reviewed-on: https://chromium-review.googlesource.com/1028337 > Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> > Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> > Cr-Commit-Position: refs/heads/master@{#52795} TBR=kozyatinskiy@chromium.org,cbruni@chromium.org,ishell@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: chromium:835558 Change-Id: I57aedb3536b81c97cf4e7ab6d863aa1dc24c20b4 Reviewed-on: https://chromium-review.googlesource.com/1032743Reviewed-by: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#52857}
-
Michael Achenbach authored
This reverts commit 6379e2a4. Reason for revert: https://logs.chromium.org/v/?s=chromium%2Fbb%2Fclient.v8%2FV8_Win64%2F23855%2F%2B%2Frecipes%2Fsteps%2FCheck%2F0%2Flogs%2Fmkgrokdump%2F0 Original change's description: > [builtins] Patch self-references in constants table > > During code generation, we generate self-references (i.e. references to > the Code object currently being generated) as references to a temporary > handle. When the final Code object has been allocated, the handle's > location is fixed up and RelocInfo iteration fixes up all references > embedded in the generated code. > > This adds support for this mechanism to the builtins constants table > builder. CodeObject() is now a new handle pointing to a dedicated > self-reference marker in order to distinguish between self-references > and references to undefined. In Factory::NewCode, we patch up > the constants table. > > Bug: v8:6666 > Change-Id: If74ed91bb1c3b8abb20ff2f0a87d1bcd9a1b0511 > Reviewed-on: https://chromium-review.googlesource.com/1018468 > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Reviewed-by: Yang Guo <yangguo@chromium.org> > Cr-Commit-Position: refs/heads/master@{#52854} TBR=yangguo@chromium.org,mlippautz@chromium.org,jgruber@chromium.org Change-Id: I8cf8c4b43f51285ea913c6c8fdd339bd9ea645df No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:6666 Reviewed-on: https://chromium-review.googlesource.com/1033092Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#52856}
-
Junliang Yan authored
Port 3f99a376 Original Commit Message: This is a reland of f5d30851 Original change's description: > [builtins] Introduce further constant & external reference indirections > > This introduces further indirections for embedded constants and > external references for builtins generated by the macro-assembler. > The used mechanisms (LookupConstant and LookupExternalReference) are > identical to what we already use in CSA. > > Almost all builtins are now isolate-independent in both release and > debug modes. snapshot_blob.bin is roughly 670K smaller in embedded > builds vs. non-embedded builds, while libv8.so is roughly 280K larger. > > Bug: v8:6666 > Change-Id: I7a6c2193ef5a763e6cf7543dd51597d6fff6c110 > Reviewed-on: https://chromium-review.googlesource.com/1006581 > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Cr-Commit-Position: refs/heads/master@{#52810} R=jgruber@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com BUG= LOG=N Change-Id: I037faebce37a866091dc35e04500790591292622 Reviewed-on: https://chromium-review.googlesource.com/1031397Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Junliang Yan <jyan@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#52855}
-
jgruber authored
During code generation, we generate self-references (i.e. references to the Code object currently being generated) as references to a temporary handle. When the final Code object has been allocated, the handle's location is fixed up and RelocInfo iteration fixes up all references embedded in the generated code. This adds support for this mechanism to the builtins constants table builder. CodeObject() is now a new handle pointing to a dedicated self-reference marker in order to distinguish between self-references and references to undefined. In Factory::NewCode, we patch up the constants table. Bug: v8:6666 Change-Id: If74ed91bb1c3b8abb20ff2f0a87d1bcd9a1b0511 Reviewed-on: https://chromium-review.googlesource.com/1018468 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#52854}
-
Michael Starzinger authored
This removes the last reference from {NativeModule} that made it specific to a concrete WebAssembly instance, by only referencing the {WasmSharedModuleData} instead of a {WasmCompiledModule}. Note that eventually we want to remove this reference completely to become even independent of the underlying Isolate soon. R=clemensh@chromium.org BUG=v8:7424 Change-Id: I29b8cde8beadeef75c90e90fbff1830f2bf4e636 Reviewed-on: https://chromium-review.googlesource.com/1032433 Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#52853}
-
Ben L. Titzer authored
R=clemensh@chromium.org Change-Id: Iade16b07a24dca8ac542e68becad734d977b673a Reviewed-on: https://chromium-review.googlesource.com/1032778Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Ben Titzer <titzer@chromium.org> Cr-Commit-Position: refs/heads/master@{#52852}
-
Georg Neis authored
- Refine the type of 'hole'. - Remove the mysterious 'receiver' definition. - Remove the declaration of a non-existing Print function. Bug: v8:7570 Change-Id: If093b456a9bc31c5673ada87f262c0cfcadf11ad Reviewed-on: https://chromium-review.googlesource.com/1032737Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#52851}
-
Simon Zünd authored
Bug: v8:7570 Change-Id: I2c6551fdd1a53323065f9c23e5bee793e9f561cf Reviewed-on: https://chromium-review.googlesource.com/1032774Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Simon Zünd <szuend@google.com> Cr-Commit-Position: refs/heads/master@{#52850}
-
Clemens Hammacher authored
Linkage-related methods were declared in wasm-compiler.h and implemented in wasm-linkage.cc. This required all users of e.g. wasm call descriptors to include the whole wasm compiler header. Also, some wasm linkage information is independent of turbofan and also used outside of the compiler directory. This CL splits off wasm-linkage.h (with minimal includes) and puts it in src/wasm. This allows to use that information without including compiler headers (will clean up several uses in follow-up CLs). R=mstarzinger@chromium.org, titzer@chromium.org Bug: v8:7570 Change-Id: Ifcae70b4ea7932cda30953b325c2b87c4176c598 Reviewed-on: https://chromium-review.googlesource.com/1013701Reviewed-by: Ben Titzer <titzer@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#52849}
-
Dan Elphick authored
Allocates almost all maps found in the start up snapshot into RO_SPACE. There are 2 JSObject maps that are excluded as they contain a mutable cell. Also updates VerifyReadOnlyPointers to check that RO_SPACE objects' maps are also in RO_SPACE. Previously the invariant did not hold for Strings which still had their maps in MAP_SPACE. Also moves invalid_prototype_validity_cell to RO_SPACE. RO_SPACE NEW_SPACE OLD_SPACE CODE_SPACE MAP_SPACE LO_SPACE old 22024 0 229184 32928 8184 0 new 31488 0 229184 32928 176 0 Bug: v8:7464 Change-Id: I870d22cc5234ba60b3ef8a2ada590ee6ae426c9f Reviewed-on: https://chromium-review.googlesource.com/1013494Reviewed-by: Hannes Payer <hpayer@chromium.org> Commit-Queue: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#52848}
-
sreten.kovacevic authored
Bug: v8:6600 Change-Id: I49b3180603651609ce575e540169f995587f9d88 Reviewed-on: https://chromium-review.googlesource.com/1032615 Commit-Queue: Sreten Kovacevic <sreten.kovacevic@mips.com> Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com> Cr-Commit-Position: refs/heads/master@{#52847}
-
Camillo Bruni authored
Bug: v8:7570 Change-Id: I74b482b670ce0e78dca012cbe8d9c2f65fdae5b9 Reviewed-on: https://chromium-review.googlesource.com/1030554 Commit-Queue: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#52846}
-
Dan Elphick authored
Removes new_target member and getter since none of the Array builtins in builtins-array-gen.* use it (since none of them are constructors). delete new_target getter and member variable Bug: v8:7570 Change-Id: Ia23af014750278d64447bb58171955d909fdb5a8 Reviewed-on: https://chromium-review.googlesource.com/1032556Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#52845}
-