- 23 Mar, 2022 25 commits
-
-
Shu-yu Guo authored
This reverts commit d9e1f2ae. Reason for revert: Linux test failures: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux/45960/overview Original change's description: > [wasm][liftoff] Spill regs for multi-value merges > > If there is more than one value in the merge region, a stack-to-stack > move can overwrite the source of a stack-to-register move. To avoid > this, spill all registers. > > R=clemensb@chromium.org > > Bug: chromium:1299183 > Change-Id: I10495434d0a18c9072ee3882e00a687edd8c592a > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3523044 > Reviewed-by: Clemens Backes <clemensb@chromium.org> > Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> > Cr-Commit-Position: refs/heads/main@{#79584} Bug: chromium:1299183 Change-Id: I465129695cfc1c5678923f7eefe5b91e31383798 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3546745 Auto-Submit: Shu-yu Guo <syg@chromium.org> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Commit-Queue: Shu-yu Guo <syg@chromium.org> Owners-Override: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/main@{#79585}
-
Thibaud Michaud authored
If there is more than one value in the merge region, a stack-to-stack move can overwrite the source of a stack-to-register move. To avoid this, spill all registers. R=clemensb@chromium.org Bug: chromium:1299183 Change-Id: I10495434d0a18c9072ee3882e00a687edd8c592a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3523044Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/main@{#79584}
-
Joyee Cheung authored
Since assignments to read-only private references can be skipped due to short-circuiting in logical assignments, we should not eagerly emit the error of invalid writes, and should instead load the values as usual, only emitting an error when the assignment happens, which can be handled by BytecodeGenerator::BuildAssignment(). Bug: v8:12680, v8:8330, v8:10372 Change-Id: Ia5fea9090bc48b0af8a9c8d6f95174f7aa2d86f8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3509298Reviewed-by: Shu-yu Guo <syg@chromium.org> Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Joyee Cheung <joyee@igalia.com> Cr-Commit-Position: refs/heads/main@{#79583}
-
Shu-yu Guo authored
ThinStrings always forward to internalized strings that have the same character contents and thus the same length. Change-Id: I5929d266f96b23029f4786baf993a431cf4ad38d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3541522Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/main@{#79582}
-
Michael Lippautz authored
Bug: v8:12672 Change-Id: Ib4f53086436e028b4ea32fbc960f57e91709d184 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3532256Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#79581}
-
Leszek Swirski authored
CreateInterpreterDataForDeserializedCode checks for bytecode, copies the InterpreterEntryTrampoline, and installs that and the bytecode on InterpreterData. However, the bytecode can be flushed when the IET is copied, which results in a failure to read it afterward. Add an IsCompiledScope to guard against this. As a drive-by, guard against baseline code being installed on the function. This shouldn't happen in normal execution, but could theoretically happen with some extra support for --always-sparkplug. Bug: chromium:1308178 Change-Id: Ia5e81b376bff2aaa19e9c6007242629ab8b0d4a8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3545171Reviewed-by: Leszek Swirski <leszeks@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#79580}
-
Camillo Bruni authored
Bug: chromium:11043 Change-Id: I0a0c9b1320b5fb65d48a5f3c8512c9b9cadb61c4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3545175 Commit-Queue: Camillo Bruni <cbruni@chromium.org> Auto-Submit: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#79579}
-
Toon Verwaest authored
Instead of manually ensuring checkpoints and marking that operations had side effects, do this in AddNewNode based on OpProperties. Bug: v8:7700 Change-Id: I1e2699af537056d066e7f919abe5e7479bd3af91 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3545174Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/main@{#79578}
-
Marja Hölttä authored
Bug: v8:11111,chromium:1306929 Change-Id: I26e4c5d7e87f75844e60952f30e8fe20189910c4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3535783Reviewed-by: Shu-yu Guo <syg@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/main@{#79577}
-
Shu-yu Guo authored
Change-Id: Ie74e9bb523463a4c9a0f23a1788246b376e08b14 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3543169Reviewed-by: Marja Hölttä <marja@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/main@{#79576}
-
Omer Katz authored
During sweeeping/compaction the bitmap is being reconstructed and should not be relied on for finding object start. Add a DCHECK that the bitmap is fully populated. Bug: chromium:1307471 Change-Id: I4aa414722262bb6fb169123a49fce1510a60d3ef Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3540680Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/main@{#79575}
-
David Sanders authored
Change-Id: Ia5066069304ae2eee442cd3e224c0c0c0816fd75 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3543179Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/main@{#79574}
-
Michael Lippautz authored
The code is dead since migrating to jobs API. Change-Id: Icdcc3523ffe5830ef5851cf4ea86e579841f543c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3540103Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#79573}
-
Michael Lippautz authored
The lookup is safe during executing pre-finalizers which requires that the GC is put in the atomic pause. Bug: chromium:1307471 Change-Id: I4e61573f5cadf2585daab24d73ad798004d54188 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3545173 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Auto-Submit: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/main@{#79572}
-
Marja Hölttä authored
Bug: v8:9237,chromium:1308360 Change-Id: I11e3c14a6cecb9d88a834711fb6252191494d5f7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3545172Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/main@{#79571}
-
Harshal Nandigramwar authored
Some edges are self looping because of incorrect `horizontalPos`. This is occuring because of an unexpected scenario caused due to incorrect calculation of `inputApproch` and `outputApproach`. And all of this is occuring because of insufficient distance between two nodes. An example of the problem is shown in the image: https://imgur.com/aAmnzaK. Change-Id: I056e1fbcc420ce65a3ae9201e187b22ad3fbaaba Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3535791Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/main@{#79570}
-
Victor Gomes authored
Bail if exception handler table is non-empty. Bug: v8:12726, v8:7700 Change-Id: I6c19d66cd02b0cef610733b802f04f72e1dd0d58 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3545170Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Victor Gomes <victorgomes@chromium.org> Auto-Submit: Victor Gomes <victorgomes@chromium.org> Cr-Commit-Position: refs/heads/main@{#79569}
-
Benedikt Meurer authored
Following up on https://crrev.com/c/3540145, this also changes local debug evaluate scripts to be marked as shared-cross-origin. Drive-by-fix: This also updates the test for global debug evaluate to use the official (debug) API instead of peaking into the V8 internals unnecessarily. Bug: chromium:1295750 Change-Id: Ief0bc76a4333671f8db761d1f6a5fb740aae698e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3541780Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/main@{#79568}
-
Victor Gomes authored
Bug: v8:7700 Change-Id: Icd9c0ce6fce727759beec246253dbd16756abc09 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3545166 Commit-Queue: Victor Gomes <victorgomes@chromium.org> Auto-Submit: Victor Gomes <victorgomes@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#79567}
-
Chengzhong Wu authored
Change-Id: Ic5e87457cd86b16ff1c6562a8fe0d474632e4a12 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3544998Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Chengzhong Wu <legendecas@gmail.com> Cr-Commit-Position: refs/heads/main@{#79566}
-
Victor Gomes authored
Bug: v8:7700 Change-Id: I5cd1a89aef9029752415b3b6b7bd124c5819024d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3541922 Auto-Submit: Victor Gomes <victorgomes@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#79565}
-
Nico Hartmann authored
This reverts commit aaedd8b7. Changes in the reland: The inital problem was caused by nodes that were removed during SL because they are no-ops but have an effect on typing (in the repro, this was e.g. PlainPrimitiveToNumber). The reland introdocues a new operator SLVerifierHint that is used exclusively in SL to provide hints to the verifier and that solves this problem. SLVerifierHint also replaces the previous use of TypeGuard to type constant nodes for the verifier. Bug: v8:12619, chromium:1302572 Change-Id: I0957645c03d8b7c26cd6d630a1ecbd0a6a8223ce Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3512574Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/main@{#79564}
-
Dominik Inführ authored
Bug: v8:12706 Change-Id: I01346cb069bd7a517384100f57ccc54a59fbfccf Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3541923Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/main@{#79563}
-
Victor Gomes authored
CallProperty IR has inputs 0 (function), 1 (context), and the remaining are variable according to the register count. Bug: v8:7700 Change-Id: Ie9d8785bd5c1ae878c664683f8ebcff4ce6c408a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3541924 Auto-Submit: Victor Gomes <victorgomes@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#79562}
-
Lu Yahan authored
Port b2978927 Bug: v8:12552 Change-Id: I73e76fc5cc8905a0fbfc801b2f794735866d19e8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3544725 Auto-Submit: Yahan Lu <yahan@iscas.ac.cn> Reviewed-by: ji qiu <qiuji@iscas.ac.cn> Commit-Queue: ji qiu <qiuji@iscas.ac.cn> Cr-Commit-Position: refs/heads/main@{#79561}
-
- 22 Mar, 2022 4 commits
-
-
Darius M authored
This is a reland of 6b690a6b. The previous version of this CL was a bit too aggressive in the duplication of branch conditions. This caused an increase in register pressure in some cases, thus reducing performance. In fact, duplicating branch conditions that require an "== 0" to be added provides no benefits. We are thus now a bit less aggressive, and only duplicate comparisons. Original change's description: > Reland [compiler] Simplify "==0" branches in MachineOperatorReducer > > This is a reland of 48b443f6. > > While fixing the initial CL, we stumbled upon a few bugs that > we had to fix: > > - CommonOperatorReducer and SimplifiedOperatorReducer were applied > before and after SimplifiedLowering, but always assumed that it > was before SimplifiedLowering, and thus had the wrong semantics > for branches in some cases. They now have an added parameter to > know which semantics of branch they should use. > > - The lowering of StaticAssert was wrong and could leave kHeapConstant > in the assert (instead of machine Booleans). > > Original change's description: > > [compiler] Simplify "==0" branches in MachineOperatorReducer > > > > Bug: v8:12484 > > Change-Id: I0667c7464c0dd71338bc199a24a69248a7a0a525 > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3497303 > > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > > Owners-Override: Tobias Tebbi <tebbi@chromium.org> > > Commit-Queue: Darius Mercadier <dmercadier@chromium.org> > > Cr-Commit-Position: refs/heads/main@{#79379} > > Bug: v8:12484 > Change-Id: Ibbf5df96fce5ccb04868dc517539479bf69f5703 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3516869 > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > Commit-Queue: Darius Mercadier <dmercadier@chromium.org> > Cr-Commit-Position: refs/heads/main@{#79528} Bug: v8:12484 Change-Id: I31f575a59811a83c7c1acb4c14bf5ded63a8f536 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3540102Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Darius Mercadier <dmercadier@chromium.org> Cr-Commit-Position: refs/heads/main@{#79560}
-
Junliang Yan authored
Drive-by: fix compilation error Change-Id: I418cd6d6aaff4bf21c86db39a300bc41240c27d6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3542987Reviewed-by: Milad Farazmand <mfarazma@redhat.com> Commit-Queue: Junliang Yan <junyan@redhat.com> Cr-Commit-Position: refs/heads/main@{#79559}
-
Junliang Yan authored
Change-Id: I892e94d465eb9bcea64eefbcccc99b48c4dd444a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3542986Reviewed-by: Milad Farazmand <mfarazma@redhat.com> Commit-Queue: Junliang Yan <junyan@redhat.com> Cr-Commit-Position: refs/heads/main@{#79558}
-
Liu Yu authored
Port commit b2978927 Fixed: v8:12552 Change-Id: Ic2fbded9a662ed840a0350e3ce049e147fbf03a0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3541527 Auto-Submit: Yu Liu <liuyu@loongson.cn> Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn> Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn> Cr-Commit-Position: refs/heads/main@{#79557}
-
- 21 Mar, 2022 11 commits
-
-
Milad Fa authored
Currently getting the following 2 errors: ``` error: reference to 'MarkingType' is ambiguous error: reference to 'SweepingType' is ambiguous ``` Change-Id: Ia50d1b5ea8af0fcc85acb9c0dc5cfae1956cec62 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3540624Reviewed-by: Shu-yu Guo <syg@chromium.org> Commit-Queue: Milad Farazmand <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/main@{#79556}
-
Darshan Sen authored
This fixes the following compiler warning: ``` src/compiler/backend/register-allocator-verifier.cc:365:19: warning: loop variable 'pair' of type 'const std::__1::pair<const v8::internal::compiler::InstructionOperand, v8::internal::compiler::Assessment *>' creates a copy from type 'const std::__1::pair<const v8::internal::compiler::InstructionOperand, v8::internal::compiler::Assessment *>' [-Wrange-loop-analysis] for (const auto pair : map()) { ^ src/compiler/backend/register-allocator-verifier.cc:365:8: note: use reference type 'const std::__1::pair<const v8::internal::compiler::InstructionOperand, v8::internal::compiler::Assessment *> &' to prevent copying for (const auto pair : map()) { ^~~~~~~~~~~~~~~~~ & ``` Signed-off-by: Darshan Sen <raisinten@gmail.com> Change-Id: Ifbaa85345d8dcdf56a68d194bba98d76878c96f3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3538286Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/main@{#79555}
-
Tobias Tebbi authored
Bug: chromium:1305925 Change-Id: I95dab2250ae60739a70c0d1f6ec30121d0ddcf8f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3537007Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/main@{#79554}
-
Victor Gomes authored
During a frame merge we call ForEachValue that "get"s every live register, including the virtual accumulator. That currently fails since we need to check if the register is the virtual accumulator and set/get the accumulator field in InterpreterFrameState. The virtual accumulator slot in RegisterFrameArray (the same as the return address in a live frame) is actually unused. So we can use this slot for the InterpreterFrameState's accumulator, instead of a separate field. Bug: v8:7700 Change-Id: Ife33946a4f9c58ca1f4eadeb587f9880f6fb2afc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3536648 Auto-Submit: Victor Gomes <victorgomes@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#79553}
-
Darius Mercadier authored
This reverts commit 6b690a6b. Reason for revert: causes a few regressions here https://chromeperf.appspot.com/group_report?rev=79528 Original change's description: > Reland [compiler] Simplify "==0" branches in MachineOperatorReducer > > This is a reland of 48b443f6. > > While fixing the initial CL, we stumbled upon a few bugs that > we had to fix: > > - CommonOperatorReducer and SimplifiedOperatorReducer were applied > before and after SimplifiedLowering, but always assumed that it > was before SimplifiedLowering, and thus had the wrong semantics > for branches in some cases. They now have an added parameter to > know which semantics of branch they should use. > > - The lowering of StaticAssert was wrong and could leave kHeapConstant > in the assert (instead of machine Booleans). > > Original change's description: > > [compiler] Simplify "==0" branches in MachineOperatorReducer > > > > Bug: v8:12484 > > Change-Id: I0667c7464c0dd71338bc199a24a69248a7a0a525 > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3497303 > > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > > Owners-Override: Tobias Tebbi <tebbi@chromium.org> > > Commit-Queue: Darius Mercadier <dmercadier@chromium.org> > > Cr-Commit-Position: refs/heads/main@{#79379} > > Bug: v8:12484 > Change-Id: Ibbf5df96fce5ccb04868dc517539479bf69f5703 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3516869 > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > Commit-Queue: Darius Mercadier <dmercadier@chromium.org> > Cr-Commit-Position: refs/heads/main@{#79528} Bug: v8:12484 Change-Id: I457464d793e9c5af8448564aa3b46be863b96fbb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3540148 Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Darius Mercadier <dmercadier@chromium.org> Cr-Commit-Position: refs/heads/main@{#79552}
-
Milad Fa authored
Port b2978927 Original Commit Message: This CL removes: - Dynamic map checks aka minimorphic property loads (TF support, builtins). - "Bailout" deopts (= drop to the interpreter once, but don't throw out optimized code). - "EagerWithResume" deopts (= part of dynamic map check functionality, we call a builtin for the deopt check and deopt or resume based on the result). R=jgruber@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com BUG= LOG=N Change-Id: I64476f73810774c2c592231d82c4a2cbfa2bf94e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3537881Reviewed-by: Junliang Yan <junyan@redhat.com> Commit-Queue: Milad Farazmand <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/main@{#79551}
-
Michael Lippautz authored
Access to the object start bitmap is only safe during marking until sweeping is started as the concurrent sweeper may clear and rebuild the bitmap at any time during sweeping. Adds a DCHECK and an additional test for a previously broken pre-finalizer scenario. Bug: chromium:1307471 Change-Id: If67ade43f7cdad6de4720c0efeac11bfe8c22b3c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3535782Reviewed-by: Nikolaos Papaspyrou <nikolaos@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#79550}
-
Benedikt Meurer authored
This way Blink will not sanitize error events coming from JavaScript entered via the DevTools console, and instead forward the original error event as-is, which is more likely to match the developers' expectations. Bug: chromium:1295750 Change-Id: Id02c048e4af21d0c232d8e44d11115f6b61c0bf1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3540145 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Auto-Submit: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/main@{#79549}
-
jameslahm authored
When cross realm invoke PromiseConstructor and realm not allowed to CrossRealmAccess, PromiseConstructor will silently return undefined, which will cause crash in ConstructJSWithTarget type cast, Change to throw type error when HasAccessCheck failed. Bug: v8:12705 Change-Id: I18f697a1897c31163dd60522db12449033419f9a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3521174Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#79548}
-
jameslahm authored
Originally, 'Promise()' without 'new' will throw "undefined is not a promise". Now it will throw "Promise constructor cannot be invoked without 'new'". Bug: v8:10817 Change-Id: Ic8b72a902ed395e44dbb32ccf96a2130a4a9422f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3459924Reviewed-by: Nikolaos Papaspyrou <nikolaos@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#79547}
-
Junliang Yan authored
Change-Id: I8b879b79bfa596f778c904e0e7f0c4c788407356 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3539463Reviewed-by: Milad Farazmand <mfarazma@redhat.com> Commit-Queue: Junliang Yan <junyan@redhat.com> Cr-Commit-Position: refs/heads/main@{#79546}
-