- 22 Feb, 2018 21 commits
-
-
jgruber authored
This avoids generation of duplicate strings. Especially debug builds suffer from this and generate 16000+ strings, mostly for CSA_ASSERT and CAST statements. Deduplicating these trims that down to roughly 1000 strings. Release builds are affected at a smaller scale. There, we have roughly 100 duplicate strings in the snapshot. Bug: v8:6666 Change-Id: I688d3b97431b8cea1e98983eab5f07278dae91a0 Reviewed-on: https://chromium-review.googlesource.com/931041Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#51472}
-
Benedikt Meurer authored
This reverts commit ccbbdb93. Reason for revert: https://logs.chromium.org/v/?s=chromium%2Fbb%2Fclient.v8%2FV8_Linux%2F23316%2F%2B%2Frecipes%2Fsteps%2FBisect_50a6e301%2F0%2Fsteps%2FRetry_-_nosse3%2F0%2Flogs%2FJSCallReducerTest.Mat..%2F0 Original change's description: > [turbofan] Disable speculation for JSCall nodes by default > > Change-Id: I7360601f4e1b419cf8d35480b068418bdd700be9 > Reviewed-on: https://chromium-review.googlesource.com/928649 > Commit-Queue: Sigurd Schneider <sigurds@chromium.org> > Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> > Cr-Commit-Position: refs/heads/master@{#51467} TBR=sigurds@chromium.org,bmeurer@chromium.org Change-Id: I5a1988902730be9e962b17a434251db82d834b98 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/931401Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#51471}
-
Ross McIlroy authored
Perf-sheriffs please revert if this causes any performance regressions. BUG= Change-Id: I39075482f3c85d69407d6d8e5643d94c1a4425c2 Reviewed-on: https://chromium-review.googlesource.com/461117Reviewed-by: Mythri Alle <mythria@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#51470}
-
Ross McIlroy authored
Previously GetSharedFunctionInfoForStreamedScript didn't either check the compilation cache or put the result of compilation into the compilation cache. This would mean future compiles would need to re-parse / compile the same script even if the isolate had already seen it. This CL fixes this. BUG=v8:5203 Change-Id: I421627b80848feb9884e2440c4ee66556e05b3c9 Reviewed-on: https://chromium-review.googlesource.com/924285 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Cr-Commit-Position: refs/heads/master@{#51469}
-
Sigurd Schneider authored
Bug: chromium:814336, v8:7250, v8:7340 Change-Id: I9345778cabf24f1278ca7364ef7e223038c5aeee Reviewed-on: https://chromium-review.googlesource.com/929121 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#51468}
-
Sigurd Schneider authored
Change-Id: I7360601f4e1b419cf8d35480b068418bdd700be9 Reviewed-on: https://chromium-review.googlesource.com/928649 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#51467}
-
Yang Guo authored
See https://github.com/nodejs/diagnostics/issues/170 R=franzih@chromium.org Change-Id: Iecc3bb27707b0d2afbb23fd9823d5cd4d725be6e Reviewed-on: https://chromium-review.googlesource.com/931102Reviewed-by: Franziska Hinkelmann <franzih@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#51466}
-
Yang Guo authored
R=jgruber@chromium.org Change-Id: I9def56aa65e742f24ecfc25a01b20389e8867dc2 Reviewed-on: https://chromium-review.googlesource.com/931061Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#51465}
-
Ulan Degenbaev authored
This patch adds EmbedderGraph::Node::NamePrefix method that will be used by Chrome for detached DOM nodes. Bug: chromium:811925 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: I89d3b88a3b90ed85addb1d34f08dd15e0559aa9a Reviewed-on: https://chromium-review.googlesource.com/926362 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Cr-Commit-Position: refs/heads/master@{#51464}
-
Clemens Hammacher authored
On ia32, we can encode the address of the stack limit in the operand directly, saving one mov instruction and reducing register pressure. R=titzer@chromium.org Bug: v8:6600 Change-Id: I2742efbfea16d56d648c233a2dba1d8672dc489d Reviewed-on: https://chromium-review.googlesource.com/930961 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Ben Titzer <titzer@chromium.org> Cr-Commit-Position: refs/heads/master@{#51463}
-
Peter Marshall authored
Bug: v8:7310 Change-Id: Ic9c96708d6f6319d71b7e3ecae5434fb1e8eb504 Reviewed-on: https://chromium-review.googlesource.com/928767 Commit-Queue: Peter Marshall <petermarshall@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#51462}
-
Peter Marshall authored
IterableToListCanBeElided checked that the input was always a HeapObject but this is not true when an iterator symbol is defined on the Number prototype, meaning Smi and HeapNumber can also be passed in. Added a regression test for the crash and some correctness tests for smi and double input to TA.from. Also factored out the tests in typedarray-from.js that modify global state e.g. protector cells, so that one iteration of the top level loop does not interfere with the next. Bug: chromium:814643 Change-Id: I364d11f011faf8370446f905a35a945d47e4477f Reviewed-on: https://chromium-review.googlesource.com/930962Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#51461}
-
sreten.kovacevic authored
Fix value of {kAvailableSpace} to prevent buffer growing. Bug: v8:6600 Change-Id: Ifc1c3e191929db9e20aa302b2f52d450fba54909 Reviewed-on: https://chromium-review.googlesource.com/930881 Commit-Queue: Sreten Kovacevic <sreten.kovacevic@mips.com> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#51460}
-
jgruber authored
For builtin and stub code targets, we can be a bit more descriptive and print their name along with the code kind. Before: 0x1fafde09c5cf code target (BUILTIN) (0x1fafde088280) 0x1fafde09c5f0 code target (STUB) (0x1fafde084060) After: 0x1fafde09c5cf code target (BUILTIN Abort) (0x1fafde088280) 0x1fafde09c5f0 code target (STUB CEntryStub) (0x1fafde084060) Bug: v8:6666 Change-Id: I27d205361748c6bae5e69e14f65efb7f85f23da7 Reviewed-on: https://chromium-review.googlesource.com/928766Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#51459}
-
Gabriel Charette authored
R=ulan@chromium.org Bug: chromium:812178 Change-Id: I35a727cb6c663bbd5f1beab98324e5d1b1ecf5c7 Reviewed-on: https://chromium-review.googlesource.com/918663 Commit-Queue: Gabriel Charette <gab@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#51458}
-
Erik Luo authored
This reverts commit ba5bac8c. Reason for revert: Breaks the build, needs investigation Original change's description: > [debug] add tests, mark side-effect-free (Typed)Array, WeakMap/Set fns > > Adds more whitelisted methods in debug-evaluate for: > Array, TypedArray, ArrayBuffer, DataView, WeakMap, WeakSet > > Bug: chromium:810176 > Change-Id: I502776ad3191ccc2a355e5684b5f885a5f58d186 > Reviewed-on: https://chromium-review.googlesource.com/923414 > Reviewed-by: Yang Guo <yangguo@chromium.org> > Commit-Queue: Erik Luo <luoe@chromium.org> > Cr-Commit-Position: refs/heads/master@{#51456} TBR=yangguo@chromium.org,luoe@chromium.org Change-Id: I864e5747fa3277e27feffba08a50c8c241291f41 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:810176 Reviewed-on: https://chromium-review.googlesource.com/929922Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Erik Luo <luoe@chromium.org> Cr-Commit-Position: refs/heads/master@{#51457}
-
Erik Luo authored
Adds more whitelisted methods in debug-evaluate for: Array, TypedArray, ArrayBuffer, DataView, WeakMap, WeakSet Bug: chromium:810176 Change-Id: I502776ad3191ccc2a355e5684b5f885a5f58d186 Reviewed-on: https://chromium-review.googlesource.com/923414Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Erik Luo <luoe@chromium.org> Cr-Commit-Position: refs/heads/master@{#51456}
-
Ulan Degenbaev authored
The crash happens while adding an embedder edge. The |from| heap entry can be invalidated when the |to| heap entry is added to the snapshot. This happens because heap entries are pointers into the std::vector backing store. Bug: chromium:813515 Change-Id: I6a61bb3fc383a272887925c5da163766d23a0606 Reviewed-on: https://chromium-review.googlesource.com/926525 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Alexei Filippov <alph@chromium.org> Cr-Commit-Position: refs/heads/master@{#51455}
-
Sathya Gunasekaran authored
Bug: v8:5368 Change-Id: I3eb8612dec80f7f613d0f4a7c13913e65ecfa41e Reviewed-on: https://chromium-review.googlesource.com/930706Reviewed-by: Mathias Bynens <mathias@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#51454}
-
v8-autoroll authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/3206b7c..b3523c3 Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/7ae2122..d2d530b Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/a695c30..c29e3d7 TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org Change-Id: Ie664631804df932cc3af3a09f7543e55aaa6d8a5 Reviewed-on: https://chromium-review.googlesource.com/930403Reviewed-by: v8 autoroll <v8-autoroll@chromium.org> Commit-Queue: v8 autoroll <v8-autoroll@chromium.org> Cr-Commit-Position: refs/heads/master@{#51453}
-
Sathya Gunasekaran authored
Private fields should not return undefined on access miss, but instead should throw a TypeError. This patch uses a bit on v8::Symbol to mark if this symbol is a private field or not. This patch also changes the LookupIterator code path that deals with LookupIterator::State::DATA to deal with JSReceiver instead of JSObject. Note: the error message doesn't output the field name, but that's a WIP. Bug: v8:5368 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: I8ae960b478eb6ae1ebf9bc90658ce3654d687977 Reviewed-on: https://chromium-review.googlesource.com/905627 Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Cr-Commit-Position: refs/heads/master@{#51452}
-
- 21 Feb, 2018 19 commits
-
-
Junliang Yan authored
R=joransiu@ca.ibm.com Change-Id: I1377d90de81eb5f0ecfe9318c3126f55fb36cac2 Reviewed-on: https://chromium-review.googlesource.com/929753Reviewed-by: Joran Siu <joransiu@ca.ibm.com> Commit-Queue: Junliang Yan <jyan@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#51451}
-
Michael Achenbach authored
This reverts commit a7c78631. Reason for revert: https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/21788 See: https://github.com/v8/v8/wiki/Blink-layout-tests Original change's description: > [debuger/deoptimizer] Remove GC invocation > > This CL removes a GC invocation which might not be needed anymore. > > Change-Id: I27c57936677ba2ec0bc32588c485a2c3b6ffed01 > Reviewed-on: https://chromium-review.googlesource.com/928241 > Reviewed-by: Yang Guo <yangguo@chromium.org> > Commit-Queue: Sigurd Schneider <sigurds@chromium.org> > Cr-Commit-Position: refs/heads/master@{#51428} TBR=yangguo@chromium.org,sigurds@chromium.org Change-Id: Ifff9fdd060f7792208dfa01901836a1845b67bde No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/929661Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#51450}
-
Sathya Gunasekaran authored
Bug: v8:5368 Change-Id: I7c4f9101837a0bf4917bbb0c2f09587118168a02 Reviewed-on: https://chromium-review.googlesource.com/923362 Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#51449}
-
Michael Achenbach authored
NOTRY=true TBR=petermarshall@chromium.org Bug: v8:7466 Change-Id: I1ac9735ee130c43cebf56f8b69528429c47a42f6 Reviewed-on: https://chromium-review.googlesource.com/929586Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#51448}
-
Gabriel Charette authored
Fine grain events are showing that LiveObjectVisitor::VisitBlackObjectsNoFail is the suspiciously slow step, breaking it down further. https://docs.google.com/document/d/1bdlWAWeP3j2yo2DYfeok6URqFCrt57yx-nucGMybGGQ/edit#heading=h.97pqg2eosnw8 https://drive.google.com/file/d/1FKZHkXtWK2fZCk_3PClPcbpzKilnbuOr/view R=mlippautz@chromium.org Bug: chromium:813824 Change-Id: Idcebcbb268d3e00f5f1e304c66564b4b9c85a064 Reviewed-on: https://chromium-review.googlesource.com/929161Reviewed-by: Hannes Payer <hpayer@chromium.org> Commit-Queue: Gabriel Charette <gab@chromium.org> Cr-Commit-Position: refs/heads/master@{#51447}
-
Nico Weber authored
https://chromium-review.googlesource.com/911731 made things build with this on x64, and https://chromium-review.googlesource.com/923528 added x86, arm, arm64, mips, mips64. This are all the configs covered by v8's trybots. If this breaks yet another config I don't know about, these two CLs should give you a good idea how to fix them. Bug: chromium:812686 Change-Id: Ib9a9714a070dd876a8f5911a1bc974ffd7aa3995 Reviewed-on: https://chromium-review.googlesource.com/928842 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#51446}
-
Clemens Hammacher authored
Crankshaft is gone, and this function is not used anywhere. R=mstarzinger@chromium.org Bug: v8:7310,v8:6408 Change-Id: Ic1f859e659008c891cc35d20e95a8214de42bd21 Reviewed-on: https://chromium-review.googlesource.com/928981Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#51445}
-
Ross McIlroy authored
Replace bitwise arithmetic with conditional move / select instructions on ia32, x64, Arm and Arm64. In local tests this improves --noopt Ignition performance by between 2-5%. BUG=chromium:798964 Change-Id: I82832e5d28469a574a575119c1a665b5c2c93bb2 Reviewed-on: https://chromium-review.googlesource.com/916561 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/master@{#51444}
-
Ross McIlroy authored
The compilation logic never used the saved FeedbackVector for Script compiles when looking up the CompilationCache, so remove it and simplify the return value of LookupScript to be a MaybeHandle<SharedFunctionInfo> Change-Id: Ib1d833f997b299e2e79621bd8509bdfd911d4e10 Reviewed-on: https://chromium-review.googlesource.com/924002 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/master@{#51443}
-
Sigurd Schneider authored
Bug: v8:7310 Change-Id: I54f16a65d478d65cb7df611626397376df22a975 Reviewed-on: https://chromium-review.googlesource.com/928702Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#51442}
-
Andreas Haas authored
This is a first testing CL to add tests for mjsunit assertions to the message tests. R=clemensh@chromium.org Bug: v8:7310 Change-Id: Ibbeafebb116f9608c70687f141986ab4534c6b2a Reviewed-on: https://chromium-review.googlesource.com/803555Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#51441}
-
Clemens Hammacher authored
They were disabled for some reason, but they are working, so reenable them. R=titzer@chromium.org Change-Id: I24cab05d01060b9eae3d6191a978cdb04daf626b Reviewed-on: https://chromium-review.googlesource.com/928648Reviewed-by: Ben Titzer <titzer@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#51440}
-
sreten.kovacevic authored
Refactor existing and add new Move instructions that get uint32_t and uint64_t to prevent compiler to set quiet-nan on passing float and double by value. Change-Id: I544e98e1bb288666140a3b1d2437b31d9e36ca55 Reviewed-on: https://chromium-review.googlesource.com/928722 Commit-Queue: Sreten Kovacevic <sreten.kovacevic@mips.com> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com> Cr-Commit-Position: refs/heads/master@{#51439}
-
Ross McIlroy authored
Unifies GetSharedFunctionForStreamedScript with GetSharedFunctionForScript so that both share a more similar API and some common code can be moved to common helpers. Introduces a Compiler::ScriptDetails struct to hold script meta-data used to build new script objects. BUG=v8:5203 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: I3e6b4cd50da9bb92ef5a2bfd666a09b3619c34a4 Reviewed-on: https://chromium-review.googlesource.com/924189 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#51438}
-
Nico Weber authored
x86, arm, arm64: no change in behavior mips, mips64: disasm-mips(64).cc grows an UNREACHABLE that's maybe optimistic (but if it's not true, then that looks like a current unintentional fallthrough at that spot) test-js-typed-lowering.cc: looks like a clear bug, but test-only code Follow-up to https://chromium-review.googlesource.com/c/v8/v8/+/911731 which did this for x64. Doesn't turn on the warning yet. Bug: chromium:812686 Change-Id: I7dd79c9885c90f41dd7e3a595256a954ab0ae643 Reviewed-on: https://chromium-review.googlesource.com/923528Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Ben Titzer <titzer@chromium.org> Commit-Queue: Nico Weber <thakis@chromium.org> Cr-Commit-Position: refs/heads/master@{#51437}
-
Sathya Gunasekaran authored
Bug: v8:5368 Change-Id: I92874d5ea190cd892f3cb5216e0f4bb5373d5350 Reviewed-on: https://chromium-review.googlesource.com/927345Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#51436}
-
Peter Marshall authored
Bug: v8:7310 Change-Id: Ia14a5ce3d675be745c71ec3994f3ef58ba9e995b Reviewed-on: https://chromium-review.googlesource.com/928764Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#51435}
-
jgruber authored
This is a step towards off-heap (and eventually isolate-independent) builtins. Off-heap code cannot use the standard CallStub/CallRuntime mechanisms, since they directly embed the callee code object pointer within the caller. There are two main issues with that: 1. the callee may be moved by GC, and 2. the pc-relative addressing we currently use breaks (i.e. ends up pointing to a random spot on the heap) when moving the caller off-heap. This CL addresses that by introducing a constants list stored on the roots array. Instead of embedding code targets, we now have the option of loading them from constants list. The code sequence is: REX.W movq rax,[r13+0x4a0] // Load the constants cache. REX.W movq rdx,[rax+0xf] // From there, load the code target. ... REX.W addq rdx,0x5f // Add instruction_start. call rdx There's no visible performance impact on the web tooling benchmark. This list will later be extended to also contain other constants such as Strings. Bug: v8:6666 Change-Id: Ifcf67d1f682804ba0b6d3d0383216e16575b6bf5 Reviewed-on: https://chromium-review.googlesource.com/923729 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#51434}
-
Ben Noordhuis authored
Make --max_old_space_size and friends work with values >= 2**31. Such values did not work reliably (or sometimes not all) due to signed integer overflow in size computations, which is UB. Fixes https://github.com/nodejs/node/issues/18786. Bug: chromium:814138 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: Ibe23cef2417fd5b4a727022b8b0d4b50f1417182 Reviewed-on: https://chromium-review.googlesource.com/927063 Commit-Queue: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#51433}
-