- 11 Jan, 2019 13 commits
-
-
Clemens Hammacher authored
In the degenerate case where we wanted to emit {x = x - x} (where {x} is any register), ia32 and x64 generated wrong code (producing {-x + -x} instead). Fix this by special casing this case. R=ahaas@chromium.org Bug: chromium:919308 Change-Id: I9cd9818d2a678450ac6530107e7a5cbb625ddb8d Reviewed-on: https://chromium-review.googlesource.com/c/1405029 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#58731}
-
Leszek Swirski authored
Change-Id: I021776d10dd8ef4bf406f286ee233aff9680a0ec Reviewed-on: https://chromium-review.googlesource.com/c/1384315 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#58730}
-
Jakob Kummerow authored
Found by mjsunit/numops-fuzz-part* tests in stress mode. Bug: v8:3770 Change-Id: I598885b37624660dabb90f55529615b872d10d93 Reviewed-on: https://chromium-review.googlesource.com/c/1405313Reviewed-by: Ben Titzer <titzer@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#58729}
-
Mike Stanton authored
Also fix an issue with naming in Array.prototype.filter that wasn't addressed before. Change-Id: I7465eda12e6981f46f6efa2efc81183cbdffea01 Reviewed-on: https://chromium-review.googlesource.com/c/1400847 Commit-Queue: Michael Stanton <mvstanton@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#58728}
-
Michael Starzinger authored
R=clemensh@chromium.org Change-Id: I48bfae1dbbfaafb1cadad8d3cbbc921c53801f8c Reviewed-on: https://chromium-review.googlesource.com/c/1405857Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#58727}
-
Stephan Herhut authored
This change makes it less likely to pick one of the registers that are not byte addressable on ia32. This is not a correctness issue but fixes some code size and runtime regressions. After the change to prefer registers that are not used in hinting, it was very likely that one of the registers that are not byte addressable was chosen, leading to extra code in cases where the carry flags was materialized as a real boolean value. With this change, we pick the first register that is not used in hinting, thereby mostly using byte addressable registers on ia32. Change-Id: I42968cf3fd7b7db949d275c40d0afeb74b5e48c3 Reviewed-on: https://chromium-review.googlesource.com/c/1404450Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Stephan Herhut <herhut@chromium.org> Cr-Commit-Position: refs/heads/master@{#58726}
-
Clemens Hammacher authored
This avoids having to update either the source code or the generated test cases each year. R=ahaas@chromium.org Change-Id: I33fb85dc4ae7d45f8d05d982e0285d6fd3008a26 Reviewed-on: https://chromium-review.googlesource.com/c/1405032Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#58725}
-
Clemens Hammacher authored
i64 values can be up to 20 characters long (19 + sign), plus we need one character for the terminating null character. Thus the previous 18 needs to be increased to 21. Also extend the test to check the longest possible i64 values. R=ahaas@chromium.org CC=kozyatinskiy@chromium.org Bug: v8:8644 Change-Id: Ia9458db162a55dd57b5e8bc7cf7db73c3bab4734 Reviewed-on: https://chromium-review.googlesource.com/c/1404443Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#58724}
-
Clemens Hammacher authored
In {Assembler::and_} we might need to use the scratch register. Thus use a free LiftoffRegister instead to emit i32 popcnt. R=ahaas@chromium.org CC=george.wort@arm.com Bug: chromium:918284 Change-Id: Ia814899bf6e33dd4989fd09329542b4bc09b48df Reviewed-on: https://chromium-review.googlesource.com/c/1405036Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#58723}
-
tzik authored
As a follow-up of https://crrev.com/c/1372857 that repordered the parameters of JSEntry, this CL updates JSEntry for MIPS64 for new ordering. Bug: v8:8124 Change-Id: Ia7efab0e22e48cfe36420654bd2b724986202027 Reviewed-on: https://chromium-review.googlesource.com/c/1406528Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Taiju Tsuiki <tzik@chromium.org> Cr-Commit-Position: refs/heads/master@{#58722}
-
tzik authored
As a follow-up of https://crrev.com/c/1372857 that repordered the parameters of JSEntry, this CL updates JSEntry for MIPS for new ordering. Bug: v8:8124 Change-Id: Ic7f22a4f59b1c15a959a3249b4f13cd8f3f1c331 Reviewed-on: https://chromium-review.googlesource.com/c/1405166Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Taiju Tsuiki <tzik@chromium.org> Cr-Commit-Position: refs/heads/master@{#58721}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/7b20546..26535fd Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/79517a0..0cc5823 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/b1be378..80a1cf6 Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/35ea2f3..8a781d8 TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org Change-Id: I82006eda723ee9b277f0c3fd4f999e541554ced0 Reviewed-on: https://chromium-review.googlesource.com/c/1405466Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#58720}
-
Deepti Gandluri authored
This is a reland of 8f83fd0a Original change's description: > [wasm] Fix SIMD boolean reductions on Intel > > - Both AllTrue/AnyTrue values should return boolean 0/1 > instead of 0xffffffff to match Spec/Toolchain > - Fix AllTrue implementation to be correct > - Add unit tests to spot check return values as the > cumulative test can coerce some return values to True/False > > Change-Id: I84eb73c915414c9ec290e73f1306404ceff729f0 > Bug: v8:8636 > Reviewed-on: https://chromium-review.googlesource.com/c/1404197 > Reviewed-by: Bill Budge <bbudge@chromium.org> > Commit-Queue: Deepti Gandluri <gdeepti@chromium.org> > Cr-Commit-Position: refs/heads/master@{#58715} Bug: v8:8636 Change-Id: Ifc438d7b64bf5d461cc848851165665104fe57d0 Reviewed-on: https://chromium-review.googlesource.com/c/1405909Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Deepti Gandluri <gdeepti@chromium.org> Cr-Commit-Position: refs/heads/master@{#58719}
-
- 10 Jan, 2019 27 commits
-
-
Caitlin Potter authored
Enable --harmony-object-from-entries by default. Object.fromEntries is a new standard library method, whose proposal (https://tc39.github.io/proposal-object-from-entries/) is currently at stage 3. It simply creates a JSObject from an iterable collection of key/value pairs, such that `Object.fromEntries([ [ "a", "b" ] ]) -> { a: "b" }` BUG=v8:8021 R=gsathya@chromium.org, adamk@chromium.org Change-Id: I75787fce7ab06704be989576e7850d029ff4c1bf Reviewed-on: https://chromium-review.googlesource.com/c/1397914 Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#58718}
-
Frank Tang authored
see spec change in https://github.com/tc39/ecma402/pull/278/ Bug: v8:8398 Change-Id: If5582f96d6dc3debdccb466d3d239efa52bbbf06 Reviewed-on: https://chromium-review.googlesource.com/c/1404436 Commit-Queue: Frank Tang <ftang@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#58717}
-
Michael Achenbach authored
This reverts commit 8f83fd0a. Reason for revert: Seems to break older intel chips: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20debug/23954 Original change's description: > [wasm] Fix SIMD boolean reductions on Intel > > - Both AllTrue/AnyTrue values should return boolean 0/1 > instead of 0xffffffff to match Spec/Toolchain > - Fix AllTrue implementation to be correct > - Add unit tests to spot check return values as the > cumulative test can coerce some return values to True/False > > Change-Id: I84eb73c915414c9ec290e73f1306404ceff729f0 > Bug: v8:8636 > Reviewed-on: https://chromium-review.googlesource.com/c/1404197 > Reviewed-by: Bill Budge <bbudge@chromium.org> > Commit-Queue: Deepti Gandluri <gdeepti@chromium.org> > Cr-Commit-Position: refs/heads/master@{#58715} TBR=bbudge@chromium.org,gdeepti@chromium.org Change-Id: I0eba24e0fe5215c1f8f377776692db245239e134 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:8636 Reviewed-on: https://chromium-review.googlesource.com/c/1405321Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#58716}
-
Deepti Gandluri authored
- Both AllTrue/AnyTrue values should return boolean 0/1 instead of 0xffffffff to match Spec/Toolchain - Fix AllTrue implementation to be correct - Add unit tests to spot check return values as the cumulative test can coerce some return values to True/False Change-Id: I84eb73c915414c9ec290e73f1306404ceff729f0 Bug: v8:8636 Reviewed-on: https://chromium-review.googlesource.com/c/1404197Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Deepti Gandluri <gdeepti@chromium.org> Cr-Commit-Position: refs/heads/master@{#58715}
-
Jaroslav Sevcik authored
If feedback for call site frequency is 0, then the combined frequency is still 0, even if the current function invocation count is infinity. Bug: chromium:919754 Change-Id: I97be096b6b38f934fb13f01b2b22e148c539e1c0 Reviewed-on: https://chromium-review.googlesource.com/c/1404445Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#58714}
-
Mike Stanton authored
If a species constructor is installed, filter() needs to loop over the elements of the array in the "slow" way, because it doesn't know the ElementsKind of the output array. The code failed to bail out to the slow case for the loop right away on discovering this. Bug: chromium:920184, chromium:920491 Change-Id: I74496db20a90807b631c1bebe7604d85b199df67 Reviewed-on: https://chromium-review.googlesource.com/c/1405035Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/master@{#58713}
-
Ulan Degenbaev authored
The concurrent marker can now process all objects. This patch also eagerly visits the objects that undergo layout changes. This is because previously such objects were pushed onto the bailout worklist, which is gone now. To preserve the incremental step accounting, the patch introduces a new GC tracer scope called MC_INCREMENTAL_LAYOUT_CHANGE. Bug: v8:8486 Change-Id: Ic1c2f0d4e2ac0602fc945f3258af9624247bd65f Reviewed-on: https://chromium-review.googlesource.com/c/1386486 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#58712}
-
Clemens Hammacher authored
Use the right register type for the temporary register. R=titzer@chromium.org Bug: v8:6600, chromium:917588 Change-Id: Ia2617f6b406924ca7f496608fd495faf04dff25b Reviewed-on: https://chromium-review.googlesource.com/c/1403127Reviewed-by: Ben Titzer <titzer@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#58711}
-
Michael Starzinger authored
This changes WebAssembly runtime stub compilation to no longer require an Isolate parameter. Such stubs are shared between Isolates and hence must be independent of the concrete Isolate anyways. Also we will soon generate such stubs from background tasks, where we should not pass an Isolate parameter either. R=clemensh@chromium.org CC=jkummerow@chromium.org Change-Id: Id9de46cae3fb77946d745a4aeadccac50f6e8350 Reviewed-on: https://chromium-review.googlesource.com/c/1405039Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#58710}
-
Stephan Herhut authored
Removed the static field and made it an instance field on the BundleBuilder. Change-Id: I58a9f4a744654b262a3e47e6873baffb537eb21b Reviewed-on: https://chromium-review.googlesource.com/c/1404444Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Stephan Herhut <herhut@chromium.org> Cr-Commit-Position: refs/heads/master@{#58709}
-
Camillo Bruni authored
Using a single bit in the inner function description preparse data of the parent function we can avoid storing many NULL values for empty inner function data. This saves roughly 40KB out of 140KB PreparseScopeData on cnn.com. Change-Id: Ib6019a8ceb99e772b398198074e171f635c0556e Reviewed-on: https://chromium-review.googlesource.com/c/1405038 Commit-Queue: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#58708}
-
Toon Verwaest authored
Keep track of loop nesting depth on FunctionState and use that to decide whether to mark var as assigned. That also fixes the weird cornercase where a loop body can have multiple expressions due to multiple declarations with independent initializers in a single var-statement. Change-Id: Ia24affde29e22e9464448fd390062f6dd983faf2 Reviewed-on: https://chromium-review.googlesource.com/c/1405037Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#58707}
-
Leszek Swirski authored
For desrtucturing assignments from null/undefined, we throw an error that references the destructuring object literal's property name, e.g. for var { x } = null; we report that we cannot destructure 'x' from null. Rather than calculating this property during bytecode generation (and including it in the bytecode as an argument to the type error constructor), we can calculate it at exception throwing time, by re-parsing the source in a similar way to the existing call site rendering. This slightly decreases bytecode size and slightly decreases the amount of work the bytecode compiler needs to do. In the future, it could also allow us to give more detailed error messages, as we now have access to the entire AST and are on the slow path anyway. Bug: v8:6499 Change-Id: Icdbd4667db548b4e5e62ef97797a3771b5c1bf72 Reviewed-on: https://chromium-review.googlesource.com/c/1396080Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#58706}
-
Toon Verwaest authored
Change-Id: I3acb492f1b9930e574bfbad063f54b20eab26bf1 Reviewed-on: https://chromium-review.googlesource.com/c/1405033Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#58705}
-
Daniel Clifford authored
Class declarations support structured heap data that is a subtype of HeapObject. Only fields of Object subtypes (both strong and weak) are currently supported (no scalar fields yet). With this CL, both the field list macro used with the C++ DEFINE_FIELD_OFFSET_CONSTANTS macro (to make field offset constants) as well as the Torque "operator '.field'" macros are generated for the classes declared in Torque. This is a first step to removing the substantial amount of duplication and boilerplate code needed to declare heap object classes. As a proof of concept, and handful of class field definitions, including those for non trivial classes like JSFunction, have been moved to Torque. Bug: v8:7793 Change-Id: I2fa0b53db65fa6f5fe078fb94e1db3418f908753 Reviewed-on: https://chromium-review.googlesource.com/c/1373971 Commit-Queue: Daniel Clifford <danno@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#58704}
-
Andreas Haas authored
Originally, the NativeModule and the WasmModuleObject were created together, and the streaming decoder was notified after the WasmModuleObject was created. A recent CL (https://crrev.com/c/1402544), however, changed that. The NativeModule gets created before compilation starts, the WasmModuleObject, however, gets created after compilation. The streaming decoder only needs the NativeModule to register a callback before compilation. Therefore this CL we change the notification of the streaming decoder to receive only the NativeModule, not the WasmModuleObject, before starting compilation. R=clemensh@chromium.org CC=bbudge@chromium.org Bug: chromium:719172 Change-Id: I4ad879e4ebd2d88174d7e2a0c6359f2836926763 Reviewed-on: https://chromium-review.googlesource.com/c/1404442 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#58703}
-
Jakob Kummerow authored
Bug: v8:3770 Change-Id: I59d73ef672e64fd722317c84afc6bc5cb387f5b1 Reviewed-on: https://chromium-review.googlesource.com/c/1404448Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#58702}
-
Jakob Kummerow authored
Mostly signed integer overflows, and a few cases of double division by zero (which is defined by IEEE-754 to return Infinity (or NaN for 0/0) but is UB in C++). In base/ieee754.cc, use constants for NaN and Infinity instead of computing these values. In spaces-unittest.cc, ensure that a large enough allocation is used. Bug: v8:3770 Change-Id: I50d9a77dc860ef9993b7b269a5f8c117b0f62f9d Reviewed-on: https://chromium-review.googlesource.com/c/1403454 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#58701}
-
Jakob Kummerow authored
Pipeline::GenerateCodeForWasmNativeStub() currently does not pass an Isolate to the PipelineData it creates, to ensure that compiled code does not accidentally depend on a given Isolate. However, this prevents the assembler from converting ExternalReference accesses to RootArray offsets. This patch sets the corresponding AssemblerOption. Bug: v8:3770 Change-Id: Ia4d5269e2e884a0af8abc6d122734f47db045ac0 Reviewed-on: https://chromium-review.googlesource.com/c/1404447Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#58700}
-
Sami Kyostila authored
Since all categories are now statically defined, there's no need to warm any of them up explicitly in order for the categories to show up in the tracing UI. Depends on https://chromium-review.googlesource.com/c/chromium/src/+/1401273. Bug: chromium:914579 Change-Id: I8ae8977130ae89d6ee3351194ad258d13f3c14f4 Reviewed-on: https://chromium-review.googlesource.com/c/1402779Reviewed-by: Alexei Filippov <alph@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Sami Kyöstilä <skyostil@chromium.org> Cr-Commit-Position: refs/heads/master@{#58699}
-
Toon Verwaest authored
This will make it easier to separate out parameter declaration from other other parameter scope information tracking. Change-Id: I8712dd7fc589c84bc1e1a1eab9038af6047b21cd Reviewed-on: https://chromium-review.googlesource.com/c/1403118 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#58698}
-
Jakob Gruber authored
This reverts commit 5dee355f. Reason for revert: https://ci.chromium.org/p/v8-internal/builders/luci.v8-internal.ci/v8_linux64_perf_1/4282 Original change's description: > [test] add perf tests for String.p.startsWith > > Add performance tests for String.prototype.startsWith ahead of port to > torque in order to keep track of how performance is affected. > > Bug: v8:8400 > Change-Id: Ifc753a6f13da20c1760e545a99fd693717e3acc6 > Reviewed-on: https://chromium-review.googlesource.com/c/1402934 > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/master@{#58685} TBR=jgruber@chromium.org,usharma1998@gmail.com Change-Id: I5855b08fa5e55ab8594185a0a84a26f567e2b9d3 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:8400 Reviewed-on: https://chromium-review.googlesource.com/c/1404446Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#58697}
-
Jakob Kummerow authored
Mostly signed integer overflows, and a few cases of double division by zero (which is defined by IEEE-754 to return Infinity (or NaN for 0/0) but is UB in C++). Bug: v8:3770 Change-Id: Id92725b0ac57cb357978124a3dc6f477430bc97d Reviewed-on: https://chromium-review.googlesource.com/c/1403133 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#58696}
-
Leszek Swirski authored
The 'done' setting dance in BuildFillArrayWithIterator turned out to not be useful, as the StoreInArrayLiteral call could not ever throw an exception. Since iterator exceptions count as done, we are guarnteed to be done as soon as we enter the loop. Change-Id: Ibe2ba1fcbe383bfcfedb185169890b6931cc7884 Reviewed-on: https://chromium-review.googlesource.com/c/1402792 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#58695}
-
Leszek Swirski authored
The IteratorClose spec specifies that exceptions in %GetMethod(iterator.return) are not suppressed by exceptions in the given continuation (body of a loop, assignments in destructuring), while exceptions in the execution of iterator.return() are. This means that we have to split out the property access + a typeof check to be outside the try-catch, and keep the call inside of it. The non-split version is only for cases when there is no 'throws' continuation (as is the case for yield* calling IteratorClose), so the existing BuildIteratorClose can be renamed to reflect this. Change-Id: Id71aea4fddd6ffb986bd9aaa09d29615a8800f71 Reviewed-on: https://chromium-review.googlesource.com/c/1402789Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#58694}
-
Jakob Kummerow authored
Mostly signed integer overflows, and a few cases of double division by zero (which is defined by IEEE-754 to return Infinity (or NaN for 0/0) but is UB in C++). Bug: v8:3770 Change-Id: I8007987594ff534ca697c1c3247215a72a001343 Reviewed-on: https://chromium-review.googlesource.com/c/1403132 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Ben Titzer <titzer@chromium.org> Cr-Commit-Position: refs/heads/master@{#58693}
-
Jakob Gruber authored
This CL disables RX (read and execute) permissions for Code memory when in jitless mode. All memory that was previously allocated RX is now read-only. Bug: v8:7777 Cq-Include-Trybots: luci.v8.try:v8_linux_arm_lite_rel_ng Change-Id: I52d6ed785d244ec33168a02293c5506d26f36fe8 Reviewed-on: https://chromium-review.googlesource.com/c/1390122 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#58692}
-