- 21 Jun, 2017 14 commits
-
-
Michael Starzinger authored
This switches all uses of the patching {ToBooleanICStub} over to the existing and non-patching {ToBoolean} CSA-builtin, and removes some supporting code. R=verwaest@chromium.org BUG=v8:6408 Change-Id: Iab60c95e6b54e426408390e056b679f6227e7ce0 Reviewed-on: https://chromium-review.googlesource.com/539576Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#46089}
-
Michael Starzinger authored
R=jarin@chromium.org Change-Id: I0cf5eb57b0f1528f08bc47b3bfddced5cff1abf2 Reviewed-on: https://chromium-review.googlesource.com/543118Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#46088}
-
bmeurer authored
Add a new JSConstructWithArrayLike operator that is backed by the ConstructWithArrayLike builtin (similar to what was done before for the JSCallWithArrayLike operator), and use that operator to optimize Reflect.construct inlining in TurboFan. This is handled uniformly with JSConstructWithSpread in the JSCallReducer. Also add missing test coverage for Reflect.construct in optimized code, especially for some interesting corner cases. R=petermarshall@chromium.org BUG=v8:4587,v8:5269 Review-Url: https://codereview.chromium.org/2949813002 Cr-Commit-Position: refs/heads/master@{#46087}
-
Michael Starzinger authored
This addresses a TODO about the correct location of the helper function in question, it is now internal to TurboFan instead of being shared. R=jarin@chromium.org Change-Id: I7e6112e9bc9759255a416fa2e2a9f92a8e4248c8 Reviewed-on: https://chromium-review.googlesource.com/542840Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#46086}
-
Michael Lippautz authored
- Iterator advancing is kept mainly unchanged. - The iterator stores the size of the object which is to be used by the caller in follow ups. This way we might be able to avoid further out of line loads. - The iteartor follows the regular std conventions allowing range based loops. Bug: chromium:651354 Change-Id: I8928224a62d3a48a48145a2d00279a28608bc634 Reviewed-on: https://chromium-review.googlesource.com/543335 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#46085}
-
Michael Lippautz authored
Bug: Change-Id: I0e49aec183cfb5cd71f82862718cdbc62add0247 Reviewed-on: https://chromium-review.googlesource.com/543038Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#46084}
-
Michael Starzinger authored
R=verwaest@chromium.org Change-Id: I39921052ddf0934f1a626f3e1e458280475ae265 Reviewed-on: https://chromium-review.googlesource.com/539515Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#46083}
-
Ulan Degenbaev authored
BUG=chromium:694255 Change-Id: Id15b12ab821de4af7518b658dc63e35bde483312 Reviewed-on: https://chromium-review.googlesource.com/541325Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#46082}
-
mcgreevy authored
The chromium versions were rolled here: https://codereview.chromium.org/2949663002/ BUG=chromium:692940 Review-Url: https://codereview.chromium.org/2950003002 Cr-Commit-Position: refs/heads/master@{#46081}
-
Ross McIlroy authored
Inlines some functions to improve reduce the stack requirements for chains of binary operations in the bytecode generator, thereby enabling support of deeper expression stacks. BUG=chromium:731861 Change-Id: I5ca437d507e9b2a7eb74f33deaa708ecd646077b Reviewed-on: https://chromium-review.googlesource.com/541356 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#46080}
-
Andreas Haas authored
R=clemensh@chromium.org Change-Id: Iee0296d138f892f5d734cadbc28361746c191c3c Reviewed-on: https://chromium-review.googlesource.com/542855Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#46079}
-
Andreas Haas authored
The fuzzer has already been removed from chromium. In addition I removed code which was only used by this fuzzer. BUG=chromium:734550 R=clemensh@chromium.org CC=mstarzinger@chromium.org Change-Id: I2ff4614e4d64131412ead759318e5c38e38f5d3d Reviewed-on: https://chromium-review.googlesource.com/542816 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#46078}
-
Ross McIlroy authored
BUG=chromium:704132 Change-Id: I5be333888215718c2680f5a442fe26ffd988f04e Reviewed-on: https://chromium-review.googlesource.com/541443Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#46077}
-
v8-autoroll authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/97e4bb9..9ffcabd Rolling v8/buildtools: https://chromium.googlesource.com/chromium/buildtools/+log/9a65473..b92ff91 Rolling v8/third_party/catapult: https://chromium.googlesource.com/external/github.com/catapult-project/catapult/+log/c2d7f3a..a64c010 Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/7659b77..9bb118e TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org Change-Id: I2335882b10ab4b13793177c02bd6f40d99158a1f Reviewed-on: https://chromium-review.googlesource.com/542136Reviewed-by: v8 autoroll <v8-autoroll@chromium.org> Commit-Queue: v8 autoroll <v8-autoroll@chromium.org> Cr-Commit-Position: refs/heads/master@{#46076}
-
- 20 Jun, 2017 26 commits
-
-
Bill Budge authored
- Now that there are no boolean vector types, we can directly test the results of relational ops. Bug: v8:6020 Change-Id: Id2139133ae3a548a9985a26a3427cbeddc6272a6 Reviewed-on: https://chromium-review.googlesource.com/536176Reviewed-by: Aseem Garg <aseemgarg@chromium.org> Commit-Queue: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#46075}
-
Mircea Trofin authored
Bug: chromium:734108 Change-Id: I696b104e3b6b9dd71a60c21baa558d4f1fec1dfb Reviewed-on: https://chromium-review.googlesource.com/541624 Commit-Queue: Brad Nelson <bradnelson@chromium.org> Reviewed-by: Brad Nelson <bradnelson@chromium.org> Cr-Commit-Position: refs/heads/master@{#46074}
-
Aseem Garg authored
This reverts commit dddd2c69. Reason for revert: The breakage seemed unrelated (it wasn't fixed on revert). Original change's description: > Revert "[WASM SIMD] Store simd lowering compare ops result as -1 instead of 1" > > This reverts commit 2f83ffa9. > > Reason for revert: Bots failed after this landed. Need to figure out if it is related. > > Original change's description: > > [WASM SIMD] Store simd lowering compare ops result as -1 instead of 1 > > > > BUG: v8:6020 > > Change-Id: I3148511233ee6f89acd71644e0c43f72ccc5eef0 > > Reviewed-on: https://chromium-review.googlesource.com/538160 > > Reviewed-by: Bill Budge <bbudge@chromium.org> > > Reviewed-by: Mircea Trofin <mtrofin@chromium.org> > > Commit-Queue: Aseem Garg <aseemgarg@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#46071} > > TBR=bbudge@chromium.org,gdeepti@chromium.org,mtrofin@chromium.org,aseemgarg@chromium.org > > Change-Id: I300eadd02ab2d20817461e6f9a2c23c138b42256 > No-Presubmit: true > No-Tree-Checks: true > No-Try: true > Reviewed-on: https://chromium-review.googlesource.com/541717 > Reviewed-by: Aseem Garg <aseemgarg@chromium.org> > Commit-Queue: Aseem Garg <aseemgarg@chromium.org> > Cr-Commit-Position: refs/heads/master@{#46072} TBR=bbudge@chromium.org,gdeepti@chromium.org,mtrofin@chromium.org,aseemgarg@chromium.org Change-Id: I83021de8db76c27ea8d0570509713ef5c4560418 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/541719Reviewed-by: Aseem Garg <aseemgarg@chromium.org> Commit-Queue: Aseem Garg <aseemgarg@chromium.org> Cr-Commit-Position: refs/heads/master@{#46073}
-
Aseem Garg authored
This reverts commit 2f83ffa9. Reason for revert: Bots failed after this landed. Need to figure out if it is related. Original change's description: > [WASM SIMD] Store simd lowering compare ops result as -1 instead of 1 > > BUG: v8:6020 > Change-Id: I3148511233ee6f89acd71644e0c43f72ccc5eef0 > Reviewed-on: https://chromium-review.googlesource.com/538160 > Reviewed-by: Bill Budge <bbudge@chromium.org> > Reviewed-by: Mircea Trofin <mtrofin@chromium.org> > Commit-Queue: Aseem Garg <aseemgarg@chromium.org> > Cr-Commit-Position: refs/heads/master@{#46071} TBR=bbudge@chromium.org,gdeepti@chromium.org,mtrofin@chromium.org,aseemgarg@chromium.org Change-Id: I300eadd02ab2d20817461e6f9a2c23c138b42256 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/541717Reviewed-by: Aseem Garg <aseemgarg@chromium.org> Commit-Queue: Aseem Garg <aseemgarg@chromium.org> Cr-Commit-Position: refs/heads/master@{#46072}
-
Aseem Garg authored
BUG: v8:6020 Change-Id: I3148511233ee6f89acd71644e0c43f72ccc5eef0 Reviewed-on: https://chromium-review.googlesource.com/538160Reviewed-by: Bill Budge <bbudge@chromium.org> Reviewed-by: Mircea Trofin <mtrofin@chromium.org> Commit-Queue: Aseem Garg <aseemgarg@chromium.org> Cr-Commit-Position: refs/heads/master@{#46071}
-
Sathya Gunasekaran authored
Mask the lower byte before doing the compare. Bug: v8:5717, v8:6455 Change-Id: I0c7e8b79adc36fb5ee643eae2e42fd892cd560fd Reviewed-on: https://chromium-review.googlesource.com/527885 Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#46070}
-
Adam Klein authored
Also remove support for "python macros" as the last existing one is removed in this patch. Change-Id: I537d604a0a1c9ca11cd5c195841b9f5a0ec74850 Reviewed-on: https://chromium-review.googlesource.com/540836 Commit-Queue: Adam Klein <adamk@chromium.org> Reviewed-by: Daniel Ehrenberg <littledan@chromium.org> Cr-Commit-Position: refs/heads/master@{#46069}
-
machenbach authored
Revert of [parser] Forbid \08 in strict strings (patchset #3 id:40001 of https://codereview.chromium.org/2950633002/ ) Reason for revert: Breaks layout test: https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/16403 See: https://github.com/v8/v8/wiki/Blink-layout-tests Original issue's description: > [parser] Forbid \08 in strict strings and in untagged templates > > This was never legal; the spec only allows '\0' in strict-mode strings or templates > when not followed by a decimal digit. Previously we were only enforcing that it > not be followed by an _octal_ digit. > > This was already fixed for numeric literals, but not for escape sequences in strings. > > BUG=v8:6504 > > Review-Url: https://codereview.chromium.org/2950633002 > Cr-Commit-Position: refs/heads/master@{#46046} > Committed: https://chromium.googlesource.com/v8/v8/+/b102540e44a72157098014a20399193a461153d2 TBR=vogelheim@chromium.org,bakkot@gmail.com # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=v8:6504 Review-Url: https://codereview.chromium.org/2946953002 Cr-Commit-Position: refs/heads/master@{#46068}
-
Michael Achenbach authored
This reverts commit da607264. Reason for revert: Looked wrong. The persistent layout test failures started in the next revision. The failure on the revision of the reverted CL was just a flake. Original change's description: > Revert "Fix GCC 7 build errors" > > This reverts commit c0f1ff24. > > Reason for revert: Speculative revert for layout test timeout: > https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/16402 > > Original change's description: > > Fix GCC 7 build errors > > > > BUG=chromium:691681 > > R=franzih@chromium.org > > > > Change-Id: Id7e5698487f16dc217a804f6d3f24da7213c72b9 > > Reviewed-on: https://chromium-review.googlesource.com/530227 > > Commit-Queue: Toon Verwaest <verwaest@chromium.org> > > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#46045} > > TBR=adamk@chromium.org,franzih@chromium.org,mic.besace@gmail.com,verwaest@chromium.org > > Change-Id: I2119a87a95ed9eb88b7b32ae436edf28dfc86c16 > No-Presubmit: true > No-Tree-Checks: true > No-Try: true > Bug: chromium:691681 > Reviewed-on: https://chromium-review.googlesource.com/541227 > Reviewed-by: Michael Achenbach <machenbach@chromium.org> > Commit-Queue: Michael Achenbach <machenbach@chromium.org> > Cr-Commit-Position: refs/heads/master@{#46065} TBR=adamk@chromium.org,machenbach@chromium.org,franzih@chromium.org,mic.besace@gmail.com,verwaest@chromium.org Change-Id: Ieee7f6b3b80d380e720206e7b43c4b580918b1d7 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:691681 Reviewed-on: https://chromium-review.googlesource.com/541228Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#46067}
-
Sathya Gunasekaran authored
Bug: v8:5717 Change-Id: Icc601c409ac79195991facf1cb2027aab6145ff8 Reviewed-on: https://chromium-review.googlesource.com/540659 Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#46066}
-
Michael Achenbach authored
This reverts commit c0f1ff24. Reason for revert: Speculative revert for layout test timeout: https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/16402 Original change's description: > Fix GCC 7 build errors > > BUG=chromium:691681 > R=franzih@chromium.org > > Change-Id: Id7e5698487f16dc217a804f6d3f24da7213c72b9 > Reviewed-on: https://chromium-review.googlesource.com/530227 > Commit-Queue: Toon Verwaest <verwaest@chromium.org> > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Cr-Commit-Position: refs/heads/master@{#46045} TBR=adamk@chromium.org,franzih@chromium.org,mic.besace@gmail.com,verwaest@chromium.org Change-Id: I2119a87a95ed9eb88b7b32ae436edf28dfc86c16 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:691681 Reviewed-on: https://chromium-review.googlesource.com/541227Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#46065}
-
Clemens Hammacher authored
On an error during {ProcessExports()}, we would just continue execution, resulting in a DCHECK failure later. I did not find any tests for exported globals, so I added a few (including a regression test for the referenced bug). R=ahaas@chromium.org BUG=chromium:734295 Change-Id: I35370de934c274f870680c662ef848c72268a7bc Reviewed-on: https://chromium-review.googlesource.com/539401 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#46064}
-
Daniel Vogelheim authored
R=marja@chromium.org Bug: chromium:726625 Change-Id: I3f451a47b5a60a4c367d04a5466acd9e2f90df14 Reviewed-on: https://chromium-review.googlesource.com/530849Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org> Cr-Commit-Position: refs/heads/master@{#46063}
-
Clemens Hammacher authored
If one wasm instance imports an exported function of another instance, we unwrap the js-to-wasm wrapper of the export and use the underlying code object directly. However, the code object does not keep the wasm instance alive. It is only connected via a WeakCell. With this CL, we explicitly store a FixedArray of all wasm instances from which we imported functions to keep them alive at least as long as the instance which imports the code. R=mtrofin@chromium.org, ahaas@chromium.org BUG=chromium:734345 Change-Id: I8dcfc9a4ea2d791a62d8cb7255039e481c50bdfd Reviewed-on: https://chromium-review.googlesource.com/539738Reviewed-by: Mircea Trofin <mtrofin@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#46062}
-
Ross McIlroy authored
This reverts commit d58bb2dc. Reason for revert: New test breaks on optimize-for-size: https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20-%20debug/builds/16469/steps/OptimizeForSize/logs/GCShortCutting Original change's description: > [IdentityMap] Fix size if GC short-cuts objects. > > BUG=chromium:704132 > > Change-Id: I6146c907d4f26147676f7dde4974c44fe541e8fe > Reviewed-on: https://chromium-review.googlesource.com/541362 > Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Cr-Commit-Position: refs/heads/master@{#46059} TBR=rmcilroy@chromium.org,mstarzinger@chromium.org Change-Id: Ib2ba207dcc1b3193d3645090e9c0a9676f38c353 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:704132 Reviewed-on: https://chromium-review.googlesource.com/541224Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#46061}
-
Ulan Degenbaev authored
This patch replaces IterateBlackObject with two functions: - RecordWrites, - ProcessBlackAllocatedObject. The RecordWrites function is a write barrier, and its behaviour depends on whether the concurrent marking is on or not. The ProcessBlackAllocatedObject is the same indepenent from the concurrent marker. BUG=chromium:694255 Change-Id: I1666371fbdac9b26c6f875b9e1d1751da4ea1960 Reviewed-on: https://chromium-review.googlesource.com/541441 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#46060}
-
Ross McIlroy authored
BUG=chromium:704132 Change-Id: I6146c907d4f26147676f7dde4974c44fe541e8fe Reviewed-on: https://chromium-review.googlesource.com/541362 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#46059}
-
Michael Starzinger authored
This adapts the predicate in question to be geared towards TurboFan now that Crankshaft is no longer being used. It makes the predicate respect the --allocation-site-pretenuring flag again in all cases. R=mlippautz@chromium.org BUG=v8:6408 Change-Id: Ib2753f70d7904764859a2d91815a675745416239 Reviewed-on: https://chromium-review.googlesource.com/541321Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#46058}
-
Camillo Bruni authored
Change-Id: I353d5959eef5369ae42ed7a176d6e59e94cc2d77 Reviewed-on: https://chromium-review.googlesource.com/541424Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#46057}
-
Alexey Kozyatinskiy authored
Inspector uses only BREAK_POSITION_ALIGNED, no tests pass STATEMENT_ALIGNED. It's exposed only with debugger API but I'm pretty sure that nobody actually uses it and as far as mirrors API is deprecated - it's time to remove it. R=jgruber@chromium.org Bug: none Change-Id: I28d62e145811d3eb6f4d64007c47c51b2ecbaf0f Reviewed-on: https://chromium-review.googlesource.com/536934 Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#46056}
-
Dusan Simicic authored
Remove ast_id parameter from CallSize() which is not removed in https: //codereview.chromium.org/2944013002 Bug: Change-Id: I40c9460bf105c9a91f614a9ab2360eee70ab9b78 Reviewed-on: https://chromium-review.googlesource.com/541437Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@imgtec.com> Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@imgtec.com> Cr-Commit-Position: refs/heads/master@{#46055}
-
Ulan Degenbaev authored
BUG=chromium:694255 Change-Id: I65b4ecc7630ece32e351c1c6acea3960f7b6778b Reviewed-on: https://chromium-review.googlesource.com/541380Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#46054}
-
Dusan Simicic authored
Add support for S32x4Shuffle, S16x8Shuffle, S8x16Shuffle for mips and mips64 architectures. Bug: Change-Id: I2c062525ed94edfcb38a53f4bbef02131e313ba3 Reviewed-on: https://chromium-review.googlesource.com/531007 Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@imgtec.com> Reviewed-by: Bill Budge <bbudge@chromium.org> Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@imgtec.com> Reviewed-by: Mircea Trofin <mtrofin@chromium.org> Cr-Commit-Position: refs/heads/master@{#46053}
-
Michael Lippautz authored
AllocationSite objects survive if a page moves within new space. The intended behavior was to update the count only when they are visited by the Scavenger the first time, as they would die afterwards. This fixes that case where we would move a page within new space where most objects survive. We would unnecessarily update the AllocationSite in this case. Bug: chromium:651354 Change-Id: Ife4dd3e7f60320e0050e7c83dfc5457f66e2287c Reviewed-on: https://chromium-review.googlesource.com/541302Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#46052}
-
Michael Starzinger authored
This makes sure that the coercion of global import values to numbers remains non-observable to JavaScript. It allows instantiation failures to fall back to JavaScript proper without accidentally causing some side-effect to happen twice. Also coercions might invalidate previous checks done during linking or throw exceptions. R=clemensh@chromium.org TEST=mjsunit/regress/regress-6431 BUG=v8:6431 Change-Id: Ibe2f7a336bc0fb25532d526746ecc802e04bbd5c Reviewed-on: https://chromium-review.googlesource.com/512544 Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#46051}
-
Clemens Hammacher authored
The constructor of WireBytesRef checks that offset+length is still in the uint32_t range. This CL avoids triggering this check on illegally size strings. R=ahaas@chromium.org BUG=chromium:734246 Change-Id: Iab5c7013aa3e0ac5060bc4733e712a1652679b1a Reviewed-on: https://chromium-review.googlesource.com/539402Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#46050}
-