- 01 Feb, 2019 13 commits
-
-
Marja Hölttä authored
Discovered when working on other stuff. BUG=v8:7490,v8:8562 Change-Id: I9707c95c33e52b1565cca238494e3349a472f604 Reviewed-on: https://chromium-review.googlesource.com/c/1449532Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#59276}
-
Tamer Tas authored
R=machenbach@chromium.org No-Try: true Change-Id: I3ec0adc9be2ea09f63c12bf71803865f224fba09 Reviewed-on: https://chromium-review.googlesource.com/c/1449611 Commit-Queue: Tamer Tas <tmrts@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#59275}
-
Tamer Tas authored
R=machenbach@chromium.org No-Try: true Change-Id: Iadb464e55fd30cc01ad6f250efd01588610407d0 Reviewed-on: https://chromium-review.googlesource.com/c/1449534 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#59274}
-
Michael Starzinger authored
This fixes stack height management when a call to an external function raises a type error trap. It also adds a test case that such exceptions can be caught locally. R=clemensh@chromium.org TEST=cctest/test-run-wasm-exceptions BUG=v8:8729 Change-Id: I54b19ba86eb937695584229753d7f6cfa7e1a15d Reviewed-on: https://chromium-review.googlesource.com/c/1447773Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#59273}
-
Maya Lekova authored
This reverts commit b43e9d5e. Reason for revert: Speculative revert, possibly breaking layout tests - https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8-Blink%20Linux%2064/29678 Original change's description: > Reland "Enable 31bit Smis everywhere" > > This is a reland of c1bf25bb > > Node bot will turn green after github.com/v8/node/pull/89/ > has landed. > > Original change's description: > > Enable 31bit Smis everywhere > > > > This is a experiment to see how performance is impacted. If we tank > > too much, we can revert this change. > > > > Change-Id: I01be33f5dd78aee6a5beecdc62adbaa6c3850eb1 > > Bug: v8:8344 > > Reviewed-on: https://chromium-review.googlesource.com/c/1355279 > > Commit-Queue: Sigurd Schneider <sigurds@chromium.org> > > Reviewed-by: Igor Sheludko <ishell@chromium.org> > > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#58157} > > Bug: v8:8344 > Change-Id: I85a6e5c479f1090f50df3df042571227279a0692 > Reviewed-on: https://chromium-review.googlesource.com/c/1448314 > Commit-Queue: Sigurd Schneider <sigurds@chromium.org> > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Cr-Commit-Position: refs/heads/master@{#59251} TBR=jarin@chromium.org,sigurds@chromium.org,ishell@chromium.org Change-Id: Ie388de7e1cc28fcf8bc576f564f3b463002bf1b4 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:8344 Reviewed-on: https://chromium-review.googlesource.com/c/1449533Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#59272}
-
Simon Zünd authored
This CL replaces the current TypedArray#sort with a simpler mergesort. The fastpath when the user does not provide a comparison function is still used. In addition, TypedArray#sort now converts all elements in the TypedArray to tagged values upfront, sorts them and writes them back into the TypedArray as the final step. R=jgruber@chromium.org, tebbi@chromium.org Bug: v8:8567 Change-Id: Ib672c5cf510f7c0a2e722d1baa2704305a9ff235 Reviewed-on: https://chromium-review.googlesource.com/c/1445987 Commit-Queue: Simon Zünd <szuend@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Mathias Bynens <mathias@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#59271}
-
Takuto Ikuta authored
I extracted following class member functions to map.cc * Map * NormalizedMapCache Declaration of all above class are in map.h. This patch makes compile time of objects.cc from 18.9s to 17.6s on Z840 Linux. And map.cc takes 6.14s for compile. Bug: v8:7629 Change-Id: Id1e45dff243ab3f5449c0a7e2a861fba0bc7abf6 Reviewed-on: https://chromium-review.googlesource.com/c/1447914 Commit-Queue: Takuto Ikuta <tikuta@chromium.org> Reviewed-by: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#59270}
-
Jakob Gruber authored
Tbr: sigurds@chromium.org Bug: v8:8723 Change-Id: Ieffeccf9b4f3f23a61f8247594eac2ea8c2a5ca4 Reviewed-on: https://chromium-review.googlesource.com/c/1448326Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#59269}
-
Michael Achenbach authored
The config migrated here: https://crrev.com/c/1435917 NOTRY=true Bug: chromium:916292 Change-Id: Ia74b631d53b8ac999f2a0d62ef7c1c43a0871bfa Reviewed-on: https://chromium-review.googlesource.com/c/1444955Reviewed-by: Sergiy Belozorov <sergiyb@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#59268}
-
Clemens Hammacher authored
R=mstarzinger@chromium.org Bug: v8:8562 Change-Id: I05abb6d9e594c797cad558befac4376b376bc514 Reviewed-on: https://chromium-review.googlesource.com/c/1448274Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#59267}
-
Clemens Hammacher authored
This way we can remove them correctly and avoid leaks. R=mstarzinger@chromium.org, ulan@chromium.org Bug: v8:8725 Change-Id: I52cbbf34a94171aaeb581b55aecb25311465544d Reviewed-on: https://chromium-review.googlesource.com/c/1446453Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#59266}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/f27d150..c1ab94d Rolling v8/test/wasm-js/data: https://chromium.googlesource.com/external/github.com/WebAssembly/spec/+log/96c4188..d52eade Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/bc2b64b..b6cc5a6 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/1131ccb..39b0b8e Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/3a06ff3..3114fbc TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org Change-Id: Ieebaf197c097dd917a4561618feb2b66fc51c895 Reviewed-on: https://chromium-review.googlesource.com/c/1449041Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#59265}
-
Frank Tang authored
See https://github.com/tc39/proposal-intl-datetime-style Design Doc: https://goo.gl/v7n7zV Bug: v8:8702 Change-Id: If45a901e369003ded6c0c690a65f0429800d5ecc Reviewed-on: https://chromium-review.googlesource.com/c/1417372 Commit-Queue: Frank Tang <ftang@chromium.org> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#59264}
-
- 31 Jan, 2019 27 commits
-
-
Tobias Tebbi authored
Since the improvement of overload resolution (https://crrev.com/c/1304294), overload resolution of generics doesn't take into account existing specializations anymore. This means that the issue of infinite recursion when an overload of Cast for HeapObject is missing doesn't exist anymore. Thus we can get rid of the CastHeapObject workaround. Bug: v8:7793 Change-Id: I8442cfb81b78aaa8234bcee673647261c25f9a63 Reviewed-on: https://chromium-review.googlesource.com/c/1448324Reviewed-by: Daniel Clifford <danno@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#59263}
-
Jakob Kummerow authored
Multiplication, division, and toString can take a very long time for large inputs. This patch adds stack checks to each of these operations so embedders can interrupt them. Bug: chromium:922032 Change-Id: Idae9d32d6f78a028de4d2ba3abdb79c624f0dca1 Reviewed-on: https://chromium-review.googlesource.com/c/1444913 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#59262}
-
Ben Smith authored
The new names for memory.drop and table.drop are data.drop and elem.drop respectively. See https://github.com/WebAssembly/bulk-memory-operations/issues/23 and https://github.com/WebAssembly/bulk-memory-operations/pull/46. Change-Id: I07aab8448fabe24eb9734dc7dac6f91c570cb553 Reviewed-on: https://chromium-review.googlesource.com/c/1446148 Commit-Queue: Ben Smith <binji@chromium.org> Reviewed-by: Ben Titzer <titzer@chromium.org> Cr-Commit-Position: refs/heads/master@{#59261}
-
Frank Tang authored
Bug: v8:7834 Change-Id: I5eec99773ac6f366ec5850350083379b4978446e Reviewed-on: https://chromium-review.googlesource.com/c/1446334Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/master@{#59260}
-
Ben Smith authored
* There are now two indexes for table.copy and memory.copy, one for the source and the one for the destination table/memory. (see https://github.com/WebAssembly/bulk-memory-operations/pull/43) * Reverse the order of the table.init and memory.init indexes, so the segment index is first and the table/memory index is second. (see https://github.com/WebAssembly/bulk-memory-operations/pull/45) Change-Id: I1781edd4200a7b693e3d0814999e6292aafa58d3 Reviewed-on: https://chromium-review.googlesource.com/c/1446149Reviewed-by: Ben Titzer <titzer@chromium.org> Commit-Queue: Ben Smith <binji@chromium.org> Cr-Commit-Position: refs/heads/master@{#59259}
-
Z Duong Nguyen-Huu authored
According to spec https://tc39.github.io/ecma262/#sec-object.assign, https://tc39.github.io/ecma262/#sec-ordinaryownpropertykeys, object.assign should copy symbols last. The current implementation ignores that order. The idea of the fix here is to do iteration twice, one to skip symbol first then one to skip string. Bug: v8:6705 Change-Id: I27a353e0c44a8f7adcf55d7143dd3ce26bea2724 Reviewed-on: https://chromium-review.googlesource.com/c/1432597 Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#59258}
-
Deepti Gandluri authored
Change-Id: I62eaed997f4bf590f6cc09f3cb874340e1cd7ac6 Bug: v8:8564 Reviewed-on: https://chromium-review.googlesource.com/c/1447493Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Deepti Gandluri <gdeepti@chromium.org> Cr-Commit-Position: refs/heads/master@{#59257}
-
Clemens Hammacher authored
This factors out one part of the "Remove finisher task" CL (https://crrev.com/c/1400781), which I would like to test in isolation. R=ahaas@chromium.org Bug: v8:8423 Change-Id: I7c598f60c4757df8e26508e68da4b3c300a511cb Reviewed-on: https://chromium-review.googlesource.com/c/1448316Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#59256}
-
Marja Hölttä authored
(The bug didn't affect any functionality; we just left detached WeakCells in inconsistent state.) BUG=v8:8179 Change-Id: I28f6c27532383b94bdfd746db903096f1dc6f1cc Reviewed-on: https://chromium-review.googlesource.com/c/1447651Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#59255}
-
Michael Spang authored
This is no longer necessary after https://chromium-review.googlesource.com/c/chromium/src/+/1427781 This reverts commit 571076ec. Change-Id: Id754864022171fd3da8f7274b5d3b526603337ce Reviewed-on: https://chromium-review.googlesource.com/c/1446136 Commit-Queue: Michael Spang <spang@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#59254}
-
Camillo Bruni authored
Drive-by-fix: - Inline Scope::num_parameters - Provide inlineable DataGatheringScope destructor precheck Change-Id: I337a79e0d5cf0f26c526e2ac53de8aa632d86c53 Reviewed-on: https://chromium-review.googlesource.com/c/1445879 Commit-Queue: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#59253}
-
Benedikt Meurer authored
Previously AccessorAssembler::HandlePolymorphicCase() had 4 versions of the inner loop unrolled, but we always had to check against the length after 1 (POLYMORPHIC with name) or 2 (regular POLYMORPHIC) unrolled iterations anyways, so there's not a lot of benefit to unrolling besides the potentially better branch prediction in some cases. But that doesn't seem to be beneficial even in extreme cases (in fact on ARM cores we might get some benefit from having less code instead), and probably doesn't justify the additional C++ / generated code. I used the following extreme micro-benchmark to check the worst case performance impact: ```js function test(o, n) { var result; for (var i = 0; i < n; ++i) { result = o.x; } return result; } const N = 1e8; const objs = [{x: 0}, {x:1,a:1}, {x:2,b:2}, {x:3,c:3}]; for (var j = 0; j < objs.length; ++j) test(objs[j], N); console.time('Time'); for (var j = 0; j < objs.length; ++j) test(objs[j], N); console.timeEnd('Time'); ``` Running this with --noopt shows a ~1% performance regression with this patch on a beefy z840 gLinux workstation, which gives me some confidence that overall this patch is going to be neutral and maybe beneficial in case of less powerful ARM cores. Note to performance sheriffs: This could potentially tank some performance tests. In that case we may need to revisit the unrolling. Bug: v8:8562 Change-Id: I731599a7778da1992d981d36022c407ef5c735eb Reviewed-on: https://chromium-review.googlesource.com/c/1448275Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#59252}
-
Sigurd Schneider authored
This is a reland of c1bf25bb Node bot will turn green after github.com/v8/node/pull/89/ has landed. Original change's description: > Enable 31bit Smis everywhere > > This is a experiment to see how performance is impacted. If we tank > too much, we can revert this change. > > Change-Id: I01be33f5dd78aee6a5beecdc62adbaa6c3850eb1 > Bug: v8:8344 > Reviewed-on: https://chromium-review.googlesource.com/c/1355279 > Commit-Queue: Sigurd Schneider <sigurds@chromium.org> > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> > Cr-Commit-Position: refs/heads/master@{#58157} Bug: v8:8344 Change-Id: I85a6e5c479f1090f50df3df042571227279a0692 Reviewed-on: https://chromium-review.googlesource.com/c/1448314 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#59251}
-
Jakob Gruber authored
This is a reland of 1e3582b5 Original change's description: > Reland "[builtins] Verify Isolate compatibility with the embedded blob" > > This is a reland of b022e825 > > Original change's description: > > [builtins] Verify Isolate compatibility with the embedded blob > > > > Embedded builtins (= the embedded blob) have a few dependencies on the > > snapshot state. For instance, they require that metadata stored on > > builtin Code objects as well as the builtins constant table remain > > unchanged from mksnapshot-time. Embedders may violate these > > assumptions by accident, e.g. by loading a snapshot generated with > > different build flags, leading to seemingly unrelated failures later > > on. > > > > This CL introduces an Isolate hash stored in the embedded blob which > > hashes relevant parts of builtin Code objects and the builtins > > constant table. It's verified in Isolate::Init in debug builds. > > > > Bug: v8:8723 > > Change-Id: Ifc9bdbe6f56ea67d8984f162afa73a3572cfbba8 > > Reviewed-on: https://chromium-review.googlesource.com/c/1442641 > > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > > Reviewed-by: Sigurd Schneider <sigurds@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#59177} > > Tbr: yangguo@chromium.org,sigurds@chromium.org > Bug: v8:8723 > Change-Id: I1dd001783f0f1fae21a9809c8639e40f55b8f663 > Reviewed-on: https://chromium-review.googlesource.com/c/1445985 > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Sigurd Schneider <sigurds@chromium.org> > Cr-Commit-Position: refs/heads/master@{#59236} Tbr: yangguo@chromium.org,sigurds@chromium.org Bug: v8:8723 Change-Id: I8e4ae2f09d16b693c1fb814477d8487385046ee4 Reviewed-on: https://chromium-review.googlesource.com/c/1448312Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#59250}
-
Clemens Hammacher authored
This CL revises some of our error messages to be more precise or more aesthetically appealing. R=titzer@chromium.org, ahaas@chromium.org Cq-Include-Trybots: luci.chromium.try:linux-blink-rel Bug: chromium:926311 Change-Id: I38eaee09fd37f9b67fdb08bc7b0df64a6eaf96f9 Reviewed-on: https://chromium-review.googlesource.com/c/1445980Reviewed-by: Ben Titzer <titzer@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#59249}
-
Sigurd Schneider authored
1) Ensure 31bit Smis are enabled if pointer compression is. 2) Enable some code for 31bit Smis Bug: v8:8344 Change-Id: Ib1e68ebfcfd49e16d1548879b7670c88dc73449b Reviewed-on: https://chromium-review.googlesource.com/c/1445979 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#59248}
-
Sigurd Schneider authored
These allow to write a tagged uncompressed pointer even if pointer compression is enabled. This is the least intrusive option; once TurboFan supports pointer compression better, this CL likely needs to be revised. Bug: v8:8183 Change-Id: I56451c364b8620f687d8b9deb9553099ba95b928 Reviewed-on: https://chromium-review.googlesource.com/c/1445978 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#59247}
-
Georg Neis authored
In particular, print the reason for returning false (when FLAG_trace_turbo_inlining is enabled). Change-Id: I8924562b16612e5030d5870648ff4827d2a0ecc6 Reviewed-on: https://chromium-review.googlesource.com/c/1445981Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#59246}
-
Igor Sheludko authored
Bug: v8:8621, v8:8562 Change-Id: I79014f92ba95d21b31ff28cb615a01aa00d0d5d6 Reviewed-on: https://chromium-review.googlesource.com/c/1448271 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#59245}
-
Jakob Gruber authored
In noembed builds we serialize all builtins as full on-heap code objects. Bug: v8:8716 Cq-Include-Trybots: luci.v8.try:v8_linux_noembed_rel_ng Change-Id: I48f25a12e05a6d8599e5f9c31f9f56f2ebb9f2d6 Reviewed-on: https://chromium-review.googlesource.com/c/1448272Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#59244}
-
Igor Sheludko authored
movXXXp are replaced with respective movXXXq. Drive-by cleanup: unified the way we generate movq with other mov instructions. Bug: v8:8621, v8:8562 Change-Id: I5c65dccf4e460cad5c3cee3dfabfd6ce39abc244 Reviewed-on: https://chromium-review.googlesource.com/c/1446096 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#59243}
-
Michael Starzinger authored
R=clemensh@chromium.org BUG=v8:8562 Change-Id: I13e566b95785edf788de842b833cb7f5bc2b731d Reviewed-on: https://chromium-review.googlesource.com/c/1447771Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#59242}
-
Clemens Hammacher authored
This reverts commit 1e3582b5. Reason for revert: Still fails nosnap: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20nosnap%20-%20debug/22789 Original change's description: > Reland "[builtins] Verify Isolate compatibility with the embedded blob" > > This is a reland of b022e825 > > Original change's description: > > [builtins] Verify Isolate compatibility with the embedded blob > > > > Embedded builtins (= the embedded blob) have a few dependencies on the > > snapshot state. For instance, they require that metadata stored on > > builtin Code objects as well as the builtins constant table remain > > unchanged from mksnapshot-time. Embedders may violate these > > assumptions by accident, e.g. by loading a snapshot generated with > > different build flags, leading to seemingly unrelated failures later > > on. > > > > This CL introduces an Isolate hash stored in the embedded blob which > > hashes relevant parts of builtin Code objects and the builtins > > constant table. It's verified in Isolate::Init in debug builds. > > > > Bug: v8:8723 > > Change-Id: Ifc9bdbe6f56ea67d8984f162afa73a3572cfbba8 > > Reviewed-on: https://chromium-review.googlesource.com/c/1442641 > > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > > Reviewed-by: Sigurd Schneider <sigurds@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#59177} > > Tbr: yangguo@chromium.org,sigurds@chromium.org > Bug: v8:8723 > Change-Id: I1dd001783f0f1fae21a9809c8639e40f55b8f663 > Reviewed-on: https://chromium-review.googlesource.com/c/1445985 > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Sigurd Schneider <sigurds@chromium.org> > Cr-Commit-Position: refs/heads/master@{#59236} TBR=yangguo@chromium.org,sigurds@chromium.org,jgruber@chromium.org Change-Id: If6082452c739d4de44ed70d3c6355f5282684ac1 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:8723 Reviewed-on: https://chromium-review.googlesource.com/c/1448311Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#59241}
-
Michael Starzinger authored
R=clemensh@chromium.org Change-Id: I09cc32bbb43c8659805d7d93637d5be7f61e9fd5 Reviewed-on: https://chromium-review.googlesource.com/c/1447711Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#59240}
-
Simon Zünd authored
R=tebbi@chromium.org Bug: v8:7793, v8:8562 Change-Id: I783a6d76edd20b73b25cc81395ecadbedd346e8b Reviewed-on: https://chromium-review.googlesource.com/c/1447775Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#59239}
-
Simon Zünd authored
This CL fixes a crash when Structs are used as builtin arguments. R=tebbi@chromium.org Bug: v8:7793 Change-Id: Ib9488cdd924894dd9a9aa9fe35f57d93894565e2 Reviewed-on: https://chromium-review.googlesource.com/c/1447774Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#59238}
-
Marja Hölttä authored
1) JSWeakRef and WeakCell targets are HeapObjects (SMIs are no longer used for signalling cleared / dead JSWeakRefs / WeakCells.) Make this explicit. 2) There's no need to assert that the target of JSWeakRef cannot be undefined when handled by MarkCompactCollector::ClearJSWeakRefs, since the code handles undefined just fine. (The removed comment was true though, since this is the only place which can set the target to undefined. But maybe in the future there's some other way to clear a JSWeakRef, e.g., explicit API for it.) BUG=v8:8179 Change-Id: I762c2b4487770712c7538be799dc188943c92587 Reviewed-on: https://chromium-review.googlesource.com/c/1445986Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#59237}
-