- 30 Nov, 2017 10 commits
-
-
Jochen Eisinger authored
When we try to get a function literal with an ID beyond the last known ID we easily create out-of-bound read bugs. It's preferable to crash in this situation. BUG=chromium:789764 R=marja@chromium.org Change-Id: I4f35e9231ef6af18204bbac96df3652c3d30c29f Reviewed-on: https://chromium-review.googlesource.com/798411Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Jochen Eisinger <jochen@chromium.org> Cr-Commit-Position: refs/heads/master@{#49738}
-
Jakob Gruber authored
Handles created inside each loop iteration should be freed as the current iteration goes out of scope. TBR=yangguo@chromium.org Bug: v8:7122, chromium:763839 Change-Id: I70a95457c773b26792d87734dab62bc8f4f5fbd0 Reviewed-on: https://chromium-review.googlesource.com/796794Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#49737}
-
Jakob Gruber authored
This test expects certain functions to be optimized, which does not happen if we force array objects onto the slow path. Bug: v8:7122 Change-Id: I716954fff564f1c4f0782b3452557ec89a3b4307 Reviewed-on: https://chromium-review.googlesource.com/796860 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#49736}
-
Benedikt Meurer authored
This fixes String::MakeExternal() to bail out if the subject string doesn't fit a regular ExternalString, instead of creating a short external string. The observation here is that for short external strings the overhead of having to have the StringResource plus going to the runtime/C++ for each and every character access from JavaScript land is probably bigger than the anticipated benefits. If this turns out to be wrong and there's a real benefit, we should make use of ThinStrings instead of having a separate way to represent external strings. Bug: v8:6621, v8:7109, v8:7145 Change-Id: I4b75da08b82a72027c782a69de9c8eaf3cca1d4d Reviewed-on: https://chromium-review.googlesource.com/799750Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#49735}
-
Clemens Hammacher authored
In order to test that we don't repeatedly go through the WasmCompileLazy runtime function, add a flag to the LazyCompilationOrchestrator to "freeze" it, i.e. disallow any further lazy compilation. In tests, use this flag to first call a method, then freeze lazy compilation, then call the method again to assert that no further lazy compilation is triggered. This test currently fails with --wasm-jit-to-native, so disable it for that variant. R=titzer@chromium.org CC=mtrofin@chromium.org Bug: v8:7140, chromium:788441, v8:5991 Change-Id: I18a40d302c24041740d8a54351d06ed968f4beec Reviewed-on: https://chromium-review.googlesource.com/796430Reviewed-by: Mircea Trofin <mtrofin@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#49734}
-
Clemens Hammacher authored
According to the style guide, enum names they must either be capitalized, or start with a "k". I prefer the kFoo syntax. R=mtrofin@chromium.org Bug: v8:7109 Change-Id: I9c06c4cb05b05ec50de8d68d118f1a0807938426 Reviewed-on: https://chromium-review.googlesource.com/796856Reviewed-by: Mircea Trofin <mtrofin@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#49733}
-
Marja Hölttä authored
Makes it easier to modify JSFunction; the failing asserts will tell which places need to be modified. Change-Id: I70c7cd0b89cf05964b4730990fb3d7f23927437a Reviewed-on: https://chromium-review.googlesource.com/781689Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#49732}
-
Benedikt Meurer authored
Strings are immutable in JavaScript land (contrast with the runtime, where we can truncate strings that haven't escaped to JavaScript yet), so the length of a String is immutable. Thus loading the length of a String is a pure operation and should be expressed as such (i.e. doesn't depend on control or effect). The StringLength operator does exactly this and is hooked up to the effect chain in the EffectControlLinearizer. This will eventually allow us to simplify the optimization of string concatention and other operations that are a bit cumbersome in TurboFan currently, and it will also allow us to optimize string operations across effectful operations, for example combining multiple invocations to String#slice with the same inputs. Bug: v8:5269, v8:6936, v8:7109, v8:7137 Change-Id: Iffcccbb0c7fc4cfe1281c10e7af24b40eba4c987 Reviewed-on: https://chromium-review.googlesource.com/799690Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#49731}
-
v8-autoroll authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/9338ce5..64dd7ca Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/11d7efb..9968f9b TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org Change-Id: I0f41345b892a8627b6e184d69bce9743028cec6f Reviewed-on: https://chromium-review.googlesource.com/798894Reviewed-by: v8 autoroll <v8-autoroll@chromium.org> Commit-Queue: v8 autoroll <v8-autoroll@chromium.org> Cr-Commit-Position: refs/heads/master@{#49730}
-
Benedikt Meurer authored
This is in preparation of adding a dedicated StringLength operator that loads the string length. This way operations on strings don't sit in the effect chain anymore until the EffectControlLinearizer, which wires them. The NewConsString semantics could still be better, i.e. it could try to figure out the proper map instead of going for the CONS_STRING_TYPE always. But this change is meant to be just about pushing the logic down to the EffectControlLinearizer, which we didn't have initially when the ConsString handling was done. This also allows us to remove the handling of CONS_STRING_TYPE from the Deoptimizer, since the escape analysis no longer sees cons strings. Bug: v8:5269, v8:6936, v8:7109, v8:7137 Change-Id: If6c4a6d7cf63a3a3f7a34a920c8e50a94dfa67fa Reviewed-on: https://chromium-review.googlesource.com/796413 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/master@{#49729}
-
- 29 Nov, 2017 30 commits
-
-
Alexey Kozyatinskiy authored
Some embedders primitive can trigger execution in current JavaScript instance or in another (e.g. MessageChannel). With this CL external async task can be local as well. R=dgozman@chromium.org Bug: chromium:661705 Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel Change-Id: I82c68a021c2c25bc67a706c4bfed8c1a2b2388c5 Reviewed-on: https://chromium-review.googlesource.com/792015 Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> Reviewed-by: Dmitry Gozman <dgozman@chromium.org> Cr-Commit-Position: refs/heads/master@{#49728}
-
Clemens Hammacher authored
The disassembler currently shows calls from JS code objects to wasm code as: REX.W movq r10,0x58466fd5120 ;; js to wasm call This does not show which code kind is being called (wasm function, lazy compile stub, or wasm-to-wasm wrapper). This CL extends the output to: REX.W movq r10,0x58466fd5120 (wasm-to-wasm) ;; js to wasm call R=mtrofin@chromium.org, titzer@chromium.org Bug: v8:6876, v8:7140 Change-Id: Ib350088017f767528ec0acd7d4c1c347758adcf2 Reviewed-on: https://chromium-review.googlesource.com/796270 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Ben Titzer <titzer@chromium.org> Cr-Commit-Position: refs/heads/master@{#49727}
-
Deepti Gandluri authored
Bug=v8:6532 Change-Id: Icad4a697dd82233f939f0e6606fb6f92870622eb Reviewed-on: https://chromium-review.googlesource.com/795040 Commit-Queue: Deepti Gandluri <gdeepti@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#49726}
-
Georg Neis authored
In the presence of bigints, this optimization is no longer valid. Bug: v8:6791 Change-Id: I996ac78f8ae4aef5494dd0089374d04c6db6e72f Reviewed-on: https://chromium-review.googlesource.com/796070Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#49725}
-
Ross McIlroy authored
Adds histogram timing for main-thread portions of streaming source compilation. Also adds a histogram timer for capturing the amount of time spent for off-thread parse / compile of streaming sources. BUG=v8:5203 Change-Id: Ie9f16052205832a620cfbf266d3d66d3fe9d6c12 Reviewed-on: https://chromium-review.googlesource.com/797038Reviewed-by: Adam Klein <adamk@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#49724}
-
Andreas Haas authored
The FuzzerSupport was keeping a single instance of itself. With this CL, this instance is now stored in a unique_ptr. Therefore it is not necessary to register an onExit callback to delete the FuzzerSupport instance. Drive-by changes: Some cleanup with the FuzzerSupport. R=clemensh@chromium.org Bug: chromium:787723 Change-Id: I5188c7aa7e778ccd45fc80ed0115c947d23a0dee Reviewed-on: https://chromium-review.googlesource.com/792949Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#49723}
-
Michael Achenbach authored
This reverts commit 5d4a0903. Reason for revert: Speculative revert due to timeouts on testing with --isolates: https://build.chromium.org/p/client.v8/builders/V8%20Linux/builds/21889 https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20debug/builds/18138 Original change's description: > Add support to produce code cache after execute. > > Adds new API function to request code cache. Earlier code cache was > produced along with compile requests. This new API allows us to request > code cache after executing. Also adds support in the code serializer to > serialize after executing the script. > > Bug: chromium:783124 > Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng > Change-Id: Id7b972a2b4c8dcf7a6d9f5ea210890ae968320bd > Reviewed-on: https://chromium-review.googlesource.com/781767 > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Yang Guo <yangguo@chromium.org> > Commit-Queue: Mythri Alle <mythria@chromium.org> > Cr-Commit-Position: refs/heads/master@{#49717} TBR=ulan@chromium.org,rmcilroy@chromium.org,yangguo@chromium.org,mythria@chromium.org Change-Id: Id9e0285e73bbc3ea3908b4b7bbf6599e4f7cd76e No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:783124 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Reviewed-on: https://chromium-review.googlesource.com/796870Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#49722}
-
Michael Starzinger authored
This fixes debug-evaluate in the presence of a de-materialized function object. The creation of an arguments object is now requested based on a given frame (potentially inlined) instead of a target function. It makes sure that multiple calls to {StandardFrame::Summarize} don't cause any confusion when they give back non-identical function objects. R=jgruber@chromium.org TEST=debugger/debug/debug-evaluate-arguments BUG=chromium:788647 Change-Id: I575bb6cb20b4657dc09019e631b5d6e36c1b5189 Reviewed-on: https://chromium-review.googlesource.com/796474Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#49721}
-
peterwmwong authored
This reduces the overhead of calling the builtin. Quick measurements show >5x improvement. As the typed array's size grows, iterating dominates and the performance gap closes. https://github.com/peterwmwong/v8-perf/blob/master/typedarray-findIndex/README.md Bug: v8:5929 Change-Id: I27d67776c83cbe28f4f9f5ef479a7eeabf594654 Reviewed-on: https://chromium-review.googlesource.com/792394 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#49720}
-
jgruber authored
Ensure that bound-checking CHECKs do not overflow and properly access the JSTypedArray's length value. This addresses remaining comments from https://crrev.com/c/788857/9/src/runtime/runtime-typedarray.cc#233 Bug: v8:3590 Change-Id: Ic06ff2ecd64a23ab9724c25d7b6cb689b9e7932b Reviewed-on: https://chromium-review.googlesource.com/796611Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#49719}
-
Yang Guo authored
R=jgruber@chromium.org Bug: chromium:789472 Change-Id: I578c0fb13abaeaedcecf862c4e5aa7680b4067e8 Reviewed-on: https://chromium-review.googlesource.com/795972 Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#49718}
-
Mythri authored
Adds new API function to request code cache. Earlier code cache was produced along with compile requests. This new API allows us to request code cache after executing. Also adds support in the code serializer to serialize after executing the script. Bug: chromium:783124 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: Id7b972a2b4c8dcf7a6d9f5ea210890ae968320bd Reviewed-on: https://chromium-review.googlesource.com/781767Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Mythri Alle <mythria@chromium.org> Cr-Commit-Position: refs/heads/master@{#49717}
-
Michael Lippautz authored
R=ulan@chromium.org Bug: Change-Id: Ifba0b1bb649f0ee90fc76f738b7912d300c77447 Reviewed-on: https://chromium-review.googlesource.com/796470Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#49716}
-
Clemens Hammacher authored
When exporting an imported wasm function, we generate a js-to-wasm wrapper which calls the wasm-to-wasm wrapper (which then tail-calls the WasmCompileLazy stub). This wasm-to-wasm wrapper also needs to be patched. R=titzer@chromium.org Bug: chromium:788441, v8:5991 Change-Id: Ibf27618a0511851cb55714b720fe7299a21c2959 Reviewed-on: https://chromium-review.googlesource.com/795990 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Ben Titzer <titzer@chromium.org> Cr-Commit-Position: refs/heads/master@{#49715}
-
Martyn Capewell authored
The stlxr (store-release exclusive register) instructions in Arm64 have similar restrictions to Arm's strex instructions - the status register must not alias the source or address registers. Enforce this in the assembler and simulator, and modify Turbofan and cctest to conform to this. Also, make a small improvement to the code generated for compare and exchange. This is a port of 44c52f7b. Bug: Change-Id: Ia3a8c39b09c5cb579357a5f61c3d88f13d61b724 Reviewed-on: https://chromium-review.googlesource.com/793037Reviewed-by: Ben Smith <binji@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Martyn Capewell <martyn.capewell@arm.com> Cr-Commit-Position: refs/heads/master@{#49714}
-
Michael Achenbach authored
This also updates the README with guidelines. Bug: chromium:788104 Change-Id: I0ca0ea78c5990204b0242be9c7fe6368439a5dd1 Reviewed-on: https://chromium-review.googlesource.com/796311Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#49713}
-
Benedikt Meurer authored
This addresses two TODOs in Ignition where the Construct and the ConstructWithSpread bytecodes didn't collect JSBoundFunction new.target feedback. This is fairly trivial to add now with the existing machinery and the TurboFan side of this was already fixed before, so we can leverage the new feedback. Bug: v8:5267, v8:7109 Change-Id: Iae257836716c14f05f5d301326cbe8b2acaeb38b Reviewed-on: https://chromium-review.googlesource.com/793048Reviewed-by: Mythri Alle <mythria@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#49712}
-
Sathya Gunasekaran authored
Bug: v8:5367 Change-Id: If10539597c07a497d0e9c89af9529ae90f92ddf3 Reviewed-on: https://chromium-review.googlesource.com/794470 Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#49711}
-
Michael Starzinger authored
R=jarin@chromium.org Change-Id: I07bde35a44734b49e143a6dafa17dd7c20587412 Reviewed-on: https://chromium-review.googlesource.com/795950Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#49710}
-
Clemens Hammacher authored
Cross-instance calls call through a wasm-to-wasm stub, which tail-calls and hence does not show up on the stack. It was not being patched so far, leading to repeatedly calling through the WasmCompileLazy stub. Even though this did not crash, it resulted in significant overhead. This CL fixes this and also adds checks to ensure that we patch at least one call site whenever we execute the WasmCompileLazy stub. R=titzer@chromium.org Bug: chromium:788441, v8:5991 Change-Id: I1c2cd52497c577252a64dbf1cfa92d2f2e60b06c Reviewed-on: https://chromium-review.googlesource.com/794132Reviewed-by: Ben Titzer <titzer@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#49709}
-
Michael Starzinger authored
R=jarin@chromium.org Change-Id: I2b2d5095e7c5c06c509a0e1b1b1121e78a80735a Reviewed-on: https://chromium-review.googlesource.com/796031Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#49708}
-
Michael Achenbach authored
This reverts commit 0269965b. Reason for revert: Successfully got some stack traces: https://build.chromium.org/p/client.v8.ports/builders/V8%20Arm%20-%20debug/builds/5274 Original change's description: > V8: Temporary run wasm_traps on native arm debug > > This will break the bot. This is for getting a stack trace and then > revert. > > TBR=mtrofin@chromium.org > > Bug: v8:7138 > Change-Id: I244492ca81f817d64ef7c12e291a6ed9b97e68de > Reviewed-on: https://chromium-review.googlesource.com/795718 > Reviewed-by: Michael Achenbach <machenbach@chromium.org> > Commit-Queue: Michael Achenbach <machenbach@chromium.org> > Cr-Commit-Position: refs/heads/master@{#49698} TBR=machenbach@chromium.org,mtrofin@chromium.org Change-Id: Id81736508fd7eb2b9220bf41188f7687c4046960 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:7138 Reviewed-on: https://chromium-review.googlesource.com/796290Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#49707}
-
peterwmwong authored
This reduces the overhead of calling the builtin. Quick measurements show >5x improvement. As the typed array's size grows, iterating dominates and the performance gap closes. https://github.com/peterwmwong/v8-perf/blob/master/typedarray-find/README.md Bug: v8:5929 Change-Id: Ia74546bb46d446c6161c8956e350d4b5cdc1b328 Reviewed-on: https://chromium-review.googlesource.com/792454 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#49706}
-
Michael Achenbach authored
This reverts commit d3104923. Reason for revert: Breaks win debug, causes lots of timeouts. https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20debug/builds/20387 Original change's description: > Implement and use VectorSegment to avoid repeated allocation of ZoneVector properties. > > The parser holds a single vector whose backing storage is reused in calls > to ParseJsonObject, so that once we reach the peak number of unstored > properties no more allocations are required. > > This improves performance of parsing inputs like those in Speedometer VanillaJS > by about 2% in my local measurement, and would presumably do better on more > pathological inputs. > > This should also have the side effect of reducing peak memory usage at this time > slightly, since we do fewer zone allocations which cannot be freed until the > parse finishes. > > Bug: chromium:771227 > Change-Id: I8aa1514b37a74f82539f95f94292c8fa1582d66a > Reviewed-on: https://chromium-review.googlesource.com/789511 > Reviewed-by: Camillo Bruni <cbruni@chromium.org> > Reviewed-by: Marja Hölttä <marja@chromium.org> > Commit-Queue: Jeremy Roman <jbroman@chromium.org> > Cr-Commit-Position: refs/heads/master@{#49693} TBR=jbroman@chromium.org,marja@chromium.org,cbruni@chromium.org Change-Id: I5b198aeffed6f1543f6110709dc74b311d4ba144 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:771227 Reviewed-on: https://chromium-review.googlesource.com/796151Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#49705}
-
Benedikt Meurer authored
In TurboFan we can easily recognize calls to String.prototype.slice where the start parameter is -1 and the end parameter is either undefined or not present. These calls either return an empty string if the input string is empty, or the last character of the input string as a single character string. So we can just make use of the existing StringCharAt operator. This reduces the overhead of the String.prototype.slice calls from optimized code in the chai test of the web-tooling-benchmark significantly. We observe a 2-3% improvement on the test. Bug: v8:6936, v8:7137 Change-Id: Iebe02667446880f5760e3e8c80f8b7cc712df663 Reviewed-on: https://chromium-review.googlesource.com/795726 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#49704}
-
Michael Achenbach authored
This reverts commit 99cb4d35. Reason for revert: https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap%20-%20debug/builds/16445 Original change's description: > [cleanup] Harden the SubString CSA/Runtime implementations. > > Remove the self-healing for invalid parameters in the > CodeStubAssembler::SubString helper and the %SubString runtime function, > which is used as a fallback for the CodeStubAssembler implementation. > All call sites must do appropriate parameter validation anyways now that > the self-hosted JavaScript builtins using these helpers are gone, and we > have proper contracts with the uses. > > Also remove the context parameter from the CodeStubAssembler::SubString > method, which is unnecessary, since this can no longer throw an > exception. > > Bug: v8:5269, v8:6936, v8:7109, v8:7137 > Change-Id: I19d93bad5f41faa0561c4561a48f78fcba99a549 > Reviewed-on: https://chromium-review.googlesource.com/795720 > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> > Cr-Commit-Position: refs/heads/master@{#49702} TBR=jgruber@chromium.org,bmeurer@chromium.org Change-Id: I2900b5f087e78f1d321724f03bd063a5ff094183 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:5269, v8:6936, v8:7109, v8:7137 Reviewed-on: https://chromium-review.googlesource.com/796150Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#49703}
-
Benedikt Meurer authored
Remove the self-healing for invalid parameters in the CodeStubAssembler::SubString helper and the %SubString runtime function, which is used as a fallback for the CodeStubAssembler implementation. All call sites must do appropriate parameter validation anyways now that the self-hosted JavaScript builtins using these helpers are gone, and we have proper contracts with the uses. Also remove the context parameter from the CodeStubAssembler::SubString method, which is unnecessary, since this can no longer throw an exception. Bug: v8:5269, v8:6936, v8:7109, v8:7137 Change-Id: I19d93bad5f41faa0561c4561a48f78fcba99a549 Reviewed-on: https://chromium-review.googlesource.com/795720Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#49702}
-
Georg Neis authored
This updates various typing and verification rules to take bigints into account. R=jarin@chromium.org Bug: v8:6791 Change-Id: I38fc4c6551bba878623373c69013da8ce2b50c7d Reviewed-on: https://chromium-review.googlesource.com/788910 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#49701}
-
Michael Starzinger authored
R=jkummerow@chromium.org Change-Id: Idc29d9cfe1900554c6ecac5f170e9dea001430ca Reviewed-on: https://chromium-review.googlesource.com/793191Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#49700}
-
Camillo Bruni authored
This is a reland of acfef3ec Original change's description: > [log] Properly log all maps creating during bootstrapping > > Logger::LogMaps will print all maps currently present on the heap. > > Note that currently this does not properly log the detailed transitions > for these maps. > > Change-Id: Ia3218d371549d7634fe3eda9e8e59b0b0bd8bebb > Reviewed-on: https://chromium-review.googlesource.com/753885 > Reviewed-by: Yang Guo <yangguo@chromium.org> > Commit-Queue: Camillo Bruni <cbruni@chromium.org> > Cr-Commit-Position: refs/heads/master@{#49444} Change-Id: I57830f1e22c09981761bb92b9d28c96fbcc1ee80 Reviewed-on: https://chromium-review.googlesource.com/775958 Commit-Queue: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#49699}
-