- 11 Aug, 2020 9 commits
-
-
Jakob Gruber authored
Updated: IsOptimized -> HasAttachedOptimizedCode HasOptimizedCode -> HasAvailableOptimizedCode IsInterpreted -> ActiveTierIsIgnition Bug: v8:8888 Change-Id: I96363622b67b53371a974f1c17cef387093f053c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2346404 Auto-Submit: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#69326}
-
Jakob Gruber authored
This CL adds more systematic predicates to JSFunction to reason about available code kinds. Introduced terminology: - Attached code kinds are accessible directly from the JSFunction itself. - Available code kinds are either attached or accessible indirectly. - The Active code kind is the one that would be executed on the next function execution. Bug: v8:8888 Change-Id: I9468884dfe97a6cb73f8329b2b6cb62b622d3e7a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2345966 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Auto-Submit: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#69325}
-
Clemens Backes authored
The "wasm fuzzer" and "wasm async fuzzer" use the {InterpretAndExecuteModule} function, which did not check for possible nondeterminism in the interpreter yet. This can lead to wrong reports of mismatches, or in endless loops being executed in compiled code which was not executed in the interpreter. This CL adds the check for nondeterminism in that function, and adds a TODO to merge the two very similar methods. R=ahaas@chromium.org Bug: chromium:1112099, chromium:1113681 Change-Id: I80b01d4c53d04f0632807fa852147dc9fb8075ca Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2346280 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#69324}
-
Clemens Backes authored
The interpreter is used for testing (including fuzzing) only, and in these cases it's often important to see the exact value of a float. Both decimal and scientific notation does not show the full value though, and decimal representation can also be really long for large values, making it hard to compare values. This CL switches this debug output to hexadecimal float values, which always shows the float value in full precision and is also much shorter than decimal notation in many cases. R=ahaas@chromium.org Bug: chromium:1112099 Change-Id: Ia84824227fcd2f1e763ab89280a202ed44930a71 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2346646Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#69323}
-
Marja Hölttä authored
Bug: v8:10239 Change-Id: I5d8e9c85f97835bcabb0c42c7dc0db0fdb3f82fe Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2342851Reviewed-by: Shu-yu Guo <syg@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#69322}
-
Lei Zhang authored
32-bit MSVC generates a C4018 warning for signed/unsigned mismatch. Fix this by casting the std::numeric_limits<int32_t>::max() return value. Change-Id: Iaff6b81c797a88654a7d2fa6d910da105d824df8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2346934Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org> Cr-Commit-Position: refs/heads/master@{#69321}
-
Dominik Inführ authored
Incrementing gc_count_ races with Heap::IncrementalMarkingLimitReached(), which starts incremental marking immediately on every second GC. Bug: v8:10315 Change-Id: Ieb1126bb4ecc472afe5fdd023a601d753576752e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2346648Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#69320}
-
Marja Hölttä authored
The design included per-location lists, but they were left out in Version 1 of the implementation. In addition: drive-by style unification. Bug: v8:10239 Change-Id: Ia4d69fdf4ce0c3aad2dae8082e00e9fa14c4170a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339620 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/master@{#69319}
-
Milad Farazmand authored
The hight 32 bits of the result of mulhw are undefined and need to be cleared manually. Change-Id: I0e746898aa26a7970ab59b89c374afd1377028ea Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2347208Reviewed-by: Junliang Yan <jyan@ca.ibm.com> Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#69318}
-
- 10 Aug, 2020 20 commits
-
-
Shu-yu Guo authored
The Intent to Deprecate and Remove was sent in March 2019: https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/_zPuM7ETNSE Current use of Atomics.wake is at <0.0002% of page loads: https://chromestatus.com/metrics/feature/timeline/popularity/2556 Bug: v8:7883 Change-Id: I4534df6cb88e0afbeae655254d6ce48ad7b462e7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2333349 Commit-Queue: Shu-yu Guo <syg@chromium.org> Reviewed-by: Ben Smith <binji@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#69317}
-
Bill Budge authored
This reverts commit 57242a05. Reason for revert: regression tests fails: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20debug/31477 Original change's description: > [wasm-simd][arm] Use vmov to move all ones to register > > vceq(dst, dst, dst) does not seem to always set the register to all > ones. The right way should be be to use vmov (immediate) anyway. This > was not supported in the assembler yet, so we need changes to the > assembler, diassembler, and simulator. > > There is an unfortunate fork in logic in the simulator, due to the way > the switches are set up, vmov (imm) logic is duplicated across two > different cases, because the switch looks at the top bit of the > immediate. Refactoring this will be a bigger change that is irrelevant > for this bug, so I'm putting that off for now. Instead we extract the > core of vmov (imm) into helpers and call it in the two cases. > > Bug: chromium:1112124 > Change-Id: I283dbcd86cb0572e5ee720835f897b51fae96701 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2337503 > Commit-Queue: Zhi An Ng <zhin@chromium.org> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> > Reviewed-by: Bill Budge <bbudge@chromium.org> > Cr-Commit-Position: refs/heads/master@{#69315} TBR=bbudge@chromium.org,jkummerow@chromium.org,v8-arm-ports@googlegroups.com,zhin@chromium.org Change-Id: I5d9d1dcb81771f71001d959ec5a03a43a11c4233 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:1112124 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2347211Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#69316}
-
Ng Zhi An authored
vceq(dst, dst, dst) does not seem to always set the register to all ones. The right way should be be to use vmov (immediate) anyway. This was not supported in the assembler yet, so we need changes to the assembler, diassembler, and simulator. There is an unfortunate fork in logic in the simulator, due to the way the switches are set up, vmov (imm) logic is duplicated across two different cases, because the switch looks at the top bit of the immediate. Refactoring this will be a bigger change that is irrelevant for this bug, so I'm putting that off for now. Instead we extract the core of vmov (imm) into helpers and call it in the two cases. Bug: chromium:1112124 Change-Id: I283dbcd86cb0572e5ee720835f897b51fae96701 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2337503 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#69315}
-
Frank Tang authored
https://chromium.googlesource.com/external/github.com/tc39/test262/+log/0f5a274aad..e73054f7 Bug: v8:7834 Change-Id: I1063b3e25ea957681a2f52c8d5b27970514d96d8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2342290Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Shu-yu Guo <syg@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/master@{#69314}
-
Ng Zhi An authored
Optimize shuffles which only use a single operand (called swizzles), after canonicalization. Bug: v8:10696 Change-Id: I2e5ffdb723123dffb0abcb6126345972ddc9f652 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2335735Reviewed-by: Clemens Backes <clemensb@chromium.org> Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#69313}
-
Andreas Haas authored
This CL adds an API function that tells the embedder if there is ongoing background work that will eventually post foreground tasks. Design doc: https://docs.google.com/document/d/18vaABH1mR35PQr8XPHZySuQYgSjJbWFyAW63LW2m8-w R=adamk@chromium.org Bug: v8:10787 Change-Id: I9060c5cdc9dbafeb7ea7c5c26d09c2dc744800bd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2342847Reviewed-by: Adam Klein <adamk@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#69312}
-
Ng Zhi An authored
With a displacement of int32_t min (-2^31), and a displacement mode of kNegativeDisplacement, we will try to negate this constant, but the result will not fit in an int32_t, leading to a runtime crash. Check for this special case in CanBeImmediate, and return false. Bug: chromium:1091892 Change-Id: I7f18153d13805f2836dd5c8e1bc098f1e9600566 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2341095 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#69311}
-
Clemens Backes authored
The plain "wasm fuzzer" (which takes the fuzzer input as the wasm wire bytes) was already running both the interpreter and compiled code, but it did not compare the results of both. This CL fixes this by reusing some logic that was already present in the fuzzers based on the {WasmCompileFuzzer} class. R=ahaas@chromium.org Bug: chromium:1113681, chromium:1112099 Change-Id: I9d407f66dfcba0eec90f050630b028edd5fae1d1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339624 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#69310}
-
Thibaud Michaud authored
Add missing source position for stack check, used by OSR to find the correct return address. R=clemensb@chromium.org Bug: v8:10235 Change-Id: Ie26dd3b2079168e846f84b3a4ffe18b838649be7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339625Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/master@{#69309}
-
Clemens Backes authored
We consider some function "test-only" function, e.g. if they have a "ForTesting" in their name. The src/runtime/runtime-test.cc file should be allowed to call such functions. R=tmrts@chromium.org CC=ahaas@chromium.org Change-Id: Ib57bba36ba35f29c7673d4cef6d6b1e5ad9c7f65 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339623Reviewed-by: Andreas Haas <ahaas@chromium.org> Reviewed-by: Tamer Tas <tmrts@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#69308}
-
Clemens Backes authored
The {name} parameter was unused, we always picked the exported "main" function. R=ahaas@chromium.org Bug: chromium:1113681 Change-Id: Iee4b8f72e1137a7e366c3c31b4fa4e4ef81863b4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2345964Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#69307}
-
Santiago Aboy Solanes authored
* CopyElementsOnWrite * CopyFixedArrayElements * GrowElementsCapacity There are two versions of CopyFixedArrayElements which still remain to be TNodified and removed ParameterMode. Bug: v8:9708, v8:6949 Change-Id: I0d63b51004aefbc55dfc57184ed9a0dda7c9b526 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339478Reviewed-by: Mythri Alle <mythria@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#69306}
-
Jakob Kummerow authored
Bug: v8:7748 Change-Id: If876c9499373f091067299fe333e7b59d6cefb41 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2343077Reviewed-by: Manos Koukoutos <manoskouk@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#69305}
-
Almothana Athamneh authored
Bug: chromium:1110824 Change-Id: Ibc914d0261d09cf3a15fd01d0e9df0868d773fce Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2343328Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Almothana Athamneh <almuthanna@chromium.org> Cr-Commit-Position: refs/heads/master@{#69304}
-
Mythri Alle authored
This reverts commit 07815e87. Reason for revert: Dynamic map checks for Turboprop was temporarily disabled to measure impact. Enabling it again. Original change's description: > [tuboprop] Disable dynamic map checks for TurboProp > > Temporarily turnoff dynamic map checks for TurboProp to measure the > impact after changing OSR heuristics. > > Bug: v8:10582, v8:9684 > Change-Id: Ia458be139bf7c281bda40cbcd76e7a0c3fa5d60b > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2343070 > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> > Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> > Commit-Queue: Mythri Alle <mythria@chromium.org> > Cr-Commit-Position: refs/heads/master@{#69294} TBR=rmcilroy@chromium.org,mythria@chromium.org,gsathya@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: v8:10582 Bug: v8:9684 Change-Id: If985b6ff2641f33d0f53cbff6cc668d8c77d2bda Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2345965Reviewed-by: Mythri Alle <mythria@chromium.org> Commit-Queue: Mythri Alle <mythria@chromium.org> Cr-Commit-Position: refs/heads/master@{#69303}
-
evih authored
A new field for signature type was added to WasmExportedFunctionData. It is set to 0 or 1 depending on the parameter count. (It's set and being used only in 0 and 1 parameter cases.) Added new JS tests for 1 parameter wasm functions. Bug: v8:10701 Change-Id: I349d881a2860f1a50b91e08d0126ca71c5f6483b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339622 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/master@{#69302}
-
Dominik Inführ authored
New space size needs to be adjusted during global safepoint. Bug: v8:10315 Change-Id: I670024faa55ce68a4091af6f358f45d20c66fa0b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2239573Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#69301}
-
Sathya Gunasekaran authored
Previously, all ThisExpression's had kNoSourcePositions leading to incorrect error messages like this: ➜ d8 -e "function t() { for (const x of this) {} } t();" unnamed:1: TypeError: undefined is not a function function t() { for (const x of this) {} } t(); ^ TypeError: undefined is not a function at t (unnamed:1:11) at unnamed:1:43 This patch allows creation of a ThisExpression with a source position, leading to a better error message: ➜ d8 -e "function t() { for (const x of this) {} } t();" unnamed:1: TypeError: this is not iterable function t() { for (const x of this) {} } t(); ^ TypeError: this is not iterable at t (unnamed:1:32) at unnamed:1:43 This patch does not remove the existing cached version of ThisExpression and instead creates a new one when required. Bug: v8:6513 Change-Id: Idee4fe8946a9b821d06ff4a5e7eaefe54874ec59 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2345226Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#69300}
-
Marja Hölttä authored
Bug: chromium:1105318 Change-Id: I105fc4cfc1b781dc0a481c7bee9faee1923f474f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2343071 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/master@{#69299}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/de527f4..7dff8d4 Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/95f204a..6b794b9 TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com Change-Id: I1e8f66ecd8475053fe710f5e961a727aedb1f3f1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2345610Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#69298}
-
- 09 Aug, 2020 1 commit
-
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/a740400..de527f4 Rolling v8/third_party/aemu-linux-x64: OPyy2ts1trS4QpWQ4KGvoohvI1WfiBoTrjuFjdL-PcsC..NHKI_hy9EiYHTk25-SwU9lqq_Nmk1LQ748n-ZAtBu9YC TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com Change-Id: I04fa691b73931aef5f4d44b9f43493d5a64962f4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2344793Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#69297}
-
- 08 Aug, 2020 1 commit
-
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/2943e82..a740400 Rolling v8/buildtools: https://chromium.googlesource.com/chromium/src/buildtools/+log/1ecfe3c..b00ad0a Rolling v8/buildtools/linux64: git_revision:3028c6a426a4aaf6da91c4ebafe716ae370225fe..git_revision:e327ffdc503815916db2543ec000226a8df45163 Rolling v8/third_party/aemu-linux-x64: xa2xI0A-kKlMVwMtJRzexwWWPSwHynmUpB0Z6C9Y7wkC..OPyy2ts1trS4QpWQ4KGvoohvI1WfiBoTrjuFjdL-PcsC Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/5cf00e2..c4d3ff4 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/24289f2..0fa91d0 Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/e6863f8..95f204a TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com Change-Id: I6b94a2aa7ecec9e2f3e158a54f21cd808720d6a1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2341731Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#69296}
-
- 07 Aug, 2020 9 commits
-
-
Santiago Aboy Solanes authored
Drive-by: Also from WordOrSmiShr Bug: v8:9708, v8:6949 Change-Id: Ic00b91988abf2120b433809dac3871eb887b8484 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339614Reviewed-by: Dan Elphick <delphick@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#69295}
-
Mythri A authored
Temporarily turnoff dynamic map checks for TurboProp to measure the impact after changing OSR heuristics. Bug: v8:10582, v8:9684 Change-Id: Ia458be139bf7c281bda40cbcd76e7a0c3fa5d60b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2343070Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Mythri Alle <mythria@chromium.org> Cr-Commit-Position: refs/heads/master@{#69294}
-
Almothana Athamneh authored
Bug: chromium:1110824 Change-Id: I77835942a81b6430ec23c16fa41dabac857e8c22 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2343079Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Almothana Athamneh <almuthanna@chromium.org> Cr-Commit-Position: refs/heads/master@{#69293}
-
Michael Achenbach authored
Bug: v8:10788 Change-Id: Iebc3f8dd892fd0f8123feaf11333eae6832589dc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2342852Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#69292}
-
Andreas Haas authored
Up until now. we only checked the size of tables defined in a module at instantiation time. For imported tables we only checked if the imported table matched the declared import in size. This causes a problem because we allocate function tables also for imported tabled before we actually look at the imported table. With this CL we first check the size of all tables, and only then start to initialize and load them. R=jkummerow@chromium.org Bug: chromium:1114006 Change-Id: Iaf194ed21fb83304fe3a7f0f7ba7b282396e3954 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339473 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#69291}
-
Marja Hölttä authored
Forgetting to add a new bytecode into the lists in serializer-in-background-compiler.cc results in a confusing CHECK failure. This moves the failure to a discoverable place. Change-Id: I3e78b4702bfa724748ec8ed3f7f49e0eedc504fc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2324246 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#69290}
-
Andreas Haas authored
The cast from uint32_t to int caused an integer overflow that let a bounds check succeed that should have failed. R=jkummerow@chromium.org Bug: chromium:1114005 Change-Id: Iea1af70af300be54c2a33d7dd10b3faa34d56eaa Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339472Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#69289}
-
Almothana Athamneh authored
Bug: chromium:1113183 Change-Id: Ic877bf392756733c2b61a834016a3d6bf7f48f2a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339103 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Almothana Athamneh <almuthanna@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#69288}
-
Marja Hölttä authored
The test have been rewritten to be more robust -> maybe they're robust enough for the GC fuzzer (DelayedTasksPlatform)? Bug: v8:10239 Change-Id: I743cc2f804357aaef888bff7985dfb68a7feec5f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2342848Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#69287}
-