- 13 Nov, 2018 27 commits
-
-
Tobias Tebbi authored
This is important for transient types, which might be invalidated in a loop syntactically below the vulnerable use. Bug: v8:7793 Change-Id: Ia97c03282eefbc44d54beb8edc61f5d44af2c947 Reviewed-on: https://chromium-review.googlesource.com/c/1331547Reviewed-by:
Daniel Clifford <danno@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#57478}
-
Michael Starzinger authored
This refactoring hides the fact that some wrappers are first generated in the GC'ed heap and then copied into the native module. It is a first step towards avoiding the redundant copy. R=clemensh@chromium.org Change-Id: I531fa42e8b4c210948d306624007348a39b981e0 Reviewed-on: https://chromium-review.googlesource.com/c/1333673 Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by:
Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#57477}
-
Marja Hölttä authored
BUG=v8:8179 Change-Id: I7dc024fe4880a787cadac8b79bca6da87e2d36de Reviewed-on: https://chromium-review.googlesource.com/c/1328926 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by:
Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#57476}
-
Toon Verwaest authored
Change-Id: I9c022d8d1aa363168546303516b5b3ee6196fdb5 Reviewed-on: https://chromium-review.googlesource.com/c/1333412 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#57475}
-
Daniel Clifford authored
In the process, move the rest of the implementation PLabels into the CodeAssembler for consistency. Change-Id: I56872d9fc756db066f0d13d87aeb55ec04de2495 Reviewed-on: https://chromium-review.googlesource.com/c/1329687 Commit-Queue: Daniel Clifford <danno@chromium.org> Reviewed-by:
Michael Starzinger <mstarzinger@chromium.org> Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#57474}
-
Toon Verwaest authored
Change-Id: Ib73eca9233252a4b5b89f91cae1762528552c1b5 Reviewed-on: https://chromium-review.googlesource.com/c/1333407 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by:
-
Daniel Clifford authored
Use same value to rethrow as was used before this change. This doesn't appear to be explicitly tested anywhere, but the behavior should stay unchanged nevertheless. Change-Id: Idaed90a143e9775746f034190918065897094acb Reviewed-on: https://chromium-review.googlesource.com/c/1329684Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Commit-Queue: Daniel Clifford <danno@chromium.org> Cr-Commit-Position: refs/heads/master@{#57472}
-
Michael Achenbach authored
Prevent timeouts like: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20debug/23124 TBR=sergiyb@chromium.org NOTRY=true Change-Id: I550a0d85366aa7171e2e23b2f6d2482ec953eb52 Reviewed-on: https://chromium-review.googlesource.com/c/1333672Reviewed-by:
Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#57471}
-
tzik authored
This CL replaces most of Isolate::GetEnteredContext with GetEnteredOrMicrotaskContext, as it should be more relevant. Here is a brief overview of the series of changes. https://docs.google.com/document/d/1MY_xlsYS7E6_qbwwY66-FH3JkAYeTHBlF5qVBrBpWyY/edit#heading=h.fx2rezbyzz5c Bug: v8:8124 Change-Id: I27355e325a92094240c25b672d1219f3214a9da0 Reviewed-on: https://chromium-review.googlesource.com/c/1297654Reviewed-by:
Dmitry Gozman <dgozman@chromium.org> Reviewed-by:
Adam Klein <adamk@chromium.org> Commit-Queue: Taiju Tsuiki <tzik@chromium.org> Cr-Commit-Position: refs/heads/master@{#57470}
-
Mike Stanton authored
BUG=v8:7793 Change-Id: Ibcf16998ef9a44ae899a2536ccf02af1b7b7193d Reviewed-on: https://chromium-review.googlesource.com/c/1333410 Commit-Queue: Michael Stanton <mvstanton@chromium.org> Reviewed-by:
-
Marja Hölttä authored
This reduces the build steps after touching counters.h from 710 to 191, thus detaching counters.h from the giant include cluster. BUG=v8:7490,v8:8238 Change-Id: I0c7e707fb945e293f8a5604cc8da438cd35b3210 Reviewed-on: https://chromium-review.googlesource.com/c/1329695 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
-
Toon Verwaest authored
Change-Id: I19e23a1e91631a21d55bb5a42f1f538a655478f8 Reviewed-on: https://chromium-review.googlesource.com/c/1332233 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by:
-
Clemens Hammacher authored
Just moving code around a bit. R=ahaas@chromium.org Bug: v8:7921 Change-Id: I6a9f9dab41360e9a0d8249fe77260788151cd88b Reviewed-on: https://chromium-review.googlesource.com/c/1333411Reviewed-by:
Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#57466}
-
Clemens Hammacher authored
We were outputting the address of the WasmCodeManager instead of the native module. R=ahaas@chromium.org Change-Id: I70f0aca4ef9126b91fcc3716570bfc69e71d27c7 Reviewed-on: https://chromium-review.googlesource.com/c/1326024Reviewed-by:
-
Leszek Swirski authored
For some reason the C++ compiler fails to realise that next_ cannot change on entry into Scan from Next, and re-loads it, creating what looks like a data dependency that stalls the next instruction. Passing through a cached next_ value cleans up the generated code. Change-Id: Iab62ed1890a3a720e5fa90a90e802305e3d55a82 Reviewed-on: https://chromium-review.googlesource.com/c/1331551 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#57464}
-
Leszek Swirski authored
Use a flag int instead of bit fields in LiteralBuffer, so that cache the output of next() in Scanner::Scan() so that it doesn't get reloaded between LiteralBuffer::Drop() calls. LiteralBuffer: :Drop can set a single value rather than masking. Also, Change-Id: I977703488ac41e3b091f46ce0840e7c464639073 Reviewed-on: https://chromium-review.googlesource.com/c/1331548Reviewed-by:
-
Toon Verwaest authored
Change-Id: I6e8c72ea46e02361b7dd8ae698f3c13aef8a8beb Reviewed-on: https://chromium-review.googlesource.com/c/1332297 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by:
-
Toon Verwaest authored
Change-Id: I8948ff43f45a486dc9ff591777db5051b1afaa22 Reviewed-on: https://chromium-review.googlesource.com/c/1332231 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by:
-
Toon Verwaest authored
We're fetching the symbols anyway, so we might as well use those instead in the preparser. Change-Id: Ie937c755690cdd7b15e8486aa9680d530eff602e Reviewed-on: https://chromium-review.googlesource.com/c/1332296Reviewed-by:
-
Georg Neis authored
An oversight in my previous change (3b64764b) could cause a CHECK failure. Bug: chromium:904707 Change-Id: Ie5f1c500bddc00741b889f78ae9ecd9af581ba5c Reviewed-on: https://chromium-review.googlesource.com/c/1333409Reviewed-by:
-
peterwmwong authored
Previously, the following call sequence was always made when creating resulting subsetted TypedArray: 1) TFJ TypedArrayPrototypeSubArray 2) TFS TypedArrayConstructor 3) TFS CreateTypedArray This CL, skips #2 and goes straight to #3 when the default constructor (builtin) is safe to use (IsPrototypeTypedArrayPrototype and !IsTypedArraySpeciesProtectorCellInvalid). Local TypedArrays/SubarrayNoSpecies microbenchmark shows ~35-40% improvement... BEFORE TypedArrays-SubarrayNoSpecies(Score): 1033530 TypedArrays-SubarrayNoSpecies(Score): 1018490 TypedArrays-SubarrayNoSpecies(Score): 1037030 AFTER TypedArrays-SubarrayNoSpecies(Score): 1439030 TypedArrays-SubarrayNoSpecies(Score): 1417540 TypedArrays-SubarrayNoSpecies(Score): 1405980 Bug: v8:7161 Change-Id: I356dace36570aa161ffe208a57a80e46714121a2 Reviewed-on: https://chromium-review.googlesource.com/c/1331154 Commit-Queue: Peter Wong <peter.wm.wong@gmail.com> Reviewed-by:
Peter Marshall <petermarshall@chromium.org> Reviewed-by:
-
Georg Neis authored
It's not sufficient to check the NoElements protector because that doesn't guard against the array having a custom prototype. Bug: v8:8449 Change-Id: I843815466a1e4ae197a2b76eec62d04cdc2d619d Reviewed-on: https://chromium-review.googlesource.com/c/1332232Reviewed-by:
-
peterwmwong authored
This matches the pre-torque behavior when the receiver's length was greater than the max array length. Bug: chromium:902672 Change-Id: Icf8ae3a1a4acc0680ce1b709f5b3372892337203 Reviewed-on: https://chromium-review.googlesource.com/c/1330921 Commit-Queue: Peter Wong <peter.wm.wong@gmail.com> Reviewed-by:
-
Michael Achenbach authored
This skips more tests sensitive to optimization state on gc fuzzer. Failure links: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20NumFuzz%20-%20debug/3620 https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20NumFuzz%20-%20TSAN/3584 https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20NumFuzz%20-%20TSAN/3564 NOTRY=true TBR=sigurds@chromium.org Change-Id: Iba8f475178b87a10b7cf793c65b16132ed2f1a1b Reviewed-on: https://chromium-review.googlesource.com/c/1332294Reviewed-by:
-
Jakob Kummerow authored
Bug: v8:3770 Change-Id: I52660eeda1bd299953793af9af1395f47e89072e Reviewed-on: https://chromium-review.googlesource.com/c/1331155 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#57454}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/81ffd00..8af70c5 Rolling v8/third_party/android_tools: https://chromium.googlesource.com/android_tools/+log/130499e..6fecaa5 Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/f2c3502..0cf6ee7 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/ddbeac1..332c9ff Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/31f2d26..fa8094f TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org Change-Id: Ic70fa8509b5fc87f37f30b2081a92807518b4fe2 Reviewed-on: https://chromium-review.googlesource.com/c/1332869 Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Reviewed-by:
v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#57453}
-
tzik authored
This CL updates DetachableVector to store the data at a known place instead of in an std::vector<>, so that builtins can update it directly. Bug: v8:8124 Change-Id: Iba5fb2e9d4e0ddc689d0f7eeaea40bc3218edf3a Reviewed-on: https://chromium-review.googlesource.com/c/1297783 Commit-Queue: Taiju Tsuiki <tzik@chromium.org> Reviewed-by:
-
- 12 Nov, 2018 13 commits
-
-
Ben Smith authored
See the WebAssembly bulk memory proposal here: https://github.com/WebAssembly/bulk-memory-operations This initial CL adds a wasm experimental flag: `--experimental-wasm-bulk-memory`, and also parsing of passive segments. A passive segment is one that is not copied into the table/memory on instantiation, but instead later via the `{table,memory}.init` instructions. The binary format of passive data segments is unlikely to change, but the format for passive element segments may change (see https://github.com/WebAssembly/bulk-memory-operations/pull/39). Bug: v8:7747 Change-Id: I2a7fb9bc7648a722a8c4aab4185c68d3d0843858 Reviewed-on: https://chromium-review.googlesource.com/c/1330015 Commit-Queue: Ben Smith <binji@chromium.org> Reviewed-by:
-
Frank Tang authored
Bug: v8:8438 Change-Id: I7b45f75c790c007d69f61d13f2ac8936b9efb67d Reviewed-on: https://chromium-review.googlesource.com/c/1331988Reviewed-by:
-
Igor Sheludko authored
because for some reason gdb does not want to execute job *handle anymore. Bug: v8:8238 Change-Id: I9b632f5d34048b80e1f9542de963f738f1afb613 Reviewed-on: https://chromium-review.googlesource.com/c/1332230 Commit-Queue: Igor Sheludko <ishell@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#57449}
-
Junliang Yan authored
Port fe61cd64 R=jkummerow@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com BUG= LOG=N Change-Id: Idee62637817fea020f809772de96b43c2a39cadd Reviewed-on: https://chromium-review.googlesource.com/c/1331832Reviewed-by:
Joran Siu <joransiu@ca.ibm.com> Commit-Queue: Junliang Yan <jyan@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#57448}
-
Junliang Yan authored
Port d0562944 R=mythria@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com BUG= LOG=N Change-Id: Ib27ea8c66e3fa37d13d0e10553f1caf10c9d527b Reviewed-on: https://chromium-review.googlesource.com/c/1332107Reviewed-by:
-
Jaroslav Sevcik authored
With this change, the return value is not baked into the translations for lazy deoptimization point. Instead, the translation contains a position where the return value(s) should be written by the deoptimizer. The deoptimizer then constructs the frame as it would look before and during the call and then overwrites the relevant slot(s) with the return value(s) from the callee. The advantage is that we do not run the risk of overwriting captured objects in the tranlations. Moreover, the translations correctly reflect the frame during the call (e.g., if it is inspected by the debugger or if an exception is thrown and no value is returned). Bug: chromium:902608 Change-Id: I03824f0efec3dd476feacbcc0ab6102c3e6c94bf Reviewed-on: https://chromium-review.googlesource.com/c/1329203 Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by:
Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#57446}
-
Jakob Kummerow authored
Bug: v8:3770 Change-Id: I413ce57f7fa91cef2445995ca22650477f92b0df Reviewed-on: https://chromium-review.googlesource.com/c/1321892Reviewed-by:
Dan Elphick <delphick@chromium.org> Reviewed-by:
Hannes Payer <hpayer@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Reviewed-by:
-
Frank Tang authored
Bug: v8:8424 Change-Id: Ic4f5b229dca4c3a802701aaa6e2093e280739a78 Reviewed-on: https://chromium-review.googlesource.com/c/1328646Reviewed-by:
Yang Guo <yangguo@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/master@{#57444}
-
Junliang Yan authored
R=joransiu@ca.ibm.com Change-Id: I09f57abe9a0fdd8d42c9f52b745a0f9957b67e58 Reviewed-on: https://chromium-review.googlesource.com/c/1330264Reviewed-by:
-
Sathya Gunasekaran authored
Bug: v8:6443, v8:7569 Change-Id: Ie1733198af76d07ac4601c5058af531701434fef Reviewed-on: https://chromium-review.googlesource.com/c/1331549Reviewed-by:
Camillo Bruni <cbruni@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#57442}
-
Clemens Hammacher authored
R=gdeepti@chromium.org Change-Id: I8fabe18101b7e23b5e2971fedd0bd3591783dc85 Reviewed-on: https://chromium-review.googlesource.com/c/1329699Reviewed-by:
Deepti Gandluri <gdeepti@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#57441}
-
Sathya Gunasekaran authored
Bug: v8:6443, v8:7569 Change-Id: Ia7f0550500b19e93d78983db2e20d020bc0ff164 Reviewed-on: https://chromium-review.googlesource.com/c/1329700Reviewed-by:
-
Sathya Gunasekaran authored
in SmallOrderedHashTable Bug: v8:6443, v8:7569 Change-Id: I14572b1acc30df45d0554ee7e8e129da85791529 Reviewed-on: https://chromium-review.googlesource.com/c/1329698Reviewed-by:
-
