- 02 Dec, 2019 21 commits
-
-
Mike Stanton authored
Loop variable analysis doesn't recognize that the initial type of the loop variable phi combined with the increment type may produce a NaN result through the addition of two infinities of differing sign. This leads to unreachable code and a SIGINT crash. The fix is to consider this case before typing the loop variable phi, falling back to more conservative typing if discovered. R=neis@chromium.org Bug: chromium:1028863 Change-Id: Ic4b5189c4c50c5bbe29e46050de630fd0673de9f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1946352 Commit-Queue: Michael Stanton <mvstanton@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#65291}
-
Mike West authored
Blink CL: https://chromium-review.googlesource.com/c/chromium/src/+/1944474 Bug: chromium:1029700 Change-Id: I91936942b21d133e06f2583a4e3c70951e5e86f4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1946348 Commit-Queue: Mike West <mkwst@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#65290}
-
Dan Elphick authored
Each Pipeline phase now declares kRuntimeCallCounterId which is used to record the runtime stats for the duration of the phase. As a result some manually instantiated counters are removed. All counters have the same name as the phase name with the v8.TF prefix replaced with Optimize. To enforce this, the existing phase_name declaration in each phase has been replaced with a macro that also declares the counter id and its mode. Bug: v8:10006 Change-Id: I836582298b60c30eb794f4c45a8bb16efa17a38e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1943161Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#65289}
-
Clemens Backes authored
Code objects are scheduled for logging during compilation. In {CompileToNativeModule}, we then only need to ensure that these objects are actually logged. {LogWasmCodes} would log them independently, which leads to duplicate logging. R=jkummerow@chromium.org Bug: chromium:1029470 Change-Id: I6a187f4d7adcf7ac057f3a266f66244ef7e7102f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1946353Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#65288}
-
Clemens Backes authored
Instead of logging them as "wasm-unnamed" functions, log them as "wasm-to-js", and append the signature. This moves and generalizes the {AppendSignature} method that was already used to produce the signature string for other wrappers. R=jkummerow@chromium.org Bug: chromium:1029470 Change-Id: Ic911cb19a49dcbc332bf5a4aa195107522ac6945 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1946350 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#65287}
-
Clemens Backes authored
Import wrappers (wasm-to-js) were missing from profiling, since their code is never logged. This CL fixes this by generally logging all wasm code generated, not just actual wasm functions. Also, instead of logging each individual code object (which requires a lock) within another lock, move the code out of the other lock and log all code objects at once. R=jkummerow@chromium.org Bug: chromium:1029470 Change-Id: Ia250d7f3f183b2c1d8e6af4e58dd65ee27df545b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1943163 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#65286}
-
Clemens Backes authored
This fixes a few thing regarding code logging for profiling: 1) Append the execution tier, otherwise we get two function of the same name. 2) Replace "wasm-function[%d]" by "<wasm-unnamed>", since the index is appended later anyway. 3) Avoid unneeded JS heap and C++ heap allocations during logging. R=jkummerow@chromium.org Bug: chromium:1029470 Change-Id: Ie7af41f21e4595f8d8c574e4ad18273f89f1cb6e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1943162 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#65285}
-
Ng Zhi An authored
Convert more uses of index into offsets. We record spill in terms of offsets (bytes) rather than slot index, so the name of the method can be changed, and in GetTotalFrameSlotCount we calculate the number of slots used in terms of number of bytes spilled. Bug: v8:9909 Change-Id: I26484c1b040cd4711cc7998cb29d68955bf8ddb6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1934528Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#65284}
-
Clemens Backes authored
We already don't do the on-heap round-trip any more. R=jkummerow@chromium.org No-Try: true Change-Id: Ib7223699f6907ca695f17616c280f4aa665e7291 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1946354 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#65283}
-
Georg Neis authored
Bug: chromium:1028208 Change-Id: I439cb5acf4487ab0e4af0dcd065f1ccb78b2e7a1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1946351Reviewed-by: Mythri Alle <mythria@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#65282}
-
Jakob Kummerow authored
The flag combination --gc-interval=500 --stress-compaction --stress-flush-bytecode, combined with baking mjsunit.js into the custom snapshot, caused type feedback for "deepEquals" to be forgotten, leading to an unexpected soft deopt. Forcing type feedback collection with %PrepareFunctionForOptimization() fixes that. Change-Id: I954c7ecbe70ca5b803a5fa7cd809c118f7659f21 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1946347Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#65281}
-
Ng Zhi An authored
Bug: v8:9810 Change-Id: I1dd90312b4ae1ad9461a27898f66d7c802dbae76 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1930071 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#65280}
-
Ng Zhi An authored
Fixed: v8:9980 Bug: v8:9198 Change-Id: Idab55a3d7f7ad45a1491dc7657b8a377e569e050 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1945943Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#65279}
-
Ulan Degenbaev authored
This removes object visiting logic from IncrementalMarking and makes it call the corresponding methods of MarkCompactCollector. As a result we have one place where objects are visited (on the main thread), which is necessary for implementing per-context visitation. Bug: chromium:973627 Change-Id: Ibdfbb9a910b592307bdba2bd73eada35c80a0d61 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1940154Reviewed-by: Hannes Payer <hpayer@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#65278}
-
Ng Zhi An authored
Bug: v8:9886 Change-Id: I321e93d02971c6ba568d9d7c52d464ffc2754665 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1929837 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#65277}
-
Ng Zhi An authored
Adding a regression test for https://crrev.com/c/1930606. This test was generated using --dump-wasm-module, which created a 6KB module, and then running binaryen's wasm-reduce on it until it churned this out, and removing an extra kExprUnreachable. Bug: chromium:1027410 Change-Id: I14ba6ebe52f45e3b3ba943088807e110eebe0339 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1933592Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#65276}
-
Ng Zhi An authored
Bug: v8:9886 Change-Id: Idd44fb99be54c56385db55895dba58b35c1b660e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1928150Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#65275}
-
Ng Zhi An authored
This change includes splitting the existing SSE_INSTRUCTION_LIST into two: 1. sse instructions with two-operand AVX 2. sse instructions with three-operand AVX Also a drive by fix for disasm of pblendw, the printing of imm8 doesn't not require AND-ing with 3, since all 8 bits are significant. Bug: v8:9561 Change-Id: I56c93a24bb9905ae6422698c793b27f3b9e66d8f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1933593Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#65274}
-
Simon Zünd authored
Design doc: bit.ly/v8-repl-mode This CL allows the usage of 'await' without wrapping code in an async function when using REPL mode in global evaluate. REPL mode evaluate is changed to *always* return a Promise. The resolve value of the promise is the completion value of the REPL script. The implementation is based on two existing mechanisms: - Similar to async functions, the content of a REPL script is enclosed in a synthetic 'try' block. Any thrown error is used to reject the Promise of the REPL script. - The content of the synthetic 'try' block is also re-written the same way a normal script is. This is, artificial assignments to a ".result" variable are inserted to simulate a completion value. The difference for REPL scripts is, that ".result" is used to resolve the Promise of the REPL script. - ".result" is not returned directly but wrapped in an object literal: "{ .repl_result: .result}". This is done to prevent resolved promises from being chained and resolved prematurely: > Promse.resolve(42); should evaluate to a promise, not 42. Bug: chromium:1021921 Change-Id: I00a5aafd9126ca7c97d09cd8787a3aec2821a67f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1900464Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#65273}
-
Bartek Nowierski authored
Bug: chromium:1018156 Change-Id: I2133bd8fc4ae4d9ce3c16c50887beb677d979e18 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1924000 Commit-Queue: Bartek Nowierski <bartekn@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#65272}
-
v8-ci-autoroll-builder authored
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/bcfcc04..0317de9 TBR=machenbach@chromium.org,tmrts@chromium.org Change-Id: I21e8f3bf8a9c0cfdd3c0db2bd49386eede39870e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1944233Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#65271}
-
- 01 Dec, 2019 2 commits
-
-
Jakob Kummerow authored
No-Try: true Change-Id: I9c4d6f02451872dacf6e5e172ec32afde5f80281 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1943165 Auto-Submit: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#65270}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/15fd848..00a14de Rolling v8/third_party/googletest/src: https://chromium.googlesource.com/external/github.com/google/googletest/+log/bf0fe87..5395345 Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/e3d2982..ae5343c TBR=machenbach@chromium.org,tmrts@chromium.org Change-Id: I22c818999d745103e09d7438839e03ca80ab7e08 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1944232Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#65269}
-
- 30 Nov, 2019 1 commit
-
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/2fc048c..15fd848 Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/b97d4ce..bcfcc04 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/7c62ed6..5ae4817 Rolling v8/third_party/googletest/src: https://chromium.googlesource.com/external/github.com/google/googletest/+log/076c461..bf0fe87 Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/05979d8..e3d2982 TBR=machenbach@chromium.org,tmrts@chromium.org Change-Id: I9ff4c73b501e7b99b0ef5e2f491d090333e6a342 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1944231Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#65268}
-
- 29 Nov, 2019 16 commits
-
-
Hannes Payer authored
Change-Id: I60fdb6af5382e0ccd6bff16f89aad804c13cd900 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1943147Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Hannes Payer <hpayer@chromium.org> Cr-Commit-Position: refs/heads/master@{#65267}
-
Sigurd Schneider authored
This CL introduces a CHECK in v8_compile that compilation succeedes. Previously, a failed compilation would lead to undefined behavior or a crash in CompileRun, because it would call Script::Run on a nullptr. This CL introduced v8_try_compile that returns a MaybeLocal and supports test-cases that want to ensure that a compilation fails. Bug: chromium:1014415 Change-Id: I559190da6049f325e8650e4a29c6e387d8ff7af5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1943154 Auto-Submit: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#65266}
-
Michael Starzinger authored
This fixes the accessor functions (getters and setters) for WebAssembly accessor properties to not have 'prototype' properties and not be marked as constructors. R=ahaas@chromium.org TEST=mjsunit/wasm/js-api BUG=chromium:1027945 Change-Id: I0288f511fee1f99997031b41354ecf7b8629b783 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1943157 Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#65265}
-
Liviu Rau authored
No-Presubmit: true No-Tree-Checks: true No-Try: true Change-Id: Ib485ec835d73f9da0c5379c80865ad6702293e6f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1943148 Commit-Queue: Liviu Rau <liviurau@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#65264}
-
Jakob Kummerow authored
Reported at comment #18 of the linked bug. Bug: chromium:1027461 Change-Id: I64fb4c4edd4df07ddf86c508dfecec7f509efc9f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1940262Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#65263}
-
Jakob Kummerow authored
Replacing a constant BigInt with a constant int64 is only valid when the use site has truncating semantics. (For non-constant values, the representation changer did correctly check for this.) Bug: chromium:1028593 Change-Id: Ib58b16ece6f21ba30153fd6cfa0560cc2d78d6a2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1940263Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#65262}
-
Mythri A authored
This cl: https://chromium-review.googlesource.com/c/v8/v8/+/1924439 has renamed the optimize passed happening on the backgroudn to OptimizeBackground instead of OptimizeConcurrent or RecompileConcurrent. Concurrent optimization has main thread phases so using OptimizeConcurrent for background computations only was a bit confusing. Bug: chromium:1029456 Change-Id: Idd0a0ff82597bb18c2d8896c7288f268e59acc05 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1943156 Commit-Queue: Mythri Alle <mythria@chromium.org> Commit-Queue: Dan Elphick <delphick@chromium.org> Auto-Submit: Mythri Alle <mythria@chromium.org> Reviewed-by: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#65261}
-
Georg Neis authored
If the inputs are Unsigned32OrMinusZeroOrNaN and we want to compile for an Unsigned32 result, we still need to deopt if the RHS is zero (because that must produce NaN). Bug: chromium:1028862 Change-Id: Ib5b7cd10f8c4ec9a76b75a2b408729f1ca86ea3e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1943150Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Auto-Submit: Georg Neis <neis@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#65260}
-
Toon Verwaest authored
This reverts commit 5253d7bf. Reason for revert: Elements don't properly invalidate the cache. Original change's description: > [runtime] Cache prototype chain enumerable keys in PrototypeInfo > > This CL adds a prototype_chain_enum_cache to cache the enumeration of a > prototype and its entire chain on the PrototypeInfo. It can improve for-in > performance via simply merging the receiver enumeration with this cache. > > It improves the score of JetStream2-tagcloud-SP case by ~9% on IA Chromebook. > > Contributed by tao.pan@intel.com > > Change-Id: Ib40bfe41e772672337155584672f06fa1ba1e70d > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1870844 > Commit-Queue: Shiyu Zhang <shiyu.zhang@intel.com> > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Cr-Commit-Position: refs/heads/master@{#65224} TBR=verwaest@chromium.org,shiyu.zhang@intel.com # Not skipping CQ checks because original CL landed > 1 day ago. Change-Id: Ic5d476bc8b334241b2accb8344749fcf7dcf5e09 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1943153Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Auto-Submit: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#65259}
-
Sigurd Schneider authored
This is a reland of 4ed9d48f CompileRun leads to undefined behavior if the compile fails; CompileRunChecked can be used to assert that the compile must succeed. I've removed the attempt to compile and rely on a simpler check in the tests now. Original change's description: > [exceptions] Don't re-request interrupt in InvokeWithTryCatch > > This CL changes InvokeWithTryCatch to not re-request the terminate > execution interrupt, but instead schedule the termination exception. > This ensures that leaving the outermost TryCatch scope will clear > the exception, and no interrupt remains. > > Previously, the interrupt request could remain and prevent further > JavaScript execution even after the TryCatch scope was left. > > Change-Id: I1e603dc822bbcb0def4cf0a898d59cf8d4b9d039 > Bug: chromium:1014415 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1871910 > Commit-Queue: Sigurd Schneider <sigurds@chromium.org> > Reviewed-by: Yang Guo <yangguo@chromium.org> > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Cr-Commit-Position: refs/heads/master@{#65255} Tbr: yangguo@chromium.org, verwaest@chromium.org Bug: chromium:1014415 Change-Id: I29444c4b7ea5a158865f54d4608f374914f7b133 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1943151Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#65258}
-
Michael Achenbach authored
R=neis@chromium.org No-Try: true Change-Id: I91ebaceb036381f8183b0703ccfed58e1cbbeeb3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1943152Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#65257}
-
Leszek Swirski authored
This reverts commit 4ed9d48f. Reason for revert: UBSan failure https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20UBSan/9084 Original change's description: > [exceptions] Don't re-request interrupt in InvokeWithTryCatch > > This CL changes InvokeWithTryCatch to not re-request the terminate > execution interrupt, but instead schedule the termination exception. > This ensures that leaving the outermost TryCatch scope will clear > the exception, and no interrupt remains. > > Previously, the interrupt request could remain and prevent further > JavaScript execution even after the TryCatch scope was left. > > Change-Id: I1e603dc822bbcb0def4cf0a898d59cf8d4b9d039 > Bug: chromium:1014415 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1871910 > Commit-Queue: Sigurd Schneider <sigurds@chromium.org> > Reviewed-by: Yang Guo <yangguo@chromium.org> > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Cr-Commit-Position: refs/heads/master@{#65255} TBR=yangguo@chromium.org,sigurds@chromium.org,verwaest@chromium.org Change-Id: Iedefe5320d8bdc442a87e03698a20daf6a0ebf4f No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:1014415 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1943149Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#65256}
-
Sigurd Schneider authored
This CL changes InvokeWithTryCatch to not re-request the terminate execution interrupt, but instead schedule the termination exception. This ensures that leaving the outermost TryCatch scope will clear the exception, and no interrupt remains. Previously, the interrupt request could remain and prevent further JavaScript execution even after the TryCatch scope was left. Change-Id: I1e603dc822bbcb0def4cf0a898d59cf8d4b9d039 Bug: chromium:1014415 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1871910 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#65255}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/eeb227e..2fc048c Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/fa0def7..b97d4ce Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/f31cb80..7c62ed6 TBR=machenbach@chromium.org,tmrts@chromium.org Change-Id: I0fb2bb08bc55ecc83695a5f7aa5bcb7676fb550b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1942916Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#65254}
-
jiepan authored
The lane indices of S8x16Shuffle will be printed as null-terminated character array in Operator1's PrintParameter implementation.This patch add S8x16ShuffleParameter class, override operater<<, print indices as integer array. before fix: Shuffle[\b\t\n^K\f\r^N^O] after fix: Shuffle[8,9,10,11,12,13,14,15,0,0,0,0,0,0,0,0] Change-Id: I421e639f5229d3a5e348868be33f2d8bbfcfd2d6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1922735 Commit-Queue: Jie Pan <jie.pan@intel.com> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Bill Budge <bbudge@chromium.org> Auto-Submit: Jie Pan <jie.pan@intel.com> Cr-Commit-Position: refs/heads/master@{#65253}
-
Shu-yu Guo authored
Correctly passing the receiver depends on the Call AST node's type. Calling a parenthesized optional chain expression is parsed as a Call of an OptionalChain of a Property. Currently the computation of the type does not take optional chains of property loads into consideration, so calls of parenthesized optional chain expressions always get passed an undefined receiver. Bug: v8:10024 Change-Id: I904b0eeca2df30160def674fb32adf821403aef9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1938571Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/master@{#65252}
-