- 14 Jun, 2019 6 commits
-
-
Sathya Gunasekaran authored
When iterating over the holdings inside the cleanup callback, we could potentially unregister the weakref which is next or prev on the key list causing these checks to be incorrect. Bug: v8:9360, v8:8179 Change-Id: I53ea12346eb4882b16a82677b64ba2c756d23a1c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1658161Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#62165}
-
Simon Zünd authored
This CL introduces two usage counters for two CallSite functions in sloppy mode: - getFunction() - getThis() Chromium CL: https://crrev.com/c/1657902 Bug: v8:8742 Change-Id: I81e8fec48534f5932a72de86d9d21f3b370c66a7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1657919 Commit-Queue: Simon Zünd <szuend@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#62164}
-
Yu Yin authored
Port ea420655 https://crrev.com/c/1651470 Original Commit Message: API calls made via the CallApiCallback builtin, which is used from the ICs and optimized code, are currently misattributed to the wrong counter InvokeFunctionCallback instead of FunctionCallback. In addition we don't use the C trampoline when only runtime call stats are enabled, but the Chrome DevTools profiler is not active, which means that these calls will not be attrituted properly at all, and that had to be worked around using all kinds of tricks (i.e. disabling fast-paths in ICs when RCS is active and not inlining calls/property accesses into optimized code depending on the state of RCS). All of this was really brittle and only due to the fact that the central builtin didn't properly check for RCS (in addition to checking for the CDT profiler). With this fix it's now handled in a central place and attributed to the correct category, so user code doesn't need to worry about RCS anymore and can just call straight into the fast-path. core hand-written native code with the API callback logic. Change-Id: I6bcc8c4d7f4642381803a8b6c8282ceb8f3d056c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1659988 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#62163}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/afe9cbd..be4d13b Rolling v8/buildtools: https://chromium.googlesource.com/chromium/src/buildtools/+log/5b97b40..8756a42 Rolling v8/buildtools/third_party/libc++/trunk: https://chromium.googlesource.com/chromium/llvm-project/libcxx/+log/78822a6..ad46488 Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/727d7ca..e502dbc Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/374a128..bc23ca1 Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/fe6c647..539db7d TBR=machenbach@chromium.org,sergiyb@chromium.org,tmrts@chromium.org Change-Id: Icfa6b96961df31243cd0597ca0b1c8c8ee6003bb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1660030Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#62162}
-
Frank Tang authored
https://chromium.googlesource.com/external/github.com/tc39/test262/+log/a9abd4..49eee8b Bug: v8:7834 Change-Id: I90de157926001b8db0c7992965b9c2ee762d78ae Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1656055Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by: Mathias Bynens <mathias@chromium.org> Reviewed-by: Tamer Tas <tmrts@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/master@{#62161}
-
Yu Yin authored
Change-Id: I2453256c192a5b58f241c4c73a32e8d41cf55a0e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1657973 Auto-Submit: Yu Yin <xwafish@gmail.com> Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Yu Yin <xwafish@gmail.com> Cr-Commit-Position: refs/heads/master@{#62160}
-
- 13 Jun, 2019 29 commits
-
-
Fabrice de Gans-Riberi authored
Zircon VMOs are now created non-resizeable by default. This family of flags is now a no-op and they will soon be removed. Bug: chromium:973981 Change-Id: I99b5a18b9744e32ebb3f33f1a848ee9b5c51eb0d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1659568 Commit-Queue: Fabrice de Gans-Riberi <fdegans@chromium.org> Commit-Queue: Wez <wez@chromium.org> Auto-Submit: Fabrice de Gans-Riberi <fdegans@chromium.org> Reviewed-by: Wez <wez@chromium.org> Cr-Commit-Position: refs/heads/master@{#62159}
-
Z Nguyen-Huu authored
Use FastJSArrayForRead pattern. Add test of array.reduce, array.reduceRight for non-extensible, sealed, frozen objects similar to mjsunit/array-reduce.js ~3x perf improvement in JSTests/ObjectFreeze micro-benchmark Before: ArrayReduce ArrayReduce-Numbers(Score): 0.0740 ArrayReduceRight ArrayReduceRight-Numbers(Score): 0.0767 After: ArrayReduce ArrayReduce-Numbers(Score): 0.249 ArrayReduceRight ArrayReduceRight-Numbers(Score): 0.261 Bug: v8:6831 Change-Id: I98f54f010256993fcd05bb24be968fb2d0f5c966 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1656851 Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com> Reviewed-by: Simon Zünd <szuend@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#62158}
-
Maya Lekova authored
Remove dead code and move a condition earlier, as discussed in http://doc/1I1yzlXM79M7W5QfVjTwSSTEQsRCjdfo8cgSQXkeqlZQ#heading=h.e7x2k9l4bmi7 Bug: v8:9183 Change-Id: Iaba7233e47ee19d2be5501ce6046f3956532513c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1658155 Commit-Queue: Michael Stanton <mvstanton@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Auto-Submit: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#62157}
-
Z Nguyen-Huu authored
Bug: v8:6831 Change-Id: I61d4080e11e354fb47d5c79c3c26076488f3fe13 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1656852 Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com> Reviewed-by: Simon Zünd <szuend@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#62156}
-
Dan Elphick authored
Disable bytecode flushing for test as it messes up lazy source positions and the flags aren't representative anyway. Bug: v8:8510 Change-Id: I6d5bc8dcd174a9bfc48f682518e6c62d79acb691 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1658152 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Auto-Submit: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#62155}
-
Jakob Gruber authored
This is a reland of 811bfbbc Original change's description: > [regexp] Move AST-to-Node code to a dedicated file > > Prior to this CL, jsregexp contains a bunch of things that are slightly > related but would be cleaner in separate files, including: AST-to-Node > transformations, the compiler implementation, and a debugging printer. > > This CL extracts AST-to-Node transformations. > > Bug: v8:9359 > Change-Id: I030cfca5c40cfd72e3a7abe2188e4654cfe2277c > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1655303 > Auto-Submit: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Yang Guo <yangguo@chromium.org> > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/master@{#62148} Tbr: yangguo@chromium.org Bug: v8:9359 Change-Id: I68a16086dc56c9a059547033ca8bc1e9de1080db Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1658568Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#62154}
-
Seth Brenith authored
Include API-instantiated functions in the definition of Callable so that PromiseReactionJobTask::handler can verify correctly. Also make Callable verification stricter regarding JSProxy instances: they must have the callable bit set. Also update test-weak-references to use a different object type, since FeedbackVector::optimized_code_weak_or_smi should never point to a FixedArray. Bug: v8:9311 Change-Id: I4242df993e381a75f5b53302fee8fd2b12e96d34 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1650563 Commit-Queue: Seth Brenith <seth.brenith@microsoft.com> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#62153}
-
Mythri A authored
The store element handlers don't check if the array length is writable before updating the length. Since this is not expected to be a common case no need of handling this in the element handlers. Just moving to megamorphic would be sufficient. Bug: chromium:967104 Change-Id: I7a7f9ea768266b9ffd6289328d61d2297d455619 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1658154 Commit-Queue: Mythri Alle <mythria@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#62152}
-
Dan Elphick authored
Since TurboAssembler::CallBuiltinPointer actually takes the builtin_index as input, rename the function to CallBuiltinByIndex. Bug: v8:9183 Change-Id: I4958d96f18a48a2ec91525d80d597a35e45d5989 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1657915 Auto-Submit: Dan Elphick <delphick@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#62151}
-
Darius Mercadier authored
With this flag enabled, some statistics about the oldspace's freelists (and free/used spaced in general) are printed before and after each major garbage collection. It is useful to get some intuition about fragmentation and debug freelists. (This flag helped me track down the issues fixed by CLs 1647162 and 1648476) Additionally, the verbose version (FLAG_trace_gc_freelists_verbose) prints the freelists of each page of old_space. Bug: v8:9329 Change-Id: Ifa80426bf9d97ac9950459154507a585b039326d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1655302 Commit-Queue: Darius Mercadier <dmercadier@google.com> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#62150}
-
Leszek Swirski authored
This reverts commit 811bfbbc. Reason for revert: Breaks noi18n build (https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20noi18n%20-%20debug/27201) Original change's description: > [regexp] Move AST-to-Node code to a dedicated file > > Prior to this CL, jsregexp contains a bunch of things that are slightly > related but would be cleaner in separate files, including: AST-to-Node > transformations, the compiler implementation, and a debugging printer. > > This CL extracts AST-to-Node transformations. > > Bug: v8:9359 > Change-Id: I030cfca5c40cfd72e3a7abe2188e4654cfe2277c > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1655303 > Auto-Submit: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Yang Guo <yangguo@chromium.org> > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/master@{#62148} TBR=yangguo@chromium.org,jgruber@chromium.org,petermarshall@chromium.org Change-Id: I079e15b02d73d81aef806992f324f08d7008e367 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:9359 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1658160Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#62149}
-
Jakob Gruber authored
Prior to this CL, jsregexp contains a bunch of things that are slightly related but would be cleaner in separate files, including: AST-to-Node transformations, the compiler implementation, and a debugging printer. This CL extracts AST-to-Node transformations. Bug: v8:9359 Change-Id: I030cfca5c40cfd72e3a7abe2188e4654cfe2277c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1655303 Auto-Submit: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#62148}
-
Sigurd Schneider authored
Bug: v8:9360 Notry: true Change-Id: Ic598601d18149bcde5660ae268e81936a3954f3c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1658151 Auto-Submit: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#62147}
-
Mike Stanton authored
This is a first step in eliminating heap access from a bevy of promise reductions in js-call-reducer.cc. We begin by recognizing calls to the affected builtins at serialization time, then serializing what data is necessary. Bug: v8:7790 Change-Id: Iaa1581eee730e8d3610a97c71eed635f77029455 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1657921 Commit-Queue: Michael Stanton <mvstanton@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#62146}
-
Mike Stanton authored
There was a remaining TODO... Bug: v8:7790 Change-Id: I82c65d4c1b636dbfe6f29ce35c195f4bb5ea1c08 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1657927Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/master@{#62145}
-
Sigurd Schneider authored
Previously, the handle's location was used as a proxy for the heap object, i.e, we put the handle into the constant pool, to avoid the need for GC visiting the constant pool entries during code generation. The handle locations are replaced by the corresponding heap object when the code is copied to the heap. This CL changes the handling in the assembler: Instead of putting in the handle location (which is a machine word) we put in a small index number into a table. This will be useful for putting 32bit constants into the constant pool. This new approach also has the advantage that ordering the constant pool entries by value produces a deterministic order after this change. Change-Id: Id47d56d487a0b64d1d1504a47937c8779ee02b13 Bug: v8:7703 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1648094 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#62144}
-
Toon Verwaest authored
Bug: chromium:973363 Change-Id: Id2e46702f73e901df5f26b764d98fb3d4f681a98 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1657914 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Auto-Submit: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#62143}
-
Milad Farazmand authored
Bug: v8:8193 GCC bug: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61976 Change-Id: Ia5ecf96ad409705e3d54fc77b081fc4907d0aa1e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1649711Reviewed-by: Junliang Yan <jyan@ca.ibm.com> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#62142}
-
Jakob Gruber authored
Refactor-only, this moves interrupt scopes and stack guard code into their own dedicated files. Change-Id: I5723a04786a04bba31a0da54622f3cd0b926ef07 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1655288 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#62141}
-
Tamer Tas authored
{V8 Linux 64 - pointer compression} builder uploads dchecks enabled builds. This CL creates a new builder that compiles V8 without dchecks enabled. This CL uses the inverted naming predicate {without dchecks} to avoid renaming the existing builder to {with dchecks} to avoid doing renames over multiple repositories for a temporary builder that we'll remove after the ptr compression merge to master. R=sergiyb@chromium.org CC=machenbach@chromium.org Bug: v8:9345 Change-Id: I9e8cc1a9eb59325fd8eecc8fdcd2778b4da005c0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1657922 Commit-Queue: Tamer Tas <tmrts@chromium.org> Commit-Queue: Sergiy Belozorov <sergiyb@chromium.org> Auto-Submit: Tamer Tas <tmrts@chromium.org> Reviewed-by: Sergiy Belozorov <sergiyb@chromium.org> Cr-Commit-Position: refs/heads/master@{#62140}
-
Pierre Langlois authored
As shown in the commit description of https://crrev.com/c/1619763, the JSON format was supposed to refer to a list of "spaces" and not "pages", this was a typo. Bug: v8:9186 Change-Id: I1a674dac8af4b27b7ee46041e8c7a533bad8e68b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1657917Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Pierre Langlois <pierre.langlois@arm.com> Cr-Commit-Position: refs/heads/master@{#62139}
-
Mythri A authored
This check shouldn't have been there. Even with lazy feedback allocation we still transition to pre-monomorphic from uninitialized. We could remove pre-monomorphic states with lazy-feedback allocation but that requires changes at several other places. Change-Id: I8f878a83f0fe3200eb530a34a74811639dcdc153 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1634920Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Mythri Alle <mythria@chromium.org> Cr-Commit-Position: refs/heads/master@{#62138}
-
Maya Lekova authored
This is a reland of ca10d2ba Original change's description: > [turbofan] Brokerize reduction of API calls > > JSCallReducer::ReduceCallApiFunction is now heap access free. > > Bug: v8:7790 > Change-Id: I5718d73589d0bed14149ef0bc084b8a6ab1b9b5b > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1624792 > Commit-Queue: Maya Lekova <mslekova@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Reviewed-by: Michael Stanton <mvstanton@chromium.org> > Cr-Commit-Position: refs/heads/master@{#62014} Bug: v8:7790 Change-Id: Idc6acd18f0bf703ed072353c17471b4067ff1e61 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1648236Reviewed-by: Michael Stanton <mvstanton@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#62137}
-
Sathya Gunasekaran authored
Align with the spec defined names. Bug: v8:8179 Change-Id: I892a2627c7712112b47a87e7a658dc4066540482 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1655654Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#62136}
-
Sathya Gunasekaran authored
- Return true or false, not undefined - Check that unregister token is an object Bug: v8:8179 Change-Id: I1a4ff7730158dba16efb552fb2f4892c8d31412c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1653120Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#62135}
-
Toon Verwaest authored
Swap bits between bitfield2 and bitfield3 so that bitfield2 doesn't change across named property transitions. This will allow us to share bf1/bf2 through the descriptor array. Change-Id: I3579ae89189ae0729cd492db1afb29cf90981f6a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1657908Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#62134}
-
Benedikt Meurer authored
This is a reland of 823795fc, the reason for the revert was flushing out a bug that was now fixed independently in https://chromium-review.googlesource.com/c/v8/v8/+/1655307 Drive-by-fix: Correct wrong offset in CloneObjectIC fast-path. Original change's description: > [ic] Fix typo in Runtime_CloneObjectIC_Miss. > > https://chromium-review.googlesource.com/1649554 introduced a typo into > Runtime_CloneObjectIC_Miss, where it wouldn't update the IC state UNLESS > the source map is deprecated, which is the wrong way around of course. > > Bug: chromium:973045, v8:7611, v8:9114, v8:9183, v8:9343 > Change-Id: I7d6e0709e66ce4aaaf4a628d64ab801b84c8993c > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1655291 > Auto-Submit: Benedikt Meurer <bmeurer@chromium.org> > Commit-Queue: Toon Verwaest <verwaest@chromium.org> > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Cr-Commit-Position: refs/heads/master@{#62106} Bug: chromium:973045, v8:7611, v8:9114, v8:9183, v8:9343 Change-Id: I763d9eeab95043bed3bc4849fc3ddcda7787169a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1655651 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Auto-Submit: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#62133}
-
Jakob Gruber authored
StackGuard::HandleInterrupts used to take a lock for testing and clearing each individual interrupt bit. This CL changes that to a single read up front. Slight behavioral changes: 1. A TERMINATE_EXECUTION interrupt is now handled first; we immediately exit and preserve all other interrupts (in case V8 is later resumed). 2. Since interrupts are read once, it is no longer possible to request an interrupt *within* HandleInterrupts that will later be processed within the same HandleInterrupts call. 3. Stack limits are reset immediately after reading the interrupt bits, and prior to actually processing the interrupts. Bug: v8:9328 Change-Id: I3048bb413213d11307df49e0014b64a2b43444e0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1653115 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#62132}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/4b9a126..afe9cbd Rolling v8/buildtools: https://chromium.googlesource.com/chromium/src/buildtools/+log/2e18a95..5b97b40 Rolling v8/buildtools/third_party/libc++/trunk: https://chromium.googlesource.com/chromium/llvm-project/libcxx/+log/5938e05..78822a6 Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/4d6b614..727d7ca TBR=machenbach@chromium.org,sergiyb@chromium.org,tmrts@chromium.org Change-Id: I3e4002f3059491dabcdc10bb2caffacfd35bcc75 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1657450Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#62131}
-
- 12 Jun, 2019 5 commits
-
-
Z Nguyen-Huu authored
ObjectPreventExtensions and ReflectPreventExtensions are now Torque builtins (previously CPP) and the Proxy path is implemented completely in Torque while everything else calls into runtime (and is thus a bit slower than previously). Perf improvement in micro-benchmark JSTests/Proxies Before: PreventExtensionsWithoutTrap-Proxies(Score): 1978 PreventExtensionsWithTrap-Proxies(Score): 739 After: PreventExtensionsWithoutTrap-Proxies(Score): 3017 PreventExtensionsWithTrap-Proxies(Score): 2044 Bug: v8:6664 Change-Id: I6505d730cea6b0d197f6f5d0540b39056c8b763d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1652688 Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#62130}
-
Andrey Lushnikov authored
This was originally reported at https://github.com/GoogleChrome/puppeteer/issues/4545 R=ulan, alph Change-Id: I5134506e56cd40e49b358cd47590913b81013b6d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1649473 Commit-Queue: Andrey Lushnikov <lushnikov@chromium.org> Reviewed-by: Alexei Filippov <alph@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#62129}
-
Aleksei Koziatinskii authored
JSModuleNamespace does not have well defined CreationContext: current implementation of JSReceiver::GetCreationContext crashes on CHECK. R=lushnikov@chromium.org,yangguo@chromium.org Bug: none Change-Id: Ie2c0bfa39117d42d81f9709c21376c177b18e5ba Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1652559Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> Cr-Commit-Position: refs/heads/master@{#62128}
-
Z Nguyen-Huu authored
Extend same approach for FastJSArray to FastJSArrayForRead in ArrayMap builtin ~6x perf improvement in micro-benchmark JSTests/ObjectFreeze Before: ArrayMap ArrayMap-Numbers(Score): 0.0887 After: ArrayMap ArrayMap-Numbers(Score): 0.531 Bug: v8:6831 Change-Id: I06cba44ca4c9198977c6da522b782b61f9df04fa Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1653732 Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#62127}
-
Milad Farazmand authored
Port ea420655 Original Commit Message: API calls made via the CallApiCallback builtin, which is used from the ICs and optimized code, are currently misattributed to the wrong counter InvokeFunctionCallback instead of FunctionCallback. In addition we don't use the C trampoline when only runtime call stats are enabled, but the Chrome DevTools profiler is not active, which means that these calls will not be attrituted properly at all, and that had to be worked around using all kinds of tricks (i.e. disabling fast-paths in ICs when RCS is active and not inlining calls/property accesses into optimized code depending on the state of RCS). All of this was really brittle and only due to the fact that the central builtin didn't properly check for RCS (in addition to checking for the CDT profiler). With this fix it's now handled in a central place and attributed to the correct category, so user code doesn't need to worry about RCS anymore and can just call straight into the fast-path. core hand-written native code with the API callback logic. R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG= LOG=N Change-Id: I2d200be4544cf62393330bb2891b6ba6f088db68 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1655343Reviewed-by: Junliang Yan <jyan@ca.ibm.com> Reviewed-by: Joran Siu <joransiu@ca.ibm.com> Commit-Queue: Junliang Yan <jyan@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#62126}
-