- 23 Aug, 2017 4 commits
-
-
jgruber authored
This is a simple move of CSA::AllocateRegExpResult to RegExpBuiltinsAssembler. There's no reason for this method to be in CSA, and this way we save a bit of binary size since code in builtins-*-gen is not shipped. Bug: v8:6741 Change-Id: I89507a0bfa4e0e922d92b9fcd0604ce86efea293 Reviewed-on: https://chromium-review.googlesource.com/626078Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#47532}
-
pan.deng@intel.com authored
Code size in snapshot can be reduced ~41KB Contributed by kanghua.yu@intel.com Bug: None Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: Ib73af39fe97cd38728affea40c593236f15bf6e5 Reviewed-on: https://chromium-review.googlesource.com/588751 Commit-Queue: Pan Deng <pan.deng@intel.com> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#47531}
-
Sathya Gunasekaran authored
This is a reland of 942c61ab Original change's description: > [runtime] Rename PropertyArray::kLengthOffset to kLengthAndHashOffset > > LengthAndHashOffset describes the value stored in the offset better. > > Bug: v8:6404 > Change-Id: Ie5ea2a362c54aa03e0a4e314d1adb8b91d74a044 > Reviewed-on: https://chromium-review.googlesource.com/624458 > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> > Cr-Commit-Position: refs/heads/master@{#47503} TBR=jkummerow@chromium.org, mstarzinger@chromium.org Bug: v8:6404 Change-Id: Ied55fa6145ccc788581703db991b2f78d59a7408 Reviewed-on: https://chromium-review.googlesource.com/627075Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#47530}
-
v8-autoroll authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/fedc7df..337452a Rolling v8/third_party/catapult: https://chromium.googlesource.com/external/github.com/catapult-project/catapult/+log/837e443..810d9d2 Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/f0379f8..40f6966 TBR=machenbach@chromium.org,hablich@chromium.org Change-Id: I08a518bc0dab57e6a6b1b844c97cb491f71dbc04 Reviewed-on: https://chromium-review.googlesource.com/627128Reviewed-by: v8 autoroll <v8-autoroll@chromium.org> Commit-Queue: v8 autoroll <v8-autoroll@chromium.org> Cr-Commit-Position: refs/heads/master@{#47529}
-
- 22 Aug, 2017 36 commits
-
-
Sathya Gunasekaran authored
A random hash could potential have top 10 bits be non zero which would pass the hash != PropertyArray::kNoHashSentinel test but fail the masked_hash != PropertyArray::kNoHashSentinel. Bug: v8:6404, chromium:757750 Change-Id: Iade531fefc75dd76bd7a89b377d17e59532087d8 Reviewed-on: https://chromium-review.googlesource.com/627380Reviewed-by: Adam Klein <adamk@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#47528}
-
Deepti Gandluri authored
BUG=chromium:752423 Change-Id: Ifea2fba7e002cb88dd6e53170fe98d3fd4af686a Reviewed-on: https://chromium-review.googlesource.com/609445 Commit-Queue: Deepti Gandluri <gdeepti@chromium.org> Reviewed-by: Ben Titzer <titzer@chromium.org> Cr-Commit-Position: refs/heads/master@{#47527}
-
Dmitry Gozman authored
Bug: chromium:590878 Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel Change-Id: Id94d3557980522d98c136aa444615930bee2e3ba Reviewed-on: https://chromium-review.googlesource.com/625159 Commit-Queue: Dmitry Gozman <dgozman@chromium.org> Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> Cr-Commit-Position: refs/heads/master@{#47526}
-
Sathya Gunasekaran authored
Split the PromiseFinallyContextSlot enum into two separate enums because the spec requires additional slot to store the Promise constructor in the Promise.prototype.finally builtin. This will be added in a follow on patch. Inline the various context creation functions into their callsites since they're only a single line and have only one callsite. Bug: v8:5967 Change-Id: I2834c9c3d4940b8fbbdb7c162f42323d0fe0939f Reviewed-on: https://chromium-review.googlesource.com/624543 Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#47525}
-
Adam Klein authored
This fixed a TODO from cec289ea by marking RewritableExpressions as rewritten in AddArrowFunctionFormalParameters when decomposing Assignments into pattern/initializer. Also added a set_rewritten() helper method to RewritableExpression to simplify callsites. Change-Id: Ifa36c9fb6c79193cbbcb168eedf7f782dc73a77b Reviewed-on: https://chromium-review.googlesource.com/622353Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#47524}
-
Anisha Rohra authored
Port aa7bf1cf Original Commit Message: This CL: - removes the trampoline pc from deoptimization input data and deoptimization state. This is no longer needed given that we added this information to the safepoint table in https://chromium-review.googlesource.com/c/v8/v8/+/596027). This should also fixed the regression mentioned in https://bugs.chromium.org/p/chromium/issues/detail?id=752873 - searches for the exception handler in the safepoint table. - removes the code used for patching which is no longer needed. R=bjaideep@ca.ibm.com, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG= LOG=N Change-Id: I27672961ec9b20bbbff7a2e994080065d01c85c0 Reviewed-on: https://chromium-review.googlesource.com/627197Reviewed-by: Jaideep Bajwa <bjaideep@ca.ibm.com> Commit-Queue: Jaideep Bajwa <bjaideep@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#47523}
-
Adam Klein authored
It caused crashes in the extension process on Canary. This reverts commit b6059a67. Also revert followup test CL: "[api] Add test for EnumeratorCallback and for...in." as it depends on the logic in the reverted change. This reverts commit 56772de7. Bug: chromium:757371, v8:6627 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: Id110128e6dc858a5a60ffc0175e8bb927b90bfc5 Reviewed-on: https://chromium-review.googlesource.com/626720Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#47522}
-
Jaroslav Sevcik authored
Reland "[turbofan] Polymorphic inlining - try merge map check dispatch with function call dispatch." This reverts commit 57af6811. This adds the checkpoint between the call and the polymorphic load. I thought that JSCall with constant target cannot cause eager deopt, but Canary seems to disagree (http://crbug.com/718019). Bug: v8:5267,chromium:718019 Change-Id: I552b850db6beb93e733b371ad0e7204513da1dc4 Reviewed-on: https://chromium-review.googlesource.com/622867Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#47521}
-
Ulan Degenbaev authored
Perf sheriffs: this is going to increase GC time in v8.runtimestats benchmarks. That time was not accounted before. Change-Id: I656aed7ec7f4fd9f29dd4a2eff44eb25a60f21ad Reviewed-on: https://chromium-review.googlesource.com/626636 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#47520}
-
Marja Hölttä authored
This reverts commit fe50e817. Reason for revert: Too close to branch point Original change's description: > [parser] Tentative: turn on FLAG_preparser_scope_analysis. > > The main motivation is to get bug reports / crashes from Canary. > > This commit is expected to break all kinds of things! The most typical failure > modes are crashes, CHECK failures and JavaScript executing incorrectly. > > BUG=v8:5516 > > Change-Id: Ifa02b420ad4e8eda46002b334bed2665c8ceeeb2 > Reviewed-on: https://chromium-review.googlesource.com/623751 > Reviewed-by: Camillo Bruni <cbruni@chromium.org> > Commit-Queue: Marja Hölttä <marja@chromium.org> > Cr-Commit-Position: refs/heads/master@{#47502} TBR=adamk@chromium.org,marja@chromium.org,cbruni@chromium.org Change-Id: I98d2d186cbde6e185b05ef0d3460115a654b6b45 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:5516 Reviewed-on: https://chromium-review.googlesource.com/626796Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#47519}
-
Adam Klein authored
Also remove a few bits of related dead code in Parser. Bug: v8:6092 Change-Id: I310936341fe3e6193e36983723985a190d5d278b Reviewed-on: https://chromium-review.googlesource.com/621958 Commit-Queue: Adam Klein <adamk@chromium.org> Reviewed-by: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#47518}
-
Jaideep Bajwa authored
Port 2d858519 Original Commit Message: There's no need for this code to be completely architecture specific. R=jupvfranco@google.com, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG= LOG=N Change-Id: I33d4eaff8309e6684cf9ab003f57aeac15e4a56e Reviewed-on: https://chromium-review.googlesource.com/626318Reviewed-by: Junliang Yan <jyan@ca.ibm.com> Commit-Queue: Jaideep Bajwa <bjaideep@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#47517}
-
Michael Lippautz authored
In a parallel marker world the recursion just avoids proper work stealing. It is removed in a separate CL to see the impact of recursive marking on the benchmarks. Bug: chromium:750084 Change-Id: Id37ae029e386b45c94e5fecbf349b31d2573d5c0 Reviewed-on: https://chromium-review.googlesource.com/625881Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#47516}
-
Ulan Degenbaev authored
Bug: chromium:757843 Change-Id: Ia3cf4e2126cbe567ae6f32fe4ccef631e028eaf9 Reviewed-on: https://chromium-review.googlesource.com/625879 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#47515}
-
Camillo Bruni authored
Since we don't create an AllocationSite for the empty object literal, the TF lowering bailed out early and used the slow runtime call as a fallback. Bug: chromium:757596, v8:6211 Change-Id: I68307ff2d0870c35f07c3aad4cd10cf08e378686 Reviewed-on: https://chromium-review.googlesource.com/625619Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#47514}
-
Leszek Swirski authored
Reland of https://chromium-review.googlesource.com/c/v8/v8/+/623790 Add a --read-from-tcp flag to d8, which makes file reads (including reading files from arguments, and the load and read builtins) read the file contents off a TCP socket using a simple request/response protocol. On top of this, add a script for transparently running d8 on an android device using adb. The script loads d8 onto the device, starts a file server providing the above protocol, and uses the above flag to run a d8 which loads javascript sources off the computer rather than off the device. Change-Id: I82a25be900c7608ed4c3a35828757a870ca2e115 Reviewed-on: https://chromium-review.googlesource.com/626396Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#47513}
-
Leszek Swirski authored
This reverts commit 29ad1235. Reason for revert: https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20shared/builds/19576 Original change's description: > [d8] Allow reading files from a TCP socket > > Add a --read-from-tcp flag to d8, which makes file reads (including > reading files from arguments, and the load and read builtins) read the > file contents off a TCP socket using a simple request/response protocol. > > On top of this, add a script for transparently running d8 on an android > device using adb. The script loads d8 onto the device, starts a file > server providing the above protocol, and uses the above flag to run a d8 > which loads javascript sources off the computer rather than off the > device. > > Change-Id: Icaa0577beb9bcd4f93476faa3ad8fb8b0a165e6e > Reviewed-on: https://chromium-review.googlesource.com/623790 > Commit-Queue: Leszek Swirski <leszeks@chromium.org> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> > Cr-Commit-Position: refs/heads/master@{#47511} TBR=rmcilroy@chromium.org,leszeks@chromium.org Change-Id: I2de4a12aa8cb0d228df3e5793d997b9145f4da42 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/626017Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#47512}
-
Leszek Swirski authored
Add a --read-from-tcp flag to d8, which makes file reads (including reading files from arguments, and the load and read builtins) read the file contents off a TCP socket using a simple request/response protocol. On top of this, add a script for transparently running d8 on an android device using adb. The script loads d8 onto the device, starts a file server providing the above protocol, and uses the above flag to run a d8 which loads javascript sources off the computer rather than off the device. Change-Id: Icaa0577beb9bcd4f93476faa3ad8fb8b0a165e6e Reviewed-on: https://chromium-review.googlesource.com/623790 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#47511}
-
Michael Starzinger authored
R=tebbi@chromium.org TEST=mjsunit/regress/regress-crbug-755044 BUG=chromium:755044 Change-Id: I909eeeccaf4e4e9757a2f952c00f557ee6c495ee Reviewed-on: https://chromium-review.googlesource.com/625878Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#47510}
-
Jochen Eisinger authored
BUG=chromium:732736 R=marja@chromium.org Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: I2c0a96b76ae977e53a418d22175bcc487f548786 Reviewed-on: https://chromium-review.googlesource.com/543238Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Jochen Eisinger <jochen@chromium.org> Cr-Commit-Position: refs/heads/master@{#47509}
-
Ulan Degenbaev authored
Bug: chromium:694255 Change-Id: I8a3856d9b9c5d1ee701286dacf5c0c8ad400d91d Reviewed-on: https://chromium-review.googlesource.com/626120 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#47508}
-
Juliana Franco authored
This CL: - removes the trampoline pc from deoptimization input data and deoptimization state. This is no longer needed given that we added this information to the safepoint table in https://chromium-review.googlesource.com/c/v8/v8/+/596027). This should also fixed the regression mentioned in https://bugs.chromium.org/p/chromium/issues/detail?id=752873 - searches for the exception handler in the safepoint table. - removes the code used for patching which is no longer needed. Bug: v8:6563 Change-Id: I6cedc18c371f5707b7e0e1a8da409375ce1ebe5e Reviewed-on: https://chromium-review.googlesource.com/595547 Commit-Queue: Juliana Patricia Vicente Franco <jupvfranco@google.com> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#47507}
-
Ross McIlroy authored
This reverts commit a205117c. Reason for revert: breaks Arm64 Original change's description: > [Compiler] Remove code aging support. > > Code aging is no longer supported by any remaining compilers now > that full codegen has been removed. This CL removes all vestiges of > code aging. > > BUG=v8:6409 > > Change-Id: I945ebcc20c7c55120550c8ee36188bfa042ea65e > Reviewed-on: https://chromium-review.googlesource.com/619153 > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Reviewed-by: Yang Guo <yangguo@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Marja Hölttä <marja@chromium.org> > Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> > Cr-Commit-Position: refs/heads/master@{#47501} TBR=ulan@chromium.org,rmcilroy@chromium.org,marja@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org,rodolph.perfetta@arm.com Change-Id: I9d8b2985e2d472697908270d93a35eb7ef9c88a8 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:6409 Reviewed-on: https://chromium-review.googlesource.com/625998Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#47506}
-
Marja Hölttä authored
This reverts commit 942c61ab. Reason for revert: compile failures (mid-air conflict with another cl) Original change's description: > [runtime] Rename PropertyArray::kLengthOffset to kLengthAndHashOffset > > LengthAndHashOffset describes the value stored in the offset better. > > Bug: v8:6404 > Change-Id: Ie5ea2a362c54aa03e0a4e314d1adb8b91d74a044 > Reviewed-on: https://chromium-review.googlesource.com/624458 > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> > Cr-Commit-Position: refs/heads/master@{#47503} TBR=jkummerow@chromium.org,mstarzinger@chromium.org,gsathya@chromium.org Change-Id: I4b439323ab5b328cd8f29908b35eeddffdf5b141 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:6404 Reviewed-on: https://chromium-review.googlesource.com/626076 Commit-Queue: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#47505}
-
jgruber authored
CSA::AllocateSeq{One,Two}ByteString used its own home-grown handling to allocate very large strings. This CL refactors both methods to use AllocationFlags::kAllowLargeObjectAllocation instead. Callers now need to specify explicitly if large-object allocation is possible or not. Bug: chromium:636391 Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng Change-Id: I0b7ffb0b083f4e977cea42c500f8f2ee1c60519f Reviewed-on: https://chromium-review.googlesource.com/625738Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#47504}
-
Sathya Gunasekaran authored
LengthAndHashOffset describes the value stored in the offset better. Bug: v8:6404 Change-Id: Ie5ea2a362c54aa03e0a4e314d1adb8b91d74a044 Reviewed-on: https://chromium-review.googlesource.com/624458Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#47503}
-
Marja Hölttä authored
The main motivation is to get bug reports / crashes from Canary. This commit is expected to break all kinds of things! The most typical failure modes are crashes, CHECK failures and JavaScript executing incorrectly. BUG=v8:5516 Change-Id: Ifa02b420ad4e8eda46002b334bed2665c8ceeeb2 Reviewed-on: https://chromium-review.googlesource.com/623751Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#47502}
-
Ross McIlroy authored
Code aging is no longer supported by any remaining compilers now that full codegen has been removed. This CL removes all vestiges of code aging. BUG=v8:6409 Change-Id: I945ebcc20c7c55120550c8ee36188bfa042ea65e Reviewed-on: https://chromium-review.googlesource.com/619153Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#47501}
-
Ross McIlroy authored
Instead of creating a new character stream to re-parse the asm.js module, use the existing stream which was used by the parser. By doing this, we avoid accessing the heap if the original character stream is a streaming source or an external string, which will enable asm.js verification to run off-thread in those situations. BUG=v8:5203 Change-Id: I5dbf83c993512eb2f3dd709120e152e3f9900bdf Reviewed-on: https://chromium-review.googlesource.com/616723Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#47500}
-
Ross McIlroy authored
Does a couple of cleanups on interpreter assembler: - Adding naming to the variable fields to improve debugability - Grouping functions which deal with loading the state passed between bytecode handlers (e.g. bytecode array / offset / etc.). - Fix some comments in interpreter-generator.cc Change-Id: I9decefebbdf7830a7ce75dd46e8a69a1db3c4cc8 Reviewed-on: https://chromium-review.googlesource.com/625797Reviewed-by: Mythri Alle <mythria@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#47499}
-
Marja Hölttä authored
This stopped working because of r47337 ( https://chromium-review.googlesource.com/c/v8/v8/+/605949/8/src/compiler.cc#418 ). Also enhanced the test so that it would've caught this. BUG=v8:5516 Change-Id: I933a8b5d787c3eb8b2cc230e2b35df1f25b500e7 Reviewed-on: https://chromium-review.googlesource.com/625618Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#47498}
-
Michael Starzinger authored
This makes sure that shift expressions (not wrapped in parentheses) can appear as part of the index in a valid heap access expression. Only the last operand of a sequence of shift expressions is taken into account when validating the heap access. R=jarin@chromium.org TEST=mjsunit/regress/regress-6700 BUG=v8:6700,chromium:754751 Change-Id: Icc7a71bd64461da4d3daea41b995964e3dfc6dc6 Reviewed-on: https://chromium-review.googlesource.com/623811 Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#47497}
-
Peter Marshall authored
Bug: v8:6333 Change-Id: I189aa2938287e634bb4fec3b0e7c16acb6d66a11 Reviewed-on: https://chromium-review.googlesource.com/623249 Commit-Queue: Peter Marshall <petermarshall@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#47496}
-
jgruber authored
If the elements fixed array is large enough, it must be allocated in large-object space. This fixes two cases in which we'd incorrectly assume elements fits into new space. There are potentially quite a few other spots affected by a similar issue, and we should find a more robust solution. See also: crbug.com/636391. Bug: v8:6716 Change-Id: I91f09355ac6b7cf399e13cc21d34113a506e58fb Reviewed-on: https://chromium-review.googlesource.com/623808Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#47495}
-
Michael Lippautz authored
This reverts commit 9e839fce. Reason for revert: Wrong fix as we are not allowed to cache wrappers. Original change's description: > [heap] Fix incremental wrapper tracing toggle > > The flag is always on and support for turning it off is broken with > conservative barriers. > > Bug: > Change-Id: I1ff548f95d220bf0fcb6df7a1bf5f8a342163696 > Reviewed-on: https://chromium-review.googlesource.com/624494 > Commit-Queue: Michael Lippautz <mlippautz@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Cr-Commit-Position: refs/heads/master@{#47482} TBR=ulan@chromium.org,mlippautz@chromium.org Change-Id: I90bc547a88cb8220c7261c607ef359df38e3bdf2 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/623868Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#47494}
-
Juliana Franco authored
There's no need for this code to be completely architecture specific. Bug: v8:6563 Change-Id: I90aa1aa76fa266a247d8f374459a6eb6469c8c75 Reviewed-on: https://chromium-review.googlesource.com/612340 Commit-Queue: Juliana Patricia Vicente Franco <jupvfranco@google.com> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#47493}
-