1. 27 Jul, 2018 1 commit
  2. 25 Jul, 2018 3 commits
  3. 23 Jul, 2018 1 commit
  4. 18 Jul, 2018 1 commit
  5. 17 Jul, 2018 1 commit
  6. 05 Jul, 2018 1 commit
  7. 04 Jul, 2018 1 commit
  8. 23 Jun, 2018 1 commit
  9. 21 Jun, 2018 1 commit
  10. 20 Jun, 2018 1 commit
  11. 19 Jun, 2018 1 commit
  12. 05 Jun, 2018 1 commit
  13. 24 May, 2018 1 commit
  14. 02 May, 2018 1 commit
  15. 24 Apr, 2018 1 commit
  16. 14 Apr, 2018 1 commit
    • Jakob Kummerow's avatar
      [ubsan] Change Address typedef to uintptr_t · 2459046c
      Jakob Kummerow authored
      The "Address" type is V8's general-purpose type for manipulating memory
      addresses. Per the C++ spec, pointer arithmetic and pointer comparisons
      are undefined behavior except within the same array; since we generally
      don't operate within a C++ array, our general-purpose type shouldn't be
      a pointer type.
      
      Bug: v8:3770
      Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
      Change-Id: Ib96016c24a0f18bcdba916dabd83e3f24a1b5779
      Reviewed-on: https://chromium-review.googlesource.com/988657
      Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
      Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#52601}
      2459046c
  17. 09 Apr, 2018 2 commits
  18. 06 Apr, 2018 2 commits
    • Michael Achenbach's avatar
      Revert "[cleanup] Refactor the Factory" · 503e07c3
      Michael Achenbach authored
      This reverts commit f9a2e24b.
      
      Reason for revert: gc stress failures not all fixed by follow up.
      
      Original change's description:
      > [cleanup] Refactor the Factory
      > 
      > There is no good reason to have the meat of most objects' initialization
      > logic in heap.cc, all wrapped by the CALL_HEAP_FUNCTION macro. Instead,
      > this CL changes the protocol between Heap and Factory to be AllocateRaw,
      > and all object initialization work after (possibly retried) successful
      > raw allocation happens in the Factory.
      > 
      > This saves about 20KB of binary size on x64.
      > 
      > Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
      > Change-Id: Icbfdc4266d7be8b48d2fe085f03411743dc6a0ca
      > Reviewed-on: https://chromium-review.googlesource.com/959533
      > Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
      > Reviewed-by: Hannes Payer <hpayer@chromium.org>
      > Reviewed-by: Yang Guo <yangguo@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#52416}
      
      TBR=jkummerow@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org,hpayer@chromium.org
      
      Change-Id: Idbbc53478742f3e9525eee83342afc6aedae122f
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
      Reviewed-on: https://chromium-review.googlesource.com/999414Reviewed-by: 's avatarMichael Achenbach <machenbach@chromium.org>
      Commit-Queue: Michael Achenbach <machenbach@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#52420}
      503e07c3
    • Jakob Kummerow's avatar
      [cleanup] Refactor the Factory · f9a2e24b
      Jakob Kummerow authored
      There is no good reason to have the meat of most objects' initialization
      logic in heap.cc, all wrapped by the CALL_HEAP_FUNCTION macro. Instead,
      this CL changes the protocol between Heap and Factory to be AllocateRaw,
      and all object initialization work after (possibly retried) successful
      raw allocation happens in the Factory.
      
      This saves about 20KB of binary size on x64.
      
      Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
      Change-Id: Icbfdc4266d7be8b48d2fe085f03411743dc6a0ca
      Reviewed-on: https://chromium-review.googlesource.com/959533
      Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
      Reviewed-by: 's avatarHannes Payer <hpayer@chromium.org>
      Reviewed-by: 's avatarYang Guo <yangguo@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#52416}
      f9a2e24b
  19. 16 Mar, 2018 1 commit
  20. 06 Mar, 2018 1 commit
  21. 02 Mar, 2018 1 commit
  22. 20 Dec, 2017 1 commit
    • Caitlin Potter's avatar
      [builtins] abort FrameFunctionIterator::next if frame summary empty · 18dc491c
      Caitlin Potter authored
      Previously, FrameFunctionIterator::next() assumed that the frame summary
      was non-empty. It's now possible for the list not to be empty, if the
      JS microtask pump invokes a builtin function which uses
      FrameFunctionIterator directly. While this is unlikely to show up in
      real world code, it is necessary to handle it to prevent crashes.
      
      BUG=chromium:794744
      R=mstarzinger@chromium.org, cbruni@chromium.org, verwaest@chromium.org
      
      Change-Id: Ie95c2228544f57730d1c6c1ff955b2c94ff1c06b
      Reviewed-on: https://chromium-review.googlesource.com/833266Reviewed-by: 's avatarCamillo Bruni <cbruni@chromium.org>
      Commit-Queue: Caitlin Potter <caitp@igalia.com>
      Cr-Commit-Position: refs/heads/master@{#50221}
      18dc491c
  23. 18 Dec, 2017 1 commit
  24. 30 Nov, 2017 1 commit
  25. 29 Nov, 2017 1 commit
  26. 14 Nov, 2017 2 commits
  27. 27 Oct, 2017 1 commit
  28. 26 Oct, 2017 1 commit
    • Igor Sheludko's avatar
      [cleanup] Prepare V8-internal AccessorInfo objects for sharing. · b4fdce5a
      Igor Sheludko authored
      Rename |property_attributes| to |initial_property_attributes| and ensure
      that it is used as a storage of values only for AccessorInfos installed in
      API Templates (i.e. ObjectTemplate and FunctionTemplate).
      When an AccessorInfo is installed directly into an existing JS object
      (via JSObject::SetAccessor) or into a DescriptorArray (when certain V8
      objects' shapes are configured) it is not necessary to thread attributes
      being set through the AccessorInfo instance.
      
      Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
      Change-Id: Ibe61026f08c42549756f694129a286635ffe5769
      Reviewed-on: https://chromium-review.googlesource.com/730425
      Commit-Queue: Igor Sheludko <ishell@chromium.org>
      Reviewed-by: 's avatarToon Verwaest <verwaest@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#48978}
      b4fdce5a
  29. 16 Oct, 2017 1 commit
  30. 04 Oct, 2017 1 commit
  31. 28 Sep, 2017 1 commit
    • Michael Starzinger's avatar
      Reland "[turbofan] Implement lowering of {JSCreateClosure}." · ac475636
      Michael Starzinger authored
      This is a reland of 9d3c4b4b
      Original change's description:
      > [turbofan] Implement lowering of {JSCreateClosure}.
      > 
      > This adds support for inline allocation of {JSFunction} objects as part
      > of closures instantiation for {JSCreateClosure} nodes. The lowering is
      > limited to instantiation sites which have already seen more than one
      > previous instantiation, this avoids the need to increment the respective
      > counter.
      > 
      > R=jarin@chromium.org
      > 
      > Change-Id: I462c557453fe58bc5f09020a3d5ebdf11c2ea68b
      > Reviewed-on: https://chromium-review.googlesource.com/594287
      > Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
      > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#48176}
      
      Change-Id: I3ec3880bea89798a34a3878e6122b95db1014151
      Reviewed-on: https://chromium-review.googlesource.com/686834Reviewed-by: 's avatarJaroslav Sevcik <jarin@chromium.org>
      Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#48198}
      ac475636
  32. 27 Sep, 2017 2 commits
    • Michael Starzinger's avatar
      Revert "[turbofan] Implement lowering of {JSCreateClosure}." · 9e618c72
      Michael Starzinger authored
      This reverts commit 9d3c4b4b.
      
      Reason for revert: Breaks cctest/test-debug/NoBreakWhenBootstrapping in no-snap mode.
      
      Original change's description:
      > [turbofan] Implement lowering of {JSCreateClosure}.
      > 
      > This adds support for inline allocation of {JSFunction} objects as part
      > of closures instantiation for {JSCreateClosure} nodes. The lowering is
      > limited to instantiation sites which have already seen more than one
      > previous instantiation, this avoids the need to increment the respective
      > counter.
      > 
      > R=​jarin@chromium.org
      > 
      > Change-Id: I462c557453fe58bc5f09020a3d5ebdf11c2ea68b
      > Reviewed-on: https://chromium-review.googlesource.com/594287
      > Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
      > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#48176}
      
      TBR=mstarzinger@chromium.org,jarin@chromium.org
      
      Change-Id: Id52281f6a3c0b7c2603053ecf002777d5b0d6f1f
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Reviewed-on: https://chromium-review.googlesource.com/686534Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
      Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#48178}
      9e618c72
    • Michael Starzinger's avatar
      [turbofan] Implement lowering of {JSCreateClosure}. · 9d3c4b4b
      Michael Starzinger authored
      This adds support for inline allocation of {JSFunction} objects as part
      of closures instantiation for {JSCreateClosure} nodes. The lowering is
      limited to instantiation sites which have already seen more than one
      previous instantiation, this avoids the need to increment the respective
      counter.
      
      R=jarin@chromium.org
      
      Change-Id: I462c557453fe58bc5f09020a3d5ebdf11c2ea68b
      Reviewed-on: https://chromium-review.googlesource.com/594287
      Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
      Reviewed-by: 's avatarJaroslav Sevcik <jarin@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#48176}
      9d3c4b4b
  33. 05 Sep, 2017 1 commit
  34. 29 Aug, 2017 1 commit