- 22 Nov, 2019 4 commits
-
-
Clemens Backes authored
A previous CL (https://crrev.com/c/1926769) changed hashing to always treat the input as signed values. This causes problems, since the hash of a one-byte string differs the hash of the identical two-byte string. Hence this CL switches to treating all values as unsigned in hashing. The bug cannot easily be reproduced in v8 alone, since we would need to create an internalized two-byte string, which contains one-byte data. Blink manages to create such a string via external strings. R=jkummerow@chromium.org Bug: chromium:1025184, chromium:1027131 Change-Id: Id41aa0e463691c02099a08c6e9d837a079c872df Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1930615Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#65113}
-
Clemens Backes authored
If v8_enable_object_print is set to true, we should use Object::Print instead of Brief(Object). R=jkummerow@chromium.org Change-Id: I70583c15834f9332aba7760b5e104136712d4e0d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1930613Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#65112}
-
Liviu Rau authored
Bug: v8:9898 Change-Id: Id8a5ca983e80c00d23180ff3bcff51571513961b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1900456Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#65111}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/a5a3b9f..1ab161c Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/988a272..536c641 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/2e2f587..c50b096 TBR=machenbach@chromium.org,tmrts@chromium.org Change-Id: Icbbd441aff681b39273b1c10832750b788d968b6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1928889Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#65110}
-
- 21 Nov, 2019 22 commits
-
-
Ng Zhi An authored
This patch changes many callers of GetStackOffsetFromIndex to directly use the offset that is stored in the VarState (and other structures). The tricky part here is that in all archs, GetStackSlotOffset no longer relies on kFirstStackSlotOffset, because the offset stored in VarState is relative to the constant space (instance offset), and not offset of the first stack slot. For example, for slot 0, the offset was also 0, because it was relative to the first stack slot offset (which in x64 is fp-24). With this change, the offset of slot 0 is now 8, but since GetStackSlotOffset is relative to fp-16, it ends up being fp-24 still. Because of this change, callers of GetStackOffsetFromIndex need to add 1 to whatever index they were passing. Instead of doing that, we change GetStackOffsetFromIndex to add 1 inside the body. After this change, the only callers of GetStackOffsetFromIndex will be inside of FillStackSlotsWithZero, because they still rely on index to keep track of how many params were processed, and also how many locals there are in order to zero those slots, and these is relied on by RecordUsedSpillSlot to allocate sufficient stack space. Bug: v8:9909 Change-Id: I52aa4572950565a39e9395192706a9934ac296d4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1925524 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#65109}
-
Tobias Tebbi authored
This introduces a new keyword "shape" in addition to "class", which allows the definition of a type that extends a JSObject subclass and specifies one or several maps with statically known in-object properties. Differences compared to normal classes: - Shapes are transient since they specify maps instead of instance types. - Shapes have a known size. - Fields of shapes are always in-object properties. In particular, this means that their offset is after kHeaderSize. - It's forbidden to inherited from shapes. - Since shapes usually specify NativeContext-dependent maps, it's not possible to write runtime type-checks for them. Thus this CL avoids mapping them to their own TNode type, as the CAST macro won't work properly. We had runtime-checks for some of them nevertheless, some of them scarily confusing like IsJSSloppyArgumentsObject, that actually just checked the instance type. Drive-by cleanups and simplifications: - Allow subclassing from non-abstract classes and remove @dirtyInstantiatedAbstractClass. This attribute stems from a mis- conception of how instance types work, and with this change it ceases to have semantic influence. - Replace the existing JSArgumentsObject subclasses into two shapes. JSArgumentsObjectWithLength had to be removed since shapes don't support subclassing. - Place kHeaderSize correctly for objects with indexed fields. Design doc: https://docs.google.com/document/d/1zPy2ZYfNFjeEuw6Mz3YJA-GaPGbdcSYam3SrS7ETzRU Bug: v8:8944 Change-Id: Iabf185ccd27d0900e0890539a7fe9eaa8bf2d50e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1917140 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#65108}
-
Ng Zhi An authored
This is a reland of 20727725 The fix is in liftoff-assembler-arm64.h in FillStackSlotsWithZero, in the else case for bigger counts to fill, the argument passed to Sub was incorrect. We were passing offset relative to first slot, but it should be offset relative to instance, so there is an off by 1 slot error when zeroing, and ended up zeroing the stack slot holding instance. Original change's description: > [liftoff] Use stack slot offsets instead of indices > > Spill/fill now take offsets instead of indices. We provide a > helper, GetStackOffsetFromIndex, for callers. This is currently only > useful while slot sizes are still fixed to 8 bytes. > > StackTransferRecipe's RegisterLoad now works in terms of offset. > > LiftoffStackSlots work in terms of offset as well. > > TransferStackSlot currently still works in terms of indicies, but can be > converted to use offsets in a subsequent change. > > Bug: v8:9909 > Change-Id: If54fb844309bdfd641720d063135dd59551813e0 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1922489 > Reviewed-by: Clemens Backes <clemensb@chromium.org> > Commit-Queue: Zhi An Ng <zhin@chromium.org> > Cr-Commit-Position: refs/heads/master@{#65049} Bug: v8:9909 Change-Id: I311da9d3bb1db8faf8693079177c77a7b3754243 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1925131Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#65107}
-
Johannes Henkel authored
New revision: 4c2a3acaea9f2e7958081dd361f81e20e9eff5e7 This cleanup cl does not change any behavior, it just cleans up some headers and does a class rename (StreamingParserHandler->ParserHandler). It was reviewed upstream https://chromium-review.googlesource.com/c/deps/inspector_protocol/+/1924792 https://chromium-review.googlesource.com/c/deps/inspector_protocol/+/1925679 and does not touch V8 code. Would like to get this in to make it easier to review subsequent changes. Thanks! Change-Id: Ie9fe1434bafeb4f5090244f823d1e482ff805dd0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1925721 Auto-Submit: Johannes Henkel <johannes@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Johannes Henkel <johannes@chromium.org> Cr-Commit-Position: refs/heads/master@{#65106}
-
Milad Farazmand authored
Port aafbc138 R=zhin@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG= LOG=N Change-Id: I1b6f70fbf58dc9e32f37ecd5e2030f6966a90842 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1929074Reviewed-by: Junliang Yan <jyan@ca.ibm.com> Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#65105}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/9f9c46f..a5a3b9f Rolling v8/third_party/android_ndk: https://chromium.googlesource.com/android_ndk/+log/89e8db0..27c0a8d Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/4c9781e..988a272 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/639872c..2e2f587 Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/7506d59..5b2f5c6 TBR=machenbach@chromium.org,tmrts@chromium.org Bug: chromium:1027059 Change-Id: I4aee68f37435c918a5e228ee96417f9e2462cd38 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1928258 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#65104}
-
Zhao Jiazhong authored
port a7b9e588 https://crrev.com/c/1900661 Original Commit Message: [wasm-simd] Implement i64x2 neg for arm Change-Id: Ia4f52b26e4c3d6e2833b01246bd917d5e62ca79d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1924003Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Bill Budge <bbudge@chromium.org> Auto-Submit: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn> Cr-Commit-Position: refs/heads/master@{#65103}
-
Igor Sheludko authored
Drive-by-fix: enable heap verification in mksnapshot. Bug: chromium:1025468 Change-Id: Ieb52d5139fa37df4ff0d8e8d46c3e0e6d14c2c8c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1924363Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#65102}
-
Mythri A authored
Make --turboprop imply a lower interrupt budget (10 * k). Bug: v8:9684 Change-Id: I6e4bac1a77755e5bc8c7433503fe985cbc6db7ff Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1928859Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Mythri Alle <mythria@chromium.org> Cr-Commit-Position: refs/heads/master@{#65101}
-
Santiago Aboy Solanes authored
Remove sep(Left|Right)Snap as they were never read from Bug: v8:7327 Change-Id: Id09fa0ec606a75d40cc946b354bc1a260f3b68ac Notry: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1928855 Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#65100}
-
Milad Farazmand authored
Port ea06b01e Original Commit Message: Also some cleanup reordering of instruction codes. R=zhin@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG= LOG=N Change-Id: I9e299c6c226d4fedf33bbaeba6242771d4947816 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1929073Reviewed-by: Junliang Yan <jyan@ca.ibm.com> Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#65099}
-
Emanuel Ziegler authored
InstanceBuilder::LoadTableSegments - Throw RuntimeError instead of LinkError WasmGraphBuilder::TableInit & WasmGraphBuilder::MemoryInit - Do not check for active/dropped status if size == 0 WasmGraphBuilder::MemoryFill - Throw out-of-bounds error BEFORE attempting any memory operations if necessary R=ahaas@chromium.org Bug: v8:9865 Change-Id: I6a67779dc99fdc1c6bda6a2526d0e9ee5385f3ed Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1924442Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Emanuel Ziegler <ecmziegler@chromium.org> Cr-Commit-Position: refs/heads/master@{#65098}
-
Santiago Aboy Solanes authored
It was just an add used only in one place, so I inlined it. I also noticed that some methods were using scratch registers as parameters but didn't really need to do so. Bug: v8:7703 Change-Id: Ia1e5570d478673cb0835cff97e3a37d9a35c60a6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1924266Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#65097}
-
Joshua Litt authored
This is a reland of f2a74165 Original change's description: > [regexp] Re-execute regexp when '.indices' is accessed. > > Instead of storing a pointer to the last_match_info, which may > change, this cl modifies JSRegExpResult to store a pointer to > the original JSRegExp which generated it, as well as additional > data needed to re-execute the match. > > Basically a straight copy and tidy off jgruber@'s prototype: > https://chromium-review.googlesource.com/c/v8/v8/+/1876810 > > Bug: v8:9548 > Change-Id: I11b7deae681b8287e41e8d0e342291ff484751fb > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910129 > Commit-Queue: Joshua Litt <joshualitt@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/master@{#65053} Bug: v8:9548 Change-Id: Ieeba4b1ae59ef0c7946d654dc314adfae09d24b5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1925554Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Joshua Litt <joshualitt@chromium.org> Cr-Commit-Position: refs/heads/master@{#65096}
-
Jakob Gruber authored
An initial investigation of using GraphAssembler in JSCallReducer. This CL ports two simple reductions (ReduceMathUnary, ReduceMathBinary) as well as a slightly more involved reduction with branching control flow (ReduceStringPrototypeSubstring). The graph assembler abstracts away the details of maintaining effect and control edges. Resulting code ends up looking very similar to CSA. Newly introduced: - Typing through TNode. - IfBuilder1 for nicer if-then-else sequences that return exactly 1 value. Future CLs will add more convenience builders that follow this pattern. - Many small readability improvements through helper functions. Bug: v8:9972 Change-Id: Iaa186b76c006e07c8d69a74f340a4912577a32a5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1914204 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#65095}
-
Georg Neis authored
It could also be a DeadValue. A regression test will take a while but the fix is straightforward. Bug: chromium:1027045 Change-Id: I49a66668b7189b7ea7d6d79d514b9e0de3edc966 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1928853 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#65094}
-
Clemens Backes authored
This is an unmodified reland of 3c98a2a3. The actual issue was fixed in https://crrev.com/c/1926769. Original change's description: > [wasm] Prevent breakpoints on nonbreakable positions > > If a breakpoint is set on a non-breakable position, the wasm interpreter > just stores the value 0xFF (kInternalBreakpoint) in the function body > (actually, a copy of the function body). This might overwrite immediates > and cause subsequent failures in the wasm interpreter. > > In JavaScript, breakpoints are just forwarded to the next breakable > position. This CL implements the same for WebAssembly. > A cctest tests this behavior, and the existing > wasm-stepping-byte-offsets.js inspector test is extended to also set the > breakpoint within an i32 constant immediate. > > R=leese@chromium.org, mstarzinger@chromium.org > CC=bmeurer@chromium.org > > Bug: chromium:1025184 > Change-Id: Ia2706f8f1c3d686cbbe8e1e7339d9ee86247bb4a > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1925152 > Commit-Queue: Clemens Backes <clemensb@chromium.org> > Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Cr-Commit-Position: refs/heads/master@{#65070} Bug: chromium:1025184 Change-Id: I5e16df645bbacf039b7a5e55a0c2a64cdb4c6a32 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1926152 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#65093}
-
Jakob Kummerow authored
Follow-up to c968607e to make LayoutTests happy. Tbr: verwaest@chromium.org Change-Id: I02758faa8ed1f06f1faf615047a40ec115887a4a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1928856Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#65092}
-
David Benjamin authored
&vector[i] is invalid unless 0 <= i < vector.size(). This means: - &vector[0] is invalid if the vector is empty. - &vector[vector.size()] is not a valid way to point past the end of the vector. Fix these to use vector.data() + vector.size() which is the defined to get begin and end pointers for a vector. Bug: chromium:1027059 Change-Id: Ife1f0e64807b32ebdca66dba8ffc206d90a0de75 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1929071 Auto-Submit: David Benjamin <davidben@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Commit-Queue: Hannes Payer <hpayer@chromium.org> Cr-Commit-Position: refs/heads/master@{#65091}
-
Clemens Backes authored
Hashing should ignore the signedness of the type, since different platforms might define standard types like {char} as either signed or unsigned. This leads to problems if hashes are included in test expectations, see https://crrev.com/c/1926032 and https://crbug.com/1025184#c26. This CL avoid such problems by always treating the input as signed values. This also reduces binary size, since the instantiations for int8_t and uint8_t are identical now and are folded together by the compiler / linker. R=jkummerow@chromium.org Bug: chromium:1025184 Change-Id: I3fee4d8662dd1c31cd6483639fe4edd4511662c5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1926769Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#65090}
-
Tobias Tebbi authored
This replaces the fragile hand-coded SizeOf function. Bug: v8:7793 Change-Id: I6bd84f367182b947486192f8968c56723f29efaa Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1924265Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#65089}
-
Ng Zhi An authored
Also some cleanup reordering of instruction codes. Bug: v8:9813 Change-Id: I35caad0b84dd5824090046cba964454eac45d5d8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1925613 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#65088}
-
- 20 Nov, 2019 14 commits
-
-
Ng Zhi An authored
Bug: v8:9813 Change-Id: Ibfac9453a035bb00020b4d062e1445410644f16a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1900662Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#65087}
-
Suraj Sharma authored
This is a reland of d46bd852 Original change's description: > [ic] Migrate Code-based handlers to use data driven handler. > > All usage of KeyedLoadIC_Slow, HasIC_Slow, StoreInArrayLiteralIC_Slow > and KeyedStoreIC_Slow now use data driven handlers > > Bug: v8:9779 > Change-Id: Idd888c5c10b462a5fe155ba0add36f95169bd76d > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1895988 > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> > Commit-Queue: Suraj Sharma <surshar@microsoft.com> > Cr-Commit-Position: refs/heads/master@{#64918} Bug: v8:9779 Change-Id: I8fb9359752d6b8e8211c37e15e8f1bf61dd6532a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1916684Reviewed-by: Joshua Litt <joshualitt@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Suraj Sharma <surshar@microsoft.com> Cr-Commit-Position: refs/heads/master@{#65086}
-
Santiago Aboy Solanes authored
We now keep the same percentage of the window occupied by the panel when toggling Maximize (both maximizing, or un-maximizing). This also means that it no longer forces the side panels open when toggling maximizing. Also took the opportunity and cleaned up names and resizer.ts. Bug: v8:7327 Change-Id: I60b574a833f3059e447aa17fae8a687d32ac29d5 Notry: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1903970Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#65085}
-
Santiago Aboy Solanes authored
After searching now we are focused on the svg, which allows using the keyboard shortcuts after searching. Bug: v8:7327 Change-Id: I57f5490ecb9858971aefae66b9808460108dc936 Notry: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1925147Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#65084}
-
Santiago Aboy Solanes authored
Source: https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes Bug: v8:7327 Change-Id: I2f91b7dc619d70ae29600ae7f304d9944994c863 Notry: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1925151Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#65083}
-
Georg Neis authored
... by handlifying its argument. Bug: v8:9989 Change-Id: Ie56a8beb52372c6f77aa855319c3af5e429bfd04 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1926149Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#65082}
-
Georg Neis authored
... by making explicit that the value is a Smi. Bug: v8:9989 Change-Id: I9f65030cf665e16c2fb22f5f77e25daf3cfb1cf1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1924260Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#65081}
-
Zhi An Ng authored
This reverts commit 20727725. Reason for revert: Many bugs/crashes, https://crbug.com/v8/9999 https://crbug.com/1026500 https://crbug.com/1026514 Original change's description: > [liftoff] Use stack slot offsets instead of indices > > Spill/fill now take offsets instead of indices. We provide a > helper, GetStackOffsetFromIndex, for callers. This is currently only > useful while slot sizes are still fixed to 8 bytes. > > StackTransferRecipe's RegisterLoad now works in terms of offset. > > LiftoffStackSlots work in terms of offset as well. > > TransferStackSlot currently still works in terms of indicies, but can be > converted to use offsets in a subsequent change. > > Bug: v8:9909 > Change-Id: If54fb844309bdfd641720d063135dd59551813e0 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1922489 > Reviewed-by: Clemens Backes <clemensb@chromium.org> > Commit-Queue: Zhi An Ng <zhin@chromium.org> > Cr-Commit-Position: refs/heads/master@{#65049} TBR=clemensb@chromium.org,zhin@chromium.org Change-Id: I972b72346c87d1d55488911938e3f3cdbe69abe5 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:9909 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1925560Reviewed-by: Zhi An Ng <zhin@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#65080}
-
Seth Brenith authored
This change defines a way that v8_debug_helper can describe object fields which are packed structs, and uses it for the "descriptors" field in DescriptorArray. In more detail: - debug-helper.h (the public interface for v8_debug_helper) adds a size and an optional list of struct properties to ObjectProperty. - debug-helper-internal.h mirrors those changes to the internal class hierarchy which maintains proper unique_ptr ownership. - In src/torque/class-debug-reader-generator.cc, - Some existing logic is moved into smaller functions. - New logic is added to generate the field list for structs. Example output is included in a comment above the function GenerateGetPropsChunkForField. Bug: v8:9376 Change-Id: I531acac039ccb42050641448a4cbaec26186a7bc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1894362 Commit-Queue: Seth Brenith <seth.brenith@microsoft.com> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#65079}
-
Jakob Kummerow authored
They have to be in sync, so this patch updates both systems. Bug: v8:4153 Change-Id: I09252e41a710e79f823fe6818c1c6c0038faeb31 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1903434Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#65078}
-
Clemens Backes authored
It seems like they were originally added in https://crrev.com/23654026 (Sep 2013) to break dependences in the OOO pipeline. This code pattern was then later copied for other instructions too (https://crrev.com/1424333002). The reason for the xorpd is not mentioned in the code though, and I found no other compiler doing this. So maybe it's obsolete by now, and only increases code size. Let's remove them and see if we get any performance regressions. R=ahaas@chromium.org CC=yangguo@chromium.org Change-Id: I0e6d65afa67f0ee286e5b0ba95c91092c5261c8f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1926427Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#65077}
-
Leszek Swirski authored
Since it doesn't allocate, make UncompiledData::Init a member function, consistent with SharedFunctionInfo::Init. Bug: chromium:1011762 Change-Id: I984adf9004193eb9da504ddd39dd95345eccaf82 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1926031 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#65076}
-
Leszek Swirski authored
This allows off-thread flattening. Bug: chromium:1011762 Change-Id: If83f7bbcbf74165987a4c157184f5b92dc554971 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1924437 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#65075}
-
Clemens Backes authored
This reverts commit 3c98a2a3. Reason for revert: Fails on arm: https://ci.chromium.org/p/v8/builders/ci/V8%20Arm%20-%20debug/12134 Original change's description: > [wasm] Prevent breakpoints on nonbreakable positions > > If a breakpoint is set on a non-breakable position, the wasm interpreter > just stores the value 0xFF (kInternalBreakpoint) in the function body > (actually, a copy of the function body). This might overwrite immediates > and cause subsequent failures in the wasm interpreter. > > In JavaScript, breakpoints are just forwarded to the next breakable > position. This CL implements the same for WebAssembly. > A cctest tests this behavior, and the existing > wasm-stepping-byte-offsets.js inspector test is extended to also set the > breakpoint within an i32 constant immediate. > > R=leese@chromium.org, mstarzinger@chromium.org > CC=bmeurer@chromium.org > > Bug: chromium:1025184 > Change-Id: Ia2706f8f1c3d686cbbe8e1e7339d9ee86247bb4a > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1925152 > Commit-Queue: Clemens Backes <clemensb@chromium.org> > Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Cr-Commit-Position: refs/heads/master@{#65070} TBR=mstarzinger@chromium.org,clemensb@chromium.org,bmeurer@chromium.org,leese@chromium.org Change-Id: I7468ea3b15fecccdea521308325cf4851e0a0396 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:1025184 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1926032Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#65074}
-