- 23 Nov, 2018 38 commits
-
-
Michael Lippautz authored
Provide processing scope that makes it impossible to maintain locally cached wrappers that could get invalidated in Blink and yield in crashers. Bug: chromium:843903, v8:8238 Change-Id: I7ba1905f6c77a97bcc61ac42f921dcac4772471f Reviewed-on: https://chromium-review.googlesource.com/c/1349276 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#57795}
-
Toon Verwaest authored
Change-Id: Icbda182a894ce6508efbfa3bdb17ba3adce360c7 Reviewed-on: https://chromium-review.googlesource.com/c/1349573Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#57794}
-
Toon Verwaest authored
Change-Id: I50c6124d3da5b35d4156c066f38d10d2dc966567 Reviewed-on: https://chromium-review.googlesource.com/c/1349246Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#57793}
-
Toon Verwaest authored
Rather check expressions used as patterns directly. Check parentheses by tagging parenthesized expressions as parenthesized. This allows us to drop UnexpectedPatternToken and makes it clear why a specific token is unexpected (because it's invalid in a binding pattern). This also more uniformly restores messages like "Invalid destructuring assignment target". Change-Id: Idd98e9116c85de4c2304cf1fef1baa097b67149d Reviewed-on: https://chromium-review.googlesource.com/c/1349572 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#57792}
-
Hannes Payer authored
Bug: chromium:852420 Change-Id: I348dbf52bc43078861e40e8377257c8f9a2bc920 Reviewed-on: https://chromium-review.googlesource.com/c/1349242Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Hannes Payer <hpayer@chromium.org> Cr-Commit-Position: refs/heads/master@{#57791}
-
Leszek Swirski authored
Use gperf to generate a perfect hash table for keyword lookup. Adds a python script which munges the output of gperf and adds additional cleanup and optimisations. Change-Id: I3656a7287dbd0688917893de3a671faef9e4578a Reviewed-on: https://chromium-review.googlesource.com/c/1349240 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#57790}
-
Peter Marshall authored
- Remove the InstallFunction variant which just passed its arguments straight to JSObject::AddProperty - Change InstallFunction to accept a String rather than a Symbol as all symbol installation goes through InstallFunctionAtSymbol now. This way we can avoid the call to Name::ToFunctionName as well - Add an explicit helper InstallFunctionWithBuiltinId for installing functions which have a builtin ID. These are always installed with DONT_ENUM PropertyAttributes so we can remove that parameter, too. - Remove PropertyAttributes from InstallFunction because it is always DONT_ENUM. Bug: v8:8238 Change-Id: I7af3d6d833d50065c20e198e21a72ef4a539c1ca Reviewed-on: https://chromium-review.googlesource.com/c/1349284Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#57789}
-
Andreas Haas authored
R=yangguo@chromium.org Bug: v8:8238 Change-Id: Ia59aefc54c2e9f4fa3348c42fb45e7fadab8ee76 Reviewed-on: https://chromium-review.googlesource.com/c/1349231Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#57788}
-
Andreas Haas authored
R=yangguo@chromium.org Bug: v8:8238 Change-Id: I657ec92031ffe8241eaac67ba207bddc989c73a7 Reviewed-on: https://chromium-review.googlesource.com/c/1349234Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#57787}
-
Marja Hölttä authored
This is a reland of 81756480 Original change's description: > [objects.h splitting] Move AsyncGeneratorRequest > > BUG=v8:5402,v8:8238 > > Change-Id: I988b1e0b7a958d06690820632bc533d9e5338535 > Reviewed-on: https://chromium-review.googlesource.com/c/1349190 > Reviewed-by: Clemens Hammacher <clemensh@chromium.org> > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > Commit-Queue: Marja Hölttä <marja@chromium.org> > Cr-Commit-Position: refs/heads/master@{#57776} TBR=clemensh@chromium.org,ulan@chromium.org Bug: v8:5402, v8:8238 Change-Id: I9f4b6b761313be586612df7e7753b97f99c4d1e9 Reviewed-on: https://chromium-review.googlesource.com/c/1349283 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#57786}
-
Yang Guo authored
This reverts commit 38cd61d0. Reason for revert: Layout test http/tests/asmjs/asm-warnings.html fails due to missing context. See https://ci.chromium.org/p/chromium/builders/luci.chromium.try/linux_chromium_rel_ng/238991 crash log for renderer (pid <unknown>): STDOUT: <empty> STDERR: [1:1:1123/024436.020348:FATAL:script_state.h(140)] Check failed: !context.IsEmpty(). STDERR: #0 0x5556817298df base::debug::StackTrace::StackTrace() STDERR: #1 0x55568167b5fb logging::LogMessage::~LogMessage() STDERR: #2 0x55568154ed45 blink::ScriptState::From() STDERR: #3 0x555683047aa9 blink::V8Initializer::MessageHandlerInMainThread() STDERR: #4 0x5556801793c8 v8::internal::MessageHandler::ReportMessageNoExceptions() STDERR: #5 0x555680178652 v8::internal::MessageHandler::ReportMessage() STDERR: #6 0x5556802c2563 v8::internal::PendingCompilationErrorHandler::ReportWarnings() STDERR: #7 0x55567fc8bcd3 v8::internal::(anonymous namespace)::FinalizeUnoptimizedCode() STDERR: #8 0x55567fc8b668 v8::internal::Compiler::Compile() STDERR: #9 0x55567fc8be6b v8::internal::Compiler::Compile() STDERR: #10 0x55568033a36f v8::internal::__RT_impl_Runtime_CompileLazy() STDERR: #11 0x5556808f2492 <unknown> STDERR: STDERR: [25209:25254:1123/024436.075700:WARNING:crash_handler_host_linux.cc(341)] Could not translate tid, attempt = 1 retry ... The issue seems to be that we do require the context for when we report a compile error when finalizing the compilation. Original change's description: > [Compiler] Ensure unoptimized code generation is context independent. > > Now that Asm.js code is also context independent, move code to ensure context independence > from BytecodeGenerator to FinalizeUnoptimizedCode. > > Change-Id: I7738eb3b347ea82764ecd3b5548dc82cb06d2f4e > Reviewed-on: https://chromium-review.googlesource.com/c/1347483 > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> > Cr-Commit-Position: refs/heads/master@{#57730} TBR=rmcilroy@chromium.org,mstarzinger@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Change-Id: Iaa15e608b35a3396ba51a03f996c6de1330f0016 Reviewed-on: https://chromium-review.googlesource.com/c/1349236 Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#57785}
-
Andreas Haas authored
R=yangguo@chromium.org Bug: v8:8238 Change-Id: I37acbc2b7f14d16a57a27cc235769f8a7c18e3a1 Reviewed-on: https://chromium-review.googlesource.com/c/1349232Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#57784}
-
Andreas Haas authored
The callback set with this function is already not used anymore. R=yangguo@chromium.org Bug: chromium:860637, v8:8238 Change-Id: I26f4528720e936dcc9b7b244dff7db97a4b43273 Reviewed-on: https://chromium-review.googlesource.com/c/1345989Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#57783}
-
Toon Verwaest authored
- Reuse CheckDestructuringElement for object rest destructuring, - don't duplicate eval/arguments detection in object patterns, - don't unnecessarily locally validate expression when async(...) is a call, - don't classify pattern error for Property since it's only invalid as a binding pattern. Change-Id: I0eaf6abff39a563c2d6dc07dfbb17071c0f76caf Reviewed-on: https://chromium-review.googlesource.com/c/1349282Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#57782}
-
Clemens Hammacher authored
This method is only used in a slow dcheck, thus omit it completely otherwise. R=ahaas@chromium.org Bug: v8:8238 Change-Id: Ic23d0ff10a1dfe9f383237c99a365c2d3ee93e51 Reviewed-on: https://chromium-review.googlesource.com/c/1349233Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#57781}
-
Igor Sheludko authored
Bug: v8:7703 Change-Id: I47e6971bc99186cb6861164ec2a246ebcd770219 Reviewed-on: https://chromium-review.googlesource.com/c/1349230Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#57780}
-
George Wort authored
This implements sign extension for the arm32 port of Liftoff. Bug: v8:6600 Change-Id: Ib9fb56835b92fa96af013fd3504395d24a27e10e Reviewed-on: https://chromium-review.googlesource.com/c/1348429 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#57779}
-
George Wort authored
This implements type conversion for the arm32 port of Liftoff. Bug: v8:6600 Change-Id: Id100df92dc5e9f9df1b7b26158e35bb36b742f10 Reviewed-on: https://chromium-review.googlesource.com/c/1348409 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#57778}
-
Clemens Hammacher authored
This reverts commit 81756480. Reason for revert: Breaks several builders, e.g. https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20builder/37808 Original change's description: > [objects.h splitting] Move AsyncGeneratorRequest > > BUG=v8:5402,v8:8238 > > Change-Id: I988b1e0b7a958d06690820632bc533d9e5338535 > Reviewed-on: https://chromium-review.googlesource.com/c/1349190 > Reviewed-by: Clemens Hammacher <clemensh@chromium.org> > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > Commit-Queue: Marja Hölttä <marja@chromium.org> > Cr-Commit-Position: refs/heads/master@{#57776} TBR=marja@chromium.org,clemensh@chromium.org,tebbi@chromium.org Change-Id: I5b654f5eed5764af764ed6e96e308da75cd28fe0 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:5402, v8:8238 Reviewed-on: https://chromium-review.googlesource.com/c/1349235Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#57777}
-
Marja Hölttä authored
BUG=v8:5402,v8:8238 Change-Id: I988b1e0b7a958d06690820632bc533d9e5338535 Reviewed-on: https://chromium-review.googlesource.com/c/1349190Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#57776}
-
Marja Hölttä authored
+ fixing other files which were depending on context-inl.h pulling in the missing includes. BUG=v8:7490,v8:8238 Change-Id: I90d37599bdfb69ac8fd7e62b8fb78d9d77c77234 Reviewed-on: https://chromium-review.googlesource.com/c/1349277Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#57775}
-
Toon Verwaest authored
This changes the split from AssignmentPattern and BindingPattern to Pattern and BindingPattern. Pattern collects all errors that are invalid in both assignment and binding pattern contexts. Binding pattern additionally collects errors for binding pattern contexts (property access isn't a valid target). The distinction is piggybacked on to distinguish assignment vs binding pattern errors since binding pattern verification will first throw the binding pattern error. Since we don't throw pattern error as binding pattern as well, this can mean that a later binding pattern syntax error will show up before an early pattern error. Since that just changes the message to another syntax violation, I think that's fine. Change-Id: Ib6a22c8d11c49eacc6667ae8ee5e98bababadd43 Reviewed-on: https://chromium-review.googlesource.com/c/1349273Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#57774}
-
Peter Marshall authored
This helper cleans up the callsites of the Symbol.toPrimitive installations. As a bonus, we can remove an unused CreateFunction variant now. Bug: v8:8238 Change-Id: I017acc9464d6179e8bf53767f8bbc953272b46ed Reviewed-on: https://chromium-review.googlesource.com/c/1349275Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#57773}
-
Daniel Clifford authored
Bug: v8:7793 Change-Id: I2d5154eabd549c0518ca41dae6ef7bd047f3e1ef Reviewed-on: https://chromium-review.googlesource.com/c/1348072Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Daniel Clifford <danno@chromium.org> Cr-Commit-Position: refs/heads/master@{#57772}
-
Jakob Kummerow authored
Bug: v8:3770 Change-Id: I07f48b1ee8814a006e6787ad8261fa8388b4298d Reviewed-on: https://chromium-review.googlesource.com/c/1345327 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#57771}
-
Michael Lippautz authored
Add a path into embedder tracing on allocation. This is safe as as Blink is not allowed to call into V8 during object construction. This is a reland of caed2cc0. Bug: chromium:843903 Change-Id: I7faa8413966f6b4d37f19b235d46bb09e4d47235 Bug: chromium:843903 Reviewed-on: https://chromium-review.googlesource.com/c/1349330 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#57770}
-
Peter Marshall authored
- Remove an unused param from InstallFunction - Remove an InstallFunction variant which just rearranges the order of the arguments - Consistently use const char* string literals as property names rather than e.g. factory->return_string() just write "return" because it is easier for humans to read. All the strings are internalized anyway and this happens at mksnapshot time, so there is no performance penalty. - Remove the maybe_prototype arguments to CreateFunction. We always know at the callsite whether we have a prototype or not, so just call the variant that takes a prototype or the new CreateFunction variant which takes a Builtin::name. - Rename a SimpleInstallFunction variant which was only used for symbols to InstallFunctionAtSymbol. This also makes it clear that this is the only case where property_name and function_name differ. Bug: v8:8238 Change-Id: I2400de90ebe837694e777cff1419858037ee51cc Reviewed-on: https://chromium-review.googlesource.com/c/1349271Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#57769}
-
Yang Guo authored
This reverts commit e64f7c0a. Reason for revert: this breaks chromedriver_py_test on Mac and Windows. This blocks the roll. Details: - DEPS roll with V8 pointing to this commit fails: https://chromium-review.googlesource.com/c/chromium/src/+/1349251 - DEPS roll with V8 pointing to the parent of this commit succeeds: https://chromium-review.googlesource.com/c/chromium/src/+/1349214 Original change's description: > Reland "[turbofan] Use feedback when reducing global loads/stores." > > This is a reland of 9c91b687 after > fixing undefined behavior in numeric conversion that caused trouble > on arm32. > > Original change's description: > > [turbofan] Use feedback when reducing global loads/stores. > > > > We already record the script context location or the property cell > > as feedback of the global load/store IC, so Turbofan doesn't need > > to do the lookups again. > > > > Change-Id: I6cbd2937de344729cd8e146b4ff85ddf3de6a56e > > Reviewed-on: https://chromium-review.googlesource.com/c/1335691 > > Commit-Queue: Georg Neis <neis@chromium.org> > > Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#57555} > > Change-Id: Ic2d09025de02f92199755ac860bb9e91fa08f4ec > Reviewed-on: https://chromium-review.googlesource.com/c/1340043 > Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> > Commit-Queue: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#57649} TBR=neis@chromium.org,bmeurer@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Change-Id: I7c9364d6a0bea6681fe9e25b28206cfc2c8557a7 Reviewed-on: https://chromium-review.googlesource.com/c/1349272Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#57768}
-
George Wort authored
This implements AssertUnreachable for the arm32 port of Liftoff. Bug: v8:6600 Change-Id: I9aa5083dc1be175fc5f2f386d8aace021bab3b03 Reviewed-on: https://chromium-review.googlesource.com/c/1346335 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#57767}
-
George Wort authored
This implements popcnt, division and remainder on i32 for the arm32 port of Liftoff. Bug: v8:6600 Change-Id: I2aac78596ef9799bf8fcfc791c0e946a8388f62f Reviewed-on: https://chromium-review.googlesource.com/c/1346497 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#57766}
-
George Wort authored
This implements arithmetic operations on i32, comparisons, and conditional jumps for the arm32 port of Liftoff. Bug: v8:6600 Change-Id: Ib8d6e4dd99c725d9c5bff06d31c64e7ba4639297 Reviewed-on: https://chromium-review.googlesource.com/c/1346334 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#57765}
-
Jakob Kummerow authored
Bug: v8:3770 Change-Id: I9a3f289ac6236b88476167150565e8183d6f5461 Reviewed-on: https://chromium-review.googlesource.com/c/1345326 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#57764}
-
Yang Guo authored
This reverts commit 40b448ea. Reason for revert: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Win64/27711 Original change's description: > [heap] Release dead young generation large objects in the Scavenger. > > Bug: chromium:852420 > Change-Id: Ieefbee7bfd625d62e9104950bdfa8e46d5f4270a > Reviewed-on: https://chromium-review.googlesource.com/c/1348081 > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Commit-Queue: Hannes Payer <hpayer@chromium.org> > Cr-Commit-Position: refs/heads/master@{#57761} TBR=ulan@chromium.org,hpayer@chromium.org Change-Id: I6b57dd8ed92d85b5ce012da754611278ceaefe20 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:852420 Reviewed-on: https://chromium-review.googlesource.com/c/1349270Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#57763}
-
Yang Guo authored
R=jgruber@chromium.org Change-Id: I49c08217d0c8e452afe84ad76ae6d60367802e82 Reviewed-on: https://chromium-review.googlesource.com/c/1348075Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#57762}
-
Hannes Payer authored
Bug: chromium:852420 Change-Id: Ieefbee7bfd625d62e9104950bdfa8e46d5f4270a Reviewed-on: https://chromium-review.googlesource.com/c/1348081Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Hannes Payer <hpayer@chromium.org> Cr-Commit-Position: refs/heads/master@{#57761}
-
Dan Elphick authored
This is a reland of a6e3cdd9 Now only changes ObjectTemplate::NewInstance. Original change's description: > [cleanup] Move methods to V8_DEPRECATED > > Updates ObjectTemplate::NewInstance and FunctionTemplate::GetFunction > from V8_DEPRECATED_SOON to V8_DEPRECATED, now that they're unused in > chrome. > > Bug: v8:7294, v8:7295, v8:8238 > Change-Id: Ic7cb2c410ff812f73cfd108551f2a1a20722df07 > Reviewed-on: https://chromium-review.googlesource.com/c/1344151 > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Commit-Queue: Dan Elphick <delphick@chromium.org> > Cr-Commit-Position: refs/heads/master@{#57657} Bug: v8:7294, v8:7295, v8:8238 Change-Id: I52ec021bc92600f67cf27791d5b2df2a4342a4d5 Reviewed-on: https://chromium-review.googlesource.com/c/1348079Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#57760}
-
Yang Guo authored
This reverts commit caed2cc0. Reason for revert: Breaks layout tests, e.g. https://test-results.appspot.com/data/layout_results/V8-Blink_Linux_64__dbg_/14924/webkit_layout_tests%20%28with%20patch%29/layout-test-results/results.html crash log for renderer (pid <unknown>): STDOUT: <empty> STDERR: STDERR: STDERR: # STDERR: # Fatal error in ../../v8/src/base/platform/elapsed-timer.h, line 24 STDERR: # Debug check failed: !IsStarted(). STDERR: # STDERR: # STDERR: # STDERR: #FailureMessage Object: 0x7ffc46707640#0 0x565409263b6f base::debug::StackTrace::StackTrace() STDERR: #1 0x56540a8a32fb gin::(anonymous namespace)::PrintStackTrace() STDERR: #2 0x56540a8980d8 V8_Fatal() STDERR: #3 0x56540a897e35 v8::base::(anonymous namespace)::DefaultDcheckHandler() STDERR: #4 0x565407971f02 v8::base::ElapsedTimer::Start() STDERR: #5 0x565407d08edf v8::internal::TimedHistogram::Start() STDERR: #6 0x565407e500d5 v8::internal::IncrementalMarking::AdvanceIncrementalMarkingOnAllocation() STDERR: #7 0x565407e4f977 v8::internal::IncrementalMarking::Observer::Step() STDERR: #8 0x565407e48092 v8::internal::AllocationObserver::AllocationStep() STDERR: #9 0x565407eb0751 v8::internal::SpaceWithLinearArea::InlineAllocationStep() STDERR: #10 0x565407eb3e44 v8::internal::NewSpace::EnsureAllocation() STDERR: #11 0x565407e258ff v8::internal::NewSpace::AllocateRaw() STDERR: #12 0x565407e06b2d v8::internal::Heap::AllocateRaw() STDERR: #13 0x565407e432ef v8::internal::Heap::AllocateRawWithLightRetry() STDERR: #14 0x565407e433cf v8::internal::Heap::AllocateRawWithRetryOrFail() STDERR: #15 0x565407e04d48 v8::internal::Factory::NewFixedArrayWithFiller() STDERR: #16 0x565407fd6339 v8::internal::HashTable<>::New() STDERR: #17 0x565407fd7be8 v8::internal::HashTable<>::EnsureCapacity() STDERR: #18 0x565407fc7e95 v8::internal::Dictionary<>::Add() STDERR: #19 0x565407fcf453 v8::internal::BaseNameDictionary<>::Add() STDERR: #20 0x565407f89ee4 v8::internal::LookupIterator::ApplyTransitionToDataProperty() STDERR: #21 0x5654080036e2 v8::internal::Object::AddDataProperty() STDERR: #22 0x56540793061f v8::internal::(anonymous namespace)::DefineDataProperty() STDERR: #23 0x56540792da59 v8::internal::(anonymous namespace)::InstantiateObject() STDERR: #24 0x56540792b75a v8::internal::(anonymous namespace)::InstantiateFunction() STDERR: #25 0x56540792b4db v8::internal::ApiNatives::InstantiateFunction() STDERR: #26 0x5654079594bf v8::FunctionTemplate::GetFunction() STDERR: #27 0x56540a7af74e blink::V8ObjectConstructor::CreateInterfaceObject() STDERR: #28 0x56540a7afe01 blink::V8PerContextData::ConstructorForTypeSlowCase() STDERR: #29 0x56540a7afdd6 blink::V8PerContextData::ConstructorForTypeSlowCase() STDERR: #30 0x56540a7afdd6 blink::V8PerContextData::ConstructorForTypeSlowCase() STDERR: #31 0x56540a7afcb4 blink::V8PerContextData::CreateWrapperFromCacheSlowCase() STDERR: #32 0x56540a7aef73 blink::V8DOMWrapper::CreateWrapper() STDERR: #33 0x56540a7abf6b blink::ScriptWrappable::Wrap() STDERR: #34 0x56540a677199 blink::V8Document::documentElementAttributeGetterCallback() STDERR: #35 0x565407a0aec3 v8::internal::FunctionCallbackArguments::Call() STDERR: #36 0x565407a097be v8::internal::(anonymous namespace)::HandleApiCallHelper<>() STDERR: #37 0x565407a0877b v8::internal::Builtins::InvokeApiFunction() STDERR: #38 0x565407fe785a v8::internal::Object::GetPropertyWithAccessor() STDERR: #39 0x565407fe697e v8::internal::Object::GetProperty() STDERR: #40 0x565407ec8c71 v8::internal::LoadIC::Load() STDERR: #41 0x565407ed6401 v8::internal::__RT_impl_Runtime_LoadIC_Miss() STDERR: #42 0x5654087593f2 <unknown> STDERR: [16162:16185:1122/143518.356897:WARNING:crash_handler_host_linux.cc(341)] Could not translate tid, attempt = 1 retry ... Original change's description: > [heap] Improve embedder tracing during incremental marking > > Add a path into embedder tracing on allocation. This is safe as as Blink > is not allowed to call into V8 during object construction. > > Bug: chromium:843903 > Change-Id: I5af053c3169f5a33778ebce5d7c5c43e4efb1aa4 > Reviewed-on: https://chromium-review.googlesource.com/c/1348749 > Commit-Queue: Michael Lippautz <mlippautz@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Cr-Commit-Position: refs/heads/master@{#57757} TBR=ulan@chromium.org,mlippautz@chromium.org Change-Id: Ide2c0b284b52bee17573adcc89f14be4e40dab91 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:843903 Reviewed-on: https://chromium-review.googlesource.com/c/1349189Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#57759}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/05ea63b..cd7b727 Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/aa21a92..4ed4737 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/d66dad7..25c4fce TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org Change-Id: Id8608976646cb19b61698a6bc824977c5d55357a Reviewed-on: https://chromium-review.googlesource.com/c/1349110 Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#57758}
-
- 22 Nov, 2018 2 commits
-
-
Michael Lippautz authored
Add a path into embedder tracing on allocation. This is safe as as Blink is not allowed to call into V8 during object construction. Bug: chromium:843903 Change-Id: I5af053c3169f5a33778ebce5d7c5c43e4efb1aa4 Reviewed-on: https://chromium-review.googlesource.com/c/1348749 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#57757}
-
Igor Sheludko authored
Bug: v8:8477, v8:8238 Tbr: bmeurer@chromium.org Change-Id: I03e6e83bc805c6880318161e00b367df0a3b4003 Reviewed-on: https://chromium-review.googlesource.com/c/1348434 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#57756}
-