- 31 Mar, 2017 17 commits
-
-
hpayer authored
Revert of [heap] Take page lock when scavenging old to new references in Scavenger. (patchset #2 id:20001 of https://codereview.chromium.org/2781363002/ ) Reason for revert: This results in a deadlock when the scavenger decides to perform sweeping and re-grabs the same mutex. Original issue's description: > [heap] Take page lock when scavenging old to new references in Scavenger. > > BUG=v8:5807 > > Review-Url: https://codereview.chromium.org/2781363002 > Cr-Commit-Position: refs/heads/master@{#44268} > Committed: https://chromium.googlesource.com/v8/v8/+/4024e6a1bb0b803a5cd16fcd11f39cc305b943c6 TBR=ulan@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=v8:5807 Review-Url: https://codereview.chromium.org/2786313003 Cr-Commit-Position: refs/heads/master@{#44302}
-
Peter Marshall authored
The last CL https://chromium-review.googlesource.com/c/456707/ caused some pretty heavy performance regressions. After experimenting, it seems the easiest and most straight-forward way to copy the elements into the new typed array is to do it in JS. Adds a fast path for typed arrays, where the source typed array has the same elements kind, in which case we can just copy the backing store using memcpy. This CL also removes regression test 319120 which is from a pwn2own vulnerability. The old code path enforced a maximum byte_length that was too low, which this change removes. The length property of the typed array must be a Smi, but the byte_length, which can be up to 8x larger than length for a Float64Array, can be a heap number. We can also re-use some of the logic from ConstructByLength when deciding whether to allocate the buffer on- or off-heap, so that is factored out into InitializeBasedOnLength. We can also re-use the DoInitialize helper instead of calling into the runtime, meaning we can remove InitializeFromArrayLike. BUG=v8:5977,chromium:705503,chromium:705394 Change-Id: I63372652091d4bdf3a9491acef9b4e3ac793a755 Reviewed-on: https://chromium-review.googlesource.com/459621Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#44301}
-
Andreas Haas authored
The original CL was reverted because regression test used i18n stuff, which was not available in the no-i18n bot. The regression test turned out to be flaky, because I cannot even reproduce the crash now without the fix. I think the reason is that for the crash to happen a stack check has to fail within the rejection of a promise. Small changes can cause the stack check to fail somewhere else. Investigations showed though that the crash should still be possible. I propose therefore to land the fix now without the regression test. Original message: We check that if we do not get a result, or if we get a negative result, then there has to be a scheduled exception. R=clemensh@chromium.org BUG=chromium:704127 Change-Id: Iaf355249686412a636074a476687413b621aac68 Reviewed-on: https://chromium-review.googlesource.com/464846Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#44300}
-
Franziska Hinkelmann authored
Add the source position to variables if they are parameters. Collect type information for parameters and return values. Index the types by their corresponding source position. For the types of return values, use the function end as source position. Sample output for a function with 2 parameters (at source position 252 and 258, and function end at 443) ************* Function: testFunction 252: Object number string number 258: undefined boolean undefined undefined 443: Object number string number ************* BUG=v8:5933 Change-Id: I3b8749afcac706c1834146abf1b5b4a3fd130fb6 Reviewed-on: https://chromium-review.googlesource.com/461919Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Marja Hölttä <marja@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Franziska Hinkelmann <franzih@chromium.org> Cr-Commit-Position: refs/heads/master@{#44299}
-
Michael Starzinger authored
This fixes printing of {CallRuntime} nodes that are backed by JavaScript functions. Issues with the printing that was in place: - Crash because it was accessing {context} instead of {native_context} - Printout was not comparable, raw heap pointer different between runs R=bmeurer@chromium.org Change-Id: I941944b46550bd908ec14a324bc255d6c8f96fbe Reviewed-on: https://chromium-review.googlesource.com/464766Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#44298}
-
Clemens Hammacher authored
grow_memory was working from test cases, but not in combination with compiled code. This CL makes the effect of grow_memory executed either in the interpreter or compiled code always be reflected in both execution environments. It also adds a %RedirectToWasmInterpreter runtime function for testing this interaction. R=ahaas@chromium.org CC=gdeepti@chromium.org BUG=v8:5822 Change-Id: I3e7c184c42ef655d1c30d2e0dddad7fb783455fc Reviewed-on: https://chromium-review.googlesource.com/463506 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#44297}
-
Clemens Hammacher authored
Add a limit to the number of nested call frames in the C++ wasm interpreter. Both the size of the value stack as well as the size of the block stack are limited per call frame. Thus, a limit on only the call frame stack is enough to limit the overall memory consumption of one interpreter instance. R=ahaas@chromium.org BUG=v8:5822 Change-Id: If9f7e547cd1d003bc2ae3c7586ece6b3cf3be587 Reviewed-on: https://chromium-review.googlesource.com/463486 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#44296}
-
jgruber authored
The dotAll flag changes behavior of the dot '.' character to match every possible single character instead of excluding certain line terminators. The implementation is staged behind --harmony-regexp-dotall. Spec proposal: https://github.com/mathiasbynens/es-regexp-dotall-flag BUG=v8:6172 Review-Url: https://codereview.chromium.org/2780173002 Cr-Commit-Position: refs/heads/master@{#44295}
-
clemensh authored
The disassembly output recently changed to output pc offsets in hex (see https://codereview.chromium.org/2757263002). This CL also changes source positions, safepoints and back edges to use the same format. This allows easier matching. R=leszeks@chromium.org, yangguo@chromium.org Review-Url: https://codereview.chromium.org/2788513004 Cr-Commit-Position: refs/heads/master@{#44294}
-
Clemens Hammacher authored
This CL cleans up a few things: - It removes two dead declarations: WasmMemoryObject::Grow and wasm::GrowInstanceMemory. - It removes the unneeded wasm::GetInstanceMemory function (use instance->memory_buffer() directly). - It moves wasm::GetInstanceMemorySize to WasmInstanceObject::GetMemorySize. - It moves wasm::GrowInstanceMemory to WasmInstanceObject::GrowMemory. - It moves wasm::GrowWebAssemblyMemory to WasmMemoryObject::Grow. R=ahaas@chromium.org CC=gdeepti@chromium.org Change-Id: I19781ca9784f1a8e7b60955bef82e341c4f75550 Reviewed-on: https://chromium-review.googlesource.com/463167 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Cr-Commit-Position: refs/heads/master@{#44293}
-
Franziska Hinkelmann authored
README.md is easier to find than message.md. BUG= Change-Id: I9b9b8173c322206b931176d480566cdcb62eb31c Reviewed-on: https://chromium-review.googlesource.com/464706Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Franziska Hinkelmann <franzih@chromium.org> Cr-Commit-Position: refs/heads/master@{#44292}
-
Peter Marshall authored
The resources list is required for android, where these files are pushed to the device. The android bots have been failing due to these missing resources, as the files are not available on the devices. NOTRY=true Change-Id: Ibef3cfc10e01250cb380128013e3c304927b5459 Change-Id: Ibef3cfc10e01250cb380128013e3c304927b5459 Reviewed-on: https://chromium-review.googlesource.com/463266 Commit-Queue: Peter Marshall <petermarshall@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#44291}
-
jgruber authored
Additional tests, mostly for interactions with lookbehind assertions. BUG=v8:5437 Review-Url: https://codereview.chromium.org/2784813002 Cr-Commit-Position: refs/heads/master@{#44290}
-
thomasanderson authored
Revert of Remove download_binaries.py from DEPS (patchset #2 id:20001 of https://codereview.chromium.org/2774043002/ ) Reason for revert: https://codereview.chromium.org/2775913002/ needs to be reverted, so reverting all dependent patch sets Original issue's description: > Remove download_binaries.py from DEPS > > This step is no longer necessary after https://codereview.chromium.org/2775913002/ > > BUG=chromium:705072 > > Review-Url: https://codereview.chromium.org/2774043002 > Cr-Commit-Position: refs/heads/master@{#44252} > Committed: https://chromium.googlesource.com/v8/v8/+/459b881c233557f5da9ca9e4779fc1696c785a1c TBR=machenbach@chromium.org,thomasanderson@google.com # Not skipping CQ checks because original CL landed more than 1 days ago. BUG=chromium:705072 Review-Url: https://codereview.chromium.org/2786173004 Cr-Commit-Position: refs/heads/master@{#44289}
-
bmeurer authored
Rewrite returns in derived constructors to only replace undefined with this, and otherwise just return the value, and let the construct stub builtin throw an exception if the result is a primitive instead of a JSReceiver. R=yangguo@chromium.org TBR=marja@chromium.org BUG=chromium:706642 Review-Url: https://codereview.chromium.org/2788033002 Cr-Commit-Position: refs/heads/master@{#44288}
-
domenic authored
This will allow V8 extra consumers to track promise state without using a side-table. This is used by streams as of https://github.com/whatwg/streams/commit/173f9f67be56f6690f82ec26fe86c8e67256616b. BUG=chromium:658144 Review-Url: https://codereview.chromium.org/2784213002 Cr-Commit-Position: refs/heads/master@{#44287}
-
v8-autoroll authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/a634e44..673a8f4 Rolling v8/third_party/android_tools: https://chromium.googlesource.com/android_tools/+log/b43a6a2..b65c477 Rolling v8/third_party/catapult: https://chromium.googlesource.com/external/github.com/catapult-project/catapult/+log/d3a9107..b13bd47 Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/c55112f..5bc7c5e TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org Change-Id: I0c0febc9be9fe1d38ffedfb1d92588e6871541fc Reviewed-on: https://chromium-review.googlesource.com/464446Reviewed-by: v8 autoroll <v8-autoroll@chromium.org> Commit-Queue: v8 autoroll <v8-autoroll@chromium.org> Cr-Commit-Position: refs/heads/master@{#44286}
-
- 30 Mar, 2017 23 commits
-
-
kozyatinskiy authored
This step is required to implement console as builtin which calls console delegate methods. BUG=v8:6175 R=dgozman@chromium.org Review-Url: https://codereview.chromium.org/2783073002 Cr-Original-Commit-Position: refs/heads/master@{#44283} Committed: https://chromium.googlesource.com/v8/v8/+/fe27dccd873024213b16d1e9810dda6a6c705571 Review-Url: https://codereview.chromium.org/2783073002 Cr-Commit-Position: refs/heads/master@{#44285}
-
kozyatinskiy authored
Revert of [inspector] convert V8Console static methods into members (patchset #2 id:20001 of https://codereview.chromium.org/2783073002/ ) Reason for revert: Too many simulatenously landed CLs, this one should be rebased first. Original issue's description: > [inspector] convert V8Console static methods into members > > This step is required to implement console as builtin which calls console delegate methods. > > BUG=v8:6168 > R=dgozman@chromium.org > > Review-Url: https://codereview.chromium.org/2783073002 > Cr-Commit-Position: refs/heads/master@{#44283} > Committed: https://chromium.googlesource.com/v8/v8/+/fe27dccd873024213b16d1e9810dda6a6c705571 TBR=dgozman@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=v8:6168 Review-Url: https://codereview.chromium.org/2793443002 Cr-Commit-Position: refs/heads/master@{#44284}
-
kozyatinskiy authored
This step is required to implement console as builtin which calls console delegate methods. BUG=v8:6168 R=dgozman@chromium.org Review-Url: https://codereview.chromium.org/2783073002 Cr-Commit-Position: refs/heads/master@{#44283}
-
kozyatinskiy authored
In inspector code everywhere except V8StackTraceImpl we get pointer to isolate from inspector object or v8::FunctionCallbackInfo. We can avoid usage of v8::Isolate::GetCurrent in V8StackTraceImpl too. It will simplify a little embedder code by removing requirement to have v8::Isolate::Scope before calling to V8InspectorSession::dispatchProtocolMessage. BUG=v8:5907 R=dgozman@chromium.org Review-Url: https://codereview.chromium.org/2789593002 Cr-Commit-Position: refs/heads/master@{#44282}
-
kschimpf authored
BUG=chromium:704922 R=bbudge@chromium.org,bradnelson@chromium.org Review-Url: https://codereview.chromium.org/2786193002 Cr-Commit-Position: refs/heads/master@{#44281}
-
Franziska Hinkelmann authored
R=adamk@chromium.org, mstarzinger@chromium.org BUG= Change-Id: Ibac495e93b523bd034cc9f2d9e3a43cf38c9ab14 Reviewed-on: https://chromium-review.googlesource.com/463368Reviewed-by: Adam Klein <adamk@chromium.org> Commit-Queue: Franziska Hinkelmann <franzih@chromium.org> Cr-Commit-Position: refs/heads/master@{#44280}
-
sampsong authored
R=dgozman@chromium.org, kozyatinskiy@chromium.org, bjaideep@ca.ibm.com, jyan@ca.ibm.com, joransiu@ca.ibm.com BUG= Review-Url: https://codereview.chromium.org/2787713003 Cr-Commit-Position: refs/heads/master@{#44279}
-
Caitlin Potter authored
Currently, async generators are stringified the same way normal Generators are. This change prefixes async generator methods with "async *", and other async generator functions with "async function* ". BUG=v8:5855 R=adamk@chromium.org, littledan@chromium.org, jwolfe@igalia.com Change-Id: Ia809fad64caac4464dbc9f7fa7728584d0f67832 Reviewed-on: https://chromium-review.googlesource.com/463526 Commit-Queue: Caitlin Potter <caitp@igalia.com> Reviewed-by: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#44278}
-
Andreas Haas authored
It makes no sense to check if unaligned accesses of bytes in memory are allowed, since these accesses are always aligned. There was a problem on mips that we created an UnalignedLoad(Int8), which was, however, not implemented in the mips instruction selector. R=clemensh@chromium.org Change-Id: I20369e078e3c24942aa90c2bd3333d9881de0072 Reviewed-on: https://chromium-review.googlesource.com/463006Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#44277}
-
Andreas Haas authored
The test was out-dated. The wasm bytes still had the version 0xd, and no END instruction at the end of the function. In addition, the test used asynchronous compilation but did not wait for the promise to resolve. R=clemensh@chromium.org Change-Id: Ib01f47ac8f668401ed14470af7100e990e5bbd94 Reviewed-on: https://chromium-review.googlesource.com/463286Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#44276}
-
Adam Klein authored
BUG=v8:4958 Change-Id: Id02d36fce76eed54a5a3d348dbac2ea7d43f4ef3 Reviewed-on: https://chromium-review.googlesource.com/462336Reviewed-by: Daniel Ehrenberg <littledan@chromium.org> Commit-Queue: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#44275}
-
tebbi authored
R=mvstanton@chromium.org,danno@chromium.org Review-Url: https://codereview.chromium.org/2775203002 Cr-Commit-Position: refs/heads/master@{#44274}
-
Michael Starzinger authored
R=machenbach@chromium.org BUG=v8:6127 Change-Id: If029d449aedb6c10ec14aa847a2b68e6ce46ef94 Reviewed-on: https://chromium-review.googlesource.com/463046Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#44273}
-
Michael Achenbach authored
Bug: chromium:645890 Change-Id: If34ac1336d0ee3c23e89050aef2cf30b754b67c1 Reviewed-on: https://chromium-review.googlesource.com/461145 Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> Cr-Commit-Position: refs/heads/master@{#44272}
-
mvstanton authored
HasOrigin() can allocate. Make sure to wrap vulnerable raw pointers in handles. BUG= Review-Url: https://codereview.chromium.org/2788663002 Cr-Commit-Position: refs/heads/master@{#44271}
-
kozyatinskiy authored
BUG=chromium:432469 R=dgozman@chromium.org Review-Url: https://codereview.chromium.org/2746743002 Cr-Commit-Position: refs/heads/master@{#44270}
-
Camillo Bruni authored
- Add new address markers: T: tagged pointer in the minidump C: address into a module in the minidump S: pointer into the exception stack in the minidump *: other address in the minidump - Show ASCII decoding of address in dd - Display potential frame markers on the exception stack: 00000032212fdae8: 0000000300000000 ........ Smi(3) EXIT frame marker - Display relative addresses, useful to detect stack frames: 00000032212fdb68: 00000032212fdb98 S ........ [+6]=00000032212fdcb0 S 00000032212fdb70: 0000010ff5ca0a84 ........ 00000032212fdb78: 000001064c1fa881 ........ 00000032212fdb80: 0000016a8e52fcb1 ........ 00000032212fdb88: 0000010ff5ca0981 ........ 00000032212fdb90: 0000000d00000000 ........ Smi(13) INTERNAL frame marker 00000032212fdb98: 00000032212fdcb0 S ........ [+35]=00000032212fdd61 S Change-Id: I56bd7e6723a34bcb668719246dd5ff2898224928 Reviewed-on: https://chromium-review.googlesource.com/461862Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#44269}
-
hpayer authored
BUG=v8:5807 Review-Url: https://codereview.chromium.org/2781363002 Cr-Commit-Position: refs/heads/master@{#44268}
-
jgruber authored
GetProperty(result, groups) needs to be called iff the harmony-regexp-named-captures flag is enabled. Also add a couple of DCHECKS. BUG=v8:5437,chromium:706748 Review-Url: https://codereview.chromium.org/2786933002 Cr-Commit-Position: refs/heads/master@{#44267}
-
vchigrin authored
Compiler-generated copy constructor does not generate correct code for this class, so make it move-only type. Review-Url: https://codereview.chromium.org/2781993005 Cr-Commit-Position: refs/heads/master@{#44266}
-
Peter Marshall authored
We don't use it anywhere anymore. BUG= Change-Id: I9acd9c427c6af7422bbdf58088b61ceafd1ee655 Reviewed-on: https://chromium-review.googlesource.com/462968Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#44265}
-
bmeurer authored
The inlining logic doesn't account for the fact that the derived constructor could return a primitive, thus leaking the implicit receiver (which is the hole). R=jarin@chromium.org BUG=chromium:706642 Review-Url: https://codereview.chromium.org/2788603002 Cr-Commit-Position: refs/heads/master@{#44264}
-
Andreas Haas authored
The source set only contained a header file, which caused problems when compiling a static library with VS. R=machenbach@chromium.org BUG=v8:6158 Change-Id: I3eed4a888e72cf6a2917190e4a1db7b38006cd0c Reviewed-on: https://chromium-review.googlesource.com/463027Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#44263}
-