- 18 Jun, 2019 33 commits
-
-
Dan Elphick authored
Handlifies exception object as CollectSourcePositions can trigger GCs. Bug: v8:8510 Change-Id: I29579b200af28bda30ccb5f2cf2e5a48f502c8f2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664334 Commit-Queue: Dan Elphick <delphick@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Auto-Submit: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#62262}
-
Yang Guo authored
R=petermarshall@chromium.org Bug: chromium:952455 Change-Id: Ib08a20e1d1fac7ef943f15ff524ee4e7c1c15507 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662290 Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#62261}
-
Jakob Gruber authored
This class used to be based on DispatchTable, which itself uses an interval tree to both categorize and canonicalize ranges (i.e. such that no overlap and all immediately adjacent ranges are merged). The produced ranges were then entered into lists for {bmp,lead_surrogate,trail_surrogate,non_bmp} splits. With this CL, we simplify to a plain loop over all character range kinds instead. The dispatch table (and ZoneSplayList, perhaps SplayList) can be removed in follow-ups. Bug: v8:9359 Change-Id: I9c6b72f3bc44d1557af7c74419709ae5662611f1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664053 Auto-Submit: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Peter Marshall <petermarshall@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#62260}
-
Milad Farazmand authored
Consistently using word sized loads on all architectures. Original port: ea420655 Change-Id: I1083b977eb3c1688e67d68a69a9311bafbb52584 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1663994 Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Junliang Yan <jyan@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#62259}
-
Yang Guo authored
This does not delete the files in the old locations yet since we need to fix up the references in Chrome and Node.js. Bug: v8:9247 Change-Id: I75dd469e19b6d4249ed187dd6d095d306f1b6c45 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1649355Reviewed-by: Pavel Feldman <pfeldman@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#62258}
-
Ben L. Titzer authored
Extract the maximum on-heap typed array size to a constant in the JSTypedArray class. Add tests for allocating typed arrays of various sizes and validate through the API whether they are allocated on heap. It is not possible to observe from JavaScript. R=mstarzinger@chromium.org Change-Id: I1298e0a49010de829edaad32b7d6c6c9c52704fb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662572 Commit-Queue: Ben Titzer <titzer@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#62257}
-
Z Nguyen-Huu authored
ObjectGetPrototypeOf and ReflectGetPrototypeOf are now Torque builtins (previously CPP) and the Proxy path is implemented completely in Torque while everything else calls into runtime (and is thus a bit slower than previously). Perf improvement in micro-benchmark JSTests/Proxies Before: GetPrototypeOfWithoutTrap-Proxies(Score): 1876 GetPrototypeOfWithTrap-Proxies(Score): 857 After: GetPrototypeOfWithoutTrap-Proxies(Score): 2810 GetPrototypeOfWithTrap-Proxies(Score): 3197 Bug: v8:6664 Change-Id: If60dda67d6e90c2d6f0ec743f6cb7c0fff54d607 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1658717 Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#62256}
-
Joyee Cheung authored
This patch adds a new assign type `PRIVATE_METHOD`. We now use this for private method references in the form `obj.#key` when `#key` resolves to a private method. To obtain the type of the key variables after scope analysis, this patch add a bit to Variable to recognize private method variables whose load requires a brand check. Also renamed `PropertyExpressionWithPrivateFieldKey` in ExpressionType to `PrivateReference` and added `PRIVATE_CALL` to `CallType` - we'll use the new types later when we implement private methods, which require special brand checking semantics to load methods directly from the context instead of from the object in order to save memory. Bug: v8:8330 Change-Id: Idc1dcd4d514c1b3f8a31c99e49e34249449f0677 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1642772 Commit-Queue: Joyee Cheung <joyee@igalia.com> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#62255}
-
Mythri A authored
Bug: v8:8394, v8:8801, v8:9183 Change-Id: I29ff1a6dda97e89335b30fcc8c380bcb4055e1fb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664690Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Mythri Alle <mythria@chromium.org> Cr-Commit-Position: refs/heads/master@{#62254}
-
Maciej Goszczycki authored
kOwnerOffset is redundant after 8a437788 since we check the READ_ONLY_HEAP bit instead of MemoryChunk::owner_ in heap-write-barrier-inl.h Bug: v8:9183 Change-Id: Ia0fbb530c088b8a87c551a99cc29d8cf7bd118f5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664341Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Maciej Goszczycki <goszczycki@google.com> Auto-Submit: Maciej Goszczycki <goszczycki@google.com> Cr-Commit-Position: refs/heads/master@{#62253}
-
Maciej Goszczycki authored
HeapControllerTest no longer exists while the other HeapTests use IsolateData instead of Heap. Bug: v8:9183 Change-Id: I1d17dfb9edb167147e2434bc4097147cea7e277b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664339 Commit-Queue: Maciej Goszczycki <goszczycki@google.com> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Auto-Submit: Maciej Goszczycki <goszczycki@google.com> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#62252}
-
Darius Mercadier authored
Having O(1) access to the length of the free lists on a given Page will be useful to compute fragmentation and to implement efficient heuristics to select evacuation candidates. Bug: v8:9329 Change-Id: I92c7fcc38c89dcb18fef4ce7cc9ebf0b83d03dc5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664065Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Darius Mercadier <dmercadier@google.com> Cr-Commit-Position: refs/heads/master@{#62251}
-
Maciej Goszczycki authored
Previously the ReadOnlyHeap simply discarded all but the first ReadOnlyDeseralizer. ClearSharedHeapForTest should be called if using a new ReadOnlyDeserializer (this might change in the future). Remove an obsolete 'StartupSerializerRootMapDependencies' test. It used to test Map::WeakCellForMap which doesn't exist anymore and was difficult to adapt to a shared read-only heap. Bug: v8:7464 Change-Id: I64b8e953b0e3466e003541ec8a9321e439a01d33 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1660612Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Dan Elphick <delphick@chromium.org> Commit-Queue: Maciej Goszczycki <goszczycki@google.com> Cr-Commit-Position: refs/heads/master@{#62250}
-
Thibaud Michaud authored
R=ahaas@chromium.org CC=titzer@chromium.org Bug: v8:9231 Change-Id: I209f7c89c99408a53a8db6a6af1ed795f6668a1d Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1655653 Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#62249}
-
Michael Starzinger authored
The modules generated by translation from asm.js to WebAssembly are valid by construction, an eager sequential validation is not required. This behavior has been the default and recently broke by a refactoring, hence this just re-enables the path in question. R=ahaas@chromium.org BUG=chromium:969368 Change-Id: I29811a7f278aed0f34c09483394a60b4b865ab6b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664335Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#62248}
-
Michael Achenbach authored
NOTRY=true Change-Id: Ic57b26b9a2732a43dcac4445be4f57d3bb5e7396 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664071Reviewed-by: Tamer Tas <tmrts@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#62247}
-
Georg Schmid authored
We previously only optimized cases like Parent <- Decompression <- Compression <- Child to Parent <- Child This CL also adds the complementary optimization, namely, it reduces Parent <- Compression <- Decompression <- Child as above. Such a cases became apparent after a recent extension of CSA load elimination (see https://chromium-review.googlesource.com/c/v8/v8/+/1660626), breaking a load elimination test case and thus the pointer compression build. R=jarin@chromium.org, solanes@chromium.org Change-Id: Ic730d05175f214e7055f94704141744ca44fefe5 Bug: v8:9353 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664070 Commit-Queue: Georg Schmid <gsps@google.com> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/master@{#62246}
-
Georg Neis authored
What it says is can be summarized as "follow the style guide" plus some notes about TODOs that don't reflect reality. Change-Id: I058a2d11a505c4f9a57f518daa142cc1240109d5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1649354Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#62245}
-
Sigurd Schneider authored
Change-Id: Iedb78a62886177f5c603b2f3ce9b586ac1320d31 Bug: chromium:968078 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664067Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#62244}
-
Mythri A authored
We don't want to handle even non-growing stores when there are TypedArrays in the prototype chain. Typed arrays handle the out-of-bounds accesses by ignoring the stores unlike the regular array writes. We just let runtime handle these cases instead of making ICs more complex. There was an earlier cl (https://chromium-review.googlesource.com/c/v8/v8/+/1609790) that fixed it for growing stores. This cl extends it for non-growing stores as well to handle more cases. Bug: chromium:961709 Change-Id: I65e079b88c10d2ba343f69a67134893319cd8f8a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662305 Commit-Queue: Mythri Alle <mythria@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#62243}
-
Jakob Gruber authored
Bug: v8:9359 Change-Id: I1b490c928ed884f4ad33e005699f98614be75233 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662306 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Auto-Submit: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#62242}
-
Jakob Gruber authored
Move this straggler to its use-site in regexp-compiler.cc. Bug: v8:9359 Change-Id: Ia5393140de5a1c8d70ac410ef6239eabfec130b3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662303 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Auto-Submit: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#62241}
-
Jakob Gruber authored
This CL renames jsregexp.{h,cc} to regexp.{h,cc}, hides all non-public functions of RegExpImpl in the .cc file, and renames the public parts of RegExpImpl to just RegExp. Include directives from outside the src/regexp directory are limited to regexp.h, regexp-stack.h, and regexp-utils.h. We also expose all result codes that can be returned by irregexp code (including RETRY) on the public header since they are needed elsewhere, e.g. in builtins. Bug: v8:9359 Change-Id: Iae1a01ac9f6e1e4dc168f3fbe8fe8679cb6b1259 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662297Reviewed-by: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Peter Marshall <petermarshall@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#62240}
-
Tobias Tebbi authored
Bug: chromium:974476 Change-Id: I719812e93345b5f7aa9b1e4e594d02ae9a1c4208 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664063Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#62239}
-
Michael Achenbach authored
Change-Id: I4337832c99c3644fba085102d4e7f32f5ba545e9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664332Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#62238}
-
Sigurd Schneider authored
This is a reland of ac79b539 This CL adds a missing BlockPoolsScope to guard a RequestHeapObject call. This fixes a latend bug that the original land flushed out. Original change's description: > [arm64] Refactor constant pool implementation > > This refactors the constant pool handling for arm64. The immediate goal > is to allow 32bit compressed pointers in the pool. The mediate goal is > to unify the implementation with the arm constant pool, which will be > done in a follow-up CL. > > Bug: v8:8054 > Change-Id: I74db4245e5e1025f2e4de4144090fa4ce25883ab > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1645316 > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Commit-Queue: Sigurd Schneider <sigurds@chromium.org> > Cr-Commit-Position: refs/heads/master@{#62209} TBR=mstarzinger@chromium.org,jgruber@chromium.org,georgia.kouveli@arm.com Bug: v8:8054 Change-Id: I1e3ab13619a48caad33d77ed8bed86782f9d9674 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664054Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#62237}
-
Mike Stanton authored
This CL is an improvement on https://chromium-review.googlesource.com/c/v8/v8/+/1664052 which introduced unnecessary boilerplate (now reverted). The code objects for resolve/reject handlers are builtins, and therefore already serialized. R=jarin@chromium.org Bug: v8:7790 Change-Id: I6a49110aa794d4bd380cabd40e67fba7783e642a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664055 Commit-Queue: Michael Stanton <mvstanton@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#62236}
-
Benedikt Meurer authored
This adds missing support when converting a Word32 value (either in Signed32 or Unsigned32 range) to Word64 representation, for which the type also includes MinusZero. This conversion is fine as long as the difference between 0 and -0 is not observable (in other words, as long as the truncation identifies zeros). Bug: chromium:971782, chromium:225811, v8:4153, v8:7881, v8:8171, v8:8383 Change-Id: I9d350a25f57b1342eb7fd1279d55a8610bdaf7cd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664062Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#62235}
-
Michael Achenbach authored
NOTRY=true Bug: v8:9361 Change-Id: I6caa0d7609cdbf5fd5ff3f4ae668403c31af9ca3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664058Reviewed-by: Tamer Tas <tmrts@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#62234}
-
Darius Mercadier authored
This function was functionnaly equivalent to FreeList::TryFindNodeIn. They probably were different when FindNodeIn was iterating through the empty FreeListCategories, but since CL 1648476, FreeListCategories in the FreeList can't be empty, and there was therefore never more than a single iteration of FindNodeIn's while loop. Bug: v8:9329 Change-Id: Ief7275ef55edb46b8bb35bce0783fbfd28534925 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1660615 Commit-Queue: Darius Mercadier <dmercadier@google.com> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Cr-Commit-Position: refs/heads/master@{#62233}
-
Georg Schmid authored
This CL allows CsaLoadElimination to retain some information in the presence of StoreToObject nodes. Two stores to an object don't alias if either the objects or the offsets don't alias. The analysis approximates either of these two conditions conservatively as follows: - Freshly allocated, distinct objects cannot alias. - Two objects cannot alias if one of is freshly allocated and the other was passed as a parameter or is a heap constant. - Two offsets cannot alias if they are both constant and distinct from each other. R=jarin@chromium.org, tebbi@chromium.org Change-Id: Ibec81913b413f81a3f7cbd40544a22d3711e6e5a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1660626 Commit-Queue: Georg Schmid <gsps@google.com> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#62232}
-
Michael Stanton authored
This reverts commit 0c5479df. Reason for revert: Turns out there is a simpler way to do this. Original change's description: > [Turbofan] Make JSCallReducer::ReducePromiseConstructor concurrent > > The only piece missing at this point was to serialize the code > objects for the resolve and reject handlers. > > Bug: v8:7790 > Change-Id: If636f9d74dfc9606cf5f45c4f02dd118fb5d8f00 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662295 > Commit-Queue: Michael Stanton <mvstanton@chromium.org> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> > Cr-Commit-Position: refs/heads/master@{#62215} TBR=mvstanton@chromium.org,jarin@chromium.org Change-Id: Ie67326c850623eede8a63b50c5705682db784212 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:7790 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664052Reviewed-by: Michael Stanton <mvstanton@chromium.org> Commit-Queue: Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/master@{#62231}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/8ef7aaa..be684b6 Rolling v8/buildtools: https://chromium.googlesource.com/chromium/src/buildtools/+log/6ae683b..6f3775a Rolling v8/buildtools/linux64: git_revision:8c7f49102234f4f4b9349dcb258554675475e596..git_revision:81ee1967d3fcbc829bac1c005c3da59739c88df9 Rolling v8/third_party/android_sdk/public: ki7EDQRAiZAUYlnTWR1XmI6cJTk65fJ-DNZUU1zrtS8C..xhyuoquVvBTcJelgRjMKZeoBVSQRjB7pLVJPt5C9saIC Rolling v8/third_party/android_sdk/public: iIwhhDox5E-mHgwUhCz8JACWQCpUjdqt5KTY9VLugKQC..ppQ4TnqDvBHQ3lXx5KPq97egzF5X2FFyOrVHkGmiTMQC Rolling v8/third_party/android_sdk/public: 4Y2Cb2LGzoc-qt-oIUIlhySotJaKeE3ELFedSVe6Uk8C..MSnxgXN7IurL-MQs1RrTkSFSb8Xd1UtZjLArI8Ty1FgC Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/2e4b470..f6c289d Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/bc23ca1..2313020 Rolling v8/third_party/googletest/src: https://chromium.googlesource.com/external/github.com/google/googletest/+log/076b7f7..d700357 TBR=machenbach@chromium.org,sergiyb@chromium.org,tmrts@chromium.org Change-Id: Ibee14c27a78dbb0c30494bdac8d663a61dc9535d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662979Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#62230}
-
- 17 Jun, 2019 7 commits
-
-
Igor Sheludko authored
... in b9591a58 and then in 595813c6. Tbr: verwaest@chromium.org Change-Id: I0336cc5729532e23597aaab6966dfa602f84bc73 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662575Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#62229}
-
Seth Brenith authored
This change removes the special case in the Torque compiler for types that descend from JSObject: they will no longer get implicit "| Undefined" appended to their types for verification purposes. It removes any additional custom verification steps in objects-debug that are made redundant by that change. In order to do so safely, I categorized all cases where we were implicitly adding "| Undefined" to the field type, as follows: 1. Classes that aren't using the generated verifier function (we should probably revisit these, but for now we at least know they're safe): - JSGlobalObject - JSFinalizationGroup - JSFinalizationGroupCleanupIterator 2. Classes where the existing verifier is already at least as strict as what we would get after removing the implicit "| Undefined": - JSDate - JSPromise - JSRegExp - JSRegExpStringIterator - WasmMemoryObject - JSWeakRef - JSStringIterator - WasmExceptionObject - JSListFormat (fixed in part 1) - JSPluralRules (fixed in part 1) - JSRelativeTimeFormat (fixed in part 1) - JSSegmenter (fixed in part 1) - JSArrayBufferView (fixed in part 1) - JSTypedArray (fixed in part 1) 3. Classes where, to the best of my knowledge based on code inspection, we already initialize the object correctly to pass the new stricter generated verifier: - JSFunction - JSArrayIterator - JSMessageObject - JSBoundFunction - JSAsyncFromSyncIterator - WasmModuleObject - JSAsyncFunctionObject 4. Classes that needed some adjustment to their initialization order to avoid exposing uninitialized state to the GC: - JSArray (only in Factory::NewJSArray; Runtime_NewArray and CodeStubAssembler::AllocateJSArray already behave fine) - WasmTableObject - JSDateTimeFormat - JSNumberFormat - JSCollator - JSV8BreakIterator - JSLocale - JSSegmentIterator - JSModuleNamespace 5. Classes that had incorrect type definitions in Torque: - WasmGlobalObject (category 4 after correction) 6. Classes that weren't fully initialized due to bugs: - JSGeneratorObject - JSAsyncGeneratorObject Bug: v8:9311 Change-Id: I99ab303d3352423f50a3d0abb6eb0c9b463e7552 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1654980 Commit-Queue: Seth Brenith <seth.brenith@microsoft.com> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#62228}
-
Z Nguyen-Huu authored
Bug: v8:664 Change-Id: I180a59462bd22a1f2378a59fd31edbb539603a1f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1659569 Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com> Reviewed-by: Maya Lekova <mslekova@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#62227}
-
Michael Starzinger authored
R=titzer@chromium.org TEST=mjsunit/regress/regress-crbug-969368 BUG=chromium:969368 Change-Id: If8cdd3a170c3c0e487daa2c2dd9e347fb8eabafd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662571Reviewed-by: Ben Titzer <titzer@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#62226}
-
Igor Sheludko authored
Bug: v8:9353 Change-Id: I2824e237ce52cd7434e181d033b346e603fe61c4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662296 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#62225}
-
Ross McIlroy authored
Bug: v8:8801,v8:8394,v8:9183 Change-Id: I5ceaf731a1b2720f086e6791fe08caaaa55de030 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662568 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Mythri Alle <mythria@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Auto-Submit: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#62224}
-
Mythri A authored
Bug: v8:8801, v8:8394, v8:9183 Change-Id: Ie2858af4863511d5f67b662ac6f6f79512f55e7e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662307 Commit-Queue: Mythri Alle <mythria@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#62223}
-