- 19 Dec, 2017 30 commits
-
-
Bill Budge authored
- When allocating virtual memory, make sure addresses don't interfere with hard-coded sanitizer regions. Bug: v8:7146 Change-Id: I5bcb664b32bf53c8581772fe329190da6033701f Reviewed-on: https://chromium-review.googlesource.com/833171Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Commit-Queue: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#50208}
-
Michal Majewski authored
Pass shell name instead of an absolute path. Bug: v8:796166 Change-Id: Ia9472e893fd2cb3fde2a94997f3e9daf30da06ea Reviewed-on: https://chromium-review.googlesource.com/833917 Commit-Queue: Michał Majewski <majeski@google.com> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#50207}
-
Igor Sheludko authored
Bug: chromium:791368 Change-Id: I86d9df38698d9c8b6109d0a11579fa28810ba1dc Reviewed-on: https://chromium-review.googlesource.com/833908Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#50206}
-
Clemens Hammacher authored
Similar to wasm, do also mask memory accesses from asm.js code as an additional protection against OOB accesses. R=ahaas@chromium.org CC=titzer@chromium.org, mstarzinger@chromium.org Change-Id: Iee7124c6d6078fb52cd1caa37b013c919c5505fb Reviewed-on: https://chromium-review.googlesource.com/833914Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#50205}
-
Leszek Swirski authored
Move the object and array literal flag and depth initialization to when they are visited by the bytecode generator. This avoids issues with doing this initialization before we know whether the (syntactic) literal is actually a literal value or a destructuring assignment. Bug: chromium:795922 Bug: v8:7178 Change-Id: I022178ab4bc9e71f80560f3b78a759d95d4d0584 Reviewed-on: https://chromium-review.googlesource.com/833882Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#50204}
-
Michal Majewski authored
Bug: v8:6917 Change-Id: I175fa426546f2f3775a35f1094dfb19e06b2185d Reviewed-on: https://chromium-review.googlesource.com/832394 Commit-Queue: Michał Majewski <majeski@google.com> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#50203}
-
Michal Majewski authored
First step in moving all statusfile logic into statusfile.py. Introduce StatusFile object that will be used for storing and managing outcomes. Bug: v8:6917 Change-Id: I024f9b1d029830345149422a08a8905e92545252 Reviewed-on: https://chromium-review.googlesource.com/832433 Commit-Queue: Michał Majewski <majeski@google.com> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#50202}
-
Michal Majewski authored
Fix unittests since they were incompatible with the new testcase and testsuite API. Bug: v8:6917 Change-Id: I917bf58e21402e0b90bc91c0483ade0e7c90bdd6 Reviewed-on: https://chromium-review.googlesource.com/832392 Commit-Queue: Michał Majewski <majeski@google.com> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#50201}
-
Michal Majewski authored
Bug: v8:6917 Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng Change-Id: Ia52d4bedbeff5b93915ef69a2dc78f6d92669061 Reviewed-on: https://chromium-review.googlesource.com/832467 Commit-Queue: Michał Majewski <majeski@google.com> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#50200}
-
Michael Achenbach authored
This reverts commit 6633ad56. Reason for revert: https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/builds/18850 Original change's description: > [wasm] Stop decoding operands after error. > > When we decode operands of WebAssembly instructions, we do not use the > current pc but a pc of the instruction plus some offset. However, the > pc of the instruction + offset can become invalid in case of a decoder > error. Therefore we have to stop decoding operands explicitly in case > of an error. > > R=clemensh@chromium.org > > Bug: chromium:795131 > Change-Id: I3b7b45782c71a70364adf930bee3e94a1be88fea > Reviewed-on: https://chromium-review.googlesource.com/832867 > Commit-Queue: Andreas Haas <ahaas@chromium.org> > Reviewed-by: Clemens Hammacher <clemensh@chromium.org> > Cr-Commit-Position: refs/heads/master@{#50196} TBR=ahaas@chromium.org,clemensh@chromium.org Change-Id: I5a67f77285fdedc7f4645f8efaaf0087b4046011 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:795131 Reviewed-on: https://chromium-review.googlesource.com/832650Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#50199}
-
Yang Guo authored
R=jgruber@chromium.org Bug: v8:7227, v8:7228 Change-Id: I2c567a6bf4a3d1128559ae440182bd14fb78d005 Reviewed-on: https://chromium-review.googlesource.com/832462 Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#50198}
-
Sathya Gunasekaran authored
The fast paths aren't pure and have side effects like calling out to the debugger and runtime calls. Note: These aren't "fast" paths per se, but just *native promise* code paths. Forcing the slow path omits these calls to the debugger and runtime causing test failures. Bug: v8:7148 Change-Id: Idf46a33622a6edf03d69fefa4c6bfb7efc8ea625 Reviewed-on: https://chromium-review.googlesource.com/824102Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#50197}
-
Andreas Haas authored
When we decode operands of WebAssembly instructions, we do not use the current pc but a pc of the instruction plus some offset. However, the pc of the instruction + offset can become invalid in case of a decoder error. Therefore we have to stop decoding operands explicitly in case of an error. R=clemensh@chromium.org Bug: chromium:795131 Change-Id: I3b7b45782c71a70364adf930bee3e94a1be88fea Reviewed-on: https://chromium-review.googlesource.com/832867 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#50196}
-
Michael Achenbach authored
This is to make the diffs on rolls and releases smaller. NOTRY=true Change-Id: I3fb837a70e7b5be0f9d5b5b7ea6318d6a22ebd32 Reviewed-on: https://chromium-review.googlesource.com/832464Reviewed-by: Michael Hablich <hablich@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#50195}
-
Georg Neis authored
It's still unused there but now at least it ends up in the feedback vector. Bug: v8:6791 Change-Id: I0114d317830b80be4715c74dc5a8950fff4d3485 Reviewed-on: https://chromium-review.googlesource.com/829136Reviewed-by: Michael Stanton <mvstanton@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#50194}
-
Andreas Haas authored
There was an issue when the caller of a function with multiple returns did not use all values which were returned over the stack. The caller used only the used returns to calculate the offsets on the stack, whereas the callee used all returns to calculate the offsets. With this CL also the caller uses all returns to calculate the stack offsets and thereby agrees again with the callee on the location of all returns. In addition I fixed an issue on x64: A quad word is reserved on the stack frame to spill callee-saved FP registers, which is not pointer size. R=titzer@chromium.org Change-Id: Ibe56b4b57e4b6e59071a868805b1237412344f93 Reviewed-on: https://chromium-review.googlesource.com/824043Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#50193}
-
Clemens Hammacher authored
This is the counterpart of https://crrev.com/c/822471. It implements asm.js bounds checks for loads using normal branch nodes and removes the need for CheckedLoad, improving maintainability at some small cost to compilation time. R=ahaas@chromium.org CC=mstarzinger@chromium.org, titzer@chromium.org Change-Id: I7a2716f364b9e4d7beb9cc460eb028c3bd1c3a99 Reviewed-on: https://chromium-review.googlesource.com/832457 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#50192}
-
Sigurd Schneider authored
Bug: v8:7127, v8:6270 Change-Id: Ic35a9b7a5145115736934b0c7de6ace26e9c0e51 Reviewed-on: https://chromium-review.googlesource.com/832966 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#50191}
-
Yang Guo authored
R=mlippautz@chromium.org Bug: chromium:795856 Change-Id: I2a631a94e4bc0c000842923a962e812e0370b837 Reviewed-on: https://chromium-review.googlesource.com/832454 Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#50190}
-
Sigurd Schneider authored
Bug: v8:7127 Change-Id: I9081710445bf44e1af18e8f254f373c5736792a5 Reviewed-on: https://chromium-review.googlesource.com/832477Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#50189}
-
Jakob Gruber authored
Teach the fuzzer about the new DotAll flag. Bug: v8:6612 Change-Id: I92d6bfd920f5daef6733b1c547063ede718ecc8f Reviewed-on: https://chromium-review.googlesource.com/832748Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#50188}
-
Clemens Hammacher authored
The memory size is always stored as 32 bit value, so the comparison should always be done in 32 bit space. R=ahaas@chromium.org Change-Id: Ic059e63bf1dc9e8bf568dbb5f8d7ccde1da4761a Reviewed-on: https://chromium-review.googlesource.com/832473Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#50187}
-
Michael Achenbach authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/9caf5bf..9f00b2f Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/9cfb34e..035dfdb Rolling v8/third_party/instrumented_libraries: https://chromium.googlesource.com/chromium/src/third_party/instrumented_libraries/+log/2841745..b7578b4 Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/ec766dc..07e0150 Rolling v8/tools/luci-go: https://chromium.googlesource.com/chromium/src/tools/luci-go/+log/45a8a51..564ab65 TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org Change-Id: Ibb83e4858f476caaece11b8365234351a2211995 Reviewed-on: https://chromium-review.googlesource.com/832788 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Reviewed-by: v8 autoroll <v8-autoroll@chromium.org> Cr-Commit-Position: refs/heads/master@{#50186}
-
Michael Achenbach authored
Bug: Change-Id: I7d4152139548d8a24c0b444dfff3c363bf92680b Reviewed-on: https://chromium-review.googlesource.com/816836 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#50185}
-
Clemens Hammacher authored
Even inside an "#ifdef DEBUG", we still want to use the DCHECK macro instead of CHECK in order to get the "correct" error message. Drive-by: Remove "#ifdef DEBUG" around DCHECKS in macro-assembler-x64.cc R=ahaas@chromium.org CC=mtrofin@chromium.org Change-Id: I5b92c87fa9b10e5751cc2704d6218bee292cfb8f Reviewed-on: https://chromium-review.googlesource.com/832687Reviewed-by: Mircea Trofin <mtrofin@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#50184}
-
Clemens Hammacher authored
Remove comment about usage of FATAL, UNREACHABLE and UNIMPLEMENTED, which was deprecated since https://crrev.com/1410713006. Also, refactor the FATAL macro and use it for implementing UNREACHABLE and UNIMPLEMENTED, and in more code. The benefit over printf + CHECK(false) is that the compiler knows that FATAL will never return. R=bmeurer@chromium.org Change-Id: I8c2ab3b4e6edfe8eff5ec6fdf3d92b15d0ed7126 Reviewed-on: https://chromium-review.googlesource.com/832726Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#50183}
-
Michael Achenbach authored
This reverts commit c3dda0bb. Reason for revert: Breaks gc stress bots: https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20gc%20stress/builds/14266 Original change's description: > Enable --harmony-function-tostring by default > > Update tests to work with new behavior. > > This feature is shipping in Firefox 54, so compatibility risk is low. > > R=littledan@chromium.org, adamk@chromium.org, caitp@igalia.com > CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel > > Bug: v8:4958 > Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng > Change-Id: Ib16d19468cf935f961d7bcd856ebbeb5692d3e61 > Reviewed-on: https://chromium-review.googlesource.com/546941 > Commit-Queue: Josh Wolfe <jwolfe@igalia.com> > Reviewed-by: Adam Klein <adamk@chromium.org> > Cr-Commit-Position: refs/heads/master@{#50178} TBR=adamk@chromium.org,hablich@chromium.org,kozyatinskiy@chromium.org,littledan@chromium.org,caitp@igalia.com,jwolfe@igalia.com Change-Id: Ie5dd0bd2b97ae6d0126edec6373e48abe0eeb3f0 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:4958 Reviewed-on: https://chromium-review.googlesource.com/832649 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#50182}
-
Sergiy Byelozyorov authored
TBR=sergiyb@chromium.org No-Try: true Change-Id: I16311dee2256f800f9d8fd297e1d45ae301fa207 Reviewed-on: https://chromium-review.googlesource.com/832452Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org> Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org> Cr-Commit-Position: refs/heads/master@{#50181}
-
Sergiy Byelozyorov authored
TBR=sergiyb@chromium.org No-Try: true Change-Id: I86256c61155e42c193a2532adc15392c0bf33e3b Reviewed-on: https://chromium-review.googlesource.com/832451 Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org> Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org> Cr-Commit-Position: refs/heads/master@{#50180}
-
marcin authored
Patch will decrease size of JS files included into Chrome APK (about 11 KB now) Bug: Change-Id: I701c9904fbf22fd295199f255601dea6524a3766 Reviewed-on: https://chromium-review.googlesource.com/821071Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Marcin Wiącek <marcin@mwiacek.com> Cr-Commit-Position: refs/heads/master@{#50179}
-
- 18 Dec, 2017 10 commits
-
-
Josh Wolfe authored
Update tests to work with new behavior. This feature is shipping in Firefox 54, so compatibility risk is low. R=littledan@chromium.org, adamk@chromium.org, caitp@igalia.com CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel Bug: v8:4958 Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng Change-Id: Ib16d19468cf935f961d7bcd856ebbeb5692d3e61 Reviewed-on: https://chromium-review.googlesource.com/546941 Commit-Queue: Josh Wolfe <jwolfe@igalia.com> Reviewed-by: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#50178}
-
Igor Sheludko authored
This CL removes LoadScriptContextFieldStub and StoreScriptContextFieldStub. Bug: v8:7206, chromium:576312 Change-Id: I217eeb726ca7d1ec85a67331da4941b9ac2a4b7a Reviewed-on: https://chromium-review.googlesource.com/831867Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#50177}
-
Alexey Kozyatinskiy authored
We should not report promise created for async function as candidate for stepping. Regular StepInto works fine in this case. TBR=dgozman@chromium.org Bug: none Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel Change-Id: I8dafec5417df0de593cb2a1c06d6a11093e7c64b Reviewed-on: https://chromium-review.googlesource.com/828024Reviewed-by: Dmitry Gozman <dgozman@chromium.org> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> Cr-Commit-Position: refs/heads/master@{#50176}
-
Andreas Haas authored
I also added a test for movdqa, which was already implemented. R=bmeurer@chromium.org Change-Id: I6dd5cba072f1439dcdfb5f975de116e4534c7581 Reviewed-on: https://chromium-review.googlesource.com/832466Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#50175}
-
Clemens Hammacher authored
The WasmCompiledModule is kept alive from the Script, which again is kept alive then the debugger is enabled. This, however, should not keep the whole context alive, including the global object. Hence, we only store a weak reference to the native context. R=ahaas@chromium.org Bug: chromium:750256 Change-Id: Ia409995c40fb3e90665534fbc94c6eafc081c4e5 Reviewed-on: https://chromium-review.googlesource.com/832126 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#50174}
-
Clemens Hammacher authored
The interface of {WasmCompiledModule} currently mostly receives and provides handles to the contained data. Other interfaces don't (see {object-macros.h}. This leads to performance and memory overhead for chained accesses like {instance->compiled_module()->shared()->script()}, because intermediate accessors allocate Handles for no reason. It also breaks the constraints that lower-case accessors should be trivial to execute, but allocating a handle is not trivial (should not be done in a loop if not needed). It also silences gcmole errors, as documented in https://crrev.com/c/832268. R=ahaas@chromium.org, mtrofin@chromium.org Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: Ib82fb295977a47b4a8ab9bae9c9b6e2b235ad5e5 Reviewed-on: https://chromium-review.googlesource.com/832387 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Mircea Trofin <mtrofin@chromium.org> Cr-Commit-Position: refs/heads/master@{#50173}
-
Sigurd Schneider authored
This CL allows deopts from CheckString to disable speculation. Bug: v8:7127, v8:6270 Change-Id: I029caeb61c509e5eb51b169ac42596d632f7c75a Reviewed-on: https://chromium-review.googlesource.com/831866 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#50172}
-
Sigurd Schneider authored
This CL passes feedback from the element kind deopt points in Array.push to the deoptimizer. If the deopt points are triggered, further speculation on Array.push is disallowed. Bug: v8:7127, v8:7204 Change-Id: Ie91dee598bd8b8797110c8f468406327226893a4 Reviewed-on: https://chromium-review.googlesource.com/831523 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#50171}
-
Leszek Swirski authored
Move the one remaining optimization disabling in AST numbering (native function literals) to be in the parser. Bug: v8:7178 Change-Id: Icd96020622cbe64afa11b42c5831618247e3e021 Reviewed-on: https://chromium-review.googlesource.com/814399 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#50170}
-
Clemens Hammacher authored
Make sure that a continue still executed the increment part of a for loop by adding another nested block for the body, which is the break target for a continue in the body. The increment code lives outside this block, in the original loop. R=bradnelson@chromium.org CC=mstarzinger@chromium.org Bug: chromium:788916 Change-Id: I178b874ffac16d9237a0f4da097d2742bd93335a Reviewed-on: https://chromium-review.googlesource.com/832447 Commit-Queue: Brad Nelson <bradnelson@chromium.org> Reviewed-by: Brad Nelson <bradnelson@chromium.org> Cr-Commit-Position: refs/heads/master@{#50169}
-