1. 30 Jul, 2018 1 commit
  2. 05 Jun, 2018 1 commit
  3. 17 May, 2018 1 commit
  4. 14 Apr, 2018 1 commit
    • Jakob Kummerow's avatar
      [ubsan] Change Address typedef to uintptr_t · 2459046c
      Jakob Kummerow authored
      The "Address" type is V8's general-purpose type for manipulating memory
      addresses. Per the C++ spec, pointer arithmetic and pointer comparisons
      are undefined behavior except within the same array; since we generally
      don't operate within a C++ array, our general-purpose type shouldn't be
      a pointer type.
      
      Bug: v8:3770
      Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
      Change-Id: Ib96016c24a0f18bcdba916dabd83e3f24a1b5779
      Reviewed-on: https://chromium-review.googlesource.com/988657
      Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
      Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#52601}
      2459046c
  5. 19 Dec, 2017 1 commit
  6. 17 Nov, 2017 1 commit
    • Ulan Degenbaev's avatar
      [runtime] Make layout descriptor helper safe for concurrent marking. · 61bf2cc6
      Ulan Degenbaev authored
      The layout descriptor helper computes the object header size using
      map->instance_size() and map->GetInObjectProperties().
      
      It races with finalization of slack tracking, which changes both
      the instance size and the in-object properties count.
      
      This patch replaces the in-object properties count byte in the map
      with the byte that stores the start offset of in-object properties.
      
      The new byte can be used in the layout descriptor to compute the
      object header size and it is immutable.
      
      This patch also renames InstanceSize to InstanceSizeInWords where
      the instance size is represented in words.
      
      Bug: chromium:786069, chromium:694255
      Change-Id: I4b48c6944d3fe8a950bd7b0ba43d75216b177a78
      Reviewed-on: https://chromium-review.googlesource.com/776720
      Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      Reviewed-by: 's avatarIgor Sheludko <ishell@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#49461}
      61bf2cc6
  7. 18 Oct, 2017 1 commit
  8. 28 Jul, 2017 1 commit
  9. 10 Jul, 2017 1 commit
  10. 23 Jun, 2017 1 commit
  11. 31 May, 2017 1 commit
  12. 12 Jan, 2017 1 commit
  13. 07 Oct, 2016 3 commits
  14. 26 Oct, 2015 1 commit
  15. 30 Sep, 2015 1 commit
  16. 13 Aug, 2015 1 commit
  17. 11 Aug, 2015 1 commit
    • bmeurer's avatar
      [runtime] Store constructor function index on primitive maps. · 6c743b2b
      bmeurer authored
      This way we can greatly simplify the different variants of ToObject in
      our codebase and make them more uniform and robust.  Adding a new
      primitive doesn't require finding and changing all those places again,
      but it is sufficient to setup the constructor function index when
      allocating the map.
      
      We use the inobject properties field of Map, which is invalid primitive
      maps anyway.
      
      R=jkummerow@chromium.org
      
      Review URL: https://codereview.chromium.org/1276533003
      
      Cr-Commit-Position: refs/heads/master@{#30119}
      6c743b2b
  18. 03 Jun, 2015 1 commit
  19. 21 Apr, 2015 4 commits
    • jochen's avatar
      Revert of Reland "LayoutDescriptor should inherit from JSTypedArray" (patchset... · 1692380f
      jochen authored
      Revert of Reland "LayoutDescriptor should inherit from JSTypedArray" (patchset #3 id:40001 of https://codereview.chromium.org/1094333002/)
      
      Reason for revert:
      Breaks gbemu
      
      Original issue's description:
      > Reland "LayoutDescriptor should inherit from JSTypedArray"
      >
      > Original issue's description:
      > > LayoutDescriptor should inherit from JSTypedArray
      > >
      > > It can't just inherit from a FixedTypedArray-like type, as we soon
      > > assume that a FixedTypedArray-like type is always held by an
      > > ArrayBufferView-like type
      > >
      > > BUG=v8:3996
      > > R=ishell@chromium.org,verwaest@chromium.org
      > > LOG=n
      >
      > BUG=v8:3996
      > R=ishell@chromium.org,verwaest@chromium.org
      > LOG=n
      
      TBR=ishell@chromium.org,verwaest@chromium.org
      NOPRESUBMIT=true
      NOTREECHECKS=true
      NOTRY=true
      BUG=v8:3996
      
      Review URL: https://codereview.chromium.org/1080403004
      
      Cr-Commit-Position: refs/heads/master@{#27975}
      1692380f
    • jochen's avatar
      Reland "LayoutDescriptor should inherit from JSTypedArray" · d20660e0
      jochen authored
      Original issue's description:
      > LayoutDescriptor should inherit from JSTypedArray
      >
      > It can't just inherit from a FixedTypedArray-like type, as we soon
      > assume that a FixedTypedArray-like type is always held by an
      > ArrayBufferView-like type
      >
      > BUG=v8:3996
      > R=ishell@chromium.org,verwaest@chromium.org
      > LOG=n
      
      BUG=v8:3996
      R=ishell@chromium.org,verwaest@chromium.org
      LOG=n
      
      Review URL: https://codereview.chromium.org/1094333002
      
      Cr-Commit-Position: refs/heads/master@{#27973}
      d20660e0
    • jochen's avatar
      Revert of LayoutDescriptor should inherit from JSTypedArray (patchset #1 id:1... · 8a309a1e
      jochen authored
      Revert of LayoutDescriptor should inherit from JSTypedArray (patchset #1 id:1 of https://codereview.chromium.org/1084793004/)
      
      Reason for revert:
      breaks mjsunit on debug bots
      
      Original issue's description:
      > LayoutDescriptor should inherit from JSTypedArray
      >
      > It can't just inherit from a FixedTypedArray-like type, as we soon
      > assume that a FixedTypedArray-like type is always held by an
      > ArrayBufferView-like type
      >
      > BUG=v8:3996
      > R=ishell@chromium.org,verwaest@chromium.org
      > LOG=n
      
      TBR=ishell@chromium.org,verwaest@chromium.org
      NOPRESUBMIT=true
      NOTREECHECKS=true
      NOTRY=true
      BUG=v8:3996
      
      Review URL: https://codereview.chromium.org/1073053006
      
      Cr-Commit-Position: refs/heads/master@{#27968}
      8a309a1e
    • jochen's avatar
      LayoutDescriptor should inherit from JSTypedArray · 6d79ceb2
      jochen authored
      It can't just inherit from a FixedTypedArray-like type, as we soon
      assume that a FixedTypedArray-like type is always held by an
      ArrayBufferView-like type
      
      BUG=v8:3996
      R=ishell@chromium.org,verwaest@chromium.org
      LOG=n
      
      Review URL: https://codereview.chromium.org/1084793004
      
      Cr-Commit-Position: refs/heads/master@{#27964}
      6d79ceb2
  20. 30 Mar, 2015 1 commit
  21. 19 Jan, 2015 1 commit
    • ishell's avatar
      Massive renaming of PropertyType values and other implied stuff. · 33994b4a
      ishell authored
      PropertyKind:
        DATA -> kData
        ACCESSOR -> kAccessor
      
      PropertyType:
        FIELD -> DATA
        CONSTANT -> DATA_CONSTANT
        ACCESSOR_FIELD -> ACCESSOR
        CALLBACKS -> ACCESSOR_CONSTANT
      
      PropertyLocation:
        IN_OBJECT -> kField
        IN_DESCRIPTOR -> kDescriptor
      
      StoreMode:
        FORCE_IN_OBJECT -> FORCE_FIELD
      
      FieldDescriptor -> DataDescriptor
      ConstantDescriptor -> DataConstantDescriptor
      CallbacksDescriptor -> AccessorConstantDescriptor
      
      Review URL: https://codereview.chromium.org/856503002
      
      Cr-Commit-Position: refs/heads/master@{#26146}
      33994b4a
  22. 15 Dec, 2014 1 commit
  23. 24 Nov, 2014 1 commit
  24. 11 Nov, 2014 1 commit
  25. 10 Nov, 2014 3 commits