- 02 Aug, 2021 10 commits
-
-
Camillo Bruni authored
- Add V8_WARN_UNUSED_RESULT to TryCopyAndConvertArrayToCppBuffer methods - Remove --force-slow-path implications in Object::IterationHasObservableEffects Bug: v8:11739 Change-Id: I20dcac1c460c6ee116ff372806cdf8764a99d9f1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3063504Reviewed-by: Victor Gomes <victorgomes@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#76037}
-
Victor Gomes authored
Instead of throwing a fatal error when setting a value in an array with index larger than FixedArray:kMaxLength, we now throw an exception. This CL propagates the exception in StoreInArrayLiteralIC. Bug: chromium:1235093, chromium:1201626 Change-Id: Iaffd4eff47ad689fce2fd641ce1beaddd02d1a48 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3067220 Auto-Submit: Victor Gomes <victorgomes@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#76036}
-
Clemens Backes authored
This avoids having all code writable while compiling functions. We only need it writable for copying the code to the NativeModule and for updating the jump table(s). R=jkummerow@chromium.org Change-Id: Ifb212b1cd3f7702fac4b1eb9e7bc7d5b5bd5198a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3063221Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#76035}
-
Clemens Backes authored
For large frames we are executing a special stack check that checks the remaining stack space before allocating the new frame. Different platforms used different limits for the frame size so far. Liftoff already uses 4KB everywhere, hence use the same limit also for TurboFan. Drive-by: Remove an outdated and misleading comment, and other minor simplification. R=ahaas@chromium.org Bug: v8:12017 Change-Id: I6548b2293ec255349bf4e08c26fd05b7e0df0497 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3063501Reviewed-by: Andreas Haas <ahaas@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#76034}
-
Jakob Kummerow authored
Regressed in crrev.com/152ecad8. Fixed: chromium:1234931 Change-Id: I8f2b603a914fccaeaeb3dcffa63070cf8fb6f0e3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3064604 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Auto-Submit: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#76033}
-
Santiago Aboy Solanes authored
Also: * Remove forward declare and As##Name for never serialized Data classes * Remove the Data classes * Refactor macro list to encode being background or never serialized Bug: v8:7790 Change-Id: Ide29d89072b247311f29948f04c4147c5c1103cc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3056458 Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#76032}
-
Jakob Gruber authored
A JSFunction object may count as 'ObjectMayBeUninitialized', yet still be safe to read for other reasons (e.g. because it has been loaded through a chain of acquire-loads and immutable-after-initialization guarantees). Bug: chromium:1235071,v8:7790 Change-Id: I18c81695f001fd67e69d98dde641b71ed7b7e53d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3064606 Auto-Submit: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#76031}
-
Georg Neis authored
Lookup the corresponding details on the given map instead of the owner map. Change-Id: I2dcd0b24216c2bdc5860518d34d710b771f74973 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3063234 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#76030}
-
Leszek Swirski authored
Change-Id: I0ba9c4bf13ff13e69d960fba44f93124be5a31a7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3063499 Auto-Submit: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#76029}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/3ab54c6..50fd66a TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com Change-Id: Ia1870a3ee8532486f7205494fd10da872d6e51d5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3064460Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#76028}
-
- 01 Aug, 2021 1 commit
-
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/fbcc5ac..3ab54c6 Rolling v8/buildtools/linux64: git_revision:c0a2d23c21e87f27f5af3e5dc2a99f2ef3480b9e..git_revision:eea3906f0e2a8d3622080127d2005ff214d51383 Rolling v8/third_party/aemu-linux-x64: lL9eGDPnjhLmu6ErFz6_fnCALFjGkGsl3IgkWQit-ugC..pmyID7CW-4NsGYefh7NnE4xj3AbHD5lu9r5GLO3rzMYC Rolling v8/third_party/zlib: https://chromium.googlesource.com/chromium/src/third_party/zlib/+log/dfbc590..f7a5fc9 TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com Change-Id: I25f0355a55daf4d9e2339120abd118e46ab16d9a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3065570Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#76027}
-
- 31 Jul, 2021 1 commit
-
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/8aa210e..fbcc5ac Rolling v8/third_party/aemu-linux-x64: EfaAueisHmQB3i2Cqncpzj07xFoDNrwT09yreit16bgC..lL9eGDPnjhLmu6ErFz6_fnCALFjGkGsl3IgkWQit-ugC Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/10f6e4b..4505381 Rolling v8/tools/luci-go: git_revision:59603935354589d60cd8374e75889932bf84c33f..git_revision:db421da12bad8e57f97ee45b24147e34ec882007 Rolling v8/tools/luci-go: git_revision:59603935354589d60cd8374e75889932bf84c33f..git_revision:db421da12bad8e57f97ee45b24147e34ec882007 Rolling v8/tools/luci-go: git_revision:59603935354589d60cd8374e75889932bf84c33f..git_revision:db421da12bad8e57f97ee45b24147e34ec882007 TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com Change-Id: Ib619bcf5b931c491b7080bd1a92a5cbba3dee122 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3064304Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#76026}
-
- 30 Jul, 2021 16 commits
-
-
Junliang Yan authored
Change-Id: Ic1fb152ced8535982f4e918df691e5c6e4cfaa68 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3063506Reviewed-by: Milad Fa <mfarazma@redhat.com> Commit-Queue: Junliang Yan <junyan@redhat.com> Cr-Commit-Position: refs/heads/master@{#76025}
-
Ng Zhi An authored
wasm-code-manager.cc is no longer included if v8_enable_webassembly == false, so we can remove this guard. Bug: v8:11879 Change-Id: Ide77e7e334d2711c1cbbbbedc34c2796ffaf793d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3061358Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#76024}
-
Milad Fa authored
Bug: v8:11862 Change-Id: If40fea4c332374c4e245498f378dff7734a84e9a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3062239Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Milad Fa <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/master@{#76023}
-
Jakob Kummerow authored
No changes to the algorithm, approximately 4x performance improvement thanks to reduced overhead. Bug: v8:11515 Change-Id: Id3f6c91bd650f6ae47ac8f169dc780420091998e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3046185 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#76022}
-
Andreas Haas authored
Since recently, the WebAssembly instance gets cached in Liftoff code to avoid reloading it from the stack whenever it is used. Typically the cached instance gets invalidated at a function call and therefore does not need to be recorded in safepoints. However, when the DebugBreak builtin is called, the cached instance was not invalidated. It is even incorrect to invalidate the cached instance there because that would modify the CacheState of Liftoff. Therefore this CL adds the register that caches the instance to the safepoint of the call to the DebugBreak builtin. R=clemensb@chromium.org Bug: v8:11979 Change-Id: I7f9153e0c0e7e797b11b827111b4d61e29606071 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3063222 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#76021}
-
Georg Neis authored
With concurrent inlining, the TransitionDependency ctor can no longer assume that the given map is not deprecated. This is not an issue since IsValid will check it again. Also remove some other outdated DCHECKs and turn a few DCHECKs into CHECKs since the properties they check are not so obvious anymore with concurrency. Bug: v8:12033, v8:7790 Change-Id: I932f7f6440697d693b0c0e6472406329af29b46b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3062576Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#76020}
-
Benedikt Meurer authored
Replace the hard-coded blocklist ("Response.body" and "Request.body") in the V8 inspector with proper side-effect free debug evaluate. This is otherwise a non-functional change and in particular preserves the behavior of reporting accessors as (own) data properties. That will be tackled in a follow-up CL. This CL is possible because with https://crrev.com/c/3056879 Blink now properly marks accessors as side-effect free consistently with what the V8 inspector had done before. Doc: http://doc/1gLyyOlssS5zyCSEyybVC-5sp0UnNJj2hBoFyf6ryrTc Bug: chromium:829571, chromium:1076820, chromium:1119900 Change-Id: Idb256accaf4cfb5db5982b3eb06ddcef588be635 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3062573 Auto-Submit: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Philip Pfaffe <pfaffe@chromium.org> Reviewed-by: Philip Pfaffe <pfaffe@chromium.org> Cr-Commit-Position: refs/heads/master@{#76019}
-
Marja Hölttä authored
See https://github.com/tc39/proposal-resizablearraybuffer/issues/67 Bug: v8:11111 Change-Id: I43cc61797387a021e9bf752284b917f77662354d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3062559 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#76018}
-
Andreas Haas authored
The original CL was flaky because deserialization did not wait correctly for the compilation of missing functions to finish. The baseline-finished event was set even when there were still some functions missing. The combination of deserialization and lazy compilation was also not handled correctly. Original change's description: > [wasm] Support partial serialization of modules > > At the moment a WebAssembly module can be serialized successfully when > all functions were compiled with TurboFan. However, for some functions > it may not be necessary to be compiled with TurboFan, e.g. for functions > where Liftoff code is as good as TurboFan code. > > With this CL we allow WebAssembly modules to get serialized even when > not all functions are compiled with TurboFan. Missing functions are > marked as missing in the serlialization. Upon deserialization, missing > functions either get compiled by Liftoff, or initialized with a > lazy-compilation stub, depending on the V8 configuration. > > Bug: v8:11862 Change-Id: I79a9e8e14199cff87fce6ae41a87087e047bbc65 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3060485Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#76017}
-
Paolo Severini authored
Rename CopyAndConvertArrayToCppBuffer as TryCopyAndConvertArrayToCppBuffer and implement type specialization for int32_t and double in order to speed up V8 bindings with sequences. This API is used by Blink code, for example see https://chromium-review.googlesource.com/c/chromium/src/+/3027405. Bug: v8:11739 Change-Id: I026a7f5e7833fb1afcc2ea9c296b66c7f733cbb1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3036407 Commit-Queue: Paolo Severini <paolosev@microsoft.com> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#76016}
-
Clemens Backes authored
pthread_rwlock_t can deadlock on Mac if signals are sent to the process in the wrong moment. Since we use processes e.g. for sampling profiling (in both d8 and in Chrome), we hence cannot safely use pthread_rwlock_t on Mac. Instead, fall back to a non-shared pthread_mutex_t. Interestingly, this shows no measurable performance impact in Wasm compilation on my MBP. R=mlippautz@chromium.org Bug: v8:11399 Change-Id: Ie8bfd5288bba8c4f3315ee4502b39b59d39c9bbd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3060480Reviewed-by: Victor Gomes <victorgomes@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#76015}
-
Lu Yahan authored
-- 3059689: [baseline] Fallback to handle references on heap compilation | https://chromium-review.googlesource.com/c/v8/v8/+/3059689 Change-Id: Ie055e181e5081d7acb2195ae41abaecdd0f68989 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3062030 Commit-Queue: Yahan Lu <yahan@iscas.ac.cn> Commit-Queue: Ji Qiu <qiuji@iscas.ac.cn> Auto-Submit: Yahan Lu <yahan@iscas.ac.cn> Reviewed-by: Ji Qiu <qiuji@iscas.ac.cn> Cr-Commit-Position: refs/heads/master@{#76014}
-
Santiago Aboy Solanes authored
Bug: v8:7790 Change-Id: Id06775f9f3c7f1a505a736fcc4b992feb0d09308 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3056454 Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#76013}
-
Georg Neis authored
Traces calls to Heap::IsAllocationPending that return true. This is useful when debugging concurrent Turbofan. Bug: v8:7790 Change-Id: If10e6f40c3bf03c768ad8b74403007fe86f860fe Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3060488Reviewed-by: Anton Bikineev <bikineev@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#76012}
-
v8-ci-autoroll-builder authored
Rolling v8/third_party/google_benchmark/src: https://chromium.googlesource.com/external/github.com/google/benchmark/+log/ab74ae5..1067dfc Remove dead code from PredictNumItersNeeded (#1206) (Braedy) https://chromium.googlesource.com/external/github.com/google/benchmark/+/1067dfc TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com,mlippautz@chromium.org Change-Id: I4c52fee681f648ea2f1fbfc253e276a824de7011 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3062205Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#76011}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/82f37a4..8aa210e Rolling v8/third_party/googletest/src: https://chromium.googlesource.com/external/github.com/google/googletest/+log/4ec4cd2..2d924d7 Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/30a89ee..d0097bc Rolling v8/tools/luci-go: git_revision:2c98a90e4f4daa808cb69d51e71eee9289bd5422..git_revision:59603935354589d60cd8374e75889932bf84c33f Rolling v8/tools/luci-go: git_revision:2c98a90e4f4daa808cb69d51e71eee9289bd5422..git_revision:59603935354589d60cd8374e75889932bf84c33f Rolling v8/tools/luci-go: git_revision:2c98a90e4f4daa808cb69d51e71eee9289bd5422..git_revision:59603935354589d60cd8374e75889932bf84c33f TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com Change-Id: I1f2a40e39fdfc524bb0bd0ad4d007b564944286a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3062202Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#76010}
-
- 29 Jul, 2021 12 commits
-
-
Milad Fa authored
mtvsrdd uses 2 gprs as input. Change-Id: I4446a51bda1196ce262e3a90ed7c840da89c9d16 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3061478Reviewed-by: Junliang Yan <junyan@redhat.com> Commit-Queue: Milad Fa <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/master@{#76009}
-
Milad Fa authored
Cl also optimizes the usage on Power9 by using mtvsrdd. Change-Id: Ibd6b227111adc0c262c621be6ce4068d3de2e659 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3060493Reviewed-by: Junliang Yan <junyan@redhat.com> Reviewed-by: Milad Fa <mfarazma@redhat.com> Commit-Queue: Milad Fa <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/master@{#76008}
-
legendecas authored
This proposal reached Stage 3 at the July 2021 TC39. https://github.com/tc39/proposal-array-find-from-last Bug: v8:11990 Change-Id: I1364b46b7ed4bc56e4b3024d14bde799f9878b5a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3037160 Commit-Queue: Shu-yu Guo <syg@chromium.org> Reviewed-by: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#76007}
-
Junliang Yan authored
Change-Id: I8d33239180b04afd322c99988dcf6aea0c928797 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3060495Reviewed-by: Milad Fa <mfarazma@redhat.com> Commit-Queue: Junliang Yan <junyan@redhat.com> Cr-Commit-Position: refs/heads/master@{#76006}
-
Junliang Yan authored
Change-Id: I4a11a5409922550119a3d8cafd254c4f8dd798e6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3060494Reviewed-by: Milad Fa <mfarazma@redhat.com> Commit-Queue: Junliang Yan <junyan@redhat.com> Cr-Commit-Position: refs/heads/master@{#76005}
-
Milad Fa authored
Port 642a4673 Original Commit Message: If a GC happens between Code object allocation and Code finalization, we might have invalid embedded object references. We fallback and patch the refernces back to handles, then unbox the handles and relocate. R=victorgomes@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com BUG= LOG=N Change-Id: I680cc33fa9d06d7a00cc52c142599bb5536a9b88 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3060487Reviewed-by: Victor Gomes <victorgomes@chromium.org> Commit-Queue: Milad Fa <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/master@{#76004}
-
Mythri A authored
Introduce a flush_baseline_code flag to control if baseline code is flushed or not. Currently flush_baseline_code implies flush_bytecode as well. So if flush_baseline_code is enabled both bytecode and baseline code are flushed. If the flag is disabled we only flush bytecode and not baseline code. In a follow-up CL we will add support to control baseline and bytecode flushing independently i.e. we can flush only bytecode / only baseline code / both. Bug: v8:11947 Change-Id: I5a90ed38469de64ed1d736d1eaaeabc2985f0783 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3059684 Commit-Queue: Mythri Alle <mythria@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/master@{#76003}
-
legendecas authored
Each time a constructor is being called without new operator, a TypeError is thrown. The TypeError should be the realm's one according to 10.2.1.5.b. Refs: https://tc39.es/ecma262/#sec-ecmascript-function-objects-call-thisargument-argumentslist Refs: https://github.com/tc39/ecma262/pull/2216 Bug: v8:11530 Change-Id: Iff10a78e96fb547fe2062c86b9f93a30d2a8be20 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3056830Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#76002}
-
Marja Hölttä authored
This CL assumes https://github.com/tc39/proposal-resizablearraybuffer/issues/68 is indeed a spec bug. Bug: v8:11111 Change-Id: I8d24f0d07f7ab40ba01b8c422868ad189d6f7e5a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3060478 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#76001}
-
Marja Hölttä authored
Bug: v8:11111 Change-Id: I52eb7e458fc614e3f5e936fb1761680a5cdeadb6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3056983Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#76000}
-
Junliang Yan authored
Change-Id: I0420b3cd9c940dbf684c0aa1478172921423c724 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3060483Reviewed-by: Milad Fa <mfarazma@redhat.com> Commit-Queue: Junliang Yan <junyan@redhat.com> Cr-Commit-Position: refs/heads/master@{#75999}
-
Clemens Backes authored
When calling the {Isolate::StackOverflow} method, we should not have overflown the stack limit by too much. Otherwise there might not be enough space on the stack for handling the stack overflow exception. This DCHECK would have failed before landing https://crrev.com/c/3059074 and https://crrev.com/c/3059075. If it fails, we might need to add more special stack checks also in other places. Such failures should not be considered security issues per se, but we should try to fix them to avoid potential issues. R=jkummerow@chromium.org CC=ahaas@chromium.org Bug: v8:12017 Change-Id: I25e42a20d3fcc981c266ae998f52b3f090237297 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3059076Reviewed-by: Andreas Haas <ahaas@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#75998}
-