- 30 Oct, 2019 17 commits
-
-
Santiago Aboy Solanes authored
Bug: v8:7703 Change-Id: I33e0c82c25d0c43f940d6cf0aff0abc04403b095 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1876058 Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#64644}
-
Santiago Aboy Solanes authored
Bug: v8:7703 Change-Id: I06c47aa4057362d52e53b6a45d4e8a5febb92c82 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1876055 Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#64643}
-
Santiago Aboy Solanes authored
Temporarily enable the flag to test the performance of the DecompressionOptimization reducer. Bug: v8:7703 Change-Id: Ia55d732a73f2aef7ef6e3da329c19b2752a41459 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1890091Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#64642}
-
Jakob Gruber authored
The test was originally skipped due to slowness. This might have been fixed by reduced store-store zone allocations (see the linked bug). Locally, this now runs in less than 20 seconds in full x64 debug mode. The largest zone is < 100MB: 12089344, "V8.TFAllocateGeneralRegisters" 21954208, "graph-zone" 26181688, "../../src/compiler/verifier.cc:2000" 57895456, "instruction-zone" 98933872, "register-allocation-zone" Drive-by: Remove tsan SLOW annotation, it's already marked SLOW in the ALWAYS block. Bug: v8:9572 Change-Id: Ic3ffd3de732e262f412f1d7a66448ea7228582f2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1889872 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Auto-Submit: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#64641}
-
Liviu Rau authored
Bug: v8:9898 Change-Id: I41e1fcb37755906e29e6937b805cfb3018e90438 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1888937Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Liviu Rau <liviurau@chromium.org> Cr-Commit-Position: refs/heads/master@{#64640}
-
Santiago Aboy Solanes authored
It was used only with Register inputs, so we can replace its uses with the Registers themselves. Change-Id: I1ea3ed88ee41177b696a7281cdf3b90fefdc5870 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1886916Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#64639}
-
Santiago Aboy Solanes authored
Smi checks get lowered to Word32And, so they are important to consider in the reducer. Bug: v8:7703 Change-Id: Ie6e2403db84f83808edcc1e44ecb60ecd72ae34d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1876053 Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#64638}
-
Santiago Aboy Solanes authored
Effect control linearization knows about compressed values only when DecompressionElimination is active. Bug: v8:7703 Change-Id: I7854488322f846f94c644e057ab1c32641adf662 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1883896Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#64637}
-
Gus Caplan authored
Change-Id: I2a1ad1835b751237b350e56d64e3475459bfb7a6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1873715 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#64636}
-
Dominik Inführ authored
Change SlotSet representation to a variable-sized array of pointers to buckets. The length of the array/number of buckets depends on the size of the page. Before this change the SlotSet always stored a fixed number of buckets. Large pages needed a SlotSet-Array to cover the whole object. Now both regular and large pages both use a single SlotSet object, which contains all bucket pointers. Change-Id: I2d8d62fad54b58409cd39ae7a52c64497ee7c261 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1876811Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#64635}
-
Jakob Gruber authored
This is a reland of 4a16305b The original CL adjust only one part of the stack check, namely the comparison of the stack pointer against the stack limit in generated code. There is a second part: Runtime::kStackGuard repeats this check to distinguish between a stack overflow and an interrupt request. This second part in runtime must apply the offset just like in generated code. It is implemented in this reland by the StackCheckOffset operator and a new StackGuardWithGap runtime function. Original change's description: > [compiler] Optionally apply an offset to stack checks > > The motivation behind this change is that the frame size of an optimized > function and its unoptimized version may differ, and deoptimization > may thus trigger a stack overflow. The solution implemented in this CL > is to optionally apply an offset to the stack check s.t. the check > becomes 'sp - offset > limit'. The offset is applied to stack checks at > function-entry, and is set to the difference between the optimized and > unoptimized frame size. > > A caveat: OSR may not be fully handled by this fix since we've already > passed the function-entry stack check. A possible solution would be to > *not* skip creation of function-entry stack checks for inlinees. > > This CL: 1. annotates stack check nodes with the stack check kind, where > kind is one of {function-entry,iteration-body,unknown}. 2. potentially > allocates a temporary register to store the result of the 'sp - offset' > in instruction selection (and switches input registers to 'unique' > mode). 3. Applies the offset in code generation. > > Drive-by: Add src/compiler/globals.h for compiler-specific globals. > > Bug: v8:9534,chromium:1000887 > Change-Id: I257191c4a4978ccb60cfa5805ef421f30f0e9826 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1762521 > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63701} Bug: v8:9534, chromium:1000887 Change-Id: I71771c281afd7d57c09aa48ea1b182d01e6dee2a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1822037Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#64634}
-
Clemens Backes authored
{Smi::ToInt} has only one character more. R=mstarzinger@chromium.org Bug: v8:9810 Change-Id: I1e91bb3623a354ceeee1dc93822011a6809281d5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1886922Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#64633}
-
Ulan Degenbaev authored
This is the first step in unification of concurrent and main thread marking visitors. The new MarkingVisitorBase will become a base class for all marking visitors and will remove the existing code duplication. This is a refactoring without behavior change. Subsequent CL will change the main thread marking visitor to derive from the new base class. Bug: chromium:1019218 Change-Id: I3d47030d396e0ba6706882fbd922bbcac46181b2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1886920Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#64632}
-
Clemens Backes authored
The macros were probably duplicated when splitting off liftoff-assembler.cc from liftoff-compiler.cc, but are dead now. R=mstarzinger@chromium.org Bug: v8:9810 Change-Id: I668ce598815c45cc690653b5a12d90ab44937204 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1888070Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#64631}
-
Dominik Inführ authored
Start experiment with promoting all young live objects during mark-compact. This CL sets always_promote_young_mc to true by default. Change-Id: I306527ad2a361fc3e0edcf684c5ccec2b1d6e491 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1879938Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#64630}
-
Jakob Gruber authored
The `capture_ix` refers to all captures while `capture_count` only refers to named captures. Clarified by renaming `capture_count` to `named_capture_count` and removing the incorrect part of the DCHECK. The `>= 1` part of the condition must still hold since named captures can only refer to explicit capture groups, which start at index 1. Tbr: petermarshall@chromium.org Bug: chromium:1018592 Change-Id: If8a26f6661ba0483d585f74270b3b4a3853e2ca8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1886810Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Auto-Submit: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#64629}
-
Zhao Jiazhong authored
Port 1e4bb087 https://crrev.com/c/1826728 Change-Id: If977914ef55eb65228f92fecd1c9e9d0f625fa2b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1886716Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#64628}
-
- 29 Oct, 2019 23 commits
-
-
Johannes Henkel authored
Change-Id: Ie73b21c284052a66ce18f0686030ee0a11f49d3c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1887631 Commit-Queue: Johannes Henkel <johannes@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Auto-Submit: Johannes Henkel <johannes@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#64627}
-
Johannes Henkel authored
Also we're not creating these any more via StringUtil in blink, so these two helpers can go. Change-Id: Ifdf700171ebc46cfbd6ce0af9a6f6ba73419a5a8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1887689 Auto-Submit: Johannes Henkel <johannes@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Johannes Henkel <johannes@chromium.org> Cr-Commit-Position: refs/heads/master@{#64626}
-
Andreas Haas authored
The new API with v8::BackingStore should be used instead as explained in https://docs.google.com/document/d/1sTc_jRL87Fu175Holm5SV0kajkseGl2r8ifGY76G35k This also relaxes the pre-condition for [Shared]ArrayBuffer::Detach to not require externalization first. Bug: v8:9380, v8:9908 Change-Id: Idd119fcd28be84a2fae74ae86f7381fd997766f5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859628 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#64625}
-
Milad Farazmand authored
Changes introduced in 30ec6a89 generates compilation error in gcc 8.1.0: 8.1.0/include/c++/bits/stl_iterator_base_funcs.h:183:2: error: no match for 'operator--' (operand type is 'v8::internal::HandlerTable::LookupReturn(int)::Iterator') --__i; Which maybe caused by the following change in stl_iterator_base_funcs: https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=248875 Overloading the "--" operator fixes the compilation error. Change-Id: I32f54ddd4993375bf905996b5b1e66cd005256da Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1888190 Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com> Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#64624}
-
Milad Farazmand authored
Port 3c6ecf71 Original Commit Message: Object::operator-> was removed in https://chromium-review.googlesource.com/c/v8/v8/+/1624788 but a few subclasses still had their own implementations. R=seth.brenith@microsoft.com, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG= LOG=N Change-Id: I0f4902250ef1f80d2e06c71f27a0bee0717cf5ec Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1888191Reviewed-by: Milad Farazmand <miladfar@ca.ibm.com> Reviewed-by: Junliang Yan <jyan@ca.ibm.com> Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#64623}
-
Clemens Backes authored
This flag would help customers understand why Liftoff bails out, thus make it available also in release builds. R=jkummerow@chromium.org Change-Id: Ie2f69cbeaee617632f772030a3e03f052f688a10 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1888071Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#64622}
-
Frank Tang authored
Bug: v8:9912 Change-Id: Ib9deba176f7aaa2ffca2db811c5273af673028ca Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1884955Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/master@{#64621}
-
Ng Zhi An authored
There are a couple of bugs here: 1. The immediate used for vinsertps is wrong when lane == 1, the first two bits specify which element of the source is copied, and it should always be 00, 01 to copy the first 2 lanes of source. 2. For both cases, the second insertps call should be using dst as the src, since dst was already updated by the first insertps call, it was incorrectly using the old value of src. This was probably working correctly because in many cases dst and src happened to be the same register. 3. rep cannot be same as dst, because dst is overwritten, and rep should stay the same I also modified the F64x2ReplaceLane to test separately for replacing lane 0 and lane 1. Fixed bug 3. for arm and arm64. Bug: v8:9728 Change-Id: Iec6e48bcfbc7d27908dd86d5f113a8b5dedd499b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1877055Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#64620}
-
Seth Brenith authored
Object::operator-> was removed in https://chromium-review.googlesource.com/c/v8/v8/+/1624788 but a few subclasses still had their own implementations. Change-Id: Ie2c4df4cd0af0bdba8838aaf2f3852c61e227aa4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1884950Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com> Cr-Commit-Position: refs/heads/master@{#64619}
-
Johannes Henkel authored
New revision: d2fc9b958e1eeb1e956f3e2208afa9923bdc9b67 To roll this I need to update some call sites; this is because the Serializable interface is changing. Upstream change / review was here: https://chromium-review.googlesource.com/c/deps/inspector_protocol/+/1879870 Change-Id: I93c4747609c6003baf1c160a68b8fb6bb07ac565 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1879519Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Johannes Henkel <johannes@chromium.org> Cr-Commit-Position: refs/heads/master@{#64618}
-
Sathya Gunasekaran authored
Bug: chromium:1016709 Change-Id: Ib239336cb6dde7c5d555d31911453bff138a23e1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1886921Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#64617}
-
Santiago Aboy Solanes authored
CallDebugOnFunctionCall was always using Registers and not Immediates. Then ParameterCount is not really needed. Since updating that, we could update other functions, e.g InvokeFunction, to only use registers too. Also removed now irrelevant variables, e.g definitely_mismatches. Bug: v8:9771 Change-Id: I83382c146dd47ccb8bb329f5becb5e941e4c3968 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1871605Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Dan Elphick <delphick@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#64616}
-
Ross McIlroy authored
Inlines UpdateEffectControlWith and AddClonedNode in GraphAssembler to address a regression in some benchmarks caused by Add the ability for GraphAssembler to update basic blocks. BUG=chromium:1018661,v8:9684 Change-Id: I05513c13305465310552448192e0474f5aaa4a20 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1886917 Auto-Submit: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#64615}
-
Clemens Backes authored
This adds some arguments to trace events to better see whether large times spent in these events are reasonable. R=mstarzinger@chromium.org Change-Id: I6097d988875d4911aff9741a1ed16590a442f60b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1886912Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#64614}
-
Liviu Rau authored
Fixed problem with to_string Bug: v8:9855 Change-Id: I5fdd9e77e78a77ab5a9aad833d8ac71bebd1a291 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1886910Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Liviu Rau <liviurau@chromium.org> Cr-Commit-Position: refs/heads/master@{#64613}
-
Pierre Langlois authored
When inlined allocations are disabled, the space->limit() does not point to the end of the current page. Instead, it points to the current allocation pointer so is the same as space->top(). See how the limit is computed, if heap()->inline_allocation_disabled(), then the limit will be the same as the requested allocation area: ``` Address SpaceWithLinearArea::ComputeLimit(Address start, Address end, size_t min_size) { DCHECK_GE(end - start, min_size); if (heap()->inline_allocation_disabled()) { // Fit the requested area exactly. return start + min_size; } else if (SupportsInlineAllocation() && AllocationObserversActive()) { // ... } else { // The entire node can be used as the linear allocation area. return end; } } ``` If we want to simulate filling up a whole page in the new space, we can instead look at the ToSpace's page_high() which will be the end of the current page in which we're allocating. Bug: v8:9906 Change-Id: I81113d151bc083cd22d17ea1a4fbae7fef9dff6d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1886914Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Pierre Langlois <pierre.langlois@arm.com> Cr-Commit-Position: refs/heads/master@{#64612}
-
Michael Starzinger authored
R=clemensb@chromium.org Change-Id: I38c851f258b49de75f538a9b893ab24b7a4d0586 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1883894 Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#64611}
-
Pierre Langlois authored
Change-Id: I69f7ca5e10575ae936d084b75f2b06a2aa1a7e0f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1886913Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Pierre Langlois <pierre.langlois@arm.com> Cr-Commit-Position: refs/heads/master@{#64610}
-
Igor Sheludko authored
1) don't print off-heap TypedArray elements with --mock-arraybuffer-allocator 2) print integer HeapNumbers in safe integer range with max precision: as 9007199254740991.0 instead of 9.0072e+15 Cq-Include-Trybots: luci.v8.try:v8_linux64_ubsan_rel_ng Bug: v8:4153 Change-Id: Ie79fc08c44374981a840772fde4f414458d31c52 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1883565 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#64609}
-
Georg Neis authored
Remove serialized_ flags where there's only one thing to be serialized and its pointer can be used instead. Bug: v8:7790 Change-Id: I489bb3085cef574f81f417f950898d4348f8b9ab Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1886911Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Auto-Submit: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#64608}
-
Clemens Backes authored
The {IsWasmFrame} check in {ComputeLocationFromStackTrace} only returned true for compiled frames, but not for interpreted ones. Thus, for interpreted frames we would run into the code for JS frames, which assumes that a {JSFunction} is available. This CL fixes this issue by renaming {IsWasmFrame} to {IsWasmCompiledFrame}, and introducing a new {IsWasmFrame} method which returns true for both compiled and interpreted frames. R=mstarzinger@chromium.org Bug: chromium:1018227 Change-Id: If83b4129edaad775a212ccb741f3c62eabc2addb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1883892Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#64607}
-
Michael Achenbach authored
The targets were removed in: https://crrev.com/c/1865420 Bug: v8:9911 Change-Id: I3fef2af6f8c1975a4b540965c72eaf7f69f4c78e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1883893 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Nico Weber <thakis@chromium.org> Cr-Commit-Position: refs/heads/master@{#64606}
-
Victor Gomes authored
ClusterFuzzer found that a context can be created by a call to the runtime when checking for context extensions on the bytecode graph builder. That happens in large contexts. Bug: chromium:1019069 Change-Id: I7ab66dceedd56476ab972d7998ef4ca6896dc868 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1886691Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Auto-Submit: Victor Gomes <victorgomes@chromium.org> Cr-Commit-Position: refs/heads/master@{#64605}
-