This reverts commit 5557a63beb.
Reason for revert: Sheriff's mistake, failing test was previously flaking.
Original change's description:
> Revert "stack-trace-api: implement getEnclosingLine/Column"
>
> This reverts commit c48ae2d96c.
>
> Reason for revert: Breaks a profiling test:
> https://ci.chromium.org/p/v8/builders/ci/V8%20Win32/30010
>
> Original change's description:
> > stack-trace-api: implement getEnclosingLine/Column
> >
> > Introduces getEnclosingColumn and getEnclosingLine on CallSite
> > so that the position can be used to lookup the original symbol
> > for function when source maps are used.
> >
> > BUG=v8:11157
> >
> > Change-Id: I06c4c374d172d206579abb170c7b7a2bd3bb159f
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2547218
> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> > Commit-Queue: Benjamin Coe <bencoe@google.com>
> > Cr-Commit-Position: refs/heads/master@{#71343}
>
> TBR=jkummerow@chromium.org,yangguo@chromium.org,bencoe@google.com
>
> Change-Id: Iab5c250c1c4fbdab86971f4a7e40abc8f87cf79c
> No-Presubmit: true
> No-Tree-Checks: true
> No-Try: true
> Bug: v8:11157
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2555384
> Reviewed-by: Bill Budge <bbudge@chromium.org>
> Commit-Queue: Bill Budge <bbudge@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71345}
TBR=bbudge@chromium.org,jkummerow@chromium.org,yangguo@chromium.org,bencoe@google.com
# Not skipping CQ checks because this is a reland.
Bug: v8:11157
Change-Id: I8dba19ceb29a24594469d2cf79626f741dc4cad3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2555499
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71348}
This reverts commit c48ae2d96c.
Reason for revert: Breaks a profiling test:
https://ci.chromium.org/p/v8/builders/ci/V8%20Win32/30010
Original change's description:
> stack-trace-api: implement getEnclosingLine/Column
>
> Introduces getEnclosingColumn and getEnclosingLine on CallSite
> so that the position can be used to lookup the original symbol
> for function when source maps are used.
>
> BUG=v8:11157
>
> Change-Id: I06c4c374d172d206579abb170c7b7a2bd3bb159f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2547218
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Benjamin Coe <bencoe@google.com>
> Cr-Commit-Position: refs/heads/master@{#71343}
TBR=jkummerow@chromium.org,yangguo@chromium.org,bencoe@google.com
Change-Id: Iab5c250c1c4fbdab86971f4a7e40abc8f87cf79c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:11157
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2555384
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71345}
Introduces getEnclosingColumn and getEnclosingLine on CallSite
so that the position can be used to lookup the original symbol
for function when source maps are used.
BUG=v8:11157
Change-Id: I06c4c374d172d206579abb170c7b7a2bd3bb159f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2547218
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Benjamin Coe <bencoe@google.com>
Cr-Commit-Position: refs/heads/master@{#71343}
For a very particular special case (long "chains" of bound
functions with an undefined @@hasInstance handler), evaluating
the `instanceof` operator could lead to a very deep recursion.
This patch adds a stack check to make sure we throw rather than
crash on stack overflow.
Bug: v8:11115
Change-Id: I6bf941b9e75e9fe3a52112ade27388ac4fbbda2f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2545624
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71335}
This is a reland of e26863df27
The test now works with the no-i18n case.
Original change's description:
> [foozzie] Suppress access to CurrentTimeValue
>
> This stubs out CurrentTimeValue for differential fuzzing as otherwise
> the non-deterministic value leaks from Intl.DateTimeFormat format and
> formatToParts.
>
> This also affects other date creations, like Date.now(), which is
> already stubbed out on the JS side. We keep that code for
> backwards-compatibility to keep bisection stable.
>
> Bug: chromium:1149050
> Change-Id: Ifd82844c9fb8ce7262b55da6cf9f88f544268942
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2546685
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71294}
Cq-Include-Trybots: luci.v8.try.triggered:v8_linux_noi18n_rel_ng_triggered
Bug: chromium:1149050
Change-Id: I4a750b580495532ca0ffb125522f8f5958e4cad6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2552401
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71309}
This reverts commit e26863df27.
Reason for revert: Fails on noi18n bot, see https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20noi18n%20-%20debug/34852/overview
Original change's description:
> [foozzie] Suppress access to CurrentTimeValue
>
> This stubs out CurrentTimeValue for differential fuzzing as otherwise
> the non-deterministic value leaks from Intl.DateTimeFormat format and
> formatToParts.
>
> This also affects other date creations, like Date.now(), which is
> already stubbed out on the JS side. We keep that code for
> backwards-compatibility to keep bisection stable.
>
> Bug: chromium:1149050
> Change-Id: Ifd82844c9fb8ce7262b55da6cf9f88f544268942
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2546685
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71294}
TBR=machenbach@chromium.org,cbruni@chromium.org,clemensb@chromium.org
Change-Id: I958ca723de826ab427d27f5121f96618cf50c832
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:1149050
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2551314
Reviewed-by: Ben Smith <binji@chromium.org>
Commit-Queue: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71298}
This stubs out CurrentTimeValue for differential fuzzing as otherwise
the non-deterministic value leaks from Intl.DateTimeFormat format and
formatToParts.
This also affects other date creations, like Date.now(), which is
already stubbed out on the JS side. We keep that code for
backwards-compatibility to keep bisection stable.
Bug: chromium:1149050
Change-Id: Ifd82844c9fb8ce7262b55da6cf9f88f544268942
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2546685
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71294}
When accessing a super property which is a getter, the receiver
is not restricted the same way as when doing normal property access.
In particular, the receiver can be null / undefined.
Bug: v8:9237, chromium:1148758, v8:11161
Change-Id: Ic6bc2053e5d046d4b19e868312aa9b50025256a1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2549941
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71281}
AddToDictionaryTemplate in literal-objects.cc was missing several
cases when handling the overwriting between properties with statically
known and dynamically computed names. This led to wrong enumeration
orders in class prototypes created from class templates.
Bug: v8:11158
Change-Id: I7381b4680ec533bd307a6c32d75c8a66394869df
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2536464
Commit-Queue: Frank Emrich <emrich@google.com>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71266}
... to --turbo-dynamic-map-checks. With the upcoming use in NCI code,
this feature is no longer used exclusively by Turboprop.
Bug: v8:8888
Change-Id: I61e01db086fd2e8566d2e2a09574be74b6e5a7bd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2546693
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71263}
To be unskipped once root cause is fixed.
Bug: v8:11166
Change-Id: I03c3ac9a7e715fce7683d230965bd92a410c8f91
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2546681
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71248}
This CL enables a first batch of feedback-based optimizations in NCI
code. Specifically, optimizations based on unary, binary, compare,
for-in-next, and for-in-prepare feedback are now enabled.
This has two main implications:
1. NCI code can now deopt. Deoptimized code is currently thrown away
permanently and cannot be reused. Now that shared/cached NCI code can
deopt, this leads to an interesting question of what should happen
with deoptimized NCI code. The answer in this CL is to remove the
cache entry (it may later be re-added).
2. Tiering up from NCI to TF still requires feedback; since NCI code,
starting with this CL, no longer collects full feedback, feedback must
be created in some other way. This is solved by sharing a
context-independent encoding of feedback across native contexts.
Feedback is shared through a new SerializedFeedback object type,
essentially a byte array of serialized feedback. Currently, only
smi-based feedback is shared, but map-based feedback will be added in
the future.
SerializedFeedback is kept in the NCI cache alongside NCI Code
objects. It is created on NCI cache insertion, and deserialized upon
NCI cache hits.
Bug: v8:8888
Change-Id: Ic0d5fbea3aa4d3b0a165624dab9d0283b07dcee7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2531775
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71224}
Split globals.js into two parts, one being skipped on NCI due to
assertions about optimization status.
Change-Id: Ifc572526d9c6aed369802a65d12c4456cde65ce0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2539909
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71199}
Don't deopt when a PropertyCell changes from readonly to writable.
Turbofan doesn't depend on readonly-ness unless the property is
also non-configurable, in which case such a change can't happen.
Change-Id: I3d1078a8adf1ec1b16d973dd71c4295d71003a8d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2531791
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71184}
which was enabled a long ago and is not supposed to be disabled.
In addition this CL adds Representation::MightCauseMapDeprecation()
predicate and ensures it's consistent with the existing
MostGenericInPlaceChange() and CanBeInPlaceChangedTo().
Bug: v8:11104, v8:8865
Change-Id: Ia8046b76822c9b20fe3ce85de6b98570334aad21
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2527088
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71151}
For NCI compilation tasks, we don't actually install the generated
Code object on the function. In that case, we cannot make assertions
about function state.
Bug: v8:8888,chromium:1146013
Change-Id: Ia2342c52e565ccb1f6b5b09dda5e998b3fd3eb3a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2532297
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71140}
... instead of FLAG_concurrent_recompilation. The
optimizing_compile_dispatcher may be nullptr despite the flag being
set.
Bug: v8:8888,chromium:1145988
Change-Id: Ia3a6b1a95dde2b8cdd43dd2beebf04c66f145f78
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2531781
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71116}
The tests assert that funcs are optimized / deoptimized a certain way.
Bug: v8:9237, v8:11138
Change-Id: Ia4879e722e442be52de0bf93919eb03fecb88147
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2529136
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71087}
The arm implementation made the assumption that the {lhs} and {dst}
registers are either the same, or there is no overlap. This assumption
does not hold.
ia32 on the other hand has a lot of complicated logic (and unnecessary
code generation) for different cases of overlap.
This CL fixes the arm issue *and* simplifies the ia32 logic by making
the arm assumption hold, and using it to eliminate special handling on
ia32.
R=thibaudm@chromium.org
Bug: chromium:1146861
Change-Id: I8753c2ed70349e735c03293130c899c0c8a3a671
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2526388
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71060}
In a few places we incorrectly assumed to know the instance type of the
heap object. In particular, in JSCallReducer::ReduceDataViewAccess,
doing map inference on the receiver and determining that all maps are
JSDataView maps does not guarantee that the receiver is a JSDataView
constant because we might deopt before getting to the data view
operation.
Bug: chromium:1146652
Change-Id: I1611308c3ebe0d33fa6b0cf0938d777b4e6449ff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2524440
Auto-Submit: Georg Neis <neis@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71034}
The test started failing on win64 ASan after a DEPS roll. Increase the
stack size to mitigate this.
Also, add a comment so say why we are restricting the stack size in the
first place.
R=thibaudm@chromium.orgCC=ahaas@chromium.org
Bug: v8:11120
Cq-Include-Trybots: luci.v8.try:v8_win64_asan_rel_ng
Change-Id: If0c084653687aef95acee8caa6712a1c872d2bca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2523203
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71016}
This reverts commit 0147db5a4a.
Reason for revert: Data races: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/34056
Original change's description:
> [super] Optimize super property access in JSNativeContextSpecialization
>
> Generalize the existing property lookup machinery
> (JSNCS::ReduceNamedAccess) to handle the case where the
> lookup_start_object and the receiver are different objects.
>
> Design doc: https://docs.google.com/document/d/1b_wgtExmJDLb8206jpJol-g4vJAxPs1XjEx95hwRboI/edit#heading=h.xqthbgih7l2l
>
> Bug: v8:9237
> Change-Id: I28b6d87ce6537acd8cf972bbe7dc6d63d581aadc
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2487122
> Commit-Queue: Marja Hölttä <marja@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Michael Stanton <mvstanton@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70988}
TBR=marja@chromium.org,mvstanton@chromium.org,neis@chromium.org
Change-Id: Ib5ddb919ae569fe5ddf266d986f1c8bc0fe9621a
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9237
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2520908
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70992}
This reverts commit c3b2b64be4.
Reason for revert: Scheduled revert.
The flag flip is in 88.0.4315.0. Group report links:
https://chromeperf.appspot.com/group_report?rev=70949https://chromeperf.appspot.com/group_report?rev=823663
Original change's description:
> [nci] Enable --turbo-nci behind --future to gather perf data
>
> .. to be reverted in a day or two.
>
> Bug: v8:8888
> Change-Id: Iee156da614b50c351ca9a07cc497177c92de865d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2512907
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Lutz Vahl <vahl@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70949}
TBR=machenbach@chromium.org,jgruber@chromium.org,vahl@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:8888,v8:11087
Change-Id: I57411474d885dd69613a85f5fa3a801a573fcd08
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2517690
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70982}
This is a reland of adceb45979
Redesign test to not be OS dependent.
Original change's description:
> [x64][ia32] Add stack overflow check in InvokePrologue
>
> In case of no arguments adaptor frame, we massage the arguments in InvokePrologue pushing undefined objects if the actual argument count is below the parameter count. This CL adds a stack overflow check before pushing these undefined objects to the stack.
>
> Change-Id: I2a88bf6fdfd17958f6f6884143a67d50ea842fd2
> Bug: v8:10201
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2491039
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Victor Gomes <victorgomes@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70927}
Bug: v8:10201
Change-Id: Ifab3413b748cdf3bb998a5080cd1fcb3b67a737b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2517921
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70973}
Convert Profile, CodeMap and their helpers to ES6 classes.
Code cleanup will happen in a separate step.
Bug: v8:10667
Change-Id: Icfb28f6d9ef7f00efba93b347fdf210a9af36a49
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2509591
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70969}
.. by the runtime flag --enable-experimental-regexp-engine.
Introduced in https://chromium-review.googlesource.com/c/v8/v8/+/2461244
Tbr: neis@chromium.org
Bug: v8:10765
Change-Id: Ic32464ced7e5ddb4c31fe165eddb6b9d19260efc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2516920
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70963}
.. to be reverted in a day or two.
Bug: v8:8888
Change-Id: Iee156da614b50c351ca9a07cc497177c92de865d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2512907
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Lutz Vahl <vahl@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70949}
This reverts commit adceb45979.
Reason for revert:
- ConcurrentAllocationInLargeSpace fails in verify CSA bot: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20-%20verify%20csa/20547
- New test fail on Windows bot: https://ci.chromium.org/p/v8/builders/ci/V8%20Win32/29622
Original change's description:
> [x64][ia32] Add stack overflow check in InvokePrologue
>
> In case of no arguments adaptor frame, we massage the arguments in InvokePrologue pushing undefined objects if the actual argument count is below the parameter count. This CL adds a stack overflow check before pushing these undefined objects to the stack.
>
> Change-Id: I2a88bf6fdfd17958f6f6884143a67d50ea842fd2
> Bug: v8:10201
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2491039
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Victor Gomes <victorgomes@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70927}
TBR=neis@chromium.org,ishell@chromium.org,victorgomes@chromium.org
Change-Id: I7371e1603659ce512a39c0c0a8bb01baf7b916e0
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10201
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2514505
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70928}
In case of no arguments adaptor frame, we massage the arguments in InvokePrologue pushing undefined objects if the actual argument count is below the parameter count. This CL adds a stack overflow check before pushing these undefined objects to the stack.
Change-Id: I2a88bf6fdfd17958f6f6884143a67d50ea842fd2
Bug: v8:10201
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2491039
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70927}
This commit adds the 'l' (linear) RegExp flag (as in e.g. /asdf|123/l)
that forces execution in linear time. These regexps are handled by the
experimental engine. If the experimental engine cannot handle the
pattern, an exception is thrown on creation of the regexp.
The commit also adds a new global V8 flag and changes an existing one:
* --enable-experimental-engine, which turns on recognition of the RegExp
'l' flag. Previously this flag also caused all supported regexps to
be executed by the experimental engine; this is not the case anymore.
* --default-to-experimental-regexp-engine takes over the previous
semantics of --enable-experimental-regexp-engine: We execute all
supported regexps with the experimental engine.
Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel_ng
Bug: v8:10765
Change-Id: I5622a89b19404105e8be280d454e9fdd63c003b3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2461244
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Martin Bidlingmaier <mbid@google.com>
Cr-Commit-Position: refs/heads/master@{#70892}
When searching for a target map during map update, attempt to
update field representations in-place to the more general
representation, where possible.
Bug: chromium:1143772
Change-Id: I6a43c94910a1d2d8f8b0ad89048f94b51461f76c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2507715
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70887}
