regress/regress-crbug-514081 allocates a 2G block of memory
and if there are multiple variants running at the
same time this can lead to crashes, OOM kills or
the OS failing to allocate memory. This patch
limits us to running a single variant of the test
Fixes: https://github.com/nodejs/node/issues/6340
PR-URL: https://github.com/nodejs/node/pull/6678
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
This fixes a build failure on Windows.
Original commit message:
Rename TypeFeedbackVector to FeedbackVector.
... and TypeFeedbackMetadata to FeedbackMetadata.
BUG=
Change-Id: I2556d1c2a8f37b8cf3d532cc98d973b6dc7e9e6c
Reviewed-on: https://chromium-review.googlesource.com/439244
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#42999}
Refs: https://github.com/nodejs/v8/issues/4
PR-URL: https://github.com/nodejs/node/pull/11752
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
This is an almost clean cherry-pick of the original commit. The only
conflict was related to a rename of an internal class.
Original commit message:
[async-await] (simpler) fix for Return in try/finally in async functions
Alternative approach to https://codereview.chromium.org/2667983004/, which
does not depend on implicit control flow changes from
https://codereview.chromium.org/2664083002
- Remove handling for `async function` from Parser::RewriteReturn(). This functionality
is moved to BytecodeGenerator::BuildAsyncReturn(). This ensures that promise resolution
is deferred until all finally blocks are evaluated fully.
- Add a new deferred command (CMD_ASYNC_RETURN), which instructs ControlScope to
generate return code using BuildAsyncReturn rather than BuildReturn.
- Parser has a new `NewReturnStatement()` helper which determines what type of return
statement to generate based on the type of function.
BUG=v8:5896, v8:4483
R=littledan@chromium.org, neis@chromium.org, rmcilroy@chromium.org, adamk@chromium.org, gsathya@chromium.org
Review-Url: https://codereview.chromium.org/2685683002
Cr-Commit-Position: refs/heads/master@{#43104}
Fixes: https://github.com/nodejs/node/issues/11960
PR-URL: https://github.com/nodejs/node/pull/11752
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
Refs: https://github.com/nodejs/node/pull/11048
Below is the list of commits:
deps: cherry-pick 78c0be52d from V8 upstream
Original commit message:
ValueSerializer: Promote scheduled exceptions from wasm::ErrorThrower.
wasm::ErrorThrower doesn't actually throw exceptions, it just schedules them.
As a result, this exception isn't handled properly by code which expects
ValueDeserializer to actually throw. For instance, the unit tests use a
TryCatch to catch and handle expected exceptions in unit tests.
Before this patch, I see local unit test failures because a wasm decode test
schedules one, but it isn't caught (and instead causes Context::New to fail
at the beginning of the next test).
BUG=685713
Review-Url: https://codereview.chromium.org/2659483004
Cr-Commit-Position: refs/heads/master@{#42718}
deps: cherry-pick 966355585 from V8 upstream
Original commit message:
[d8] Use ValueSerializer for postMessage (instead of ad-hoc serializer)
Review-Url: https://codereview.chromium.org/2643723010
Cr-Commit-Position: refs/heads/master@{#42749}
deps: cherry-pick bf511b426 from V8 upstream
Original commit message:
ValueSerializer: Support efficiently reading and writing one-byte strings.
memcpy is faster than UTF-8 encoding/decoding. This yields 10-20% wins on
serializing and deserializing long ASCII strings, according to
blink_perf.bindings -- and these are already in a fast path where the entire
string is known to be ASCII (but this has to be checked). The win may be
larger for strings in Latin-1 but not ASCII (though I suspect this is an
uncommon case).
A change is also made to make ValueSerializerTest.EncodeTwoByteStringUsesPadding
survive wire format version number changes.
This is the first of a series of wire format changes from the previous Blink
format. The deserializer continues to be able to read the old format, but
Chromium M56 will no longer be able to read the messages written by this, in M58.
BUG=chromium:686159
Review-Url: https://codereview.chromium.org/2658793004
Cr-Commit-Position: refs/heads/master@{#42753}
deps: cherry-pick 6f1639ed1 from V8 upstream
Original commit message:
ValueSerializer: Distinguish between 'undefined' and an absent property.
Dealing with this case requires a wire format change. It is possible that an
element can be absent even in an array where the dense format was chosen
(because the array initially had no holes), if the elements are modified while
they are being serialized. In this case, a new tag for the "hole" is emitted.
The logic to treat undefined in dense arrays as an absent property is restricted
to versions of the wire format that this tag did not exist.
BUG=chromium:686159,chromium:665820
Review-Url: https://codereview.chromium.org/2660093002
Cr-Original-Commit-Position: refs/heads/master@{#42784}
Committed: dc85f4c833
Review-Url: https://codereview.chromium.org/2660093002
Cr-Commit-Position: refs/heads/master@{#42800}
deps: cherry-pick c3856de37 from V8 upstream
Original commit message:
ValueSerializer: Check for zero length before casting to FixedDoubleArray.
Even though the elements kind is FAST_DOUBLE_ELEMENTS, if length is zero
the isolate's empty_fixed_array is used. It's illegal to cast this to
FixedDoubleArray, so we avoid the cast.
BUG=chromium:686479
Review-Url: https://codereview.chromium.org/2665313003
Cr-Commit-Position: refs/heads/master@{#42867}
deps: cherry-pick 591cc0b4c from V8 upstream
Original commit message:
ValueSerializer: Share string encoding code with String and RegExp objects.
This avoids the need to pull in the UTF-8 encoding code from the public API,
and allows it to take advantage of any supported way that i::String can be
encoded (one- or two-byte).
Backward compatibility is maintained, but this is the behavior beginning
with this version.
BUG=chromium:686159
Review-Url: https://codereview.chromium.org/2665653004
Cr-Commit-Position: refs/heads/master@{#42872}
deps: cherry-pick 79837f5f6 from V8 upstream
Original commit message:
Improve ValueSerializer perf regression after 96635558
BUG=687196
R=jbroman@chromium.org
Review-Url: https://codereview.chromium.org/2674613002
Cr-Commit-Position: refs/heads/master@{#42938}
deps: cherry-pick 8990399dc from V8 upstream
Original commit message:
ValueDeserializer: Only allow valid keys when deserializing object properties.
The serializer won't ever write a more complex object. Not validating this
allows other things to be used as keys, and converted to string when the
property set actually occurs. It turns out this gives an opportunity to trigger
OOM by giving an object a key which is a very large sparse array (whose string
representation is very large).
This case is now rejected by the deserializer.
BUG=chromium:686511
Review-Url: https://codereview.chromium.org/2697023002
Cr-Commit-Position: refs/heads/master@{#43249}
deps: cherry-pick 68960eeb7 from V8 upstream
Original commit message:
ValueDeserializer: Make sure that an exception is the legacy path.
The entry points to the deserializer are responsible for ensuring that an
exception is pending by the time they return. Some failures throw exceptions
themselves, while others (like errors in the format) are exceptions caused by
the deserializer, not coming from the runtime.
Like the non-legacy path, a default deserialization exception should be thrown
in such cases.
BUG=chromium:693411
Review-Url: https://codereview.chromium.org/2712713002
Cr-Commit-Position: refs/heads/master@{#43390}
deps: cherry-pick 3b15d950e from V8 upstream
Original commit message:
ValueSerializer: Add SetTreatArrayBufferViewsAsHostObjects() flag
Add `ValueSerializer::SetTreatArrayBufferViewsAsHostObjects()` which
instructs the `ValueSerializer` to treat ArrayBufferView objects as
host objects.
BUG=v8:5926
Review-Url: https://codereview.chromium.org/2696133007
Cr-Commit-Position: refs/heads/master@{#43281}
deps: cherry-pick 654351997 from V8 upstream
Original commit message:
ValueSerializer: Add an explicit tag for host objects.
This makes it no longer necessary to ensure that V8 and Blink have non-colliding
tags, which makes it easier for them to evolve independently, and also makes
the wire format more suitable for other V8 embedders, who would not
necessarily be surveyed before V8 introduced a new tag that might collide
with theirs.
BUG=chromium:686159
Review-Url: https://codereview.chromium.org/2709023003
Cr-Commit-Position: refs/heads/master@{#43466}
PR-URL: https://github.com/nodejs/node/pull/11752
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
regress/regress-crbug-514081 allocates a 2G block of memory
and if there are multiple variants running at the
same time this can lead to crashes, OOM kills or
the OS failing to allocate memory. This patch
limits us to running a single variant of the test
Fixes: https://github.com/nodejs/node/issues/6340
PR-URL: https://github.com/nodejs/node/pull/6678
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
regress/regress-crbug-514081 allocates a 2G block of memory
and if there are multiple variants running at the
same time this can lead to crashes, OOM kills or
the OS failing to allocate memory. This patch
limits us to running a single variant of the test
Fixes: https://github.com/nodejs/node/issues/6340
PR-URL: https://github.com/nodejs/node/pull/6678
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
regress/regress-crbug-514081 allocates a 2G block of memory
and if there are multiple variants running at the
same time this can lead to crashes, OOM kills or
the OS failing to allocate memory. This patch
limits us to running a single variant of the test
Fixes: https://github.com/nodejs/node/issues/6340
PR-URL: https://github.com/nodejs/node/pull/6678
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
PR-URL: https://github.com/nodejs/node/pull/9412
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
2d524bcd1e
Original commit message:
deps: limit regress/regress-crbug-514081 v8 test
regress/regress-crbug-514081 allocates a 2G block of memory
and if there are multiple variants running at the
same time this can lead to crashes, OOM kills or
the OS failing to allocate memory. This patch
limits us to running a single variant of the test
Fixes: https://github.com/nodejs/node/issues/6340
PR-URL: https://github.com/nodejs/node/pull/6678
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
PR-URL: https://github.com/nodejs/node/pull/8907Fixes: #8750
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
PR-URL: https://github.com/nodejs/node/pull/8852
Reviewed-By: Franziska Hinkelmann <franzih@chromium.org>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Original commit message:
[regexp] Fix case-insensitive matching for one-byte subjects.
The bug occurs because we do not canonicalize character class ranges
before adding case equivalents. While adding case equivalents, we abort
early for one-byte subject strings, assuming that the ranges are sorted.
Which they are not.
R=marja@chromium.org
BUG=v8:5199
Review-Url: https://codereview.chromium.org/2159683002
Cr-Commit-Position: refs/heads/master@{#37833}
Fixes: https://github.com/nodejs/node/issues/7708
PR-URL: https://github.com/nodejs/node/pull/7833
Reviewed-By: targos - Michaël Zasso <mic.besace@gmail.com>
Reviewed-By: bnoordhuis - Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: ofrobots - Ali Ijaz Sheikh <ofrobots@google.com>
Pick up the latest branch-head for V8 5.1. Introduces a semver-minor
overload of v8::Function::New() for use by v8_inspector.
Refs: https://github.com/nodejs/node/pull/7586
PR-URL: https://github.com/nodejs/node/pull/7615
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Michaël Zasso <mic.besace@gmail.com>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
This commit backports a fix to a JIT bug in V8.
After 100 or so comparisons `typeof null ==="undefined"` is returning
`true` instead of `false`.
Original commit message:
Fix 'typeof null' canonicalization in crankshaft
BUG=
Review URL: https://codereview.chromium.org/1912553002
Cr-Commit-Position: refs/heads/master@{#35699}
Ref: https://bugs.chromium.org/p/chromium/issues/detail?id=604033
PR-URL: https://github.com/nodejs/node/pull/7348
Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Michaël Zasso <mic.besace@gmail.com>
regress/regress-crbug-514081 allocates a 2G block of memory
and if there are multiple variants running at the
same time this can lead to crashes, OOM kills or
the OS failing to allocate memory. This patch
limits us to running a single variant of the test
Fixes: https://github.com/nodejs/node/issues/6340
PR-URL: https://github.com/nodejs/node/pull/6678
Reviewed-By: Ben Noorhduis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
There were 2 issues which either the v8 team was reluctant to
backport the fix because the fix was for a disabled feature (wasm) or
that we did not have time to investigate before 5.0 was cut
which result in v8 test failures for PPC in 5.0. These are test
issues and are already resolved in v8 master. This PR
excludes these tests so that our v8 tests in the CI will
be green so that we can detect any real regressions.
PR-URL: https://github.com/nodejs/node/pull/6267
Fixes: https://github.com/nodejs/node/issues/6236
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Ported by exinfinitum from a PR by jasnell:
see https://github.com/nodejs/node-v0.x-archive/pull/14185
Allows the running of v8 tests on node's packaged v8 source code.
Note that the limited win32 support added by jasnell has NOT been ported,
and so these tests are currently UNIX ONLY.
Note that gclient depot tools
(see https://commondatastorage.googleapis.com/
chrome-infra-docs/flat/depot_tools/docs/html/
depot_tools_tutorial.html#_setting_up) and subversion are required
to run tests.
To perform tests, run the following commands:
make v8 DESTCPU=(ARCH)
make test-v8 DESTCPU=(ARCH)
where (ARCH) is your CPU architecture, e.g. x64, ia32.
DESTCPU MUST be specified for this to work properly.
Can also do tests on debug build by using "make test-v8 DESTCPU=(ARCH)
BUILDTYPE=Debug", or perform intl or benchmark tests via make
test-v8-intl or test-v8-benchmarks respectively.
Note that by default, quickcheck and TAP output are disabled, and i18n
is enabled. To activate these options, use options"QUICKCHECK=True" and
"ENABLE_V8_TAP=True" respectively.
Use "DISABLE_V8_I18N" to disable i18n.
Use V8_BUILD_OPTIONS to allow custom user-defined flags to be
appended onto "make v8".
Any tests performed after changes to the packaged v8 file will require
recompiling of v8, which can be done using "make v8 DESTCPU=(ARCH)".
Finally, two additional files necessary for one of the v8 tests have
been added to the v8 folder.
PR-URL: https://github.com/nodejs/node/pull/4704
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: targos - Michaël Zasso <mic.besace@gmail.com>
Original commit message:
Use baseline code to compute message locations.
This switches Isolate::ComputeLocation to use baseline code when
computing message locations. This unifies locations between optimized
and non-optimized code by always going through the FrameSummary for
location computation.
R=bmeurer@chromium.org
TEST=message/regress/regress-4266
BUG=v8:4266
LOG=n
Review URL: https://codereview.chromium.org/1331603002
Cr-Commit-Position: refs/heads/master@{#30635}
Fixes: https://github.com/nodejs/node/issues/3934
PR-URL: https://github.com/nodejs/node/pull/3937
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Original commit message:
[es6] Bound function name
Instead of updating the SharedFuntionInfo set the name property on
the function directly.
BUG=v8:4278
LOG=N
R=verwaest@chromium.org, littledan@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1227523003
Cr-Commit-Position: refs/heads/master@{#29558}
Fixes: https://github.com/nodejs/node/issues/2754
PR-URL: https://github.com/nodejs/node/pull/2916
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Original commit message:
TypedArray accessor detection: consider entire prototype chain
When looking up a special accessor for known TypedArray fields
("length", "byteLength", "byteOffset"), consider the entire
prototype chain, not only the direct prototype.
This allows subclasses of TypedArrays to benefit from fast
specialized accesses.
Review URL: https://codereview.chromium.org/1313493005
Cr-Commit-Position: refs/heads/master@{#30678}
Benchmark results:
buffers/buffer-iterate.js size=16386 type=slow method=for n=1000:
./node: 71607 node: 8702.3 ............ 722.85%
Improvement depends on the code, but generally brings us back to the
performance that we had before the v8 update (if not making it
faster).
Fixes: https://github.com/nodejs/node/issues/2463
PR-URL: https://github.com/nodejs/node/pull/2801
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Michael Dawson
Michaël Zasso
Anna Henningsen
Franziska Hinkelmann
Ben Noordhuis
Matt Loring
Myles Borins
Ali Ijaz Sheikh
Bryon Leung
Michaël Zasso
Fedor Indutny