Fixed a small error that manifests when --debug is specified. This
seems to have been introduced during the backport #9422.
Ref: https://github.com/nodejs/node/pull/9422
PR-URL: https://github.com/nodejs/node/pull/10525
Reviewed-By: ofrobots - Ali Ijaz Sheikh <ofrobots@google.com>
Reviewed-By: mhdawson - Michael Dawson <michael_dawson@ca.ibm.com>
Original commit message:
Rewrite scopes in computed properties in destructured parameters
While we properly handled scopes of initializers in destructured
parameters,
we never did the right thing for computed properties. This patch
fixes that
by factoring out PatternRewriter's scope rewriting logic and calls
it for the computed property case.
BUG=chromium:620119
Review-Url: https://codereview.chromium.org/2084103002
Cr-Commit-Position: refs/heads/master@{#37228}
Fixes: https://github.com/nodejs/node/issues/10347
PR-URL: https://github.com/nodejs/node/pull/10386
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Original commit message:
For global object property cells, we did not check that the map on the
previous object is still the same for which we actually optimized. So
the optimized code was not in sync with the actual state of the property
cell. When loading from such a global object property cell, Crankshaft
optimizes away any map checks (based on the stable map assumption),
leading to arbitrary memory access in the worst case.
TurboFan has the same bug for stores, but is safe on loads because we
do appropriate map checks there. However mixing TurboFan and Crankshaft
still exposes the bug.
R=yangguo@chromium.org
BUG=chromium:659475
Review-Url: https://codereview.chromium.org/2444233004
Cr-Commit-Position: refs/heads/master@{#40592}
PR-URL: https://github.com/nodejs/node/pull/10169
Reviewed-By: bnoordhuis - Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: ofrobots - Ali Ijaz Sheikh <ofrobots@google.com>
Original Commit Message:
Previously, any expressions inside destructuring patterns in a catch
would be parsed in the surrounding scope, instead of in the catch's
scope. This change fixes that by entering not only the catch scope,
but also the block scope inside it.
R=neis@chromium.org
BUG=v8:5106, v8:5112
Review-Url: https://codereview.chromium.org/2110193002
Cr-Commit-Position: refs/heads/master@{#37415}
PR-URL: https://github.com/nodejs/node/pull/9173
Reviewed-By: jasnell - James M Snell <jasnell@gmail.com>
Reviewed-By: ofrobots - Ali Ijaz Sheikh <ofrobots@google.com>
Original Commit Message:
"build: cherry pick V8 change for windows DLL support"
This reverts commit 92ecbc4edc.
The original commit did not include the entire changeset
PR-URL: https://github.com/nodejs/node/pull/9610
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
Original commit message:
Don't skip hole checks inside patterns in parameter lists
Previously, b6e9f625c17f3a688139426771e2cb34fbdcb46e fixed self-assignment
in parameters to throw. But it failed to deal with the case of
destructuring with defaults. This patch extends that previous approach
to always treat the end of a parameter as its initializer position,
whether it has an initializer or not.
This is the minimal change to make it easy to merge; a follow-up
will rename the field of Parameter from "initializer_end_position"
to "end_position".
BUG=v8:5454
Review-Url: https://codereview/chromium.org/2390943002
Cr-Commit-Position: refs/heads/master@{#39962}
PR-URL: https://github.com/nodejs/node/pull/9138
Reviewed-By: targos - Michaël Zasso <mic.besace@gmail.com>
Reviewed-By: bnoordhuis - Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: jasnell - James M Snell <jasnell@gmail.com>
Original Commit Message:
[ic] Don't call LookupIterator::GetStoreTarget() when receiver is not a JSReceiver.
BUG=chromium:619166,chromium:625155
Review-Url: https://codereview.chromium.org/2175273002
Cr-Commit-Position: refs/heads/master@{#38018}
PR-URL: https://github.com/nodejs/node/pull/9422
Reviewed-By: bnoordhuis - Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: jasnell - James M Snell <jasnell@gmail.com>
Reviewed-By: targos - Michaël Zasso <mic.besace@gmail.com>
Original commit message:
[heap] Properly propagate allocated space during new space evacuaton in
MC
New space evaucation in MC supports, similar to scavenges, fall back
allocation in old space.
For new space evacuation we support sticky and non-sticky modes for
fallback. The sticky mode essentially removes the capability to allocate
in new space while the non-sticky mode only falls back for a single
allocation.
We use the non-sticky mode for allocations that are too large for a LAB
but should still go in new space. When such an allocation fails in new
space, we allocate in old space in non-sticky mode as we would still
like to reuse the remainder memory in new space. However, in such a case
we fail to properly report the space allocated in resulting in a missed
recorded slot.
BUG=chromium:641270
R=ulan@chromium.org
Review-Url: https://codereview.chromium.org/2280943002
Cr-Commit-Position: refs/heads/master@{#38940}
PR-URL: https://github.com/nodejs/node/pull/9192
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Original commit message:
Rewrite scopes of non-simple default arguments
Default parameters have additional declaration block scopes inserted
around them when something in the function scope calls eval. This
patch sets the parent scope of the expressions introduced due to
those defaults to the new block scope.
R=adamk
BUG=chromium:616386
Review-Url: https://codereview.chromium.org/2077283004
Cr-Commit-Position: refs/heads/master@{#37198}
PR-URL: https://github.com/nodejs/node-private/pull/80
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
The patch should have been bumped in aafc314 but it was missed.
Ref: aafc314a83
Ref: https://github.com/nodejs/node/pull/8673
PR-URL: https://github.com/nodejs/node/pull/8851
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
Reviewed-By: Michaël Zasso <mic.besace@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Original commit message:
Revert of Put RegExp js code in strict mode (patchset #2 id:20001
of https://codereview.chromium.org/1776883005/ )
Reason for revert:
Found to break SAP Web IDE, and these semantics are not shipped
in any other browser.
Revert to legacy semantics while assessing web compatibility.
BUG=chromium:624318
Original issue's description:
> Put RegExp js code in strict mode
>
> src/js/regexp.js was one of the few files that was left in sloppy
> mode. The ES2017 draft specification requires that writes to
> lastIndex throw when the property is non-writable, and test262
> tests enforce this behavior. This patch puts that file in strict
> mode.
>
> BUG=v8:4504
> R=yangguo@chromium.org
> LOG=Y
>
> Committed: https://crrev.com/80b1b2a45bbd9bf3d08e4e6516acfaaa8f438213
> Cr-Commit-Position: refs/heads/master@{#34801}
TBR=yangguo@chromium.org,adamk@chromium.org
Review-Url: https://codereview.chromium.org/2112713003
Cr-Commit-Position: refs/heads/master@{#37449}
PR-URL: https://github.com/nodejs/node/pull/8673
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Add back the no-op harmony shipping flags that were removed in V8 5.1
to increase compatibility with V8 5.0 that we had been shipping before
v6.5.0. These flags do nothing.
Fixes: https://github.com/nodejs/node/issues/8388
Ref: https://github.com/nodejs/node/pull/8395
PR-URL: https://github.com/nodejs/node/pull/8445
Reviewed-By: addaleax - Anna Henningsen <anna@addaleax.net>
Reviewed-By: thealphanerd - Myles Borins <myles.borins@gmail.com>
Reviewed-By: jasnell - James M Snell <jasnell@gmail.com>
Reviewed-By: evanlucas - Evan Lucas <evanlucas@me.com>
Reviewed-By: targos - Michaël Zasso <mic.besace@gmail.com>
Reviewed-By: bnoordhuis - Ben Noordhuis <info@bnoordhuis.nl>
Original commit message:
Make FieldType::None() non-nullptr value to avoid undefined behaviour
When FieldType::None() returns a cast Smi::FromInt(0), which translates
as nullptr, the FieldType::IsNone() check becomes equivalent to
`this == nullptr` which is not allowed by the standard and
therefore optimized away as a false constant by GCC 6.
This has lead to crashes when invoking methods on FieldType::None().
Using a different Smi constant for FieldType::None() makes the compiler
always include a comparison against that value. The choice of these
constants has no effect as they are effectively arbitrary.
BUG=https://github.com/nodejs/node/issues/8310
Review-Url: https://codereview.chromium.org/2292953002
Cr-Commit-Position: refs/heads/master@{#39023}
Fixes: https://github.com/nodejs/node/issues/8310
PR-URL: https://github.com/nodejs/node/pull/8411
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
Original commit message:
[Debugger] Fix StepNext over function with caught exception
Without CL debugger on StepNext adds breakpoint to function where
throw instruction is located. In case of StepNext we will skip pause
in this function because StepNext shouldn't break in a deeper frame.
BUG=chromium:604495
R=yangguo@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/1894263002
Cr-Commit-Position: refs/heads/master@{#35627}
Fixes: https://github.com/nodejs/node/issues/7219
PR-URL: https://github.com/nodejs/node/pull/8099
Reviewed-By: bnoordhuis - Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
Pick up an upstream bugfix for https://crbug.com/621926 and bump V8
version to 5.1.281.80.
Original commit message for 588e15c:
Fixes a bug in cmpw.
The opcodes for 'cmpw r/m16, r16' and 'cmpw r16, r/m16' were
swapped, causing a few issues when less than/greater than
comparison were performed.
Adds a regression test.
BUG=621926
Committed: https://crrev.com/efa7095e3e360fbadbe909d831ac11b268ca26b0
Review-Url: https://codereview.chromium.org/2103713003
Cr-Original-Commit-Position: refs/heads/master@{#37339}
Cr-Commit-Position: refs/heads/master@{#37345}
Original commit message for c0d4bb8:
Fixes a wrong use of Operand in a test.
Operand(reg) -> reg
Operand(reg, 0) -> [reg]
BUG=
Review-Url: https://codereview.chromium.org/2111503002
Cr-Commit-Position: refs/heads/master@{#37370}
PR-URL: https://github.com/nodejs/node/pull/8038
Reviewed-By: bnoordhuis - Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: ofrobots - Ali Ijaz Sheikh <ofrobots@google.com>
Reviewed-By: mhdawson - Michael Dawson <michael_dawson@ca.ibm.com>
Original commit message:
[build] Add force_dynamic_crt option to build a static library with /…
…MD on windows
Adds option to build a V8 library statically, but with the options on
windows that allows it to be subsequently included in another DLL. On
Windows this is required for it to correclty link against the correct
C++ runtime. Require for our Node.js shared library build.
Reference: nodejs/node#7487
BUG=
R=machenbach@chromium.org, michael_dawson@ca.ibm.com
Committed: https://crrev.com/9cf88c1c364cf76c1e745aa63196768435e8ef5d
Review-Url: https://codereview.chromium.org/2149963002
Cr-Original-Commit-Position: refs/heads/master@{#37814}
Cr-Commit-Position: refs/heads/master@{#37856}
PR-URL: https://github.com/nodejs/node/pull/7802
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Original commit message:
[regexp] Fix case-insensitive matching for one-byte subjects.
The bug occurs because we do not canonicalize character class ranges
before adding case equivalents. While adding case equivalents, we abort
early for one-byte subject strings, assuming that the ranges are sorted.
Which they are not.
R=marja@chromium.org
BUG=v8:5199
Review-Url: https://codereview.chromium.org/2159683002
Cr-Commit-Position: refs/heads/master@{#37833}
Fixes: https://github.com/nodejs/node/issues/7708
PR-URL: https://github.com/nodejs/node/pull/7833
Reviewed-By: targos - Michaël Zasso <mic.besace@gmail.com>
Reviewed-By: bnoordhuis - Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: ofrobots - Ali Ijaz Sheikh <ofrobots@google.com>
Original commit message:
S390:Update inline asm constraint in test-platform
The GetStackPointer() routine in test-platform uses an inline
assembly code to store the current stack pointer value into a static
variable sp_addr. The existing asm code for S390 uses an ST/STG
instruction, with the memory operand associated with the general ('=g')
constraint to sp_addr.
On GCC 4.8.5, the GCC compiler got confused and treated sp_addr as
an integer operand instead of memory operand, resulting in a store
being emitted that writes to an invalid meory location.
Given the specific store instructions being inlined here, we should
restict the sp_addr operand to explicitly be a memory operand using '=m'
instead of '=g'.
R=bmeurer@chromium.org,jkummerow@chormium.org,rmcilroy@chromium.org,yangguo@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2158523002
Cr-Commit-Position: refs/heads/master@{#37809}
Fixes: https://github.com/nodejs/node/issues/7659
PR-URL: https://github.com/nodejs/node/pull/7771
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
Remove the `_malloced_memory` field from the `HeapStatistics`
class to achieve full ABI compatibility with V8 5.0.
Ref: https://github.com/nodejs/node/pull/7016
PR-URL: https://github.com/nodejs/node/pull/7526
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
The next major release will make it a fatal error to use non-primitive
values in function templates and object templates.
Print a warning that includes the C and JS stack trace to tell people to
upgrade their add-ons. The C stack trace is only printed on platforms
that support it (the BSDs, OS X and Linux+glibc.)
The warning can be disabled with the new `--nowarn_template_set` flag.
Refs: https://github.com/nodejs/node/issues/6216
PR-URL: https://github.com/nodejs/node/pull/6277
Reviewed-By: James M Snell <jasnell@gmail.com>
Original commit message:
Improved diagnostic message for JS heap out of memory
This patch replaces the unused 'take_snapshot' parameter on
FatalProcessOutOfMemory() with a 'is_heap_oom' parameter.
The parameter is set to true on error paths where the
JS heap is out of memory, as distinct from a malloc()
failure i.e. process out of memory. The message output to
stderr or passed to embedding applications via FatalErrorCallback
is 'Javascript heap out of memory' rather than
'process out of memory'.
BUG=
R=jochen@chromium.org, verwaest@chromium.org, michael_dawson@ca.ibm.com
Review URL: https://codereview.chromium.org/1873443002
Cr-Commit-Position: refs/heads/master@{#35431}
We'd like this in 6.x to help with diagnosing customer problems.
It provides a better message on OOM so that it is easier to
be able to tell whether the OOM was due to heap exhaustion
or running out of native memory.
PR-URL: https://github.com/nodejs/node/pull/6218
Reviewed-By: Ben Noordhuis <ben@strongloop.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
regress/regress-crbug-514081 allocates a 2G block of memory
and if there are multiple variants running at the
same time this can lead to crashes, OOM kills or
the OS failing to allocate memory. This patch
limits us to running a single variant of the test
Fixes: https://github.com/nodejs/node/issues/6340
PR-URL: https://github.com/nodejs/node/pull/6678
Reviewed-By: Ben Noorhduis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Original commit message:
[regexp] Fix case-insensitive matching for one-byte subjects.
The bug occurs because we do not canonicalize character class ranges
before adding case equivalents. While adding case equivalents, we abort
early for one-byte subject strings, assuming that the ranges are sorted.
Which they are not.
R=marja@chromium.org
BUG=v8:5199
Review-Url: https://codereview.chromium.org/2159683002
Cr-Commit-Position: refs/heads/master@{#37833}
Fixes: https://github.com/nodejs/node/issues/7708
PR-URL: https://github.com/nodejs/node/pull/7834
Ref: https://github.com/nodejs/node/pull/7833
Reviewed-By: targos - Michaël Zasso <mic.besace@gmail.com>
Reviewed-By: bnoordhuis - Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: jasnell - James M Snell <jasnell@gmail.com>
Reviewed-By: ofrobots - Ali Ijaz Sheikh <ofrobots@google.com>
Excessive buffering of perf map files in V8 could cause profiles
to be missing symbols at times.
Original commit message:
switch perf and ll_prof loggers to line buffering
BUG=v8:5015
R=jarin@chromium.org,yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2041243002
Cr-Commit-Position: refs/heads/master@{#36788}
PR-URL: https://github.com/nodejs/node/pull/7814
Reviewed-By: bnoordhuis - Ben Noordhuis <info@bnoordhuis.nl>
PR-URL: https://github.com/nodejs/node/pull/7638
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
Original commit message:
port 2aa070b (r34863)
original commit message:
Repair this to match what the runtime correctly does,
by first checking if the function is a constructor
before we access the prototype.
BUG=
Review URL: https://codereview.chromium.org/1809333002
Cr-Commit-Position: refs/heads/master@{#34880}
Fixes: https://github.com/nodejs/node/issues/7592 for X87
PR-URL: https://github.com/nodejs/node/pull/7638
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
Original commit message:
PPC: InstanceOfStub incorrectly interprets the hole as a prototype.
Port 2aa070b
Original commit message:
Repair this to match what the runtime correctly does,
by first checking if the function is a constructor
before we access the prototype.
R=mvstanton@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com,
michael_dawson@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1811013002
Cr-Commit-Position: refs/heads/master@{#34869}
Fixes: https://github.com/nodejs/node/issues/7592 for PPC
PR-URL: https://github.com/nodejs/node/pull/7638
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
Original commit message:
InstanceOfStub incorrectly interprets the hole as a prototype.
Repair this to match what the runtime correctly does, by first
checking if the function is a constructor before we access the
prototype.
R=verwaest@chromium.org
BUG=
Committed: https://crrev.com/2aa070be4fd2960df98905b254f12ed801ef26cd
Cr-Commit-Position: refs/heads/master@{#34863}
This fixes the behavior of instanceof when the second parameter is not a
constructor.
Fixes: https://github.com/nodejs/node/issues/7592
PR-URL: https://github.com/nodejs/node/pull/7638
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
This commit backports a fix to a JIT bug in V8.
After 100 or so comparisons `typeof null ==="undefined"` is returning
`true` instead of `false`.
Original commit message:
Fix 'typeof null' canonicalization in crankshaft
BUG=
Review URL: https://codereview.chromium.org/1912553002
Cr-Commit-Position: refs/heads/master@{#35699}
Ref: https://bugs.chromium.org/p/chromium/issues/detail?id=604033
PR-URL: https://github.com/nodejs/node/pull/7348
Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Michaël Zasso <mic.besace@gmail.com>
Michaël Zasso
Matthew Avery
Cristian Cavalli
Stefan Budeanu
Myles Borins
Cristian Cavalli
Matt Loring
Rod Vagg
Ali Ijaz Sheikh
Anna Henningsen
epertoso
Franziska Hinkelmann
Joran Siu
Ben Noordhuis
Michael Dawson
Myles Borins