Original commit message
[heap] Fix memory leak in the remembered set.
Empty slot set buckets can leak in the following scenarios.
Scenario 1 (large object space):
1) A large array is allocated in the large object space.
2) The array is filled with old->new references, which
allocates new slot set buckets.
3) The references are overwritten with smis or old space
pointers, which make the slots set buckets empty.
4) Garbage collection (scavenge or mark-compact) iterates the
slots set of the array and pre-frees the empty buckets.
5) Steps 2-4 repeated many times and leak arbitary many empty buckets.
The fix to free empty buckets for large object space in mark-compact.
Scenario 2 (no mark-compact):
1) A small array is allocated in the old space.
2) The array is filled with old->new references, which allocates new
slot set buckets.
3) The references are overwritten with smis or old space pointers,
which make the slots set buckets empty.
4) Scavenge iterates the slots set of the array and pre-frees the
empty buckets.
5) Steps 2-4 repeated many times and leak arbitary many empty buckets.
The fix to free empty buckets for swept pages in scavenger.
Bug: v8:6800
TBR: mlippautz@chromium.org
Change-Id: I48d94870f5acf4f6208858271886911c895a9126
Reviewed-on: https://chromium-review.googlesource.com/668442
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48041}
PR-URL: https://github.com/nodejs/node/pull/15664
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Benedikt Meurer <benedikt.meurer@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Original commit message:
[api] Add optional data pointer to GC callbacks
This can be useful when there may be multiple callbacks attached by
code that's not directly tied to a single isolate, e.g. working
on a per-context basis.
This also allows rephrasing the global non-isolate APIs in terms
of this new API, rather than working around it inside `src/heap`.
TBR=hpayer@chromium.org
Bug:
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I2e490ec40d1a34ea812f25f41ef9741d2116d965
Reviewed-on: https://chromium-review.googlesource.com/647548
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47923}
PR-URL: https://github.com/nodejs/node/pull/15391
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Original commit message:
[heap] Move UnmapFreeMemoryTask to CancelableTask
This mitigates the problem of blocking on the main thread when the
platform is unable to execute background tasks in a timely manner.
Bug: v8:6671
Change-Id: I741d4b7594e8d62721dad32cbfb19551ffacd0c3
Reviewed-on: https://chromium-review.googlesource.com/599528
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47126}
PR-URL: https://github.com/nodejs/node/pull/14001
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Original commit message:
Make CancelableTask ids unique
They were only limited to 32 bit when using the internal Hashmap. Since
this has changed alreay some time ago, we can switch to 64 bit ids and
check that we never overflow.
Bug:
Change-Id: Ia6c6d02d6b5e555c6941185a79427dc4aa2a1d62
Reviewed-on: https://chromium-review.googlesource.com/598229
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47085}
PR-URL: https://github.com/nodejs/node/pull/14001
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Original commit message:
[inspector] support for cases when embedder doesn't call contextDestroyed
Node.js doesn't have good place to call contextDestroyed.
We need to cleanup everything on our side to allow clients to not call
contextDestroyed method.
R=dgozman@chromium.org,eostroukhov@chromium.com
Bug: none
Change-Id: Ibe3f01fd18afbfa579e5db66ab6f174d5fad7c82
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/575519
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#46849}
Reviewed-on: https://chromium-review.googlesource.com/596549
Cr-Commit-Position: refs/heads/master@{#47060}
PR-URL: https://github.com/nodejs/node/pull/14730
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
regress/regress-crbug-514081 allocates a 2G block of memory
and if there are multiple variants running at the
same time this can lead to crashes, OOM kills or
the OS failing to allocate memory. This patch
limits us to running a single variant of the test
Fixes: https://github.com/nodejs/node/issues/6340
PR-URL: https://github.com/nodejs/node/pull/6678
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Original commit message:
[turbofan] Improve representation selection for type guard.
This takes into account the type of the type guard when choosing
representation for a node. To make the representation changes
unambiguous, we pass the restricted type to the changer.
BUG=chromium:726554
Review-Url: https://codereview.chromium.org/2920193004
Cr-Commit-Position: refs/heads/master@{#45734}
PR-URL: https://github.com/nodejs/node/pull/15177
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Original commit message:
[heap] Move UnmapFreeMemoryTask to CancelableTask
This mitigates the problem of blocking on the main thread when the
platform is unable to execute background tasks in a timely manner.
Bug: v8:6671
Change-Id: I741d4b7594e8d62721dad32cbfb19551ffacd0c3
Reviewed-on: https://chromium-review.googlesource.com/599528
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47126}
PR-URL: https://github.com/nodejs/node/pull/14001
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Original commit message:
Make CancelableTask ids unique
They were only limited to 32 bit when using the internal Hashmap. Since
this has changed alreay some time ago, we can switch to 64 bit ids and
check that we never overflow.
Bug:
Change-Id: Ia6c6d02d6b5e555c6941185a79427dc4aa2a1d62
Reviewed-on: https://chromium-review.googlesource.com/598229
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47085}
PR-URL: https://github.com/nodejs/node/pull/14001
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Original commit message:
Pull tracing related methods out of Platform
This will allow for embedders to easily implement their own Platform
without duplicating the tracing controller code.
BUG=v8:6511
R=fmeawad@chromium.org
Cq-Include-Trybots:
master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I7c64933d12b2cf53f0636fbc87f6ad5d22019f5c
Reviewed-on: https://chromium-review.googlesource.com/543015
Commit-Queue: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Fadi Meawad <fmeawad@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46118}
PR-URL: https://github.com/nodejs/node/pull/14001
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
This fixes the inspector tests failing after the cherry-pick.
V8 commit: f19b889be8
PR-URL: https://github.com/nodejs/node/pull/14827
Fixes: https://github.com/nodejs/node/issues/14824
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Original commit message:
[inspector] support for cases when embedder doesn't call contextDestroyed
Node.js doesn't have good place to call contextDestroyed.
We need to cleanup everything on our side to allow clients to not call
contextDestroyed method.
R=dgozman@chromium.org,eostroukhov@chromium.com
Bug: none
Change-Id: Ibe3f01fd18afbfa579e5db66ab6f174d5fad7c82
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/575519
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#46849}
Reviewed-on: https://chromium-review.googlesource.com/596549
Cr-Commit-Position: refs/heads/master@{#47060}
Ref: f19b889be8
PR-URL: https://github.com/nodejs/node/pull/14465
Reviewed-By: Jan Krems <jan.krems@gmail.com>
Reviewed-By: Timothy Gu <timothygu99@gmail.com>
Reviewed-By: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Original commit messages:
a2ab1353f6
[snapshot] Rehash strings after deserialization.
See https://goo.gl/6aN8xA
Bug: v8:6593
Change-Id: Ic8b0b57195d01d41591397d5d45de3f0f3ebc3d9
Reviewed-on: https://chromium-review.googlesource.com/574527
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46732}
182caaf4a9
Do not track transitions for built-in objects.
Objects created during bootstrapping do not need
a transition tree except for elements kind transitions.
Bug: v8:6596
Change-Id: I237b8b2792f201336e1c9731c815095dd06bc182
Reviewed-on: https://chromium-review.googlesource.com/571750
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46693}
Fixes: https://github.com/nodejs/node/issues/14171
Refs: https://github.com/nodejs/node/pull/14345
PR-URL: https://github.com/nodejs/node/pull/14004
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
regress/regress-crbug-514081 allocates a 2G block of memory
and if there are multiple variants running at the
same time this can lead to crashes, OOM kills or
the OS failing to allocate memory. This patch
limits us to running a single variant of the test
Fixes: https://github.com/nodejs/node/issues/6340
Refs: https://github.com/nodejs/node/pull/6678
PR-URL: https://github.com/nodejs/node/pull/14004
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Original commit messages:
a2ab1353f6
[snapshot] Rehash strings after deserialization.
See https://goo.gl/6aN8xA
Bug: v8:6593
Change-Id: Ic8b0b57195d01d41591397d5d45de3f0f3ebc3d9
Reviewed-on: https://chromium-review.googlesource.com/574527
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46732}
182caaf4a9
Do not track transitions for built-in objects.
Objects created during bootstrapping do not need
a transition tree except for elements kind transitions.
Bug: v8:6596
Change-Id: I237b8b2792f201336e1c9731c815095dd06bc182
Reviewed-on: https://chromium-review.googlesource.com/571750
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46693}
Fixes: https://github.com/nodejs/node/issues/14171
PR-URL: https://github.com/nodejs/node/pull/14345
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
Original commit message:
Properly handle loads from global interceptor via prototype chain.
... when receiver is in dictionary mode.
Bug: v8:6490
Change-Id: Ic5a8d214adcc4efd4cb163cbc6b351c4e6b596af
Reviewed-on: https://chromium-review.googlesource.com/559548
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46428}
Ref: 6cb999b97b
Fixes: https://github.com/nodejs/node/issues/13804
PR-URL: https://github.com/nodejs/node/pull/14188
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Original commit message:
[turbofan] Boost performance of Array.prototype.shift by 4x.
For small arrays, it's way faster to just move the elements instead of
doing the fairly complex and heavy-weight left-trimming. Crankshaft has
had this optimization for small arrays already; this CL more or less
ports this functionality to TurboFan, which yields a 4x speed-up when
using shift on small arrays (with up to 16 elements).
This should recover some of the regressions reported in the Node.js issues
https://github.com/nodejs/node/issues/12657
and discovered for the syncthrough module using
https://github.com/mcollina/syncthrough/blob/master/benchmarks/basic.js
as benchmark.
R=jarin@chromium.org
BUG=v8:6376
Review-Url: https://codereview.chromium.org/2874453002
Cr-Commit-Position: refs/heads/master@{#45216}
PR-URL: https://github.com/nodejs/node/pull/13263
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
es6/typedarray-construct-offset-not-smi allocates a 2G block of memory
and if there are multiple variants running at the same time this can
lead to crashes, OOM kills or the OS failing to allocate memory.
This patch limits us to running a single variant of the test.
Refs: https://github.com/nodejs/node/pull/6678
PR-URL: https://github.com/nodejs/node/pull/13263
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
regress/regress-crbug-514081 allocates a 2G block of memory
and if there are multiple variants running at the
same time this can lead to crashes, OOM kills or
the OS failing to allocate memory. This patch
limits us to running a single variant of the test
Fixes: https://github.com/nodejs/node/issues/6340
PR-URL: https://github.com/nodejs/node/pull/6678
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Original commit message:
[turbofan] Boost performance of Array.prototype.shift by 4x.
For small arrays, it's way faster to just move the elements instead of
doing the fairly complex and heavy-weight left-trimming. Crankshaft has
had this optimization for small arrays already; this CL more or less
ports this functionality to TurboFan, which yields a 4x speed-up when
using shift on small arrays (with up to 16 elements).
This should recover some of the regressions reported in the Node.js issues
https://github.com/nodejs/node/issues/12657
and discovered for the syncthrough module using
https://github.com/mcollina/syncthrough/blob/master/benchmarks/basic.js
as benchmark.
R=jarin@chromium.org
BUG=v8:6376
Review-Url: https://codereview.chromium.org/2874453002
Cr-Commit-Position: refs/heads/master@{#45216}
PR-URL: https://github.com/nodejs/node/pull/13162
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
regress/regress-crbug-514081 allocates a 2G block of memory
and if there are multiple variants running at the
same time this can lead to crashes, OOM kills or
the OS failing to allocate memory. This patch
limits us to running a single variant of the test
Fixes: https://github.com/nodejs/node/issues/6340
PR-URL: https://github.com/nodejs/node/pull/6678
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
This fixes a build failure on Windows.
Original commit message:
Rename TypeFeedbackVector to FeedbackVector.
... and TypeFeedbackMetadata to FeedbackMetadata.
BUG=
Change-Id: I2556d1c2a8f37b8cf3d532cc98d973b6dc7e9e6c
Reviewed-on: https://chromium-review.googlesource.com/439244
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#42999}
Refs: https://github.com/nodejs/v8/issues/4
PR-URL: https://github.com/nodejs/node/pull/11752
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
This is an almost clean cherry-pick of the original commit. The only
conflict was related to a rename of an internal class.
Original commit message:
[async-await] (simpler) fix for Return in try/finally in async functions
Alternative approach to https://codereview.chromium.org/2667983004/, which
does not depend on implicit control flow changes from
https://codereview.chromium.org/2664083002
- Remove handling for `async function` from Parser::RewriteReturn(). This functionality
is moved to BytecodeGenerator::BuildAsyncReturn(). This ensures that promise resolution
is deferred until all finally blocks are evaluated fully.
- Add a new deferred command (CMD_ASYNC_RETURN), which instructs ControlScope to
generate return code using BuildAsyncReturn rather than BuildReturn.
- Parser has a new `NewReturnStatement()` helper which determines what type of return
statement to generate based on the type of function.
BUG=v8:5896, v8:4483
R=littledan@chromium.org, neis@chromium.org, rmcilroy@chromium.org, adamk@chromium.org, gsathya@chromium.org
Review-Url: https://codereview.chromium.org/2685683002
Cr-Commit-Position: refs/heads/master@{#43104}
Fixes: https://github.com/nodejs/node/issues/11960
PR-URL: https://github.com/nodejs/node/pull/11752
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
Original commit message:
[api] Fix DescriptorInterceptor with access check.
The DescriptorInterceptor should intercept all
Object.getOwnPropertyDescriptor calls. This CL fixes
the interceptor's behavior if the iterator state is
ACCESS_CHECK.
BUG=
Review-Url: https://codereview.chromium.org/2707263002
Cr-Commit-Position: refs/heads/master@{#43417}
PR-URL: https://github.com/nodejs/node/pull/11712
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Refs: https://github.com/nodejs/node/pull/11048
Below is the list of commits:
deps: cherry-pick 78c0be52d from V8 upstream
Original commit message:
ValueSerializer: Promote scheduled exceptions from wasm::ErrorThrower.
wasm::ErrorThrower doesn't actually throw exceptions, it just schedules them.
As a result, this exception isn't handled properly by code which expects
ValueDeserializer to actually throw. For instance, the unit tests use a
TryCatch to catch and handle expected exceptions in unit tests.
Before this patch, I see local unit test failures because a wasm decode test
schedules one, but it isn't caught (and instead causes Context::New to fail
at the beginning of the next test).
BUG=685713
Review-Url: https://codereview.chromium.org/2659483004
Cr-Commit-Position: refs/heads/master@{#42718}
deps: cherry-pick 966355585 from V8 upstream
Original commit message:
[d8] Use ValueSerializer for postMessage (instead of ad-hoc serializer)
Review-Url: https://codereview.chromium.org/2643723010
Cr-Commit-Position: refs/heads/master@{#42749}
deps: cherry-pick bf511b426 from V8 upstream
Original commit message:
ValueSerializer: Support efficiently reading and writing one-byte strings.
memcpy is faster than UTF-8 encoding/decoding. This yields 10-20% wins on
serializing and deserializing long ASCII strings, according to
blink_perf.bindings -- and these are already in a fast path where the entire
string is known to be ASCII (but this has to be checked). The win may be
larger for strings in Latin-1 but not ASCII (though I suspect this is an
uncommon case).
A change is also made to make ValueSerializerTest.EncodeTwoByteStringUsesPadding
survive wire format version number changes.
This is the first of a series of wire format changes from the previous Blink
format. The deserializer continues to be able to read the old format, but
Chromium M56 will no longer be able to read the messages written by this, in M58.
BUG=chromium:686159
Review-Url: https://codereview.chromium.org/2658793004
Cr-Commit-Position: refs/heads/master@{#42753}
deps: cherry-pick 6f1639ed1 from V8 upstream
Original commit message:
ValueSerializer: Distinguish between 'undefined' and an absent property.
Dealing with this case requires a wire format change. It is possible that an
element can be absent even in an array where the dense format was chosen
(because the array initially had no holes), if the elements are modified while
they are being serialized. In this case, a new tag for the "hole" is emitted.
The logic to treat undefined in dense arrays as an absent property is restricted
to versions of the wire format that this tag did not exist.
BUG=chromium:686159,chromium:665820
Review-Url: https://codereview.chromium.org/2660093002
Cr-Original-Commit-Position: refs/heads/master@{#42784}
Committed: dc85f4c833
Review-Url: https://codereview.chromium.org/2660093002
Cr-Commit-Position: refs/heads/master@{#42800}
deps: cherry-pick c3856de37 from V8 upstream
Original commit message:
ValueSerializer: Check for zero length before casting to FixedDoubleArray.
Even though the elements kind is FAST_DOUBLE_ELEMENTS, if length is zero
the isolate's empty_fixed_array is used. It's illegal to cast this to
FixedDoubleArray, so we avoid the cast.
BUG=chromium:686479
Review-Url: https://codereview.chromium.org/2665313003
Cr-Commit-Position: refs/heads/master@{#42867}
deps: cherry-pick 591cc0b4c from V8 upstream
Original commit message:
ValueSerializer: Share string encoding code with String and RegExp objects.
This avoids the need to pull in the UTF-8 encoding code from the public API,
and allows it to take advantage of any supported way that i::String can be
encoded (one- or two-byte).
Backward compatibility is maintained, but this is the behavior beginning
with this version.
BUG=chromium:686159
Review-Url: https://codereview.chromium.org/2665653004
Cr-Commit-Position: refs/heads/master@{#42872}
deps: cherry-pick 79837f5f6 from V8 upstream
Original commit message:
Improve ValueSerializer perf regression after 96635558
BUG=687196
R=jbroman@chromium.org
Review-Url: https://codereview.chromium.org/2674613002
Cr-Commit-Position: refs/heads/master@{#42938}
deps: cherry-pick 8990399dc from V8 upstream
Original commit message:
ValueDeserializer: Only allow valid keys when deserializing object properties.
The serializer won't ever write a more complex object. Not validating this
allows other things to be used as keys, and converted to string when the
property set actually occurs. It turns out this gives an opportunity to trigger
OOM by giving an object a key which is a very large sparse array (whose string
representation is very large).
This case is now rejected by the deserializer.
BUG=chromium:686511
Review-Url: https://codereview.chromium.org/2697023002
Cr-Commit-Position: refs/heads/master@{#43249}
deps: cherry-pick 68960eeb7 from V8 upstream
Original commit message:
ValueDeserializer: Make sure that an exception is the legacy path.
The entry points to the deserializer are responsible for ensuring that an
exception is pending by the time they return. Some failures throw exceptions
themselves, while others (like errors in the format) are exceptions caused by
the deserializer, not coming from the runtime.
Like the non-legacy path, a default deserialization exception should be thrown
in such cases.
BUG=chromium:693411
Review-Url: https://codereview.chromium.org/2712713002
Cr-Commit-Position: refs/heads/master@{#43390}
deps: cherry-pick 3b15d950e from V8 upstream
Original commit message:
ValueSerializer: Add SetTreatArrayBufferViewsAsHostObjects() flag
Add `ValueSerializer::SetTreatArrayBufferViewsAsHostObjects()` which
instructs the `ValueSerializer` to treat ArrayBufferView objects as
host objects.
BUG=v8:5926
Review-Url: https://codereview.chromium.org/2696133007
Cr-Commit-Position: refs/heads/master@{#43281}
deps: cherry-pick 654351997 from V8 upstream
Original commit message:
ValueSerializer: Add an explicit tag for host objects.
This makes it no longer necessary to ensure that V8 and Blink have non-colliding
tags, which makes it easier for them to evolve independently, and also makes
the wire format more suitable for other V8 embedders, who would not
necessarily be surveyed before V8 introduced a new tag that might collide
with theirs.
BUG=chromium:686159
Review-Url: https://codereview.chromium.org/2709023003
Cr-Commit-Position: refs/heads/master@{#43466}
PR-URL: https://github.com/nodejs/node/pull/11752
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
regress/regress-crbug-514081 allocates a 2G block of memory
and if there are multiple variants running at the
same time this can lead to crashes, OOM kills or
the OS failing to allocate memory. This patch
limits us to running a single variant of the test
Fixes: https://github.com/nodejs/node/issues/6340
PR-URL: https://github.com/nodejs/node/pull/6678
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Original commit message:
[debugger] fix switch block source positions.
The switch statement itself is part of the switch block.
However, the source position of the statement is outside of
the block. This leads to confusion for the debugger, if the
switch block pushes a block context: the current context is
a block context, but the scope analysis based on the current
source position tells the debugger that we should be outside
the scope, so we should have the function context.
R=marja@chromium.org
BUG=v8:6085
Review-Url: https://codereview.chromium.org/2744213003
Cr-Commit-Position: refs/heads/master@{#43744}
Committed: 09de9969cc
Fixes: https://github.com/nodejs/node/issues/11746
PR-URL: https://github.com/nodejs/node/pull/11905
Fixes: https://github.com/nodejs/node/issues/11746
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
Original commit message:
[api] Fix DescriptorInterceptor with access check.
The DescriptorInterceptor should intercept all
Object.getOwnPropertyDescriptor calls. This CL fixes
the interceptor's behavior if the iterator state is
ACCESS_CHECK.
BUG=
Review-Url: https://codereview.chromium.org/2707263002
Cr-Commit-Position: refs/heads/master@{#43417}
PR-URL: https://github.com/nodejs/node/pull/11712
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
regress/regress-crbug-514081 allocates a 2G block of memory
and if there are multiple variants running at the
same time this can lead to crashes, OOM kills or
the OS failing to allocate memory. This patch
limits us to running a single variant of the test
Fixes: https://github.com/nodejs/node/issues/6340
PR-URL: https://github.com/nodejs/node/pull/6678
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
regress/regress-crbug-514081 allocates a 2G block of memory
and if there are multiple variants running at the
same time this can lead to crashes, OOM kills or
the OS failing to allocate memory. This patch
limits us to running a single variant of the test
Fixes: https://github.com/nodejs/node/issues/6340
PR-URL: https://github.com/nodejs/node/pull/6678
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Original commit message:
Fix the uppercasing of U+00E7(ç) and U+00F7(÷)
Due to a typo in runtime-i18n.js, 'ç'(U+00E7) was not uppercased
while '÷'(U+00F7) was incorrectly uppercased to '×'(U+00D7).
Add a comprehensive test for Latin-1 supplemental block
(U+00A0 ~ U+00FF). (they're special-cased for speed-up and
needs to have a test for the range.).
TEST=intl/general/case-mapping
BUG=v8:5681
Review-Url: https://codereview.chromium.org/2533033003
Cr-Commit-Position: refs/heads/master@{#41331}
PR-URL: https://github.com/nodejs/node/pull/9828
Fixes: https://github.com/nodejs/node/issues/9785
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/9412
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
2d524bcd1e
Original commit message:
deps: limit regress/regress-crbug-514081 v8 test
regress/regress-crbug-514081 allocates a 2G block of memory
and if there are multiple variants running at the
same time this can lead to crashes, OOM kills or
the OS failing to allocate memory. This patch
limits us to running a single variant of the test
Fixes: https://github.com/nodejs/node/issues/6340
PR-URL: https://github.com/nodejs/node/pull/6678
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
PR-URL: https://github.com/nodejs/node/pull/8907Fixes: #8750
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
PR-URL: https://github.com/nodejs/node/pull/8852
Reviewed-By: Franziska Hinkelmann <franzih@chromium.org>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Original commit message:
[Debugger] Fix StepNext over function with caught exception
Without CL debugger on StepNext adds breakpoint to function where
throw instruction is located. In case of StepNext we will skip pause
in this function because StepNext shouldn't break in a deeper frame.
BUG=chromium:604495
R=yangguo@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/1894263002
Cr-Commit-Position: refs/heads/master@{#35627}
Fixes: https://github.com/nodejs/node/issues/7219
PR-URL: https://github.com/nodejs/node/pull/8099
Reviewed-By: bnoordhuis - Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
Pick up an upstream bugfix for https://crbug.com/621926 and bump V8
version to 5.1.281.80.
Original commit message for 588e15c:
Fixes a bug in cmpw.
The opcodes for 'cmpw r/m16, r16' and 'cmpw r16, r/m16' were
swapped, causing a few issues when less than/greater than
comparison were performed.
Adds a regression test.
BUG=621926
Committed: https://crrev.com/efa7095e3e360fbadbe909d831ac11b268ca26b0
Review-Url: https://codereview.chromium.org/2103713003
Cr-Original-Commit-Position: refs/heads/master@{#37339}
Cr-Commit-Position: refs/heads/master@{#37345}
Original commit message for c0d4bb8:
Fixes a wrong use of Operand in a test.
Operand(reg) -> reg
Operand(reg, 0) -> [reg]
BUG=
Review-Url: https://codereview.chromium.org/2111503002
Cr-Commit-Position: refs/heads/master@{#37370}
PR-URL: https://github.com/nodejs/node/pull/8038
Reviewed-By: bnoordhuis - Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: ofrobots - Ali Ijaz Sheikh <ofrobots@google.com>
Reviewed-By: mhdawson - Michael Dawson <michael_dawson@ca.ibm.com>
Ali Ijaz Sheikh
Michaël Zasso
Anna Henningsen
Matt Loring
Michael Dawson
Miguel Martins
Eugene Ostroukhov
Alexey Kozyatinskiy
Yang Guo
Myles Borins
Igor Sheludko
Franziska Hinkelmann
Ben Noordhuis
Steven R. Loomis
epertoso