#v8.dll.txt #40

xiaoyaocode163 · 2020-03-25T05:28:54Z

I would like to ask if there is a QQ group, would like to communicate, can you generate the V8 Cizhi DLL, STDCALL interface. Convenience

VB6, easy language and other programming language calls, (32-bit, 64-bit) is the best, thank you
V8 is used sincerely, exchange QQ group: 598609506, 178168957, 78458582

I would like to ask if there is a QQ group, would like to communicate, can you generate the V8 Cizhi DLL, STDCALL interface. Convenience VB6, easy language and other programming language calls, (32-bit, 64-bit) is the best, thank you V8 is used sincerely, exchange QQ group: 598609506, 178168957, 78458582

googlebot · 2020-03-25T05:29:00Z

Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please visit https://cla.developers.google.com/ to sign.

Once you've signed (or fixed any issues), please reply here with @googlebot I signed it! and we'll verify it.

What to do if you already signed the CLA

Individual signers

It's possible we don't have your GitHub username or you're using a different email address on your commit. Check your existing CLA data and verify that your email is set on your git commits.

Corporate signers

Your company has a Point of Contact who decides which employees are authorized to participate. Ask your POC to be added to the group of authorized contributors. If you don't know who your Point of Contact is, direct the Google project maintainer to go/cla#troubleshoot (Public version).
The email used to register you as an authorized contributor must be the email used for the Git commit. Check your existing CLA data and verify that your email is set on your git commits.
The email used to register you as an authorized contributor must also be attached to your GitHub account.

ℹ️ Googlers: Go here for more info.

TBR=v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com Change-Id: Idddb5c25af707d6a09812cee86bffd0f2ce41a66 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2080169 Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/branch-heads/8.1@{v8#40} Cr-Branched-From: a4dcd39-refs/heads/8.1.307@{#1} Cr-Branched-From: f22c213-refs/heads/master@{#66031}

Temporarily disable multi-value until the launch is approved. TBR=ahaas@chromium.org (cherry picked from commit 20728ee) Change-Id: Id82794803eb400f80880e2f1fb0fb639904169e2 No-Try: true No-Presubmit: true No-Tree-Checks: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2358747 Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/branch-heads/8.5@{v8#40} Cr-Branched-From: a7f8bc4-refs/heads/8.5.210@{#1} Cr-Branched-From: dd58472-refs/heads/master@{#68510}

TBR=v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com Change-Id: I749c699ac5e6f342f9741f3b4b3a3e6f240c1fe7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1893709 Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/branch-heads/7.8@{v8#40} Cr-Branched-From: 73694fd-refs/heads/7.8.279@{#1} Cr-Branched-From: 2314928-refs/heads/master@{#63555}

TBR=v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com Change-Id: Iaf99c67e4f8b0d9d8127fbb1e688fd1c05d39b14 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1559406 Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/branch-heads/7.4@{v8#40} Cr-Branched-From: 3e8a733-refs/heads/7.4.288@{#1} Cr-Branched-From: d077f9b-refs/heads/master@{#60039}

TBR=v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com Change-Id: I1d9398db961c7a33c47b22e6695245aa9ef1b20e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1904116 Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/branch-heads/7.9@{v8#40} Cr-Branched-From: be181e2-refs/heads/7.9.317@{#1} Cr-Branched-From: 0d7889d-refs/heads/master@{#64307}

Revision: a2e971c BUG=chromium:1051017 NOTRY=true NOPRESUBMIT=true NOTREECHECKS=true TBR=hablich@chromium.org Change-Id: Ib910a1c76c262cab04b8cb58bbacbf8e5ea41629 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2056854 Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/branch-heads/8.0@{v8#40} Cr-Branched-From: 69827db-refs/heads/8.0.426@{v8#2} Cr-Branched-From: 2fe1552-refs/heads/master@{#65318}

TypeNarrowing and TypedOptimization can successively narrow range types of loop variables. In the presence of new, precise information on such loop variables, e.g. due to load elimination, many such narrowing steps are necessary, however, leading to very slow convergence of optimizations and an explosion in memory consumption. Until we have a sound way of speeding this process up, we disable TypedOptimization on loop-related Phi nodes. R=bmeurer@chromium.org, mvstanton@chromium.org (cherry picked from commit 6eed6cc) No-Try: true No-Presubmit: true No-Treechecks: true Tbr: bmeurer@chromium.org Bug: chromium:978750 Change-Id: Ibce7db69807d2c1bc6a56c2f0287440bec0ce04b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1687892 Commit-Queue: Georg Schmid <gsps@google.com> Commit-Queue: Michael Stanton <mvstanton@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#62513} Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1691903 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/branch-heads/7.6@{v8#40} Cr-Branched-From: 2cb2573-refs/heads/7.6.303@{#1} Cr-Branched-From: 201c509-refs/heads/master@{#61902}

This reverts commit 95c3209. Reason for revert: Build failure Original change's description: > Merged: [Torque] Array.prototype.shift correctness fix > > Revision: c9b48e9 > > BUG=chromium:940274 > LOG=N > NOTRY=true > NOPRESUBMIT=true > NOTREECHECKS=true > > Change-Id: I964b1e065c65708436274dee59c8e0b1f4f2eb0f > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1622118 > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > Cr-Commit-Position: refs/branch-heads/7.5@{v8#36} > Cr-Branched-From: 35b9bf5-refs/heads/7.5.288@{#1} > Cr-Branched-From: 912b391-refs/heads/master@{#60911} TBR=mvstanton@chromium.org,tebbi@chromium.org Change-Id: I1944421829814f54f2cd9876199eb681f8520681 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:940274 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1622966 Reviewed-by: Michael Stanton <mvstanton@chromium.org> Commit-Queue: Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/branch-heads/7.5@{v8#40} Cr-Branched-From: 35b9bf5-refs/heads/7.5.288@{#1} Cr-Branched-From: 912b391-refs/heads/master@{#60911}

For 64-bit binary operations, Liftoff on arm made the assumption that register pairs are always ordered, i.e. the register code for the low word is lower than the register code for the high word. Ensuring this was only implemented in {GetUnusedRegister} in https://crrev.com/c/2168875. Other cases were missing though, e.g. return values, but also different places were we construct register pairs internally. Thus, this CL removes this constraint again and instead handles unordered register pairs in 64-bit binary operations on arm. TBR=thibaudm@chromium.org (cherry picked from commit b429b8f) Bug: chromium:1101304 No-Try: true No-Tree-Checks: true No-Presubmit: true Change-Id: Ib52a0bfb620b180e99b2785206779b550a98e1d4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2308338 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/branch-heads/8.4@{v8#40} Cr-Branched-From: 88ed2e3-refs/heads/8.4.371@{#1} Cr-Branched-From: 35f88bf-refs/heads/master@{#67773}

Preparing for tail call is usually done by emitting the gap moves and then moving the stack pointer to its new position. An optimization consists in moving the stack pointer first and transforming some of the moves into pushes. In the attached case it looks like this (arm): 138 add sp, sp, #40 13c str r6, [sp, #-4]! 140 str r6, [sp, #-4]! 144 str r6, [sp, #-4]! 148 str r6, [sp, #-4]! 14c str r6, [sp, #-4]! ... 160 vldr d1, [sp - 4*3] The last line is a gap reload, but because the stack pointer was already moved, the slot is now below the stack pointer. This is invalid and triggers this DCHECK: Fatal error in ../../v8/src/codegen/arm/assembler-arm.cc, line 402 Debug check failed: 0 <= offset (0 vs. -12). A comment already explains that we skip the optimization if the gap contains stack moves to prevent this, but the code only checks for non-FP slots. This is fixed by replacing "source.IsStackSlot()" with "source.IsAnyStackSlot()": 108 vldr d1, [sp + 4*2] ... 118 str r0, [sp, #+36] 11c str r0, [sp, #+32] 120 str r0, [sp, #+28] 124 str r0, [sp, #+24] 128 str r0, [sp, #+20] ... 134 add sp, sp, #20 R=jgruber@chromium.org Bug: chromium:1137608 Change-Id: If2b85dde49bf31a6bd3f5e0255407f9390727f9d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2474784 Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/master@{#70603}

TBR=v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com Change-Id: I897c7518e7fae3db80d944e5e8a3e0d20200f225 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2871389 Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/branch-heads/9.1@{v8#40} Cr-Branched-From: 0e4ac64-refs/heads/9.1.269@{#1} Cr-Branched-From: f565e72-refs/heads/master@{#73847}

TBR=v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com Change-Id: I9b7e88a89a23e09735934ccb36385627a6713a91 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3035341 Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/branch-heads/9.2@{v8#40} Cr-Branched-From: 5123834-refs/heads/9.2.230@{#1} Cr-Branched-From: 587a04f-refs/heads/master@{#74656}

TBR=v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com Change-Id: I92c47ade370d7be2912201087707c23bc9759e41 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2713129 Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/branch-heads/8.9@{v8#40} Cr-Branched-From: 16b9bbb-refs/heads/8.9.255@{#1} Cr-Branched-From: d16a2a6-refs/heads/master@{#72039}

TBR=v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com Change-Id: Ie7d5b1addd501c77ed4f70a7b999977ecfc2f7a8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3199837 Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/branch-heads/9.4@{v8#40} Cr-Branched-From: 3b51863-refs/heads/9.4.146@{#1} Cr-Branched-From: 2890419-refs/heads/master@{#76233}

…edSigned (cherry picked from commit 4fae8b1) (cherry picked from commit f4f11c2) Bug: chromium:1278387 No-Try: true No-Presubmit: true No-Tree-Checks: true Change-Id: I9b89834c094510e064988aa534ec230309996034 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3329665 Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Original-Commit-Position: refs/branch-heads/9.6@{v8#40} Cr-Original-Branched-From: 0b7bda0-refs/heads/9.6.180@{#1} Cr-Original-Branched-From: 41a5a24-refs/heads/main@{#77244} Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3335759 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Owners-Override: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/branch-heads/9.4@{v8#56} Cr-Branched-From: 3b51863-refs/heads/9.4.146@{#1} Cr-Branched-From: 2890419-refs/heads/master@{#76233}

When cloning objects using spread and update properties (e.g. obj = {...o, x: 0}), we wrongly used the setter for the update argument if one was set. This CL changes the behaviour such that all arguments following the spread are treated as dynamic arguments. (cherry picked from commit 732d09a) Bug: chromium:1251366 No-Try: true No-Presubmit: true No-Tree-Checks: true Change-Id: Ie71dbe3f420a68e5e7e7aa23bc3ef8caccf6180c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3219081 Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Commit-Queue: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/branch-heads/9.5@{v8#40} Cr-Branched-From: 4a03d61-refs/heads/9.5.172@{#1} Cr-Branched-From: 9a60704-refs/heads/main@{#76741}

Revision: 518d67a This is a reland of the previous merge which addresses the cctest link failure in component build mode. BUG=chromium:1133527 NOTRY=true NOPRESUBMIT=true NOTREECHECKS=true R=verwaest@chromium.org Change-Id: Icbbc69fd5403fd0c2ab6d07d4340292b2b8c72b9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2504264 Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/branch-heads/8.6@{v8#40} Cr-Branched-From: a64aed2-refs/heads/8.6.395@{#1} Cr-Branched-From: a626bc0-refs/heads/master@{#69472}

Preparing for tail call is usually done by emitting the gap moves and then moving the stack pointer to its new position. An optimization consists in moving the stack pointer first and transforming some of the moves into pushes. In the attached case it looks like this (arm): 138 add sp, sp, v8#40 13c str r6, [sp, #-4]! 140 str r6, [sp, #-4]! 144 str r6, [sp, #-4]! 148 str r6, [sp, #-4]! 14c str r6, [sp, #-4]! ... 160 vldr d1, [sp - 4*3] The last line is a gap reload, but because the stack pointer was already moved, the slot is now below the stack pointer. This is invalid and triggers this DCHECK: Fatal error in ../../v8/src/codegen/arm/assembler-arm.cc, line 402 Debug check failed: 0 <= offset (0 vs. -12). A comment already explains that we skip the optimization if the gap contains stack moves to prevent this, but the code only checks for non-FP slots. This is fixed by replacing "source.IsStackSlot()" with "source.IsAnyStackSlot()": 108 vldr d1, [sp + 4*2] ... 118 str r0, [sp, #+36] 11c str r0, [sp, #+32] 120 str r0, [sp, #+28] 124 str r0, [sp, #+24] 128 str r0, [sp, #+20] ... 134 add sp, sp, v8#20 TBR=jgruber@chromium.org (cherry picked from commit 7506e06) Change-Id: I66ed6187755af956e245207e940c83ea0697a5e6 Bug: chromium:1137608 No-Try: true No-Presubmit: true No-Tree-Checks: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2505976 Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/branch-heads/8.6@{v8#42} Cr-Branched-From: a64aed2-refs/heads/8.6.395@{#1} Cr-Branched-From: a626bc0-refs/heads/master@{#69472}

…edSigned (cherry picked from commit 4fae8b1) Bug: chromium:1278387 No-Try: true No-Presubmit: true No-Tree-Checks: true Change-Id: I9b89834c094510e064988aa534ec230309996034 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3329665 Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/branch-heads/9.6@{v8#40} Cr-Branched-From: 0b7bda0-refs/heads/9.6.180@{#1} Cr-Branched-From: 41a5a24-refs/heads/main@{#77244}

Change-Id: I76d71eee696a3e05c765d319c85fef28ee9d43e1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3826072 Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/branch-heads/10.4@{v8#40} Cr-Branched-From: b1413ed-refs/heads/10.4.132@{#1} Cr-Branched-From: 9d0a093-refs/heads/main@{#80972}

Bug: v8:12276 Change-Id: Icfd54d07d2705063d115969964d3ff51ceeab677 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3204969 Reviewed-by: Michael Achenbach <machenbach@chromium.org> Owners-Override: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/branch-heads/9.3@{v8#40} Cr-Branched-From: 7744dce-refs/heads/9.3.345@{#1} Cr-Branched-From: 4b6b4ca-refs/heads/master@{#75728}

TBR=v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com Change-Id: I5263074cd96adf3c9e57f9726fd190c5810a0929 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2837256 Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/branch-heads/9.0@{v8#40} Cr-Branched-From: bd0108b-refs/heads/9.0.257@{#1} Cr-Branched-From: 349bcc6-refs/heads/master@{#73001}

This runtime function behaves like StoreDataPropertyInLiteral, except it can throw, since it's also used for defining public class fields. Unlike the literal use case, class field can end up throwing due to field initializers doing things like freezing the instance. Bug: chromium:1264828 (cherry picked from commit 1cc12b2) Change-Id: I3ea4d15ad9b906c26763f022c8e22b757fa80b6c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3401871 Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Shu-yu Guo <syg@chromium.org> Commit-Queue: Lutz Vahl <vahl@chromium.org> Cr-Commit-Position: refs/branch-heads/9.7@{v8#40} Cr-Branched-From: 49162da-refs/heads/9.7.106@{#1} Cr-Branched-From: a7e9b8f-refs/heads/main@{#77674}

Preparing for tail call is usually done by emitting the gap moves and then moving the stack pointer to its new position. An optimization consists in moving the stack pointer first and transforming some of the moves into pushes. In the attached case it looks like this (arm): 138 add sp, sp, v8#40 13c str r6, [sp, #-4]! 140 str r6, [sp, #-4]! 144 str r6, [sp, #-4]! 148 str r6, [sp, #-4]! 14c str r6, [sp, #-4]! ... 160 vldr d1, [sp - 4*3] The last line is a gap reload, but because the stack pointer was already moved, the slot is now below the stack pointer. This is invalid and triggers this DCHECK: Fatal error in ../../v8/src/codegen/arm/assembler-arm.cc, line 402 Debug check failed: 0 <= offset (0 vs. -12). A comment already explains that we skip the optimization if the gap contains stack moves to prevent this, but the code only checks for non-FP slots. This is fixed by replacing "source.IsStackSlot()" with "source.IsAnyStackSlot()": 108 vldr d1, [sp + 4*2] ... 118 str r0, [sp, #+36] 11c str r0, [sp, #+32] 120 str r0, [sp, #+28] 124 str r0, [sp, #+24] 128 str r0, [sp, #+20] ... 134 add sp, sp, v8#20 TBR=jgruber@chromium.org (cherry picked from commit 7506e06) Change-Id: I34e3a693e3e25c19ae0ab8f7ac48c156a027ae72 No-Try: true No-Presubmit: true No-Tree-Checks: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2492328 Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/branch-heads/8.7@{v8#16} Cr-Branched-From: 0d81cd7-refs/heads/8.7.220@{#1} Cr-Branched-From: 942c2ef-refs/heads/master@{#70196}

TBR=v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com Change-Id: I2ae09618248a2fd8b4418ea44d543e823872d8f1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2526732 Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/branch-heads/8.7@{v8#40} Cr-Branched-From: 0d81cd7-refs/heads/8.7.220@{#1} Cr-Branched-From: 942c2ef-refs/heads/master@{#70196}

Change-Id: I32ebbfae75d4d12ec6e79cd7a2565fdbf037f411 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4341963 Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/branch-heads/11.0@{v8#40} Cr-Branched-From: 06097c6-refs/heads/11.0.226@{#1} Cr-Branched-From: 6bf3344-refs/heads/main@{#84857}

Change-Id: I9491f040f931792512c7f5fdcaf5563f0c30902b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4081593 Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/branch-heads/10.2@{v8#40} Cr-Branched-From: 374091f-refs/heads/10.2.154@{#1} Cr-Branched-From: f0c353f-refs/heads/main@{#79976}

Change-Id: Iaafa7f03c2335172fdf20c6e0e0ba3d8dfa472c6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4490448 Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/branch-heads/11.2@{v8#40} Cr-Branched-From: 755511a-refs/heads/11.2.214@{#1} Cr-Branched-From: e6b1cce-refs/heads/main@{#86014}

Change-Id: Iec533bd3c170a19ce8aebeb1843daa33eba9c084 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3943919 Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/branch-heads/10.6@{v8#40} Cr-Branched-From: 41bc743-refs/heads/10.6.194@{#1} Cr-Branched-From: d5f29b9-refs/heads/main@{#82548}

The inlined version of Array.At was only checking the kind of the maps, rather than the maps themselves. When the feedback was containing an array map that "supports_fast_array_iteration", then its kind was added to the list of supported kinds. If this Array.at was later called with a non-array map with the same kind, then the object would be wrongly treated as an array. This is now fixed: inlining Array.at checks the maps directly rather than only their kinds. Bug: chromium:1377775 (cherry picked from commit 0ce2731) Change-Id: I36fc5cbf4d2aebbd364b41d2caaee4beea956a36 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3990746 Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Darius Mercadier <dmercadier@chromium.org> Cr-Commit-Position: refs/branch-heads/10.7@{v8#40} Cr-Branched-From: 4d2145c-refs/heads/10.7.193@{#1} Cr-Branched-From: 9521696-refs/heads/main@{#83201}

Change-Id: I88d382c70f79299058b33f36a9d719b4d0417c9d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4599870 Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/branch-heads/11.4@{v8#40} Cr-Branched-From: 8a8a1e7-refs/heads/11.4.183@{#1} Cr-Branched-From: 5483d8e-refs/heads/main@{#87241}

Change-Id: Icb48a462d3c8a84636b9b16a8a5af2e44a03bd7c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4710823 Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/branch-heads/11.5@{v8#40} Cr-Branched-From: 0c4044b-refs/heads/11.5.150@{#1} Cr-Branched-From: b71d303-refs/heads/main@{#87781}

Change-Id: Id755bbd94d466c30dda5be7ad0ce981a4aab3270 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4897389 Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/branch-heads/11.7@{v8#40} Cr-Branched-From: fe60869-refs/heads/11.7.439@{#1} Cr-Branched-From: aeb4552-refs/heads/main@{#89415}

Change-Id: If5fd6cecad694353b137b06f0bde1da3a495011b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5177897 Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/branch-heads/12.1@{v8#40} Cr-Branched-From: b74ef6f-refs/heads/12.1.285@{#1} Cr-Branched-From: 32857fb-refs/heads/main@{#91313}

Protected instructions do not emit a safepoint, except in debug code. Hence we should not use a previously defined safepoint which might have tagged spill slots which are not valid any more at the protected instruction. R=ahaas@chromium.org (cherry picked from commit 955d197) Bug: 325866363 Change-Id: I67e3dd8489bd4d61a63764dac32b4bb9e5c28828 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5317578 Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/branch-heads/12.2@{#40} Cr-Branched-From: 6eb5a96-refs/heads/12.2.281@{#1} Cr-Branched-From: 44cf56d-refs/heads/main@{#91934}

This CL fixes a use-after-free of the InspectorSession. This can happen for workers since they are killed (and the DevToolsSession detached) during an interrupt. The problem is that we might have already entered the inspector and the inspector entered JavaScript land. This could mean that we detach a session on which we are currently operating on (e.g. building a console message to send it to the frontend). The fix is to postpone interrupts until after we are done building console messages so we don't lose the DevTools session half-way through it. R=dsv@chromium.org (cherry picked from commit 41dd803) (cherry picked from commit 72c073c) Fixed: b:323813642 Change-Id: I495d926830bc0ed129b0632d454b2d94f3123180 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5280692 Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Auto-Submit: Simon Zünd <szuend@chromium.org> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Commit-Queue: Simon Zünd <szuend@chromium.org> Cr-Original-Commit-Position: refs/branch-heads/12.2@{#26} Cr-Original-Branched-From: 6eb5a96-refs/heads/12.2.281@{#1} Cr-Original-Branched-From: 44cf56d-refs/heads/main@{#91934} Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5362664 Commit-Queue: Zakhar Voit <voit@google.com> Reviewed-by: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/branch-heads/12.0@{#40} Cr-Branched-From: ed7b4ca-refs/heads/12.0.267@{#1} Cr-Branched-From: 210e75b-refs/heads/main@{#90651}

backes closed this Mar 25, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

#v8.dll.txt #40

#v8.dll.txt #40

xiaoyaocode163 commented Mar 25, 2020

googlebot commented Mar 25, 2020

#v8.dll.txt #40

#v8.dll.txt #40

Conversation

xiaoyaocode163 commented Mar 25, 2020

googlebot commented Mar 25, 2020

What to do if you already signed the CLA

Individual signers

Corporate signers