- 26 Oct, 2016 25 commits
-
-
bbudge authored
- Modifies RegisterConfiguration to specify complex aliasing on ARM 32. - Modifies RegisterAllocator to consider aliasing. - Modifies ParallelMove::PrepareInsertAfter to handle aliasing. - Modifies GapResolver to split wider register moves when interference with smaller moves is detected. - Modifies MoveOptimizer to handle aliasing. - Adds ARM 32 macro-assembler pseudo move instructions to handle cases where split moves don't correspond to actual s-registers. - Modifies CodeGenerator::AssembleMove and AssembleSwap to handle moves of different widths, and moves involving pseudo-s-registers. - Adds unit tests for FP operand interference checking and PrepareInsertAfter. - Adds more tests of FP for the move optimizer and register allocator. LOG=N BUG=v8:4124 Review-Url: https://codereview.chromium.org/2410673002 Cr-Commit-Position: refs/heads/master@{#40597}
-
clemensh authored
Just stumbled across this while doing https://codereview.chromium.org/2457433002/ R=mstarzinger@chromium.org Review-Url: https://codereview.chromium.org/2449103006 Cr-Commit-Position: refs/heads/master@{#40596}
-
rmcilroy authored
Removes the need for a CanonicalHandleScope for parsing and renumbering phases when using Ignition. Since AST strings are canonicalized by the AST value factory, we only need to make sure we use the same canonical handles for any other handles we add to the bytecode generator. This avoids a regression when enabling Ignition for all Turbofan code, and improves CodeLoad on for Ignition by about 5%. BUG=v8:4280 Review-Url: https://codereview.chromium.org/2448323004 Cr-Commit-Position: refs/heads/master@{#40595}
-
neis authored
For instance, when an import cannot be resolved, actually point at the corresponding import statement. BUG=v8:1569 Review-Url: https://codereview.chromium.org/2451153002 Cr-Commit-Position: refs/heads/master@{#40594}
-
bjaideep authored
Port df981a9f Original commit message: The meaning of the HValue::kAllowUndefinedAsNaN is actually ToNumber conversion (except for the uses in HBranch and HCompareHoleAndBranch, which were confusing and useless anyways), so fix the naming to match that. Also properly integrate the handling of this flag with the existing truncation analysis that is run as part of the representation changes phase (i.e. where we already deal with truncating to int32 and smi). This is done in preparation of allowing Crankshaft to handle any kind of Oddball in the ToNumber truncation, instead of just undefined for truncation ToNumber and undefined or boolean for ToInt32. It also helps to make Crankshaft somewhat more compatible with the (saner) implementation in TurboFan. R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com BUG= LOG=N Review-Url: https://codereview.chromium.org/2449373002 Cr-Commit-Position: refs/heads/master@{#40593}
-
bmeurer authored
For global object property cells, we did not check that the map on the previous object is still the same for which we actually optimized. So the optimized code was not in sync with the actual state of the property cell. When loading from such a global object property cell, Crankshaft optimizes away any map checks (based on the stable map assumption), leading to arbitrary memory access in the worst case. TurboFan has the same bug for stores, but is safe on loads because we do appropriate map checks there. However mixing TurboFan and Crankshaft still exposes the bug. R=yangguo@chromium.org BUG=chromium:659475 Review-Url: https://codereview.chromium.org/2444233004 Cr-Commit-Position: refs/heads/master@{#40592}
-
gsathya authored
RejectPromise is always called on a pending promise making this a redundant check. BUG=v8:5343 Review-Url: https://codereview.chromium.org/2446113007 Cr-Commit-Position: refs/heads/master@{#40591}
-
mstarzinger authored
The TurboFan backends currently don't support tail-calls to CPP builtins because the semantics of kJavaScriptCallArgCountRegister has different semantics for stub call descriptors versus JavaScript call descriptors. This is actually a short-coming of the backends and follow-up work will make the backends more robust in that regard to fail hard on unsupported constructs like that. This just disables the lowering creating such a tail-call. R=bmeurer@chromium.org BUG=chromium:658691 TEST=mjsunit/regress/regress-crbug-658691 Review-Url: https://codereview.chromium.org/2447383002 Cr-Commit-Position: refs/heads/master@{#40590}
-
gsathya authored
This patch replaces it with calls to the runtime function and PromiseSet. This allows us to move PromiseReject to C++ without regressions. BUG=v8:5343 Review-Url: https://codereview.chromium.org/2451133002 Cr-Commit-Position: refs/heads/master@{#40589}
-
machenbach authored
Revert of [heap] Uncommit marking deque in concurrent task. (patchset #7 id:120001 of https://codereview.chromium.org/2442443003/ ) Reason for revert: Seems to break the world, e.g.: https://build.chromium.org/p/client.v8/builders/V8%20Linux/builds/14118 Original issue's description: > [heap] Uncommit marking deque in concurrent task. > > BUG= TBR=mlippautz@chromium.org,ulan@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG= Review-Url: https://codereview.chromium.org/2454693002 Cr-Commit-Position: refs/heads/master@{#40588}
-
cbruni authored
R=jochen@chromium.org NOTRY=true BUG= Review-Url: https://codereview.chromium.org/2452013002 Cr-Commit-Position: refs/heads/master@{#40587}
-
ahaas authored
BUG=chromium:658057 R=titzer@chromium.org Review-Url: https://codereview.chromium.org/2446593002 Cr-Commit-Position: refs/heads/master@{#40586}
-
ulan authored
BUG= Review-Url: https://codereview.chromium.org/2442443003 Cr-Commit-Position: refs/heads/master@{#40585}
-
neis authored
R=adamk@chromium.org BUG= Review-Url: https://codereview.chromium.org/2452543003 Cr-Commit-Position: refs/heads/master@{#40584}
-
mstarzinger authored
The tail-call operator for invoking a JSFunction object from within stub code has been dead for a while and untested by now. This removes support for such a construct. R=bmeurer@chromium.org Review-Url: https://codereview.chromium.org/2452943002 Cr-Commit-Position: refs/heads/master@{#40583}
-
bmeurer authored
Revert of [compiler] Properly validate stable map assumption for globals. (patchset #3 id:40001 of https://codereview.chromium.org/2444233004/ ) Reason for revert: Breaks tree: http://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/8789 Original issue's description: > [compiler] Properly validate stable map assumption for globals. > > For global object property cells, we did not check that the map on the > previous object is still the same for which we actually optimized. So > the optimized code was not in sync with the actual state of the property > cell. When loading from such a global object property cell, Crankshaft > optimizes away any map checks (based on the stable map assumption), > leading to arbitrary memory access in the worst case. > > TurboFan has the same bug for stores, but is safe on loads because we > do appropriate map checks there. However mixing TurboFan and Crankshaft > still exposes the bug. > > R=yangguo@chromium.org > BUG=chromium:659475 TBR=yangguo@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=chromium:659475 Review-Url: https://codereview.chromium.org/2454513003 Cr-Commit-Position: refs/heads/master@{#40582}
-
verwaest authored
BUG= Review-Url: https://codereview.chromium.org/2449223002 Cr-Commit-Position: refs/heads/master@{#40581}
-
machenbach authored
The original reason for the extra output on windows is obsolete since a while. Now the extra output just spams the logs and causes traffic. BUG=chromium:485932 Review-Url: https://codereview.chromium.org/2452763003 Cr-Commit-Position: refs/heads/master@{#40580}
-
neis authored
Native setters (see AccessorInfo in accessors.h) didn't have the ability to return a result value. As a consequence of this, for instance, Reflect.set on the length property of arrays had the wrong behavior: var y = []; Object.defineProperty(y, 0, {value: 42, configurable: false}) Reflect.set(y, 'length', 0) The Reflect.set call used to return true. Now it returns false as required by the spec. BUG=v8:5401 Review-Url: https://codereview.chromium.org/2397603003 Cr-Commit-Position: refs/heads/master@{#40579}
-
bmeurer authored
For global object property cells, we did not check that the map on the previous object is still the same for which we actually optimized. So the optimized code was not in sync with the actual state of the property cell. When loading from such a global object property cell, Crankshaft optimizes away any map checks (based on the stable map assumption), leading to arbitrary memory access in the worst case. TurboFan has the same bug for stores, but is safe on loads because we do appropriate map checks there. However mixing TurboFan and Crankshaft still exposes the bug. R=yangguo@chromium.org BUG=chromium:659475 Review-Url: https://codereview.chromium.org/2444233004 Cr-Commit-Position: refs/heads/master@{#40578}
-
bmeurer authored
The meaning of the HValue::kAllowUndefinedAsNaN is actually ToNumber conversion (except for the uses in HBranch and HCompareHoleAndBranch, which were confusing and useless anyways), so fix the naming to match that. Also properly integrate the handling of this flag with the existing truncation analysis that is run as part of the representation changes phase (i.e. where we already deal with truncating to int32 and smi). This is done in preparation of allowing Crankshaft to handle any kind of Oddball in the ToNumber truncation, instead of just undefined for truncation ToNumber and undefined or boolean for ToInt32. It also helps to make Crankshaft somewhat more compatible with the (saner) implementation in TurboFan. R=yangguo@chromium.org BUG=v8:5400 Review-Url: https://codereview.chromium.org/2449353002 Cr-Commit-Position: refs/heads/master@{#40577}
-
cbruni authored
Fix failing assertions in the CodeStubAssembler that cause Object.create(null, global) fail. Drive-by-fix: convert some Assert to CSA_ASSERT. BUG=chromium:657692 Review-Url: https://codereview.chromium.org/2446203003 Cr-Commit-Position: refs/heads/master@{#40576}
-
cbruni authored
All uses of NeanderObject have been replaced by FixedArrays. BUG= Review-Url: https://codereview.chromium.org/2447123002 Cr-Commit-Position: refs/heads/master@{#40575}
-
cbruni authored
A GC might cause the just created dictionary object to have an invalid backing store, which breaks heap verification. BUG=chromium:659088 Review-Url: https://codereview.chromium.org/2452653002 Cr-Commit-Position: refs/heads/master@{#40574}
-
bmeurer authored
For Math builtins that likely yield double results, i.e. Math.sin, Math.cos and friends, don't bother trying to canonicalize the result to Smi. The rationale behind this is that other parts of V8 use the HeapNumber representation as a hint to assume that certain values should be represented as double (i.e. for the array elements kind and for double field tracking). This way the chance that we make the ideal decision early on is better. For Math.abs we establish the contract that if the input value is a Smi, then we try hard to return a Smi (doesn't work for minimal Smi value), otherwise we preserve the HeapNumberness of the input. Same for the generic Add, Subtract, Multiply, etc. code stubs. R=yangguo@chromium.org Review-Url: https://codereview.chromium.org/2451973003 Cr-Commit-Position: refs/heads/master@{#40573}
-
- 25 Oct, 2016 15 commits
-
-
aseemgarg authored
BUG=chromium:658426 R=ahaas@chromium.org,titzer@chromium.org,gdeepti@chromium.org Review-Url: https://codereview.chromium.org/2447683004 Cr-Commit-Position: refs/heads/master@{#40572}
-
mtrofin authored
Simple "Print" API for the compiler graph. BUG= Review-Url: https://codereview.chromium.org/2447993002 Cr-Commit-Position: refs/heads/master@{#40571}
-
gsathya authored
This causes a 3.1% regression because we unconditionally call out to a runtime function. This patch refactors out most of EnqueuePromiseReactionJob runtime function into a separate function. BUG=v8:5343 Review-Url: https://codereview.chromium.org/2449053003 Cr-Commit-Position: refs/heads/master@{#40570}
-
ulan authored
This reverts commit 59fb0956. BUG=chromium:658718 Review-Url: https://codereview.chromium.org/2445283003 Cr-Commit-Position: refs/heads/master@{#40569}
-
georgia.kouveli authored
Emit the compare and branch on zero (CBZ) instruction when possible for deoptimisations, as we do for normal branches. BUG= Review-Url: https://codereview.chromium.org/2448113002 Cr-Commit-Position: refs/heads/master@{#40568}
-
ivica.bogosavljevic authored
Port dc6b5109 BUG= Review-Url: https://codereview.chromium.org/2437593006 Cr-Commit-Position: refs/heads/master@{#40567}
-
neis authored
Setting variables is not yet implemented. R=adamk@chromium.org BUG=v8:1569 Review-Url: https://codereview.chromium.org/2445683002 Cr-Commit-Position: refs/heads/master@{#40566}
-
ishell authored
BUG=v8:5561 Review-Url: https://codereview.chromium.org/2446983002 Cr-Commit-Position: refs/heads/master@{#40565}
-
machenbach authored
Revert of [modules] Add partial support for debug-scopes. (patchset #1 id:1 of https://codereview.chromium.org/2445683002/ ) Reason for revert: Breaks https://build.chromium.org/p/client.v8/builders/V8%20Mac%20GC%20Stress/builds/9349 Original issue's description: > [modules] Add partial support for debug-scopes. > > Setting variables is not yet implemented.. > > R=adamk@chromium.org > BUG=v8:1569 TBR=adamk@chromium.org,yangguo@chromium.org,neis@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=v8:1569 Review-Url: https://codereview.chromium.org/2449883002 Cr-Commit-Position: refs/heads/master@{#40564}
-
leszeks authored
This lets us investigate regressions caused by this marking while letting others continue their work without being impacted. BUG=v8:5512 Review-Url: https://codereview.chromium.org/2446673002 Cr-Commit-Position: refs/heads/master@{#40563}
-
gsathya authored
Removes PromiseEnqueue and moves debugging code to a separate function which gets called when the debugger is active. BUG=v8:5343 Review-Url: https://codereview.chromium.org/2450763002 Cr-Commit-Position: refs/heads/master@{#40562}
-
verwaest authored
BUG= Review-Url: https://codereview.chromium.org/2446993002 Cr-Commit-Position: refs/heads/master@{#40561}
-
jochen authored
BUG=v8:5557 R=cbruni@chromium.org Review-Url: https://codereview.chromium.org/2448473002 Cr-Commit-Position: refs/heads/master@{#40560}
-
neis authored
Setting variables is not yet implemented.. R=adamk@chromium.org BUG=v8:1569 Review-Url: https://codereview.chromium.org/2445683002 Cr-Commit-Position: refs/heads/master@{#40559}
-
mstarzinger authored
This is a partial revert of 438c5eb2 to avoid huge increases in testing times due to expensive bytecode handler generation in debug modes. The additional coverage does not warrant a 2x to 3x increase in testing time at the moment. We can revisit this later. TBR=rmcilroy@chromium.org NOTREECHECKS=true NOTRY=true Review-Url: https://codereview.chromium.org/2445403002 Cr-Commit-Position: refs/heads/master@{#40558}
-