- 07 Oct, 2015 17 commits
-
-
mstarzinger authored
This separates the core machinery and the heuristics involved with inlining functions calls. So far the heuristic only respects our %SetForceInlineFlag hint, but it will the place where general inlining heuristics can live without impeding clarity of the core machinery. R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/1391903002 Cr-Commit-Position: refs/heads/master@{#31150}
-
mlippautz authored
Untangles committed memory from capacity in a given space and unifies accounting for all spaces. Pre-work for parallel compaction. R=hpayer@chromium.org BUG=chromium:524425 LOG=N Review URL: https://codereview.chromium.org/1388383002 Cr-Commit-Position: refs/heads/master@{#31149}
-
bmeurer authored
Introduce a new JSGlobalSpecialization advanced reducer that runs during the initial inlining and context specialization, and specializes the graph to the globals of the native context. Currently we assume that we do not inline cross native context, but long-term we will grab the global object from the JSLoadGlobal/JSStoreGlobal feedback (with the new global load/store ICs that are currently in the workings), and then this whole specialization will be fully compositional even across cross-context inlining. Note that we cannot really handle most of the stores to global object property cells because TurboFan doesn't have a mechanism to enforce certain representations. Also note that we cannot yet fully benefit from the type feedback collected on the global object property cells, because the type system cannot deal with maps in a reasonable way. CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_rel R=jarin@chromium.org BUG=v8:4470 LOG=n Committed: https://crrev.com/6fbf7903f94924ea066af481719898bd9667b6eb Cr-Commit-Position: refs/heads/master@{#31139} Review URL: https://codereview.chromium.org/1387393002 Cr-Commit-Position: refs/heads/master@{#31148}
-
Benedikt Meurer authored
This seems to be triggered now with global object specialization. TEST=mjsunit/regress/regress-crbug-450960 TBR=mstarzinger@chromium.org BUG=v8:4195 LOG=n Review URL: https://codereview.chromium.org/1388403002 . Cr-Commit-Position: refs/heads/master@{#31147}
-
neis authored
- Reflect.deleteProperty - Reflect.get - Reflect.has - Reflect.isExtensible Reflect.get doesn't support the receiver argument yet, and some of the others don't support proxies yet. R=rossberg BUG=v8:3931 LOG=n Review URL: https://codereview.chromium.org/1379313002 Cr-Commit-Position: refs/heads/master@{#31146}
-
bmeurer authored
R=mstarzinger@chromium.org BUG=chromium:540593 LOG=n Review URL: https://codereview.chromium.org/1395453002 Cr-Commit-Position: refs/heads/master@{#31145}
-
bmeurer authored
Revert of [turbofan] Add initial support for global specialization. (patchset #4 id:60001 of https://codereview.chromium.org/1387393002/ ) Reason for revert: Breaks GC stress: http://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/1984/steps/Bisect%20c5528ac1.Retry/logs/regress-crbug-450960 Original issue's description: > [turbofan] Add initial support for global specialization. > > Introduce a new JSGlobalSpecialization advanced reducer that runs > during the initial inlining and context specialization, and specializes > the graph to the globals of the native context. Currently we assume > that we do not inline cross native context, but long-term we will grab > the global object from the JSLoadGlobal/JSStoreGlobal feedback (with the > new global load/store ICs that are currently in the workings), and then > this whole specialization will be fully compositional even across > cross-context inlining. > > Note that we cannot really handle most of the stores to global object > property cells because TurboFan doesn't have a mechanism to enforce > certain representations. Also note that we cannot yet fully benefit > from the type feedback collected on the global object property cells, > because the type system cannot deal with maps in a reasonable way. > > CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_rel > R=jarin@chromium.org > BUG=v8:4470 > LOG=n > > Committed: https://crrev.com/6fbf7903f94924ea066af481719898bd9667b6eb > Cr-Commit-Position: refs/heads/master@{#31139} TBR=jarin@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=v8:4470 Review URL: https://codereview.chromium.org/1390073004 Cr-Commit-Position: refs/heads/master@{#31144}
-
ishell authored
Thus TypeFeedbackMetadata can now be shared between different native contexts. Review URL: https://codereview.chromium.org/1384673002 Cr-Commit-Position: refs/heads/master@{#31143}
-
rmcilroy authored
Adds support for compiling top level code to bytecode to be run in the interpreter. Also moves PassesFilter to String:: so that it can be used to filter top level script names as well as functions (used in https://codereview.chromium.org/1379093002/) BUG=v8:4280 LOG=N Review URL: https://codereview.chromium.org/1372293005 Cr-Commit-Position: refs/heads/master@{#31142}
-
machenbach authored
NOTRY=true Review URL: https://codereview.chromium.org/1394453002 Cr-Commit-Position: refs/heads/master@{#31141}
-
hablich authored
The roll ref is no longer used because we simply roll the lkgr ref. LOG=N NOTRY=true R=machenbach@chromium.org Review URL: https://codereview.chromium.org/1391153002 Cr-Commit-Position: refs/heads/master@{#31140}
-
bmeurer authored
Introduce a new JSGlobalSpecialization advanced reducer that runs during the initial inlining and context specialization, and specializes the graph to the globals of the native context. Currently we assume that we do not inline cross native context, but long-term we will grab the global object from the JSLoadGlobal/JSStoreGlobal feedback (with the new global load/store ICs that are currently in the workings), and then this whole specialization will be fully compositional even across cross-context inlining. Note that we cannot really handle most of the stores to global object property cells because TurboFan doesn't have a mechanism to enforce certain representations. Also note that we cannot yet fully benefit from the type feedback collected on the global object property cells, because the type system cannot deal with maps in a reasonable way. CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_rel R=jarin@chromium.org BUG=v8:4470 LOG=n Review URL: https://codereview.chromium.org/1387393002 Cr-Commit-Position: refs/heads/master@{#31139}
-
bmeurer authored
R=jarin@chromium.org Review URL: https://codereview.chromium.org/1388343002 Cr-Commit-Position: refs/heads/master@{#31138}
-
jkummerow authored
Revert of improve perf_basic_prof filename reporting (patchset #1 id:1 of https://codereview.chromium.org/1388543002/ ) Reason for revert: Suspected to cause crbug.com/539892 Original issue's description: > improve perf_basic_prof filename reporting > > The buffer used for appending filenames to the string printed to the > perf_basic_prof log was unnecessarily too small. Bump it up to be at least > kUtf8BufferSize. > > Truncation of filenames makes it really hard to work with profiles gathered on > Node.js. Because of the way Node.js works, you can have node module dependencies > in deeply nested directories. The last thing you want when investigating a > performance problem is to have script names be truncated. > > This patch is a stop-gap. Ideally, I want no truncation of the filename at all > and use a dynamically growing buffer. That would be a larger change, and I > wanted to have a quick fix available that can be back-ported to Node.js LTS > release. > > R=yangguo@chromium.org,yurys@chromium.org > BUG= > > Committed: https://crrev.com/03ef3cd004c2fd31ae7e48772f106df67b8c2feb > Cr-Commit-Position: refs/heads/master@{#31092} TBR=yangguo@chromium.org,yurys@chromium.org,ofrobots@google.com NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG= Review URL: https://codereview.chromium.org/1390923004 Cr-Commit-Position: refs/heads/master@{#31137}
-
hpayer authored
BUG= Review URL: https://codereview.chromium.org/1393833002 Cr-Commit-Position: refs/heads/master@{#31136}
-
bmeurer authored
Optimizing global constants such as "NaN", "Infinity" and "undefined" is best performed during graph building. Then the optimization and lowering passes only need to deal with real loads in case of JSLoadGlobal. R=mstarzinger@chromium.org BUG=v8:4470 LOG=n Review URL: https://codereview.chromium.org/1384953002 Cr-Commit-Position: refs/heads/master@{#31135}
-
rmcilroy authored
Adds support for strict mode load / store ICs and cleans up BinaryOp and CompareOp to only trigger an UNIMPLEMENTED abort if called with STRONG mode (which is the only language mode which has different compare/binary ops. BUG=v8:4280 LOG=N Review URL: https://codereview.chromium.org/1385623002 Cr-Commit-Position: refs/heads/master@{#31134}
-
- 06 Oct, 2015 16 commits
-
-
erikcorry authored
R=yangguo@chromium.org BUG= Review URL: https://codereview.chromium.org/1378693004 Cr-Commit-Position: refs/heads/master@{#31133}
-
caitpotter88 authored
As discussed, shipping early in the M48 branch will likely have greater exposure than staging, in order to find any remaining bugs with this feature, and provides plenty of time to unship if needed. BUG= LOG=N R=adamk@chromium.org, wingo@chromium.org, rossberg@chromium.org Review URL: https://codereview.chromium.org/1391643003 Cr-Commit-Position: refs/heads/master@{#31132}
-
caitpotter88 authored
Symbols marked as "well-known" now return an undefined value when loaded with a failed access check, instead of throwing. Currently, only @@isConcatSpreadable is marked as well-known, until the correct behaviour is properly specified. BUG=v8:4289, 507553 LOG=N R=adamk@chromium.org, jochen@chromium.org, verwaest@chromium.org Review URL: https://codereview.chromium.org/1230793002 Cr-Commit-Position: refs/heads/master@{#31131}
-
machenbach authored
Revert of Changed scavenge GC to collect unmodified references (patchset #9 id:160001 of https://codereview.chromium.org/1358703003/ ) Reason for revert: [Sheriff] Speculative revert due to crbug.com/539814 Original issue's description: > Changed scavenge GC to collect unmodified references > > Added a scavenge GC pass that collects unmodified references instead of > processing object groups. This mode can be controlled by setting > FLAG_scavenge_remove_unmodified_objects. By default this is turned off. > Also, modified a test case to suit the handle the new GC pass. > > BUG=v8:4421 > LOG=N > > Committed: https://crrev.com/6254019238a853c9f3c09d615ba153043f6957c7 > Cr-Commit-Position: refs/heads/master@{#31102} TBR=jochen@chromium.org,rmcilroy@chromium.org,mythria@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=v8:4421,chromium:539814 Review URL: https://codereview.chromium.org/1388133002 Cr-Commit-Position: refs/heads/master@{#31130}
-
machenbach authored
Revert of [heap] Prepare code for smaller large object allocation limit than max allocatable memory. (patchset #10 id:180001 of https://codereview.chromium.org/1361853005/ ) Reason for revert: [Sheriff] Need to revert for reverting https://codereview.chromium.org/1358703003/ Original issue's description: > [heap] Prepare heap for smaller large object allocation limit than max allocatable memory. > > BUG=chromium:524425 > LOG=n > > Committed: https://crrev.com/c2bce747993c445daf78975392e587bff20c6677 > Cr-Commit-Position: refs/heads/master@{#31107} TBR=mlippautz@chromium.org,mstarzinger@chromium.org,hpayer@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=chromium:524425 Review URL: https://codereview.chromium.org/1376413005 Cr-Commit-Position: refs/heads/master@{#31129}
-
littledan authored
Previously, cases like var [foo] led to a parser crash because the parser tried to do something with the initializer, which was not syntactically present. This patch fixes the parser issue (implicitly creating an undefined initializer) and inserts a check for array destructuring that the right-hand side is coercible to an object, so it can have iterator methods called on it safely. BUG=v8:4462 LOG=Y R=adamk Review URL: https://codereview.chromium.org/1384413002 Cr-Commit-Position: refs/heads/master@{#31128}
-
jschuh authored
ASLR is much weaker in a 2GB address space. Plus the vast majority of 32-bit Windows hosts are XP, which don't have ASLR anyway. So, avoid the fragmentation and skip it in this case. BUG=chromium:394591 LOG=Y R=jochen@chromium.org Review URL: https://codereview.chromium.org/1385023002 Cr-Commit-Position: refs/heads/master@{#31127}
-
mbrandy authored
Port 9c8262f1 Original commit message: When calling into C++ builtins, we need to make sure that the argument count register contains the correct number of arguments, otherwise the CEntryStub will not be able to leave the stack in the correct state. R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com BUG=v8:4413 LOG=n Review URL: https://codereview.chromium.org/1388993002 Cr-Commit-Position: refs/heads/master@{#31126}
-
karl authored
Unwanted promotions resulted into check_eq errors from this CR: https://codereview.chromium.org/1384873002/ http://build.chromium.org/p/client.v8/builders/V8%20Arm/builds/3141/steps/Check/logs/4 Found via -Wdouble-promotion. Review URL: https://codereview.chromium.org/1372133006 Cr-Commit-Position: refs/heads/master@{#31125}
-
oth authored
Implementations and tests for typeof, void, and logical not. Add missing string type to Object::TypeOf. BUG=v8:4280 LOG=NO Review URL: https://codereview.chromium.org/1390483002 Cr-Commit-Position: refs/heads/master@{#31124}
-
rmcilroy authored
Adds an ignition variant to the test runner and adds support to test262 for filtering such that only test scripts (not the test harness) get run by the interpreter. BUG=v8:4280 LOG=N Review URL: https://codereview.chromium.org/1379093002 Cr-Commit-Position: refs/heads/master@{#31123}
-
machenbach authored
This adds the unittests to the "default" test set. Now that the "default" and the DEFAULT_TESTS (i.e. runner with no arguments) are the same, removed DEFAULT_TESTS and use TEST_MAP["default"] instead. On the bots, where unittests and default were run in separation before, the explicit unittests step should now be skipped. This is necessary for swarming, as the unittests step is too small to justify its own swarming job. BUG=chromium:535160 LOG=n Review URL: https://codereview.chromium.org/1374733006 Cr-Commit-Position: refs/heads/master@{#31122}
-
Benedikt Meurer authored
TBR=machenbach@chromium.org Review URL: https://codereview.chromium.org/1377643003 . Cr-Commit-Position: refs/heads/master@{#31121}
-
bmeurer authored
When calling into C++ builtins, we need to make sure that the argument count register contains the correct number of arguments, otherwise the CEntryStub will not be able to leave the stack in the correct state. R=ishell@chromium.org BUG=v8:4413 LOG=n Review URL: https://codereview.chromium.org/1391543002 Cr-Commit-Position: refs/heads/master@{#31120}
-
adamk authored
R=rossberg@chromium.org Review URL: https://codereview.chromium.org/1388813002 Cr-Commit-Position: refs/heads/master@{#31119}
-
v8-autoroll authored
Rolling v8/buildtools to 5fc8d3943e163ee627c8af50366c700c0325bba2 Rolling v8/tools/clang to 6ab82bf7484ae7c06316c095e93b8b0dc6ea806a TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org Review URL: https://codereview.chromium.org/1388043002 Cr-Commit-Position: refs/heads/master@{#31118}
-
- 05 Oct, 2015 7 commits
-
-
littledan authored
Previously, using legacy const in for-of/in loops led to a check-fail in the parser. This was due to the fact that the destructuring bind led to an undefined initialization to undefined in the parser, which caused the for loop code to go down a strange path. This patch eliminates the undefined initialization in variables declared in for-in/of loops, so that that path is not used and the error is fixed. BUG=v8:4461 LOG=Y R=adamk Review URL: https://codereview.chromium.org/1385913003 Cr-Commit-Position: refs/heads/master@{#31117}
-
stefan.penner authored
* Promise.resolve is now works with subclasses * Spec removed [[PromiseConstructor]] now can simply use constructor * Promise.resolve ignores species R=littledan@chromium.org,domenic@chromium.org BUG=v8:4161,v8:4341 LOG=Y Review URL: https://codereview.chromium.org/1362773002 Cr-Commit-Position: refs/heads/master@{#31116}
-
littledan authored
This patch prohibits lexical bindings from being called 'let', even in sloppy mode, following the ES2015 specification. The change affects multiple cases of lexical bindings, including simple let/const declarations and both kinds of for loops. var and legacy const bindings still permit the name to be let, including in destructuring cases. Tests are added to verify, though some cases are commented out since they led to (pre-existing) crashes. BUG=v8:4403 R=adamk LOG=Y Review URL: https://codereview.chromium.org/1371263003 Cr-Commit-Position: refs/heads/master@{#31115}
-
mbrandy authored
Port 5cf1c0bc Original commit message: Previous to this patch, both the lithium and TurboFan register allocators tracked allocated registers by "indices", rather than the register codes used elsewhere in the runtime. This patch ensures that codes are used everywhere, and in the process cleans up a bunch of redundant code and adds more structure to how the set of allocatable registers is defined. Some highlights of changes: * TurboFan's RegisterConfiguration class moved to V8's top level so that it can be shared with Crankshaft. * Various "ToAllocationIndex" and related methods removed. * Code that can be easily shared between Register classes on different platforms is now shared. * The list of allocatable registers on each platform is declared as a list rather than implicitly via the register index <-> code mapping. R=danno@chromium.org, bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com BUG= Review URL: https://codereview.chromium.org/1381383002 Cr-Commit-Position: refs/heads/master@{#31114}
-
hans authored
Clang builds on Windows were failing with: ..\..\v8\src\register-configuration.cc(85,17) : error: unqualified friend declaration referring to type outside of the nearest enclosing namespace is a Microsoft extension; add a nested name specifier [-Werror,-Wmicrosoft-unqualified-friend] friend struct Register; ^ ::v8::internal:: How did it work on non-Windows? The friend declarations were declaring new Register and DoubleRegister structs in the current namespace, instead of refering the existing classes in the outer namespce. The code isn't referencing any private members of these classes anyway, so let's drop the friend declarations. BUG=82385 LOG=n Review URL: https://codereview.chromium.org/1389723002 Cr-Commit-Position: refs/heads/master@{#31113}
-
machenbach authored
Revert of Reland: Introduce a V8_NORETURN macro and use it to make GCC 4.9.2 happy again. (patchset #3 id:40001 of https://codereview.chromium.org/1384873002/ ) Reason for revert: [Sheriff] Breaks the gcc 4.8 bot: http://build.chromium.org/p/client.v8/builders/V8%20Linux%20gcc%204.8/builds/3274 Original issue's description: > Reland: Introduce a V8_NORETURN macro and use it to make GCC 4.9.2 happy again. > > Without that, it has a few false positives about out-of-bounds array accesses. > Also makes the clang static-analyzer happy. > > Original code review from Sven Panne: > https://codereview.chromium.org/790723002/ > > CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_arm_dbg,v8_linux_arm64_dbg,v8_mac64_dbg,v8_win_compile_dbg > > Committed: https://crrev.com/d068574e641e28f05dcde89ddc9a1d0ec6f6f308 > Cr-Commit-Position: refs/heads/master@{#31105} TBR=jochen@chromium.org,bmeurer@chromium.org,karl@skomski.com NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true Review URL: https://codereview.chromium.org/1376113005 Cr-Commit-Position: refs/heads/master@{#31112}
-
julien.gilli authored
The --abort-on-uncaught-exception command line switch makes Isolate::Throw abort if the error being thrown cannot be caught by a try/catch block. Embedders may want to use other mechanisms than try/catch blocks to handle uncaught exceptions. For instance, Node.js has "domain" objects that have error handlers that can handle uncaught exception like following: var d = domain.create(); d.on('error', function onError(err) { console.log('Handling error'); }); d.run(function() { throw new Error("boom"); }); These error handlers are called by isolates' message listeners. If --abort-on-uncaught-exception is *not* used, the isolate's message listener will be called, which will in turn call the domain's error handler. The process will output 'Handling error' and will exit successfully (not due to an uncaught exception). This is the behavior that Node.js users expect. However, if --abort-on-uncaught-exception is used and when throwing an error within a domain that has an error handler, the process will abort and the domain's error handler will not be called. This is not the behavior that Node.js users expect. Having a SetAbortOnUncaughtExceptionCallback API allows embedders to determine when it's not appropriate to abort and instead handle the exception via the isolate's message listener. In the example above, Node.js would set a custom callback with SetAbortOnUncaughtExceptionCallback that would be implemented as following (the sample code has been simplified to remove what's not relevant to this change): bool ShouldAbortOnUncaughtException(Isolate* isolate) { return !IsDomainActive(); } Now when --abort-on-uncaught-exception is used, Isolate::Throw would call that callback and determine that it should not abort if a domain with an error handler is active. Instead, the isolate's message listener would be called and the error would be handled by the domain's error handler. I believe this can also be useful for other embedders. BUG= R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/1375933003 Cr-Commit-Position: refs/heads/master@{#31111}
-