- 17 Dec, 2015 13 commits
-
-
neis authored
- Before getting the length property, we must check for it using [[GetOwnProperty]]. Also, if the obtained length is a number, we must properly convert it to an integer. - In order to get the prototype we must use [[GetPrototypeOf]], and do so before checking the length. R=cbruni@chromium.org, jkummerow@chromium.org BUG=v8:1543 LOG=n Review URL: https://codereview.chromium.org/1530893002 Cr-Commit-Position: refs/heads/master@{#32934}
-
paul.lind authored
Add Ivica B. NOTRY=true Review URL: https://codereview.chromium.org/1525413003 Cr-Commit-Position: refs/heads/master@{#32933}
-
hablich authored
Reason for revert: This causes compatibility issues, as documented in https://bugs.chromium.org/p/v8/issues/detail?id=4617#c9 Original issue's description: > [es6] ship regexp sticky flag. > > R=littledan@chromium.org > BUG=v8:4342 > LOG=Y > > Committed: https://crrev.com/86c2dd4042dc9ce293e004234eb094f2b51d9640 > Cr-Commit-Position: refs/heads/master@{#32826} TBR=yangguo@chromium.org,littledan@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=v8:4342 LOG=Y Review URL: https://codereview.chromium.org/1531243002 Cr-Commit-Position: refs/heads/master@{#32932}
-
mtrofin authored
In a previous incarnation of live range merging, we needed to cache the last child in a chain of live ranges. We don't anymore, so removing unused code. BUG= Review URL: https://codereview.chromium.org/1536523003 Cr-Commit-Position: refs/heads/master@{#32931}
-
mtrofin authored
Decoupled the Print APIs from RegisterAllocationData, and placed them on the various APIs. Way easier to use these at debug time even outside the register allocation pipeline. BUG= Review URL: https://codereview.chromium.org/1528983005 Cr-Commit-Position: refs/heads/master@{#32930}
-
Benedikt Meurer authored
Introduce a new Apply builtin that forms a correct and optimizable foundation for the Function.prototype.apply, Reflect.construct and Reflect.apply builtins (which properly does the PrepareForTailCall as required by the ES2015 spec). The new Apply builtin avoids going to the runtime if it is safe to just access the backing store elements of the argArray, i.e. if you pass a JSArray with no holes, or an unmapped, unmodified sloppy or strict arguments object. mips/mips64 ports by Balazs Kilvady <balazs.kilvady@imgtec.com> CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux64_tsan_rel BUG=v8:4413, v8:4430 LOG=n R=yangguo@chromium.org Committed: https://chromium.googlesource.com/v8/v8/+/e4d2538911f6cb4b626830ccbb3c1f5746542697 Review URL: https://codereview.chromium.org/1523753002 . Cr-Commit-Position: refs/heads/master@{#32929}
-
Benedikt Meurer authored
Revert of [es6] Correct Function.prototype.apply, Reflect.construct and Reflect.apply. (patchset #5 id:80001 of https://codereview.chromium.org/1523753002/ ) Reason for revert: Breaks TSAN somewhow: http://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN/builds/7000 Original issue's description: > [es6] Correct Function.prototype.apply, Reflect.construct and Reflect.apply. > > Introduce a new Apply builtin that forms a correct and optimizable > foundation for the Function.prototype.apply, Reflect.construct and > Reflect.apply builtins (which properly does the PrepareForTailCall > as required by the ES2015 spec). > > The new Apply builtin avoids going to the runtime if it is safe to > just access the backing store elements of the argArray, i.e. if you > pass a JSArray with no holes, or an unmapped, unmodified sloppy or > strict arguments object. > > mips/mips64 ports by Balazs Kilvady <balazs.kilvady@imgtec.com> > > CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel > BUG=v8:4413, v8:4430 > LOG=n > R=yangguo@chromium.org > > Committed: https://chromium.googlesource.com/v8/v8/+/e4d2538911f6cb4b626830ccbb3c1f5746542697 TBR=yangguo@chromium.org,paul.lind@imgtec.com NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=v8:4413, v8:4430 Review URL: https://codereview.chromium.org/1533803002 . Cr-Commit-Position: refs/heads/master@{#32928}
-
Benedikt Meurer authored
Introduce a new Apply builtin that forms a correct and optimizable foundation for the Function.prototype.apply, Reflect.construct and Reflect.apply builtins (which properly does the PrepareForTailCall as required by the ES2015 spec). The new Apply builtin avoids going to the runtime if it is safe to just access the backing store elements of the argArray, i.e. if you pass a JSArray with no holes, or an unmapped, unmodified sloppy or strict arguments object. mips/mips64 ports by Balazs Kilvady <balazs.kilvady@imgtec.com> CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel BUG=v8:4413, v8:4430 LOG=n R=yangguo@chromium.org Review URL: https://codereview.chromium.org/1523753002 . Cr-Commit-Position: refs/heads/master@{#32927}
-
Benedikt Meurer authored
The FIRST-LAST_NONCALLABLE_SPEC_OBJECT_TYPE range was accidentially used in field type tracking, where we should check for JSReceiver instead (there's no need to exclude JSProxy or JSFunction from tracking). And the use in %_ClassOf was actually wrong and didn't match the C++ implementation in JSReceiver::class_name() anymore. Now it's consistent again. R=yangguo@chromium.org BUG=chromium:535408 LOG=n Review URL: https://codereview.chromium.org/1535523003 . Cr-Commit-Position: refs/heads/master@{#32926}
-
Benedikt Meurer authored
There's actually no need to restrict the inline allocation of receivers for class constructors anymore; the relevant issues were addressed in the compiler and runtime several weeks ago. R=yangguo@chromium.org Review URL: https://codereview.chromium.org/1532453004 . Cr-Commit-Position: refs/heads/master@{#32925}
-
zhengxing.li authored
port 2c75e3d2 (r32903) original commit message: We can no longer just walk the prototype chain without doing proper access-checks. When installing a proxy as the __proto__ of the global object we might accidentally end up invoking cross-realm code without access-checks (see proxies-cross-realm-ecxeption.js). BUG= Review URL: https://codereview.chromium.org/1534663002 Cr-Commit-Position: refs/heads/master@{#32924}
-
v8-autoroll authored
Rolling v8/third_party/android_tools to f4c36ad89b2696b37d9cd7ca7d984b691888b188 Rolling v8/tools/clang to 67c5521f1878f7929f8f0afc74b31627b3bbffb3 TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org Review URL: https://codereview.chromium.org/1530413002 Cr-Commit-Position: refs/heads/master@{#32923}
-
zhengxing.li authored
port 025d476c (r32906) original commit message: Adds a slot for the bytecode offset to interpreter stack frames and saves it on calls, and restores after calls. Also fixes RawMachineAssembler::Return() to call MergeControlToEnd. BUG= Review URL: https://codereview.chromium.org/1535613003 Cr-Commit-Position: refs/heads/master@{#32922}
-
- 16 Dec, 2015 27 commits
-
-
balazs.kilvady authored
MIPS: Fix `[proxies] fix access issue when having proxies on the prototype-chain of global objects.` Port 2c75e3d2 Original commit message: We can no longer just walk the prototype chain without doing proper access-checks. When installing a proxy as the __proto__ of the global object we might accidentally end up invoking cross-realm code without access-checks (see proxies-cross-realm-ecxeption.js). BUG= Review URL: https://codereview.chromium.org/1526253006 Cr-Commit-Position: refs/heads/master@{#32921}
-
mbrandy authored
Port 025d476c Original commit message: Adds a slot for the bytecode offset to interpreter stack frames and saves it on calls, and restores after calls. Also fixes RawMachineAssembler::Return() to call MergeControlToEnd. R=rmcilroy@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG=v8:4280 LOG=N Review URL: https://codereview.chromium.org/1531873002 Cr-Commit-Position: refs/heads/master@{#32920}
-
mbrandy authored
Port 97161a29 Original commit message: TryTruncateFloat32ToUint64 converts a float32 to a uint64. Additionally it provides an optional second return value which indicates whether the conversion succeeded (i.e. float32 value was within uint64 range) or not. Additionally I fixed a bug on x64 and mips64 in the implementation of TryTruncateFloat64ToUint64. Cases where the input value was between -1 and 0 were handled incorrectly. R=ahaas@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG= Review URL: https://codereview.chromium.org/1533613002 Cr-Commit-Position: refs/heads/master@{#32919}
-
mbrandy authored
Port 89bb66de Original commit message: Original CL: https://codereview.chromium.org/1375253002/ Implement machine instruction scheduling after instruction selection. R=baptiste.afsa@arm.com, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG= Review URL: https://codereview.chromium.org/1534433004 Cr-Commit-Position: refs/heads/master@{#32918}
-
mbrandy authored
Use appropriate load instruction for 32-bit mode. R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG=v8:3330 LOG=n Review URL: https://codereview.chromium.org/1532673002 Cr-Commit-Position: refs/heads/master@{#32917}
-
mbrandy authored
Port bb2a830d Port 56673804 Original commit messages: MachineType is now a class with two enum fields: - MachineRepresentation - MachineSemantic Both enums are usable on their own, and this change switches some places from using MachineType to use just MachineRepresentation. Most notably: - register allocator now uses just the representation. - Phi and Select nodes only refer to representations. Store nodes use only MachineRepresentation, not MachineType. R=jarin@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG= Review URL: https://codereview.chromium.org/1523373003 Cr-Commit-Position: refs/heads/master@{#32916}
-
mbrandy authored
Port 2c75e3d2 R=cbruni@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG= Review URL: https://codereview.chromium.org/1530233003 Cr-Commit-Position: refs/heads/master@{#32915}
-
mbrandy authored
Port 28261daa Original commit message: This operator now provides a second output which indicates whether the conversion from float32 to int64 was successful or not. The second output returns 0 if the conversion fails, or something else if the conversion succeeds. The second output can be ignored, which means that the operator can be used the same as the original operator. R=ahaas@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG= Review URL: https://codereview.chromium.org/1530273002 Cr-Commit-Position: refs/heads/master@{#32914}
-
mythria authored
Adds support for loading and storing lookup variables. BUG=v8:4280 LOG=N Review URL: https://codereview.chromium.org/1524803003 Cr-Commit-Position: refs/heads/master@{#32913}
-
oth authored
BUG=V8:4280 LOG=N Review URL: https://codereview.chromium.org/1524893003 Cr-Commit-Position: refs/heads/master@{#32912}
-
oth authored
This change adds support for local control flow when building graphs from bytecode. The change ensures loop emitted from the bytecode generator are in natural order so the only back branches are for loops. BUG=v8:4280 LOG=N Review URL: https://codereview.chromium.org/1502243002 Cr-Commit-Position: refs/heads/master@{#32911}
-
mvstanton authored
BUG=chromium:568765 LOG=N R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/1534453002 Cr-Commit-Position: refs/heads/master@{#32910}
-
akodat authored
If many threads use the same Isolate (or many Isolates) and then terminate, their PerIsolateThreadData objects are never cleaned up, resulting in a slow memory leak and, worse, the PerIsolateThreadData chain getting larger and larger, adversely affecting performance. In this situation, embedders will now be encouraged to apply DiscardThreadSpecificMetadata against any Isolate a thread is done with, especially if the thread is about to terminate. Note that it is harmless to run DiscardThreadSpecificMetadata against an Isolate for which a thread has no thread data and per-Isolate thread data can be reestablished if a thread starts using an Isolate again after running DiscardThreadSpecificMetadata against it. It is, however, an embedder error to run DiscardThreadSpecificMetadata against an Isolate in thread with a Locker for the Isolate in the stack or against an Entered Isolate. This change cannot cause any change in behavior in existing apps as the only added coded can only be reached via the new DiscardThreadSpecificMetadata method. R=Jakob, jochen BUG= Review URL: https://codereview.chromium.org/1522703002 Cr-Commit-Position: refs/heads/master@{#32909}
-
ahaas authored
On x64 and arm64 TryTruncateFloatXXToInt64 incorrectly failed when the input was INT64_MIN. R=bradnelson@chromium.org, mstarzinger@chromium.org, v8-arm-ports@googlegroups.com Review URL: https://codereview.chromium.org/1526293002 Cr-Commit-Position: refs/heads/master@{#32908}
-
agrieve authored
BUG=chromium:568883 LOG=n Review URL: https://codereview.chromium.org/1517983002 Cr-Commit-Position: refs/heads/master@{#32907}
-
rmcilroy authored
Adds a slot for the bytecode offset to interpreter stack frames and saves it on calls, and restores after calls. Also fixes RawMachineAssembler::Return() to call MergeControlToEnd. BUG=v8:4280 LOG=N Review URL: https://codereview.chromium.org/1512543002 Cr-Commit-Position: refs/heads/master@{#32906}
-
adamk authored
BUG=v8:811 LOG=y Review URL: https://codereview.chromium.org/1515613009 Cr-Commit-Position: refs/heads/master@{#32905}
-
bmeurer authored
R=verwaest@chromium.org Review URL: https://codereview.chromium.org/1534443002 Cr-Commit-Position: refs/heads/master@{#32904}
-
cbruni authored
We can no longer just walk the prototype chain without doing proper access-checks. When installing a proxy as the __proto__ of the global object we might accidentally end up invoking cross-realm code without access-checks (see proxies-cross-realm-ecxeption.js). Review URL: https://codereview.chromium.org/1521953002 Cr-Commit-Position: refs/heads/master@{#32903}
-
neis authored
We must print "[object Array]" for proxies that satisfy Array.isArray. Cosmetic change on the side: move ObjectProtoToString from JSObject to Object since it deals with arbitrary objects. R=adamk@chromium.org, verwaest@chromium.org BUG=v8:1543 LOG=n Review URL: https://codereview.chromium.org/1526023002 Cr-Commit-Position: refs/heads/master@{#32902}
-
bmeurer authored
Introduce JSCreateIterResultObject operator, as a way to optimize the %_CreateIterResultObject intrinsic, which is used to provide uniform, non-polymorphic result objects for iterators (and generators). We cannot utilize the existing JSCreate operator here, because there's no constructor function for iterator result objects (as required by the spec). R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/1531753002 Cr-Commit-Position: refs/heads/master@{#32901}
-
neis authored
R=rossberg BUG=v8:1543 LOG=n Review URL: https://codereview.chromium.org/1525983002 Cr-Commit-Position: refs/heads/master@{#32900}
-
mlippautz authored
Tests for * aborting a full page. * partially aborting a page. * partially aborting a page with pointers between aborted pages. * partially aborting a page with store buffer entries. Also introduces force_oom() which prohibits a old space to expand BUG=chromium:524425 LOG=N CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_nosnap_rel,v8_linux_nosnap_dbg,v8_win_nosnap_shared_rel,v8_win_nosnap_shared_compile_rel Review URL: https://codereview.chromium.org/1518803005 Cr-Commit-Position: refs/heads/master@{#32899}
-
yangguo authored
R=erik.corry@gmail.com BUG=chromium:570241 LOG=N Review URL: https://codereview.chromium.org/1528333002 Cr-Commit-Position: refs/heads/master@{#32898}
-
yangguo authored
The problem is this: when stepping over a recursive function call, the recursive function is flooded with one-shot break points so that we break after the call, but since the callee is the same function, the callee is also flooded, resulting a break in the callee. That however would have been a "step in" instead of "step over". The original solution was to recognize this by comparing FP. If we end up in Debug::Break, we still have to check the current FP against the remembered FP to see whether we are on the same stack height. If we are deeper, then it's not a "step over", and we do not trigger a debug break event. In that case, we queue up the step-over, and temporarily step out until we hit the desired stack height. Note that in order to step out, we flood the caller, which in our example is the same function as the callee. So we break at every flooded break location, and comparing with FP to make sure we stepped out prevents us from triggering debug break events. The new solution simply ignores breaks when the FP compare fails. We simply carry on until we hit a break where the FP compare succeeds. There is no need to do a step out. The number of calls to Debug::Break that do not trigger a debug break event due to failing FP compare is the same. But the code is a lot easier to read. R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/1527253002 Cr-Commit-Position: refs/heads/master@{#32897}
-
jochen authored
While not really fitting our directory layout, the DEPS entry needs to be at exactly the same position as it is in chromium, otherwise either standalone or chromium build won't work :-/ BUG=none R=machenbach@chromium.org LOG=y Review URL: https://codereview.chromium.org/1526843004 Cr-Commit-Position: refs/heads/master@{#32896}
-
aseemgarg authored
TEST=asm-wasm.js R=titzer@chromium.org,bradnelson@google.com BUG= Review URL: https://codereview.chromium.org/1523843003 Cr-Commit-Position: refs/heads/master@{#32895}
-