1. 17 Aug, 2016 12 commits
    • jbroman's avatar
      Blink-compatible serialization of dictionary-like objects. · 1031a79f
      jbroman authored
      As part of this CL, object reference tracking is implemented (and tested with a
      self-referential object). This sort of reference tracking will be shared with
      other receivers (array, date, regexp and host objects).
      
      Not included in this CL is compatibility with version-0 objects (which don't
      support a non-tree object graph, and require a little stack to correctly
      deserialize).
      
      BUG=chromium:148757
      
      Review-Url: https://codereview.chromium.org/2246093003
      Cr-Commit-Position: refs/heads/master@{#38683}
      1031a79f
    • epertoso's avatar
      [interpreter] Fixes the collection of type feedback in the bitwise binary operator. · e82f9446
      epertoso authored
      The Smi case was updating the feedback with a bitwise AND instead of a bitwise OR. This was causing feedback that should have been 'kAny' to be erroneusly reported as 'kSignedSmall'.
      
      R=rmcilroy@chromium.org
      
      Review-Url: https://codereview.chromium.org/2251863004
      Cr-Commit-Position: refs/heads/master@{#38682}
      e82f9446
    • mlippautz's avatar
      [heap] Filter slots in map space · 23f61424
      mlippautz authored
      We mark an object allocated as uninitialized. If we happen to have a GC before
      fields of a map are written, msan will observe access to unitialized memory and
      crash.
      
      This also unifies the handling as we now deal with all spaces in the same way.
      In future we could parallelize clearing.
      
      BUG=chromium:638226
      R=hpayer@chromium.org
      
      Review-Url: https://codereview.chromium.org/2251993002
      Cr-Commit-Position: refs/heads/master@{#38681}
      23f61424
    • ivica.bogosavljevic's avatar
      MIPS64: Fix [KeyedLoadIC] Support Smi "handlers" for element loads · 3b7fbafe
      ivica.bogosavljevic authored
      Fix 2cf2eef7
      
      Fix test failures with tests working on external Uint32 arrays. Problem
      started to appear because Uint32 value was compared using Int32 compare
      operators in ChangeUint32ToTagged. On MIPS64. Uint32 value is not sign-
      extended, so upper 32 bits of this value are zero. MIPS64 doesn't have
      Word32Compare instructions but uses Word64Compare instructions in
      combination with properly sign-extended Int32 values.
      
      BUG=cctest/test-api/Uint32Array,cctest/test-api/SharedUint32Array,
      cctest/test-api/FixedUint32Array,mjsunit/compiler/uint32
      
      Review-Url: https://codereview.chromium.org/2231053002
      Cr-Commit-Position: refs/heads/master@{#38680}
      3b7fbafe
    • mstarzinger's avatar
      [test] Relax recursion depth limit in webkit test. · e78a5278
      mstarzinger authored
      R=rmcilroy@chromium.org
      TEST=webkit/fast/js/deep-recursion-test
      
      Review-Url: https://codereview.chromium.org/2254773002
      Cr-Commit-Position: refs/heads/master@{#38679}
      e78a5278
    • mstarzinger's avatar
      [turbofan] Remove representation axis for float64 fields. · 5c6719fc
      mstarzinger authored
      This removes the representation axis from the type of {Load/StoreField}
      operators representing a property load/store. The representation would
      be narrowed to {None} which causes problems for all places where we use
      the type to reason about the value representation. Instead we should
      fully switch to {MachineRepresentation}. This is just a stop-gap fix.
      
      R=jarin@chromium.org
      BUG=chromium:636716
      
      Review-Url: https://codereview.chromium.org/2255533003
      Cr-Commit-Position: refs/heads/master@{#38678}
      5c6719fc
    • vogelheim's avatar
      Scanner::LiteralBuffer usage cleanup. · c677f813
      vogelheim authored
      1, restrict use of LiteralBuffers to the tokens that actually need it.
        - E.g., previously the Token::FUNCTION would have a literal buffer
          containing "function", which was never actually used.
        - This eliminates copies of the string data for every call to
          PeekAhead or SetBookmark.
      2, document & enforce the "secret" Scanner API contract w/ DCHECK
        - Document & check the correspondence of token value and literal buffer.
        - Document & check preconditions for calling PeekAhead, ScanRegExp*,
          ScanTemplate*.
      
      BUG=v8:4947
      
      Review-Url: https://codereview.chromium.org/2240513003
      Cr-Commit-Position: refs/heads/master@{#38677}
      c677f813
    • rmcilroy's avatar
      Avoid accessing Isolate in source position logging. · b8b4a443
      rmcilroy authored
      Now that all backends use the source position builder to record source
      positions, simplify the code line logging events to take a source
      position table on code creation. This means that the source position
      table builder no longer needs to access the isolate until the table is
      generated. This is required for off-thread bytecode generation.
      
      BUG=v8:5203
      
      Review-Url: https://codereview.chromium.org/2248673002
      Cr-Commit-Position: refs/heads/master@{#38676}
      b8b4a443
    • jarin's avatar
      [turbofan] Only do value numbering when types are compatible. · b190d133
      jarin authored
      At the moment, two NumberConstant nodes get different type even if their
      value is the same because we always allocate a new heap number for
      each number constant. This can lead to replacing a node with a node of
      disjoint type in value numbering, which can result in incorrect code
      down the line because of inconsistent types.
      
      This fix makes sure that we only replace a node with a sub-type
      node. Once we introduce a proper type for number constants, we can
      move back to the intersection typing in value numbering.
      
      Unfortunately, it is quite hard to write a repro for this because we cache NumberConstant nodes. We only throw away cached values that have too many conflicts (>5), so the test has to contain values that fall into the same bucket. That's where the magic floating point numbers in the test come from (they have the same low 8-bits of their hashes).
      
      BUG=chromium:633497
      
      Review-Url: https://codereview.chromium.org/2251833002
      Cr-Commit-Position: refs/heads/master@{#38675}
      b190d133
    • ahaas's avatar
      [turbofan] Cleanup for Float64Max and Float64Min. · 4150b5c6
      ahaas authored
      This CL removes the optional operator flag of Float64Max and Float64Min.
      Additionally it renames the instruction codes on x64 and ia32 because
      the old instructions codes (e.g. SSEFloat64Max) do not match the
      generated code anymore.
      
      R=bmeurer@chromium.org
      
      Review-Url: https://codereview.chromium.org/2237813002
      Cr-Commit-Position: refs/heads/master@{#38674}
      4150b5c6
    • marja's avatar
      Scope analysis: DCHECK that we allocate rest_parameter_ only once. · f59c0473
      marja authored
      BUG=v8:5209
      
      Review-Url: https://codereview.chromium.org/2254433002
      Cr-Commit-Position: refs/heads/master@{#38673}
      f59c0473
    • v8-autoroll's avatar
      Update V8 DEPS. · 1c5019e6
      v8-autoroll authored
      Rolling v8/build to 9a1647ec813695da7960692f711a1cebc948d551
      
      Rolling v8/third_party/WebKit/Source/platform/inspector_protocol to b53e3af6bfca3333fc2dd69302dac6667a8c6418
      
      Rolling v8/tools/clang to b5889296bac50b31f1d2806633fe99dfc2b26b54
      
      Rolling v8/tools/mb to c5a112880d83d509e88c01d524c988845a3a3ba6
      
      TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org
      
      Review-Url: https://codereview.chromium.org/2247183004
      Cr-Commit-Position: refs/heads/master@{#38672}
      1c5019e6
  2. 16 Aug, 2016 28 commits