- 23 Feb, 2018 39 commits
-
-
Junliang Yan authored
Port 25799516 Original Commit Message: This introduces masking of loads with speculation bit during code generation. At the moment, this is done only under the --branch-load-poisoning flag, and this CL enlarges the set of supported platforms from {x64} to {x64, arm}. Overview of changes: - new register configuration configuration with one register reserved for the speculation poison/mask (kSpeculationPoisonRegister). - in codegen, we introduce an update to the poison register at the starts of all successors of branches (and deopts) that are marked as safety branches (deopts). - in memory optimizer, we lower all field and element loads to PoisonedLoads. - poisoned loads are then masked in codegen with the poison register. * only integer loads are masked at the moment. R=tebbi@chromium.org, joransiu@ca.ibm.com, bjaideep@ca.ibm.com, michael_dawson@ca.ibm.com BUG= LOG=N Change-Id: Idda9bf06133d8999290cda5bcf6333c064b3e6dc Reviewed-on: https://chromium-review.googlesource.com/927163 Commit-Queue: Junliang Yan <jyan@ca.ibm.com> Reviewed-by:
Joran Siu <joransiu@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#51528}
-
Michael Achenbach authored
This reverts commit e234176b. Reason for revert: goma problem fixed Original change's description: > [CQ] Temporarily drop gcc bots from CQ > > NOTRY=true > NOTREECHECKS=true > TBR=yangguo@chromium.org > > Bug: chromium:814810 > Change-Id: Ibf9d5d637f4e98a295d0cde6632679c77c3a4eb3 > Reviewed-on: https://chromium-review.googlesource.com/931921 > Reviewed-by: Michael Achenbach <machenbach@chromium.org> > Commit-Queue: Michael Achenbach <machenbach@chromium.org> > Cr-Commit-Position: refs/heads/master@{#51478} TBR=machenbach@chromium.org,yangguo@chromium.org Change-Id: Ifb4af81d4ccb784ec724d6ca4ab351f1df0db755 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:814810 Reviewed-on: https://chromium-review.googlesource.com/934801Reviewed-by:
Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#51527}
-
jgruber authored
The list of runtime function use counts was generated with: $ grep -o '^ *F(\w*' src/runtime/runtime.h | sed 's/^ *F(//' | sort | while read f; do USE_COUNT=$(git grep "\(Runtime::k\|Runtime::kInline\|%\|%_\)$f" | wc -l); echo $USE_COUNT $f; done This reduces libv8.so size by 59K on an x64 release build. Bug: v8:7310 Change-Id: Ib4d097e63ed065f41bf73e9529e4354575be5229 Reviewed-on: https://chromium-review.googlesource.com/934272Reviewed-by:
Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#51526}
-
Mythri authored
CSA::Select makes the code compact and cleaner. Use it instead of branches. Bug: v8:7310 Change-Id: I3694b5ab5f8085c60266a4ad02640075005f4f94 Reviewed-on: https://chromium-review.googlesource.com/934509Reviewed-by:
Igor Sheludko <ishell@chromium.org> Commit-Queue: Mythri Alle <mythria@chromium.org> Cr-Commit-Position: refs/heads/master@{#51525}
-
Clemens Hammacher authored
The Operand class is small enough to be efficiently passed by value. This saves binary size and performance because the Operand does not need to be emitted to the caller's frame and loaded in the callee. Binary saving is 30kB in release mode on x64. R=mstarzinger@chromium.org Bug: v8:7310 Change-Id: Ibad9d438ace23cfe8e4641bd48063ab7035656f4 Reviewed-on: https://chromium-review.googlesource.com/934137 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by:
Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#51524}
-
Marja Hölttä authored
BUG=v8:7490, v8:7310 Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng Change-Id: I2eb6897d9dcc72cc6f399a8752b9f30d7d7010f8 Reviewed-on: https://chromium-review.googlesource.com/934504Reviewed-by:
Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#51523}
-
Sigurd Schneider authored
Adding the StringSubstring simplified operator is a precursor to improve inlining of String.p.{substr,substring,slice}. This also contains a drive-by renaming to normalize different spellings of 'Substring'. Bug: v8:7250, v8:7340 Change-Id: I89e0fbafeab80f5d2f3ef348a5303d32c0abfe0a Reviewed-on: https://chromium-review.googlesource.com/919084 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by:Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#51522}
-
Sigurd Schneider authored
A.p.includes can now replace monkey-patched A.p.contains. Bug: v8:7310, v8:7327 Change-Id: Ibbd6c5526322599c06f5485471cf6a6361b082b9 Reviewed-on: https://chromium-review.googlesource.com/934265 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by:
Daniel Clifford <danno@chromium.org> Cr-Commit-Position: refs/heads/master@{#51521}
-
jgruber authored
The deoptimizer can create argument adaptor frames, in which case we write a return address onto the stack that jumps into the middle of the ArgumentsAdaptorTrampoline builtin. Now that this builtin is off-heap, we need to calculate the return address based on the off-heap instruction stream, not the on-heap trampoline. Bug: v8:6666 Change-Id: I55b27fe8b0573f6c6ae66375850352f71bdff618 Reviewed-on: https://chromium-review.googlesource.com/934202 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#51520}
-
Sigurd Schneider authored
Bug: v8:7310 Change-Id: I3b9832c7090d5c4b2f425f85095b0d7bae29fbfd Reviewed-on: https://chromium-review.googlesource.com/934321 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#51519}
-
jgruber authored
Off-heap code may have pc values that are not within [instruction_start, instruction_end]. Handle these kinds of objects in heap Code lookup functions. Bug: v8:6666 Change-Id: Ib7a58f962ef6311c48234e506a35485fd5966814 Reviewed-on: https://chromium-review.googlesource.com/934184 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#51518}
-
Marja Hölttä authored
Currently, pop_back() doesn't update size. Fix that. BUG=v8:7489 Change-Id: If11d2ddcaae3223289c168c1e6e1ad94d6775516 Reviewed-on: https://chromium-review.googlesource.com/934456Reviewed-by:
Peter Marshall <petermarshall@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#51517}
-
Peter Marshall authored
This fixes issues where the stack track contained 'Promise' but not 'new'. Bug: v8:7253 Change-Id: I840fcc0a76e2376aab0b64d321f5cf8ccc672956 Reviewed-on: https://chromium-review.googlesource.com/928762 Commit-Queue: Peter Marshall <petermarshall@chromium.org> Reviewed-by:
-
Peter Marshall authored
Previously, typing errors would be hidden by the SloppyTNode cast. Both lambdas should always return strictly checked types that match the templated type of the select, otherwise unchecked values can reach TNodes. Bug: v8:7479 Change-Id: Icd316c21a30c8c8305b7740c985efaa54c9a7015 Reviewed-on: https://chromium-review.googlesource.com/934455Reviewed-by:
-
Sigurd Schneider authored
This is a reland of 3ff4b447. Original version did not handle V8_INTL_SUPPORT. Original change's description: > [turbofan] Move String.* functions to JSCallReducer > > Bug: v8:7250, v8:7340 > Change-Id: Ibb8d5badf89c66bd9bcb6bb390256ae81d0e899c > Reviewed-on: https://chromium-review.googlesource.com/913208 > Commit-Queue: Sigurd Schneider <sigurds@chromium.org> > Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> > Cr-Commit-Position: refs/heads/master@{#51505} Bug: v8:7250, v8:7340 Change-Id: Id908cbcfaa9e9cf5459d6d3289e6ec00e387d287 Reviewed-on: https://chromium-review.googlesource.com/934268Reviewed-by:
Georg Neis <neis@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#51514}
-
jgruber authored
Off-heap-safety slightly differs from isolate-independence in that it allows external references and checks instruction-size constraints. This adds the new predicate as well as a cctest verifying it. New DCHECKs are introduced to document assumptions and upcoming work. Note that this breaks the --stress-off-heap-code flag. Fixes will follow in upcoming CLs. Bug: v8:6666 Change-Id: If4f3e0f4428bacc8d293cd864b9b07b81679c423 Reviewed-on: https://chromium-review.googlesource.com/934183 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#51513}
-
jgruber authored
This is the follow-up CL to https://chromium-review.googlesource.com/#/c/v8/v8/+/931122. Now that HeapConstants can be loaded through the builtins constants table, the extra CallStub and CallRuntime has become unnecessary. Bug: v8:6666 Change-Id: I02bb7805ac37bed6fe27fdd0689ac22ad7de034b Reviewed-on: https://chromium-review.googlesource.com/931123 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by:
-
Dan Elphick authored
Convert all context, receiver and argc Node*s to their appropriate TNode type. Bug: v8:7310 Change-Id: Ic6bf22ffb22199d390731d424b7395c47a8f19cf Reviewed-on: https://chromium-review.googlesource.com/934442 Commit-Queue: Dan Elphick <delphick@chromium.org> Reviewed-by:
-
Marja Hölttä authored
BUG=v8:7478 Change-Id: Iad67d49729dfeb89fde26772689a22098f491b8a Reviewed-on: https://chromium-review.googlesource.com/931548 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by:
-
Peter Marshall authored
Bug: v8:7310 Change-Id: I8d3ac3127d5ca3ea88fbb954727a7222de5d75a0 Reviewed-on: https://chromium-review.googlesource.com/934261 Commit-Queue: Peter Marshall <petermarshall@chromium.org> Reviewed-by:
-
Ben L. Titzer authored
R=ahaas@chromium.org Bug: v8:7310 Change-Id: I7f4f4f7990a202232a0871f5d73dd8025306e96e Reviewed-on: https://chromium-review.googlesource.com/934262 Commit-Queue: Ben Titzer <titzer@chromium.org> Reviewed-by:
Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#51508}
-
Sigurd Schneider authored
This reverts commit 3ff4b447. Reason for revert: Does not handle V8_INTL_SUPPORT correctly Original change's description: > [turbofan] Move String.* functions to JSCallReducer > > Bug: v8:7250, v8:7340 > Change-Id: Ibb8d5badf89c66bd9bcb6bb390256ae81d0e899c > Reviewed-on: https://chromium-review.googlesource.com/913208 > Commit-Queue: Sigurd Schneider <sigurds@chromium.org> > Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> > Cr-Commit-Position: refs/heads/master@{#51505} TBR=sigurds@chromium.org,bmeurer@chromium.org Change-Id: I6efb3b758b0fcadc012a90c4175de3c1ebccee95 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:7250, v8:7340 Reviewed-on: https://chromium-review.googlesource.com/934267Reviewed-by:
Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#51507}
-
Georg Neis authored
R=ishell@chromium.org Bug: v8:7310 Change-Id: Ibdf4c0c5a53de88d492668786734be08420df90e Reviewed-on: https://chromium-review.googlesource.com/934342Reviewed-by:
-
Sigurd Schneider authored
Bug: v8:7250, v8:7340 Change-Id: Ibb8d5badf89c66bd9bcb6bb390256ae81d0e899c Reviewed-on: https://chromium-review.googlesource.com/913208 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by:
-
Georg Neis authored
E.g. SubString and StringAdd. Bug: v8:7310 Change-Id: I352044f88fe79c5b576c5423d6feae3bcb7d725a Reviewed-on: https://chromium-review.googlesource.com/934284Reviewed-by:
-
Yang Guo authored
Regular construct stubs eventually call InvokeFunction, which does performs debug hook checking. For builtins such as Object, Array, etc. this approach does not work since they have specialized construct stubs that do not check for the debug hook. R=bmeurer@chromium.org Bug: v8:178 Change-Id: I3e1f5d2dae1c7a6220b7236bd6ea71d83a65171f Reviewed-on: https://chromium-review.googlesource.com/931702Reviewed-by:
-
Gabriel Charette authored
This reverts commit f64a87c4. Revert "[v8] Even finer grain trace events for EVACUATE_COPY step." This reverts commit 2c1b6d38. Traces have been gathered by the bots. I'm still analyzing the results but let's revert these for now to soothe the poor bots which are running with v8.gc tracing enabled and regressing like crazy because of this crbug.com/814800. R=hpayer@chromium.org Bug: chromium:814800, chromium:813824 Change-Id: If97c1ff5d14de18414c3b8d65ecb3aaf4f1bb32d Reviewed-on: https://chromium-review.googlesource.com/934131Reviewed-by:
-
Peter Marshall authored
Bug: v8:7310 Change-Id: Iaebe8fa8e5a622b0963754548aa7e29fd6028e22 Reviewed-on: https://chromium-review.googlesource.com/934203Reviewed-by:
-
Clemens Hammacher authored
Instead of limiting the number of used spill slots and bailing out if the limit is exceeded, we now store the number of spill slots used and patch the stack frame size after generating all code. This removes a lot of checks and bailouts. Drive-by: Fix a bug with spilling f64 caller frame slots which was uncovered by the additional test coverage after this CL. R=titzer@chromium.org Bug: v8:6600 Change-Id: I25d856f99451642cc15239c0461402e51487d0a1 Reviewed-on: https://chromium-review.googlesource.com/929162Reviewed-by:
Ben Titzer <titzer@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#51500}
-
Kim-Anh Tran authored
Bug: v8:7310 Change-Id: I6f1c2424fbf377b358546d76a9bc3bbd300aeab5 Reviewed-on: https://chromium-review.googlesource.com/933762 Commit-Queue: Kim-Anh Tran <kimanh@google.com> Reviewed-by:
-
jgruber authored
During builtins generation, parts of the builtins table may be filled with placeholder code objects. This CL ensures that such placeholders are replaced by the real builtin object during finalization of the builtins constants table. Bug: v8:6666 Change-Id: I3a2635b29b37690fd7e950b9f38d500704671afb Reviewed-on: https://chromium-review.googlesource.com/934241Reviewed-by:
-
Peter Marshall authored
Also a small drive-by cleanup to ToSmiLength to make the two functions more consistent. Bug: v8:7310 Change-Id: Ied01b72c2d30445eebac2bdab33d96e2df994274 Reviewed-on: https://chromium-review.googlesource.com/931545Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#51497}
-
Sigurd Schneider authored
This is a reland of ccbbdb93. Original change's description: > [turbofan] Disable speculation for JSCall nodes by default > > Change-Id: I7360601f4e1b419cf8d35480b068418bdd700be9 > Reviewed-on: https://chromium-review.googlesource.com/928649 > Commit-Queue: Sigurd Schneider <sigurds@chromium.org> > Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> > Cr-Commit-Position: refs/heads/master@{#51467} Bug: v8:7340 Change-Id: I5557afcdad0c7f9610a396dcfa45f8985a13c1ba Reviewed-on: https://chromium-review.googlesource.com/931546Reviewed-by:
-
jgruber authored
Moves the decision whether to embed the constant or perform a lookup through the builtins constants table to CodeAssembler::UntypedHeapConstant. Root constants continue to be embedded (and are later turned into loads through root-register by the backend); non-root constants are added to the constants table at generation-time and loaded from there at runtime. This allows us to remove the recently added boilerplate around CallStub and CallRuntime in a follow-up. Bug: v8:6666 Change-Id: Id981088e4b9d665c678acc9718383179f681f063 Reviewed-on: https://chromium-review.googlesource.com/931122 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Reviewed-by:
-
v8-autoroll authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/b3523c3..787ae8b Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/d2d530b..13a8b37 Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/c29e3d7..7e69312 TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org Change-Id: I6d46c7a380b2de8e0b3da20009ee7410b84ad9d3 Reviewed-on: https://chromium-review.googlesource.com/933609 Commit-Queue: v8 autoroll <v8-autoroll@chromium.org> Reviewed-by:
v8 autoroll <v8-autoroll@chromium.org> Cr-Commit-Position: refs/heads/master@{#51494}
-
Jakob Kummerow authored
and use it more often. Bug: v8:7310 Change-Id: I7773f35415a0bb529cdaac380c9068f4ed5010ae Reviewed-on: https://chromium-review.googlesource.com/930236 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by:
-
Jakob Kummerow authored
Bug: v8:6791 Change-Id: I1423321552e50d9ccb40a94b73f393d6d46fa629 Reviewed-on: https://chromium-review.googlesource.com/927789 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by:
-
Jakob Kummerow authored
Originally reviewed at https://chromium-review.googlesource.com/929429 and landed as r51486 / d50c7731. Update in reland: whitelisted new builtins as side effect free. Bug: v8:6791 Change-Id: Iff45700c8a4eca23f3ee6fc9c0cb340dc027cbc6 Reviewed-on: https://chromium-review.googlesource.com/932802 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by:
-
Michael Achenbach authored
NOTRY=true TBR=gsathya@chromium.org Bug: chromium:800651 Change-Id: I9e978c430cbeef0fcf004d1cfbd1e64f15983155 Reviewed-on: https://chromium-review.googlesource.com/933294Reviewed-by:
-
- 22 Feb, 2018 1 commit
-
-
Adam Klein authored
Without --harmony-function-tostring, anything other than a JSFunction or JSBoundFunction throw when Function.prototype.toString is called on them. But with the toString revision, anything callable allows toString (and for non-Functions returns the good old "function () { [native code] }" string). Bug: v8:7484 Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel Change-Id: I3540e213a40992151761b59666fe36e0510da908 Reviewed-on: https://chromium-review.googlesource.com/932825 Commit-Queue: Adam Klein <adamk@chromium.org> Reviewed-by:
-
