- 17 Dec, 2015 34 commits
-
-
bradnelson authored
R=titzer@chromium.org BUG= Review URL: https://codereview.chromium.org/1516753007 Cr-Commit-Position: refs/heads/master@{#32955}
-
mtrofin authored
Added structural validation to live ranges, esp. for bugs that may arise due to splintering / merging. BUG= Review URL: https://codereview.chromium.org/1533723002 Cr-Commit-Position: refs/heads/master@{#32954}
-
gib authored
If the profiler is started via the API and not stopped, V8 will intermittently crash during isolate teardown. The fix is to run the DeleteAllProfiles function in Isolate::Deinit() if cpu_profiler_ still exists. https://groups.google.com/forum/#!topic/v8-dev/WsIlpbaD4mo TEST= Run in debug mode, if you start a profile and don't stop it, this assert should fail: Fatal error in ../src/profiler/cpu-profiler.cc, line 414 Check failed: !is_profiling_. Review URL: https://codereview.chromium.org/1526253005 Cr-Commit-Position: refs/heads/master@{#32953}
-
bradnelson authored
R=ahaas@chromium.org BUG= Review URL: https://codereview.chromium.org/1536663002 Cr-Commit-Position: refs/heads/master@{#32952}
-
bradnelson authored
Add an internal field to each wasm function to keep a reference to the module. (So the GC can do the right thing when you only hold references to wasm functions but not the module). Use Realloc carefully, to avoid copying from out of bounds. Make snprintf use platform independent. Don't disconnect external arraybuffers provided for the heap. R=ahaas@chromium.org BUG= Review URL: https://codereview.chromium.org/1531243003 Cr-Commit-Position: refs/heads/master@{#32951}
-
sigurds authored
R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/1532063002 Cr-Commit-Position: refs/heads/master@{#32950}
-
verwaest authored
Allowing global references to be read through a proxy results in cross-origin information leaks. The ES6 spec currently does not mitigate this in any way. This CL adds a workaround that's easy for V8: throw whenever an unresolved reference would result in a proxy trap to be fired. I'm landing this so we can move forwards with staging proxies without putting users of --harmony at risk. BUG=chromium:399951 LOG=n Review URL: https://codereview.chromium.org/1529303003 Cr-Commit-Position: refs/heads/master@{#32949}
-
bradnelson authored
Make WasmModule free it's own memory, avoid mixing stack and heap allocations in tests. This fixes several memory leaks. Fix several signed compare issues. Fix several floating point warnings. Don't setup heap as external, as then the GC can't collect it. Disable some tests that fail under ASAN. R=ahaas@chromium.org BUG= Review URL: https://codereview.chromium.org/1538543002 Cr-Commit-Position: refs/heads/master@{#32948}
-
verwaest authored
BUG=chromium:570651 LOG=n Review URL: https://codereview.chromium.org/1532083002 Cr-Commit-Position: refs/heads/master@{#32947}
-
bradnelson authored
Fixing several signed/unsigned comparison warnings for wasm. Fixing a use after free involving ostringsteam::str() R=ahaas@chromium.org BUG= Review URL: https://codereview.chromium.org/1533593004 Cr-Commit-Position: refs/heads/master@{#32946}
-
jkummerow authored
BUG=chromium:497632 LOG=y Review URL: https://codereview.chromium.org/1531583005 Cr-Commit-Position: refs/heads/master@{#32945}
-
neis authored
It must call the 'getOwnPropertyDescriptor' trap, not the 'has' trap. R=cbruni@chromium.org, jkummerow@chromium.org BUG=v8:1543 LOG=n Review URL: https://codereview.chromium.org/1532723005 Cr-Commit-Position: refs/heads/master@{#32944}
-
rossberg authored
R=bmeurer@chromium.org BUG= Review URL: https://codereview.chromium.org/1530403004 Cr-Commit-Position: refs/heads/master@{#32943}
-
sigurds authored
BUG=566253 LOG=n Review URL: https://codereview.chromium.org/1530143002 Cr-Commit-Position: refs/heads/master@{#32942}
-
mvstanton authored
BUG= R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/1533813002 Cr-Commit-Position: refs/heads/master@{#32941}
-
bradnelson authored
Fixing several memory leaks in wasm unittests. Avoiding std::vector::data() as it isn't supported on all compilers on the bots. Use EXCEPT_TRUE / EXPECT_FALSE to avoid warnings on some compilers when testing boolean equality. R=ahaas@chromium.org BUG= Review URL: https://codereview.chromium.org/1536603003 Cr-Commit-Position: refs/heads/master@{#32940}
-
mvstanton authored
R=mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/1516003002 Cr-Commit-Position: refs/heads/master@{#32939}
-
bradnelson authored
In preparation for switching wasm from a compile to a runtime option, add the runtime flag to all mjsunit tests. R=ahaas@chromium.org BUG= Review URL: https://codereview.chromium.org/1537643002 Cr-Commit-Position: refs/heads/master@{#32938}
-
zhengxing.li authored
port aafc3e54 (r32926) original commit message: The FIRST-LAST_NONCALLABLE_SPEC_OBJECT_TYPE range was accidentially used in field type tracking, where we should check for JSReceiver instead (there's no need to exclude JSProxy or JSFunction from tracking). And the use in %_ClassOf was actually wrong and didn't match the C++ implementation in JSReceiver::class_name() anymore. Now it's consistent again. BUG= Review URL: https://codereview.chromium.org/1537613002 Cr-Commit-Position: refs/heads/master@{#32937}
-
ahaas authored
As required by the spec, the second return value now returns success also for the range between 0 and -1 where the conversion results in 0. R=bradnelson@chromium.org, mstarzinger@chromium.org, v8-arm-ports@googlegroups.com, v8-mips-ports@googlegroups.com Review URL: https://codereview.chromium.org/1533503002 Cr-Commit-Position: refs/heads/master@{#32936}
-
neis authored
And remove confusing comment. R=bmeurer@chromium.org BUG= Review URL: https://codereview.chromium.org/1531843003 Cr-Commit-Position: refs/heads/master@{#32935}
-
neis authored
- Before getting the length property, we must check for it using [[GetOwnProperty]]. Also, if the obtained length is a number, we must properly convert it to an integer. - In order to get the prototype we must use [[GetPrototypeOf]], and do so before checking the length. R=cbruni@chromium.org, jkummerow@chromium.org BUG=v8:1543 LOG=n Review URL: https://codereview.chromium.org/1530893002 Cr-Commit-Position: refs/heads/master@{#32934}
-
paul.lind authored
Add Ivica B. NOTRY=true Review URL: https://codereview.chromium.org/1525413003 Cr-Commit-Position: refs/heads/master@{#32933}
-
hablich authored
Reason for revert: This causes compatibility issues, as documented in https://bugs.chromium.org/p/v8/issues/detail?id=4617#c9 Original issue's description: > [es6] ship regexp sticky flag. > > R=littledan@chromium.org > BUG=v8:4342 > LOG=Y > > Committed: https://crrev.com/86c2dd4042dc9ce293e004234eb094f2b51d9640 > Cr-Commit-Position: refs/heads/master@{#32826} TBR=yangguo@chromium.org,littledan@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=v8:4342 LOG=Y Review URL: https://codereview.chromium.org/1531243002 Cr-Commit-Position: refs/heads/master@{#32932}
-
mtrofin authored
In a previous incarnation of live range merging, we needed to cache the last child in a chain of live ranges. We don't anymore, so removing unused code. BUG= Review URL: https://codereview.chromium.org/1536523003 Cr-Commit-Position: refs/heads/master@{#32931}
-
mtrofin authored
Decoupled the Print APIs from RegisterAllocationData, and placed them on the various APIs. Way easier to use these at debug time even outside the register allocation pipeline. BUG= Review URL: https://codereview.chromium.org/1528983005 Cr-Commit-Position: refs/heads/master@{#32930}
-
Benedikt Meurer authored
Introduce a new Apply builtin that forms a correct and optimizable foundation for the Function.prototype.apply, Reflect.construct and Reflect.apply builtins (which properly does the PrepareForTailCall as required by the ES2015 spec). The new Apply builtin avoids going to the runtime if it is safe to just access the backing store elements of the argArray, i.e. if you pass a JSArray with no holes, or an unmapped, unmodified sloppy or strict arguments object. mips/mips64 ports by Balazs Kilvady <balazs.kilvady@imgtec.com> CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux64_tsan_rel BUG=v8:4413, v8:4430 LOG=n R=yangguo@chromium.org Committed: https://chromium.googlesource.com/v8/v8/+/e4d2538911f6cb4b626830ccbb3c1f5746542697 Review URL: https://codereview.chromium.org/1523753002 . Cr-Commit-Position: refs/heads/master@{#32929}
-
Benedikt Meurer authored
Revert of [es6] Correct Function.prototype.apply, Reflect.construct and Reflect.apply. (patchset #5 id:80001 of https://codereview.chromium.org/1523753002/ ) Reason for revert: Breaks TSAN somewhow: http://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN/builds/7000 Original issue's description: > [es6] Correct Function.prototype.apply, Reflect.construct and Reflect.apply. > > Introduce a new Apply builtin that forms a correct and optimizable > foundation for the Function.prototype.apply, Reflect.construct and > Reflect.apply builtins (which properly does the PrepareForTailCall > as required by the ES2015 spec). > > The new Apply builtin avoids going to the runtime if it is safe to > just access the backing store elements of the argArray, i.e. if you > pass a JSArray with no holes, or an unmapped, unmodified sloppy or > strict arguments object. > > mips/mips64 ports by Balazs Kilvady <balazs.kilvady@imgtec.com> > > CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel > BUG=v8:4413, v8:4430 > LOG=n > R=yangguo@chromium.org > > Committed: https://chromium.googlesource.com/v8/v8/+/e4d2538911f6cb4b626830ccbb3c1f5746542697 TBR=yangguo@chromium.org,paul.lind@imgtec.com NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=v8:4413, v8:4430 Review URL: https://codereview.chromium.org/1533803002 . Cr-Commit-Position: refs/heads/master@{#32928}
-
Benedikt Meurer authored
Introduce a new Apply builtin that forms a correct and optimizable foundation for the Function.prototype.apply, Reflect.construct and Reflect.apply builtins (which properly does the PrepareForTailCall as required by the ES2015 spec). The new Apply builtin avoids going to the runtime if it is safe to just access the backing store elements of the argArray, i.e. if you pass a JSArray with no holes, or an unmapped, unmodified sloppy or strict arguments object. mips/mips64 ports by Balazs Kilvady <balazs.kilvady@imgtec.com> CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel BUG=v8:4413, v8:4430 LOG=n R=yangguo@chromium.org Review URL: https://codereview.chromium.org/1523753002 . Cr-Commit-Position: refs/heads/master@{#32927}
-
Benedikt Meurer authored
The FIRST-LAST_NONCALLABLE_SPEC_OBJECT_TYPE range was accidentially used in field type tracking, where we should check for JSReceiver instead (there's no need to exclude JSProxy or JSFunction from tracking). And the use in %_ClassOf was actually wrong and didn't match the C++ implementation in JSReceiver::class_name() anymore. Now it's consistent again. R=yangguo@chromium.org BUG=chromium:535408 LOG=n Review URL: https://codereview.chromium.org/1535523003 . Cr-Commit-Position: refs/heads/master@{#32926}
-
Benedikt Meurer authored
There's actually no need to restrict the inline allocation of receivers for class constructors anymore; the relevant issues were addressed in the compiler and runtime several weeks ago. R=yangguo@chromium.org Review URL: https://codereview.chromium.org/1532453004 . Cr-Commit-Position: refs/heads/master@{#32925}
-
zhengxing.li authored
port 2c75e3d2 (r32903) original commit message: We can no longer just walk the prototype chain without doing proper access-checks. When installing a proxy as the __proto__ of the global object we might accidentally end up invoking cross-realm code without access-checks (see proxies-cross-realm-ecxeption.js). BUG= Review URL: https://codereview.chromium.org/1534663002 Cr-Commit-Position: refs/heads/master@{#32924}
-
v8-autoroll authored
Rolling v8/third_party/android_tools to f4c36ad89b2696b37d9cd7ca7d984b691888b188 Rolling v8/tools/clang to 67c5521f1878f7929f8f0afc74b31627b3bbffb3 TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org Review URL: https://codereview.chromium.org/1530413002 Cr-Commit-Position: refs/heads/master@{#32923}
-
zhengxing.li authored
port 025d476c (r32906) original commit message: Adds a slot for the bytecode offset to interpreter stack frames and saves it on calls, and restores after calls. Also fixes RawMachineAssembler::Return() to call MergeControlToEnd. BUG= Review URL: https://codereview.chromium.org/1535613003 Cr-Commit-Position: refs/heads/master@{#32922}
-
- 16 Dec, 2015 6 commits
-
-
balazs.kilvady authored
MIPS: Fix `[proxies] fix access issue when having proxies on the prototype-chain of global objects.` Port 2c75e3d2 Original commit message: We can no longer just walk the prototype chain without doing proper access-checks. When installing a proxy as the __proto__ of the global object we might accidentally end up invoking cross-realm code without access-checks (see proxies-cross-realm-ecxeption.js). BUG= Review URL: https://codereview.chromium.org/1526253006 Cr-Commit-Position: refs/heads/master@{#32921}
-
mbrandy authored
Port 025d476c Original commit message: Adds a slot for the bytecode offset to interpreter stack frames and saves it on calls, and restores after calls. Also fixes RawMachineAssembler::Return() to call MergeControlToEnd. R=rmcilroy@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG=v8:4280 LOG=N Review URL: https://codereview.chromium.org/1531873002 Cr-Commit-Position: refs/heads/master@{#32920}
-
mbrandy authored
Port 97161a29 Original commit message: TryTruncateFloat32ToUint64 converts a float32 to a uint64. Additionally it provides an optional second return value which indicates whether the conversion succeeded (i.e. float32 value was within uint64 range) or not. Additionally I fixed a bug on x64 and mips64 in the implementation of TryTruncateFloat64ToUint64. Cases where the input value was between -1 and 0 were handled incorrectly. R=ahaas@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG= Review URL: https://codereview.chromium.org/1533613002 Cr-Commit-Position: refs/heads/master@{#32919}
-
mbrandy authored
Port 89bb66de Original commit message: Original CL: https://codereview.chromium.org/1375253002/ Implement machine instruction scheduling after instruction selection. R=baptiste.afsa@arm.com, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG= Review URL: https://codereview.chromium.org/1534433004 Cr-Commit-Position: refs/heads/master@{#32918}
-
mbrandy authored
Use appropriate load instruction for 32-bit mode. R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG=v8:3330 LOG=n Review URL: https://codereview.chromium.org/1532673002 Cr-Commit-Position: refs/heads/master@{#32917}
-
mbrandy authored
Port bb2a830d Port 56673804 Original commit messages: MachineType is now a class with two enum fields: - MachineRepresentation - MachineSemantic Both enums are usable on their own, and this change switches some places from using MachineType to use just MachineRepresentation. Most notably: - register allocator now uses just the representation. - Phi and Select nodes only refer to representations. Store nodes use only MachineRepresentation, not MachineType. R=jarin@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG= Review URL: https://codereview.chromium.org/1523373003 Cr-Commit-Position: refs/heads/master@{#32916}
-