- 08 Mar, 2018 28 commits
-
-
Yang Guo authored
The number of embedder fields grows dynamically, but reading these fields do not perform bounds checks. The naming is taken from a similar method on v8::Isolate. Also changed the growing strategy for the backing store to not over-allocate. R=adamk@chromium.org, bmeurer@chromium.org Bug: v8:7533 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: I70beab124a32296c940ffabd897a7790bc8ff47a Reviewed-on: https://chromium-review.googlesource.com/952923Reviewed-by: Adam Klein <adamk@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#51822}
-
Yang Guo authored
TBR=bmeurer@chromium.org NOTRY=true Bug: v8:178 Change-Id: I5f8b128d9f0e5ae0ad9c44da0b6cd599c47fdf6b Reviewed-on: https://chromium-review.googlesource.com/956064Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#51821}
-
Clemens Hammacher authored
Stack slots store the type of the respective value, so we can always get the reg class from that type. R=titzer@chromium.org Bug: v8:6600 Change-Id: I60ca21daa4cc1505562c344367c7586bcd272c9b Reviewed-on: https://chromium-review.googlesource.com/950948Reviewed-by: Ben Titzer <titzer@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#51820}
-
Jakob Kummerow authored
This is a reland of 609aaa55 Originally reviewed at: https://chromium-review.googlesource.com/952626 Tbr: adamk@chromium.org Bug: v8:6791 Change-Id: If0699fbfb280192bed61538ccc67c7c95893e691 Reviewed-on: https://chromium-review.googlesource.com/954665Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#51819}
-
Yang Guo authored
This is to better pinpoint win64 failures. TBR=bmeurer@chromium.org Bug: v8:178 Change-Id: If778352cad1f209927067a12d5684e62c4ead8d2 Reviewed-on: https://chromium-review.googlesource.com/955687Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#51818}
-
Clemens Hammacher authored
On 32-bit systems, the computation {count + type_list->size()} can overflow, leading to memory corruption later on. R=titzer@chromium.org Bug: chromium:819869 Change-Id: Ic81d201e58211e3989b4e945cd52e98dc951fbda Reviewed-on: https://chromium-review.googlesource.com/955025 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Ben Titzer <titzer@chromium.org> Cr-Commit-Position: refs/heads/master@{#51817}
-
Jakob Gruber authored
This reverts commit 6afd25ff. Reason for revert: https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20-%20debug%20-%20fyi/builds/1437 Original change's description: > [builtins] Execute binary-embedded builtin code > > This CL creates trampolines into binary-embedded builtins on > isolate-creation, if --stress-off-heap-code is passed. > > Note that this still overwrites existing code objects with the > off-heap trampoline, and that off-heap builtins still exist both in > the snapshot and the binary. Addressing these points are the next > steps. > > Drive-by-change: More efficient off-heap code lookups now that the > off-heap memory area has a contiguous and static layout. > > Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel_ng > Bug: v8:6666 > Change-Id: I7e7ef0aa2cd7b8184ae3a13fa02bdcbb4f2c9f86 > Reviewed-on: https://chromium-review.googlesource.com/947969 > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Cr-Commit-Position: refs/heads/master@{#51809} TBR=mstarzinger@chromium.org,jgruber@chromium.org Change-Id: I18276541b468b9d2b2a1366ccd287822e96b6df7 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:6666 Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel_ng Reviewed-on: https://chromium-review.googlesource.com/956042Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#51816}
-
Sergiy Byelozyorov authored
TBR=sergiyb@chromium.org Bug: chromium:776035 Change-Id: I6a9f2cb62ec275af49ec629d6a4d41d61c0a9dfe Reviewed-on: https://chromium-review.googlesource.com/955322 Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org> Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org> Cr-Commit-Position: refs/heads/master@{#51815}
-
Yang Guo authored
TBR=bmeurer@chromium.org NOTRY=true Bug: v8:178 Change-Id: I25438302be07f51eb9f540ada2ec28e4d06a5198 Reviewed-on: https://chromium-review.googlesource.com/955626Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#51814}
-
Jaroslav Sevcik authored
Bug: chromium:798964 Change-Id: Ia359f68e30e87e2cbee5b8322b4ac54c335ef474 Reviewed-on: https://chromium-review.googlesource.com/955425Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#51813}
-
Camillo Bruni authored
Bug: chr:81499 Change-Id: I5a18b9ec061d426e21c08747a8c18a36bf5ca194 Reviewed-on: https://chromium-review.googlesource.com/950724 Commit-Queue: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#51812}
-
Yang Guo authored
R=bmeurer@chromium.org, leszeks@chromium.org Bug: v8:178 Change-Id: I00411ddfee458a71464dcba7f1b504b46c70ef06 Reviewed-on: https://chromium-review.googlesource.com/953002Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#51811}
-
Benedikt Meurer authored
This adds a global protector to guard the lookup of "resolve" on the %Promise% intrinsic object (the initial Promise constructor), making sure that Promise.resolve yields the initial builtin method. We use this protector to avoid the lookup of "resolve" all the time inside of Promise.all and Promise.race, when called with constructor being the %Promise% intrinsic object. This improves the performance on the parallel-async-es2017-native benchmark by roughly 2-3%. Bug: v8:7253 Change-Id: Ida93b88afbaeae61f17be4cd30ea6a78b4267cea Reviewed-on: https://chromium-review.googlesource.com/955564Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#51810}
-
jgruber authored
This CL creates trampolines into binary-embedded builtins on isolate-creation, if --stress-off-heap-code is passed. Note that this still overwrites existing code objects with the off-heap trampoline, and that off-heap builtins still exist both in the snapshot and the binary. Addressing these points are the next steps. Drive-by-change: More efficient off-heap code lookups now that the off-heap memory area has a contiguous and static layout. Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel_ng Bug: v8:6666 Change-Id: I7e7ef0aa2cd7b8184ae3a13fa02bdcbb4f2c9f86 Reviewed-on: https://chromium-review.googlesource.com/947969 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#51809}
-
Tobias Tebbi authored
JSCallReducer runs at the same time as DeadCodeElimination and hence can observe an incompletely propagated DeadValue in place of a StateValue node holding the arguments to materialize for JSCreateArguments. This CL fixes this by aborting the lowring of JSCreateArguments in this case. Bug: chromium:819311 v8:7536 Change-Id: I42c4a1923e3dbe470db1a16c5069aaa7c38659ac Reviewed-on: https://chromium-review.googlesource.com/955306Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#51808}
-
Benedikt Meurer authored
The PromiseResolve builtin was missing it's fast-path for when we can skip the "constructor" lookup due to a typo. Bug: v8:7253 Change-Id: Icca033af5d4f7fe8b43ebf49c9315b4c80d52cbc Reviewed-on: https://chromium-review.googlesource.com/955483Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#51807}
-
sreten.kovacevic authored
Test started failing after commit `[Liftoff] Remove Get{Unary,Binary}OpTargetRegister`. Optimization shouldn't be done if dst == rhs in i32_set_cond instruction. This CL fixes the issue. Change-Id: I67cd1ca4692fcf69202ef25f7aa58756a5ddddca Reviewed-on: https://chromium-review.googlesource.com/952963Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com> Cr-Commit-Position: refs/heads/master@{#51806}
-
Benedikt Meurer authored
When optimizing SpeculativeToNumber we need to pay attention to the hint, otherwise we optimize away a Signed32 conversion, based on the fact that the input is a Number. Bug: chromium:819298 Change-Id: I2ac7b0dac708fee9083eca2880bd5674a82daaa3 Reviewed-on: https://chromium-review.googlesource.com/955423Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#51805}
-
jgruber authored
This is a reland of 491d5a81 Original change's description: > [builtins] Embed builtins into the binary > > This embeds code for off-heap-safe builtins into the binary. Actual > execution of embedded code is not implemented yet. > > The embedded file has the following format: > > namespace v8 { > namespace internal { > > namespace { > > V8_EMBEDDED_TEXT_HEADER(v8_embedded_blob_) > __asm__( /* builtin offsets and lengths */ ); > __asm__(V8_ASM_LABEL("Builtins_RecordWrite")); > __asm__( /* binary instruction stream */ ); > /* Repeat for other builtins. */ > > extern "C" const uint8_t v8_embedded_blob_[]; > static const uint32_t v8_embedded_blob_size_ = /* size in bytes */; > > } // namespace > > const uint8_t* DefaultEmbeddedBlob() { return v8_embedded_blob_; } > uint32_t DefaultEmbeddedBlobSize() { return v8_embedded_blob_size_; } > > } // namespace internal > } // namespace v8 > > Bug: v8:6666 > Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;luci.v8.try:v8_linux64_fyi_rel_ng > Change-Id: Ic989f01da69ebe2863f31d934bfbe2c5d6e80864 > Reviewed-on: https://chromium-review.googlesource.com/946011 > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Yang Guo <yangguo@chromium.org> > Cr-Commit-Position: refs/heads/master@{#51759} TBR=yangguo@chromium.org Bug: v8:6666 Change-Id: I741554cb080b6811dfbcb0913c6e1594e74c0432 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;luci.v8.try:v8_linux64_fyi_rel_ng Reviewed-on: https://chromium-review.googlesource.com/955084Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#51804}
-
Igor Sheludko authored
... and use Smi Map::kPrototypeChainValid for the cases where direct receiver's prototype is not JSObject instead of creating a new valid cell for each such case. This will make a validity cell checking code simpler. Bug: v8:5988 Change-Id: I52cf55797171cc8021d80e4e441615d0c8fc8bd4 Reviewed-on: https://chromium-review.googlesource.com/951384 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#51803}
-
Tobias Tebbi authored
UnalignedLoad is the only kind of load operation that defines its own UnalignedLoadRepresentation type alias and LoadRepresentationOf function. This is a problem because it means we cannot use the LOAD_MATCHER infrastructure without defining all of this boilerplate for all the other kinds of load operations. Since these aliases serve no real purpose, it is best to unify UnalignedLoad to how its peers are handled. Change-Id: I51a591eb82fb85edee66512136b23276e851f767 Reviewed-on: https://chromium-review.googlesource.com/951683 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#51802}
-
Stephan Herhut authored
The debugger script implementation had its own way to write uint32_t values to a string as hex values. This removes the custom code and uses a shared implementation in String16Builder instead. The observable effect is that script hashes are now lower-case and the character sequence is reversed for each 8-character pair. Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel Change-Id: Ib21769fbe10c24055fbd3fa9573bc5c2d72f6a74 Reviewed-on: https://chromium-review.googlesource.com/951303Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> Commit-Queue: Stephan Herhut <herhut@chromium.org> Cr-Commit-Position: refs/heads/master@{#51801}
-
v8-autoroll authored
Rolling v8/base/trace_event/common: https://chromium.googlesource.com/chromium/src/base/trace_event/common/+log/0e9a47d..e0009bb Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/06a6e63..ca739dc Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/36f3a71..b6fe934 TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org Change-Id: I793509e5285594adf9f030bd2824ca2629d68117 Reviewed-on: https://chromium-review.googlesource.com/952703Reviewed-by: v8 autoroll <v8-autoroll@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#51800}
-
Marja Hölttä authored
- Make it explicit that the field marks are supposed to be all-false after each object. - Remove unused param from MarkVisitedField. BUG=v8:7534 Change-Id: Ibc226290bb09daca60b92819944e0049bb33e594 Reviewed-on: https://chromium-review.googlesource.com/951725Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#51799}
-
Jaroslav Sevcik authored
The tricky part here is to take away one register from register allocation for the mask. The only problem is with calls that need an input operand to be passed in the poison register. For such calls, we change the register constraint in the instruction selector to pass the value in whatever place the register allocator sees fit. During code generation, we then copy the value from that place to the poison register. By that time, the mask is not necessary (once we bake the mask into the target, it should be done before this move). For the branches, the mask update does not use cmov (unlike x64) because cmov does not take an immediate and we do not have a scratch register. Instead we use bit-twiddling tricks (suggested by @tebbi). For example, here is the code for masking register update after a bailout on non-zero: jnz deopt_bailout ;; Bailout branch setnz bl ;; These three instructions update the mask add ebx, 255 sar ebx, 31 (On x64, the sequence is: jnz deopt_bailout mov r10, 0 ;; We have a scratch register for zero cmovnz r9, r10 ;; Set to zero if we execute this branch ;; in branch mis-speculation ) This CL also fixes a bug in register configuration, where we used to wrongly restrict the array of register name. Change-Id: I5fceff2faf8bdc527d9934afc284b749574ab69e Bug: chromium:798964 Reviewed-on: https://chromium-review.googlesource.com/946251 Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#51798}
-
Michael Achenbach authored
TBR=yangguo@chromium.org NOTRY=true Bug: chromium:813833 Change-Id: I51780d467d9e57ed0621741da7b9fb215c3233c5 Reviewed-on: https://chromium-review.googlesource.com/955082Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#51797}
-
Michael Achenbach authored
This reverts commit 609aaa55. Reason for revert: https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/22157 Original change's description: > [bigint] Serialization support for BigInts > > Bug: v8:6791 > Change-Id: I6d428d0bfc08b7447cd4a961b9f4053c89ed158b > Reviewed-on: https://chromium-review.googlesource.com/952626 > Reviewed-by: Adam Klein <adamk@chromium.org> > Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> > Cr-Commit-Position: refs/heads/master@{#51795} TBR=adamk@chromium.org,jkummerow@chromium.org Change-Id: I3c5ab51c40fcd897638d039d433cd764ca7f4e77 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:6791 Reviewed-on: https://chromium-review.googlesource.com/954942Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#51796}
-
Jakob Kummerow authored
Bug: v8:6791 Change-Id: I6d428d0bfc08b7447cd4a961b9f4053c89ed158b Reviewed-on: https://chromium-review.googlesource.com/952626Reviewed-by: Adam Klein <adamk@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#51795}
-
- 07 Mar, 2018 12 commits
-
-
Sathya Gunasekaran authored
Bug: v8:5368 Change-Id: I3119ce753737afd44a03d2c44348912a96da6c97 Reviewed-on: https://chromium-review.googlesource.com/952481 Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#51794}
-
Yang Guo authored
R=adamk@chromium.org Bug: v8:7288 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: If8e2416a0e9b0915572c2ad37a45e3ea8ca3a75a Reviewed-on: https://chromium-review.googlesource.com/952924Reviewed-by: Adam Klein <adamk@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#51793}
-
Deepti Gandluri authored
Change-Id: Icea792696458bfa0568ac92c15a7f4523f88849d Reviewed-on: https://chromium-review.googlesource.com/952570Reviewed-by: Eric Holk <eholk@chromium.org> Commit-Queue: Deepti Gandluri <gdeepti@chromium.org> Cr-Commit-Position: refs/heads/master@{#51792}
-
Jungshik Shin authored
icu-timezone-data was enabled before but reverted due to a perf issue. (sunspider/date-format-totfe regressed; crbug.com/769706 ). However, my in-Chrome test of the same test [1] shows that there's virtually no perf difference. See https://goo.gl/GX1jt6 . This will introduce a new behavior on POSIX(-like) platforms. Timezone names inside parentheses after GMT offset will not be 3-4 letter abbreviation any longer. They'll be human-readable names in the current default locale. This matches the current Windows behavior. new Date(2017, 5, 22).toString() new Date(2017, 11, 22).toString() Current: Thu Jun 22 2017 00:00:00 GMT-0700 (PDT) Fri Dec 22 2017 00:00:00 GMT-0800 (PST) New: Thu Jun 22 2017 00:00:00 GMT-0700 (Pacific Daylight Time) Fri Dec 22 2017 00:00:00 GMT-0800 (Pacific Standard Time) This CL will be followed by https://chromium-review.googlesource.com/c/v8/v8/+/572148 to implement https://github.com/tc39/ecma262/pull/778 . [1] http://jungshik.github.io/v8/cr769706.html BUG=v8:6031, v8:2137, v8:6076, chromium:769706 TEST=mjsunit/icu-date-lord-howe.js, mjsunit/icu-date-to-string.js Change-Id: I22203670c3307a57fbf99e5f0a271dcbfbbef8fd Reviewed-on: https://chromium-review.googlesource.com/857333 Commit-Queue: Jungshik Shin <jshin@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#51791}
-
Deepti Gandluri authored
Bug:v8:6532 Change-Id: Ida865c9cc7c029cf070b24296f6ef7bb573b30c4 Reviewed-on: https://chromium-review.googlesource.com/947094Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Ben Smith <binji@chromium.org> Commit-Queue: Deepti Gandluri <gdeepti@chromium.org> Cr-Commit-Position: refs/heads/master@{#51790}
-
Marja Hölttä authored
The next CL will add an actual WeakFixedArray which contains in-place weak references. Also removes FLAG_trace_weak_arrays which is not super useful. BUG=v8:7308 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: I016880ecc66b03b406f7184b7f72ab514cb65428 Reviewed-on: https://chromium-review.googlesource.com/951730 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#51789}
-
Caitlin Potter authored
Just copies the StringConcat tests and refactors them to exercise template literals rather than simple string addition. BUG=v8:7415 R=rmcilroy@chromium.org Change-Id: I79cf24ee33e64b1d57221eb0291d9958634130ec Reviewed-on: https://chromium-review.googlesource.com/951968Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Caitlin Potter <caitp@igalia.com> Cr-Commit-Position: refs/heads/master@{#51788}
-
Ivica Bogosavljevic authored
Shrink number of instruction in ByteSwap macro for some cases. Allow that input and output registers can be the same. Extend test to cover all test cases. Change-Id: I7e0b86988fb73eed604751ffd89657cdff4abc3c Reviewed-on: https://chromium-review.googlesource.com/951726Reviewed-by: Sreten Kovacevic <sreten.kovacevic@mips.com> Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com> Cr-Commit-Position: refs/heads/master@{#51787}
-
Leszek Swirski authored
This was a shim for the non-I+TF codepath, which is now the only codepath (that still uses this tier-up mechanism anyway). There were a couple of places we were accidentally using it due to CompileLazy or deopts, so this also fixes those. Change-Id: I00a7fdf9fb5cf74844138dac62d01ceaaf192e17 Reviewed-on: https://chromium-review.googlesource.com/951490 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#51786}
-
Ilija Pavlovic authored
If test webkit/dfg-int-overflow-in-loop is executed with option --noopt, execution will be too slow on simulator. Therefore, this test will be skipped on MIPS64 simulators. TEST=webkit/dfg-int-overflow-in-loop BUG= Change-Id: I3d116fe579a5690c817a9a9d4e8a4bf8188298cc Reviewed-on: https://chromium-review.googlesource.com/951610 Commit-Queue: Ilija Pavlović <ilija.pavlovic@mips.com> Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#51785}
-
Benedikt Meurer authored
The register file of the JSGeneratorObject is normally filled with undefined in the beginning, except in TurboFan where we put the_hole there. In addition TurboFan used StoreElement to initialize the fields but then StoreField/LoadField to access them later, which can lead to aliasing bugs (currently not possible because our alias analysis is not smart enough). Bug: v8:7253 Change-Id: Idbff29d138946f110336b9bef0e1889e596d834c Reviewed-on: https://chromium-review.googlesource.com/952968Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#51784}
-
Yang Guo authored
We may get an empty handle passed to the side-effect check in places where we have not implemented the flag check yet. R=luoe@chromium.org Bug: v8:7515 Change-Id: I088b223c4e8cc3aa262bebe34458c2e95b30e347 Reviewed-on: https://chromium-review.googlesource.com/951768Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#51783}
-