- 08 Sep, 2017 5 commits
-
-
Benedikt Meurer authored
Add support to the JSCallReducer to recognize JSConstruct nodes where the target is the Object constructor, and reduce them to JSCreate nodes if either (a) no value is passed to the Object constructor, or (b) the target and new.target are definitely not identical, by checking whether both target and new.target are different HeapConstants (if they are not, then the JSCreateLowering will not be able to do a lot with the JSCreate anyways). This should cover the relevant cases for subclassing appropriately. It fixes the 3-4x slowdown on the micro-benchmark mentioned in the linked bug, baseNoExtends: 752 ms. baseExtendsObject: 752 ms. baseExtendsViaFactory: 751 ms. and thus removes the performance cliff. R=jarin@chromium.org Bug: v8:6801 Change-Id: Id265fd1399302a67b5790a6d0156679920c58bdd Reviewed-on: https://chromium-review.googlesource.com/657019Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#47913}
-
Michael Hablich authored
This reverts commit 9c0471b3. Reason for revert: blocks roll https://chromium-review.googlesource.com/c/chromium/src/+/656897 Original change's description: > Add V8_ENABLE_CHECKS define to public config > > We should add this define to external_config because it is used in > public include v8.h (e.g.: https://cs.chromium.org/chromium/src/v8/include/v8.h?l=272&rcl=5cd6565d5ad06a8cb5a1d9d502d15a54e4fa5bbe) > > Change-Id: I795a3de448029e34033cf8f83094bdea3590bbb9 > Reviewed-on: https://chromium-review.googlesource.com/654876 > Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> > Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> > Cr-Commit-Position: refs/heads/master@{#47901} TBR=gsathya@chromium.org,atimoxin@yandex-team.ru Change-Id: I8265f78a9ab260b719226843afd649245e72434f No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/657157Reviewed-by: Michael Hablich <hablich@chromium.org> Commit-Queue: Michael Hablich <hablich@chromium.org> Cr-Commit-Position: refs/heads/master@{#47912}
-
Yang Guo authored
R=mstarzinger@chromium.org Change-Id: I6cb9d9b7b82ce05299bb6088b187e91c4fa2ca0f Reviewed-on: https://chromium-review.googlesource.com/649750 Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#47911}
-
Aseem Garg authored
This is revert of commit aee1e1fb with the fix for A1 and N6 jetstream failure. R=bradnelson@chromium.org,mtrofin@chromium.org,clemensh@chromium.org Bug: chromium:750828 Change-Id: Id38896af51315f76a0667ace32c77a2ba7287eec Reviewed-on: https://chromium-review.googlesource.com/607092 Commit-Queue: Mircea Trofin <mtrofin@chromium.org> Reviewed-by: Mircea Trofin <mtrofin@chromium.org> Reviewed-by: Brad Nelson <bradnelson@chromium.org> Cr-Commit-Position: refs/heads/master@{#47910}
-
Mircea Trofin authored
The previous design assumed we can't possibly have a cycle involving an instance, however, we can. For example: a script can reference an instance, which ends up referencing the native context because of how we generate wasm-to-js wrappers; that references the global object, which then references the script. A global handle to the indirect function table can then root such a cycle. That means the instance is never collected, which never deletes the global handle. This change addresses that by making the handles weak. Bug: Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel Change-Id: Ief7263af83974bf96505a4fba65d162474fe7c7c Reviewed-on: https://chromium-review.googlesource.com/653852 Commit-Queue: Mircea Trofin <mtrofin@chromium.org> Reviewed-by: Brad Nelson <bradnelson@chromium.org> Reviewed-by: Aseem Garg <aseemgarg@chromium.org> Cr-Commit-Position: refs/heads/master@{#47909}
-
- 07 Sep, 2017 35 commits
-
-
Jaideep Bajwa authored
Port e67420cb Original Commit Message: There are two main reasons to move DeserializeLazy to ASM: 1. We avoid complications around the distinction between Call/Construct cases by making sure relevant registers (e.g. new_target) remain unclobbered. 2. We can avoid the tail-call through CodeFactory::Call/Construct by jumping directly to the deserialized code object. R=jgruber@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG=v8:6624 LOG=N Change-Id: Idd9f1fd967d64e952f48e5b35d2d4b49a9c28007 Reviewed-on: https://chromium-review.googlesource.com/656502Reviewed-by: Junliang Yan <jyan@ca.ibm.com> Commit-Queue: Jaideep Bajwa <bjaideep@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#47908}
-
Jaideep Bajwa authored
This issue was exposed with this CL https://chromium-review.googlesource.com/c/v8/v8/+/654257 R=joransiu@ca.ibm.com, jyan@ca.ibm.com BUG= LOG=N Change-Id: I216bfc8079bf62a58f8e6c20d4ac9d22bc445b51 Reviewed-on: https://chromium-review.googlesource.com/656306Reviewed-by: Junliang Yan <jyan@ca.ibm.com> Commit-Queue: Jaideep Bajwa <bjaideep@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#47907}
-
Sathya Gunasekaran authored
This is a reland of a2ed0514 Original change's description: > [debug] Add test for promise finally > > As of v8:6536, we no longer have to mark builtins explicitly. > > Also remove test whitelist for promise finally > builtins. > > Bug: v8:6088, v8:5967 > Change-Id: I7f98dfe7708678653e944ac76ba9938205490b16 > Reviewed-on: https://chromium-review.googlesource.com/654067 > Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/master@{#47896} TBR=jgruber@chromium.org Bug: v8:6088, v8:5967 Change-Id: I25a1820e04596a44769fc8ded80678f3663bbcd5 Reviewed-on: https://chromium-review.googlesource.com/655740Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#47906}
-
Marja Hölttä authored
When the bailout triggered, we assumed we're generating data (i.e., we're inside a non-arrow function). This is not true; it's possible that we're already inside an arrow function and not generating data anyway. BUG=v8:5516,chromium:761980 Change-Id: Iad9c8dde283031630953ef9a46c1e68bc0cee048 Reviewed-on: https://chromium-review.googlesource.com/655081Reviewed-by: Adam Klein <adamk@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#47905}
-
Adam Klein authored
Tracking labels for most of these statements made no difference: only try-statements require the special treatment of being wrapped in a block. The previous code existed to support strong mode, which is long gone. This also results in a tiny regression of the error message for a labelled `continue` statement targeting itself, but I'm not convinced that anyone would ever intend to label a continue statement (and Chakra and SpiderMonkey give similarly inaccurate error messages for this case). This is effectively a revert of d8bccfe9. Bug: v8:6092 Change-Id: I25b62e10f6a20597e9686f08df76ba9724249618 Reviewed-on: https://chromium-review.googlesource.com/653380Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#47904}
-
Junliang Yan authored
R=bjaideep@ca.ibm.com, joransiu@ca.ibm.com Bug: Change-Id: I83d3c7c2a318eb6c1c4025603b01e894f196bac6 Reviewed-on: https://chromium-review.googlesource.com/655131 Commit-Queue: Junliang Yan <jyan@ca.ibm.com> Reviewed-by: Jaideep Bajwa <bjaideep@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#47903}
-
Adam Klein authored
This is in preparation for BigInt, since for BigInt operands the desugared operations will no longer be equivalent. Future CLs can move the handling of these operations further down the pipeline; this is merely a start to get the Parser out of this business. Bug: v8:6791 Change-Id: I9df89e03d3ca2bf627c75fc5efb10463c3ed8cf9 Reviewed-on: https://chromium-review.googlesource.com/653433 Commit-Queue: Adam Klein <adamk@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#47902}
-
Alexander Timokhin authored
We should add this define to external_config because it is used in public include v8.h (e.g.: https://cs.chromium.org/chromium/src/v8/include/v8.h?l=272&rcl=5cd6565d5ad06a8cb5a1d9d502d15a54e4fa5bbe) Change-Id: I795a3de448029e34033cf8f83094bdea3590bbb9 Reviewed-on: https://chromium-review.googlesource.com/654876Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#47901}
-
Sathya Gunasekaran authored
This reverts commit da6aab43. Reason for revert: breaks ARM https://build.chromium.org/p/client.v8.ports/builders/V8%20Arm%20-%20debug/builds/4376 Original change's description: > [snapshot] Temporarily enable --lazy-deserialization > > Flip the flag for one day to determine impact and flush out bugs. > Please add crashes and regressions to https://crbug.com/v8/6796. > > Bug: v8:6624,v8:6796 > Change-Id: I8b0581c40d956e01f94e9098ff935fdd5af36156 > Reviewed-on: https://chromium-review.googlesource.com/651408 > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Yang Guo <yangguo@chromium.org> > Reviewed-by: Michael Hablich <hablich@chromium.org> > Cr-Commit-Position: refs/heads/master@{#47893} TBR=yangguo@chromium.org,hablich@chromium.org,jgruber@chromium.org Change-Id: I65efccb4696777a3dae30984991e29d023236b12 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:6624, v8:6796 Reviewed-on: https://chromium-review.googlesource.com/655897Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#47900}
-
Deepti Gandluri authored
This reverts commit a2ed0514. Reason for revert: Breaks ARM debug - https://build.chromium.org/p/client.v8.ports/builders/V8%20Arm%20-%20debug/builds/4377 Original change's description: > [debug] Add test for promise finally > > As of v8:6536, we no longer have to mark builtins explicitly. > > Also remove test whitelist for promise finally > builtins. > > Bug: v8:6088, v8:5967 > Change-Id: I7f98dfe7708678653e944ac76ba9938205490b16 > Reviewed-on: https://chromium-review.googlesource.com/654067 > Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/master@{#47896} TBR=gsathya@chromium.org,jgruber@chromium.org Change-Id: I2c064671a7650c3c97840e20dfdad4d6343ed0a4 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:6088, v8:5967 Reviewed-on: https://chromium-review.googlesource.com/655737Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Commit-Queue: Deepti Gandluri <gdeepti@chromium.org> Cr-Commit-Position: refs/heads/master@{#47899}
-
Sathya Gunasekaran authored
The spec calls out to Promise.prototype.then and also passes around the constructor of the receiver to Promise.prototype.finally. Adds a new constructor slot to PromiseFinallyContext enum and this is used to create a new promise in the thenFinally/catchFinally callbacks. Created a new PromiseResolve TFS builtin refactored from the existing PromiseResolve builtin. PromiseResolveWrapper calls out to this TFS Builtin and is now exposed as Promise.resolve. The thenFinally and catchFinally callbacks also call out to the PromiseResolve TFS builtin. Spec -- https://tc39.github.io/proposal-promise-finally/ Bug: v8:5967 Change-Id: I2ce89f14d3b149619d11e424b6e37062e466c4d5 Reviewed-on: https://chromium-review.googlesource.com/652026Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#47898}
-
Benedikt Meurer authored
Bug: v8:6772 Tbr: jarin@chromium.org Change-Id: I48b21fbdec42d4b1c10800913f7fa222a5509a8d Reviewed-on: https://chromium-review.googlesource.com/654873Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#47897}
-
Sathya Gunasekaran authored
As of v8:6536, we no longer have to mark builtins explicitly. Also remove test whitelist for promise finally builtins. Bug: v8:6088, v8:5967 Change-Id: I7f98dfe7708678653e944ac76ba9938205490b16 Reviewed-on: https://chromium-review.googlesource.com/654067 Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#47896}
-
Alexey Kozyatinskiy authored
Runtime.CallFrame has url already. It allows to show stack traces on pause without tacking all parsed scripts. R=alph@chromium.org,pfeldman@chromium.org Bug: chromium:762982 Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel Change-Id: Ic4f096ade1cb6c9de42fec77280dcc3007c6a5cf Reviewed-on: https://chromium-review.googlesource.com/648068 Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> Reviewed-by: Pavel Feldman <pfeldman@chromium.org> Cr-Commit-Position: refs/heads/master@{#47895}
-
Mostyn Bramley-Moore authored
Bug: chromium:746958 Change-Id: I18593669e8a8bb622b575258441d4933ad98ec3e Reviewed-on: https://chromium-review.googlesource.com/654871Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Mostyn Bramley-Moore <mostynb@opera.com> Cr-Commit-Position: refs/heads/master@{#47894}
-
Jakob Gruber authored
Flip the flag for one day to determine impact and flush out bugs. Please add crashes and regressions to https://crbug.com/v8/6796. Bug: v8:6624,v8:6796 Change-Id: I8b0581c40d956e01f94e9098ff935fdd5af36156 Reviewed-on: https://chromium-review.googlesource.com/651408 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Michael Hablich <hablich@chromium.org> Cr-Commit-Position: refs/heads/master@{#47893}
-
Michael Starzinger authored
R=marja@chromium.org Change-Id: I7e1b471c425a28d77100ce3cda34511393b31365 Reviewed-on: https://chromium-review.googlesource.com/654901Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#47892}
-
jgruber authored
TBR=yangguo@chromium.org,verwaest@chromium.org Bug: v8:6624,v8:6787 Change-Id: I6fbad17cb2e9d6238b84fc96a518e545a7156769 Reviewed-on: https://chromium-review.googlesource.com/655168 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#47891}
-
Peter Marshall authored
Bug: v8:6333 Change-Id: Ibc704172ebc796977b8d8cfae6976666d186f12c Reviewed-on: https://chromium-review.googlesource.com/652450 Commit-Queue: Peter Marshall <petermarshall@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#47890}
-
Clemens Hammacher authored
Use operator== and operator!= instead. Implemented for x64, ia32, arm, arm64, mips and mips64. R=mstarzinger@chromium.org,ishell@chromium.org,jgruber@chromium.org Change-Id: Iad0f03f7f442709dcaa12d6a49a8bc4b03b9cdae Reviewed-on: https://chromium-review.googlesource.com/654857 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#47889}
-
Toon Verwaest authored
This speeds up the baseline performance of Object by 20%. With this change, the callViaObject when run with --noopt goes from 10718ms to 8577ms on the benchmark from: http://benediktmeurer.de/2017/08/31/object-constructor-calls-in-webpack-bundles Bug: v8:6772 Change-Id: Id0e54ba44204a1700885185ec360e1c56834fb73 Reviewed-on: https://chromium-review.googlesource.com/654900Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#47888}
-
jgruber authored
Lazy deserialization requires a fully set-up isolate (in particular, we need Isolate::snapshot_blob). This CL disables lazy deserialization in affected tests. This should be fixed at some point by setting up the isolate as needed. Bug: v8:6624 Change-Id: I94f792d9dcc8a3ba2d91fdeadd9e04ebb0bb50cf Reviewed-on: https://chromium-review.googlesource.com/655162Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#47887}
-
Yang Guo authored
R=caseq@chromium.org Change-Id: Ie7d8e2eb1452758895f47c749cd7f1ea9b565301 Reviewed-on: https://chromium-review.googlesource.com/654038Reviewed-by: Franziska Hinkelmann <franzih@chromium.org> Commit-Queue: Franziska Hinkelmann <franzih@chromium.org> Cr-Commit-Position: refs/heads/master@{#47886}
-
jgruber authored
When setting up an isolate for serialization, we need to disable lazy deserialization to avoid replacing lazy builtins with DeserializeLazy. Bug: v8:6624 Change-Id: I3e10e262f6dd856f92fd83e5e475127e8ca3f3bf Reviewed-on: https://chromium-review.googlesource.com/655161Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#47885}
-
Peter Marshall authored
This is a reland of 9b35364c Original change's description: > [cleanup] Replace more instances of List with std::vector. > > Bug: v8:6333 > Change-Id: Ic1956d3dcfc0309fe2b65344e5af7235d5b804a2 > Reviewed-on: https://chromium-review.googlesource.com/651413 > Reviewed-by: Georg Neis <neis@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Commit-Queue: Peter Marshall <petermarshall@chromium.org> > Cr-Commit-Position: refs/heads/master@{#47854} Bug: v8:6333 Change-Id: I5d9482b061f26b57550a421ea4099372dc80767f Reviewed-on: https://chromium-review.googlesource.com/654898Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#47884}
-
jgruber authored
debug::GetBuiltin creates a new JSFunction and constructs a new SFI at runtime. Ensure that this SFI has the correct builtin_id set. Bug: v8:6624,v8:6788 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: I25da2ad5e69478f81042d3e3bf7e7e2644e7050d Reviewed-on: https://chromium-review.googlesource.com/654643Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#47883}
-
Michael Starzinger authored
R=clemensh@chromium.org Change-Id: If0b4aed4e5770702b36e3e1a34189a1b18a9cf17 Reviewed-on: https://chromium-review.googlesource.com/631837Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#47882}
-
jgruber authored
The optimizer produces direct calls to these builtins. Lazy deserialization depends on the existance of a shared function info, so these need to be blacklisted for now. Bug: v8:6624,v8:6786 Change-Id: I69e766d327338d333a9a8e6ba9a394aad5f06f01 Reviewed-on: https://chromium-review.googlesource.com/655160Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#47881}
-
Michael Starzinger authored
This finally allows to include the factory.h header without having to also inlcude the object-inl.h inline header. It will in turn enable the removal of the last inline header inclusion violation. R=marja@chromium.org Change-Id: Ice2821e1f74cf428d80c8ebf606a218026f37677 Reviewed-on: https://chromium-review.googlesource.com/654862Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#47880}
-
jgruber authored
kNextChunk handling in deserializer.cc relies on the reservation mechanism, which is not used by builtin deserialization. To avoid complications, we work around this for now by skipping over these bytecodes. This will soon become unnecessary once allocations & reservations have been refactored. Bug: v8:6624 Change-Id: I9e861268ee2b3f49fe7f3ed6c1e3501b4b47dc37 Reviewed-on: https://chromium-review.googlesource.com/655158Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#47879}
-
jgruber authored
With lazy deserialization, the target code object may have been replaced by DeserializeLazy. In that case, we can get the target builtin id from the shared function info, and we need to skip RelocInfo iteration (it doesn't exist yet). Bug: v8:6624 Change-Id: I765b74de313e65bfdf0122f13535029994fc0de1 Reviewed-on: https://chromium-review.googlesource.com/655159Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#47878}
-
Marja Hölttä authored
What happened: - When rewriting in DoParseFunction, the relevant function scope is no longer in the scope stack. - The correct scope is given to the PatternRewriter. - PatternRewriter called to Parser::BuildIteratorCloseForCompletion. - BuildIteratorCloseForCompletion would just call NewTemporary (which creates a new temporary in Parser's current scope) instead of using the scope passed to it and calling NewTemporary on it. - Normally this went unnoticed, since it doesn't matter that much where the temporary is. - But in the lazy arrow func case, the Parser's scope at that point was the already-resolved outer scope, and a DCHECK detected this problem. Kudos & thanks to verwaest@ for a debugging session :) BUG=chromium:761831 Change-Id: I1e8474ce927be0330f4ba4efc0fc08fdcc328809 Reviewed-on: https://chromium-review.googlesource.com/650297 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#47877}
-
jgruber authored
There are two main reasons to move DeserializeLazy to ASM: 1. We avoid complications around the distinction between Call/Construct cases by making sure relevant registers (e.g. new_target) remain unclobbered. 2. We can avoid the tail-call through CodeFactory::Call/Construct by jumping directly to the deserialized code object. Bug: v8:6624 Change-Id: Idef8fa73d804e16d510f62766c735d1891729b81 Reviewed-on: https://chromium-review.googlesource.com/652472Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#47876}
-
Juliana Franco authored
Given that we no longer need to iterate over lists of optimized JS functions (c.f. https://chromium-review.googlesource.com/c/v8/v8/+/647596), we can remove this field. Thus saving the size of one pointer per function. Bug: v8:6637 Change-Id: If77951f2eddba33ba350fa9ddf03a4edb3f7c7d8 Reviewed-on: https://chromium-review.googlesource.com/652373Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Juliana Patricia Vicente Franco <jupvfranco@google.com> Cr-Commit-Position: refs/heads/master@{#47875}
-
Andreas Haas authored
The wasm-async fuzzer uses the bytes provided by the fuzzer engine directly as wasm module bytes, compiles them with async compilation, and then tries to execute the "main" function of the module. This "main" can have an infinite loop which causes a timeout in the fuzzer. With this CL the "main" function is first executed with the interpreter. If the execution in the interpreter finishes within 16k steps, which means that there is no infinite loop, also the compiled code is executed. I added the raw fuzzer input as a test case because in this case I really want to test the fuzzer and not V8. R=clemensh@chromium.org Bug: chromium:761784 Change-Id: Id1fe5da0da8670ec821ab9979fdb9454dbde1162 Reviewed-on: https://chromium-review.googlesource.com/651046 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#47874}
-