- 19 Dec, 2016 1 commit
-
-
jshin authored
Use FastAsciiConvert (as used by Unibrow) for i18n-aware case conversion with --icu_case_mapping. Move FastAsciiConvert to src/string-case.cc so that it can be used by both runtime-{string,i18n}. Add more tests. BUG=v8:4477,v8:4476 TEST=intl/general/case* Review-Url: https://codereview.chromium.org/2533983006 Cr-Commit-Position: refs/heads/master@{#41821}
-
- 16 Dec, 2016 1 commit
-
-
cbruni authored
Many websites use simple calls to String.prototype.indexOf with either a one character ASCII needle or needles bigger than the search string. This CL adds a TFJ builtin for these simple cases, giving up to factor 5 speedup. Drive-by-fix: Add default Object type to Arguments.at BUG= Review-Url: https://codereview.chromium.org/2539093002 Cr-Commit-Position: refs/heads/master@{#41760}
-
- 26 Oct, 2016 3 commits
-
-
bmeurer authored
For global object property cells, we did not check that the map on the previous object is still the same for which we actually optimized. So the optimized code was not in sync with the actual state of the property cell. When loading from such a global object property cell, Crankshaft optimizes away any map checks (based on the stable map assumption), leading to arbitrary memory access in the worst case. TurboFan has the same bug for stores, but is safe on loads because we do appropriate map checks there. However mixing TurboFan and Crankshaft still exposes the bug. R=yangguo@chromium.org BUG=chromium:659475 Review-Url: https://codereview.chromium.org/2444233004 Cr-Commit-Position: refs/heads/master@{#40592}
-
bmeurer authored
Revert of [compiler] Properly validate stable map assumption for globals. (patchset #3 id:40001 of https://codereview.chromium.org/2444233004/ ) Reason for revert: Breaks tree: http://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/8789 Original issue's description: > [compiler] Properly validate stable map assumption for globals. > > For global object property cells, we did not check that the map on the > previous object is still the same for which we actually optimized. So > the optimized code was not in sync with the actual state of the property > cell. When loading from such a global object property cell, Crankshaft > optimizes away any map checks (based on the stable map assumption), > leading to arbitrary memory access in the worst case. > > TurboFan has the same bug for stores, but is safe on loads because we > do appropriate map checks there. However mixing TurboFan and Crankshaft > still exposes the bug. > > R=yangguo@chromium.org > BUG=chromium:659475 TBR=yangguo@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=chromium:659475 Review-Url: https://codereview.chromium.org/2454513003 Cr-Commit-Position: refs/heads/master@{#40582}
-
bmeurer authored
For global object property cells, we did not check that the map on the previous object is still the same for which we actually optimized. So the optimized code was not in sync with the actual state of the property cell. When loading from such a global object property cell, Crankshaft optimizes away any map checks (based on the stable map assumption), leading to arbitrary memory access in the worst case. TurboFan has the same bug for stores, but is safe on loads because we do appropriate map checks there. However mixing TurboFan and Crankshaft still exposes the bug. R=yangguo@chromium.org BUG=chromium:659475 Review-Url: https://codereview.chromium.org/2444233004 Cr-Commit-Position: refs/heads/master@{#40578}
-
- 08 Aug, 2016 1 commit
-
-
mlippautz authored
BUG= Review-Url: https://codereview.chromium.org/2225013002 Cr-Commit-Position: refs/heads/master@{#38449}
-
- 14 Jul, 2016 1 commit
-
-
ritesht authored
[wasm] Adding feature to JIT a wasm function at runtime and hook up the compiled code into the indirect function table The runtime JIT function is passed in the function table to hook up the compiled code and the starting address of the memory to locate the bytes to be compiled. BUG=5044 Review-Url: https://codereview.chromium.org/2137993003 Cr-Commit-Position: refs/heads/master@{#37735}
-
- 13 Jul, 2016 1 commit
-
-
mstarzinger authored
This fully deprecates all uses of the RUNTIME_ASSERT macro and removes the macro and underlying logging function in question. All uses have been replaces with CHECK macros which crash safely even in production. It makes sure we discover abuse of runtime functions in the wild early and also abort the process safely. Breaking assumptions in any runtime function can no longer accidentally be caught by JavaScript. R=yangguo@chromium.org BUG=v8:5066 Review-Url: https://codereview.chromium.org/2132493002 Cr-Commit-Position: refs/heads/master@{#37704}
-
- 14 Jun, 2016 1 commit
-
-
cbruni authored
Reland of place all remaining Oddball checks with new function (patchset #1 id:1 of https://codereview.chromium.org/2060213002/ ) Reason for revert: Cannot reproduce gc-stress failures locally. Original issue's description: > Revert of Replace all remaining Oddball checks with new function (patchset #10 id:180001 of https://codereview.chromium.org/2043183003/ ) > > Reason for revert: > failing tests > > Original issue's description: > > Replace all remaining Oddball checks with new function > > > > This CL removes the IsUndefined() and Co. methods from Object and HeapObject. > > The new method all take the isolate as parameter. > > > > BUG= > > > > Committed: https://crrev.com/ccefb3ae5fe967288d568013fb04e8761eafebc5 > > Cr-Commit-Position: refs/heads/master@{#36921} > > TBR=mstarzinger@chromium.org,verwaest@chromium.org,yangguo@chromium.org,ahaas@chromium.org > # Skipping CQ checks because original CL landed less than 1 days ago. > NOPRESUBMIT=true > NOTREECHECKS=true > NOTRY=true > BUG= > > Committed: https://crrev.com/33b8bc24a12fb062100c0be84456faeb0b9fa5d1 > Cr-Commit-Position: refs/heads/master@{#36923} TBR=mstarzinger@chromium.org,verwaest@chromium.org,yangguo@chromium.org,ahaas@chromium.org BUG= Review-Url: https://codereview.chromium.org/2059173002 Cr-Commit-Position: refs/heads/master@{#36957}
-
- 13 Jun, 2016 2 commits
-
-
cbruni authored
Revert of Replace all remaining Oddball checks with new function (patchset #10 id:180001 of https://codereview.chromium.org/2043183003/ ) Reason for revert: failing tests Original issue's description: > Replace all remaining Oddball checks with new function > > This CL removes the IsUndefined() and Co. methods from Object and HeapObject. > The new method all take the isolate as parameter. > > BUG= > > Committed: https://crrev.com/ccefb3ae5fe967288d568013fb04e8761eafebc5 > Cr-Commit-Position: refs/heads/master@{#36921} TBR=mstarzinger@chromium.org,verwaest@chromium.org,yangguo@chromium.org,ahaas@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG= Review-Url: https://codereview.chromium.org/2060213002 Cr-Commit-Position: refs/heads/master@{#36923}
-
cbruni authored
This CL removes the IsUndefined() and Co. methods from Object and HeapObject. The new method all take the isolate as parameter. BUG= Review-Url: https://codereview.chromium.org/2043183003 Cr-Commit-Position: refs/heads/master@{#36921}
-
- 06 Jun, 2016 1 commit
-
-
mstarzinger authored
This removes the macro in question form the utility header. In the long run we want to convert all RUNTIME_ASSERTs to CHECKs, now that runtime functions are no longer fuzzed directly. This is just a first step. R=bmeurer@chromium.org BUG=v8:5066 Review-Url: https://codereview.chromium.org/2038013002 Cr-Commit-Position: refs/heads/master@{#36735}
-
- 01 Mar, 2016 1 commit
-
-
littledan authored
Runtime asserts are were previously a bit annoying to debug, due to the lack of a useful error message, even in debug mode. This patch prints out some more information in debug mode for runtime assert failures while preserving their exception-throwing semantics. While we're at it, it requires a semicolon after RUNTIME_ASSERT macro invocations. ``` $ rlwrap out/Debug/d8 --allow-natives-syntax V8 version 5.1.0 (candidate) d8> %ArrayBufferNeuter(1) # # Runtime error in ../../src/runtime/runtime-typedarray.cc, line 52 # # args[0]->IsJSArrayBuffer() ==== C stack trace =============================== 1: 0xf70ab5 2: 0xadeebf 3: 0xadedd4 4: 0x2ef17630693b (d8):1: illegal access %ArrayBufferNeuter(1) ^ d8> ``` Also give the other 'illegal access' case (a special SyntaxError type) a more descriptive error message for its sole usage. R=adamk Review URL: https://codereview.chromium.org/1748183002 Cr-Commit-Position: refs/heads/master@{#34401}
-
- 15 Jan, 2016 1 commit
-
-
rmcilroy authored
Adds a ForInPrepare Runtime function which returns a triple of cache_type, cache_array and cache_length. This requires adding support to CEntryStub to call runtime functions which return a ObjectTriple - a struct containing three Object* pointers. Also did some cleanup of the x64 CEntryStub to avoid replicated code. Replaces the interpreter's use of the ad-hock InterpreterForInPrepare Runtime function with ForInPrepare in preparation for fixing deopt in BytecodeGraphBuilder for ForIn (which will be done in a followup CL). MIPS port contributed by Balazs Kilvady <balazs.kilvady@imgtec.com>. BUG=v8:4280 LOG=N Review URL: https://codereview.chromium.org/1576093004 Cr-Commit-Position: refs/heads/master@{#33334}
-
- 30 Sep, 2015 1 commit
-
-
mstarzinger authored
This enables linter checking for "readability/namespace" violations during presubmit and instead marks the few known exceptions that we allow explicitly. R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/1371083003 Cr-Commit-Position: refs/heads/master@{#31019}
-
- 03 Jun, 2015 1 commit
-
-
binji authored
This is behind the flag "--harmony-atomics", and it only works on SharedArrayBuffers. This implementation only includes the runtime functions. The TurboFan implementation will be next. The draft spec for Atomics can be found here: https://docs.google.com/document/d/1NDGA_gZJ7M7w1Bh8S0AoDyEqwDdRh4uSoTPSNn77PFk BUG= LOG=n Review URL: https://codereview.chromium.org/1162503002 Cr-Commit-Position: refs/heads/master@{#28796}
-
- 01 Jun, 2015 1 commit
-
-
bmeurer authored
In a nutshell: The FILTER_KEY builtin is gone, and was replaced by a simple runtime call to ForInFilter, which does everything and is even cheaper (because FILTER_KEY used to call into the runtime anyway). And ForInFilter returns either the name or undefined, which makes it possible to remove the control flow construction from the AstGraphBuilder, and thereby make both the initialization and the per-loop code of for-in optimizable later (in typed lowering). R=jarin@chromium.org Review URL: https://codereview.chromium.org/1160983004 Cr-Commit-Position: refs/heads/master@{#28711}
-
- 04 Feb, 2015 2 commits
-
-
arv authored
Motivation: Cleanup BUG=None R=adamk LOG=N Review URL: https://codereview.chromium.org/897633003 Cr-Commit-Position: refs/heads/master@{#26440}
-
marja authored
This enables adding more language modes in the future. For maximum flexibility, LanguageMode is a bitmask, so we're not restricted to use a sequence of language modes which are progressively stricter, but we can express the language mode as combination of features. For now, LanguageMode can only be "sloppy" or "strict", and there are STATIC_ASSERTS in places which need to change when more modes are added. LanguageMode is a bit like the old LanguageMode when "extended" mode was still around (see https://codereview.chromium.org/8417035 and https://codereview.chromium.org/181543002 ) except that it's transmitted through all the layers (there's no StrictModeFlag). BUG= Review URL: https://codereview.chromium.org/894683003 Cr-Commit-Position: refs/heads/master@{#26419}
-
- 20 Oct, 2014 1 commit
-
-
yangguo@chromium.org authored
R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/662413002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24736 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
- 30 Sep, 2014 1 commit
-
-
yangguo@chromium.org authored
R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/612023002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24307 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-
- 25 Sep, 2014 1 commit
-
-
yangguo@chromium.org authored
R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/597943003 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24202 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
-