- 07 Nov, 2016 26 commits
-
-
machenbach authored
Revert of [wasm] Indirect calls without function table cause validation errors. (patchset #3 id:40001 of https://codereview.chromium.org/2484623002/ ) Reason for revert: Speculative revert for blocking roll: https://codereview.chromium.org/2479233002/ Original issue's description: > [wasm] Indirect calls without function table cause validation errors. > > The spec defines that indirect calls in WebAssembly code should cause a > validation error if no function table exists. > > The CL contains the following changes: > 1) Throw a validation error for indirect calls if the function table > not exist. > 2) Do not create TF nodes to throw a runtime error for indirect calls > if the function table does not exist. > 3) Fix existing unit tests by creating a dummy function table. > 4) Add new a new test which tests that indirect calls without function > table cause a validation error. > > R=rossberg@chromium.org > CC=titzer@chromium.org > > TEST=unittests/AstDecoderTest.IndirectCallsWithoutTableCrash TBR=rossberg@chromium.org,titzer@chromium.org,ahaas@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true Review-Url: https://codereview.chromium.org/2479283002 Cr-Commit-Position: refs/heads/master@{#40811}
-
neis authored
The existing Load/StoreContextElement operations take the index as an int. This CL adds versions that take the index as a Node. These already existed in the interpreter-assembler, from which they are now removed. R=mstarzinger@chromium.org, rmcilroy@chromium.org BUG= Review-Url: https://codereview.chromium.org/2473003004 Cr-Commit-Position: refs/heads/master@{#40810}
-
verwaest authored
Otherwise we could in theory abort preparsing to the preparser and preparse again before aborting again... We shouldn't have this mess; so only set up mode_ in the parser in the first place. BUG= Review-Url: https://codereview.chromium.org/2479213002 Cr-Commit-Position: refs/heads/master@{#40809}
-
neis authored
This makes use of the newly introduced cell indices to speed up variable accesses. Imports and local exports are now directly stored in (separate) arrays. In the future, we may merge the two arrays into a single one, or even into the module context. This CL also replaces the LoadImport and LoadExport runtime functions with a single LoadVariable taking a variable index as argument (rather than a name). BUG=v8:1569 Review-Url: https://codereview.chromium.org/2465283004 Cr-Commit-Position: refs/heads/master@{#40808}
-
verwaest authored
BUG= Review-Url: https://codereview.chromium.org/2481743003 Cr-Commit-Position: refs/heads/master@{#40807}
-
jgruber authored
The revert somehow lost the contents of regress-2825.js. NOTRY=true NOPRESUBMIT=true NOTREECHECKS=true BUG=chromium:662928 Review URL: https://codereview.chromium.org/2483863002 . Cr-Commit-Position: refs/heads/master@{#40806}
-
jgruber authored
Revert of [debugger] Migrate more debugger tests to inspector (patchset #2 id:20001 of https://codereview.chromium.org/2480223002/ ) Reason for revert: http://build.chromium.org/p/client.v8/builders/V8%20Linux%20gcc%204.8/builds/9724 Original issue's description: > [debugger] Migrate more debugger tests to inspector > > This moves all tests currently working with the inspector debugger wrapper to > test/debugger. > > BUG=v8:5530 TBR=yangguo@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=v8:5530 Review-Url: https://codereview.chromium.org/2480283002 Cr-Commit-Position: refs/heads/master@{#40805}
-
jgruber authored
This moves all tests currently working with the inspector debugger wrapper to test/debugger. BUG=v8:5530 Review-Url: https://codereview.chromium.org/2480223002 Cr-Commit-Position: refs/heads/master@{#40804}
-
verwaest authored
This - removes the ParserRecorder base class, - devirtualizes the LogFunction and LogMessage functions, - reuses the SingletonLogger for all preparser calls In a subsequent step the preparser should probably log directly to the CompleteParserRecorder rather than indirectly through the singleton logger... BUG= Review-Url: https://codereview.chromium.org/2474393003 Cr-Commit-Position: refs/heads/master@{#40803}
-
ahaas authored
The spec defines that indirect calls in WebAssembly code should cause a validation error if no function table exists. The CL contains the following changes: 1) Throw a validation error for indirect calls if the function table not exist. 2) Do not create TF nodes to throw a runtime error for indirect calls if the function table does not exist. 3) Fix existing unit tests by creating a dummy function table. 4) Add new a new test which tests that indirect calls without function table cause a validation error. R=rossberg@chromium.org CC=titzer@chromium.org TEST=unittests/AstDecoderTest.IndirectCallsWithoutTableCrash Review-Url: https://codereview.chromium.org/2484623002 Cr-Commit-Position: refs/heads/master@{#40802}
-
ahaas authored
The maximum memory size is a user-defined upper limit for the size of the memory of a WebAssembly instance. The actual limit is the minimum of the user-defined limit and the V8 limit. With this CL we allow the user-defined limit to be greater than the V8 limit, which is required by the spec. R=titzer@chromium.org CC=gdeepti@chromium.org TEST=unittests/WasmModuleVerifyTest.MaxMaximumMemorySize Review-Url: https://codereview.chromium.org/2484643002 Cr-Commit-Position: refs/heads/master@{#40801}
-
jgruber authored
This CL adds further support to the test wrapper. We are now able to run almost all mjsunit/debug-step-* tests using the inspector backend. debug-stepframe-* tests are not yet supported since inspector does not know a 'frame' step type. The interface has also been improved to be able to move these tests to inspector mostly without modification. BUG=v8:5330 Review-Url: https://codereview.chromium.org/2466273005 Cr-Commit-Position: refs/heads/master@{#40800}
-
bmeurer authored
When we hit an unspported field store, only flush the state of potentially aliasing objects, but don't flush the full state table. R=jarin@chromium.org BUG=v8:5608 Review-Url: https://codereview.chromium.org/2476213002 Cr-Commit-Position: refs/heads/master@{#40799}
-
mlippautz authored
LiveObjectIterator sometimes runs concurrently to the main thread. In this scenarios we are not allowed to access memory of live objects in non-atomic ways. Use synchronized reads where needed. Correctness (already ok in current state): - Reading a larger size is fine per definition. - Reading a smaller size is fine since are guaranteed that one word fillers will follow. BUG=v8:5583 R=ulan@chromium.org,hpayer@chromium.org Review-Url: https://codereview.chromium.org/2477823003 Cr-Commit-Position: refs/heads/master@{#40798}
-
cbruni authored
Drive-by-fix 1: be more precise in machine representations for AllocateNameDictionary to make --turbo_verify_machine_graph happy. Drive-by-fix 2: Improve graph verifier output by printing input representation. BUG= Review-Url: https://codereview.chromium.org/2475913002 Cr-Commit-Position: refs/heads/master@{#40797}
-
cbruni authored
R=jkummerow@chromium.org BUG= Review-Url: https://codereview.chromium.org/2461993002 Cr-Commit-Position: refs/heads/master@{#40796}
-
neis authored
R=adamk@chromium.org BUG=v8:1569 Review-Url: https://codereview.chromium.org/2473993002 Cr-Commit-Position: refs/heads/master@{#40795}
-
jgruber authored
The test case did not test anything in its original form. Fix it and add documentation. BUG=v8:5339 Review-Url: https://codereview.chromium.org/2481733002 Cr-Commit-Position: refs/heads/master@{#40794}
-
yangguo authored
BUG=v8:5581 R=jgruber@chromium.org Review-Url: https://codereview.chromium.org/2469043003 Cr-Commit-Position: refs/heads/master@{#40793}
-
bmeurer authored
We need to rename the receiver on CheckHeapObject, because we don't canonicalize numbers in SignedSmall range, and thus we the representation selection can hand out TaggedSigned values for receiver uses, even though we checked for TaggedPointerness first. Note that this is rather hacky and just intended to fix the bug ASAP. We need to think about how to deal with representations in earlier compilation stages. BUG=chromium:662410 R=jarin@chromium.org Review-Url: https://codereview.chromium.org/2485563002 Cr-Commit-Position: refs/heads/master@{#40792}
-
ahaas authored
TBR=mtrofin@chromium.org NOTRY=true Review-Url: https://codereview.chromium.org/2481133002 Cr-Commit-Position: refs/heads/master@{#40791}
-
bmeurer authored
TBR=machenbach@chromium.org NOTRY=true Review-Url: https://codereview.chromium.org/2477303002 Cr-Commit-Position: refs/heads/master@{#40790}
-
yangguo authored
Using _exit on windows may cause race conditions in threads. BUG=chromium:603131 Review-Url: https://codereview.chromium.org/2478473003 Cr-Commit-Position: refs/heads/master@{#40789}
-
bmeurer authored
This adds support to track Float64 fields on 64-bit platforms, which is necessary to properly deal with unboxed double fields there. Drive-by-fix: Crash if we see Simd128 representation here. R=jarin@chromium.org BUG=v8:5608 Review-Url: https://codereview.chromium.org/2485543002 Cr-Commit-Position: refs/heads/master@{#40788}
-
bmeurer authored
In Crankshaft we unconditionally assume that accesses to arguments[i] will be in-bounds and don't take into account IC feedback that would eventually teach us about out-of-bounds accesses that have happened in the past, so there's no real guard to protect the bounds check in optimized code. TEST=mjsunit/compiler/deopt-arguments-oob R=jarin@chromium.org BUG=v8:5606 Review-Url: https://codereview.chromium.org/2481053002 Cr-Commit-Position: refs/heads/master@{#40787}
-
jing.bao authored
fix schedule viewing for text like 1756: HeapConstant[0x3ff62d29 <FixedArray[31]>] : HeapConstant(0x3ff62d29 <FixedArray[31]>) BUG= Review-Url: https://codereview.chromium.org/2471573007 Cr-Commit-Position: refs/heads/master@{#40786}
-
- 05 Nov, 2016 1 commit
-
-
machenbach authored
Revert of [Tracing] Use TracingCategoryObserver in gc statistics (patchset #5 id:100001 of https://codereview.chromium.org/2459903003/ ) Reason for revert: Speculative revert for blocking roll: https://codereview.chromium.org/2473003006/ E.g.: https://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_rel_ng/builds/331898 Original issue's description: > [Tracing] Use TracingCategoryObserver in gc statistics > > This patch is a follow-up patch to enable gc statistics to use > TracingCategoryObserver. > > Previously we need to pass --track_gc_object_stats to v8 if we want to enable > gc statistics in tracing. In this patch, we introducce an integer flag > FLAG_gc_stats, and FLAG_track_gc_object_stats and FLAG_trace_gc_object_stats > will set it to 0x01, tracing will set it to 0x10 when we start tracing and > reset the bit when we stop tracing. > > BUG=v8:5590 TBR=fmeawad@chromium.org,mlippautz@chromium.org,lpy@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=v8:5590 Review-Url: https://codereview.chromium.org/2477143002 Cr-Commit-Position: refs/heads/master@{#40785}
-
- 04 Nov, 2016 13 commits
-
-
kozyatinskiy authored
This roll includes: - [inspector_protocol] remove old style domains support - Add missing virtual destructor to backend callbacks. [2] [1] https://codereview.chromium.org/2479693002/ [2] https://codereview.chromium.org/2473393002/ BUG=none R=dgozman@chromium.org Review-Url: https://codereview.chromium.org/2478853002 Cr-Commit-Position: refs/heads/master@{#40784}
-
kozyatinskiy authored
This method iterates through all shared function info which are related to passed script, compiles debug code for SFI in range if needed and returns possible break locations. BUG=chromium:566801 CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_precise_blink_rel Review-Url: https://codereview.chromium.org/2465553003 Cr-Commit-Position: refs/heads/master@{#40783}
-
kozyatinskiy authored
BUG=none R=dgozman@chromium.org CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_precise_blink_rel Review-Url: https://codereview.chromium.org/2471583003 Cr-Commit-Position: refs/heads/master@{#40782}
-
vogelheim authored
BUG=chromium:662388 Review-Url: https://codereview.chromium.org/2468423008 Cr-Commit-Position: refs/heads/master@{#40781}
-
adamk authored
The flag has been on since at least Chrome 53. R=littledan@chromium.org Review-Url: https://codereview.chromium.org/2478883002 Cr-Commit-Position: refs/heads/master@{#40780}
-
littledan authored
R=adamk@chromium.org BUG=v8:4806 Review-Url: https://codereview.chromium.org/2475383003 Cr-Commit-Position: refs/heads/master@{#40779}
-
littledan authored
This patch fixes two bugs in V8 to allow the global object to have a frozen proto: - The immutable prototype map check is done on the map of the "real receiver", the one that's found after the hidden prototype traversal, rather than the object that SetPrototype is called on. - The immutable prototype bit from the ObjectTemplate used to instantiate the global object, as passed to Context::New, is respected when instantiating the global object. R=adamk BUG=v8:5149 Review-Url: https://codereview.chromium.org/2474843003 Cr-Commit-Position: refs/heads/master@{#40778}
-
lpy authored
This patch is a follow-up patch to enable gc statistics to use TracingCategoryObserver. Previously we need to pass --track_gc_object_stats to v8 if we want to enable gc statistics in tracing. In this patch, we introducce an integer flag FLAG_gc_stats, and FLAG_track_gc_object_stats and FLAG_trace_gc_object_stats will set it to 0x01, tracing will set it to 0x10 when we start tracing and reset the bit when we stop tracing. BUG=v8:5590 Review-Url: https://codereview.chromium.org/2459903003 Cr-Commit-Position: refs/heads/master@{#40777}
-
mstarzinger authored
This removes the deprecated flag in question which has been enabled by default a while ago. All components can by now deal with activations of a single function being mixed between Ignition and other compilers. The maintenance overhead to support a mode that clears bytecode is no longer warranted. R=rmcilroy@chromium.org BUG=v8:4280 Review-Url: https://codereview.chromium.org/2475203003 Cr-Commit-Position: refs/heads/master@{#40776}
-
jbroman authored
Compatible with the current (unshipped) Blink implementation. BUG=chromium:148757 Review-Url: https://codereview.chromium.org/2471923002 Cr-Commit-Position: refs/heads/master@{#40775}
-
ziyang authored
Port 9b308dca R=jarin@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, bjaideep@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com BUG= Review-Url: https://codereview.chromium.org/2470043006 Cr-Commit-Position: refs/heads/master@{#40774}
-
mstarzinger authored
R=jarin@chromium.org TEST=mjsunit/regress/regress-crbug-662367 BUG=chromium:662367 Review-Url: https://codereview.chromium.org/2472413002 Cr-Commit-Position: refs/heads/master@{#40773}
-
ivica.bogosavljevic authored
If a HeapObject field is 8 bytes long and 8 bytes aligned, but we use only four bytes of it on little endian architectures we will access to lower 4 bytes of the field using the same base address as accessing the whole eight bytes On big-endian architectures however we use base address to access the full 8 bytes, but base address + 4 to access to lower 4 bytes. For this reason, the assert in OffsetForFieldAccess fails on MIPS64 big endian. We fix the issue by removing the assert that checks that offset is pointer size aligned. TEST=mjsunit/regress/regress-crbug-648737 BUG= Review-Url: https://codereview.chromium.org/2453333002 Cr-Commit-Position: refs/heads/master@{#40772}
-