- 01 Sep, 2017 13 commits
-
-
Michael Lippautz authored
Bug: Change-Id: Ic14afce939f0c65cddbbb917538b3d7cd443546e Reviewed-on: https://chromium-review.googlesource.com/646022Reviewed-by:
Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#47766}
-
Clemens Hammacher authored
After the FallThruTo in kExprEnd, the current block {c} is never unreachable. Hence, the check for {c->unreachable} afterwards can be removed. In the loop case, the {TypeCheckFallThru} already adds entries for non-existing values to the stack, so no need to {PushEndValues}. Also, add more tests for the loop case. R=titzer@chromium.org Change-Id: I8737affaeed2ea663bd6ddafa36532ca9a7379bb Reviewed-on: https://chromium-review.googlesource.com/645859Reviewed-by:Ben Titzer <titzer@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#47765}
-
Benedikt Meurer authored
This reverts commit a9f517e2. Reason for revert: Makes array sort flaky? https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20-%20debug/builds/17894/steps/OptimizeForSize%20%28flakes%29/logs/array-sort Original change's description: > [builtins] Port Proxy set trap to CSA > > Bug: v8:6560, v8:6557 > Change-Id: I329794607e8de324fc696652555aaaeafcf519ec > Reviewed-on: https://chromium-review.googlesource.com/625940 > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Commit-Queue: Maya Lekova <mslekova@google.com> > Cr-Commit-Position: refs/heads/master@{#47760} TBR=neis@chromium.org,franzih@chromium.org,ishell@chromium.org,bmeurer@chromium.org,mslekova@google.com Change-Id: Ibebf5e694945e59bd2808841108e6686af51efaf No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:6560, v8:6557 Reviewed-on: https://chromium-review.googlesource.com/646169Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#47764}
-
Jaroslav Sevcik authored
This helps with patterns such as ((a[i] + n) + m) | 0 where we know n and m are small integers, and a[i] is a holey smi array where we have never read a hole so far. In that case, we still perform the additions with overflow checks since we currently only propagate/use the truncation if the operation outcome is in the safe-integer range (without taking feedback into account). The problem here is that both 'n + a[i]' and '(n + a[i]) + m' have type Union(Range(..., ...), NaN), even though the NaN will never pass the Smi check on a[i]. This CL changes restricts the static type of SpeculativeSafeInteger(Add|Subtract) to the safe integer range. This is safe because we will always either truncate or use the feedback (i.e., deopt if the inputs are not Signed32). In either case, the result will always be in safe-integer range. As a result, we will perform the second addition without overflow check. Getting rid of the overflow check on the first is done in a separate CL. Bug: v8:5267,v8:6764 Change-Id: I27dba0fda832fc1f04477db6dd3495d5b4b2bd0b Reviewed-on: https://chromium-review.googlesource.com/634903 Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by:
-
Jaroslav Sevcik authored
Bug: v8:5267 Change-Id: Iea44ba7ee6ba09580176936e6157d63c53d06446 Reviewed-on: https://chromium-review.googlesource.com/646021 Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
-
Michael Starzinger authored
This adds support for lowering {JSCreateArguments} within outermost frames of type {CreateArgumentsType::kMappedArguments}. It will hence enable escape analysis to work with such objects and allow for further optimization. This also adds a new {NewMappedArgumentsElements} simplfied operator. Note that escape analysis support for this new operator will be done as a follow-up. R=tebbi@chromium.org Change-Id: I0e2fac25c654f796433f57b116964053b6b68635 Reviewed-on: https://chromium-review.googlesource.com/641454 Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by:Yang Guo <yangguo@chromium.org> Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#47761}
-
Maya Lekova authored
Bug: v8:6560, v8:6557 Change-Id: I329794607e8de324fc696652555aaaeafcf519ec Reviewed-on: https://chromium-review.googlesource.com/625940Reviewed-by:
Igor Sheludko <ishell@chromium.org> Commit-Queue: Maya Lekova <mslekova@google.com> Cr-Commit-Position: refs/heads/master@{#47760}
-
Michael Lippautz authored
Bug: Change-Id: Icfd75c2b0f7d127ae5902e9e0f9bdfd8b9b127e5 Reviewed-on: https://chromium-review.googlesource.com/645989Reviewed-by:
-
Michael Starzinger authored
R=jkummerow@chromium.org Change-Id: I8937933e9ec5b4bd150f5a044700716db458f365 Reviewed-on: https://chromium-review.googlesource.com/645691Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#47758}
-
jgruber authored
This adds an initial implementation of the DeserializeLazy builtin and runtime function, as well as --lazy-deserialization and --trace-lazy-deserialization feature flags. Since lazy deserialization itself isn't implemented yet, DeserializeLazy simply replaces itself with the appropriate builtin. The builtin_id is loaded from the SFI, and the builtin itself is loaded from the Builtins table. Bug: v8:6624 Change-Id: I4ef8c3030a8cda19a086b8e569a24d97213b5ed8 Reviewed-on: https://chromium-review.googlesource.com/643289Reviewed-by:
-
Franziska Hinkelmann authored
Bug: v8:6704 Change-Id: I77388b91061f934943a707a645080dfdcf481836 Reviewed-on: https://chromium-review.googlesource.com/645951Reviewed-by:
-
Juliana Franco authored
Simple example with exception handling and deoptimization. BUG=v8:6563 Change-Id: I0a82b72e10f12355b2eb351fde3c1be84455da66 Reviewed-on: https://chromium-review.googlesource.com/645854 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
-
Jaideep Bajwa authored
R=joransiu@ca.ibm.com, jyan@ca.ibm.com BUG= LOG=N Change-Id: I73498982db3f247dfd88702b498e882e2a1ef508 Reviewed-on: https://chromium-review.googlesource.com/646711 Commit-Queue: Junliang Yan <jyan@ca.ibm.com> Reviewed-by:
Junliang Yan <jyan@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#47754}
-
- 31 Aug, 2017 27 commits
-
-
Jakob Kummerow authored
To get a proper performance baseline after fixing the perf tests in https://chromium-review.googlesource.com/c/v8/v8/+/639396. This is intended to be reverted after a couple of hours. Change-Id: If36e4bfa5bd113599652f5c2016f886533af2746 Reviewed-on: https://chromium-review.googlesource.com/639057Reviewed-by:
Adam Klein <adamk@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#47753}
-
Adam Klein authored
Tbr: jkummerow@chromium.org Bug: v8:6408 Change-Id: I23c420c5b88bcee06e381f27eb7fe59976d3bba6 Reviewed-on: https://chromium-review.googlesource.com/644716 Commit-Queue: Adam Klein <adamk@chromium.org> Reviewed-by:
-
Adam Klein authored
This makes several changes to SwitchStatement handling: - Store the CaseClause list inline (as it's always allocated) - Only rewrite with additional blocks if the Block Scope for the switch statement isn't empty - Use Parser::IgnoreCompletion() instead of inserting an additional `undefined` ExpressionStatement Bug: v8:6092 Change-Id: Ib08d0ba851dd8e78b3dc74782b8e554541e79182 Reviewed-on: https://chromium-review.googlesource.com/644176Reviewed-by:Marja Hölttä <marja@chromium.org> Commit-Queue: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#47751}
-
Franziska Hinkelmann authored
Change-Id: Ibfc5dcd012073f9e3e3b000a90eab706b29189d8 Reviewed-on: https://chromium-review.googlesource.com/646329 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
-
Alexei Filippov authored
Ensure that RuntimeCallStats::Enter is paired with Leave when FLAG_runtime_stats changes in flight. BUG=chromium:669329 Change-Id: I4da7edf88990fdebd7d05325a09cfca0702cfe5a Reviewed-on: https://chromium-review.googlesource.com/643472Reviewed-by:
Camillo Bruni <cbruni@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Alexei Filippov <alph@chromium.org> Cr-Commit-Position: refs/heads/master@{#47749}
-
Benedikt Meurer authored
Since fullcodegen was removed, all baseline code runs in Ignition now, so the code_is_interpreted parameter to FeedbackVector::ComputeCounts is no longer needed. Bug: v8:6409 Change-Id: I27842a4978079f8166f22db6c695b352a38e1d87 Reviewed-on: https://chromium-review.googlesource.com/646106Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#47748}
-
Clemens Hammacher authored
... for AbstractValue and AbstractControl. This allows to access the fields directly instead of via {interface_data}, and hence makes the code more readable. Also, it makes AbstractValue and AbstractControl non-templates. They are also renamed to ValueBase and ControlBase. Unfortunately, it requires the introduction of new templates ValueWithNamedConstructors and ControlWithNamedConstructors, in order to provide correctly typed named constructors (we cannot define implicit conversion from {Value,Control}Base to a subtype because of our style guide, checked by a presubmit check). R=titzer@chromium.org Bug: v8:6600 Change-Id: Icb7796d040afbf92309333a03d4286fc782f8d1b Reviewed-on: https://chromium-review.googlesource.com/643392Reviewed-by: -
Jaroslav Sevcik authored
We emitted rotation by 24 bits with bitwise and, but that is wrong because the low 8 bits can wrap around and "leak" into the result. Bug: chromium:739902 Change-Id: Id49251e89405afb1581b8c60cde808c2d8bf693d Reviewed-on: https://chromium-review.googlesource.com/645848Reviewed-by:
Martyn Capewell <martyn.capewell@arm.com> Reviewed-by:
-
Yang Guo authored
R=jgruber@chromium.org Bug: v8:6774 Change-Id: Ie87306e9d6cc1574f8e1cc9dde38853eda07fd09 Reviewed-on: https://chromium-review.googlesource.com/645127 Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#47745}
-
Clemens Hammacher authored
This violated the style guide, and caused problems for jumbo builds. R=titzer@chromium.org CC=mostynb@opera.com Bug: chromium:746958 Change-Id: Iaa75d444f5b5f595c54058de14b394119390921c Reviewed-on: https://chromium-review.googlesource.com/645529 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by:
-
Clemens Hammacher authored
They violate the style guide, and cause problems for jumbo builds. This CL removes all occurrences in src/wasm except for the file wasm-objects.cc, which is a bit more involved and will be fixed in a separate CL. R=titzer@chromium.org CC=mostynb@opera.com Bug: chromium:746958 Change-Id: If5d9c03e0d6fa364e1d21feda49773468a48fba6 Reviewed-on: https://chromium-review.googlesource.com/645707 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by:
-
Michael Lippautz authored
Except registration all calls should be dominated by actual visiation and/or copying. Bug: Change-Id: Iccc58253d627ecf4b4525de5824f76c048c35150 Reviewed-on: https://chromium-review.googlesource.com/645128Reviewed-by:
-
Michael Starzinger authored
R=leszeks@chromium.org Change-Id: Iae67b6b81459304192c81b1367a11fba076c7512 Reviewed-on: https://chromium-review.googlesource.com/645630Reviewed-by:
-
Michael Hablich authored
TBR=machenbach@chromium.org NOTRY=true Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: I59e5a30a469fa1a397ef55d2bc2bce550c5eed2f Reviewed-on: https://chromium-review.googlesource.com/645706 Commit-Queue: Michael Hablich <hablich@chromium.org> Reviewed-by:
Michael Hablich <hablich@chromium.org> Cr-Commit-Position: refs/heads/master@{#47740}
-
Clemens Hammacher authored
Use int instead of byte to store the source position when computing a location based on the stack trace stored in an error object. Also add tests, since this code path was not covered before (not even for small position where it would have succeeded). Also, add some comments about which positions are 0-based and 1-based. R=titzer@chromium.org Change-Id: I313dcd6c47b77093ced9bb687415715d04eafb97 Reviewed-on: https://chromium-review.googlesource.com/645527Reviewed-by:
-
Benedikt Meurer authored
Now that the ticks are stored in the feedback vector the function parameter to CodeStubAssembler::UpdateFeedback is unused and we can remove it (and the need to load the closure on the use sites). Change-Id: I60bdebd2003ab707a7ad8451d0cb2189b70fd9cf Reviewed-on: https://chromium-review.googlesource.com/645626Reviewed-by:
-
Michael Lippautz authored
TBR=ulan@chromium.org Change-Id: I793d99ec5b82d2f2444a20db5f0eb4e08bea4da4 Reviewed-on: https://chromium-review.googlesource.com/645308Reviewed-by:
-
Michael Starzinger authored
R=yangguo@chromium.org BUG=chromium:760858 Change-Id: I9a4f569a3fb978e1ed33176ac8e5d1ef383cacbe Reviewed-on: https://chromium-review.googlesource.com/645349Reviewed-by:
-
Camillo Bruni authored
This test documents the basic behavior of the EnumCache which is shared on the DescriptorArray. Change-Id: Idd40670d99d81bb5e4b6161ffc47f2898ca9d2a9 Reviewed-on: https://chromium-review.googlesource.com/643297 Commit-Queue: Camillo Bruni <cbruni@chromium.org> Reviewed-by:
-
Benedikt Meurer authored
This reverts commit c6b153fd. Reason for revert: Doesn't compile on the tree. Original change's description: > [cctest] Add fuzz tests for generating parallel moves. > > These new tests are somewhat similar to the existing gap resolver tests except > we use the code generator and eventually run the generated code. The main idea > is to cover cases that are difficult to hit, such as move from/to slots which > are out of range of loads and stores, but may happen nonetheless. > > At this time, the tests only make sure the code generator actually generated > some code, and that this code runs. In the future, it would be great to also > check that the moves were actually performed. > > Bug: v8:6553 > Change-Id: I089a25fa05b3a20649658bb8952926ab11f91d68 > Reviewed-on: https://chromium-review.googlesource.com/574850 > Commit-Queue: Pierre Langlois <pierre.langlois@arm.com> > Reviewed-by: Bill Budge <bbudge@chromium.org> > Cr-Commit-Position: refs/heads/master@{#47733} TBR=bbudge@chromium.org,danno@chromium.org,jarin@chromium.org,pierre.langlois@arm.com,bmeurer@chromium.org Change-Id: I875ab38e039fdbf58b8f08658c391147d2ec01fa No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:6553 Reviewed-on: https://chromium-review.googlesource.com/645446Reviewed-by:
-
Pierre Langlois authored
These new tests are somewhat similar to the existing gap resolver tests except we use the code generator and eventually run the generated code. The main idea is to cover cases that are difficult to hit, such as move from/to slots which are out of range of loads and stores, but may happen nonetheless. At this time, the tests only make sure the code generator actually generated some code, and that this code runs. In the future, it would be great to also check that the moves were actually performed. Bug: v8:6553 Change-Id: I089a25fa05b3a20649658bb8952926ab11f91d68 Reviewed-on: https://chromium-review.googlesource.com/574850 Commit-Queue: Pierre Langlois <pierre.langlois@arm.com> Reviewed-by:
Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#47733}
-
Franziska Hinkelmann authored
Bug: v8:6704 Change-Id: If636bdd682d76a6d58d36fc9bfbf1302a32468ab Reviewed-on: https://chromium-review.googlesource.com/641671 Commit-Queue: Franziska Hinkelmann <franzih@chromium.org> Reviewed-by:
-
Michael Lippautz authored
Bug: Change-Id: I177baaea8031f61a7d57806a65c2286b1af1fb4b Reviewed-on: https://chromium-review.googlesource.com/643926Reviewed-by:
-
Yang Guo authored
R=jgruber@chromium.org Bug: v8:6624 Change-Id: I4929a404999cf4d2c12471d5ee13533234fbcf7e Reviewed-on: https://chromium-review.googlesource.com/645126Reviewed-by:
-
Michael Lippautz authored
heap-inl.h exposes the whole world, which is fine from other inline files but not from regular headers. Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: I09ec67c6558682cb0d5181031bc39341a3f4c5bf Reviewed-on: https://chromium-review.googlesource.com/643294Reviewed-by:
-
Benedikt Meurer authored
When calling Object(value) where the value is known to be a JSReceiver, we can just replace it with value, as the Object constructor call is a no-op in that case. Otherwise when value is known to be not null or undefined then we can replace the Object constructor call with an invocation of ToObject. This covers the common pattern found in bundles generated by Webpack, where the Object constructor is used to call imported functions, i.e. Object(module.foo)(1, 2, 3) There's a lot of detail in https://github.com/webpack/webpack/issues/5600 on this matter and why this pattern was chosen. Bug: v8:6772 Change-Id: I2b4f0b4542b68b97b337ce571d6d79946c73d8bb Reviewed-on: https://chromium-review.googlesource.com/643868Reviewed-by:
-
Marja Hölttä authored
PreParser and Parser didn't agree whether a generator in a sloppy block is a sloppy block function or not, and thus the data generated by PreParser was inconsistent with what the Parser wanted to restore. BUG=v8:5516, chromium:760116 Change-Id: I0fd3c267691b8afd63a1336774769caf551c143e Reviewed-on: https://chromium-review.googlesource.com/642886Reviewed-by:
-
