- 23 Feb, 2018 24 commits
-
-
jgruber authored
Off-heap-safety slightly differs from isolate-independence in that it allows external references and checks instruction-size constraints. This adds the new predicate as well as a cctest verifying it. New DCHECKs are introduced to document assumptions and upcoming work. Note that this breaks the --stress-off-heap-code flag. Fixes will follow in upcoming CLs. Bug: v8:6666 Change-Id: If4f3e0f4428bacc8d293cd864b9b07b81679c423 Reviewed-on: https://chromium-review.googlesource.com/934183 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#51513}
-
jgruber authored
This is the follow-up CL to https://chromium-review.googlesource.com/#/c/v8/v8/+/931122. Now that HeapConstants can be loaded through the builtins constants table, the extra CallStub and CallRuntime has become unnecessary. Bug: v8:6666 Change-Id: I02bb7805ac37bed6fe27fdd0689ac22ad7de034b Reviewed-on: https://chromium-review.googlesource.com/931123 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#51512}
-
Dan Elphick authored
Convert all context, receiver and argc Node*s to their appropriate TNode type. Bug: v8:7310 Change-Id: Ic6bf22ffb22199d390731d424b7395c47a8f19cf Reviewed-on: https://chromium-review.googlesource.com/934442 Commit-Queue: Dan Elphick <delphick@chromium.org> Reviewed-by: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#51511}
-
Marja Hölttä authored
BUG=v8:7478 Change-Id: Iad67d49729dfeb89fde26772689a22098f491b8a Reviewed-on: https://chromium-review.googlesource.com/931548 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#51510}
-
Peter Marshall authored
Bug: v8:7310 Change-Id: I8d3ac3127d5ca3ea88fbb954727a7222de5d75a0 Reviewed-on: https://chromium-review.googlesource.com/934261 Commit-Queue: Peter Marshall <petermarshall@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#51509}
-
Ben L. Titzer authored
R=ahaas@chromium.org Bug: v8:7310 Change-Id: I7f4f4f7990a202232a0871f5d73dd8025306e96e Reviewed-on: https://chromium-review.googlesource.com/934262 Commit-Queue: Ben Titzer <titzer@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#51508}
-
Sigurd Schneider authored
This reverts commit 3ff4b447. Reason for revert: Does not handle V8_INTL_SUPPORT correctly Original change's description: > [turbofan] Move String.* functions to JSCallReducer > > Bug: v8:7250, v8:7340 > Change-Id: Ibb8d5badf89c66bd9bcb6bb390256ae81d0e899c > Reviewed-on: https://chromium-review.googlesource.com/913208 > Commit-Queue: Sigurd Schneider <sigurds@chromium.org> > Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> > Cr-Commit-Position: refs/heads/master@{#51505} TBR=sigurds@chromium.org,bmeurer@chromium.org Change-Id: I6efb3b758b0fcadc012a90c4175de3c1ebccee95 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:7250, v8:7340 Reviewed-on: https://chromium-review.googlesource.com/934267Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#51507}
-
Georg Neis authored
R=ishell@chromium.org Bug: v8:7310 Change-Id: Ibdf4c0c5a53de88d492668786734be08420df90e Reviewed-on: https://chromium-review.googlesource.com/934342Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#51506}
-
Sigurd Schneider authored
Bug: v8:7250, v8:7340 Change-Id: Ibb8d5badf89c66bd9bcb6bb390256ae81d0e899c Reviewed-on: https://chromium-review.googlesource.com/913208 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#51505}
-
Georg Neis authored
E.g. SubString and StringAdd. Bug: v8:7310 Change-Id: I352044f88fe79c5b576c5423d6feae3bcb7d725a Reviewed-on: https://chromium-review.googlesource.com/934284Reviewed-by: Peter Marshall <petermarshall@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#51504}
-
Yang Guo authored
Regular construct stubs eventually call InvokeFunction, which does performs debug hook checking. For builtins such as Object, Array, etc. this approach does not work since they have specialized construct stubs that do not check for the debug hook. R=bmeurer@chromium.org Bug: v8:178 Change-Id: I3e1f5d2dae1c7a6220b7236bd6ea71d83a65171f Reviewed-on: https://chromium-review.googlesource.com/931702Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#51503}
-
Gabriel Charette authored
This reverts commit f64a87c4. Revert "[v8] Even finer grain trace events for EVACUATE_COPY step." This reverts commit 2c1b6d38. Traces have been gathered by the bots. I'm still analyzing the results but let's revert these for now to soothe the poor bots which are running with v8.gc tracing enabled and regressing like crazy because of this crbug.com/814800. R=hpayer@chromium.org Bug: chromium:814800, chromium:813824 Change-Id: If97c1ff5d14de18414c3b8d65ecb3aaf4f1bb32d Reviewed-on: https://chromium-review.googlesource.com/934131Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Gabriel Charette <gab@chromium.org> Cr-Commit-Position: refs/heads/master@{#51502}
-
Peter Marshall authored
Bug: v8:7310 Change-Id: Iaebe8fa8e5a622b0963754548aa7e29fd6028e22 Reviewed-on: https://chromium-review.googlesource.com/934203Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#51501}
-
Clemens Hammacher authored
Instead of limiting the number of used spill slots and bailing out if the limit is exceeded, we now store the number of spill slots used and patch the stack frame size after generating all code. This removes a lot of checks and bailouts. Drive-by: Fix a bug with spilling f64 caller frame slots which was uncovered by the additional test coverage after this CL. R=titzer@chromium.org Bug: v8:6600 Change-Id: I25d856f99451642cc15239c0461402e51487d0a1 Reviewed-on: https://chromium-review.googlesource.com/929162Reviewed-by: Ben Titzer <titzer@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#51500}
-
Kim-Anh Tran authored
Bug: v8:7310 Change-Id: I6f1c2424fbf377b358546d76a9bc3bbd300aeab5 Reviewed-on: https://chromium-review.googlesource.com/933762 Commit-Queue: Kim-Anh Tran <kimanh@google.com> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#51499}
-
jgruber authored
During builtins generation, parts of the builtins table may be filled with placeholder code objects. This CL ensures that such placeholders are replaced by the real builtin object during finalization of the builtins constants table. Bug: v8:6666 Change-Id: I3a2635b29b37690fd7e950b9f38d500704671afb Reviewed-on: https://chromium-review.googlesource.com/934241Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#51498}
-
Peter Marshall authored
Also a small drive-by cleanup to ToSmiLength to make the two functions more consistent. Bug: v8:7310 Change-Id: Ied01b72c2d30445eebac2bdab33d96e2df994274 Reviewed-on: https://chromium-review.googlesource.com/931545Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#51497}
-
Sigurd Schneider authored
This is a reland of ccbbdb93. Original change's description: > [turbofan] Disable speculation for JSCall nodes by default > > Change-Id: I7360601f4e1b419cf8d35480b068418bdd700be9 > Reviewed-on: https://chromium-review.googlesource.com/928649 > Commit-Queue: Sigurd Schneider <sigurds@chromium.org> > Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> > Cr-Commit-Position: refs/heads/master@{#51467} Bug: v8:7340 Change-Id: I5557afcdad0c7f9610a396dcfa45f8985a13c1ba Reviewed-on: https://chromium-review.googlesource.com/931546Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#51496}
-
jgruber authored
Moves the decision whether to embed the constant or perform a lookup through the builtins constants table to CodeAssembler::UntypedHeapConstant. Root constants continue to be embedded (and are later turned into loads through root-register by the backend); non-root constants are added to the constants table at generation-time and loaded from there at runtime. This allows us to remove the recently added boilerplate around CallStub and CallRuntime in a follow-up. Bug: v8:6666 Change-Id: Id981088e4b9d665c678acc9718383179f681f063 Reviewed-on: https://chromium-review.googlesource.com/931122 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#51495}
-
v8-autoroll authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/b3523c3..787ae8b Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/d2d530b..13a8b37 Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/c29e3d7..7e69312 TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org Change-Id: I6d46c7a380b2de8e0b3da20009ee7410b84ad9d3 Reviewed-on: https://chromium-review.googlesource.com/933609 Commit-Queue: v8 autoroll <v8-autoroll@chromium.org> Reviewed-by: v8 autoroll <v8-autoroll@chromium.org> Cr-Commit-Position: refs/heads/master@{#51494}
-
Jakob Kummerow authored
and use it more often. Bug: v8:7310 Change-Id: I7773f35415a0bb529cdaac380c9068f4ed5010ae Reviewed-on: https://chromium-review.googlesource.com/930236 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#51493}
-
Jakob Kummerow authored
Bug: v8:6791 Change-Id: I1423321552e50d9ccb40a94b73f393d6d46fa629 Reviewed-on: https://chromium-review.googlesource.com/927789 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#51492}
-
Jakob Kummerow authored
Originally reviewed at https://chromium-review.googlesource.com/929429 and landed as r51486 / d50c7731. Update in reland: whitelisted new builtins as side effect free. Bug: v8:6791 Change-Id: Iff45700c8a4eca23f3ee6fc9c0cb340dc027cbc6 Reviewed-on: https://chromium-review.googlesource.com/932802 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#51491}
-
Michael Achenbach authored
NOTRY=true TBR=gsathya@chromium.org Bug: chromium:800651 Change-Id: I9e978c430cbeef0fcf004d1cfbd1e64f15983155 Reviewed-on: https://chromium-review.googlesource.com/933294Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#51490}
-
- 22 Feb, 2018 16 commits
-
-
Adam Klein authored
Without --harmony-function-tostring, anything other than a JSFunction or JSBoundFunction throw when Function.prototype.toString is called on them. But with the toString revision, anything callable allows toString (and for non-Functions returns the good old "function () { [native code] }" string). Bug: v8:7484 Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel Change-Id: I3540e213a40992151761b59666fe36e0510da908 Reviewed-on: https://chromium-review.googlesource.com/932825 Commit-Queue: Adam Klein <adamk@chromium.org> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#51489}
-
Sathya Gunasekaran authored
Fixes broken background compile error reporting. Fixes broken tests in DateTimeFormat and NumberFormat: PluralRules constructor requires 'new'. Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng Change-Id: I65216a3172595397f5de638c9d5d9d021d3257ce Reviewed-on: https://chromium-review.googlesource.com/931935 Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#51488}
-
Michael Achenbach authored
This reverts commit d50c7731. Reason for revert: Fails on many bots, like: https://build.chromium.org/p/client.v8/builders/V8%20Linux/builds/23331 Original change's description: > [bigint] Implement DataView.{get,set}Big*64 > > Bug: v8:6791 > Change-Id: I4b5ad3cf68b5c2423d6e055332d7f0dfce7c1e99 > Reviewed-on: https://chromium-review.googlesource.com/929429 > Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#51486} TBR=jkummerow@chromium.org,neis@chromium.org Change-Id: I95c260134d7d2671cd4cc0f8c07971af04d97546 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:6791 Reviewed-on: https://chromium-review.googlesource.com/932801Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#51487}
-
Jakob Kummerow authored
Bug: v8:6791 Change-Id: I4b5ad3cf68b5c2423d6e055332d7f0dfce7c1e99 Reviewed-on: https://chromium-review.googlesource.com/929429 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#51486}
-
Clemens Hammacher authored
When calling a function through a function table, check whether the instance of the called function differs from the current instance, and in that case call the other function via a c-wasm-entry instead of interpreting it. The c-wasm-entry needs to pass the wasm context, so this CL changes this to receive the wasm context as parameter instead of embedding the context of the calling instance. R=titzer@chromium.org Bug: chromium:814562, v8:7400 Change-Id: Iea93f270542169f8aac4f8c81aacec559c716368 Reviewed-on: https://chromium-review.googlesource.com/930966Reviewed-by: Ben Titzer <titzer@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#51485}
-
Yang Guo authored
R=jgruber@chromium.org Change-Id: I951d05f11d227fa3bc817010176bd966c23ad337 Reviewed-on: https://chromium-review.googlesource.com/931463Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#51484}
-
Erik Luo authored
This is a reland of ba5bac8c. Original change's description: > [debug] add tests, mark side-effect-free (Typed)Array, WeakMap/Set fns > > Adds more whitelisted methods in debug-evaluate for: > Array, TypedArray, ArrayBuffer, DataView, WeakMap, WeakSet > > Bug: chromium:810176 > Change-Id: I502776ad3191ccc2a355e5684b5f885a5f58d186 > Reviewed-on: https://chromium-review.googlesource.com/923414 > Reviewed-by: Yang Guo <yangguo@chromium.org> > Commit-Queue: Erik Luo <luoe@chromium.org> > Cr-Commit-Position: refs/heads/master@{#51456} Bug: chromium:810176 Change-Id: I64ff0aa632ddf77ad683de76b61ebe4e85d5f879 Reviewed-on: https://chromium-review.googlesource.com/931987Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Erik Luo <luoe@chromium.org> Cr-Commit-Position: refs/heads/master@{#51483}
-
Dan Elphick authored
Creates a macro that in debug builds generates case statements for unused bytes codes (marked UNREACHABLE). This will catch the case where a byte code declared to be unused is actually used. Should be easier to maintain than the existing comments. Change-Id: I0b5d830be88b7ef747975657283c1b1e98182360 Reviewed-on: https://chromium-review.googlesource.com/928650Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#51482}
-
Michael Achenbach authored
This migrates harness adjustments, to be loaded after mjsunit.js on fuzzers for correctness fuzzing. This is the first step adding deeper pretty printing. Other adjustments will be added in follow ups. Bug: chromium:813833 Change-Id: I51168a31e733d54808cb8853a1c90e897acf3791 Reviewed-on: https://chromium-review.googlesource.com/930565 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#51481}
-
Michael Achenbach authored
We'll soon also host other configurations for general fuzzing, not only correctness fuzzing in the new tools/clusterfuzz folder. TBR=yangguo@chromium.org Bug: chromium:813833 Change-Id: Icd966bfec91cc547522bad5d1a842500b554754f Reviewed-on: https://chromium-review.googlesource.com/930331Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#51480}
-
Sathya Gunasekaran authored
Bug: v8:5368 Change-Id: I7ec4bb6c0f50d8a72a12f5d4521c5fdcba526014 Reviewed-on: https://chromium-review.googlesource.com/929876Reviewed-by: Mythri Alle <mythria@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#51479}
-
Michael Achenbach authored
NOTRY=true NOTREECHECKS=true TBR=yangguo@chromium.org Bug: chromium:814810 Change-Id: Ibf9d5d637f4e98a295d0cde6632679c77c3a4eb3 Reviewed-on: https://chromium-review.googlesource.com/931921Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#51478}
-
Michael Achenbach authored
This reverts commit eac4b59f. Reason for revert: https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/21829 See: https://github.com/v8/v8/wiki/Blink-layout-tests Original change's description: > [Compiler] Use CompilationCache for StreamedScript compilation. > > Previously GetSharedFunctionInfoForStreamedScript didn't either check the > compilation cache or put the result of compilation into the compilation > cache. This would mean future compiles would need to re-parse / compile > the same script even if the isolate had already seen it. This CL > fixes this. > > BUG=v8:5203 > > Change-Id: I421627b80848feb9884e2440c4ee66556e05b3c9 > Reviewed-on: https://chromium-review.googlesource.com/924285 > Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> > Reviewed-by: Mythri Alle <mythria@chromium.org> > Cr-Commit-Position: refs/heads/master@{#51469} TBR=rmcilroy@chromium.org,mythria@chromium.org Change-Id: Id822b55bd162b74f098160a11e6a3bda6924c1e4 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:5203 Reviewed-on: https://chromium-review.googlesource.com/931821Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#51477}
-
Andreas Haas authored
R=adamk@chromium.org Bug: v8:7310 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: I5571802230b28cbe272190ef05d42323c592a4ee Reviewed-on: https://chromium-review.googlesource.com/921062 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#51476}
-
Kim-Anh Tran authored
AddCode and AddOwnedCode (from NativeModule), as well as the WasmCode constructor are using a default value (false) for determining whether the code is liftoff-compiled or not. This CL removes the default value and requires each call to these functions/constructors to explicitly set the value. Change-Id: Icd4187d1710c774826c9134078ec65845bc98dd7 Reviewed-on: https://chromium-review.googlesource.com/928921 Commit-Queue: Kim-Anh Tran <kimanh@google.com> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#51475}
-
Benedikt Meurer authored
This is preparatory cleanup work for eventually tracking the functions (rather than concrete closures) in the CALL_IC, also for builtins like the default PromiseCapability [[Resolve]] and [[Reject]] functions. It adds a new FeedbackCell type, which is used by JSFunctions consistently now to reference the feedback vector (or undefined if not the function is not compiled yet or is a native/asm.js function). This also changes the calling convention for FastNewClosure builtin and the JSCreateClosure operator in TurboFan to carry the FeedbackCell here instead of the parent FeedbackVector and the slot index. In addition we eliminate the now unused %InterpreterNewClosure runtime function. Bug: v8:2206, v8:7253, v8:7310 Change-Id: Ib4ce456e276e0273e57c163dcdd0b33abf863656 Reviewed-on: https://chromium-review.googlesource.com/928403 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#51474}
-