Skip to content

V
V8
Switch branch/tag
  1. 01 Sep, 2016 2 commits
  3. 31 Aug, 2016 1 commit
  5. 30 Aug, 2016 1 commit
  7. 29 Aug, 2016 3 commits
    • mtrofin's avatar
      [wasm] Use weak reference for wasm deopt data. · b9eb9ee7
      mtrofin authored 
      This unblocks moving off having to hold on to a compiled module
template.

Once we don't have the template, when we have a single instance, the
instance and wasm module share the same compiled code. We will want
to clear that code off instance-specific stuff, when the instance is
unreferenced and should be GC-ed (stuff like the instance heap, for
instance). However, the deopt data will maintain a strong reference,
blocking the GC: the module object strongly references the compiled
code, which strongly references the instance object through the deopt
data.

This change addresses that by making that last reference weak.

BUG=v8:5316

Review-Url: https://codereview.chromium.org/2284683005
Cr-Commit-Position: refs/heads/master@{#38990}
      b9eb9ee7
    • verwaest's avatar
      Replace CollectVariables with locals(), update callsites to walk locals instead · 1493bc8c
      verwaest authored 
      This additionally gets rid of old approach to global shortcuts.

BUG=v8:5209

Review-Url: https://codereview.chromium.org/2287173002
Cr-Commit-Position: refs/heads/master@{#38980}
      1493bc8c
    • bmeurer's avatar
      [turbofan] Remove special JSForInStep and JSForInDone. · 1915762c
      bmeurer authored 
      These JavaScript operators were special hacks to ensure that we always
operate on Smis for the magic for-in index variable, but this never
really worked in the OSR case, because the OsrValue for the index
variable didn't have the proper information (that we have for the
JSForInPrepare in the non-OSR case).

Now that we have loop induction variable analysis and binary operation
hints, we can just use JSLessThan and JSAdd instead with appropriate
Smi hints, which handle the OSR case by inserting Smi checks (that are
always true). Thanks to OSR deconstruction and loop peeling these Smi
checks will be hoisted so they don't hurt the OSR case too much.

Drive-by-change: Rename the ForInDone bytecode to ForInContinue, since
we have to lower it to JSLessThan to get the loop induction variable
goodness.

R=epertoso@chromium.org
BUG=v8:5267

Review-Url: https://codereview.chromium.org/2289613002
Cr-Commit-Position: refs/heads/master@{#38968}
      1915762c
  9. 25 Aug, 2016 1 commit
  11. 24 Aug, 2016 2 commits
    • jgruber's avatar
      Add new FrameArray type · 19e83802
      jgruber authored 
      A FrameArray encodes information about a set of stack frames into a fixed
array.

This commit is a pure refactoring to make the structure of fixed array-encoded
frames explicit.

BUG=

Review-Url: https://codereview.chromium.org/2270783002
Cr-Commit-Position: refs/heads/master@{#38852}
      19e83802
    • littledan's avatar
      Change which ExceptionEvents are triggered by Promises · 013e49f7
      littledan authored 
      To make async/await catch prediction work well, this patch regularizes
the exception events sent to DevTools from various places in the Promise
lifecycle. The core is that there should be an exception event when the
rejection first starts, rather than when it is propagated.

- Several cases within Promise code which propagate errors are
  modified to not trigger a new ExceptionEvent in that case, such
  as .then on a rejected Promise and returning a rejected Promise
  from .then, as well as Promise.race and Promise.all.
- Make Promise.reject() create an ExceptionEvent, subject to catch
  prediction based on the Promise stack. This is important
  so that, e.g., if "await Promise.reject()" will trigger a new
  throw (rather than a silent rethrow of something that never
  triggered an event in the first place).

BUG=v8:5167

Review-Url: https://codereview.chromium.org/2244003003
Cr-Commit-Position: refs/heads/master@{#38847}
      013e49f7
  13. 23 Aug, 2016 1 commit
  15. 22 Aug, 2016 3 commits
  17. 19 Aug, 2016 2 commits
  19. 18 Aug, 2016 10 commits
  21. 17 Aug, 2016 1 commit
  23. 16 Aug, 2016 1 commit
    • jgruber's avatar
      Refactor data structures for simple stack traces · b4c1aefb
      jgruber authored 
      Simple stack traces are captured through Isolate::CaptureSimpleStackTrace.
Captured frames are stored in a FixedArray, which in turn is stored as a
property (using a private symbol) on the error object itself. Actual formatting
of the textual stack trace is done lazily when the user reads the stack
property of the error object.

This would involve many conversions back and forth between index-encoded raw
data (receiver, function, offset and code), JS CallSite objects, and C++
CallSite objects.

This commit refactors the C++ CallSite class into a Struct class called
StackTraceFrame, which is the new single point of truth frame information.
Isolate::CaptureSimpleStackTrace stores an array of StackTraceFrames, and JS
CallSite objects (now created only when the user specifies custom stack trace
formatting through Error.prepareStackTrace) internally only store a reference
to a StackTraceFrame.

BUG=

Review-Url: https://codereview.chromium.org/2230953002
Cr-Commit-Position: refs/heads/master@{#38645}
      b4c1aefb
  25. 12 Aug, 2016 4 commits
    • jshin's avatar
      Throw when case mapping result > max string length · 4e8ebeb0
      jshin authored 
      Throw 'Range Error: invalid string length' when the result of
case mapping is longer than the max string length (kMaxLength in
objects.h = 1 << 28 - 16).

This is for case mapping with ICU.

A new test (case-mapping-slow.js) is added with PASS,SLOW. It's
configured to skip unless arch=x64 and mode=release and not on
simulator.

This is a reattempt to land
 https://codereview.chromium.org/2236593002 that was reverted.

BUG=v8:5271
TEST=intl/general/case-mapping-slow.js with --icu_case_mapping

Review-Url: https://codereview.chromium.org/2236963003
Cr-Commit-Position: refs/heads/master@{#38626}
      4e8ebeb0
    • jkummerow's avatar
      [regexp][liveedit] Fix inconsistent JSArrays · bb9707c8
      jkummerow authored 
      The hand-written KeyedLoadIC_Megamorphic stub didn't care about JSArray
lengths, which made it lenient towards said lengths being wrong, but it
will soon fix that bug and thereby become more strict.

LiveEdit: factory->NewJSArray(capacity) doesn't set a length, so set it
manually.
RegExp: to avoid having to take care of array length updating in the
RegExpExecStub, just use a JSObject instead.

Review-Url: https://codereview.chromium.org/2244673002
Cr-Commit-Position: refs/heads/master@{#38624}
      bb9707c8
    • yangguo's avatar
      [debugger] add mixed-stack tests. · f03bebc7
      yangguo authored 
      R=jgruber@chromium.org, mstarzinger@chromium.org
BUG=v8:5265

Review-Url: https://codereview.chromium.org/2246483002
Cr-Commit-Position: refs/heads/master@{#38621}
      f03bebc7
    • jgruber's avatar
      Handle missing context when getting frame details · d2528080
      jgruber authored 
      This bug was triggered by a very specific combination:

* A context-allocated variable at script scope.
* OSR optimization.
* A scheduled breakpoint, which triggers at stack checks.

Stack checks differ from other possible breakpoint locations in that
the context (among other things) may be in a register and not on the
stack, making it impossible to recover during deoptimization. The
frame_inspector then returns undefined when asked for the context.

In GetFrameDetails, handle this case by omitting all context-allocated
variables.

BUG=v8:5279

Review-Url: https://codereview.chromium.org/2245603002
Cr-Commit-Position: refs/heads/master@{#38611}
      d2528080
  27. 11 Aug, 2016 2 commits
  29. 10 Aug, 2016 6 commits