- 02 Dec, 2015 40 commits
-
-
jkummerow authored
Split out of PropertyAttributes, and used for all filtering purposes. Also moved PropertyAttributes into the v8::internal:: namespace. No change in behavior intended. Review URL: https://codereview.chromium.org/1492653004 Cr-Commit-Position: refs/heads/master@{#32525}
-
bmeurer authored
Also remove the ResultMode from ToBooleanStub and always return true or false and use the same mechanism in fullcodegen. This is in preparation for adding ToBoolean hints to TurboFan. Drive-by-fix: We can use the power of the ToBooleanIC in TurboFan now that the ResultMode is gone (and the runtime always returns true or false from the miss handler). R=mstarzinger@chromium.org BUG=v8:4583 LOG=n Review URL: https://codereview.chromium.org/1491223002 Cr-Commit-Position: refs/heads/master@{#32524}
-
sigurds authored
R=mstarzinger@chromium.org BUG=v8:4586 LOG=n Review URL: https://codereview.chromium.org/1491903002 Cr-Commit-Position: refs/heads/master@{#32523}
-
mlippautz authored
Revert of [heap] Refactor evacuation for young and old gen into visitors. (patchset #1 id:1 of https://codereview.chromium.org/1493523003/ ) Reason for revert: Speculative revert for crashing Canary. Original issue's description: > Reland of [heap] Refactor evacuation for young and old gen into visitors. (patchset #1 id:1 of https://codereview.chromium.org/1483393002/ ) > > Reason for revert: > Reland after fixing the potential root cause of the canary crasher. > > Original issue's description: > > Revert of [heap] Refactor evacuation for young and old gen into visitors. (patchset #5 id:80001 of https://codereview.chromium.org/1470253002/ ) > > > > Reason for revert: > > Still investigating bad canary. > > > > Original issue's description: > > > [heap] Refactor evacuation for young and old gen into visitors. > > > > > > Create a visitor for evacuating objects for young and old generation. This is > > > the first step of preparing a task to process, both, newspace and oldspace > > > pages in parallel. > > > > > > BUG=chromium:524425 > > > LOG=N > > > > > > Committed: https://crrev.com/138d9bae5d7014e0d205634a49b5eac3697744c8 > > > Cr-Commit-Position: refs/heads/master@{#32349} > > > > TBR=mlippautz@chromium.org > > NOPRESUBMIT=true > > NOTREECHECKS=true > > NOTRY=true > > BUG=chromium:524425 > > > > Committed: https://crrev.com/aa24a3135ec308e1f84bce334844caf0cae2437a > > Cr-Commit-Position: refs/heads/master@{#32462} > > TBR=mlippautz@chromium.org > NOPRESUBMIT=true > NOTREECHECKS=true > NOTRY=true > BUG=chromium:524425 > > Committed: https://crrev.com/120b640dfce5f02cecc5af72ca0b2b3b93ce8652 > Cr-Commit-Position: refs/heads/master@{#32500} TBR=hpayer@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=chromium:524425 Review URL: https://codereview.chromium.org/1495583002 Cr-Commit-Position: refs/heads/master@{#32522}
-
mlippautz authored
Revert of [heap] Unify evacuating an object for new and old generation. (patchset #1 id:1 of https://codereview.chromium.org/1494533002/ ) Reason for revert: Speculative revert for crashing Canary. Original issue's description: > Reland of [heap] Unify evacuating an object for new and old generation. (patchset #1 id:1 of https://codereview.chromium.org/1483963004/ ) > > Reason for revert: > Reland after fixing the potential root cause of the canary crasher. > > Original issue's description: > > Revert of [heap] Unify evacuating an object for new and old generation. (patchset #2 id:20001 of https://codereview.chromium.org/1481873002/ ) > > > > Reason for revert: > > Still investigating bad canary. > > > > Original issue's description: > > > [heap] Unify evacuating an object for new and old generation. > > > > > > BUG=chromium:524425 > > > LOG=N > > > > > > Committed: https://crrev.com/afb8bcce8ba889280ed747eb218d287ddd233b4a > > > Cr-Commit-Position: refs/heads/master@{#32365} > > > > TBR=mlippautz@chromium.org > > NOPRESUBMIT=true > > NOTREECHECKS=true > > NOTRY=true > > BUG=chromium:524425 > > > > Committed: https://crrev.com/9c60ddc60e96da0c59e646660789c26550ad52a2 > > Cr-Commit-Position: refs/heads/master@{#32460} > > TBR=mlippautz@chromium.org > NOPRESUBMIT=true > NOTREECHECKS=true > NOTRY=true > BUG=chromium:524425 > > Committed: https://crrev.com/7ea8ac98f6eb5ffa9d4976aa22fec9befb814e0c > Cr-Commit-Position: refs/heads/master@{#32501} TBR=hpayer@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=chromium:524425 Review URL: https://codereview.chromium.org/1491013003 Cr-Commit-Position: refs/heads/master@{#32521}
-
mlippautz authored
Revert of "[heap] Clean up stale store buffer entries for aborted pages." (patchset #3 id:40001 of https://codereview.chromium.org/1494503004/ ) Reason for revert: Still failing on GC stress https://chromegw.corp.google.com/i/client.v8/builders/V8%20Linux%20-%20gc%20stress/builds/690 Original issue's description: > Reland of "[heap] Clean up stale store buffer entries for aborted pages." > > This reverts commit d4fc4a8c. > > 1. Let X be the aborted slot (slot in an evacuated object in an aborted page) > 2. Assume X contains pointer to Y and Y is in the new space, so X is in the > store buffer. > 3. Store buffer rebuilding will not filter out X (it checks InNewSpace(Y)). > 4. The current mark-sweep finishes. The slot X is in free space and is also in > the store buffer. > 5. A string of length 9 "abcdefghi" is allocated in the new space. The string > looks like |MAP|LENGTH|hgfedcba|NNNNNNNi| in memory, where NNNNNNN is > previous garbage. Let's assume that NNNNNNN0 was pointing to a new space > object before. > 6. Scavenge happens. > 7. Slot X is still in free space and in store buffer. [It causes scavenge of > the object Y in > store_buffer()->IteratePointersToNewSpace(&Scavenger::ScavengeObject). But > it is not important]. > 8. Our string is promoted and is allocated over the slot X, such that NNNNNNNi > is written in X. > 9. The scavenge finishes. > 9. Another scavenge starts. > 10. We crash in > store_buffer()->IteratePointersToNewSpace(&Scavenger::ScavengeObject) when > processing slot X, because it doesn't point to valid map. > > BUG=chromium:524425, chromium:564498 > LOG=N > R=hpayer@chromium.org, ulan@chromium.org > > Committed: https://crrev.com/fc6ff534003480e49dc481d9c665e961ab709c02 > Cr-Commit-Position: refs/heads/master@{#32514} TBR=hpayer@chromium.org,ulan@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=chromium:524425, chromium:564498 Review URL: https://codereview.chromium.org/1492823002 Cr-Commit-Position: refs/heads/master@{#32520}
-
bmeurer authored
We can constant fold %_IsJSReceiver(x) based on whether x is always a receiver or can never be a receiver. This is important as %_IsJSReceiver is inserted by the JSInliner. R=jarin@chromium.org BUG=v8:4544 LOG=n Review URL: https://codereview.chromium.org/1486383003 Cr-Commit-Position: refs/heads/master@{#32519}
-
mbrandy authored
R=mvstanton@chromium.org, yangguo@chromium.org BUG= Review URL: https://codereview.chromium.org/1491683003 Cr-Commit-Position: refs/heads/master@{#32518}
-
yangguo authored
R=verwaest@chromium.org Review URL: https://codereview.chromium.org/1493733002 Cr-Commit-Position: refs/heads/master@{#32517}
-
yangguo authored
The new step-in implementation no longer tries to predict the step-in target, so we don't need the arguments count nor call type anymore. R=verwaest@chromium.org Review URL: https://codereview.chromium.org/1484893003 Cr-Commit-Position: refs/heads/master@{#32516}
-
zhengxing.li authored
port 4f494789 (r32262) original commit message: The Float32RoundUp operator rounds float32 numbers towards infinity. The operator is currently implemented on x64, ia32, arm, and arm64. BUG= Review URL: https://codereview.chromium.org/1491843003 Cr-Commit-Position: refs/heads/master@{#32515}
-
mlippautz authored
This reverts commit d4fc4a8c. 1. Let X be the aborted slot (slot in an evacuated object in an aborted page) 2. Assume X contains pointer to Y and Y is in the new space, so X is in the store buffer. 3. Store buffer rebuilding will not filter out X (it checks InNewSpace(Y)). 4. The current mark-sweep finishes. The slot X is in free space and is also in the store buffer. 5. A string of length 9 "abcdefghi" is allocated in the new space. The string looks like |MAP|LENGTH|hgfedcba|NNNNNNNi| in memory, where NNNNNNN is previous garbage. Let's assume that NNNNNNN0 was pointing to a new space object before. 6. Scavenge happens. 7. Slot X is still in free space and in store buffer. [It causes scavenge of the object Y in store_buffer()->IteratePointersToNewSpace(&Scavenger::ScavengeObject). But it is not important]. 8. Our string is promoted and is allocated over the slot X, such that NNNNNNNi is written in X. 9. The scavenge finishes. 9. Another scavenge starts. 10. We crash in store_buffer()->IteratePointersToNewSpace(&Scavenger::ScavengeObject) when processing slot X, because it doesn't point to valid map. BUG=chromium:524425, chromium:564498 LOG=N R=hpayer@chromium.org, ulan@chromium.org Review URL: https://codereview.chromium.org/1494503004 Cr-Commit-Position: refs/heads/master@{#32514}
-
cbruni authored
BUG= Review URL: https://codereview.chromium.org/1491613002 Cr-Commit-Position: refs/heads/master@{#32513}
-
machenbach authored
Revert of [CQ] Update proto format to fix triggered builders. (patchset #1 id:1 of https://codereview.chromium.org/1495443003/ ) Reason for revert: Still not working Original issue's description: > Reland of [CQ] Update proto format to fix triggered builders. (patchset #1 id:1 of https://codereview.chromium.org/1485813004/ ) > > Reason for revert: > Should be fixed after https://codereview.chromium.org/1487413002/ > > Original issue's description: > > Revert of [CQ] Update proto format to fix triggered builders. (patchset #1 id:1 of https://codereview.chromium.org/1486963002/ ) > > > > Reason for revert: > > Maybe causing problems > > > > Original issue's description: > > > [CQ] Update proto format to fix triggered builders. > > > > > > Depends on https://chromereviews.googleplex.com/319777013/ > > > > > > BUG=chromium:561530 > > > LOG=n > > > TBR=sergiyb@chromium.org, tandrii@chromium.org > > > NOTRY=true > > > > > > Committed: https://crrev.com/51d6d619330080a76c5bc7a2ebdafebc6a808aa8 > > > Cr-Commit-Position: refs/heads/master@{#32453} > > > > TBR=sergiyb@chromium.org,tandrii@chromium.org > > NOPRESUBMIT=true > > NOTREECHECKS=true > > NOTRY=true > > BUG=chromium:561530 > > > > Committed: https://crrev.com/79ded5acc9da6a80cbd739c24c6dfa0cf207ae93 > > Cr-Commit-Position: refs/heads/master@{#32464} > > TBR=sergiyb@chromium.org,tandrii@chromium.org > NOPRESUBMIT=true > NOTREECHECKS=true > NOTRY=true > BUG=chromium:561530 > > Committed: https://crrev.com/3cea13351c1af365013f51c7b67e72eeba79afe6 > Cr-Commit-Position: refs/heads/master@{#32511} TBR=sergiyb@chromium.org,tandrii@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=chromium:561530 Review URL: https://codereview.chromium.org/1493693003 Cr-Commit-Position: refs/heads/master@{#32512}
-
machenbach authored
Reland of [CQ] Update proto format to fix triggered builders. (patchset #1 id:1 of https://codereview.chromium.org/1485813004/ ) Reason for revert: Should be fixed after https://codereview.chromium.org/1487413002/ Original issue's description: > Revert of [CQ] Update proto format to fix triggered builders. (patchset #1 id:1 of https://codereview.chromium.org/1486963002/ ) > > Reason for revert: > Maybe causing problems > > Original issue's description: > > [CQ] Update proto format to fix triggered builders. > > > > Depends on https://chromereviews.googleplex.com/319777013/ > > > > BUG=chromium:561530 > > LOG=n > > TBR=sergiyb@chromium.org, tandrii@chromium.org > > NOTRY=true > > > > Committed: https://crrev.com/51d6d619330080a76c5bc7a2ebdafebc6a808aa8 > > Cr-Commit-Position: refs/heads/master@{#32453} > > TBR=sergiyb@chromium.org,tandrii@chromium.org > NOPRESUBMIT=true > NOTREECHECKS=true > NOTRY=true > BUG=chromium:561530 > > Committed: https://crrev.com/79ded5acc9da6a80cbd739c24c6dfa0cf207ae93 > Cr-Commit-Position: refs/heads/master@{#32464} TBR=sergiyb@chromium.org,tandrii@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=chromium:561530 Review URL: https://codereview.chromium.org/1495443003 Cr-Commit-Position: refs/heads/master@{#32511}
-
hablich authored
NOTRY=true TBR=hpayer@chromium.org, ulan@chromium.org Review URL: https://codereview.chromium.org/1490263002 Cr-Commit-Position: refs/heads/master@{#32510}
-
jochen authored
BUG=v8:2487 LOG=n R=vogelheim@chromium.org Review URL: https://codereview.chromium.org/1496493002 Cr-Commit-Position: refs/heads/master@{#32509}
-
danno authored
* Add a sibling interface to InterpreterAssembler called CodeStubAssembler which provides a wrapper around the RawMachineAssembler and is intented to make it easy to build efficient cross-platform code stubs. Much of the implementation of CodeStubAssembler is shamelessly stolen from the InterpreterAssembler, and the idea is to eventually merge the two interfaces somehow, probably moving the InterpreterAssembler interface over to use the CodeStubAssembler. Short-term, however, the two interfaces shall remain decoupled to increase our velocity developing the two systems in parallel. * Implement the StringLength stub in TurboFan with the new CodeStubAssembler. Replace and remove the old Hydrogen-stub version. * Remove a whole slew of machinery to support JavaScript-style code stub generation, since it ultimately proved unwieldy, brittle and baroque. This cleanup includes removing the shared code stub context, several example stubs and a tangle of build file changes. BUG=v8:4587 LOG=n Review URL: https://codereview.chromium.org/1475953002 Cr-Commit-Position: refs/heads/master@{#32508}
-
bmeurer authored
The main part of the Proxy constructor was already in C++, there's actually no point in keeping a JavaScript wrapper. R=cbruni@chromium.org BUG=v8:1543 LOG=n Review URL: https://codereview.chromium.org/1491893002 Cr-Commit-Position: refs/heads/master@{#32507}
-
cbruni authored
BUG= Review URL: https://codereview.chromium.org/1484393002 Cr-Commit-Position: refs/heads/master@{#32506}
-
bmeurer authored
Allow to pass new.target (in addition to target) to C++ builtins, and remove some obsolete/dangerous code from the C++ builtins. R=yangguo@chromium.org Review URL: https://codereview.chromium.org/1491883002 Cr-Commit-Position: refs/heads/master@{#32505}
-
mlippautz authored
Revert of [heap] Clean up stale store buffer entries for aborted pages. (patchset #4 id:60001 of https://codereview.chromium.org/1493653002/ ) Reason for revert: Not completely correct fix. Original issue's description: > [heap] Clean up stale store buffer entries for aborted pages. > > 1. Let X be the aborted slot (slot in an evacuated object in an aborted page) > 2. Assume X contains pointer to Y and Y is in the new space, so X is in the > store buffer. > 3. Store buffer rebuilding will not filter out X (it checks InNewSpace(Y)). > 4. The current mark-sweep finishes. The slot X is in free space and is also in > the store buffer. > 5. A string of length 9 "abcdefghi" is allocated in the new space. The string > looks like |MAP|LENGTH|hgfedcba|NNNNNNNi| in memory, where NNNNNNN is > previous garbage. Let's assume that NNNNNNN0 was pointing to a new space > object before. > 6. Scavenge happens. > 7. Slot X is still in free space and in store buffer. [It causes scavenge of > the object Y in > store_buffer()->IteratePointersToNewSpace(&Scavenger::ScavengeObject). But > it is not important]. > 8. Our string is promoted and is allocated over the slot X, such that NNNNNNNi > is written in X. > 9. The scavenge finishes. > 9. Another scavenge starts. > 10. We crash in > store_buffer()->IteratePointersToNewSpace(&Scavenger::ScavengeObject) when > processing slot X, because it doesn't point to valid map. > > BUG=chromium:524425,chromium:564498 > LOG=N > R=hpayer@chromium.org, ulan@chromium.org > > Committed: https://crrev.com/2e7eea4aef3403969fe885e30f892d46253b3572 > Cr-Commit-Position: refs/heads/master@{#32495} TBR=hpayer@chromium.org,ulan@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=chromium:524425,chromium:564498 Review URL: https://codereview.chromium.org/1489243004 Cr-Commit-Position: refs/heads/master@{#32504}
-
hpayer authored
Reland of [heap] Remove live weak cells from weak cell list when finalizing incremental marking. (patchset #1 id:1 of https://codereview.chromium.org/1481383004/ ) Reason for revert: Reland after fixing the potential root cause of the canary crasher. Original issue's description: > Revert of [heap] Remove live weak cells from weak cell list when finalizing incremental marking. (patchset #3 id:40001 of https://codereview.chromium.org/1474303002/ ) > > Reason for revert: > Still investigating bad canary. > > Original issue's description: > > [heap] Remove live weak cells from weak cell list when finalizing incremental marking. > > > > BUG=chromium:548562 > > LOG=n > > > > Committed: https://crrev.com/6190c608c8f3ced0f00ff53965e115b78646cecd > > Cr-Commit-Position: refs/heads/master@{#32372} > > TBR=ulan@chromium.org > NOPRESUBMIT=true > NOTREECHECKS=true > NOTRY=true > BUG=chromium:548562 > > Committed: https://crrev.com/72ae472ccc51ec304a66a8730c1fedbe265c16fa > Cr-Commit-Position: refs/heads/master@{#32459} TBR=ulan@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=chromium:548562 Review URL: https://codereview.chromium.org/1491743003 Cr-Commit-Position: refs/heads/master@{#32503}
-
hpayer authored
Reland of [heap] Cleanup mark bit usage. (patchset #1 id:1 of https://codereview.chromium.org/1490753003/ ) Reason for revert: Reland after fixing the potential root cause of the canary crasher. Original issue's description: > Revert of [heap] Cleanup mark bit usage. (patchset #1 id:1 of https://codereview.chromium.org/1474203003/ ) > > Reason for revert: > Still investigating bad canary. > > Original issue's description: > > [heap] Cleanup mark bit usage. > > > > BUG= > > > > Committed: https://crrev.com/5874ac783ff9bc4bb4b2fda81f5077f06619f96c > > Cr-Commit-Position: refs/heads/master@{#32362} > > TBR=mlippautz@chromium.org > NOPRESUBMIT=true > NOTREECHECKS=true > NOTRY=true > BUG= > > Committed: https://crrev.com/d3faef8658598e68331208b5a1846ac1c250cb49 > Cr-Commit-Position: refs/heads/master@{#32461} TBR=mlippautz@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG= Review URL: https://codereview.chromium.org/1488393003 Cr-Commit-Position: refs/heads/master@{#32502}
-
hpayer authored
Reland of [heap] Unify evacuating an object for new and old generation. (patchset #1 id:1 of https://codereview.chromium.org/1483963004/ ) Reason for revert: Reland after fixing the potential root cause of the canary crasher. Original issue's description: > Revert of [heap] Unify evacuating an object for new and old generation. (patchset #2 id:20001 of https://codereview.chromium.org/1481873002/ ) > > Reason for revert: > Still investigating bad canary. > > Original issue's description: > > [heap] Unify evacuating an object for new and old generation. > > > > BUG=chromium:524425 > > LOG=N > > > > Committed: https://crrev.com/afb8bcce8ba889280ed747eb218d287ddd233b4a > > Cr-Commit-Position: refs/heads/master@{#32365} > > TBR=mlippautz@chromium.org > NOPRESUBMIT=true > NOTREECHECKS=true > NOTRY=true > BUG=chromium:524425 > > Committed: https://crrev.com/9c60ddc60e96da0c59e646660789c26550ad52a2 > Cr-Commit-Position: refs/heads/master@{#32460} TBR=mlippautz@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=chromium:524425 Review URL: https://codereview.chromium.org/1494533002 Cr-Commit-Position: refs/heads/master@{#32501}
-
hpayer authored
Reland of [heap] Refactor evacuation for young and old gen into visitors. (patchset #1 id:1 of https://codereview.chromium.org/1483393002/ ) Reason for revert: Reland after fixing the potential root cause of the canary crasher. Original issue's description: > Revert of [heap] Refactor evacuation for young and old gen into visitors. (patchset #5 id:80001 of https://codereview.chromium.org/1470253002/ ) > > Reason for revert: > Still investigating bad canary. > > Original issue's description: > > [heap] Refactor evacuation for young and old gen into visitors. > > > > Create a visitor for evacuating objects for young and old generation. This is > > the first step of preparing a task to process, both, newspace and oldspace > > pages in parallel. > > > > BUG=chromium:524425 > > LOG=N > > > > Committed: https://crrev.com/138d9bae5d7014e0d205634a49b5eac3697744c8 > > Cr-Commit-Position: refs/heads/master@{#32349} > > TBR=mlippautz@chromium.org > NOPRESUBMIT=true > NOTREECHECKS=true > NOTRY=true > BUG=chromium:524425 > > Committed: https://crrev.com/aa24a3135ec308e1f84bce334844caf0cae2437a > Cr-Commit-Position: refs/heads/master@{#32462} TBR=mlippautz@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=chromium:524425 Review URL: https://codereview.chromium.org/1493523003 Cr-Commit-Position: refs/heads/master@{#32500}
-
ivica.bogosavljevic authored
MIPS R6 introduced new behavior for handling of NaN values for TRUNC, FLOOR, CEIL and CVT instructions. Adding support for the new behavior in MIPS and MIPS64 simulators. Fixing tests for MIPS and MIPS64 to align them with the new behavior. BUG= Review URL: https://codereview.chromium.org/1488613007 Cr-Commit-Position: refs/heads/master@{#32499}
-
sigurds authored
This is the first part of escape analysis for turbofan. At the moment, there is no deopt support, and support for loops is partial (only binary Phis are handled). The CL includes 4 unittests. There are also 8 new mjsunit tests, some of which are skiped as they require features not yet implemented. BUG=v8:4586 LOG=n Review URL: https://codereview.chromium.org/1457683003 Cr-Commit-Position: refs/heads/master@{#32498}
-
verwaest authored
non-constructors are not allowed to have initial maps. The optimizing compilers used to add initial maps unconditionally to functions used as right-hand-side in instanceof. BUG= Review URL: https://codereview.chromium.org/1490003003 Cr-Commit-Position: refs/heads/master@{#32497}
-
jkummerow authored
And use it to fix Object.keys() for proxies. BUG=v8:1543 LOG=n R=cbruni@chromium.org Review URL: https://codereview.chromium.org/1488873003 Cr-Commit-Position: refs/heads/master@{#32496}
-
mlippautz authored
1. Let X be the aborted slot (slot in an evacuated object in an aborted page) 2. Assume X contains pointer to Y and Y is in the new space, so X is in the store buffer. 3. Store buffer rebuilding will not filter out X (it checks InNewSpace(Y)). 4. The current mark-sweep finishes. The slot X is in free space and is also in the store buffer. 5. A string of length 9 "abcdefghi" is allocated in the new space. The string looks like |MAP|LENGTH|hgfedcba|NNNNNNNi| in memory, where NNNNNNN is previous garbage. Let's assume that NNNNNNN0 was pointing to a new space object before. 6. Scavenge happens. 7. Slot X is still in free space and in store buffer. [It causes scavenge of the object Y in store_buffer()->IteratePointersToNewSpace(&Scavenger::ScavengeObject). But it is not important]. 8. Our string is promoted and is allocated over the slot X, such that NNNNNNNi is written in X. 9. The scavenge finishes. 9. Another scavenge starts. 10. We crash in store_buffer()->IteratePointersToNewSpace(&Scavenger::ScavengeObject) when processing slot X, because it doesn't point to valid map. BUG=chromium:524425,chromium:564498 LOG=N R=hpayer@chromium.org, ulan@chromium.org Review URL: https://codereview.chromium.org/1493653002 Cr-Commit-Position: refs/heads/master@{#32495}
-
yangguo authored
R=bmeurer@chromium.org BUG=v8:4581 LOG=N Review URL: https://codereview.chromium.org/1495473002 Cr-Commit-Position: refs/heads/master@{#32494}
-
hablich authored
BUG=chromium:500934 LOG=N TBR=yangguo@chromium.org Review URL: https://codereview.chromium.org/1486343003 Cr-Commit-Position: refs/heads/master@{#32493}
-
zhengxing.li authored
port 74434403 (r32261) original commit message: I implemented the optional Float32RoundDown operator on x64, ia32, arm, and arm64. For arm I also had to adjust the simulator. BUG= Review URL: https://codereview.chromium.org/1490113003 Cr-Commit-Position: refs/heads/master@{#32492}
-
bmeurer authored
Sanitize ConstructStub handling and add a test case to ensure that the Symbol constructor is using the correct context. R=jarin@chromium.org BUG=v8:4413 LOG=n Review URL: https://codereview.chromium.org/1489323002 Cr-Commit-Position: refs/heads/master@{#32491}
-
zhengxing.li authored
port dffecf31 (r32005) original commit message: The TiesEven rounding mode rounds float64 numbers to the nearest integer. If there are two nearest integers, then the number is rounded to the even one. This is the default rounding mode according to IEEE~754. I implemented the operator on ia32, x64, arm, arm64, mips, and mips64. I think there is a bug in the current implementation of the ppc simulator, which kept me from implementing the operator on ppc. According to my understanding of the ppc instruction manual, the FRIN instruction provides the right behavior for Float64RoundTiesEven. In the simulator, however, FRIN provides a different semantics. If there are two nearest integers, then the simulator returns the one which is further away form 0. BUG= Review URL: https://codereview.chromium.org/1486323003 Cr-Commit-Position: refs/heads/master@{#32490}
-
zhengxing.li authored
port d2f78c6b (r32476) original commit message: This becomes visible if an exception is thrown by the constructor. We do this on "new Array(3.5)", throwing a RangeError. BUG= Review URL: https://codereview.chromium.org/1491153002 Cr-Commit-Position: refs/heads/master@{#32489}
-
zhengxing.li authored
port 66d5a9df (r32452) original commit message: CallIC and CallConstructStub look so alike, at least in the feedback they gather even if the implementation differs...and CallIC has such a nice way of surfacing the feedback (CallICNexus), that there BUG= Review URL: https://codereview.chromium.org/1491063003 Cr-Commit-Position: refs/heads/master@{#32488}
-
zhengxing.li authored
port 2f559f21 (r32449) original commit message: BUG= Review URL: https://codereview.chromium.org/1494453002 Cr-Commit-Position: refs/heads/master@{#32487}
-
zhengxing.li authored
port c83db2d0 (r32456) original commit message: BUG= Review URL: https://codereview.chromium.org/1487293002 Cr-Commit-Position: refs/heads/master@{#32486}
-