1. 01 Mar, 2016 1 commit
    • zhengxing.li's avatar
      X87: [turbofan] Don't use the CompareIC in JSGenericLowering. · 4a6f1512
      zhengxing.li authored
        port d00da47b(r34335)
      
        original commit message:
        The CompareICStub produces an untagged raw word value, which has to be
        translated to true or false manually in the TurboFan code. But for lazy
        bailout after the CompareIC, we immediately go back to fullcodegen or
        Ignition with the raw value, to a location where both fullcodegen and
        Ignition expect a boolean value, which might crash or in the worst case
        (depending on the exact computation inside the CompareIC) could lead to
        arbitrary memory access.
      
        Short-term fix is to use the proper runtime functions (unified with the
        interpreter now) for comparisons. Next task is to provide optimized
        versions of these based on the CodeStubAssembler, which can then be used
        via code stubs in TurboFan or directly in handlers in the interpreter.
      
      BUG=
      
      Review URL: https://codereview.chromium.org/1744923002
      
      Cr-Commit-Position: refs/heads/master@{#34372}
      4a6f1512
  2. 29 Feb, 2016 20 commits
  3. 28 Feb, 2016 6 commits
  4. 27 Feb, 2016 4 commits
  5. 26 Feb, 2016 9 commits
    • mbrandy's avatar
      PPC: [turbofan] Don't use the CompareIC in JSGenericLowering. · c1507e15
      mbrandy authored
      Port d00da47b
      
      Original commit message:
          The CompareICStub produces an untagged raw word value, which has to be
          translated to true or false manually in the TurboFan code. But for lazy
          bailout after the CompareIC, we immediately go back to fullcodegen or
          Ignition with the raw value, to a location where both fullcodegen and
          Ignition expect a boolean value, which might crash or in the worst case
          (depending on the exact computation inside the CompareIC) could lead to
          arbitrary memory access.
      
          Short-term fix is to use the proper runtime functions (unified with the
          interpreter now) for comparisons. Next task is to provide optimized
          versions of these based on the CodeStubAssembler, which can then be used
          via code stubs in TurboFan or directly in handlers in the interpreter.
      
      R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
      BUG=v8:4788
      LOG=n
      
      Review URL: https://codereview.chromium.org/1745643002
      
      Cr-Commit-Position: refs/heads/master@{#34341}
      c1507e15
    • mbrandy's avatar
      Revert of PPC: [compiler] Drop the CompareNilIC. (patchset #1 id:1 of... · 76b66159
      mbrandy authored
      Revert of PPC: [compiler] Drop the CompareNilIC. (patchset #1 id:1 of https://codereview.chromium.org/1733663003/ )
      
      Reason for revert:
      Original commit reverted.
      
      Original issue's description:
      > PPC: [compiler] Drop the CompareNilIC.
      >
      > Port 666aec03
      >
      > Original commit message:
      >     Since both null and undefined are also marked as undetectable now, we
      >     can just test that bit instead of having the CompareNilIC try to collect
      >     feedback to speed up the general case (without the undetectable bit
      >     being used).
      >
      >     Drive-by-fix: Update the type system to match the new handling of
      >     undetectable in the runtime.
      >
      > R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
      > BUG=
      >
      > Committed: https://crrev.com/546ea6b8393a894f07597ade5ec1c7db02c1e425
      > Cr-Commit-Position: refs/heads/master@{#34266}
      
      TBR=bmeurer@chromium.org,joransiu@ca.ibm.com,jyan@ca.ibm.com,michael_dawson@ca.ibm.com
      # Not skipping CQ checks because original CL landed more than 1 days ago.
      BUG=
      
      Review URL: https://codereview.chromium.org/1736253003
      
      Cr-Commit-Position: refs/heads/master@{#34340}
      76b66159
    • littledan's avatar
      Fix strict mode function error message · 92ed0853
      littledan authored
      ES2015 allows strict mode block scoped function declarations; weaken
      the error message about misuse to allow this.
      
      BUG=v8:2198
      LOG=Y
      R=adamk
      
      Review URL: https://codereview.chromium.org/1741903002
      
      Cr-Commit-Position: refs/heads/master@{#34339}
      92ed0853
    • littledan's avatar
      Reland of Test262 roll, 2016-2-23 (patchset #1 id:1 of... · abe61bde
      littledan authored
      Reland of Test262 roll, 2016-2-23 (patchset #1 id:1 of https://codereview.chromium.org/1736223002/ )
      
      Reason for revert:
      Intl change relanded https://codereview.chromium.org/1745483002/
      
      Original issue's description:
      > Revert of Test262 roll, 2016-2-23 (patchset #2 id:20001 of https://codereview.chromium.org/1738033002/ )
      >
      > Reason for revert:
      > An Intl change that this depends on breaks a bot
      >
      > Original issue's description:
      > > Test262 roll, 2016-2-23
      > >
      > > R=adamk
      > >
      > > Committed: https://crrev.com/34492040fbfb04fead21416245c8696b9847e751
      > > Cr-Commit-Position: refs/heads/master@{#34312}
      >
      > TBR=adamk@chromium.org
      > # Skipping CQ checks because original CL landed less than 1 days ago.
      > NOPRESUBMIT=true
      > NOTREECHECKS=true
      > NOTRY=true
      >
      > Committed: https://crrev.com/3b829ad80628bf521aa78255c2e5e20040a57b5f
      > Cr-Commit-Position: refs/heads/master@{#34313}
      
      TBR=adamk@chromium.org
      # Skipping CQ checks because original CL landed less than 1 days ago.
      NOPRESUBMIT=true
      NOTREECHECKS=true
      NOTRY=true
      
      Review URL: https://codereview.chromium.org/1739533006
      
      Cr-Commit-Position: refs/heads/master@{#34338}
      abe61bde
    • littledan's avatar
      Reland of Make Intl install properties more like how other builtins do... · 88d7c59c
      littledan authored
      Reland of Make Intl install properties more like how other builtins do (patchset #1 id:1 of https://codereview.chromium.org/1733293003/ )
      
      This reland fixes a bug by pulling properties off the utils object, so
      that it can be garbage collected in nosnap builds.
      Original commit message:
      
      Intl has been somewhat of an oddball for how it integrates with V8.
      One aspect is that it largely didn't use utils to install itself
      into the snapshot, which led to some missing names, which new
      test262 tests check for, and duplicated code. This patch brings
      Intl a bit closer to how the rest of the builtins do things, though
      not entirely as it is currently structured to do unusual things,
      such as creating new constructors from JavaScript rather than C++.
      New test262 tests check for some of the names that are added in
      this patch.
      
      R=adamk
      CC=jshin
      BUG=v8:4778
      LOG=Y
      
      Review URL: https://codereview.chromium.org/1745483002
      
      Cr-Commit-Position: refs/heads/master@{#34337}
      88d7c59c
    • alan.li's avatar
      MIPS64: Fix '[runtime] Optimize and unify rest parameters.'. · f040b7fe
      alan.li authored
      Port 3ef573e9
      
      Original commit message:
      
          Replace the somewhat awkward RestParamAccessStub, which would always
          call into the runtime anyway with a proper FastNewRestParameterStub,
          which is basically based on the code that was already there for strict
          arguments object materialization. But for rest parameters we could
          optimize even further (leading to 8-10x improvements for functions with
          rest parameters), by fixing the internal formal parameter count:
      
          Every SharedFunctionInfo has a formal_parameter_count field, which
          specifies the number of formal parameters, and is used to decide whether
          we need to create an arguments adaptor frame when calling a function
          (i.e. if there's a mismatch between the actual and expected parameters).
          Previously the formal_parameter_count included the rest parameter, which
          was sort of unfortunate, as that meant that calling a function with only
          the non-rest parameters still required an arguments adaptor (plus some
          other oddities). Now with this CL we fix, so that we do no longer
          include the rest parameter in that count. Thereby checking for rest
          parameters is very efficient, as we only need to check whether there is
          an arguments adaptor frame, and if not create an empty array, otherwise
          check whether the arguments adaptor frame has more parameters than
          specified by the formal_parameter_count.
      
          The FastNewRestParameterStub is written in a way that it can be directly
          used by Ignition as well, and with some tweaks to the TurboFan backends
          and the CodeStubAssembler, we should be able to rewrite it as
          TurboFanCodeStub in the near future.
      
          Drive-by-fix: Refactor and unify the CreateArgumentsType which was
          different in TurboFan and Ignition; now we have a single enum class
          which is used in both TurboFan and Ignition.
      
      TEST=test/mjsunit/harmony/destructuring, test/mjsunit/harmony/default-parameters,
      test/mjsunit/harmony/default-parameters, test/mjsunit/es6/classes-subclass-builtins,
      BUG=
      
      Review URL: https://codereview.chromium.org/1734273003
      
      Cr-Commit-Position: refs/heads/master@{#34336}
      f040b7fe
    • bmeurer's avatar
      [turbofan] Don't use the CompareIC in JSGenericLowering. · d00da47b
      bmeurer authored
      The CompareICStub produces an untagged raw word value, which has to be
      translated to true or false manually in the TurboFan code. But for lazy
      bailout after the CompareIC, we immediately go back to fullcodegen or
      Ignition with the raw value, to a location where both fullcodegen and
      Ignition expect a boolean value, which might crash or in the worst case
      (depending on the exact computation inside the CompareIC) could lead to
      arbitrary memory access.
      
      Short-term fix is to use the proper runtime functions (unified with the
      interpreter now) for comparisons. Next task is to provide optimized
      versions of these based on the CodeStubAssembler, which can then be used
      via code stubs in TurboFan or directly in handlers in the interpreter.
      
      R=mstarzinger@chromium.org
      BUG=v8:4788
      LOG=n
      
      Review URL: https://codereview.chromium.org/1738153002
      
      Cr-Commit-Position: refs/heads/master@{#34335}
      d00da47b
    • rmcilroy's avatar
      [Interpreter]: Update test262.status for Ignition. · 81f12a74
      rmcilroy authored
      Moves skips to explicit fails and groups errors be failure reason. Almost all failures
      are due to lack of generator support.
      
      BUG=v8:4680
      LOG=N
      TBR=oth@chromium.org
      
      Review URL: https://codereview.chromium.org/1740843003
      
      Cr-Commit-Position: refs/heads/master@{#34334}
      81f12a74
    • mstarzinger's avatar
      Remove strong mode support from materialized literals. · 239ed8ff
      mstarzinger authored
      R=bmeurer@chromium.org
      BUG=v8:3956
      LOG=n
      
      Review URL: https://codereview.chromium.org/1734243004
      
      Cr-Commit-Position: refs/heads/master@{#34333}
      239ed8ff