- 24 Sep, 2018 1 commit
-
-
Benedikt Meurer authored
When we detect during SimplifiedLowering that the index for the MaybeGrowFastElements operation is less than the length of the array, which are both passed as explicit parameters to the operation, we can just drop the operation from the graph completely and go with the existing elements. This happens for example when code creates a new Array and immediately stores to it, i.e. like in the case of ```js const array = new Array(); array.push(something); ``` where the `new Array()` already creates a backing store of 4 elements, so the check for growing in `Array#push()` is redundant here. Change-Id: I548049b2c7b60c5f189f8ffdcb20b3a6ff1b0555 Reviewed-on: https://chromium-review.googlesource.com/1238655Reviewed-by:
Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#56153}
-
- 21 Sep, 2018 39 commits
-
-
Aseem Garg authored
This CL ignores multiple name sections in wasm modules instead throwing an error. This is in line with the spec with regards to custom sections. BUG=v8:8186 R=clemensh@chromium.org,adamk@chromium.org Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel Change-Id: I8c6610afe389d8f8d03f9fca164bd46cb5fb030d Reviewed-on: https://chromium-review.googlesource.com/1232676 Commit-Queue: Aseem Garg <aseemgarg@chromium.org> Reviewed-by:
Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#56152}
-
Alexey Kozyatinskiy authored
After total liveedit rewrite, liveedit works with module, we can remove the guard. R=dgozman@chromium.org Bug: chromium:806261 Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel Change-Id: Ide15eca2ab6d8ba7df4e7fae541c4a65794eeea8 Reviewed-on: https://chromium-review.googlesource.com/1238914Reviewed-by:
Dmitry Gozman <dgozman@chromium.org> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> Cr-Commit-Position: refs/heads/master@{#56151}
-
Sergiy Byelozyorov authored
R=machenbach@chromium.org Bug: chromium:838864 Change-Id: Iec0999284336deaf23030d151f075ca78268489e Reviewed-on: https://chromium-review.googlesource.com/1238474 Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org> Reviewed-by:
Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#56150}
-
Igor Sheludko authored
In order to workaround MSVC compilation issue this CL explicitly adds _TYPE suffixes to struct instance type names in STRUCT_LIST. Bug: v8:8015 Change-Id: If71a26e4cbd41bc7372bf127bd050159d0d324ce Reviewed-on: https://chromium-review.googlesource.com/1238496 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#56149}
-
Jakob Gruber authored
In an embedded handler build, it's not guaranteed that every handler is embedded (and thus immovable). The GC must still iterate the dispatch table to update pointers to moved code objects. TBR=rmcilroy@chromium.org Bug: v8:8068 Change-Id: I8b37f1758fdc670081e0c4f58795aea271811994 Reviewed-on: https://chromium-review.googlesource.com/1238236Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Dan Elphick <delphick@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#56148}
-
Jakob Gruber authored
Bug: v8:6666 Change-Id: I54ee5bcaef729d1a4b9edbae3157951df135df90 Reviewed-on: https://chromium-review.googlesource.com/1238239 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by:
-
Toon Verwaest authored
Simplify zone discarding for preparsed functions by simply giving the preparser its own zone that we reset whenever we finish preparsing something. Change-Id: I3135fbbcd6caefa4654b1ae2b2207377e51bee26 Reviewed-on: https://chromium-review.googlesource.com/1238614 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by:
Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#56146}
-
Mathias Bynens authored
The proposal is currently at Stage 2 of the TC39 process. Repository: https://github.com/tc39/proposal-well-formed-stringify Bug: v8:7782 Change-Id: I7383f0df5b330aa71e3d80b50b7e52d474f153a3 Reviewed-on: https://chromium-review.googlesource.com/1238475 Commit-Queue: Mathias Bynens <mathias@chromium.org> Reviewed-by:
Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#56145}
-
Marja Hölttä authored
BUG=v8:5402,v8:8015 Change-Id: Ie14228aa4d75d1a7f2a057ce1a001c51a7732dcc Reviewed-on: https://chromium-review.googlesource.com/1238515 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by:
Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#56144}
-
Igor Sheludko authored
... which are generated from ALLOCATION_SITE_LIST and DATA_HANDLER_LIST respectively. Bug: v8:8015 Change-Id: Ib729628e6b65ad98ff50234572f8edf2854f83ad Reviewed-on: https://chromium-review.googlesource.com/1238517 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by:
-
Michael Lippautz authored
Bug: v8:8015, v8:7490, v8:7965 Change-Id: Ic81c4c07b5b64ee3b77d7d1d245c3f5d32f9cdfa Reviewed-on: https://chromium-review.googlesource.com/1238613 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
Hannes Payer <hpayer@chromium.org> Cr-Commit-Position: refs/heads/master@{#56142}
-
Michael Achenbach authored
TBR=sergiyb@chromium.org NOTRY=true Bug: v8:8207 Change-Id: Ic19cddc193e6a280f0f4f9289e1ab8f36f08e9c8 Reviewed-on: https://chromium-review.googlesource.com/1238216 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by:
Sergiy Byelozyorov <sergiyb@chromium.org> Reviewed-by:
-
Benedikt Meurer authored
Bug: v8:8015 Change-Id: Iaeaaa5a1ccded0b6e43bd78dd04cc0b8e2c933a3 Reviewed-on: https://chromium-review.googlesource.com/1238495Reviewed-by:
-
Sigurd Schneider authored
Change-Id: I2b1eb33e4b7a7c5158bec02c60823669921b619d Bug: v8:6666, v8:8015 Reviewed-on: https://chromium-review.googlesource.com/1238578Reviewed-by:
-
Marja Hölttä authored
Also fixing DEPS include rules for heap-write-barrier.h BUG=v8:5402,v8:8015 Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng Change-Id: Ia785da321bc6c6f4c375ae8c866a0bf294e64f5b Reviewed-on: https://chromium-review.googlesource.com/1238453Reviewed-by:
-
Michael Starzinger authored
This also makes the {AddCodeCopy} method more specific to only apply to import wrappers, otherwise the use of {set_code} would be unprotected. R=clemensh@chromium.org BUG=v8:8015 Change-Id: I62561560f57e4cc235a338c0e769e50ff55ec42d Reviewed-on: https://chromium-review.googlesource.com/1238477Reviewed-by: -
Benedikt Meurer authored
Remove the following runtime functions, which are not used throughout the code base anymore: - %GetWeakMapEntries - %GetWeakSetValues - %MapIteratorClone - %SetIteratorClone - %StringNotEqual - %FunctionGetName - %IsConstructor - %SetCode Bug: v8:8015 Change-Id: Iaf441d58e9b9bc77ef5bf93cb82ada87fb1ff5a7 Reviewed-on: https://chromium-review.googlesource.com/1238574 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
-
Georg Neis authored
This did unnecessarily much work, part of it even didn't make sense due to my misunderstanding of the different ownership notions. Bug: v8:7790 Change-Id: I8f630b544d2fa9d583ceb7e496e88b9a655385a7 Reviewed-on: https://chromium-review.googlesource.com/1236955Reviewed-by:
Maya Lekova <mslekova@chromium.org> Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#56135}
-
Daniel Clifford authored
Bug: v8:7793 Change-Id: I3ab2cf1b6190014eff29f6983c27872b4d79a9dc Reviewed-on: https://chromium-review.googlesource.com/1233760 Commit-Queue: Daniel Clifford <danno@chromium.org> Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#56134}
-
Michael Lippautz authored
Bug: v8:8015 Change-Id: Ic247b288294259dea1795c909874920e9f37a871 Reviewed-on: https://chromium-review.googlesource.com/1238575Reviewed-by:
-
Toon Verwaest authored
Rather than allocating one in the zone and swapping them on discardable zone swap, we simply swap the zone in the inferrer and allow the stacks to grow in the outer zone. The inner segments will be dropped anyway. This also introduces a PreParserFuncNameInferrer that just has dummy implementations. That way we can avoid checking whether fni_ is nullptr at runtime. Change-Id: I0ff41b16d31571fc4606fd46b705d80b423343eb Reviewed-on: https://chromium-review.googlesource.com/1238573Reviewed-by:
-
Benedikt Meurer authored
When constructing a TypedArray by length, only actually setup the JSTypedArray instance once the buffer is allocated, as only at that time it's known whether the byte length is fine. Otherwise we confuse the heap verifier. Bug: chromium:887891 Change-Id: I407ff9a2a053dd11ef764e4e32f482abb27eb0a8 Reviewed-on: https://chromium-review.googlesource.com/1238494Reviewed-by:
-
Yang Guo authored
R=ahaas@chromium.org Bug: chromium:887888 Change-Id: I69edac2289ae6c00aeba82edcd780861568165ac Reviewed-on: https://chromium-review.googlesource.com/1238178Reviewed-by:
Andreas Haas <ahaas@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#56130}
-
Florian Sattler authored
Fixing clang-tidy warning. Replace 0 with nullptr. Add NOLINT for special cases. Add default/override to methods. Bug: v8:8015 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: Iff483356ace471d816051c6dd06ca08809ae1c09 Reviewed-on: https://chromium-review.googlesource.com/1238333Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Reviewed-by:
-
Benedikt Meurer authored
Bug: v8:8015 Change-Id: I8c7d5fce7bdac70a96a05b469c42ac578c9426bc Reviewed-on: https://chromium-review.googlesource.com/1238177Reviewed-by:
-
Benedikt Meurer authored
Remove %ToPrimitive, %ToPrimitive_Number, %SameValue and %SameValueZero, as these runtime functions were only used from tests. For the %SameValue we use Object.is() to test the internal algorithm (the actual one even), and for %SameValueZero we use Set#has() - this was already the case for most uses anyways. Also drop %IsDate and %ValueOf, which didn't have uses at all. Bug: v8:8015 Change-Id: Ice26d25e68aed4d5d8adac0547c56aedf9826b13 Reviewed-on: https://chromium-review.googlesource.com/1237677 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
-
Benedikt Meurer authored
The JSToInteger operator is not used anywhere in TurboFan nowadays, so no point in keeping the dead code in the tree. Bug: v8:8015 Change-Id: If03ba63c4b932ba0aac60b9bbc89fee3909a93c6 Reviewed-on: https://chromium-review.googlesource.com/1238238Reviewed-by:
-
Benedikt Meurer authored
The order in which ToNumber(left) and ToPrimitive(right,hint Number) is called when performing an abstract relational comparison is observable, and we need to make sure to trigger the conversions in the correct order. Bug: chromium:687063 Change-Id: Idc9edb99643c4cf1774b89dcdc319ed5dc7cdc8a Reviewed-on: https://chromium-review.googlesource.com/1236557Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#56125}
-
Jakob Gruber authored
TBR=sigurds@chromium.org Bug: v8:6666 Change-Id: I6fffc2187f7d457bfefe34cc78ad304cfb0a34a7 Reviewed-on: https://chromium-review.googlesource.com/1237678Reviewed-by:
-
Michael Starzinger authored
R=clemensh@chromium.org BUG=v8:8015 Change-Id: I1daca16797a6a359aaab1703767ae24e2d73e8f2 Reviewed-on: https://chromium-review.googlesource.com/1238240Reviewed-by:
-
Leszek Swirski authored
This test is currently flaky on TSAN and blocks the roll. Bug: v8:8209 Change-Id: I0ca32d39f5570b458d56801b9a72ff3c428678d5 Reviewed-on: https://chromium-review.googlesource.com/1237676Reviewed-by:
Michael Hablich <hablich@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#56122}
-
Benedikt Meurer authored
Properly test the abstract equality - both JSEqual and JSNotEqual - for the case of symbols. Also add tests for the corner cases of the JSObjectIsArray operator, which is used to implement Array.isArray() builtin. Bug: v8:8015 Change-Id: Ib008e85553d04527a5992a904ec77774761f872e Reviewed-on: https://chromium-review.googlesource.com/1238237Reviewed-by:
-
Jakob Gruber authored
Bug: v8:6666 Change-Id: I3867339640de252884b7941abdacff0872eaff39 Reviewed-on: https://chromium-review.googlesource.com/1235916 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by:
-
Dan Elphick authored
Change the following functions from V8_DEPRECATE_SOON to V8_DEPRECATED: JSON::Parse ValueSerializer::ReleaseBuffer,TransferSharedArrayBuffer Date::New ResourceConstraints::max_semi_space_size, set_max_semi_spaceisize, max_executable_size, set_max_executable_size Bug: v8:8015, v8:7269 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: I2724738809fe1db28dbe279d476ac6fdf72ee5fa Reviewed-on: https://chromium-review.googlesource.com/1235915Reviewed-by:
-
Simon Zünd authored
R=jgruber@chromium.org Bug: v8:6666 Change-Id: I3ece4039297f837a3677c62c4a76433b73ebbe15 Reviewed-on: https://chromium-review.googlesource.com/1233916Reviewed-by:
-
Jakob Gruber authored
Handlers were recently moved to the builtins table, and we never added full support for this flag. It doesn't add much value and lazy deserialization is scheduled for mid-term removal anyways, so let's just delete it. --lazy-deserialization now controls both builtin- and handler-deserialization behavior. Bug: v8:6624 Change-Id: Iffb7286a00157966abf99158ba629ce4765536d6 Reviewed-on: https://chromium-review.googlesource.com/1238235 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by:
-
Sigurd Schneider authored
Change-Id: I9eda6409d05c59085a09ebc7079b9c12c9877574 Bug: v8:6666 Reviewed-on: https://chromium-review.googlesource.com/1236577 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by:
-
Benedikt Meurer authored
Improve the lowering of CheckedInt32Div and CheckedUint32Div for the case that the right hand side is a known (positive) power of two, as in that case it's sufficient to just check the relevant bits on the left hand side and then shift by the appropriate amount of bits. This is significantly faster than what TurboFan is able to generate from the general lowering, even with all the MachineOperatorReducer magic (it even shows as a steady ~1.5% overall improvement on the Kraken crypto ccm benchmark). Also turn the general CheckedInt32Div lowering into readable code again, and make sure that all the bailout cases are properly covered by mjsunit tests (i.e. the "division by zero" bailout was not covered properly). Bug: v8:8015 Change-Id: Ibfdd367a6ee5d70dcaa48801858042c5029b7004 Reviewed-on: https://chromium-review.googlesource.com/1236954Reviewed-by:
-
Benedikt Meurer authored
The previous tests didn't cover the case Number.isSafeInteger(x) where TurboFan was unable to tell that `x` is always a Number and thus had to use the ObjectIsSafeInteger operator instead. Bug: v8:8015 Change-Id: I9bdbfa602fe0bf8c5fb2bc6c160ace7ab0bc0aaa Reviewed-on: https://chromium-review.googlesource.com/1238234Reviewed-by:
-
