- 24 Jan, 2018 29 commits
-
-
Michal Majewski authored
Bug: v8:6917 Change-Id: I03be38be952f0d59eb20fa98102ef09ca795de40 Reviewed-on: https://chromium-review.googlesource.com/883446 Commit-Queue: Michał Majewski <majeski@google.com> Reviewed-by:
Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#50848}
-
Clemens Hammacher authored
When executing register moves, we might need to spill registers to the stack. Ensure that we don't exceed the reserved stack space for the current frame. R=ahaas@chromium.org Bug: v8:7366, v8:6600 Change-Id: Ic11ff2ff5f46535c3663ef4cf62b095f6c8ba637 Reviewed-on: https://chromium-review.googlesource.com/883282 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by:
Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#50847}
-
Leszek Swirski authored
Bug: v8:7178 Change-Id: Ib86942acff8419699d739c6fb28479613b04e745 Reviewed-on: https://chromium-review.googlesource.com/878179 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Reviewed-by:
Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#50846}
-
Leszek Swirski authored
The SwitchOnGeneratorState bytecode now also falls through if the generator object is undefined (so that we don't need that jump) and restores generator context (so that we don't need that PushContext). This saves 10 bytes per generator. Change-Id: Ie0872c827119b9f1d1e9244d3be6496a30cd9620 Reviewed-on: https://chromium-review.googlesource.com/867051 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#50845}
-
Andreas Haas authored
The CompilationUnitBuilder of the StreamingProcessor is cleared when an error occurs in the streaming decoder. The clearing of the CompilationUnitBuilder was guarded by the existence of the ModuleCompiler, because this ModuleCompiler and the CompilationUnitBuilder are created together. However, the CompilationUnitBuilder is reset when the next section after the code section is processed, whereas the ModuleCompiler exists until the end of the AsyncCompileJob. With this CL the clearing of the CompilationUnitBuilder is also guarded by its own existence. R=clemensh@chromium.org Bug: chromium:805346 Change-Id: I0e9e9eaff9239fadb21c0f17990da61cbfaa6856 Reviewed-on: https://chromium-review.googlesource.com/883527 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by:
Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#50844}
-
Clemens Hammacher authored
When reserving stack space by decrementing rsp/esp, we were ignoring the constant size needed for the stack marker and the wasm context. Later, we were using that space anyway, which can lead to errors if e.g. interrupt handlers kick in and use that space below rsp/esp. R=ahaas@chromium.org Bug: v8:7366, v8:6600 Change-Id: I2f49ef5785d33e98c29c5cf4fe7624a02e8c7628 Reviewed-on: https://chromium-review.googlesource.com/883881Reviewed-by:
-
Leszek Swirski authored
Instead of collecting eagerly compilable inner function literals (IIFEs etc.) during AST numbering, collect them during bytecode generation, exposing them on the CompilationJob. Bug: v8:7178 Change-Id: I47451f412d2796e5857b4bc38c4f29c80cb0745d Reviewed-on: https://chromium-review.googlesource.com/873872 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Michael Starzinger <mstarzinger@chromium.org> Reviewed-by:
-
Jeremy Roman authored
It is analogous to Template::SetLazyDataProperty, but for a single existing object. Similar to how SetNativeDataProperty exists on both. Bug: v8:7303 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: I634358ee455e28150198bd87a2bd79dc59e3e449 Reviewed-on: https://chromium-review.googlesource.com/867474Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Commit-Queue: Jeremy Roman <jbroman@chromium.org> Cr-Commit-Position: refs/heads/master@{#50841}
-
Georg Neis authored
In mode STORE_AND_GROW_NO_TRANSITION, the handler for elements stores used to bail out when seeing a COW array, even if the store that installed the handler had been operating on the very same array. This CL adds support for COW arrays to the mode (and renames it to STORE_AND_GROW_NO_TRANSITION_HANDLE_COW). Bug: v8:7334 Change-Id: I6a15e8c1ff8d4ad4d5b8fc447745dce5d146c67c Reviewed-on: https://chromium-review.googlesource.com/876014 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#50840}
-
Sergiy Byelozyorov authored
R=machenbach@chromium.org Bug: chromium:616879 Change-Id: I168ec7d3dbd1a9e9c6006919bf59de1d8b40ab3b Reviewed-on: https://chromium-review.googlesource.com/881483Reviewed-by:
-
Michael Starzinger authored
R=hablich@chromium.org BUG=v8:6792,v8:7272,chromium:793428 Change-Id: Idcb3d8c5193ce943dc67e2275b89603563f131ca Reviewed-on: https://chromium-review.googlesource.com/883509Reviewed-by:
Michael Hablich <hablich@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#50838}
-
Michael Lippautz authored
FixedArrays hanging off recursively of the constant pool without any real objects in between can be considered as meta data. They are shared with optimized code (embedder pointers). Bug: v8:7266 Change-Id: I4006675e17e8eea3bdc8565254d80e2ffece0ad0 Reviewed-on: https://chromium-review.googlesource.com/883361Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#50837}
-
Michael Starzinger authored
R=clemensh@chromium.org BUG=chromium:801878 Change-Id: I32a3cf3a63dfe073a06066f1db2fb32eb739f153 Reviewed-on: https://chromium-review.googlesource.com/883367Reviewed-by:
-
Michael Starzinger authored
This reverts commit 25ecc45f. Reason for revert: Two issues discovered with W^X in V8's 6.5 branch (see v8:7272 and chromium:793428). Still need a way to disable the feature. Original change's description: > [heap] Remove --write-protect-code-memory feature flag. > > R=hpayer@chromium.org > BUG=v8:6792 > > Change-Id: Id3413994de603dac1b7501c6fe376cdac1f9d7ce > Reviewed-on: https://chromium-review.googlesource.com/866851 > Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> > Reviewed-by: Hannes Payer <hpayer@chromium.org> > Cr-Commit-Position: refs/heads/master@{#50759} TBR=mstarzinger@chromium.org,hpayer@chromium.org,hablich@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: v8:6792 Change-Id: Ie0d4409b36f22c97a6777e512618beafdef8c2f4 Reviewed-on: https://chromium-review.googlesource.com/883502Reviewed-by:
Hannes Payer <hpayer@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#50835}
-
Michael Starzinger authored
This reverts commit bf19e60c. Reason for revert: Two issues discovered with W^X in V8's 6.5 branch (see v8:7272 and chromium:793428). Still need a way to disable the feature. Original change's description: > [platform] Remove {PageAllocator::kReadWriteExecute}. > > Now that write-protection of code memory is enabled everywhere and V8 is > fully W^X compliant, we can remove the permission mode in question. > > R=hpayer@chromium.org > BUG=v8:6792 > > Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng > Change-Id: I80fe95ac6bb0e2d1ad6d993154ce45d492d941be > Reviewed-on: https://chromium-review.googlesource.com/866855 > Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> > Reviewed-by: Hannes Payer <hpayer@chromium.org> > Reviewed-by: Bill Budge <bbudge@chromium.org> > Cr-Commit-Position: refs/heads/master@{#50770} TBR=bbudge@chromium.org,mstarzinger@chromium.org,hpayer@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: v8:6792 Change-Id: If4a205497ac83084a4092560363affb13b391462 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Reviewed-on: https://chromium-review.googlesource.com/883461Reviewed-by:
-
Tobias Tebbi authored
This reverts commit e02f5611. Reason for revert: Regresses compile time: chromium:803840 Original change's description: > [turbofan] trim effect chain nodes when they have no side-effect > > Bug: > Change-Id: Ic1b6dc6fcd8bfc4f0c3dbb101a38106aa3596a12 > Reviewed-on: https://chromium-review.googlesource.com/863886 > Commit-Queue: Tobias Tebbi <tebbi@chromium.org> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> > Cr-Commit-Position: refs/heads/master@{#50588} TBR=jarin@chromium.org,tebbi@chromium.org Change-Id: I631840ca3b79272108d5696e6dc68d671774e35c Bug: Reviewed-on: https://chromium-review.googlesource.com/883521 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#50833}
-
Sigurd Schneider authored
Add effect input and output to String.p.char[Code]At/codePointAt. This is necessary to fix an hard to reproduce bug, a repro for which is included. However, the only way to get the repro included in this CL to fail is to run it with the patch of 873382: [turbofan] Speculate on bounds checks for String#char[Code]At but WITHOUT this patch. This fixes a scheduling problem triggered by 873382 that caused a bounds check to get scheduled after the associated access. Bug: v8:7326 Change-Id: I4b97c1726caac92ff8f74c23df2788f0ecfb1304 Reviewed-on: https://chromium-review.googlesource.com/881781Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#50832}
-
Choongwoo Han authored
- Remove TypedArray.prototype.subarray in js/typedarray.js - Implement TypedArray.prototype.subarray as a CSA - Implement TypedArraySpeciesCreateByArrayBuffer as a CSA - Move a helper function for relative index from builtins-string-gec.cc to code-stub-assembler.cc - Move SpeciesConstructor from builtins-promise-gen.cc to code-stub-assembler.cc Bug: v8:7161, v8:5929 Change-Id: If3340476e16aa21659540eb4b24e3ead54e6a313 Reviewed-on: https://chromium-review.googlesource.com/830992 Commit-Queue: Peter Marshall <petermarshall@chromium.org> Reviewed-by:
Peter Marshall <petermarshall@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#50831}
-
Leszek Swirski authored
Instead of building suspend_ids in the AST numbering, collect suspend counts in the parser and assigning suspend ids during bytecode generation. Bug: v8:7178 Change-Id: I53421442afddc894db789fb9d0d3e3cc10e32ff0 Reviewed-on: https://chromium-review.googlesource.com/817598 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by:
-
Michael Achenbach authored
This reverts commit fffa4555. Reason for revert: https://build.chromium.org/p/client.v8/builders/V8%20Win32%20ASAN/builds/1905 Original change's description: > [build] Prepare switching win asan to 64 bits > > This switches the current win32 bots to win32 under the hood in MB. We'll > remove them and replace them with win64 bots in a follow up on the infra > side. > > This also infers the clang option from asan, because on windows we need > to set clang explicitly. > > TBR=sergiyb@chromium.org > > Bug: chromium:786303 > Change-Id: I9dddd5050a21a364c302a761ff15ddd21e97c7dc > Reviewed-on: https://chromium-review.googlesource.com/883103 > Reviewed-by: Michael Achenbach <machenbach@chromium.org> > Commit-Queue: Michael Achenbach <machenbach@chromium.org> > Cr-Commit-Position: refs/heads/master@{#50828} TBR=machenbach@chromium.org,sergiyb@chromium.org Change-Id: I2e17aa6ddf44a03d9da29e8b7f7dd2c9f6fe4cb9 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:786303 Reviewed-on: https://chromium-review.googlesource.com/883501Reviewed-by:
-
Michael Achenbach authored
This switches the current win32 bots to win32 under the hood in MB. We'll remove them and replace them with win64 bots in a follow up on the infra side. This also infers the clang option from asan, because on windows we need to set clang explicitly. TBR=sergiyb@chromium.org Bug: chromium:786303 Change-Id: I9dddd5050a21a364c302a761ff15ddd21e97c7dc Reviewed-on: https://chromium-review.googlesource.com/883103Reviewed-by:
-
jgruber authored
Bug: chromium:804801 Change-Id: I2d54e98df09b0ed5ccfcddd0815ad162641e03d6 Reviewed-on: https://chromium-review.googlesource.com/883121Reviewed-by:
-
Michael Lippautz authored
No-try: true Bug: v8:7266 Change-Id: Ia3a0142488765d36485287d0bf4ffa1e2cc635b2 Reviewed-on: https://chromium-review.googlesource.com/883141Reviewed-by:
-
Michael Achenbach authored
This will affect all manual test runs with x64. Most bots on x64 already migrated. TBR=sergiyb@chromium.org NOTRY=true Bug: v8:7343 Change-Id: I87f46f1848a813c0b320b3e9901481b9232025a5 Reviewed-on: https://chromium-review.googlesource.com/883101 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by:
-
Tobias Tebbi authored
Bug: Change-Id: Ia5df528e7e2129a4c6e029b75279015836147c95 Reviewed-on: https://chromium-review.googlesource.com/881145 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by:
-
Georg Neis authored
A while ago we introduced MutableBigInt in order to enforce this check. R=jkummerow@chromium.org Bug: v8:6791 Change-Id: I700ff0b1df854d4f6b8beff6f6c984e11cd07e40 Reviewed-on: https://chromium-review.googlesource.com/881174Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#50823}
-
v8-autoroll authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/5d0c607..6f1e572 Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/c4b36e2..296e7c3 Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/e80cb0b..179d836 TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org Change-Id: I40ebd0e5d2ba9ae51e40892a89238a5eb191e6e9 Reviewed-on: https://chromium-review.googlesource.com/882884Reviewed-by:
v8 autoroll <v8-autoroll@chromium.org> Commit-Queue: v8 autoroll <v8-autoroll@chromium.org> Cr-Commit-Position: refs/heads/master@{#50822}
-
Adam Klein authored
The chromium callers were updated in https://crrev.com/c/868287, while the pdfium callers were updated in https://pdfium-review.googlesource.com/c/pdfium/+/23058. As a precaution to avoid a repeat of https://crbug.com/803330, I've manually built pdfium, along with the additional gn flag "pdf_enable_xfa = true". Bug: v8:7269, v8:7282 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: I5b8cfb629c2b78627447c940a133d75d7ef7c6e9 Reviewed-on: https://chromium-review.googlesource.com/875252Reviewed-by:
Yang Guo <yangguo@chromium.org> Commit-Queue: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#50821}
-
Adam Klein authored
The calls in Chromium were removed in https://crrev.com/c/865535. Bug: v8:7269, v8:7276 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: Iae9fadead1167363893b258ba2a21710a1e080a8 Reviewed-on: https://chromium-review.googlesource.com/869146Reviewed-by:
-
- 23 Jan, 2018 11 commits
-
-
Michael Lippautz authored
Tbr: ulan@chromium.org Bug: v8:7266 Change-Id: I3bafffafc662856295fa34de2c77e876e3b2a58e Reviewed-on: https://chromium-review.googlesource.com/881172Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#50819}
-
Dan Elphick authored
Before we can set the length of the created array in CSA, first check that it's possible and will do what we want. I.e. check a) that the length is writable b) the backing store is not copy-on-write and c) the old length is not greater than the new length (as otherwise later insertion past the end could restore values from the original constructor). If not then fall back on Runtime::kSetProperty. Bug: chromium:804177 Change-Id: Id0e452f9d160704bbd71e87a075ba4e3983729a7 Reviewed-on: https://chromium-review.googlesource.com/880922 Commit-Queue: Dan Elphick <delphick@chromium.org> Reviewed-by:
-
Eugene Ostroukhov authored
Change-Id: If0fdc76170ad29b4d3dadddbb32bc87c307c04af Reviewed-on: https://chromium-review.googlesource.com/881883Reviewed-by:
Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> Commit-Queue: Eugene Ostroukhov <eostroukhov@chromium.org> Cr-Commit-Position: refs/heads/master@{#50817}
-
Ali Ijaz Sheikh authored
Do a step before selecting the limit for the next step. However, as seen on crbug.com/795323, while this fix makes us more precise in our accounting, we do ending up seeing steps more frequently. This ends up invoking the idle scavenger more frequently. To compensate, we adjust the idle scavenger step size. Bug: Change-Id: I7bc2b1785a564dee27aa3ce6a5a196efe9eb6283 Reviewed-on: https://chromium-review.googlesource.com/838440 Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com> Reviewed-by:
-
Junliang Yan authored
Port d3a4d15f Original Commit Message: This reloc mode is never encoded, so there is no reason to differentiate between 32 and 64 bit. Both are now replaced by RelocInfo::NONE. R=clemensh@chromium.org, joransiu@ca.ibm.com, bjaideep@ca.ibm.com, michael_dawson@ca.ibm.com BUG= LOG=N Change-Id: I9a5369315cc2c966bffd3862d15f29aea08960e4 Reviewed-on: https://chromium-review.googlesource.com/881463Reviewed-by:
Joran Siu <joransiu@ca.ibm.com> Commit-Queue: Junliang Yan <jyan@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#50815}
-
Sigurd Schneider authored
When finding the initial element in A.p.reduce[Right], we did exclude holes, but did not reflect this is the type, which still included the hole. This CL inserts a TypeGuard to ensure that Turbofan knows the initial element is never the hole. Bug: chromium:804837 Change-Id: Ia118ddafb8e16dd5c02559fa23216c9b139dd59a Reviewed-on: https://chromium-review.googlesource.com/880967 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
-
Jaroslav Sevcik authored
This delays removing dead loop's loop exits after we iterate all uses of the loop. That way, we avoid mutating the use collection while iterating it. Bug: chromium:803022 Change-Id: I17462dd82c3cb78f2f630e5db81d8ccdcc517d83 Reviewed-on: https://chromium-review.googlesource.com/878329Reviewed-by:
Michael Stanton <mvstanton@chromium.org> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#50813}
-
Michael Achenbach authored
This adds a tri-state flag --infra-staging and --no-infra-staging, which can be used to explicitly opt in or out of the staging test runner. If not specified, a new architecture whitelist will enable roll-out per arch for manual (none CI) runs. We'll start whitelisting archs in follow ups. Bug: v8:7343 Change-Id: I1228e48969fd379f5c231a2b8fad4afc01da94c0 Reviewed-on: https://chromium-review.googlesource.com/881169 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by:
Sergiy Byelozyorov <sergiyb@chromium.org> Cr-Commit-Position: refs/heads/master@{#50812}
-
Michael Achenbach authored
TBR=sergiyb@chromium.org Bug: v8:7343 Change-Id: Id17a931e00eda0bf018b5f1cb1cd6bac516ec26d Reviewed-on: https://chromium-review.googlesource.com/881482Reviewed-by:
-
Michal Majewski authored
Introduce option to run fuzzer processor without analysis phase. It will be used in fuzzing combined tests. Bug: v8:6917 Change-Id: Ic96d6b8c5a35c81da80340555bdd75c0d518cb5a Reviewed-on: https://chromium-review.googlesource.com/880948 Commit-Queue: Michał Majewski <majeski@google.com> Reviewed-by:
-
Sigurd Schneider authored
This CL moves allocations in array-multiple-receiver-maps.js to prevent gc fuzzing from cleaning out code objects, which will mess with assertOptimized in the test. Bug: v8:7338 Change-Id: I9ee88cf5518307ff12302df2fdaca5258c23b779 Reviewed-on: https://chromium-review.googlesource.com/880957Reviewed-by:
-
