- 25 Aug, 2017 31 commits
-
-
Ross McIlroy authored
This change adapts the Call bytecode handlers such that they don't require a stack frame. It does this by modifying the call bytecode handler to tail-call the Call or InterpreterPushArgsAndCall builtins. As a result, the callee function will return to the InterpreterEntryTrampoline when it returns (since this is the return address on the interpreter frame), which is adapted to dispatch to the next bytecode handler. The return bytecode handler is modified to tail-call a new InterpreterExitTramoline instead of returning to the InterpreterEntryTrampoline. Overall this significanlty reduces the amount of stack space required for interpreter frames, increasing the maximum depth of recursive calls from around 6000 to around 12,500 on x64. BUG=chromium:753705 Change-Id: I23328e4cef878df3aca4db763b47d72a2cce664c Reviewed-on: https://chromium-review.googlesource.com/634364 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#47617}
-
Jaideep Bajwa authored
WasmGraphBuilder::StoreMem is called with the last argument as default with machine rep = kNode, which causes BuildChangeEndiannessStore(val, memtype, type) to fail. R=gdeepti@google.com, binji@chromium.org, jyan@ca.ibm.com BUG=v8:6752 LOG=N Change-Id: I0633982ff4b5a93551b4765ca8df50073010f3ca Reviewed-on: https://chromium-review.googlesource.com/633755Reviewed-by: Junliang Yan <jyan@ca.ibm.com> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Commit-Queue: Jaideep Bajwa <bjaideep@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#47616}
-
Caitlin Potter authored
Keep parsing the rest of the MemberExpression after `new.target` BUG=v8:6745 R=marja@chromium.org, adamk@chromium.org Change-Id: I53cc370766e72ed9e36c5c7aa150a3ad9a6062f8 Reviewed-on: https://chromium-review.googlesource.com/627756Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Caitlin Potter <caitp@igalia.com> Cr-Commit-Position: refs/heads/master@{#47615}
-
Adam Klein authored
Change-Id: Ic3812d16a4e8449ac9619981719e997c90300ee7 Reviewed-on: https://chromium-review.googlesource.com/634254Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#47614}
-
Alexei Filippov authored
There must be a matching Leave for each Enter. Otherwise it ends up with a dead stack-allocated object in the timer chain. Drive-by: There was also a bug in RuntimeCallTimerScope::RuntimeCallTimerScope(HeapObject* ...) did create a local object instead of calling an overloaded constructor. BUG=chromium:669329 Change-Id: I9aa1c574a854af8beab3d8097efab3a726ad1c8d Reviewed-on: https://chromium-review.googlesource.com/634511 Commit-Queue: Alexei Filippov <alph@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#47613}
-
Leszek Swirski authored
For deferred commands (such as in try-finally), some deferred commands save and restore the accumulator using a result register (e.g. return, throw, rethrow), while others don't (e.g. break, continue, fall-through). However, conditionally reading this result register that may not ever be written caused it to be considered live from the start of the function, as far as the liveness analysis could statically tell. Now, we write the result register for all deferred commands, including the fall-through. As a micro-optimization, we re-use the Smi command tokeen to clobber the result, rather than emitting an LdaUndefined. Bug: chromium:758472 Change-Id: I2ea65e2249b40ee6403216e654a8bb88d50bec3b Reviewed-on: https://chromium-review.googlesource.com/635592 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#47612}
-
Jakob Gruber authored
We cannot assume that the receiver is a JSObject, nor can we assume ToObject() completes successfully. TBR=yangguo@chromium.org Bug: chromium:739954 Change-Id: Id55571131ef8755e86f15cd2acb918ff0f1b7788 Reviewed-on: https://chromium-review.googlesource.com/632376Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#47611}
-
Michael Lippautz authored
The deadlock can happen when two scavenging tasks process two different pages for their old->new sets and at the same time try to allocate in old space which triggers sweeping of the other task's page. Bug: v8:6754 Change-Id: I6087553631e198d5ecfb8ab37925ac41cd6995bd Reviewed-on: https://chromium-review.googlesource.com/635843 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#47610}
-
Jakob Gruber authored
The Uint32(limit) conversion can end up transitioning the regexp instance to slow mode. In this case we need to bail out to runtime while ensuring that ToUint32 is not observably called a second time. We do this by passing the already-converted value to runtime. This particular path was broken and we ended up passing the original maybe_limit value to runtime instead. TBR=yangguo@chromium.org Bug: chromium:758763 Change-Id: If7f23b452d2e134ad9be3d4ef1d78d1c946fcef0 Reviewed-on: https://chromium-review.googlesource.com/635588Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#47609}
-
Albert Mingkun Yang authored
Change the signature of `Construct` so that no casting is required on calling it. The casting would fire control flow integrity check if the class contains virtual members. Bug: chromium:758925 Change-Id: Iefc711c634b36efd051e245e2df13b28d5563f45 Reviewed-on: https://chromium-review.googlesource.com/635563Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Albert Mingkun Yang <albertnetymk@google.com> Cr-Commit-Position: refs/heads/master@{#47608}
-
Michael Lippautz authored
Bug: v8:6333 Change-Id: I0f5a21a66bbad6c56b3dd84d301b85e64f05cbc1 Reviewed-on: https://chromium-review.googlesource.com/635683Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#47607}
-
Michael Lippautz authored
Bug: Change-Id: I81132af45d8fb649d4239fa0e0ef75b95e148208 Reviewed-on: https://chromium-review.googlesource.com/633604 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#47606}
-
Mythri authored
Do not allow recursive inlining when function calls itself. i.e.f() -> f() This is because we only get some static information for the first level of inlining and it may not be very beneficial to just duplicate the entire function. However, we still allow indirect recursion f() -> g() -> f() -> g1(). This helps in cases where f() is a small dispatch function. For example, in rayTrace class.create -> obj.initialize -> class.create -> obj1.initialize. Bug: chromium:757798 Change-Id: I0a5d9e62eabd7681849f900997b4df061b5f8ed5 Reviewed-on: https://chromium-review.googlesource.com/632622Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Mythri Alle <mythria@chromium.org> Cr-Commit-Position: refs/heads/master@{#47605}
-
Georg Neis authored
R=ishell@chromium.org Bug: Change-Id: I7175176900c95fb676f633b405fffd5a55ffa4b5 Reviewed-on: https://chromium-review.googlesource.com/635323Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#47604}
-
Camillo Bruni authored
Bug: chromium:757199, chromium:758773, chromium:758821 Change-Id: I70644853770501b13992bd7bf78d168ca2308d64 Reviewed-on: https://chromium-review.googlesource.com/635223Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#47603}
-
Clemens Hammacher authored
The allocator for determining the location (reg/stack) for parameters and return values can be constexpr. This avoids lazy initialization, saving code size and execution time, and simplifying the implementation significantly. R=ahaas@chromium.org CC=titzer@chromium.org Change-Id: I295623cb1dad0f1537f7292dcf044f3d509588bb Reviewed-on: https://chromium-review.googlesource.com/635163Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#47602}
-
Michael Lippautz authored
Bug: v8:6333 Change-Id: I4434c6cc59f886f1e37dfd315a3ad5fee28d3f63 Reviewed-on: https://chromium-review.googlesource.com/634907Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#47601}
-
Andreas Haas authored
Compile the module created in trap-location.js with both synchronous and asynchronous compilation. Thereby I can reuse the test for streaming compilation later. R=clemensh@chromium.org Change-Id: Id2e0c70886ddd1b11d51f614d02757099541aedd Reviewed-on: https://chromium-review.googlesource.com/635165 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#47600}
-
Ross McIlroy authored
For wide bytecodes, save the bytecode offset as the offset of the prefix bytecode, rather than the bytecode itself. This means that any code that reads the bytecode can explicitly know the width of the bytecode at the offset without having to iterate through the complete bytecode array. Also simplifies some code in the bytecode analysis that had to work around the previous approach. BUG=chromium:753705 Change-Id: I8a42e7cfff27791e39f3452e2b9e52c0608d28cb Reviewed-on: https://chromium-review.googlesource.com/634003 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#47599}
-
Michael Starzinger authored
This makes sure instantiate of asm.js modules fails gracefully on heap buffers exceeding the uint32_t range supported by WebAssembly. R=clemensh@chromium.org TEST=mjsunit/regress/regress-crbug-754175 BUG=chromium:754175 Change-Id: I4a9c6791beaab6da826b5b6b5a495f97e9d3b4e9 Reviewed-on: https://chromium-review.googlesource.com/632618Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#47598}
-
Michael Starzinger authored
R=clemensh@chromium.org Change-Id: I5bdb91d2e82105bb301c2b97abfb1b074b710a64 Reviewed-on: https://chromium-review.googlesource.com/632680Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#47597}
-
Jakob Gruber authored
As a first step towards lazy builtin deserialization, this CL moves builtins to their own dedicated area in the snapshot blob, physically located after startup data and before context-specific data. The startup- and partial serializers now serialize all seen builtins as references, i.e. they only encode the relevant builtin id (taking care to preserve special behavior around the interpreter trampoline and CompileLazy). Builtins are later fully serialized by the BuiltinSerializer. The separate blobs are finally glued together by CreateSnapshotBlob. Deserialization takes the same steps: when we see builtin reference bytecodes before builtins have been deserialized, we push to a list of deferred builtin references. After builtin deserialization, this list is iterated and all builtin references are fixed up. Bug: v8:6624 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: Idee42fa9c92bdbe8d5b8c4b8bf3ca9dd39634004 Reviewed-on: https://chromium-review.googlesource.com/610225Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#47596}
-
Michael Lippautz authored
- Create bottleneck for filtering in crash dumps - Smaller fixes Bug: Change-Id: I19e8a1ed6013af487c87b7132418b4c9b292946b Reviewed-on: https://chromium-review.googlesource.com/633943Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#47595}
-
Camillo Bruni authored
This reverts commit 8974b75b. Reason for revert: In hindsight, the CL made only partially sense and causes unnecessary IC-misses. Original change's description: > [runtime] Deprecate old prototype maps > > Bug: chromium:757199 > Change-Id: I5936fab1784ebf8de6eddd3b2bec0e2cf1b73f82 > Reviewed-on: https://chromium-review.googlesource.com/632317 > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Commit-Queue: Camillo Bruni <cbruni@chromium.org> > Cr-Commit-Position: refs/heads/master@{#47581} TBR=cbruni@chromium.org,ishell@chromium.org Change-Id: I9f43a5f8c5242f575346f47c24377dd832eeccd1 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:757199 Reviewed-on: https://chromium-review.googlesource.com/634906Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#47594}
-
Ulan Degenbaev authored
Bug: Change-Id: I7dacb2f4cbb66f0daebd3948c2239846af129f9a Reviewed-on: https://chromium-review.googlesource.com/632621Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#47593}
-
Peter Marshall authored
Bug: v8:6333 Change-Id: Iad2fdb7670dd01d19ed25c48a0091969cddb01c8 Reviewed-on: https://chromium-review.googlesource.com/632257Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#47592}
-
jgruber authored
Tentative fix for the CF crashes in https://crbug.com/754422. Bug: chromium:754422 Change-Id: I0dcb6b8860cb0bf20b3566ffba08e6772398ee65 Reviewed-on: https://chromium-review.googlesource.com/632176Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#47591}
-
Shiyu Zhang authored
The CPP builtins execute the same piece of code to prepare context before jumping into CEntryStub. By creating new ASM builtin to execute that common piece of code, ~7KB code size (tested on x64) of snapshot_blob.bin can be reduced without any negative performance impact. BUG= Change-Id: I744369e8723dcd902b61dc50645db66bea884441 Reviewed-on: https://chromium-review.googlesource.com/595119Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#47590}
-
Sathya Gunasekaran authored
Bug: v8:5717 Change-Id: I3775001a6148e25f15b11410449a6f8b7693f122 Reviewed-on: https://chromium-review.googlesource.com/625276 Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#47589}
-
v8-autoroll authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/a35cf9a..a2b7113 Rolling v8/third_party/catapult: https://chromium.googlesource.com/external/github.com/catapult-project/catapult/+log/92387bc..e37aa9d TBR=machenbach@chromium.org,hablich@chromium.org Change-Id: I5d7b8b212c66df540c930688c10606f112c5b7af Reviewed-on: https://chromium-review.googlesource.com/633137Reviewed-by: v8 autoroll <v8-autoroll@chromium.org> Commit-Queue: v8 autoroll <v8-autoroll@chromium.org> Cr-Commit-Position: refs/heads/master@{#47588}
-
Jaideep Bajwa authored
Disable test on big endian PPC for now, since it is missing load/store reverse byte instructions. R=machenbach@chromium.org, jkummerow@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com BUG= LOG=N Change-Id: Iaf12a14678bc9d113dc4d11998ea5bad158c20fd Reviewed-on: https://chromium-review.googlesource.com/634271Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Jaideep Bajwa <bjaideep@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#47587}
-
- 24 Aug, 2017 9 commits
-
-
Adam Klein authored
Change-Id: Id9f60cdafc486de2b04684de84174f9765637c12 Reviewed-on: https://chromium-review.googlesource.com/601328Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#47586}
-
Adam Klein authored
This also removes the IS_GLOBAL macro from macros.py, which did not work correctly for Remote objects/contexts. Bug: v8:6413 Change-Id: I90690bdd0d8e8fed581bc4c9f5c60168d785f096 Reviewed-on: https://chromium-review.googlesource.com/633872Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#47585}
-
Kevin Gibbons authored
This flag allows invalid escape sequences in tagged templates, which is a stage-4 TC39 proposal shipping in other browsers. Bug: v8:5546 Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng Change-Id: I3e7c374c9b547f62d5976f76a7208d05fe9decf8 Reviewed-on: https://chromium-review.googlesource.com/581885 Commit-Queue: Kevin Gibbons <bakkot@gmail.com> Reviewed-by: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#47584}
-
Marja Hölttä authored
U+feff is the UTF BOM but if it occurs inside the text, it's a "zero-width no-break space". However, the UTF-8 decoder in script streaming still thought it's a BOM and skipped it. The correct way to handle it would be to create a U+feff code point instead - the Scanner will then handle it as whitespace. This is a discrepancy between the Blink UTF-8 decoder and the V8 UTF-8 decoder, and caused the source positions be off by one. This bug went unnoticed, since normally off-by-one in this situation doesn't make the code to break. BUG=chromium:758508,chromium:758236 Change-Id: Ib92a3ee65c402e21b77e42537db2a021cff55379 Reviewed-on: https://chromium-review.googlesource.com/632096Reviewed-by: Adam Klein <adamk@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#47583}
-
Eric Holk (eholk) authored
This timer imposes a high overhead and does not give us the data we'd like. Disabling for now until we can develop a better solution. Bug: v8:6514 Change-Id: I73b15131a71d7b6750556f82907cb2a0e6edd321 Reviewed-on: https://chromium-review.googlesource.com/633703 Commit-Queue: Brad Nelson <bradnelson@chromium.org> Reviewed-by: Brad Nelson <bradnelson@chromium.org> Cr-Commit-Position: refs/heads/master@{#47582}
-
Camillo Bruni authored
Bug: chromium:757199 Change-Id: I5936fab1784ebf8de6eddd3b2bec0e2cf1b73f82 Reviewed-on: https://chromium-review.googlesource.com/632317Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#47581}
-
Michael Lippautz authored
Bug: chromium:738368 Change-Id: I4867b90c639d8d5315e0caa22285e7ddbdab44f9 Reviewed-on: https://chromium-review.googlesource.com/632682 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#47580}
-
Juliana Franco authored
of optimized JS functions. Bug: v8:6637 Change-Id: Ice94a4a2187f98adcbf25ac1832e13d4b7529f34 Reviewed-on: https://chromium-review.googlesource.com/628198 Commit-Queue: Juliana Patricia Vicente Franco <jupvfranco@google.com> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#47579}
-
Camillo Bruni authored
Change-Id: Ic9dffa7f94b471824f18170c72df8568dd47cfcd Reviewed-on: https://chromium-review.googlesource.com/631959Reviewed-by: Peter Marshall <petermarshall@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#47578}
-