- 20 Apr, 2017 25 commits
-
-
sampsong authored
BUG= R=jyan@ca.ibm.com, bjaideep@ca.ibm.com, joransiu@ca.ibm.com Review-Url: https://codereview.chromium.org/2829713003 Cr-Commit-Position: refs/heads/master@{#44759}
-
Eric Holk authored
The included test case illustrates the problem. It subtracts (16 << 27) from another number. The Machine Operator Reducer would replace the shift computation with 0x0000000080000000, and then change the subtract to an add of -(0x0000000080000000), which is 0xffffffff80000000. The instruction selector would determine that this value could be an immediate, because it fits in 32 bits, so it would select the lea instruction. Finally, the code generator would detect that the immediate was less than 0, flip the sign and replace the add with a subtract of 0x80000000. Because the x64 subtract instruction's immediate field is 32 bits, the processor would interpret this as 0xffffffff80000000 instead of an unsigned value. This change fixes the issue by making the CanBeImmediate check explicitly compare against INT_MIN and INT_MAX. We disallow INT_MIN as an immediate precisely because we cannot tell 0x0000000080000000 from 0xffffffff80000000 when truncated to 32 bits. Bug: chromium:711203 Change-Id: Ie371b8ea290684a6bb723bae9c693a866f961850 Reviewed-on: https://chromium-review.googlesource.com/482448 Commit-Queue: Eric Holk <eholk@chromium.org> Reviewed-by: Mircea Trofin <mtrofin@chromium.org> Cr-Commit-Position: refs/heads/master@{#44758}
-
Adam Klein authored
It was a straight pass-through to JSFunction::SetPrototype, with the added wrinkle that it appeared to sometimes throw (although it never did). Also improves typing of JSFunction::SetInstancePrototype signature to require being passed a JSReceiver. Change-Id: Ie85b9a74955f72bf988cd902c5eec34e32b51a24 Reviewed-on: https://chromium-review.googlesource.com/482421Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Brad Nelson <bradnelson@chromium.org> Commit-Queue: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#44757}
-
jkummerow authored
Now you can do: "gm.py x64.release mkgrokdump" NOTRY=true Review-Url: https://codereview.chromium.org/2827383003 Cr-Commit-Position: refs/heads/master@{#44756}
-
kozyatinskiy authored
BUG=v8:6189 R=dgozman@chromium.org Review-Url: https://codereview.chromium.org/2826183002 Cr-Commit-Position: refs/heads/master@{#44755}
-
kozyatinskiy authored
v8::Extension should be replaced with ObjectTemplates. So let's not use it for utils. BUG=none R=dgozman@chromium.org Review-Url: https://codereview.chromium.org/2828143002 Cr-Commit-Position: refs/heads/master@{#44754}
-
kozyatinskiy authored
Since we already have cache on V8 side we can introduce caching on inspector side. It will decrease memory consumption and reduce time which we spend for collecting stacks. See [1] for details. [1] https://docs.google.com/a/google.com/document/d/13H1Pn6dekcwqlaYP26CfyyYGuL-U9LtUPWmt3TIpOag/edit?usp=sharing BUG=v8:6189 R=dgozman@chromium.org,yangguo@chromium.org Review-Url: https://codereview.chromium.org/2825903002 Cr-Commit-Position: refs/heads/master@{#44753}
-
kozyatinskiy authored
A lot of web sites around the world has hack which replaces native console.assert by function with fast return. Current console.assert is slow because we need to run CPP builtin but we should enter this builtin iff condition is false or omitted. BUG=v8:6175 R=ishell@chromium.org,dgozman@chromium.org Review-Url: https://codereview.chromium.org/2828933002 Cr-Commit-Position: refs/heads/master@{#44752}
-
Sathya Gunasekaran authored
Change-Id: I436e8390073fce6488cb9a26b9bde60f92935638 Reviewed-on: https://chromium-review.googlesource.com/482578Reviewed-by: Adam Klein <adamk@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#44751}
-
kozyatinskiy authored
With recent CLs we always store maximum N async stack traces and when we reach limit we drop half of them. Current promise collected event requires creating weak handle: - it takes time, - it consumes memory. Since async task id distribution for promises is uniform (each new promise has last_async_task_id + 1 as an id) our hash map is good enough to handle any amount of async task ids, following time of executing 1 000 000 000 of lookups: - for empty hash map: 1.45 seconds, - for hash map with one entry: 14.95 seconds - 1024 entries: 15.03 seconds - 1024 * 1024 entries: 14.82 seconds - 1024 * 1024 * 1024: 17.9 seconds BUG=v8:6189 R=dgozman@chromium.org,yangguo@chromium.org Review-Url: https://codereview.chromium.org/2819423005 Cr-Commit-Position: refs/heads/master@{#44750}
-
sreten.kovacevic authored
Fix 6ee0b6ce Fix wrong register usage for MIPS ports TEST=mjsunit/regress/regress-5638b BUG= Review-Url: https://codereview.chromium.org/2831733004 Cr-Commit-Position: refs/heads/master@{#44749}
-
neis authored
R=jarin@chromium.org BUG=chromium:713584 Review-Url: https://codereview.chromium.org/2833783002 Cr-Commit-Position: refs/heads/master@{#44748}
-
yangguo authored
Revert of [serializer/debugger] hide scripts in the snapshot from the debugger. (patchset #5 id:80001 of https://codereview.chromium.org/2826073004/ ) Reason for revert: failure in the custom snapshot build: http://builders/V8%20Linux64%20-%20custom%20snapshot%20-%20debug/builds/14178 Original issue's description: > [serializer/debugger] hide scripts in the snapshot from the debugger. > > R=jgruber@chromium.org > BUG=v8:6274 > > Review-Url: https://codereview.chromium.org/2826073004 > Cr-Commit-Position: refs/heads/master@{#44745} > Committed: https://chromium.googlesource.com/v8/v8/+/215e668256a205aba7bacf2da8b68ddfc573d3dd TBR=jgruber@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=v8:6274 Review-Url: https://codereview.chromium.org/2831893002 Cr-Commit-Position: refs/heads/master@{#44747}
-
Ilija.Pavlovic authored
For MIPS64, many load/store operations from/to memory emit more then one instruction. This is the reason for moving them from assembler to macro-assembler. TEST= BUG= Review-Url: https://codereview.chromium.org/2829073002 Cr-Commit-Position: refs/heads/master@{#44746}
-
yangguo authored
R=jgruber@chromium.org BUG=v8:6274 Review-Url: https://codereview.chromium.org/2826073004 Cr-Commit-Position: refs/heads/master@{#44745}
-
jarin authored
Without this fix, we create a new state-values node for parameters per environment. This is especially bad for heavily branching functions. With the fix, we should only create one node per function. Drive-by: removes some unused fields for state values in the environment. BUG=v8:5267 Review-Url: https://codereview.chromium.org/2826223004 Cr-Commit-Position: refs/heads/master@{#44744}
-
Michael Achenbach authored
This reverts commit 64bb6e6c. Reason for revert: Breaks layout tests: https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/15092 See: https://github.com/v8/v8/wiki/Blink-layout-tests Original change's description: > [runtime] Pass global proxy as receiver to native accessors in case of contextual access > > Bug: > > Change-Id: I288c0d7a34b65eda6c6e46168c436b87a350f6d4 > Reviewed-on: https://chromium-review.googlesource.com/483199 > Commit-Queue: Toon Verwaest <verwaest@chromium.org> > Reviewed-by: Yang Guo <yangguo@chromium.org> > Cr-Commit-Position: refs/heads/master@{#44739} TBR=yangguo@chromium.org,verwaest@chromium.org,v8-reviews@googlegroups.com NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true Change-Id: Ifc204ce5a2e6d774b993210fcc6782fc6f27dd7b Reviewed-on: https://chromium-review.googlesource.com/483480Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#44743}
-
Wiktor Garbacz authored
Preparser does not keep track of function names. If we want to parse top-level function and top-level code was only preparsed we need to parse the function name again. Even if we parsed the function name, passing it is non-trivial so it makes sense to just reparse. BUG=v8:6093 Change-Id: Iafbcd677981f1db52b485eee0f0d769e4fd26543 Reviewed-on: https://chromium-review.googlesource.com/483359 Commit-Queue: Wiktor Garbacz <wiktorg@google.com> Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org> Reviewed-by: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#44742}
-
ivica.bogosavljevic authored
When cross compiling inspector with GYP on MIPS and ARM, there are three rules that generate the same file both host toolset and target toolset. This causes problems because of rule duplication; depending on compilation configuration this can cause warning or error. We fix this by disabling the host rule and using target rule for all depending rules. BUG=v8:6176 Review-Url: https://codereview.chromium.org/2819283005 Cr-Commit-Position: refs/heads/master@{#44741}
-
jkummerow authored
So that we can delete object properties without a runtime call. The builtin implements a few fast paths (for now only deletion of dictionary properties), and calls the runtime for all other cases. Review-Url: https://codereview.chromium.org/2810363003 Cr-Commit-Position: refs/heads/master@{#44740}
-
Toon Verwaest authored
Bug: Change-Id: I288c0d7a34b65eda6c6e46168c436b87a350f6d4 Reviewed-on: https://chromium-review.googlesource.com/483199 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#44739}
-
yangguo authored
- Migrate make grokdump to GYP and GN - Move code from d8 into stand-alone execution - Add test case to ensure it's up-to-date Review-Url: https://codereview.chromium.org/2809653003 Cr-Original-Original-Commit-Position: refs/heads/master@{#44687} Committed: https://chromium.googlesource.com/v8/v8/+/0cc0c130fa56f129c90c2a74cb01bda85df5e42a Review-Url: https://codereview.chromium.org/2809653003 Cr-Original-Commit-Position: refs/heads/master@{#44710} Committed: https://chromium.googlesource.com/v8/v8/+/477f00557458d383bd9ebef281890ba485ee882a Review-Url: https://codereview.chromium.org/2809653003 Cr-Commit-Position: refs/heads/master@{#44738}
-
v8-autoroll authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/bca1cbe..98f2769 Rolling v8/buildtools: https://chromium.googlesource.com/chromium/buildtools/+log/88811f4..98f00fa Rolling v8/third_party/catapult: https://chromium.googlesource.com/external/github.com/catapult-project/catapult/+log/cabc131..6939b1d TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org Change-Id: I3a593ac90e3bda51717fc193478e55af949c34f3 Reviewed-on: https://chromium-review.googlesource.com/482919Reviewed-by: v8 autoroll <v8-autoroll@chromium.org> Commit-Queue: v8 autoroll <v8-autoroll@chromium.org> Cr-Commit-Position: refs/heads/master@{#44737}
-
kozyatinskiy authored
BUG=v8:6175 TBR=dgozman@chromium.org NOTREECHECKS=true NOTRY=true Review-Url: https://codereview.chromium.org/2828133002 Cr-Commit-Position: refs/heads/master@{#44736}
-
kozyatinskiy authored
- and reduce limit to 128 * 1024. BUG=v8:6189 R=dgozman@chromium.org Review-Url: https://codereview.chromium.org/2824293002 Cr-Commit-Position: refs/heads/master@{#44735}
-
- 19 Apr, 2017 15 commits
-
-
bbudge authored
- Adds unary Reverse shuffles (swizzles): S32x2Reverse, S16x4Reverse, S16x2Reverse, S8x8Reverse, S8x4Reverse, S8x2Reverse. Reversals are done within the sub-vectors that prefix the opcode name, e.g. S8x2 reverses the 8 consecutive pairs in an S8x16 vector. - Adds binary Zip (interleave) left and right half-shuffles to return a single vector: S32x4ZipLeft, S32x4ZipRightS16x8ZipLeft, S16x8ZipRight, S8x16ZipLeft, S8x16ZipRight. - Adds binary Unzip (de-interleave) left and right half shuffles to return a single vector: S32x4UnzipLeft, S32x4UnzipRight, S16x8UnzipLeft, S16x8UnzipRight, S8x16UnzipLeft, S8x16UnzipRight. - Adds binary Transpose left and right half shuffles to return a single vector: S32x4TransposeLeft, S32x4TransposeRight, S16x8TransposeLeft, S16xTransposeRight, S8x16TransposeLeft, S8x16TransposeRight. - Adds binary Concat (concatenate) byte shuffle: S8x16Concat #bytes to paste two vectors together. LOG=N BUG=v8:6020 Review-Url: https://codereview.chromium.org/2801183002 Cr-Commit-Position: refs/heads/master@{#44734}
-
kozyatinskiy authored
BUG=v8:6189 R=dgozman@chromium.org Review-Url: https://codereview.chromium.org/2822073002 Cr-Commit-Position: refs/heads/master@{#44733}
-
Adam Klein authored
There's no reason to keep track, for a preparsed function itself, whether that function calls eval. All that matters is that the ancestor scopes are marked as having an inner scope which calls eval. The function will have its "calls eval" bit persisted if/when it's fully parsed. The only "behavioral" change in this patch is the removal of a DCHECK. Bug: v8:6092 Change-Id: I17e396c8a265030fe0ad941707e4a97972e6650b Reviewed-on: https://chromium-review.googlesource.com/481223 Commit-Queue: Adam Klein <adamk@chromium.org> Reviewed-by: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#44732}
-
Caitlin Potter authored
let/const declarations in "standard" C-style for-loops have some complex desugaring to accommodate the case where loop loop variables may be captured. This slows down the baseline performance of for-loops with let variables. This change attempts to avoid this desugaring if it's known that the loop variable is not captured at any point. A side effect of this change is that let/const loop variables, when not captured within the loop body, are not necessarily shown in the debugger, similar to other stack-allocated vars. BUG=v8:4762, v8:5460 R=marja@chromium.org, adamk@chromium.org, yangguo@chromium.org Change-Id: I8dbe545a12c086f675972bdba60c94998268311a Reviewed-on: https://chromium-review.googlesource.com/472247 Commit-Queue: Caitlin Potter <caitp@igalia.com> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Reviewed-by: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#44731}
-
Adam Klein authored
This patch retires runtime.js: - Removes some dead code from runtime.js (ToPositiveInteger, ToIndex), - Moves Array.prototype initialization to prologue.js - Moves SpeciesConstructor to the only file that calls it (typedarray.js) - Renames the remainder to reflect its only inhabitants ({Max,Min}Simple) Change-Id: If9048a30c4f6b86396bfd647bb637b4175880fc3 Reviewed-on: https://chromium-review.googlesource.com/478579Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#44730}
-
neis authored
When asked for a module that previously failed to compile or instantiate, the embedder necessarily has to signal failure. In this case, we expect an exception to be scheduled, which we will rethrow. BUG=v8:1569 Review-Url: https://codereview.chromium.org/2827733002 Cr-Commit-Position: refs/heads/master@{#44729}
-
bbudge authored
- Reserves q15 (d30,d31) as a scratch register for NEON operations. - Rewrites CodeGenerator::AssembleSwap to use it. LOG=N BUG=v8:6020 Review-Url: https://codereview.chromium.org/2827743002 Cr-Commit-Position: refs/heads/master@{#44728}
-
bmeurer authored
Move JSOrdinaryHasInstance lowering to JSNativeContextSpecialization, which was previously mostly done in JSTypedLowering (for no reason). Add new logic to the lowering to constant-fold OrdinaryHasInstance checks when the map of the left-hand side and the "prototype" of the right-hand side is known. This address the performance issue with the (base) class constructors generated by Babel, i.e.: function _classCallCheck(instance, Constructor) { if (!(instance instanceof Constructor)) { throw new TypeError("Cannot call a class as a function"); } } var C = function C() { _classCallCheck(this, C); }; for class C {} Also ensure that a known constructor being used inside an instanceof get's a proper initial map on-demand. BUG=v8:6275 R=mstarzinger@chromium.org Review-Url: https://codereview.chromium.org/2827013002 Cr-Commit-Position: refs/heads/master@{#44727}
-
jkummerow authored
When adding or overwriting properties of an object, the generic keyed store stub must check if that property's name might have an associated protector (e.g. the ArraySpeciesProtector) and take the slow path if so to ensure that the protector is updated as needed. BUG=v8:6269 Review-Url: https://codereview.chromium.org/2821213004 Cr-Commit-Position: refs/heads/master@{#44726}
-
Michael Starzinger authored
This uses the common macro lists instead of duplicating the list of available math functions and values in {AsmJs::IsStdlibValid}. R=rossberg@chromium.org BUG=v8:6127 Change-Id: Ic480d74bb0b5f0f425d1e601e5128fa6f466bea1 Reviewed-on: https://chromium-review.googlesource.com/481260Reviewed-by: Andreas Rossberg <rossberg@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#44725}
-
Marja Hölttä authored
1) Function recording conditions need to be consistent (this same condition is used above) 2) byte is not wide enough for storing the backing store size. Bugs uncovered by the existing tests with the flag on. BUG=v8:5516 Change-Id: Iec6aff0cf1858afe1083526e4ada9a8eca08f062 Reviewed-on: https://chromium-review.googlesource.com/481320 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org> Cr-Commit-Position: refs/heads/master@{#44724}
-
Wiktor Garbacz authored
BUG=v8:6093 Change-Id: I4572fcb4258c9a6ee6e5d5ed18e3567460c90211 Reviewed-on: https://chromium-review.googlesource.com/481300Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org> Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Wiktor Garbacz <wiktorg@google.com> Cr-Commit-Position: refs/heads/master@{#44723}
-
Peter Marshall authored
This includes a fastpath in the ElementsAccessor for the source array being a JSArray with FastSmi or FastDouble packed kinds. This is probably a pretty common usage, where an array is passed in as a way of initializing the TypedArray at creation (as there is not other syntax to do this). e.g. new Float64Array([1.0, 1.0, 1.0]) for some sort of vector application. BUG= v8:5977 Change-Id: Ice4ad9fc29f56b1c4b0b30736a1330efdc289003 Reviewed-on: https://chromium-review.googlesource.com/465126Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#44722}
-
Michael Starzinger authored
R=rossberg@chromium.org BUG=v8:6127 Change-Id: I1ed8f22eecd3ee674c909ae511bbba4460bcdd17 Reviewed-on: https://chromium-review.googlesource.com/481759Reviewed-by: Andreas Rossberg <rossberg@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#44721}
-
bmeurer authored
When accessing the "prototype" property of a known JSFunction in TurboFan, we can automatically create the initial map if it hasn't been instantiated so far. This happens with hand-grown inheritance mechanisms where the base classes might not be instantiated regularly at all, but the base class constructors are only called via F.p.call from the subclass constructors. R=mstarzinger@chromium.org BUG=v8:5267 Review-Url: https://codereview.chromium.org/2830633002 Cr-Commit-Position: refs/heads/master@{#44720}
-