- 07 Nov, 2016 1 commit
-
-
neis authored
This makes use of the newly introduced cell indices to speed up variable accesses. Imports and local exports are now directly stored in (separate) arrays. In the future, we may merge the two arrays into a single one, or even into the module context. This CL also replaces the LoadImport and LoadExport runtime functions with a single LoadVariable taking a variable index as argument (rather than a name). BUG=v8:1569 Review-Url: https://codereview.chromium.org/2465283004 Cr-Commit-Position: refs/heads/master@{#40808}
-
- 28 Oct, 2016 1 commit
-
-
jgruber authored
This CL adds simple implementation of break and stepping-related functionality as required by the debug-step.js test. This includes * stepOver, stepInto, stepOut * setBreakPoint * clearBreakPoint * evaluate Some of these, e.g. setBreakPoint are not fully implemented for all cases but only for the ones we need right now. One interesting result of this is that using the inspector protocol is roughly 14x slower for debug-step.js (14s instead of 0.5s). One cause of this seems to be iteration over all object properties in toProtocolValue, which is used to serialize JS objects before being sent over the wire (e.g. FrameMirrors). This is something that should be fixed at some point. In the meantime, the test now runs 100 instead of 1000 iterations. BUG=v8:5530 Review-Url: https://codereview.chromium.org/2447073007 Cr-Commit-Position: refs/heads/master@{#40636}
-
- 27 Oct, 2016 3 commits
-
-
gsathya authored
This is no longer used. BUG=v8:5343 Review-Url: https://codereview.chromium.org/2454713003 Cr-Commit-Position: refs/heads/master@{#40622}
-
gsathya authored
This patch moves promise specific runtime functions to runtime-promise.cc from runtime-internal.cc BUG=v8:5343 Review-Url: https://codereview.chromium.org/2452833003 Cr-Commit-Position: refs/heads/master@{#40618}
-
gsathya authored
This patch refactors most of FulfillPromise runtime call out to a separate function so that we can to it from PromiseReject runtime call. This patch adds a PromiseStatus enum. BUG=v8:5343 Review-Url: https://codereview.chromium.org/2451163003 Cr-Commit-Position: refs/heads/master@{#40615}
-
- 26 Oct, 2016 5 commits
-
-
bmeurer authored
For global object property cells, we did not check that the map on the previous object is still the same for which we actually optimized. So the optimized code was not in sync with the actual state of the property cell. When loading from such a global object property cell, Crankshaft optimizes away any map checks (based on the stable map assumption), leading to arbitrary memory access in the worst case. TurboFan has the same bug for stores, but is safe on loads because we do appropriate map checks there. However mixing TurboFan and Crankshaft still exposes the bug. R=yangguo@chromium.org BUG=chromium:659475 Review-Url: https://codereview.chromium.org/2444233004 Cr-Commit-Position: refs/heads/master@{#40592}
-
neis authored
R=adamk@chromium.org BUG= Review-Url: https://codereview.chromium.org/2452543003 Cr-Commit-Position: refs/heads/master@{#40584}
-
bmeurer authored
Revert of [compiler] Properly validate stable map assumption for globals. (patchset #3 id:40001 of https://codereview.chromium.org/2444233004/ ) Reason for revert: Breaks tree: http://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/8789 Original issue's description: > [compiler] Properly validate stable map assumption for globals. > > For global object property cells, we did not check that the map on the > previous object is still the same for which we actually optimized. So > the optimized code was not in sync with the actual state of the property > cell. When loading from such a global object property cell, Crankshaft > optimizes away any map checks (based on the stable map assumption), > leading to arbitrary memory access in the worst case. > > TurboFan has the same bug for stores, but is safe on loads because we > do appropriate map checks there. However mixing TurboFan and Crankshaft > still exposes the bug. > > R=yangguo@chromium.org > BUG=chromium:659475 TBR=yangguo@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=chromium:659475 Review-Url: https://codereview.chromium.org/2454513003 Cr-Commit-Position: refs/heads/master@{#40582}
-
bmeurer authored
For global object property cells, we did not check that the map on the previous object is still the same for which we actually optimized. So the optimized code was not in sync with the actual state of the property cell. When loading from such a global object property cell, Crankshaft optimizes away any map checks (based on the stable map assumption), leading to arbitrary memory access in the worst case. TurboFan has the same bug for stores, but is safe on loads because we do appropriate map checks there. However mixing TurboFan and Crankshaft still exposes the bug. R=yangguo@chromium.org BUG=chromium:659475 Review-Url: https://codereview.chromium.org/2444233004 Cr-Commit-Position: refs/heads/master@{#40578}
-
cbruni authored
A GC might cause the just created dictionary object to have an invalid backing store, which breaks heap verification. BUG=chromium:659088 Review-Url: https://codereview.chromium.org/2452653002 Cr-Commit-Position: refs/heads/master@{#40574}
-
- 25 Oct, 2016 5 commits
-
-
gsathya authored
This causes a 3.1% regression because we unconditionally call out to a runtime function. This patch refactors out most of EnqueuePromiseReactionJob runtime function into a separate function. BUG=v8:5343 Review-Url: https://codereview.chromium.org/2449053003 Cr-Commit-Position: refs/heads/master@{#40570}
-
gsathya authored
Removes PromiseEnqueue and moves debugging code to a separate function which gets called when the debugger is active. BUG=v8:5343 Review-Url: https://codereview.chromium.org/2450763002 Cr-Commit-Position: refs/heads/master@{#40562}
-
cbruni authored
Object.create(null) is most likely to be used for dictionary-like objects. Hence it would be beneficial to directly create a slow-mode object and avoid additional overhead later-on. BUG= Review-Url: https://codereview.chromium.org/2430273007 Cr-Commit-Position: refs/heads/master@{#40551}
-
jgruber authored
This CL removes code that is now unused since the port of regexp.js has been completed. Removed functions / classes are: * regexp.js (GetSubstitution moved to string.js) * RegExpConstructResult stub * RegExpFlags intrinsic * RegExpSource intrinsic * RegExpInitializeAndCompile runtime function BUG=v8:5339 Review-Url: https://codereview.chromium.org/2448463002 Cr-Commit-Position: refs/heads/master@{#40547}
-
jgruber authored
BUG=v8:5339 Review-Url: https://codereview.chromium.org/2442333002 Cr-Commit-Position: refs/heads/master@{#40545}
-
- 22 Oct, 2016 1 commit
-
-
mtrofin authored
Since the public API for deserialization is now just DeserializeOrCompile, we can trickle down the wire bytes to the deserialization logic, and avoid the need for duplicating the wire bytes when serializing. BUG=chromium:657316 Review-Url: https://chromiumcodereview.appspot.com/2433273002 Cr-Commit-Position: refs/heads/master@{#40516}
-
- 21 Oct, 2016 4 commits
-
-
jgruber authored
This adds a fast-path for calls to RegExp.prototype[@@replace] for cases in which the given regexp is unmodified and global, and the given replace argument is callable. The fast-path implementation itself is almost identical to the original JS implementation except that it currently does not reuse result_array. SunSpider/unpack-code relies heavily on this codepath. BUG=v8:5339 Review-Url: https://chromiumcodereview.appspot.com/2433923003 Cr-Commit-Position: refs/heads/master@{#40504}
-
jgruber authored
These map checks were implemented for TF code already. This CL makes sure that parts implemented in C++ follow the same logic, which is: An object is an unmodified regexp if: 1) it's a receiver, 2) its map is the initial regexp map, 3) its prototype is a receiver, 4) and its prototype's map is the initial prototype's initial map. We can now be smarter in @@replace and @@split since checking maps (unlike the previous check of RegExp.prototype.exec) is not observable, so we can perform fast-path checks at a time of our choosing. BUG=v8:5339,v8:5434,v8:5123 Review-Url: https://chromiumcodereview.appspot.com/2434983002 Cr-Commit-Position: refs/heads/master@{#40501}
-
machenbach authored
Revert of [regexp] Use consistent map checks for fast paths (patchset #7 id:120001 of https://chromiumcodereview.appspot.com/2434983002/ ) Reason for revert: https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/10853 Original issue's description: > [regexp] Use consistent map checks for fast paths > > These map checks were implemented for TF code already. This CL makes > sure that parts implemented in C++ follow the same logic, which is: > > An object is an unmodified regexp if: > 1) it's a receiver, > 2) its map is the initial regexp map, > 3) its prototype is a receiver, > 4) and its prototype's map is the initial prototype's initial map. > > We can now be smarter in @@replace and @@split since checking maps > (unlike the previous check of RegExp.prototype.exec) is not observable, > so we can perform fast-path checks at a time of our choosing. > > BUG=v8:5339,v8:5434,v8:5123 TBR=yangguo@chromium.org,jgruber@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=v8:5339,v8:5434,v8:5123 Review-Url: https://chromiumcodereview.appspot.com/2438283002 Cr-Commit-Position: refs/heads/master@{#40499}
-
jgruber authored
These map checks were implemented for TF code already. This CL makes sure that parts implemented in C++ follow the same logic, which is: An object is an unmodified regexp if: 1) it's a receiver, 2) its map is the initial regexp map, 3) its prototype is a receiver, 4) and its prototype's map is the initial prototype's initial map. We can now be smarter in @@replace and @@split since checking maps (unlike the previous check of RegExp.prototype.exec) is not observable, so we can perform fast-path checks at a time of our choosing. BUG=v8:5339,v8:5434,v8:5123 Review-Url: https://chromiumcodereview.appspot.com/2434983002 Cr-Commit-Position: refs/heads/master@{#40495}
-
- 19 Oct, 2016 5 commits
-
-
gsathya authored
Moving the rest of the debugging code is blocked on making IsPromise inlinable. BUG=v8:5343 Review-Url: https://chromiumcodereview.appspot.com/2431793003 Cr-Commit-Position: refs/heads/master@{#40440}
-
titzer authored
This CL refactors the handling of metadata associated with WebAssembly modules to reduce the duplicate marshalling of data from the C++ world to the JavaScript world. It does this by wrapping the C++ WasmModule* object in a Foreign that is rooted from the on-heap WasmCompiledModule (which is itself just a FixedArray). Upon serialization, the C++ object is ignored and the original WASM wire bytes are serialized. Upon deserialization, the C++ object is reconstituted by reparsing the bytes. This is motivated by increasing complications in implementing the JS API, in particular WebAssembly.Table, which must perform signature canonicalization across instances. Additionally, this CL implements the proper base + offset initialization behavior for tables. R=rossberg@chromium.org,bradnelson@chromium.org,mtrofin@chromium.org,yangguo@chromium.org BUG=v8:5507, chromium:575167, chromium:657316 Review-Url: https://chromiumcodereview.appspot.com/2424623002 Cr-Commit-Position: refs/heads/master@{#40434}
-
yangguo authored
R=jgruber@chromium.org BUG=v8:5510 Review-Url: https://chromiumcodereview.appspot.com/2430673002 Cr-Commit-Position: refs/heads/master@{#40432}
-
cbruni authored
BUG= Review-Url: https://chromiumcodereview.appspot.com/2385423005 Cr-Commit-Position: refs/heads/master@{#40429}
-
titzer authored
R=clemensh@chromium.org,ahaas@chromium.org BUG= Review-Url: https://chromiumcodereview.appspot.com/2428343005 Cr-Commit-Position: refs/heads/master@{#40426}
-
- 18 Oct, 2016 5 commits
-
-
gsathya authored
BUG=v8:5343 Review-Url: https://codereview.chromium.org/2425553003 Cr-Commit-Position: refs/heads/master@{#40405}
-
bmeurer authored
These intrinsics are unused now, and so we can drop all the code in fullcodegen and Crankshaft that deals with those. TurboFan and Ignition never tried to optimize those. R=mstarzinger@chromium.org BUG=v8:5049 Review-Url: https://codereview.chromium.org/2427673004 Cr-Commit-Position: refs/heads/master@{#40401}
-
bmeurer authored
R=epertoso@chromium.org BUG=v8:5049 Review-Url: https://codereview.chromium.org/2424403002 Cr-Commit-Position: refs/heads/master@{#40399}
-
jgruber authored
This CL adds two new fast-paths for RegExp.prototype.replace in the case that the regexp itself is an unmodified JSRegExp instance and the replace argument is callable. Such cases call directly into runtime. This could be improved even further by turning the relevant runtime functions into inline TurboFan. BUG=v8:5339 Review-Url: https://codereview.chromium.org/2415663007 Cr-Commit-Position: refs/heads/master@{#40381}
-
caitp authored
Implements the variations of CreateArrayIterator() in TFJ builtins (ArrayPrototypeValues, ArrayPrototypeEntries and ArrayPrototypeKeys), and provides two new Object types with numerous maps which identify certain behaviours, which will be useful for inlining. Removes src/js/array-iterator.js entirely Also adds support for printing Symbol literals inserted by the Parser during desugaring when FLAG_print_builtin_ast is set to true. BUG=v8:5388 R=bmeurer@chromium.org, cbruni@chromium.org TBR=ulan@chromium.org Review-Url: https://codereview.chromium.org/2405253006 Cr-Commit-Position: refs/heads/master@{#40373}
-
- 17 Oct, 2016 5 commits
-
-
gsathya authored
BUG=v8:5343 Review-Url: https://codereview.chromium.org/2415023002 Cr-Commit-Position: refs/heads/master@{#40369}
-
jgruber authored
BUG=v8:5526 Review-Url: https://codereview.chromium.org/2422173003 Cr-Commit-Position: refs/heads/master@{#40368}
-
heimbuef authored
This adds more useful information to the v8-heap-stats tool. BUG=v8:5489 Review-Url: https://codereview.chromium.org/2394213003 Cr-Commit-Position: refs/heads/master@{#40361}
-
mstarzinger authored
This removes the {ParseInfo} constructor consuming a closure, replacing all uses to pass only the shared function info. The goal is to make the fact that parsing is independent of a concrete closure explicit. R=jochen@chromium.org BUG=v8:2206 Committed: https://crrev.com/3de42b3f224217ec88e4c609d3cf23fe06806dca Review-Url: https://codereview.chromium.org/2396963003 Cr-Original-Commit-Position: refs/heads/master@{#40083} Cr-Commit-Position: refs/heads/master@{#40353}
-
jochen authored
R=machenbach@chromium.org,titzer@chromium.org,bmeurer@chromium.org,jgruber@chromium.org BUG= CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_win_dbg,v8_mac_dbg;master.tryserver.chromium.android:android_arm64_dbg_recipe Review-Url: https://codereview.chromium.org/2416243002 Cr-Commit-Position: refs/heads/master@{#40350}
-
- 14 Oct, 2016 5 commits
-
-
danno authored
Introduce CSA_ASSERT macro that outputs a message, file name and line number to console before calling DebugBreak. Committed: https://crrev.com/23836e9c14f3df9b675fe02e2c23bb11e728b83d Review-Url: https://codereview.chromium.org/2419433008 Cr-Original-Commit-Position: refs/heads/master@{#40307} Cr-Commit-Position: refs/heads/master@{#40322}
-
machenbach authored
Revert of Improve CodeStubAssembler assert functionality (patchset #3 id:40001 of https://codereview.chromium.org/2419433008/ ) Reason for revert: [Sheriff] Fails leak checker: https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20-%20debug/builds/12393 Original issue's description: > Improve CodeStubAssembler assert functionality > > Introduce CSA_ASSERT macro that outputs a message, file name and line number to > console before calling DebugBreak. > > Committed: https://crrev.com/23836e9c14f3df9b675fe02e2c23bb11e728b83d > Cr-Commit-Position: refs/heads/master@{#40307} TBR=epertoso@chromium.org,ishell@google.com,ishell@chromium.org,danno@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true Review-Url: https://codereview.chromium.org/2414373002 Cr-Commit-Position: refs/heads/master@{#40313}
-
jgruber authored
GetCapture can reuse the bool pointer argument of GenericCaptureGetter instead of duplicating that logic with additional checks. The check also incorrectly checks for undefined while GenericCaptureGetter returns the empty string on failure. BUG=v8:5339 Review-Url: https://codereview.chromium.org/2422563002 Cr-Commit-Position: refs/heads/master@{#40309}
-
jgruber authored
Now that all accesses to the last match info are in C++ and TF code, we can finally turn the last match info into a FixedArray. Similar to the ArrayList, it uses its first field to store its length and grows dynamically in amortized O(1) time. Unlike previously, this means that the last match info pointer stored on the context can actually change (in case the FixedArray needs to grow). BUG=v8:5339 Review-Url: https://codereview.chromium.org/2415103002 Cr-Commit-Position: refs/heads/master@{#40308}
-
danno authored
Introduce CSA_ASSERT macro that outputs a message, file name and line number to console before calling DebugBreak. Review-Url: https://codereview.chromium.org/2419433008 Cr-Commit-Position: refs/heads/master@{#40307}
-