- 07 Dec, 2016 19 commits
-
-
bradnelson authored
The asm.js spec requires exports to be identifiers, this was DCHECKED in the asm-wasm-builder, but not the typer. BUG=672046 R=titzer@chromium.org Review-Url: https://codereview.chromium.org/2552913004 Cr-Commit-Position: refs/heads/master@{#41557}
-
dcheng authored
When v8 fails an access check, it invokes a helper to try to see if it can service the request via an access check interceptor. Invoking the access check interceptor can throw an exception (e.g. a SecurityError). Unfortunately, the failed access check property helpers and the interceptor helpers don't agree on how to propagate the exception: if the interceptor helper detects a scheduled exception, it promotes the exception to a pending exception and returns to the failed access check property helper. The failed access check property helper also has an early return in case of a scheduled exception. However, this doesn't work, as the previously thrown exception is no longer scheduled, as it's been promoted to a pending exception. Thus, the failed access check property helper always end up calling the failed access check callback as well. Since Blink's implementation of the failed access check callback also throws an exception, this conflicts with the previously-thrown, already-pending exception. With this patch, the failed access check property helpers check for a pending exception rather than a scheduled exception after invoking the interceptor, so the exception can be propagated correctly. BUG=v8:5715 R=yangguo@chromium.org,jochen@chromium.org Review-Url: https://codereview.chromium.org/2550423002 Cr-Commit-Position: refs/heads/master@{#41556}
-
caitp authored
Introduces: - a new AST node representing the GetIterator() algorithm in the specification, to be used by ForOfStatement, YieldExpression (in the case of delegating yield*), and the future `for-await-of` loop proposed in http://tc39.github.io/proposal-async-iteration/#sec-async-iterator-value-unwrap-functions. - a new opcode (JumpIfJSReceiver), which is useful for `if Type(object) is not Object` checks which are common throughout the specification. This node is easily eliminated by TurboFan. The AST node is desugared specially in bytecode, rather than manually when building the AST. The benefit of this is that desugaring in the BytecodeGenerator is much simpler and easier to understand than desugaring the AST. This also reduces parse time very slightly, and allows us to use LoadIC rather than KeyedLoadIC, which seems to have better baseline performance. This results in a ~20% improvement in test/js-perf-test/Iterators micro-benchmarks, which I believe owes to the use of the slightly faster LoadIC as opposed to the KeyedLoadIC in the baseline case. Both produce identical optimized code via TurboFan when the type check can be eliminated, and the load can be replaced with a constant value. BUG=v8:4280 R=bmeurer@chromium.org, rmcilroy@chromium.org, adamk@chromium.org, neis@chromium.org, jarin@chromium.org TBR=rossberg@chromium.org Review-Url: https://codereview.chromium.org/2557593004 Cr-Commit-Position: refs/heads/master@{#41555}
-
mvstanton authored
Since we OSR code rarely, it makes sense to store it and look for it on the native context rather than the SharedFunctionInfo. This makes the OptimizedCodeMap data structure more space efficient, as it doesn't have to store an ast ID for the OSR entry point. BUG= Review-Url: https://codereview.chromium.org/2549753002 Cr-Commit-Position: refs/heads/master@{#41554}
-
mlippautz authored
BUG=chromium:468240,chromium:668060 Review-Url: https://codereview.chromium.org/2551973005 Cr-Commit-Position: refs/heads/master@{#41553}
-
clemensh authored
There were two bugs, one partly hiding the other one: 1) We generate the ToNumber conversion for each WASM_TO_JS wrapper, even if the expected return type is void. 2) The return node in the WASM_TO_JS wrapper did not use the effect of the ToNumber conversion. This CL fixes both, and adds test cases to check that we do throw an error trying to convert (e.g.) Symbol to a number, but only if the return type is not void. Additional test check that a user-provided valueOf method is actually called the correct number of times. R=titzer@chromium.org, bradnelson@chromium.org BUG=v8:4203 Review-Url: https://codereview.chromium.org/2552123004 Cr-Commit-Position: refs/heads/master@{#41552}
-
mstarzinger authored
R=mvstanton@chromium.org Review-Url: https://codereview.chromium.org/2561563002 Cr-Commit-Position: refs/heads/master@{#41551}
-
jgruber authored
Both @@match and @@split internally use dynamically growing fixed arrays. Shrink to fit when wrapping these in a JSArray to avoid excessive memory usage. BUG=chromium:670205,chromium:670708 Review-Url: https://codereview.chromium.org/2556773002 Cr-Commit-Position: refs/heads/master@{#41550}
-
yangguo authored
R=jgruber@chromium.org, kozyatinskiy@chromium.org BUG=v8:5510 Review-Url: https://codereview.chromium.org/2530093002 Cr-Commit-Position: refs/heads/master@{#41549}
-
ishell authored
BUG= Review-Url: https://codereview.chromium.org/2560663002 Cr-Commit-Position: refs/heads/master@{#41548}
-
ishell authored
The flag must be used only by CodeStubAssemblerGraphsCorrectness cctest for now and once all the verification issues are fixed the flag will be enabled in debug mode by default. This CL also relaxes some checks for code stub graphs and fixes some issues in the stubs. BUG= Review-Url: https://codereview.chromium.org/2558653002 Cr-Commit-Position: refs/heads/master@{#41547}
-
henrique.ferreiro authored
This allows to detect a static property also named 'name', and also makes sure 'name' is added last, to be standards-compliant. BUG=v8:4199 Review-Url: https://codereview.chromium.org/2423053002 Cr-Commit-Position: refs/heads/master@{#41546}
-
alph authored
BUG=chromium:665398 Review-Url: https://codereview.chromium.org/2556833003 Cr-Commit-Position: refs/heads/master@{#41545}
-
ishell authored
Removing elements from stub cache by Major key only does not always work. BUG= Review-Url: https://codereview.chromium.org/2551353003 Cr-Commit-Position: refs/heads/master@{#41544}
-
dusan.simicic authored
This patch fixes jump_tables6 test for mips32r6 and mips64r6. This is regression from CL: https://crrev.com/d735f3ab12061f0a588b3f0538f9229cf747f818 BUG= Review-Url: https://codereview.chromium.org/2547033002 Cr-Commit-Position: refs/heads/master@{#41543}
-
petermarshall authored
This just calls into a runtime function for implementation currently. Intermediate step in speeding up constructor calls containing a spread. The NewWithSpread bytecode will probably end up having different arguments with future CLs - the constructor and the new.target should have their own regs. For now we are calling into the runtime function, so we need the regs together. BUG=v8:5659 Review-Url: https://codereview.chromium.org/2541113004 Cr-Commit-Position: refs/heads/master@{#41542}
-
jarin authored
BUG=chromium:671574 Review-Url: https://codereview.chromium.org/2560743002 Cr-Commit-Position: refs/heads/master@{#41541}
-
v8-autoroll authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/2b2a961..788dcd7 Rolling v8/buildtools: https://chromium.googlesource.com/chromium/buildtools/+log/64e38f0..55ad626 Rolling v8/third_party/catapult: https://chromium.googlesource.com/external/github.com/catapult-project/catapult/+log/287f4bd..415a532 TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org Review-Url: https://codereview.chromium.org/2556003002 Cr-Commit-Position: refs/heads/master@{#41540}
-
bjaideep authored
Since addi sets cr0, it should be passed to Assert method (default is cr7) R=joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG= LOG=N Review-Url: https://codereview.chromium.org/2560473003 Cr-Commit-Position: refs/heads/master@{#41539}
-
- 06 Dec, 2016 21 commits
-
-
gsathya authored
BUG=v8:5343 Review-Url: https://codereview.chromium.org/2556483002 Cr-Commit-Position: refs/heads/master@{#41538}
-
gsathya authored
BUG=v8:5343 Review-Url: https://codereview.chromium.org/2558493003 Cr-Commit-Position: refs/heads/master@{#41537}
-
bjaideep authored
R=joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG= LOG=N Review-Url: https://codereview.chromium.org/2559433003 Cr-Commit-Position: refs/heads/master@{#41536}
-
adamk authored
Apparently our HashMap can't deal with iteration over an empty map. R=verwaest@chromium.org,neis@chromium.org BUG=v8:5711 Review-Url: https://codereview.chromium.org/2551943003 Cr-Commit-Position: refs/heads/master@{#41535}
-
https://codereview.chromium.org/2536463002/gsathya authored
This reverts commit 4c7cccf9. BUG=v8:5343 Review-Url: https://codereview.chromium.org/2554943002 Cr-Commit-Position: refs/heads/master@{#41534}
-
lpy authored
JavaScript cannot represent integer larger than 2^53 - 1 from JSON, thus this patch removes AppendLongInteger and convert long integer to string using std::to_string. TBR=cbruni@chromium.org Review-Url: https://codereview.chromium.org/2557463003 Cr-Commit-Position: refs/heads/master@{#41533}
-
ishell authored
Revert of [turbofan] Add --csa-verify flag that enables machine graph verification of code stubs. (patchset #2 id:60001 of https://codereview.chromium.org/2551933002/ ) Reason for revert: Broke nosnap build: https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap%20-%20debug/builds/10689 Original issue's description: > [turbofan] Add --csa-verify flag that enables machine graph verification of code stubs. > > The flag must be used only by CodeStubAssemblerGraphsCorrectness cctest for now > and once all the verification issues are fixed the flag will be enabled in debug > mode by default. > > BUG= > > Committed: https://crrev.com/292b3548f6d02b964b4afe3e05f89c0681fa5620 > Cr-Commit-Position: refs/heads/master@{#41531} TBR=mstarzinger@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG= Review-Url: https://codereview.chromium.org/2552893003 Cr-Commit-Position: refs/heads/master@{#41532}
-
ishell authored
The flag must be used only by CodeStubAssemblerGraphsCorrectness cctest for now and once all the verification issues are fixed the flag will be enabled in debug mode by default. BUG= Review-Url: https://codereview.chromium.org/2551933002 Cr-Commit-Position: refs/heads/master@{#41531}
-
titzer authored
R=bradnelson@chromium.org,rossberg@chromium.org BUG=v8:5705 Review-Url: https://codereview.chromium.org/2551323003 Cr-Commit-Position: refs/heads/master@{#41530}
-
bradnelson authored
The asm-wasm-builder started allocating SharedFunctionInfos, this makes it bad we'd passed Script by pointer (due to ignorance). Switching to Handle<Script>. R=clemensh@chromium.org,titzer@chromium.org BUG=v8:5716 Review-Url: https://codereview.chromium.org/2552873003 Cr-Commit-Position: refs/heads/master@{#41529}
-
titzer authored
R=bradnelson@chromium.org,clemensh@chromium.org BUG= Review-Url: https://codereview.chromium.org/2553123002 Cr-Commit-Position: refs/heads/master@{#41528}
-
clemensh authored
Make some methods on V8DebuggerScript virtual and provide the implementations ActualScript for scripts which are backed by scripts on V8's side, and WasmVirtualScript for wasm scripts. The added test case ensures that we at least don't crash on the attempt to get breakable locations for wasm "scripts", which we did previously. Returning a reasonable result for wasm will be implemented in a follow-up commit. R=yangguo@chromium.org, jgruber@chromium.org BUG=chromium:667767,chromium:613110 Review-Url: https://codereview.chromium.org/2532433003 Cr-Commit-Position: refs/heads/master@{#41527}
-
jgruber authored
Passing kAllowLargeObjectAllocation now allocates in LOS if necessary. Allow such allocations when growing fixed arrays in RegExp's @@match and @@split operations. BUG=chromium:670671 Review-Url: https://codereview.chromium.org/2555703003 Cr-Commit-Position: refs/heads/master@{#41526}
-
bradnelson authored
In switching to incremental parsing, we switched to pre-computing line numbers for forward declarations. This is expensive, because GetLineNumber reparses lines. Also, switch typing maps to unordered_map (as they appear hot). BUG=v8:4203 R=titzer@chromium.org Review-Url: https://codereview.chromium.org/2553033002 Cr-Commit-Position: refs/heads/master@{#41525}
-
ulan authored
come from the runtime. This patch fixes an issue of heap growing to max capacity when incremental marking is finished but cannot finalize due to GC stack guard not triggering. It can happen if all allocations come from the runtime, for example, from JSON parser or compiler. Now before expanding the heap we check if we are above the allocation limit and the incremental marking needs to be finalized. If so we do not expand the heap and force GC, which will finalize the incremental marking. The check is performed for paged spaces and large-object space. BUG=chromium:670675 Review-Url: https://codereview.chromium.org/2552613004 Cr-Commit-Position: refs/heads/master@{#41524}
-
machenbach authored
BUG=v8:5193 NOTRY=true TBR=alph@chromium.org,yangguo@chromium.org Review-Url: https://codereview.chromium.org/2555683003 Cr-Commit-Position: refs/heads/master@{#41523}
-
clemensh authored
It turns out that showing a five-digit number of resources blocks the UI for a few minutes, and it remains very laggy even after that. This CL adds another component to the path of wasm scripts if the module contains more than 300 functions. The additional component will be the function index rounded down to the next multiple of 100. Example URL before: wasm://wasm/wasm-0284f1c6/wasm-0284f1c6-26337 Example URL after: wasm://wasm/wasm-0284f1c6/26300/wasm-0284f1c6-26337 This avoids showing a five-digit number of entries in the resources view. R=kozyatinskiy@chromium.org, titzer@chromium.org, yangguo@chromium.org BUG=chromium:659715 Review-Url: https://codereview.chromium.org/2555433002 Cr-Commit-Position: refs/heads/master@{#41522}
-
marja authored
This makes the context allocation less pessimistic in the following cases: function outer() { var a; // Won't be context allocated function inner1() { var a; a; } function inner2(a) { a; } function inner3([a]) { a; } function inner4({ a: b}) { a; } } BUG=v8:5501 Review-Url: https://codereview.chromium.org/2407163003 Cr-Commit-Position: refs/heads/master@{#41521}
-
yangguo authored
This is done by reimplementing Symbol.for directly on top of NameDictionary. A nice side effect is the removal of src/js/symbol.js R=jochen@chromium.org, peria@chromium.org BUG=chromium:617892 Review-Url: https://codereview.chromium.org/2551763003 Cr-Commit-Position: refs/heads/master@{#41520}
-
clemensh authored
*and* report all "virtual" wasm scripts right when the wasm script is registered at the inspector. WasmScript is a subtype of Script, with the cast checking that it is actually a wasm script. This layout makes it quite easy to implement functionality that is only available for wasm scripts, and allows to later directly use the WasmCompiledModule instead of the i::Script for backing the debug::WasmScript. We might also add virtual methods to provide different implementations for GetSourcePosition, Source and others. DisassembleWasmFunction now also becomes a method of this class instead of a static function on the DebugInterface. The WasmTranslation now uses the new WasmScript type instead of the Script wrapper, and also registers all virtual wasm scripts immediately when the wasm script is made public to the inspector (when the wasm module is created). R=yangguo@chromium.org,dgozman@chromium.org,titzer@chromium.org BUG=chromium:613110,chromium:659715 Review-Url: https://codereview.chromium.org/2531163010 Cr-Commit-Position: refs/heads/master@{#41519}
-
yangguo authored
TBR=bmeurer@chromium.org BUG=chromium:671576 Review-Url: https://codereview.chromium.org/2550143004 Cr-Commit-Position: refs/heads/master@{#41518}
-