- 16 Mar, 2017 3 commits
-
-
jgruber authored
This moves most of the logic contained in RegExpExecStub to CSA. Benefits are mostly easier readability and hackability, and removal of a large chunk of platform-specific assembly. Exit frame construction and the final call remain in RegExpExecStub. BUG=v8:5339,v8:592 Review-Url: https://codereview.chromium.org/2738413002 Cr-Commit-Position: refs/heads/master@{#43844}
-
bmeurer authored
The fast-path for Array.prototype.indexOf first checks whether the receiver is a fast-mode JSArray (and there are no elements in the prototype chain in case of holey arrays), then loads the known JSArray::length, and afterwards calls ToInteger on the fromIndex. But this ToInteger(fromIndex) call can cause arbitrary side effects if the fromIndex is a JSReceiver, in particular it can invalidate the assumptions about the fast-mode of the receiver and the length. In the worst case this leads to OOB memory access. Quick-fix is to bailout to the runtime if the fromIndex is neither a Smi nor undefined, which represents the common cases. R=jarin@chromium.org BUG=chromium:702058 Review-Url: https://codereview.chromium.org/2756663002 Cr-Commit-Position: refs/heads/master@{#43843}
-
v8-autoroll authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/2744073..81c2772 Rolling v8/third_party/catapult: https://chromium.googlesource.com/external/github.com/catapult-project/catapult/+log/e9f547b..d49bf81 TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org Change-Id: Id67a6e6608c34c753dbeb01852e9b16bc0d6a0a3 Reviewed-on: https://chromium-review.googlesource.com/455660Reviewed-by: v8 autoroll <v8-autoroll@chromium.org> Commit-Queue: v8 autoroll <v8-autoroll@chromium.org> Cr-Commit-Position: refs/heads/master@{#43842}
-
- 15 Mar, 2017 35 commits
-
-
bbudge authored
- Adds new load/store opcodes (0xc0, 0xc1) for S128 type. - Implements these for ARM. - Enables more WASM SIMD tests, and adds new LoadStoreLoad test. LOG=N BUG=v8:6020 Review-Url: https://codereview.chromium.org/2745853002 Cr-Commit-Position: refs/heads/master@{#43841}
-
Andrii Shyshkalov authored
This reverts commit 58ff145e. Reason for revert: the bug in git-numberer has been fixed and deployed. Original change's description: > [release] Temporarily disable gerrit for merge tools. > > BUG=chromium:698845 > NOTRY=true > TBR=hablich@chromium.org,tandrii@chromium.org > > Change-Id: I970c984c5e9bd23ca3d951d13243d107fc2a2e3f > Reviewed-on: https://chromium-review.googlesource.com/451280 > Reviewed-by: Michael Achenbach <machenbach@chromium.org> > Reviewed-by: Michael Hablich <hablich@chromium.org> > Commit-Queue: Michael Hablich <hablich@chromium.org> > Commit-Queue: Michael Achenbach <machenbach@chromium.org> > Cr-Commit-Position: refs/heads/master@{#43646} R=machenbach@chromium.org,hablich@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. BUG=chromium:698845 Change-Id: I34b12a36c21a2d7a46eb67bce0536298a0582dd5 Reviewed-on: https://chromium-review.googlesource.com/455799Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#43840}
-
franzih authored
'const' type qualifier on return type has no effect and produces compiler warnings. BUG= Review-Url: https://codereview.chromium.org/2751513004 Cr-Commit-Position: refs/heads/master@{#43839}
-
mvstanton authored
BUG=v8:6103, chromium:700294 R=bmeurer@chromium.org Review-Url: https://codereview.chromium.org/2756463002 Cr-Commit-Position: refs/heads/master@{#43838}
-
Michael Starzinger authored
R=mvstanton@chromium.org Change-Id: Ifc1c8a7ba83f4f877b3dd3cd58ca71febc48b550 Reviewed-on: https://chromium-review.googlesource.com/455737Reviewed-by: Michael Stanton <mvstanton@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#43837}
-
Toon Verwaest authored
BUG=v8:5561 Change-Id: I425ad7e670b8e9c701ff284ab1be3638a975a6d3 Reviewed-on: https://chromium-review.googlesource.com/455832 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#43836}
-
Clemens Hammacher authored
When generating the code for an illegal (non-js-compliant) wrapper for a js function, we were generating a zero constant of the return type. This failed on ia32 if the return type is i64. The correct thing to do is to return two i32 zero constants. R=titzer@chromium.org BUG=v8:6104, v8:6096 Change-Id: Idc0dd8d3eef901c22d5278d97f1879b000a18588 Reviewed-on: https://chromium-review.googlesource.com/455857Reviewed-by: Ben Titzer <titzer@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#43835}
-
Jochen Eisinger authored
That way, we don't need to create a context-less constructor function. Instead, we use the constructor_or_backpointer (or null) field, and rename it to constructor_or_fti_or_backpointer so nobody is confused. Note that technically, we still have JSFunctions without contexts, as they're temporarily created in the deoptimizer. BUG=v8:6084 R=dcheng@chromium.org,bmeurer@chromium.org,verwaest@chromium.org Change-Id: I084f052533c317f2cbfb9c35e1acf40263c6257b Reviewed-on: https://chromium-review.googlesource.com/454636 Commit-Queue: Jochen Eisinger <jochen@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Cr-Commit-Position: refs/heads/master@{#43834}
-
Leszek Swirski authored
Marking shared functions for tier-up was optimizing the functions non-concurrently, to avoid the case where the same shared function is optimized concurrently by multiple JS functions. This was particularly a problem for small functions, which (if called in a loop) could get marked for optimisation quite quickly. In this CL, the shared function is instead marked as having an active optimization job running, and these do not spawn a compilation job. BUG=chromium:693590 BUG=chromium:700863 BUG=chromium:701665 Change-Id: I2b1c5af8e7aa8d779f86814c22c65c78bee0630f Reviewed-on: https://chromium-review.googlesource.com/455779Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#43833}
-
Ross McIlroy authored
Adds a TestTypeof bytecode to deal with comparisons of the form: typeof(object) === 'string'; Also adds support to Turbofan to perform these comparisons without inserting checkpoints. BUG=v8:4280,v8:5267 Change-Id: Ib5cc1c6816dfe70a4120838d8eada2fc0267750f Reviewed-on: https://chromium-review.googlesource.com/454837Reviewed-by: Mythri Alle <mythria@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#43832}
-
Michael Achenbach authored
This adds one of the release unittests to presubmit. Different entry points for CI and CQ are required. More tests will follow in subsequent CLs. BUG=chromium:701296 NOTRY=true Change-Id: Ie96fba873f77df14efb1dc54388f075c056b64a6 Reviewed-on: https://chromium-review.googlesource.com/454639Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#43831}
-
bmeurer authored
There's no point in trying to convert to a string, as this runtime function must always be called with Strings, otherwise there's a bug. R=yangguo@chromium.org Review-Url: https://codereview.chromium.org/2748253004 Cr-Commit-Position: refs/heads/master@{#43830}
-
Michael Lippautz authored
BUG=chromium:694255 R=hpayer@chromium.org Change-Id: Ie8d23ec88e9b8f97ac094630f4e46e9b31f93cc5 Reviewed-on: https://chromium-review.googlesource.com/452817Reviewed-by: Hannes Payer <hpayer@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#43829}
-
leszeks authored
The function "foo" in "base_getter_test" was picking up a left-over optimised code object from foo's code map, the third time that base_getter_test was run, instead of optimising it itself. This broke the assumptions of the test, that each case was functionally independent from the others, and had started off with empty feedback and no optimised code. This breaks the test though, so we have to blacklist it pending a fix to the root cause (http://crbug.com/v8/6101). Review-Url: https://codereview.chromium.org/2750623004 Cr-Commit-Position: refs/heads/master@{#43828}
-
gdeepti authored
- Added: Int32x4Mul, Int32x4Min, Int32x4Max, Int32x4Equal, Int32x4NotEqual Uint32x4Min, Uint32x4Max - Fix I32x4Splat R=bbudge@chromium.org, bradnelson@chromium.org, mtrofin@chromium.org Review-Url: https://codereview.chromium.org/2719953002 Cr-Commit-Position: refs/heads/master@{#43827}
-
Michael Lippautz authored
This fixes a TSAN data race when writing the forwarding pointer in MigrateObject and reading the object as a LayoutDescriptor when trying to figure out the layout of another object in parallel. BUG=chromium:701732 Change-Id: I1e291fa1afb42771244e1346680164de71c3a838 Reviewed-on: https://chromium-review.googlesource.com/455817Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#43826}
-
Wiktor Garbacz authored
It does not really matter for the preparser but do it for sake of consistency. BUG= Change-Id: I2f58486cb3a8b866bbfa35b398abc7b5ead02ee7 Reviewed-on: https://chromium-review.googlesource.com/455797Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Wiktor Garbacz <wiktorg@google.com> Cr-Commit-Position: refs/heads/master@{#43825}
-
Michael Starzinger authored
This handles non-strict equality comparison operations having number feedback during the early type-hint lowering (i.e. during graph construction). R=jarin@chromium.org Change-Id: I1db67e78312934bbb20aee775979797420ff2581 Reviewed-on: https://chromium-review.googlesource.com/455796Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#43824}
-
yangguo authored
R=verwaest@chromium.org BUG=v8:6071 Review-Url: https://codereview.chromium.org/2740033002 Cr-Commit-Position: refs/heads/master@{#43823}
-
Wiktor Garbacz authored
BUG=v8:6100 Change-Id: Ib8729b2688bbaf6fb397737ccf1b1c086698ab93 Reviewed-on: https://chromium-review.googlesource.com/455876 Commit-Queue: Wiktor Garbacz <wiktorg@google.com> Reviewed-by: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#43822}
-
Clemens Hammacher authored
When compiling a wasm to js wrapper for a signature which is not JS compatible, we generate a runtime call to throw a type error and return immediately afterwards. We were using the return value of the runtime call as return value for the wrapper. This worked for integer return values, since the same registers are used for tagged values and integer values. For float values, however, it failed, since the return value needs to be stored in another register. R=titzer@chromium.org BUG=v8:6096 Change-Id: I8f39ea132cd150c3044673d25fa3c3588b4266bf Reviewed-on: https://chromium-review.googlesource.com/455816Reviewed-by: Ben Titzer <titzer@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#43821}
-
Marja Hölttä authored
BUG=v8:5294 Change-Id: I6214c50c7d1344210a80763b066e5ec56df1265a Reviewed-on: https://chromium-review.googlesource.com/453460 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#43820}
-
Michael Achenbach authored
Mark slow tests discovered by manual audit of reported durations. Slow tests will run first, which will lead to higher test runner throughput. Also some tests have flaky timeouts occasionally. BUG=chromium:601468 Change-Id: If9aeb5422e79ff25b867b01c50386a5fdebeb494 Reviewed-on: https://chromium-review.googlesource.com/455736Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#43819}
-
Toon Verwaest authored
BUG= Change-Id: I1fd0ae3dcb0e644e9f2a56c242720b4def4bb579 Reviewed-on: https://chromium-review.googlesource.com/454836 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#43818}
-
Michael Achenbach authored
This commit will likely capture several perf alerts from bots that hung. All allerts might be attributable to the I+TF switch. BUG=v8:6067 NOTRY=true NOTREECHECKS=true NOPRESUBMIT=true TBR=hablich@chromium.org Change-Id: Ie6d0dc977823f8740856904bdcf157c8b021d60b Reviewed-on: https://chromium-review.googlesource.com/455776Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#43817}
-
Toon Verwaest authored
BUG= Change-Id: Ic63c63a312c6282814c14176d982b8c825ba6dc4 Reviewed-on: https://chromium-review.googlesource.com/454756 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#43816}
-
neis authored
R=jarin@chromium.org BUG= Review-Url: https://codereview.chromium.org/2745753002 Cr-Commit-Position: refs/heads/master@{#43815}
-
Michael Starzinger authored
This changes the IR to no longer require single {IfSuccess} projection nodes unless there is a corresponding {IfException} node that links the potentially throwing call to an exception handler. This reduces graph size as well as compilation time when exception handlers aren't present. The new invariant for potentially throwing nodes is: Nodes that can potentially throw either have both IfSuccess/IfException projections as the only control uses and no direct control uses, or no projections at all and solely direct control uses. R=jarin@chromium.org Change-Id: I3d9cd816d74ad5af13e0673da7ec7a98f1ecdc7e Reviewed-on: https://chromium-review.googlesource.com/449715 Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#43814}
-
bmeurer authored
For the old asm.js pipeline, there's no point in running either the JSCallReducer or the JSNativeContextSpecialization, as both will not kick in for any asm.js relevant code. So remove the kDeoptimizationEnabled flag from both of them and just run them on regular JavaScript only. Drive-by-fix: Slightly rearrange keyed access to String receivers in the JSNativeContextSpecialization::ReduceKeyedAccess method to access constant characters independent of the IC mode (as long as the constant index is within the range of the receiver). BUG=v8:5267 R=jarin@chromium.org Review-Url: https://codereview.chromium.org/2743253002 Cr-Commit-Position: refs/heads/master@{#43813}
-
jarin authored
BUG=chromium:700883 Review-Url: https://codereview.chromium.org/2751513006 Cr-Commit-Position: refs/heads/master@{#43812}
-
jarin authored
BUG=chromium:693425 Review-Url: https://codereview.chromium.org/2749193003 Cr-Commit-Position: refs/heads/master@{#43811}
-
v8-autoroll authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/7de5863..2744073 Rolling v8/third_party/catapult: https://chromium.googlesource.com/external/github.com/catapult-project/catapult/+log/1ec68b3..e9f547b Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/f091611..2a8813f TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org Change-Id: Ie78a772ac8d840d4f18a6b756a8ae67979cd2ef1 Reviewed-on: https://chromium-review.googlesource.com/455397Reviewed-by: v8 autoroll <v8-autoroll@chromium.org> Commit-Queue: v8 autoroll <v8-autoroll@chromium.org> Cr-Commit-Position: refs/heads/master@{#43810}
-
jing.bao authored
Also use vinstr for vps/vpd/vss/vsd BUG= Review-Url: https://codereview.chromium.org/2747103002 Cr-Commit-Position: refs/heads/master@{#43809}
-
Eric Holk authored
Change-Id: I47f0d5578a7c26aa7a30c97175eefc1a9c935d77 Reviewed-on: https://chromium-review.googlesource.com/455318 Commit-Queue: Eric Holk <eholk@chromium.org> Commit-Queue: Brad Nelson <bradnelson@chromium.org> Reviewed-by: Brad Nelson <bradnelson@chromium.org> Cr-Commit-Position: refs/heads/master@{#43808}
-
Eric Holk authored
Android sets both V8_OS_ANDROID and V8_OS_LINUX. For the Wasm trap handler, the difference between these OSes matters. BUG= chromium:701590 Change-Id: I5ae703a1d932c8a63e499ad39a057ad1871a2ab1 Reviewed-on: https://chromium-review.googlesource.com/455556 Commit-Queue: Eric Holk <eholk@chromium.org> Commit-Queue: Brad Nelson <bradnelson@chromium.org> Reviewed-by: Brad Nelson <bradnelson@chromium.org> Cr-Commit-Position: refs/heads/master@{#43807}
-
- 14 Mar, 2017 2 commits
-
-
Ross McIlroy authored
Removes the --ignition-staging flag since it is no longer used by anything and won't be a shipping configuration. Also removes ignition_turbo variant from testrunner, since it is now the same as the turbofan variant. BUG=v8:4280 Change-Id: I3b96e986879fc70b8e202fe9496334828acdd0ba Reviewed-on: https://chromium-review.googlesource.com/452621 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#43806}
-
franzih authored
Revert of Collect type profile for DevTools. (patchset #40 id:750001 of https://codereview.chromium.org/2707873002/ ) Reason for revert: gcc bot is now flaky https://build.chromium.org/p/client.v8/builders/V8%20Linux%20gcc%204.8/builds/11863 Original issue's description: > Collect type profile for DevTools > > Collect type information for JavaScript variables and display it > in Chrome DevTools. > Design Doc: https://docs.google.com/a/google.com/document/d/1O1uepXZXBI6IwiawTrYC3ohhiNgzkyTdjn3R8ysbYgk/edit?usp=sharing > > When debugging JavaScript, it’s helpful to know the type of > a variable, parameter, and return values. JavaScript is > dynamically typed, and for complex > source code it’s often hard to infer types. With type profiling, we > can provide type information to JavaScript developers. > > This CL is a proof of concept. It collects type profile for > assignments and simply prints the types to stdout. > > The output looks something like this: > > #my_var1 > #Object > #number > #string > #number > #undefined > #string > #Object > #Object > > > We use an extra slot in the feedback vector of assignments to > carry the list of types for that assignment. The extra slot is > only added when the flag --type-profile is given. > > > Missing work: > * Collect data for parameters and return values (currently only assignments). > * Remove duplicates from the list of collected types and use a common base class. > * Add line numbers or source position instead of the variable name. > > > > BUG=v8:5935 > > Review-Url: https://codereview.chromium.org/2707873002 > Cr-Original-Commit-Position: refs/heads/master@{#43791} > Committed: https://chromium.googlesource.com/v8/v8/+/0332bebde99d0f9a5a8326382f5f37cc26224ae0 > Review-Url: https://codereview.chromium.org/2707873002 > Cr-Commit-Position: refs/heads/master@{#43804} > Committed: https://chromium.googlesource.com/v8/v8/+/6cf880f4b84c533d4bb139d33c1369e309d1c579 TBR=yangguo@chromium.org,mvstanton@chromium.org,rmcilroy@chromium.org,mstarzinger@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=v8:5935 Review-Url: https://codereview.chromium.org/2754573002 Cr-Commit-Position: refs/heads/master@{#43805}
-