- 14 Mar, 2018 15 commits
-
-
Michael Starzinger authored
R=titzer@chromium.org BUG=v8:7549 Change-Id: Ibae3ea41306ae89ee5caaa6ab2fdec6f08f2040c Reviewed-on: https://chromium-review.googlesource.com/962361Reviewed-by: Ben Titzer <titzer@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#51927}
-
Ben L. Titzer authored
This removes the relocation mode and code specialization for table sizes. These are now stored in the context and not inlined into code. Bug: v8:7549, v8:7424 R=mstarzinger@chromium.org Change-Id: I4cec78fdd365cd0c1dab9f5f4b40ffb69f540bda Reviewed-on: https://chromium-review.googlesource.com/962221 Commit-Queue: Ben Titzer <titzer@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#51926}
-
Michael Starzinger authored
R=clemensh@chromium.org BUG=v8:7549 Change-Id: Ied73ba2c146441c87c5ada65285037b68a83abe1 Reviewed-on: https://chromium-review.googlesource.com/962026Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#51925}
-
Benedikt Meurer authored
This is a partial revert of e583fc83. The reasoning here is that the treatment of SpeculativeToNumber[hint] was not consistent (which led to the original bug that caused the performance regression): The semantics of the operator is that it turns its input into a number, and might bailout if the input is too complex to accomplish that within optimized code. It can use the hint to handle even fewer cases without the risk of a deoptimization loop. However it cannot rely on the hint influencing the output, especially not before SimplifiedLowering ran. The code for the OOB element access however relied on the hint being enforced, which caused the original bug. This CL repairs that and instead uses CheckSmi for the OOB element access guard. Also-By: tebbi@chromium.org Bug: chromium:819298, chromium:820729 Change-Id: I9b2170ccf9b5561d698c0108e93e538cac1e708c Reviewed-on: https://chromium-review.googlesource.com/961066Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#51924}
-
Michael Starzinger authored
R=clemensh@chromium.org BUG=v8:7549 Change-Id: Ie2d9d9b569b46396e78b3a6c39fe7e36b6090608 Reviewed-on: https://chromium-review.googlesource.com/962247Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#51923}
-
Stephan Herhut authored
SafeStackFrameIterator used to skip over wasm frames, thus hiding them for example in the Chrome profiler. Change-Id: I81b1d73ab0b4fb1886f3300083a9550dc0f55525 Reviewed-on: https://chromium-review.googlesource.com/955697Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Stephan Herhut <herhut@chromium.org> Cr-Commit-Position: refs/heads/master@{#51922}
-
Benedikt Meurer authored
In case of Node.js (and Electron) we are guaranteed to always have only off-heap typed arrays, indicated by V8_TYPED_ARRAY_MAX_SIZE_IN_HEAP being 0. So we can leverage this fact in TurboFan to generate more efficient code, avoiding the offset computation. Bug: v8:7253 Change-Id: I97db0dfec21c594ff8be0f1d405e828c7ae38c33 Reviewed-on: https://chromium-review.googlesource.com/962243Reviewed-by: Peter Marshall <petermarshall@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#51921}
-
Clemens Hammacher authored
This adds support for i32.reinterpret/f32, i64.reinterpret/f64, f32.reinterpret/i32, and f64.reinterpret/i64. On x64, all operations are straight-forward. On ia32, conversions from or to i64 are done via the stack. R=titzer@chromium.org Bug: v8:6600 Change-Id: If5562caf7367726904c6e405ad4fc5436d21144e Reviewed-on: https://chromium-review.googlesource.com/962224Reviewed-by: Ben Titzer <titzer@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#51920}
-
Dan Elphick authored
Always use the runtime to set the length on an array if it doesn't match the expected length after populating it using Array.from. Bug: chromium:821137 Change-Id: I5a730db58de61ba789040e6dfc815d6067fbae64 Reviewed-on: https://chromium-review.googlesource.com/962222Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#51919}
-
Kevin Gibbons authored
Previously the error was "undefined is not a function". Now it is "1 is not iterable". Bug: v8:6522 Change-Id: If338ddefca78fd6a10cc12b26f0dec632900f32b Reviewed-on: https://chromium-review.googlesource.com/959728 Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#51918}
-
Georg Neis authored
R=machenbach@chromium.org, sigurds@chromium.org Bug: v8:7551 Change-Id: If7aca6477acc86eddd2ca7d96a8b222dca9298c2 Reviewed-on: https://chromium-review.googlesource.com/960662Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#51917}
-
Clemens Hammacher authored
During a C call, a previous value of the stack pointer is stored in a platform specific callee saved register. Loading the out argument of the C call might overwrite the value in that register, if the destination register collides with the platform specific register. Hence, do first use that register to restore the previous stack pointer, and only then load the out argument. Similarly, when pushing arguments to the stack, do first push all values and then set the platform specific register in order to avoid overwriting an argument value held in that register. Drive-by: Fix offset computations for parameters pushed to the stack for c calls. R=titzer@chromium.org Bug: chromium:820802,chromium:820896,chromium:820807,v8:6600 Change-Id: If4567467b7912454f0bd2cad5927233c98894b03 Reviewed-on: https://chromium-review.googlesource.com/959064Reviewed-by: Ben Titzer <titzer@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#51916}
-
Clemens Hammacher authored
Since f32 and f64 constants are loaded into registers right away, we never need to spill them as constants later. R=titzer@chromium.org Bug: v8:6600 Change-Id: I7da91bb995e5127b0a9cb1a12a0fcd6566ed98ff Reviewed-on: https://chromium-review.googlesource.com/960943Reviewed-by: Ben Titzer <titzer@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#51915}
-
Michael Achenbach authored
This reverts commit 98dec8f2. Reason for revert: Speculative revert as win32/64 debug seems to hang after this: https://build.chromium.org/p/client.v8/builders/V8%20Win32%20-%20debug/builds/13691 Original change's description: > [inspector] added Runtime.terminateExecution > > Runtime.terminateExecution terminates current or next JavaScript > call. Termination flag is automatically reset as soon as v8 call > or microtasks are completed. > > R=pfeldman@chromium.org > > Bug: chromium:820640 > Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel > Change-Id: Ie21c123be3a61fe25cf6e04c38a8b6c664622ed7 > Reviewed-on: https://chromium-review.googlesource.com/957386 > Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> > Reviewed-by: Dmitry Gozman <dgozman@chromium.org> > Cr-Commit-Position: refs/heads/master@{#51912} TBR=dgozman@chromium.org,pfeldman@chromium.org,kozyatinskiy@chromium.org Change-Id: I25258ca5e9a2c2c514f0834da0ef0f5e75421d52 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:820640 Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel Reviewed-on: https://chromium-review.googlesource.com/962002Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#51914}
-
v8-autoroll authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/cd1fe2b..95a628b Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/548a5bc..7b53f08 TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org Change-Id: I863f435f975b1323a2b8c1ce19b4dd9bd317a68d Reviewed-on: https://chromium-review.googlesource.com/961810 Commit-Queue: v8 autoroll <v8-autoroll@chromium.org> Reviewed-by: v8 autoroll <v8-autoroll@chromium.org> Cr-Commit-Position: refs/heads/master@{#51913}
-
- 13 Mar, 2018 22 commits
-
-
Alexey Kozyatinskiy authored
Runtime.terminateExecution terminates current or next JavaScript call. Termination flag is automatically reset as soon as v8 call or microtasks are completed. R=pfeldman@chromium.org Bug: chromium:820640 Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel Change-Id: Ie21c123be3a61fe25cf6e04c38a8b6c664622ed7 Reviewed-on: https://chromium-review.googlesource.com/957386 Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> Reviewed-by: Dmitry Gozman <dgozman@chromium.org> Cr-Commit-Position: refs/heads/master@{#51912}
-
Jakob Kummerow authored
While deserializing a BigInt with the --harmony-bigint flag off is harmless in itself, trying to wrap one as an Object (either during deserialization of a JSValue or later from user code) requires the BigInt constructor to be available. Since there's no strong reason to support deserialization of BigInts without the flag, this patch simply disallows it, which fixes the problem. Bug: chromium:820819 Change-Id: I024a4f13715bbe95ee8eb6e1710e8f47ca227644 Reviewed-on: https://chromium-review.googlesource.com/959802Reviewed-by: Adam Klein <adamk@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#51911}
-
Benedikt Meurer authored
Bug: chromium:819298, chromium:820729 Change-Id: I3a1bccfe889ca409085396e2e1c4ae991093d0ea Reviewed-on: https://chromium-review.googlesource.com/960321 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#51910}
-
Stephan Herhut authored
Function names are optional in wasm and might not be present for most functions. Instead of storing an empty name with each function, this change loads names, if present, on first access of the name. This also fixes an inconsistency with streaming compilation. Under streaming compilation, functions are compiled before parsing the name section. Hence, they always received an empty name. With this change, assignment of names is typically deferred until the whole module was parsed. Bug: chromium:820291 Change-Id: I86d76aa40b7c45897d152725547795c8b6b9b9ba Reviewed-on: https://chromium-review.googlesource.com/955647 Commit-Queue: Stephan Herhut <herhut@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#51909}
-
Georgia Kouveli authored
Change-Id: I6504174103af71cba65a078d1918cddd748c6067 Reviewed-on: https://chromium-review.googlesource.com/934283Reviewed-by: Ben Titzer <titzer@chromium.org> Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com> Cr-Commit-Position: refs/heads/master@{#51908}
-
Tobias Tebbi authored
This can protect against refactoring bugs when adding fields to an aggregate-initialized struct. Change-Id: Id2e9824a1adb8bf5dbdc3775dc59ee9f18c43412 Reviewed-on: https://chromium-review.googlesource.com/960324 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#51907}
-
Michael Starzinger authored
R=clemensh@chromium.org BUG=v8:7549 Change-Id: I2d3d063d9e34e8a0fd6e1f760a7d8ec9f4692789 Reviewed-on: https://chromium-review.googlesource.com/960025Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#51906}
-
Sigurd Schneider authored
This CL removes String.fromCharCode from comparisons and uses a WordEqual on char codes if possible. Bug: v8:7531 Change-Id: Idb3529d4709df3976bf92f3ddb51f81de54c7465 Reviewed-on: https://chromium-review.googlesource.com/960082 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#51905}
-
Tobias Tebbi authored
This allows to enable -Wmissing-field-initializers in a future CL. Change-Id: I67ac828be97bf4f283e97486981adebaf8e4ebf9 Reviewed-on: https://chromium-review.googlesource.com/957731 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#51904}
-
Sigurd Schneider authored
BuildHoleCheckAndThrow in the bytecode graph builder did not insert a loop exit; this defeated loop peeling, so we missed out on performance. This CL inserts the LoopExit in that place, and inserts two TODOs at places where additional loop exits might be needed. Bug: v8:7099 Change-Id: I08c08103cf125d505e37d3aa29a79aaff63a2d61 Reviewed-on: https://chromium-review.googlesource.com/960123Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#51903}
-
Kevin Gibbons authored
When Promise.all is called with something which violates the iterable contract, the resulting error should be provided by returning a rejected promise, not by throwing. Bug: v8:7553 Change-Id: I2769b09b49c9b80ef380419489416fc0fabff51b Reviewed-on: https://chromium-review.googlesource.com/959599 Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#51902}
-
Georgia Kouveli authored
We were attempting to assemble code into the MacroAssembler buffer after executing it, without resetting the permissions. As a result, tests that are using START/END multiple times were failing. Change-Id: Id84c6a07212a869f98edbd33d86ff70ee6c819db Reviewed-on: https://chromium-review.googlesource.com/939388Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com> Cr-Commit-Position: refs/heads/master@{#51901}
-
Leszek Swirski authored
Keep track of RelocInfo::Mode for ConstantPoolEntries in the assembler, so that ARM's constant pool de-duping does not accidentally dedupe constants with the same value but different reloc modes (e.g. the first Code object in the builtins table as a CODE_TARGET vs. the builtin table itself as an EXTERNAL_REFERENCE). Change-Id: I15fad5b83bb99688726e66e0e290149025c6c059 Reviewed-on: https://chromium-review.googlesource.com/958864Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#51900}
-
Stephan Herhut authored
Now that wasm code lives in its own native heap, we no longer need to switch protection for the js code space. Hence, remove a left-over CodeSpaceMemoryModificationScope. Change-Id: I80830bc4b0eee672c9e5c7ba0088ffcbc5b2da57 Bug: v8:7549 Reviewed-on: https://chromium-review.googlesource.com/960002 Commit-Queue: Stephan Herhut <herhut@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#51899}
-
Georg Neis authored
This removes the last use of %AppendElement (and the function itself), which was in the pattern rewriter's code for destructuring assignment with an array rest pattern. In its place, it introduces a StoreInArrayLiteral AST node that corresponds to the StoreInArrayLiteral bytecode (which in turn corresponds to the StoreInArrayLiteral IC). Change-Id: I1d212407b025cf0919263d119f6f47c88bd9a71e Reviewed-on: https://chromium-review.googlesource.com/955307 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#51898}
-
sreten.kovacevic authored
Implement instructions for stack operations. Also, fix some issues that came up after implementing them. Bug: v8:6600 Change-Id: I83dfe621b123081f9ae4d234605358c9ce81420f Reviewed-on: https://chromium-review.googlesource.com/956072 Commit-Queue: Sreten Kovacevic <sreten.kovacevic@mips.com> Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#51897}
-
Michael Achenbach authored
This reverts commit bf9ab729. Reason for revert: https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20debug/builds/22169 Original change's description: > [in-place weak refs] Use WeakArray in Script::shared_function_infos. > > For serializer changes, see goo.gl/Kh2eop > > BUG=v8:7308 > > Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng > Change-Id: I2b790413a4c0d8c8cc0c07ba7b901c965d64eb11 > Reviewed-on: https://chromium-review.googlesource.com/955593 > Commit-Queue: Marja Hölttä <marja@chromium.org> > Reviewed-by: Yang Guo <yangguo@chromium.org> > Reviewed-by: Hannes Payer <hpayer@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Cr-Commit-Position: refs/heads/master@{#51895} TBR=ulan@chromium.org,marja@chromium.org,yangguo@chromium.org,hpayer@chromium.org Change-Id: Ib9552d5c2c284ff27463e61a054c60cc20f2f8cc No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:7308 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Reviewed-on: https://chromium-review.googlesource.com/960121Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#51896}
-
Marja Hölttä authored
For serializer changes, see goo.gl/Kh2eop BUG=v8:7308 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: I2b790413a4c0d8c8cc0c07ba7b901c965d64eb11 Reviewed-on: https://chromium-review.googlesource.com/955593 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#51895}
-
Michael Starzinger authored
R=jgruber@chromium.org BUG=v8:7549 Change-Id: I76c123018ff1ff63ed753e6aff22fe9d12ba2696 Reviewed-on: https://chromium-review.googlesource.com/959063Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#51894}
-
Benedikt Meurer authored
The IterableToList helper builtin can return the input JSArray unchanged if the fast-path detection decides that it doesn't need to iterate the elements, which means we can also get a JSArray with an elements kind that is not PACKED_ELEMENTS as a result of IterableToList. Bug: chromium:821159, v8:7310 Change-Id: I93a886e6b7f1e1a58dd05affa46fea7501cc5a81 Reviewed-on: https://chromium-review.googlesource.com/959323Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#51893}
-
Benedikt Meurer authored
Depending on visitation order the LoadElimination might be find memoized nodes in its state tables that were killed by other reducers in the mean time. The LoadElimination must just ignore those stale entries. Bug: chromium:820820 Change-Id: Ia62e401ff77da547ed215a14074e70aeb5c3a766 Reviewed-on: https://chromium-review.googlesource.com/958843Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#51892}
-
v8-autoroll authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/8e843a9..cd1fe2b Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/1537dce..548a5bc TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org Change-Id: I31dc66348080158c2f7b118ef29850ec621bbc31 Reviewed-on: https://chromium-review.googlesource.com/959801 Commit-Queue: v8 autoroll <v8-autoroll@chromium.org> Reviewed-by: v8 autoroll <v8-autoroll@chromium.org> Cr-Commit-Position: refs/heads/master@{#51891}
-
- 12 Mar, 2018 3 commits
-
-
Eric Holk authored
Bug: chromium:813876 Change-Id: I71c571e4185eff3a7386141a408dcb820a70ff95 Reviewed-on: https://chromium-review.googlesource.com/933594Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Commit-Queue: Eric Holk <eholk@chromium.org> Cr-Commit-Position: refs/heads/master@{#51890}
-
Michael Starzinger authored
R=clemensh@chromium.org BUG=v8:7549 Change-Id: I90bd4cf8ed31f46d475cd46de868e483c84c6aba Reviewed-on: https://chromium-review.googlesource.com/959013Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#51889}
-
Michael Starzinger authored
R=clemensh@chromium.org BUG=v8:7549 Change-Id: I6c888fb2610ef76d488e17576773f47a7358d0d9 Reviewed-on: https://chromium-review.googlesource.com/957729Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#51888}
-