- 25 Aug, 2017 25 commits
-
-
Jakob Gruber authored
We cannot assume that the receiver is a JSObject, nor can we assume ToObject() completes successfully. TBR=yangguo@chromium.org Bug: chromium:739954 Change-Id: Id55571131ef8755e86f15cd2acb918ff0f1b7788 Reviewed-on: https://chromium-review.googlesource.com/632376Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#47611}
-
Michael Lippautz authored
The deadlock can happen when two scavenging tasks process two different pages for their old->new sets and at the same time try to allocate in old space which triggers sweeping of the other task's page. Bug: v8:6754 Change-Id: I6087553631e198d5ecfb8ab37925ac41cd6995bd Reviewed-on: https://chromium-review.googlesource.com/635843 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#47610}
-
Jakob Gruber authored
The Uint32(limit) conversion can end up transitioning the regexp instance to slow mode. In this case we need to bail out to runtime while ensuring that ToUint32 is not observably called a second time. We do this by passing the already-converted value to runtime. This particular path was broken and we ended up passing the original maybe_limit value to runtime instead. TBR=yangguo@chromium.org Bug: chromium:758763 Change-Id: If7f23b452d2e134ad9be3d4ef1d78d1c946fcef0 Reviewed-on: https://chromium-review.googlesource.com/635588Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#47609}
-
Albert Mingkun Yang authored
Change the signature of `Construct` so that no casting is required on calling it. The casting would fire control flow integrity check if the class contains virtual members. Bug: chromium:758925 Change-Id: Iefc711c634b36efd051e245e2df13b28d5563f45 Reviewed-on: https://chromium-review.googlesource.com/635563Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Albert Mingkun Yang <albertnetymk@google.com> Cr-Commit-Position: refs/heads/master@{#47608}
-
Michael Lippautz authored
Bug: v8:6333 Change-Id: I0f5a21a66bbad6c56b3dd84d301b85e64f05cbc1 Reviewed-on: https://chromium-review.googlesource.com/635683Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#47607}
-
Michael Lippautz authored
Bug: Change-Id: I81132af45d8fb649d4239fa0e0ef75b95e148208 Reviewed-on: https://chromium-review.googlesource.com/633604 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#47606}
-
Mythri authored
Do not allow recursive inlining when function calls itself. i.e.f() -> f() This is because we only get some static information for the first level of inlining and it may not be very beneficial to just duplicate the entire function. However, we still allow indirect recursion f() -> g() -> f() -> g1(). This helps in cases where f() is a small dispatch function. For example, in rayTrace class.create -> obj.initialize -> class.create -> obj1.initialize. Bug: chromium:757798 Change-Id: I0a5d9e62eabd7681849f900997b4df061b5f8ed5 Reviewed-on: https://chromium-review.googlesource.com/632622Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Mythri Alle <mythria@chromium.org> Cr-Commit-Position: refs/heads/master@{#47605}
-
Georg Neis authored
R=ishell@chromium.org Bug: Change-Id: I7175176900c95fb676f633b405fffd5a55ffa4b5 Reviewed-on: https://chromium-review.googlesource.com/635323Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#47604}
-
Camillo Bruni authored
Bug: chromium:757199, chromium:758773, chromium:758821 Change-Id: I70644853770501b13992bd7bf78d168ca2308d64 Reviewed-on: https://chromium-review.googlesource.com/635223Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#47603}
-
Clemens Hammacher authored
The allocator for determining the location (reg/stack) for parameters and return values can be constexpr. This avoids lazy initialization, saving code size and execution time, and simplifying the implementation significantly. R=ahaas@chromium.org CC=titzer@chromium.org Change-Id: I295623cb1dad0f1537f7292dcf044f3d509588bb Reviewed-on: https://chromium-review.googlesource.com/635163Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#47602}
-
Michael Lippautz authored
Bug: v8:6333 Change-Id: I4434c6cc59f886f1e37dfd315a3ad5fee28d3f63 Reviewed-on: https://chromium-review.googlesource.com/634907Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#47601}
-
Andreas Haas authored
Compile the module created in trap-location.js with both synchronous and asynchronous compilation. Thereby I can reuse the test for streaming compilation later. R=clemensh@chromium.org Change-Id: Id2e0c70886ddd1b11d51f614d02757099541aedd Reviewed-on: https://chromium-review.googlesource.com/635165 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#47600}
-
Ross McIlroy authored
For wide bytecodes, save the bytecode offset as the offset of the prefix bytecode, rather than the bytecode itself. This means that any code that reads the bytecode can explicitly know the width of the bytecode at the offset without having to iterate through the complete bytecode array. Also simplifies some code in the bytecode analysis that had to work around the previous approach. BUG=chromium:753705 Change-Id: I8a42e7cfff27791e39f3452e2b9e52c0608d28cb Reviewed-on: https://chromium-review.googlesource.com/634003 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#47599}
-
Michael Starzinger authored
This makes sure instantiate of asm.js modules fails gracefully on heap buffers exceeding the uint32_t range supported by WebAssembly. R=clemensh@chromium.org TEST=mjsunit/regress/regress-crbug-754175 BUG=chromium:754175 Change-Id: I4a9c6791beaab6da826b5b6b5a495f97e9d3b4e9 Reviewed-on: https://chromium-review.googlesource.com/632618Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#47598}
-
Michael Starzinger authored
R=clemensh@chromium.org Change-Id: I5bdb91d2e82105bb301c2b97abfb1b074b710a64 Reviewed-on: https://chromium-review.googlesource.com/632680Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#47597}
-
Jakob Gruber authored
As a first step towards lazy builtin deserialization, this CL moves builtins to their own dedicated area in the snapshot blob, physically located after startup data and before context-specific data. The startup- and partial serializers now serialize all seen builtins as references, i.e. they only encode the relevant builtin id (taking care to preserve special behavior around the interpreter trampoline and CompileLazy). Builtins are later fully serialized by the BuiltinSerializer. The separate blobs are finally glued together by CreateSnapshotBlob. Deserialization takes the same steps: when we see builtin reference bytecodes before builtins have been deserialized, we push to a list of deferred builtin references. After builtin deserialization, this list is iterated and all builtin references are fixed up. Bug: v8:6624 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: Idee42fa9c92bdbe8d5b8c4b8bf3ca9dd39634004 Reviewed-on: https://chromium-review.googlesource.com/610225Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#47596}
-
Michael Lippautz authored
- Create bottleneck for filtering in crash dumps - Smaller fixes Bug: Change-Id: I19e8a1ed6013af487c87b7132418b4c9b292946b Reviewed-on: https://chromium-review.googlesource.com/633943Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#47595}
-
Camillo Bruni authored
This reverts commit 8974b75b. Reason for revert: In hindsight, the CL made only partially sense and causes unnecessary IC-misses. Original change's description: > [runtime] Deprecate old prototype maps > > Bug: chromium:757199 > Change-Id: I5936fab1784ebf8de6eddd3b2bec0e2cf1b73f82 > Reviewed-on: https://chromium-review.googlesource.com/632317 > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Commit-Queue: Camillo Bruni <cbruni@chromium.org> > Cr-Commit-Position: refs/heads/master@{#47581} TBR=cbruni@chromium.org,ishell@chromium.org Change-Id: I9f43a5f8c5242f575346f47c24377dd832eeccd1 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:757199 Reviewed-on: https://chromium-review.googlesource.com/634906Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#47594}
-
Ulan Degenbaev authored
Bug: Change-Id: I7dacb2f4cbb66f0daebd3948c2239846af129f9a Reviewed-on: https://chromium-review.googlesource.com/632621Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#47593}
-
Peter Marshall authored
Bug: v8:6333 Change-Id: Iad2fdb7670dd01d19ed25c48a0091969cddb01c8 Reviewed-on: https://chromium-review.googlesource.com/632257Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#47592}
-
jgruber authored
Tentative fix for the CF crashes in https://crbug.com/754422. Bug: chromium:754422 Change-Id: I0dcb6b8860cb0bf20b3566ffba08e6772398ee65 Reviewed-on: https://chromium-review.googlesource.com/632176Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#47591}
-
Shiyu Zhang authored
The CPP builtins execute the same piece of code to prepare context before jumping into CEntryStub. By creating new ASM builtin to execute that common piece of code, ~7KB code size (tested on x64) of snapshot_blob.bin can be reduced without any negative performance impact. BUG= Change-Id: I744369e8723dcd902b61dc50645db66bea884441 Reviewed-on: https://chromium-review.googlesource.com/595119Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#47590}
-
Sathya Gunasekaran authored
Bug: v8:5717 Change-Id: I3775001a6148e25f15b11410449a6f8b7693f122 Reviewed-on: https://chromium-review.googlesource.com/625276 Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#47589}
-
v8-autoroll authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/a35cf9a..a2b7113 Rolling v8/third_party/catapult: https://chromium.googlesource.com/external/github.com/catapult-project/catapult/+log/92387bc..e37aa9d TBR=machenbach@chromium.org,hablich@chromium.org Change-Id: I5d7b8b212c66df540c930688c10606f112c5b7af Reviewed-on: https://chromium-review.googlesource.com/633137Reviewed-by: v8 autoroll <v8-autoroll@chromium.org> Commit-Queue: v8 autoroll <v8-autoroll@chromium.org> Cr-Commit-Position: refs/heads/master@{#47588}
-
Jaideep Bajwa authored
Disable test on big endian PPC for now, since it is missing load/store reverse byte instructions. R=machenbach@chromium.org, jkummerow@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com BUG= LOG=N Change-Id: Iaf12a14678bc9d113dc4d11998ea5bad158c20fd Reviewed-on: https://chromium-review.googlesource.com/634271Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Jaideep Bajwa <bjaideep@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#47587}
-
- 24 Aug, 2017 15 commits
-
-
Adam Klein authored
Change-Id: Id9f60cdafc486de2b04684de84174f9765637c12 Reviewed-on: https://chromium-review.googlesource.com/601328Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#47586}
-
Adam Klein authored
This also removes the IS_GLOBAL macro from macros.py, which did not work correctly for Remote objects/contexts. Bug: v8:6413 Change-Id: I90690bdd0d8e8fed581bc4c9f5c60168d785f096 Reviewed-on: https://chromium-review.googlesource.com/633872Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#47585}
-
Kevin Gibbons authored
This flag allows invalid escape sequences in tagged templates, which is a stage-4 TC39 proposal shipping in other browsers. Bug: v8:5546 Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng Change-Id: I3e7c374c9b547f62d5976f76a7208d05fe9decf8 Reviewed-on: https://chromium-review.googlesource.com/581885 Commit-Queue: Kevin Gibbons <bakkot@gmail.com> Reviewed-by: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#47584}
-
Marja Hölttä authored
U+feff is the UTF BOM but if it occurs inside the text, it's a "zero-width no-break space". However, the UTF-8 decoder in script streaming still thought it's a BOM and skipped it. The correct way to handle it would be to create a U+feff code point instead - the Scanner will then handle it as whitespace. This is a discrepancy between the Blink UTF-8 decoder and the V8 UTF-8 decoder, and caused the source positions be off by one. This bug went unnoticed, since normally off-by-one in this situation doesn't make the code to break. BUG=chromium:758508,chromium:758236 Change-Id: Ib92a3ee65c402e21b77e42537db2a021cff55379 Reviewed-on: https://chromium-review.googlesource.com/632096Reviewed-by: Adam Klein <adamk@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#47583}
-
Eric Holk (eholk) authored
This timer imposes a high overhead and does not give us the data we'd like. Disabling for now until we can develop a better solution. Bug: v8:6514 Change-Id: I73b15131a71d7b6750556f82907cb2a0e6edd321 Reviewed-on: https://chromium-review.googlesource.com/633703 Commit-Queue: Brad Nelson <bradnelson@chromium.org> Reviewed-by: Brad Nelson <bradnelson@chromium.org> Cr-Commit-Position: refs/heads/master@{#47582}
-
Camillo Bruni authored
Bug: chromium:757199 Change-Id: I5936fab1784ebf8de6eddd3b2bec0e2cf1b73f82 Reviewed-on: https://chromium-review.googlesource.com/632317Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#47581}
-
Michael Lippautz authored
Bug: chromium:738368 Change-Id: I4867b90c639d8d5315e0caa22285e7ddbdab44f9 Reviewed-on: https://chromium-review.googlesource.com/632682 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#47580}
-
Juliana Franco authored
of optimized JS functions. Bug: v8:6637 Change-Id: Ice94a4a2187f98adcbf25ac1832e13d4b7529f34 Reviewed-on: https://chromium-review.googlesource.com/628198 Commit-Queue: Juliana Patricia Vicente Franco <jupvfranco@google.com> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#47579}
-
Camillo Bruni authored
Change-Id: Ic9dffa7f94b471824f18170c72df8568dd47cfcd Reviewed-on: https://chromium-review.googlesource.com/631959Reviewed-by: Peter Marshall <petermarshall@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#47578}
-
Albert Mingkun Yang authored
This is useful for the RecordWrite stub that can now specify the set of allocatable registers in its call descriptor interface. During register allocation a custom register configuration is used to ensure that the register are allocated from the given set. This makes calling RecordWrite stub less expensive as we need to save/restore only the allocatable registers instead all registers. Bug: chromium:749486 Change-Id: If4d73f1fd525e480970ea92600fb811e63677eb5 Reviewed-on: https://chromium-review.googlesource.com/624734Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Albert Mingkun Yang <albertnetymk@google.com> Cr-Commit-Position: refs/heads/master@{#47577}
-
Leszek Swirski authored
* Only pass -t to adb if running with stdout as a tty (prevents weird tty output processing, .e.g replacing '\n' with '\r\n') * Allow passing a device directory for d8 (useful for testing multiple builds against each other) * Allow specifying additional allowed paths (useful for e.g. running files from /tmp) Change-Id: I90b8bba6f3c248105927c800b8b5b601692adf6c Reviewed-on: https://chromium-review.googlesource.com/629079 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#47576}
-
Camillo Bruni authored
Several stack traces from crash reports in https://crbug.com/754490 have wrong magic signatures. Even though we're supposed to be failing in a V8_Fatal the signature doesn't show up on the stack trace. Change-Id: I35c8f27e36fd2a0ec474095a6cf5557a76fe7d26 Reviewed-on: https://chromium-review.googlesource.com/631878Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#47575}
-
Camillo Bruni authored
We can avoid the ToString conversion before doing the HasProperty check. This avoid a costly Smi to String conversion which is unecessary for the following lookups. For very large dictionary elements this is a significant slow down as we will no longer hit the GetNumberStringCache. Change-Id: I5a0eb13470ab3d3d8a87ee36d28ce7be5cbc2b2e Reviewed-on: https://chromium-review.googlesource.com/626056Reviewed-by: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#47574}
-
jgruber authored
The v8_enable_fast_mksnapshot gn flag reduces time spent in mksnapshot on x64 debug builds from 19s to 6s by disabling far jump rewrites and register allocation verification. This flag should only be used locally for development. Bug: v8:6688 Change-Id: I02e8546a6a329b9cb377b95ab586d5857a3c6731 Reviewed-on: https://chromium-review.googlesource.com/632258Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#47573}
-
Yuki Shiino authored
In case of LAP(lazy accessor pair), the function's creation context must be equal to the accessor holder's creation context, so this CL changes the current context to the accessor holder's creation context. Note that this is the second attempt after https://crrev.com/2770003002 The change from the previous attempt is to skip looking for the object's constructor if the object itself is a function. Also some of Blink's LAP-context-sensitive tests got updated at https://crrev.com/c/597990 and the rest of the tests will get temporarily disabled at https://crrev.com/c/605408 . TBR=verwaest@chromium.org Bug: v8:6156 Change-Id: I09709a90995d82a03996d0347e5a1d8425b5db9c Reviewed-on: https://chromium-review.googlesource.com/563152 Commit-Queue: Yuki Shiino <yukishiino@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#47572}
-