- 28 Aug, 2017 2 commits
-
-
Yang Guo authored
This is so that precise coverage starts with a clean slate. The old behavior can be emulated by calling getBestEffortCoverage before starting precise coverage. R=jgruber@chromium.org Bug: chromium:757998 Change-Id: Ib3ee2316966f676456198159bdcf8ba8b9d3896f Reviewed-on: https://chromium-review.googlesource.com/635084 Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#47629}
-
Sathya Gunasekaran authored
Instead of using a word to store the status of the promise, this patch uses 2 bit on flags. Bug: v8:5046 Change-Id: Ic651338230dbe1704c68de8652676f236a3298f0 Reviewed-on: https://chromium-review.googlesource.com/634623 Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#47628}
-
- 26 Aug, 2017 3 commits
-
-
v8-autoroll authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/a2b7113..8e7ce53 Rolling v8/third_party/catapult: https://chromium.googlesource.com/external/github.com/catapult-project/catapult/+log/e37aa9d..123b9d8 TBR=machenbach@chromium.org,hablich@chromium.org Change-Id: Ie53cd86e6b8aed971b8a67bb1ee2f4cb881c8623 Reviewed-on: https://chromium-review.googlesource.com/636266Reviewed-by: v8 autoroll <v8-autoroll@chromium.org> Commit-Queue: v8 autoroll <v8-autoroll@chromium.org> Cr-Commit-Position: refs/heads/master@{#47627}
-
Alexey Kozyatinskiy authored
R=dgozman@chromium.org Bug: chromium:752019 Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel Change-Id: I1a64a26e5e5d44757edd5b887d140b6b855cecab Reviewed-on: https://chromium-review.googlesource.com/636300Reviewed-by: Dmitry Gozman <dgozman@chromium.org> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> Cr-Commit-Position: refs/heads/master@{#47626}
-
Jakob Kummerow authored
By adding LoadIC support for JSModuleNamespace objects. The index of the corresponding slot in the Module's "exports" dictionary is cached in the feedback vector, so the value can be loaded directly, without having to call the C++ accessor. This speeds up the "foo" property access in code like the following snippet by about 10x: import * as m from "module.js" m.foo; Bug: v8:1569 Change-Id: I152abedcbdc6f90b5bedd203cfdf97ed88d1137c Reviewed-on: https://chromium-review.googlesource.com/631136 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#47625}
-
- 25 Aug, 2017 35 commits
-
-
Andrey Lushnikov authored
This patch adds objects support for Runtime.callFunctionOn arguments. R=kozy Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel Change-Id: I9e9ad000482aa556f10a632b89c2f91fdc21ff1e Reviewed-on: https://chromium-review.googlesource.com/636353Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> Reviewed-by: Pavel Feldman <pfeldman@chromium.org> Commit-Queue: Andrey Lushnikov <lushnikov@chromium.org> Cr-Commit-Position: refs/heads/master@{#47624}
-
Alexey Kozyatinskiy authored
setupInjectedScriptEnvironment should check array getters/setters as well. R=dgozman@chromium.org Bug: none Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel Change-Id: I72b03f62980e339d83bcfda55f1d35135b23da3b Reviewed-on: https://chromium-review.googlesource.com/636469Reviewed-by: Dmitry Gozman <dgozman@chromium.org> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> Cr-Commit-Position: refs/heads/master@{#47623}
-
Erik Luo authored
Currently, injected script source adds natural object properties before internal properties. This can result in important ones such as "[[PrimitiveValue]]" being left out. This CL - makes sure internal properties are always added to preview - removes unused "[[Iterator*]]" properties from preview - boxed strings (e.g. new String("foo")) will not send unnecessary properties 0:"f", 1:"o", 2:"o" if the [[PrimitiveValue]] is sent. Bug: chromium:567265 Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel Change-Id: Icd5c7410351f371055277ce471226cc6fb5a861f Reviewed-on: https://chromium-review.googlesource.com/634584Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> Reviewed-by: Dmitry Gozman <dgozman@chromium.org> Commit-Queue: Erik Luo <luoe@chromium.org> Cr-Commit-Position: refs/heads/master@{#47622}
-
Andrey Lushnikov authored
This patch re-writes the call-function-on-async.js test according to the new style. R=kozy Change-Id: I0541d336fe2bba3197170b0cc22c70e96d8543aa Reviewed-on: https://chromium-review.googlesource.com/636691Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> Commit-Queue: Andrey Lushnikov <lushnikov@chromium.org> Cr-Commit-Position: refs/heads/master@{#47621}
-
Deepti Gandluri authored
BUG=v8:6532 R=binji@chromium.org, bradnelson@chromium.org Change-Id: I376dd8e4d27cac657d5a7c05a50a0477963da7b7 Reviewed-on: https://chromium-review.googlesource.com/627476 Commit-Queue: Brad Nelson <bradnelson@chromium.org> Reviewed-by: Brad Nelson <bradnelson@chromium.org> Reviewed-by: Ben Smith <binji@chromium.org> Cr-Commit-Position: refs/heads/master@{#47620}
-
Mircea Trofin authored
We're moving the code table off the heap, while the export wrappers are instance-specific, and, thus, won't move off the heap. Bug: Change-Id: I392fb537c7708a0a06f3468f714335df29bc401b Reviewed-on: https://chromium-review.googlesource.com/636309Reviewed-by: Brad Nelson <bradnelson@chromium.org> Commit-Queue: Mircea Trofin <mtrofin@chromium.org> Cr-Commit-Position: refs/heads/master@{#47619}
-
Adam Klein authored
All microbenchmarks now add 20 variables together per iteration, rather than just a single variable. Also re-add a sanity check after the loop, and fix a missing variable add (a15) from the loop. Bug: v8:1569 Change-Id: Ie54357b5cedaafd85f01c699c08b24a5ee6468c9 Reviewed-on: https://chromium-review.googlesource.com/636284Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#47618}
-
Ross McIlroy authored
This change adapts the Call bytecode handlers such that they don't require a stack frame. It does this by modifying the call bytecode handler to tail-call the Call or InterpreterPushArgsAndCall builtins. As a result, the callee function will return to the InterpreterEntryTrampoline when it returns (since this is the return address on the interpreter frame), which is adapted to dispatch to the next bytecode handler. The return bytecode handler is modified to tail-call a new InterpreterExitTramoline instead of returning to the InterpreterEntryTrampoline. Overall this significanlty reduces the amount of stack space required for interpreter frames, increasing the maximum depth of recursive calls from around 6000 to around 12,500 on x64. BUG=chromium:753705 Change-Id: I23328e4cef878df3aca4db763b47d72a2cce664c Reviewed-on: https://chromium-review.googlesource.com/634364 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#47617}
-
Jaideep Bajwa authored
WasmGraphBuilder::StoreMem is called with the last argument as default with machine rep = kNode, which causes BuildChangeEndiannessStore(val, memtype, type) to fail. R=gdeepti@google.com, binji@chromium.org, jyan@ca.ibm.com BUG=v8:6752 LOG=N Change-Id: I0633982ff4b5a93551b4765ca8df50073010f3ca Reviewed-on: https://chromium-review.googlesource.com/633755Reviewed-by: Junliang Yan <jyan@ca.ibm.com> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Commit-Queue: Jaideep Bajwa <bjaideep@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#47616}
-
Caitlin Potter authored
Keep parsing the rest of the MemberExpression after `new.target` BUG=v8:6745 R=marja@chromium.org, adamk@chromium.org Change-Id: I53cc370766e72ed9e36c5c7aa150a3ad9a6062f8 Reviewed-on: https://chromium-review.googlesource.com/627756Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Caitlin Potter <caitp@igalia.com> Cr-Commit-Position: refs/heads/master@{#47615}
-
Adam Klein authored
Change-Id: Ic3812d16a4e8449ac9619981719e997c90300ee7 Reviewed-on: https://chromium-review.googlesource.com/634254Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#47614}
-
Alexei Filippov authored
There must be a matching Leave for each Enter. Otherwise it ends up with a dead stack-allocated object in the timer chain. Drive-by: There was also a bug in RuntimeCallTimerScope::RuntimeCallTimerScope(HeapObject* ...) did create a local object instead of calling an overloaded constructor. BUG=chromium:669329 Change-Id: I9aa1c574a854af8beab3d8097efab3a726ad1c8d Reviewed-on: https://chromium-review.googlesource.com/634511 Commit-Queue: Alexei Filippov <alph@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#47613}
-
Leszek Swirski authored
For deferred commands (such as in try-finally), some deferred commands save and restore the accumulator using a result register (e.g. return, throw, rethrow), while others don't (e.g. break, continue, fall-through). However, conditionally reading this result register that may not ever be written caused it to be considered live from the start of the function, as far as the liveness analysis could statically tell. Now, we write the result register for all deferred commands, including the fall-through. As a micro-optimization, we re-use the Smi command tokeen to clobber the result, rather than emitting an LdaUndefined. Bug: chromium:758472 Change-Id: I2ea65e2249b40ee6403216e654a8bb88d50bec3b Reviewed-on: https://chromium-review.googlesource.com/635592 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#47612}
-
Jakob Gruber authored
We cannot assume that the receiver is a JSObject, nor can we assume ToObject() completes successfully. TBR=yangguo@chromium.org Bug: chromium:739954 Change-Id: Id55571131ef8755e86f15cd2acb918ff0f1b7788 Reviewed-on: https://chromium-review.googlesource.com/632376Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#47611}
-
Michael Lippautz authored
The deadlock can happen when two scavenging tasks process two different pages for their old->new sets and at the same time try to allocate in old space which triggers sweeping of the other task's page. Bug: v8:6754 Change-Id: I6087553631e198d5ecfb8ab37925ac41cd6995bd Reviewed-on: https://chromium-review.googlesource.com/635843 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#47610}
-
Jakob Gruber authored
The Uint32(limit) conversion can end up transitioning the regexp instance to slow mode. In this case we need to bail out to runtime while ensuring that ToUint32 is not observably called a second time. We do this by passing the already-converted value to runtime. This particular path was broken and we ended up passing the original maybe_limit value to runtime instead. TBR=yangguo@chromium.org Bug: chromium:758763 Change-Id: If7f23b452d2e134ad9be3d4ef1d78d1c946fcef0 Reviewed-on: https://chromium-review.googlesource.com/635588Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#47609}
-
Albert Mingkun Yang authored
Change the signature of `Construct` so that no casting is required on calling it. The casting would fire control flow integrity check if the class contains virtual members. Bug: chromium:758925 Change-Id: Iefc711c634b36efd051e245e2df13b28d5563f45 Reviewed-on: https://chromium-review.googlesource.com/635563Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Albert Mingkun Yang <albertnetymk@google.com> Cr-Commit-Position: refs/heads/master@{#47608}
-
Michael Lippautz authored
Bug: v8:6333 Change-Id: I0f5a21a66bbad6c56b3dd84d301b85e64f05cbc1 Reviewed-on: https://chromium-review.googlesource.com/635683Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#47607}
-
Michael Lippautz authored
Bug: Change-Id: I81132af45d8fb649d4239fa0e0ef75b95e148208 Reviewed-on: https://chromium-review.googlesource.com/633604 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#47606}
-
Mythri authored
Do not allow recursive inlining when function calls itself. i.e.f() -> f() This is because we only get some static information for the first level of inlining and it may not be very beneficial to just duplicate the entire function. However, we still allow indirect recursion f() -> g() -> f() -> g1(). This helps in cases where f() is a small dispatch function. For example, in rayTrace class.create -> obj.initialize -> class.create -> obj1.initialize. Bug: chromium:757798 Change-Id: I0a5d9e62eabd7681849f900997b4df061b5f8ed5 Reviewed-on: https://chromium-review.googlesource.com/632622Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Mythri Alle <mythria@chromium.org> Cr-Commit-Position: refs/heads/master@{#47605}
-
Georg Neis authored
R=ishell@chromium.org Bug: Change-Id: I7175176900c95fb676f633b405fffd5a55ffa4b5 Reviewed-on: https://chromium-review.googlesource.com/635323Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#47604}
-
Camillo Bruni authored
Bug: chromium:757199, chromium:758773, chromium:758821 Change-Id: I70644853770501b13992bd7bf78d168ca2308d64 Reviewed-on: https://chromium-review.googlesource.com/635223Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#47603}
-
Clemens Hammacher authored
The allocator for determining the location (reg/stack) for parameters and return values can be constexpr. This avoids lazy initialization, saving code size and execution time, and simplifying the implementation significantly. R=ahaas@chromium.org CC=titzer@chromium.org Change-Id: I295623cb1dad0f1537f7292dcf044f3d509588bb Reviewed-on: https://chromium-review.googlesource.com/635163Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#47602}
-
Michael Lippautz authored
Bug: v8:6333 Change-Id: I4434c6cc59f886f1e37dfd315a3ad5fee28d3f63 Reviewed-on: https://chromium-review.googlesource.com/634907Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#47601}
-
Andreas Haas authored
Compile the module created in trap-location.js with both synchronous and asynchronous compilation. Thereby I can reuse the test for streaming compilation later. R=clemensh@chromium.org Change-Id: Id2e0c70886ddd1b11d51f614d02757099541aedd Reviewed-on: https://chromium-review.googlesource.com/635165 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#47600}
-
Ross McIlroy authored
For wide bytecodes, save the bytecode offset as the offset of the prefix bytecode, rather than the bytecode itself. This means that any code that reads the bytecode can explicitly know the width of the bytecode at the offset without having to iterate through the complete bytecode array. Also simplifies some code in the bytecode analysis that had to work around the previous approach. BUG=chromium:753705 Change-Id: I8a42e7cfff27791e39f3452e2b9e52c0608d28cb Reviewed-on: https://chromium-review.googlesource.com/634003 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#47599}
-
Michael Starzinger authored
This makes sure instantiate of asm.js modules fails gracefully on heap buffers exceeding the uint32_t range supported by WebAssembly. R=clemensh@chromium.org TEST=mjsunit/regress/regress-crbug-754175 BUG=chromium:754175 Change-Id: I4a9c6791beaab6da826b5b6b5a495f97e9d3b4e9 Reviewed-on: https://chromium-review.googlesource.com/632618Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#47598}
-
Michael Starzinger authored
R=clemensh@chromium.org Change-Id: I5bdb91d2e82105bb301c2b97abfb1b074b710a64 Reviewed-on: https://chromium-review.googlesource.com/632680Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#47597}
-
Jakob Gruber authored
As a first step towards lazy builtin deserialization, this CL moves builtins to their own dedicated area in the snapshot blob, physically located after startup data and before context-specific data. The startup- and partial serializers now serialize all seen builtins as references, i.e. they only encode the relevant builtin id (taking care to preserve special behavior around the interpreter trampoline and CompileLazy). Builtins are later fully serialized by the BuiltinSerializer. The separate blobs are finally glued together by CreateSnapshotBlob. Deserialization takes the same steps: when we see builtin reference bytecodes before builtins have been deserialized, we push to a list of deferred builtin references. After builtin deserialization, this list is iterated and all builtin references are fixed up. Bug: v8:6624 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: Idee42fa9c92bdbe8d5b8c4b8bf3ca9dd39634004 Reviewed-on: https://chromium-review.googlesource.com/610225Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#47596}
-
Michael Lippautz authored
- Create bottleneck for filtering in crash dumps - Smaller fixes Bug: Change-Id: I19e8a1ed6013af487c87b7132418b4c9b292946b Reviewed-on: https://chromium-review.googlesource.com/633943Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#47595}
-
Camillo Bruni authored
This reverts commit 8974b75b. Reason for revert: In hindsight, the CL made only partially sense and causes unnecessary IC-misses. Original change's description: > [runtime] Deprecate old prototype maps > > Bug: chromium:757199 > Change-Id: I5936fab1784ebf8de6eddd3b2bec0e2cf1b73f82 > Reviewed-on: https://chromium-review.googlesource.com/632317 > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Commit-Queue: Camillo Bruni <cbruni@chromium.org> > Cr-Commit-Position: refs/heads/master@{#47581} TBR=cbruni@chromium.org,ishell@chromium.org Change-Id: I9f43a5f8c5242f575346f47c24377dd832eeccd1 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:757199 Reviewed-on: https://chromium-review.googlesource.com/634906Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#47594}
-
Ulan Degenbaev authored
Bug: Change-Id: I7dacb2f4cbb66f0daebd3948c2239846af129f9a Reviewed-on: https://chromium-review.googlesource.com/632621Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#47593}
-
Peter Marshall authored
Bug: v8:6333 Change-Id: Iad2fdb7670dd01d19ed25c48a0091969cddb01c8 Reviewed-on: https://chromium-review.googlesource.com/632257Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#47592}
-
jgruber authored
Tentative fix for the CF crashes in https://crbug.com/754422. Bug: chromium:754422 Change-Id: I0dcb6b8860cb0bf20b3566ffba08e6772398ee65 Reviewed-on: https://chromium-review.googlesource.com/632176Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#47591}
-
Shiyu Zhang authored
The CPP builtins execute the same piece of code to prepare context before jumping into CEntryStub. By creating new ASM builtin to execute that common piece of code, ~7KB code size (tested on x64) of snapshot_blob.bin can be reduced without any negative performance impact. BUG= Change-Id: I744369e8723dcd902b61dc50645db66bea884441 Reviewed-on: https://chromium-review.googlesource.com/595119Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#47590}
-