- 21 Mar, 2017 9 commits
-
-
Clemens Hammacher authored
When returning from the runtime function, move jssp back to csp. The csp might have been changed by the runtime function, but jssp should have been restored to its original value. R=ahaas@chromium.org BUG=v8:5822 Change-Id: I300263a586ca546a4d7f925730f1f38b680379ca Reviewed-on: https://chromium-review.googlesource.com/457372Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#43967}
-
neis authored
R=jarin@chromium.org BUG= Review-Url: https://codereview.chromium.org/2759133002 Cr-Commit-Position: refs/heads/master@{#43966}
-
mvstanton authored
BUG= Review-Url: https://codereview.chromium.org/2680153005 Cr-Commit-Position: refs/heads/master@{#43965}
-
yangguo authored
We used to clear invocation counts when enabling precise coverage. This is not necessary, and we could continue to use the existing invocation counts on the heap. The old behavior can be achieved by explicitly resetting the counts by polling coverage data. R=jgruber@chromium.org,caseq@chromium.org BUG=v8:5808 Review-Url: https://codereview.chromium.org/2768453002 Cr-Commit-Position: refs/heads/master@{#43964}
-
Andreas Haas authored
The flag is already on by default R=clemensh@chromium.org Change-Id: Ie4ede8191336a102cab9d7f972a3d10a15d1a54d Reviewed-on: https://chromium-review.googlesource.com/456287Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#43963}
-
Ross McIlroy authored
Also move phi NodeVector in TryCloneBranch to temporary zone. BUG=chromium:700364 Change-Id: Id19d51dae63ed5a6f5dccbba77a19b3663fd325e Reviewed-on: https://chromium-review.googlesource.com/456285Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#43962}
-
bmeurer authored
R=yangguo@chromium.org BUG=v8:5049 Review-Url: https://codereview.chromium.org/2766593002 Cr-Commit-Position: refs/heads/master@{#43961}
-
v8-autoroll authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/4c534d4..9e7f0b1 Rolling v8/third_party/catapult: https://chromium.googlesource.com/external/github.com/catapult-project/catapult/+log/2d86f95..d233eb2 TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org Change-Id: I3270008c944240ae992a15463a09bef3887b0c92 Reviewed-on: https://chromium-review.googlesource.com/457083Reviewed-by: v8 autoroll <v8-autoroll@chromium.org> Commit-Queue: v8 autoroll <v8-autoroll@chromium.org> Cr-Commit-Position: refs/heads/master@{#43960}
-
mtrofin authored
Improve visibility within the distributed wasm team. Created wasm watchlist, and added wasm-team - the union of MUC and MTV wasm teams. BUG= Review-Url: https://codereview.chromium.org/2759053002 Cr-Commit-Position: refs/heads/master@{#43959}
-
- 20 Mar, 2017 31 commits
-
-
sebmarchand authored
This used to be disabled implicitly and started to broke after some refactoring in https://codereview.chromium.org/2758563002 BUG=chromium:703027 Review-Url: https://codereview.chromium.org/2758423002 Cr-Commit-Position: refs/heads/master@{#43958}
-
bmeurer authored
When we hit a call to String.prototype.concat builtin, where we can infer that the receiver is a String and there's exactly one parameter, which is of type PlainPrimitive, then we can reduce that to a call to the StringAddStub instead, optionally converting the non-String - but PlainPrimitive - parameter to a String. BUG=v8:5267 R=jarin@chromium.org Review-Url: https://codereview.chromium.org/2758383002 Cr-Commit-Position: refs/heads/master@{#43957}
-
franzih authored
Collect type information of return values. Use *one* feedback slot per function for all its return statements. For assignments, we currently use several slots per function, because not all assignments refer to the same variable. Instead of the variable names, pass the source location and print the function name. Add an integration test for --type-profile that checks for crashes. Remove type feedback for assignments for now as it convolutes the output. ************ Function with 2 return statements ******** function testFunction(param, flag) { // We want to test 2 different return positions in one function. if (flag) { var first_var = param; return first_var; } var second_var = param; return second_var; } testFunction({}); testFunction(123, true); testFunction('hello'); testFunction(undefined); ******************************************************* ************* Sample Output *************************** Function: testFunction 424: Object 374: number 424: string 424: undefined ******************************************************* Missing work: * Handle fall-off returns * Collect types for parameters * Remove duplicates from the list of collected types and use a common base class. BUG=v8:5935 Review-Url: https://codereview.chromium.org/2755973002 Cr-Commit-Position: refs/heads/master@{#43956}
-
mtrofin authored
We want to restrict structured cloning in Chrome to: - postMessage senders and receivers that are co-located in the same process - indexedDB (just https). For context, on the Chrome side, we will achieve the postMessage part by using a mechanism similar to transferrables: the SerializedScriptValue will have a list of wasm modules, separate from the serialized data stream; and this list won't be copied cross process boundaries. The IDB part is achieved by explicitly opting in reading/writing to the serialization stream. To block attack vectors in IPC cases, the default for deserialization will be to expect data in the wasm transfers list. This change is the V8 side necessary to enabling this design. We introduce TransferrableModule, an opaque datatype exposed to the embedder. Internally, TransferrableModules are just serialized data, because we don't have a better mechanism, at the moment, for de-contextualizing/re-contextualizing wasm modules (wrt Isolate and Context). The chrome defaults will be implemented in the serialization/deserialization delegates on that side. For the v8 side of things, in the absence of a serialization delegate, the V8 serializer will write to serialization stream. In the absence of a deserialization delegate, the deserializer won't work. This asymmetry is intentional - it communicates to the embedder the need to make a policy decision, otherwise wasm serialization/deserialization won't work "out of the box". BUG=v8:6079 Review-Url: https://codereview.chromium.org/2748473004 Cr-Commit-Position: refs/heads/master@{#43955}
-
bjaideep authored
Port 4f3e168c Original Commit Message: This CL adds general lazy compilation support to WebAssembly, according to the design described in the design doc (see referenced bug). It's not used currently, but I tested locally that all tests succeed if I enable it by default. With a later CL, we will enable lazy compilation by default for validate-asm: https://chromium-review.googlesource.com/451318 R=clemensh@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG=v8:5991 LOG=N Review-Url: https://codereview.chromium.org/2761773004 Cr-Commit-Position: refs/heads/master@{#43954}
-
Clemens Hammacher authored
This reverts commit 64a2287e. Reason for revert: Breaks on arm64 msan, e.g. https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/builds/13972/steps/Check%20-%20extra/logs/asm-wasm-f32. Will investigate tomorrow. Original change's description: > [wasm] Enable lazy compilation for asm-wasm pipeline > > The validate-asm flag now implies lazy compilation. > > R=titzer@chromium.org, ahaas@chromium.org > BUG=v8:5991 > > Change-Id: I00fb5ddbe13440941a3fafd9175cc9a5d182e15a > Reviewed-on: https://chromium-review.googlesource.com/451318 > Commit-Queue: Clemens Hammacher <clemensh@chromium.org> > Reviewed-by: Andreas Haas <ahaas@chromium.org> > Reviewed-by: Brad Nelson <bradnelson@chromium.org> > Cr-Commit-Position: refs/heads/master@{#43952} TBR=bradnelson@chromium.org,ahaas@chromium.org,clemensh@chromium.org,hablich@chromium.org,v8-reviews@googlegroups.com NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=v8:5991 Change-Id: I8fe8d9268237c7397f6f22cd20ba6f23b9f5785a Reviewed-on: https://chromium-review.googlesource.com/456506Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#43953}
-
Clemens Hammacher authored
The validate-asm flag now implies lazy compilation. R=titzer@chromium.org, ahaas@chromium.org BUG=v8:5991 Change-Id: I00fb5ddbe13440941a3fafd9175cc9a5d182e15a Reviewed-on: https://chromium-review.googlesource.com/451318 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Reviewed-by: Brad Nelson <bradnelson@chromium.org> Cr-Commit-Position: refs/heads/master@{#43952}
-
Franziska Hinkelmann authored
This reverts commit ea4346be. Reason for revert: This causes a crash in a Node.js test (parallel/test-repl-options). I can reproduce the crash locally. At a first glance, it doesn't look like we're doing anything terribly wrong in Node that explains the crash. I'll have a closer lock tomorrow. Feel free to reland if needed, we can always deactivate the test. Original change's description: > [ic] Migrate StoreGlobal to data handler > > BUG=v8:5561 > > Change-Id: If4c679c97af199ce1c90d055627186123bc88574 > Reviewed-on: https://chromium-review.googlesource.com/456698 > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Commit-Queue: Toon Verwaest <verwaest@chromium.org> > Cr-Commit-Position: refs/heads/master@{#43944} TBR=ishell@chromium.org,verwaest@chromium.org,v8-reviews@googlegroups.com NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=v8:5561 Change-Id: I790ff9ab45016749fe2f3982045f497a995e282e Reviewed-on: https://chromium-review.googlesource.com/456505Reviewed-by: Franziska Hinkelmann <franzih@chromium.org> Commit-Queue: Franziska Hinkelmann <franzih@chromium.org> Cr-Commit-Position: refs/heads/master@{#43951}
-
Clemens Hammacher authored
Before: Failure: expected <true> found <false> After: Failure: expected <0.4 +- 0.001> found <0.3> R=ahaas@chromium.org Change-Id: I304fd90112cb7131103863813e7b0920be2b5c04 Reviewed-on: https://chromium-review.googlesource.com/456284Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#43950}
-
jkummerow authored
as InterpreterGenerator. This is in preparation for no longer including the bytecode handler generation code in the main library. BUG=v8:6055 Review-Url: https://codereview.chromium.org/2765433003 Cr-Commit-Position: refs/heads/master@{#43949}
-
Clemens Hammacher authored
When instantiating the wasm interpreter, pass the start address of the global variables. This was nullptr before, leading to a crash if debugging a program which accesses globals. With test. R=ahaas@chromium.org, titzer@chromium.org BUG=v8:5822 Change-Id: I5f419790042ef9a00787df093a07e5e5835d55bd Reviewed-on: https://chromium-review.googlesource.com/456219 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#43948}
-
jgruber authored
BUG=chromium:703028 Review-Url: https://codereview.chromium.org/2759983002 Cr-Commit-Position: refs/heads/master@{#43947}
-
Clemens Hammacher authored
Before, we were redirecting each function to the interpreter by iterating all code and patching all call sites using this one function. The runtime was hence quadratic if all functions were redirected to the interpreter as done by the --wasm-interpret-all flag. This CL fixes this to only iterate the code once and redirecting an arbitrary number of function. R=ahaas@chromium.org, titzer@chromium.org BUG=v8:5822 Change-Id: Ia4f2e94a2468f9bef3035b599e1f8a18acf309da Reviewed-on: https://chromium-review.googlesource.com/455785 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#43946}
-
Leszek Swirski authored
Defers a label in the LoadIC fast-path which was doing a call that was forcing the entire LoadIC fast-path to have a frame. The label was introduced in https://chromium-review.googlesource.com/c/455858/. Change-Id: Icc8f7243c133cfa0ad60ede0d0f5651b639634e9 Reviewed-on: https://chromium-review.googlesource.com/456504Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#43945}
-
Toon Verwaest authored
BUG=v8:5561 Change-Id: If4c679c97af199ce1c90d055627186123bc88574 Reviewed-on: https://chromium-review.googlesource.com/456698Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#43944}
-
hpayer authored
BUG=chromium:694255 Review-Url: https://codereview.chromium.org/2764473002 Cr-Commit-Position: refs/heads/master@{#43943}
-
Clemens Hammacher authored
This fixes a bug where an exported function is being specialized, but the callsite inside the JS_TO_WASM function was patched to call an interpreter entry instead. We would not identify the call site as the one to be patched during specialization, and would thus fail a DCHECK. R=ahaas@chromium.org BUG=v8:5822, chromium:702839 Change-Id: I148d98333051c399a4cb11bd9620b396f4eb261d Reviewed-on: https://chromium-review.googlesource.com/456282 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#43942}
-
ulan authored
Currently the incremental marking visitor treats elements of normalized map caches weakly by coloring the caches grey without pusing to marking deque. The mark-compact prologue then clears all normalized map caches. We can achieve similar effect by just clearing the caches in the marking visitor. BUG=chromium:694255 Review-Url: https://codereview.chromium.org/2745183002 Cr-Commit-Position: refs/heads/master@{#43941}
-
leszeks authored
Makes disassembly jump target printing look more like the output of objdump, for compatibility with perf's jump arrows. This includes swapping the order of address and offset, and making the offset and line numbers hex. As a drive-by, print comment lines in objdump-v8 so that they can be shown/hidden as "source" lines by perf. Review-Url: https://codereview.chromium.org/2757263002 Cr-Commit-Position: refs/heads/master@{#43940}
-
Yang Guo authored
BUG=v8:5808 Change-Id: I7bb3c3655e17271b44de881416e150ef51811154 Reviewed-on: https://chromium-review.googlesource.com/457336 Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#43939}
-
Toon Verwaest authored
[ic] Also support caching accessor calls with primitive receivers. CallFunction does the proper wrapping. BUG=v8:5561 Change-Id: Icb4172628e1975f8eaa8252a20b27ff36d8c63c4 Reviewed-on: https://chromium-review.googlesource.com/457038 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#43938}
-
Clemens Hammacher authored
If an exception is thrown and the wasm interpreter entry frame is unwound, also the internal frames in the interpreter need to be unwound. We did not do so before, leaving a corrupted internal state of the wasm interpreter. Thus reusing it would fail. This CL fixes this and adds a test which reenters a previously unwound wasm interpreter. It checks that this works and the correct stack is returned. This test also requires support for calling an imported function which throws, so this change is also included here. R=ahaas@chromium.org, titzer@chromium.org BUG=v8:5822 Change-Id: I12fb843f7a371a4e618b4ac63ed3299667a03a82 Reviewed-on: https://chromium-review.googlesource.com/453938 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#43937}
-
Clemens Hammacher authored
This CL adds general lazy compilation support to WebAssembly, according to the design described in the design doc (see referenced bug). It's not used currently, but I tested locally that all tests succeed if I enable it by default. With a later CL, we will enable lazy compilation by default for validate-asm: https://chromium-review.googlesource.com/451318 R=titzer@chromium.org, ahaas@chromium.org, bmeurer@chromium.org BUG=v8:5991 Change-Id: I85440382118a24fc245e78a5a90cf2b95659cd69 Reviewed-on: https://chromium-review.googlesource.com/451317 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#43936}
-
Toon Verwaest authored
We use LoadFromPrototype also for direct global loads. InitPrototypeChecks did not support this though, and would create a prototype chain check for objects beyond the direct global. This tries to ensure the property on the global itself doesn't exist, which is invalid. Additionally this CL deletes duplicate code. BUG=chromium:702798,v8:5561 Change-Id: I318a5b6cd5f7c3efdb3a003e34edd37d5d3f880b Reviewed-on: https://chromium-review.googlesource.com/457369 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#43935}
-
loorongjie authored
BUG=v8:5929 R=adamk@chromium.org,bmeurer@chromium.org Review-Url: https://codereview.chromium.org/2735563002 Cr-Commit-Position: refs/heads/master@{#43934}
-
Peter Marshall authored
Add a fastpath for when byteOffset is undefined, which is the common case. We can just replace it with 0 and avoid the modulo checks. Also add a smi-fastpath for byteOffset, which avoids calling stubs for arithmetic when unnecessary. BUG=chromium:701668,v8:5977 Change-Id: Id431dad46bf3796ef32ab465f6787bbebe83437c Reviewed-on: https://chromium-review.googlesource.com/456502 Commit-Queue: Peter Marshall <petermarshall@chromium.org> Reviewed-by: Franziska Hinkelmann <franzih@chromium.org> Cr-Commit-Position: refs/heads/master@{#43933}
-
Clemens Hammacher authored
The DecodeWasmFunctionOffsets method was used for debugging, but is not needed any more. The FindSection function was only used in DecodeWasmFunctionOffsets. This CL removes both. R=ahaas@chromium.org Change-Id: Id4aa05419298ff271766676ec8453134c6e98a69 Reviewed-on: https://chromium-review.googlesource.com/457316Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#43932}
-
Yang Guo authored
Previously we used to add a string address after the stop instruction for description. This has been removed, but the skip in the simulator was not consistently removed in 0ca72de2. BUG=chromium:703051 Change-Id: I3135d180bcef174bc5d9dd24f7737a4415732976 Reviewed-on: https://chromium-review.googlesource.com/457356Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#43931}
-
Igor Sheludko authored
This is a first bulk of changes. BUG=v8:6116 Change-Id: I9308129bd032c0bf5b60c8e0413ee2cb710891ea Reviewed-on: https://chromium-review.googlesource.com/456556 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#43930}
-
franzih authored
Separate the function that prints type profile with --type-profile from the one that collects type profile. The name needs to be stored in the feedback vector as well. I'll make a follow up CL that stores the relevant information, so it can be printed later. BUG=v8:5935 R=yangguo@chromium.org Review-Url: https://codereview.chromium.org/2757993002 Cr-Commit-Position: refs/heads/master@{#43929}
-
ahaas authored
Without the check it happened that the builtin call in the trap code was too far away from the constant pool and therefore crashed. BUG=v8:6054 R=bmeurer@chromium.org, v8-arm-ports@googlegroups.com Review-Url: https://codereview.chromium.org/2738683003 Cr-Commit-Position: refs/heads/master@{#43928}
-