- 04 Apr, 2017 12 commits
-
-
ivica.bogosavljevic authored
Fix ff8b1abb This fixes the problem with the alignment of typed arrays in turbofan. Namely, Float64 typed arrays weren't properly aligned on 32bit architectures, and this causes crashes on those architectures that do not support misaligned memory access. TEST=mjsunit/es6/typedarray-* BUG=v8:6075 Review-Url: https://codereview.chromium.org/2784253002 Cr-Commit-Position: refs/heads/master@{#44366}
-
Franziska Hinkelmann authored
ArrayList is a FixedArray where kFirstIndex is > 0. The Elements() methods returns a copy of the elements starting at kFirstIndex, i.e., without the length that is stored in the first slot. Drive-by fix: Rename some variables. BUG= Change-Id: Ia1de73c4780a179301007f2ab9080fd08e8ea99d Reviewed-on: https://chromium-review.googlesource.com/466186Reviewed-by: Michael Stanton <mvstanton@chromium.org> Commit-Queue: Franziska Hinkelmann <franzih@chromium.org> Cr-Commit-Position: refs/heads/master@{#44365}
-
Franziska Hinkelmann authored
Return a structured objet with the type profile information. Move the test from message to mjsunit. BUG=v8:5933 Change-Id: I3e1c592697924d87f82d46b0ddbdb6d82d9c8467 Reviewed-on: https://chromium-review.googlesource.com/464847Reviewed-by: Michael Stanton <mvstanton@chromium.org> Commit-Queue: Franziska Hinkelmann <franzih@chromium.org> Cr-Commit-Position: refs/heads/master@{#44364}
-
bmeurer authored
For sloppy arguments in functions with declared formal parameters, the apply with arguments optimization in TurboFan wouldn't kick in currently, because so far there was no guard to see if using the arguments from the stack or the frame state is safe. One easy to check guard here is to just check that there's no observable side-effect between the actual arguments creation and the call to apply. BUG=v8:5267,v8:6200 R=danno@chromium.org Review-Url: https://codereview.chromium.org/2789113004 Cr-Commit-Position: refs/heads/master@{#44363}
-
machenbach authored
Revert of [typedarrays] Check detached buffer at start of typed array methods (patchset #10 id:180001 of https://codereview.chromium.org/2778623003/ ) Reason for revert: Breaks layout tests: https://build.chromium.org/p/tryserver.v8/builders/v8_linux_blink_rel/builds/18499 Changes: https://storage.googleapis.com/chromium-layout-test-archives/v8_linux_blink_rel/18499/layout-test-results/results.html See: https://github.com/v8/v8/wiki/Blink-layout-tests Original issue's description: > [typedarrays] Check detached buffer at start of typed array methods > > - Throw TypeError in ValidateTypedArray, matching JSC, SpiderMonkey > and ChakraCore. > - Validate typed arrays at start of each typed array prototype > methods in src/js/typedarrays.js > - Add tests to check detached buffers > - Remove an unnecessary parameter of TypedArraySpeciesCreate > in src/js/typedarrays.js > - Standardize TypedArray.prototype.subarray > - Update test262.status to pass detached buffer tests > > BUG=v8:4648,v8:4665,v8:4953 > > Review-Url: https://codereview.chromium.org/2778623003 > Cr-Commit-Position: refs/heads/master@{#44357} > Committed: https://chromium.googlesource.com/v8/v8/+/238d5b4453d9166aaddce76a5393514d977238d4 TBR=cbruni@chromium.org,adamk@chromium.org,bmeurer@chromium.org,littledan@chromium.org,petermarshall@chromium.org,cwhan.tunz@gmail.com # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=v8:4648,v8:4665,v8:4953 Review-Url: https://codereview.chromium.org/2793233003 Cr-Commit-Position: refs/heads/master@{#44362}
-
Michael Starzinger authored
This fixes the name stored with functions where the declaration was hoisted above the actual function definition. It also extends test coverage and emits proper source position mapping for such cases. R=clemensh@chromium.org TEST=mjsunit/wasm/asm-wasm-stack BUG=v8:6127 Change-Id: I675a98b244fe2157925e799b5c46b7f6bd53c9da Reviewed-on: https://chromium-review.googlesource.com/466247Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#44361}
-
jgruber authored
BUG=v8:6172 Review-Url: https://codereview.chromium.org/2795693002 Cr-Commit-Position: refs/heads/master@{#44360}
-
dusan.simicic authored
Add support for F32x4Splat, F32x4ExtractLane, F32x4ReplaceLane, F32x4SConvertI32x4, F32x4UConvertI32x4 operations for mips32 and mips64 architectures. BUG= Note: Depends on https://codereview.chromium.org/2753903004/ Review-Url: https://codereview.chromium.org/2780503002 Cr-Commit-Position: refs/heads/master@{#44359}
-
machenbach authored
Revert of [inspector] move console to builtins (patchset #7 id:140001 of https://codereview.chromium.org/2785293002/ ) Reason for revert: http://crbug.com/v8/6198 Original issue's description: > [inspector] move console to builtins > > What will we get: > - console would be included into snapshot and allow us to reduce time that we spent in contextCreated function (~5 times faster), > - it allows us to make further small improvement of console methods, e.g. we can implement super quick return from console.assert if first argument is true, > - console calls are ~ 15% faster. > > BUG=v8:6175 > R=dgozman@chromium.org > > Review-Url: https://codereview.chromium.org/2785293002 > Cr-Original-Commit-Position: refs/heads/master@{#44353} > Committed: https://chromium.googlesource.com/v8/v8/+/55905f85d63d75aaa9313e51eb7bede754a8e41c > Review-Url: https://codereview.chromium.org/2785293002 > Cr-Commit-Position: refs/heads/master@{#44355} > Committed: https://chromium.googlesource.com/v8/v8/+/cc74ea0bc4fe4a71fa53d08b62cc18d15e01fbb3 TBR=dgozman@chromium.org,kozyatinskiy@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=v8:6175 Review-Url: https://codereview.chromium.org/2790343002 Cr-Commit-Position: refs/heads/master@{#44358}
-
cwhan.tunz authored
- Throw TypeError in ValidateTypedArray, matching JSC, SpiderMonkey and ChakraCore. - Validate typed arrays at start of each typed array prototype methods in src/js/typedarrays.js - Add tests to check detached buffers - Remove an unnecessary parameter of TypedArraySpeciesCreate in src/js/typedarrays.js - Standardize TypedArray.prototype.subarray - Update test262.status to pass detached buffer tests BUG=v8:4648,v8:4665,v8:4953 Review-Url: https://codereview.chromium.org/2778623003 Cr-Commit-Position: refs/heads/master@{#44357}
-
v8-autoroll authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/e00daf3..58260ed Rolling v8/third_party/catapult: https://chromium.googlesource.com/external/github.com/catapult-project/catapult/+log/6b686d1..7726dac TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org Change-Id: I3468312d0d9b98886299d0b89bb75cdd328603db Reviewed-on: https://chromium-review.googlesource.com/466868Reviewed-by: v8 autoroll <v8-autoroll@chromium.org> Commit-Queue: v8 autoroll <v8-autoroll@chromium.org> Cr-Commit-Position: refs/heads/master@{#44356}
-
kozyatinskiy authored
What will we get: - console would be included into snapshot and allow us to reduce time that we spent in contextCreated function (~5 times faster), - it allows us to make further small improvement of console methods, e.g. we can implement super quick return from console.assert if first argument is true, - console calls are ~ 15% faster. BUG=v8:6175 R=dgozman@chromium.org Review-Url: https://codereview.chromium.org/2785293002 Cr-Original-Commit-Position: refs/heads/master@{#44353} Committed: https://chromium.googlesource.com/v8/v8/+/55905f85d63d75aaa9313e51eb7bede754a8e41c Review-Url: https://codereview.chromium.org/2785293002 Cr-Commit-Position: refs/heads/master@{#44355}
-
- 03 Apr, 2017 28 commits
-
-
kozyatinskiy authored
Revert of [inspector] move console to builtins (patchset #6 id:120001 of https://codereview.chromium.org/2785293002/ ) Reason for revert: console.toString() should return "[object Object]" Original issue's description: > [inspector] move console to builtins > > What will we get: > - console would be included into snapshot and allow us to reduce time that we spent in contextCreated function (~5 times faster), > - it allows us to make further small improvement of console methods, e.g. we can implement super quick return from console.assert if first argument is true, > - console calls are ~ 15% faster. > > BUG=v8:6175 > R=dgozman@chromium.org > > Review-Url: https://codereview.chromium.org/2785293002 > Cr-Commit-Position: refs/heads/master@{#44353} > Committed: https://chromium.googlesource.com/v8/v8/+/55905f85d63d75aaa9313e51eb7bede754a8e41c TBR=dgozman@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=v8:6175 Review-Url: https://codereview.chromium.org/2795003003 Cr-Commit-Position: refs/heads/master@{#44354}
-
kozyatinskiy authored
What will we get: - console would be included into snapshot and allow us to reduce time that we spent in contextCreated function (~5 times faster), - it allows us to make further small improvement of console methods, e.g. we can implement super quick return from console.assert if first argument is true, - console calls are ~ 15% faster. BUG=v8:6175 R=dgozman@chromium.org Review-Url: https://codereview.chromium.org/2785293002 Cr-Commit-Position: refs/heads/master@{#44353}
-
Josh Wolfe authored
Add newline at the start of the function body. BUG=v8:6190, v8:4958 R=littledan@chromium.org, adamk@chromium.org, caitp@igalia.com Change-Id: I10db088ac9807a503382fd5080ad955e418d8b45 Reviewed-on: https://chromium-review.googlesource.com/466566Reviewed-by: Caitlin Potter <caitp@igalia.com> Reviewed-by: Adam Klein <adamk@chromium.org> Commit-Queue: Josh Wolfe <jwolfe@igalia.com> Cr-Commit-Position: refs/heads/master@{#44352}
-
Caitlin Potter authored
Relanding now that v8:6190 has been fixed BUG=v8:4958 R=adamk@chromium.org, littledan@chromium.org, jwolfe@igalia.com Change-Id: I2732dbf96c5f9f899cee826dd2fdc621098a87e5 Reviewed-on: https://chromium-review.googlesource.com/466226Reviewed-by: Daniel Ehrenberg <littledan@chromium.org> Commit-Queue: Daniel Ehrenberg <littledan@chromium.org> Cr-Commit-Position: refs/heads/master@{#44351}
-
Clemens Hammacher authored
Minor fix: Provide a string for "%s". R=hablich@chromium.org Change-Id: Ibae24688c5f69e0fee5108701aa7f483117aea8c Reviewed-on: https://chromium-review.googlesource.com/457998Reviewed-by: Michael Hablich <hablich@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#44350}
-
Peter Marshall authored
Seems to have been missed in this cleanup: crrev.com/2741683004. Also updates a comment referring to internal fields. Change-Id: I44b5fd49f5fb4b67b5288a6af959e4e963544368 Reviewed-on: https://chromium-review.googlesource.com/466147 Commit-Queue: Peter Marshall <petermarshall@chromium.org> Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org> Cr-Commit-Position: refs/heads/master@{#44349}
-
Michael Starzinger authored
This adds test coverage for the source position tracking of function table calls in asm.js and fixes the discovered issues. It also fixes function start positions (used by errors thrown at stack checks). R=clemensh@chromium.org TEST=mjsunit/wasm/asm-wasm-stack BUG=v8:6127,v8:6166 Change-Id: Id6ab6dc72bcedb0d838eed315e2a05fbc59039f4 Reviewed-on: https://chromium-review.googlesource.com/465949 Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#44348}
-
cwhan.tunz authored
Since byteOffset is configurable, we need to access byteOffset by %_ArrayBufferViewGetByteOffset, instead of accessing .byteOffset property. BUG=v8:6120 Review-Url: https://codereview.chromium.org/2761673003 Cr-Commit-Position: refs/heads/master@{#44347}
-
Clemens Hammacher authored
When calling imported functions, we were always using the global object as receiver. This is incorrect for strict functions, which should have undefined as receiver. This CL fixes this also for the interpreter, making us pass test/mjsunit/wasm/receiver.js with --wasm-interpret-all. R=ahaas@chromium.org BUG=v8:5822 TEST=test/mjsunit/wasm/receiver Change-Id: Ib7d637083245f67b668c11540e3c3473bc167129 Reviewed-on: https://chromium-review.googlesource.com/465986 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#44346}
-
Clemens Hammacher authored
For OOB checks on memory accesses, we first subtracted the size of the type to load/store from the memory size, and then compared against this effective_size. If the memory size is smaller than the size of the type, this would lead to an integer underflow, and we would try to load the value. This CL fixes this, and adds a test case for this. R=ahaas@chromium.org BUG=v8:5822 Change-Id: I26fcba0be7343c88b8459d029b0c0af095d2466a Reviewed-on: https://chromium-review.googlesource.com/465946 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#44345}
-
kozyatinskiy authored
JSObject is slow: creating strings for keys and storing values by these keys after takes significant amount of time. With this CL console methods (most of them collect top stack frame to calculate source location) are ~33% faster. V8Debugger::captureStackTrace is ~50% faster. BUG=v8:6189 R=yangguo@chromium.org TBR=bmeurer@chromium.org Review-Url: https://codereview.chromium.org/2789073002 Cr-Commit-Position: refs/heads/master@{#44344}
-
jgruber authored
Bool flags can be as small as one byte, so testing an IntPtr-sized value is incorrect. BUG=v8:6172 Review-Url: https://codereview.chromium.org/2792963002 Cr-Commit-Position: refs/heads/master@{#44343}
-
Michael Achenbach authored
This reverts commit 7a6e6bb1. Reason for revert: breaks layout tests: https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/14688 See: https://github.com/v8/v8/wiki/Blink-layout-tests Original change's description: > [wasm] Make WebAssembly.compile() asynchronous > > titzer@ originally created this > CL (https://codereview.chromium.org/2757903002). I fixed crashing tests > and adressed some comments of the reviewers. > > R=bradnelson@chromium.org, clemensh@chromium.org, mtrofin@chromium.org > BUG=v8:6003 > > Change-Id: I4ab6d503909402d24043657a896200032e6d1023 > Reviewed-on: https://chromium-review.googlesource.com/464887 > Reviewed-by: Clemens Hammacher <clemensh@chromium.org> > Reviewed-by: Mircea Trofin <mtrofin@chromium.org> > Commit-Queue: Andreas Haas <ahaas@chromium.org> > Cr-Commit-Position: refs/heads/master@{#44333} TBR=bradnelson@chromium.org,mtrofin@chromium.org,ahaas@chromium.org,clemensh@chromium.org,titzer@chromium.org,v8-reviews@googlegroups.com NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=v8:6003 Change-Id: I87dbdbba0be4624828b6b0a94e02b6681593e335 Reviewed-on: https://chromium-review.googlesource.com/465813Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#44342}
-
rmcilroy authored
Translates code of the form 'if (x === undefined)' into the JumpIfUndefined bytecode, and similarly for comparisons with null. Also adds bytecodes for JumpIfNotUndefined / Null. Moves the peephole optimization for CompareUndefined out of the peephole optimizer and into the BytecodeGenerator, having the side-effect of enabling it for comparisons with undefined on both side of the compare operation. BUG=v8:6107 Review-Url: https://codereview.chromium.org/2793923002 Cr-Commit-Position: refs/heads/master@{#44341}
-
Caitlin Potter authored
With --harmony-function-tostring enabled (now enabled by --harmony), CompileFunctionInContext would produce incorrect results whenever called with 1 or more argument parameters, due to specifying an incorrect end position for the parameters. BUG=v8:6190, v8:4958 R=littledan@chromium.org, adamk@chromium.org, jwolfe@igalia.com Change-Id: Ied2bcba44116311ebcae3967963472b4e1058fd3 Reviewed-on: https://chromium-review.googlesource.com/465515 Commit-Queue: Caitlin Potter <caitp@igalia.com> Reviewed-by: Daniel Ehrenberg <littledan@chromium.org> Cr-Commit-Position: refs/heads/master@{#44340}
-
Camillo Bruni authored
This CL adds support to parse a PushStackTraceAndDie dump on a windows minidump: Stack Message: magic1: 00000000bbbbbbbb magic2: 00000000bbbbbbbb ptr1: 00000015f9ca78d1 T ptr2: 0000000000000000 message start: 00000000002c58f0 S stack_start: 00000000002cd8f0 S All addresses within the message are annotated with the address marker to make it easier to spot objects that are contained in the minidump. Currently this doesn't work on OSX yet as we do not correctly push the two magic markers on the stack. Change-Id: I8385bb66a76bd253c4014bc7e25971d03830dd4d Reviewed-on: https://chromium-review.googlesource.com/466007Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#44339}
-
Camillo Bruni authored
Change-Id: I169b4d91463cb59aa2a91e79eda2d7e877f88d72 Reviewed-on: https://chromium-review.googlesource.com/456319 Commit-Queue: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Michael Hablich <hablich@chromium.org> Cr-Commit-Position: refs/heads/master@{#44338}
-
ivica.bogosavljevic authored
Fix 776d89f9 Fix typo in MIPS implementation BUG= Review-Url: https://codereview.chromium.org/2788123002 Cr-Commit-Position: refs/heads/master@{#44337}
-
Peter Marshall authored
The byte_length field of the TypedArray is not set to 0 on neutering, but JSArrayBufferView::byte_length() returns 0 if WasNeutered() is true. We should use the length property here instead. We can just short-circuit if the length is 0. Added checks to the memcpy path that assert length and neutered status are sane. Bug:chromium:707472,chromium:707595,chromium:707364,chromium:707410 Change-Id: Ia1dec53f175357673012cbbc5e2fc40207e03623 Reviewed-on: https://chromium-review.googlesource.com/465987Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#44336}
-
Michael Starzinger authored
This adds support for tracking token positions in the asm.js scanner and uses these positions to emit a mapping from WASM to asm.js positions. Note that the mapping is still incomplete (some call sites are not yet covered). R=clemensh@chromium.org TEST=debugger/debug/wasm/asm-debug BUG=v8:6127 Change-Id: Ic8aad1a85e7d9e19da2eec523fcc73d4984afcc8 Reviewed-on: https://chromium-review.googlesource.com/466046 Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#44335}
-
tgfjt.mail authored
This comment was just left behind: https://codereview.chromium.org/6006 BUG=v8:5413 Review-Url: https://codereview.chromium.org/2794863002 Cr-Commit-Position: refs/heads/master@{#44334}
-
Andreas Haas authored
titzer@ originally created this CL (https://codereview.chromium.org/2757903002). I fixed crashing tests and adressed some comments of the reviewers. R=bradnelson@chromium.org, clemensh@chromium.org, mtrofin@chromium.org BUG=v8:6003 Change-Id: I4ab6d503909402d24043657a896200032e6d1023 Reviewed-on: https://chromium-review.googlesource.com/464887Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Mircea Trofin <mtrofin@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#44333}
-
Clemens Hammacher authored
A DCHECK was failing if we unwind an activation which is not the bottom-most. This CL fixes this and adds a test for this. R=ahaas@chromium.org BUG=v8:5822 Change-Id: Ib69116b4c45a7b2a0d6cab97ad984dfdcda55918 Reviewed-on: https://chromium-review.googlesource.com/464788Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#44332}
-
jgruber authored
BUG=v8:5437 Review-Url: https://codereview.chromium.org/2779033003 Cr-Commit-Position: refs/heads/master@{#44331}
-
Daniel Ehrenberg authored
This reverts commit fa314341. Reason for revert: Causes a significant bug: https://bugs.chromium.org/p/v8/issues/detail?id=6190 Original change's description: > Stage --harmony-function-tostring > > BUG=v8:4958 > > Change-Id: Id02d36fce76eed54a5a3d348dbac2ea7d43f4ef3 > Reviewed-on: https://chromium-review.googlesource.com/462336 > Reviewed-by: Daniel Ehrenberg <littledan@chromium.org> > Commit-Queue: Adam Klein <adamk@chromium.org> > Cr-Commit-Position: refs/heads/master@{#44275} TBR=adamk@chromium.org,littledan@chromium.org,hablich@chromium.org,v8-reviews@googlegroups.com # Not skipping CQ checks because original CL landed > 1 day ago. BUG=v8:4958 Change-Id: I43388674e454275fb93a15b9af03e3d8c3cfaaa2 Reviewed-on: https://chromium-review.googlesource.com/465810Reviewed-by: Daniel Ehrenberg <littledan@chromium.org> Commit-Queue: Daniel Ehrenberg <littledan@chromium.org> Cr-Commit-Position: refs/heads/master@{#44330}
-
yangguo authored
R=jgruber@chromium.org BUG=v8:6165 Review-Url: https://codereview.chromium.org/2794443002 Cr-Commit-Position: refs/heads/master@{#44329}
-
Josh Wolfe authored
* When V8_I18N_SUPPORT, completely omit the Unibrow no-op placeholder, and instead use the CPP builtin that uses ICU. * Remove %StringNormalize() runtime function. Bug: v8:5751 CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_linux_noi18n_rel_ng Change-Id: I3499fa4305d421859253a226f4f09794abe94f4c Change-Id: I3499fa4305d421859253a226f4f09794abe94f4c Reviewed-on: https://chromium-review.googlesource.com/462405Reviewed-by: Caitlin Potter <caitp@igalia.com> Reviewed-by: Daniel Ehrenberg <littledan@chromium.org> Commit-Queue: Daniel Ehrenberg <littledan@chromium.org> Cr-Commit-Position: refs/heads/master@{#44328}
-
bmeurer authored
For speculative number comparisons with SignedSmall feedback, we always enforce either TaggedSigned or Word32 comparisons. But this is not really beneficial if one of the inputs is already in Float64 representation; in that case it's cheaper to just convert the other input to a Float64. R=jarin@chromium.org Review-Url: https://codereview.chromium.org/2790833004 Cr-Commit-Position: refs/heads/master@{#44327}
-