1. 13 Jul, 2017 1 commit
  2. 12 Jul, 2017 2 commits
  3. 23 Jun, 2017 1 commit
  4. 22 Jun, 2017 1 commit
    • Daniel Ehrenberg's avatar
      [scopes] Fix sloppy-mode block-scoped function hoisting edge case · d54ffadf
      Daniel Ehrenberg authored
      In edge cases such as the following, sloppy-mode block-scoped function
      hoisting is expected to occur:
      
        eval(`
          with({a: 1}) {
            function a() {}
          }
        `)
      
      In this case, there should be the equivalent of a var declaration
      outside of the eval, which gets set to the value of the local function
      a when the body of the with is executed.
      
      Previously, the way that var declarations are hoisted out of eval
      meant that the assignment to that var was an ordinary DYNAMIC_GLOBAL
      assignment. However, such a lookup mode meant that the object in the
      with scope received the assignment!
      
      This patch fixes that error by marking the assignments produced by
      the sloppy mode block scoped function hoisting desugaring so as to
      generate a different runtime call which skips with scopes.
      
      Bug: chromium:720247, v8:5135
      Change-Id: Ie36322ddc9ca848bf680163e8c016f50d4597748
      Reviewed-on: https://chromium-review.googlesource.com/529230
      Commit-Queue: Daniel Ehrenberg <littledan@chromium.org>
      Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
      Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
      Reviewed-by: 's avatarAdam Klein <adamk@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#46116}
      d54ffadf
  5. 19 Jun, 2017 1 commit
    • Leszek Swirski's avatar
      [compiler] Drive optimizations with feedback vector (reland) · 24b7026d
      Leszek Swirski authored
      For interpreted functions, use the optimized code slot in the feedback
      vector to store an optimization marker (optimize/in optimization queue)
      rather than changing the JSFunction's code object. Then, adapt the
      self-healing mechanism to also dispatch based on this optimization
      marker. Similarly, replace SFI marking with optimization marker checks
      in CompileLazy.
      
      This allows JSFunctions to share optimization information (replacing
      shared function marking) without leaking this information across native
      contexts. Non I+TF functions (asm.js or --no-turbo) use a
      CheckOptimizationMarker shim which generalises the old
      CompileOptimized/InOptimizationQueue builtins and also checks the same
      optimization marker as CompileLazy and InterpreterEntryTrampoline.
      
      This is a reland of https://chromium-review.googlesource.com/c/509716
      
      Change-Id: I02b790544596562373da4c9c9f6afde5fb3bcffe
      Reviewed-on: https://chromium-review.googlesource.com/535460Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
      Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#45997}
      24b7026d
  6. 16 Jun, 2017 1 commit
  7. 13 Jun, 2017 3 commits
    • Michael Lippautz's avatar
      [heap] Move AccessMode out from MarkBit into globals · 35b9776f
      Michael Lippautz authored
      Bug: 
      Change-Id: I5ea0e072c3ac100a6f3bed62a9a4d2c11d2b7c9a
      Reviewed-on: https://chromium-review.googlesource.com/533414
      Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#45920}
      35b9776f
    • Leszek Swirski's avatar
      Revert "[compiler] Drive optimizations with feedback vector" · 58978da6
      Leszek Swirski authored
      This reverts commit e39c9e02.
      
      Reason for revert: Breaks https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20debug/builds/15561
      
      Original change's description:
      > [compiler] Drive optimizations with feedback vector
      > 
      > For interpreted functions, use the optimized code slot in the feedback vector
      > to store an optimization marker (optimize/in optimization queue) rather than
      > changing the JSFunction's code object. Then, adapt the self-healing mechanism
      > to also dispatch based on this optimization marker. Similarly, replace SFI
      > marking with optimization marker checks in CompileLazy.
      > 
      > This allows JSFunctions to share optimization information (replacing shared
      > function marking) without leaking this information across native contexts. Non
      > I+TF functions (asm.js or --no-turbo) use a CheckOptimizationMarker shim which
      > generalises the old CompileOptimized/InOptimizationQueue builtins and also
      > checks the same optimization marker as CompileLazy and
      > InterpreterEntryTrampoline.
      > 
      > Change-Id: I6826bdde7ab9a919cdb6b69bc0ebc6174bcb91ae
      > Reviewed-on: https://chromium-review.googlesource.com/509716
      > Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#45901}
      
      TBR=rmcilroy@chromium.org,mstarzinger@chromium.org,leszeks@chromium.org
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      
      Change-Id: Ib6c2b4d90fc5f659a6dcaf3fd30321507ca9cb94
      Reviewed-on: https://chromium-review.googlesource.com/532916Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
      Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#45903}
      58978da6
    • Leszek Swirski's avatar
      [compiler] Drive optimizations with feedback vector · e39c9e02
      Leszek Swirski authored
      For interpreted functions, use the optimized code slot in the feedback vector
      to store an optimization marker (optimize/in optimization queue) rather than
      changing the JSFunction's code object. Then, adapt the self-healing mechanism
      to also dispatch based on this optimization marker. Similarly, replace SFI
      marking with optimization marker checks in CompileLazy.
      
      This allows JSFunctions to share optimization information (replacing shared
      function marking) without leaking this information across native contexts. Non
      I+TF functions (asm.js or --no-turbo) use a CheckOptimizationMarker shim which
      generalises the old CompileOptimized/InOptimizationQueue builtins and also
      checks the same optimization marker as CompileLazy and
      InterpreterEntryTrampoline.
      
      Change-Id: I6826bdde7ab9a919cdb6b69bc0ebc6174bcb91ae
      Reviewed-on: https://chromium-review.googlesource.com/509716
      Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#45901}
      e39c9e02
  8. 08 Jun, 2017 1 commit
    • Ross McIlroy's avatar
      [TurboFan] Add typing for the EmptyString and use this for JSToPrimitiveToString · 2c296b7e
      Ross McIlroy authored
      Add the ability for the typer to track whether a string could be the empty
      string. This is needed for typed lowering of JSStringConcat since we can't
      create cons string chain with the empty string in arbitrary positions.
      
      The ToPrimitiveToString bytecode handler is modified to collect feedback on
      whether it has ever seen the empty string, which is used by
      SpeculativeToPrimitiveToString to ensure that the output is non-empty (or
      depot) which will subsiquently be used to enable inline cons-string creation
      for the JSStringConcat operator in typed lowering in a subsiquent CL.
      
      BUG=v8:6243
      
      Change-Id: I41b99b59798993f756aada8cff90fb137d65ea52
      Reviewed-on: https://chromium-review.googlesource.com/522122
      Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
      Reviewed-by: 's avatarJaroslav Sevcik <jarin@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#45786}
      2c296b7e
  9. 07 Jun, 2017 1 commit
  10. 31 May, 2017 2 commits
  11. 22 May, 2017 4 commits
  12. 17 May, 2017 1 commit
  13. 16 May, 2017 1 commit
    • Leszek Swirski's avatar
      [ignition] Change --trace-ignition to a runtime flag · 4becbe34
      Leszek Swirski authored
      Generate the code (extra runtime calls) for --trace-ignition support at
      compile time, based on a #define (similar to TRACE_MAPS). Then check for
      --trace-ignition at run-time when deciding whether to actually print
      anything. This should make --trace-ignition less painful to use.
      
      Note that --trace-igition is disabled by default, even on debug builds.
      It has to be enabled with the gn arg "v8_enable_trace_ignition=true"
      
      As a drive-by, TRACE_MAPS is renamed to V8_TRACE_MAPS, for consistency,
      and SFI unique index (needed both by --trace-ignition and --trace-maps)
      is cleaned up to be behind another #define.
      
      Change-Id: I8dd0c62d0e6b7ee9c75541d45eb729dc03acbee9
      Reviewed-on: https://chromium-review.googlesource.com/506203
      Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#45346}
      4becbe34
  14. 11 May, 2017 1 commit
    • mlippautz's avatar
      [heap] MinorMC: Only iterate new space global handles for ptr updates · 4ea91a01
      mlippautz authored
      The reason we need this mode is that IterateRoots for the Scavenger only
      captures dependent weak nodes. This is also what we do for marking for the
      minor MC.
      
      Since the regular marking might also mark objects that are weakly
      (non-dependently) pointed to by nodes we need to capture all of them during
      pointers updating. The reason this works for the Scavenger is because we do one
      pass at the end of the scavenger (combined with resetting) that captures all
      those nodes.
      
      BUG=chromium:651354
      
      Review-Url: https://codereview.chromium.org/2869413002
      Cr-Commit-Position: refs/heads/master@{#45248}
      4ea91a01
  15. 08 May, 2017 1 commit
    • Adam Klein's avatar
      Skip hole initialization of lexical variables when possible · ededfcd2
      Adam Klein authored
      This patch expands scope analysis to skip hole initialization
      when it can be determined statically that no hole checks will
      be generated at runtime.
      
      Two conditions must be met to safely eliminate hole initialization:
        - There must not exist a VariableProxy referencing this Variable
          whose HoleCheckMode is kRequired
        - The Variable must be stack allocated; any other allocation implies
          that it may be accessed from not-yet-analyzed scopes (other modules,
          inner functions, or eval code) and that code may require
          hole checks.
      
      The new logic required removing debug code in full-codegen which is
      now incorrect in some cases.
      
      Also fixed Variable's bitfield helpers to take no more space than needed.
      
      Bug: chromium:651637
      Change-Id: Ie5ac326af4e05b7a5c3c37cd4d0afba6a51a504d
      Reviewed-on: https://chromium-review.googlesource.com/494006
      Commit-Queue: Adam Klein <adamk@chromium.org>
      Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
      Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
      Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#45170}
      ededfcd2
  16. 13 Apr, 2017 1 commit
  17. 10 Apr, 2017 1 commit
  18. 06 Apr, 2017 1 commit
  19. 29 Mar, 2017 1 commit
    • Caitlin Potter's avatar
      [async-iteration] implement AsyncGenerator · bf463c4d
      Caitlin Potter authored
      - Introduce new struct AsyncGeneratorRequest, which holds
        information pertinent to resuming execution of an
        AsyncGenerator, such as the Promise associated with the async
        generator request. It is intended to be used as a singly
        linked list, and holds a pointer to the next item in te queue.
      
      - Introduce JSAsyncGeneratorObject (subclass of
        JSGeneratorObject), which includes several new internal fields
        (`queue` which contains a singly linked list of
        AsyncGeneratorRequest objects, and `await_input` which
        contains the sent value from an Await expression (This is
        necessary to prevent function.sent (used by yield*) from
        having the sent value observably overwritten during
        execution).
      
      - Modify SuspendGenerator to accept a set of Flags, which
        indicate whether the suspend is for a Yield or Await, and
        whether it takes place on an async generator or ES6
        generator.
      
      - Introduce interpreter intrinsics and TF intrinsic lowering for
        accessing the await input of an async generator
      
      - Modify the JSGeneratorStore operator to understand whether or
        not it's suspending for a normal yield, or an AsyncGenerator
        Await. This ensures appropriate registers are stored.
      
      - Add versions of ResumeGeneratorTrampoline which store the
        input value in a different field depending on wether it's an
        AsyncGenerator Await resume, or an ordinary resume. Also modifies
        whether debug code will assert that the generator object is a
        JSGeneratorObject or a JSAsyncGeneratorObject depending on the
        resume type.
      
      BUG=v8:5855
      R=bmeurer@chromium.org, rmcilroy@chromium.org, jgruber@chromium.org,
      littledan@chromium.org, neis@chromium.org
      TBR=marja@chromium.org
      
      Change-Id: I9d58df1d344465fc937fe7eed322424204497187
      Reviewed-on: https://chromium-review.googlesource.com/446961
      Commit-Queue: Caitlin Potter <caitp@igalia.com>
      Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
      Reviewed-by: 's avatarHannes Payer <hpayer@chromium.org>
      Reviewed-by: 's avatarBenedikt Meurer <bmeurer@chromium.org>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#44240}
      bf463c4d
  20. 27 Mar, 2017 2 commits
  21. 22 Mar, 2017 2 commits
  22. 17 Mar, 2017 1 commit
  23. 15 Mar, 2017 1 commit
  24. 15 Feb, 2017 1 commit
  25. 13 Feb, 2017 1 commit
  26. 10 Feb, 2017 1 commit
  27. 09 Feb, 2017 2 commits
  28. 07 Feb, 2017 1 commit
  29. 06 Feb, 2017 1 commit
  30. 27 Jan, 2017 1 commit
    • yangguo's avatar
      [liveedit] reimplement frame restarting. · 3f47c63d
      yangguo authored
      Previously, when restarting a frame, we would rewrite all frames
      between the debugger activation and the frame to restart to squash
      them, and replace the return address with that of a builtin to
      leave that rewritten frame, and restart the function by calling it.
      
      We now simply remember the frame to drop to, and upon returning
      from the debugger, we check whether to drop the frame, load the
      new FP, and restart the function.
      
      R=jgruber@chromium.org, mstarzinger@chromium.org
      BUG=v8:5587
      
      Review-Url: https://codereview.chromium.org/2636913002
      Cr-Commit-Position: refs/heads/master@{#42725}
      3f47c63d