- 28 Oct, 2015 27 commits
-
-
littledan authored
Many places in the JavaScript standard library are changed in ES2015 from getting an integer using ToUint32 to using ToLength. This patch stages the flag turning on those new semantics. BUG=v8:3087,v8:4244 LOG=Y R=adamk Review URL: https://codereview.chromium.org/1426673003 Cr-Commit-Position: refs/heads/master@{#31641}
-
littledan authored
This patch wraps callsites to %AddElement to fall back to adding a named property in case it is given an argument of 2**32 or greater. The change is needed because %AddElement is called by Array functions in various places, and ES2015 changes these Array functions to use ToLength rather than ToUint32, so several callsites of %AddElement which used to be reliable array indices may be larger numbers. While the proper long-term solution may be to call out to Object.defineProperty, this fix should allow the ToLength semantics to be shipped while preserving correctness and not requiring a rewrite. BUG=v8:4516 LOG=Y R=adamk TEST=Interactively ran Array.prototype.slice on an Array-like which exceeded array bounds, and found that this did not check-fail at runtime as it did before. Microbenchmarked this technique against the previous version on a simple reverse implementation and found at most a 1% slowdown, as opposed to other techniques, like calling %DefineDataPropertyUnchecked, which had a 20% slowdown or Object.defineProperty with a 80% slowdown. Review URL: https://codereview.chromium.org/1420663003 Cr-Commit-Position: refs/heads/master@{#31640}
-
hpayer authored
Review URL: https://codereview.chromium.org/1424233002 Cr-Commit-Position: refs/heads/master@{#31639}
-
dusan.m.milosavljevic authored
TEST=cctest/test-run-machops/RunUint32MulHighP,RunUint32DivP BUG= Review URL: https://codereview.chromium.org/1425003003 Cr-Commit-Position: refs/heads/master@{#31638}
-
jkummerow authored
Now that we have a C++ implementation, calling into JS builtins is needlessly inefficient. Review URL: https://codereview.chromium.org/1410553006 Cr-Commit-Position: refs/heads/master@{#31637}
-
adamk authored
It was shipped in M46 without incident. Review URL: https://codereview.chromium.org/1411723007 Cr-Commit-Position: refs/heads/master@{#31636}
-
adamk authored
These features shipped in M46 without issue. Review URL: https://codereview.chromium.org/1429653006 Cr-Commit-Position: refs/heads/master@{#31635}
-
mstarzinger authored
R=bmeurer@chromium.org,hablich@chromium.org BUG=v8:4493 LOG=n Review URL: https://codereview.chromium.org/1416873007 Cr-Commit-Position: refs/heads/master@{#31634}
-
mbrandy authored
For platforms that use function descriptors (currently AIX and PPC64BE), log an external callback's entrypoint address rather than its function descriptor address. This allows proper lookup in the tick processor's symbol table. R=jkummerow@chromium.org, michael_dawson@ca.ibm.com BUG= Review URL: https://codereview.chromium.org/1409993006 Cr-Commit-Position: refs/heads/master@{#31633}
-
mstarzinger authored
R=jochen@chromium.org Review URL: https://codereview.chromium.org/1417163004 Cr-Commit-Position: refs/heads/master@{#31632}
-
bmeurer authored
Rename ZoneTypeCache to TypeCache and use a single shared (immutable) instance consistently to cache the most commonly used types. Also serves as a chokepoint for defining those types, so we don't repeat the definition (and possible bugs) in various places. R=jarin@chromium.org Review URL: https://codereview.chromium.org/1409763004 Cr-Commit-Position: refs/heads/master@{#31631}
-
mstarzinger authored
R=jochen@chromium.org Review URL: https://codereview.chromium.org/1408283006 Cr-Commit-Position: refs/heads/master@{#31630}
-
akos.palfi authored
TEST=cctest/test-gap-resolver/FuzzResolver,unittests/MoveOptimizerTest.RemovesRedundantExplicit BUG= Review URL: https://codereview.chromium.org/1403373016 Cr-Commit-Position: refs/heads/master@{#31629}
-
vogelheim authored
BUG= Review URL: https://codereview.chromium.org/1420613008 Cr-Commit-Position: refs/heads/master@{#31628}
-
hpayer authored
[heap] Convert overapproximate weak closure phase into finalize incremental marking phase and revisit the root set there. BUG=chromium:548562 LOG=n Review URL: https://codereview.chromium.org/1428683002 Cr-Commit-Position: refs/heads/master@{#31627}
-
bmeurer authored
R=jarin@chromium.org BUG=v8:4470 LOG=n Review URL: https://codereview.chromium.org/1422373002 Cr-Commit-Position: refs/heads/master@{#31626}
-
zhengxing.li authored
In order to resolve the sqrt precision issue described in https://codereview.chromium.org/1425763002/. we change the implementation of CreateSqrtFunction() implementation of X87 so that the optimize compiler and full-compiler implementation are unified. R=weiliang.lin@intel.com BUG= Review URL: https://codereview.chromium.org/1417553007 Cr-Commit-Position: refs/heads/master@{#31625}
-
yangguo authored
R=jkummerow@chromium.org BUG=v8:4450 LOG=N Review URL: https://codereview.chromium.org/1411103006 Cr-Commit-Position: refs/heads/master@{#31624}
-
bmeurer authored
Only mark the last fallthrough control as deferred, otherwise the splintering will ruin the code generation for the (maybe likely) polymorphic cases. Drive-by-fix: Reduce overall code duplication between JSLoadNamed and JSStoreNamed specialization. R=jarin@chromium.org BUG=v8:4470 LOG=n Review URL: https://codereview.chromium.org/1424733002 Cr-Commit-Position: refs/heads/master@{#31623}
-
yangguo authored
R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/1413373004 Cr-Commit-Position: refs/heads/master@{#31622}
-
jacob.bramley authored
Float(32|64)Min: // (a < b) ? a : b fcmp da, db fcsel dd, da, db, lo Float(32|64)Max: // (b < a) ? a : b fcmp db, da fcsel dd, da, db, lo BUG= Review URL: https://codereview.chromium.org/1360603003 Cr-Commit-Position: refs/heads/master@{#31621}
-
mythria authored
Adds support for delete operator, it's implementation and tests. Adds tests for the following unary operators -BitwiseNot -Add -Sub BUG=v8:4280 LOG=N Review URL: https://codereview.chromium.org/1410953003 Cr-Commit-Position: refs/heads/master@{#31620}
-
mstarzinger authored
This lowers JSCreateArguments nodes within inline (i.e. non-outermost) frames that create "mapped arguments objects" to inline allocations. The arguments count as well as each value is statically known and can be directly stored into the arguments object. Note that the object is still context-dependent and the map is loaded from the current context. The object size is not taken into account for now, we might want to limit it later though to keep code size bounded. R=jarin@chromium.org Review URL: https://codereview.chromium.org/1403363004 Cr-Commit-Position: refs/heads/master@{#31619}
-
bmeurer authored
Typed lowering can lower JSConvertReceiver either based on the operator hints or the (statically) known receiver type. R=jarin@chromium.org BUG=chromium:548557, v8:4493, v8:4470 LOG=n Review URL: https://codereview.chromium.org/1426893002 Cr-Commit-Position: refs/heads/master@{#31618}
-
bmeurer authored
Review URL: https://codereview.chromium.org/1423663008 Cr-Commit-Position: refs/heads/master@{#31617}
-
jing.bao authored
BUG= Review URL: https://codereview.chromium.org/1427703003 Cr-Commit-Position: refs/heads/master@{#31616}
-
v8-autoroll authored
Rolling v8/third_party/android_tools to 54492f99c84cab0826a8e656efeb33a1b1bf5a04 TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org Review URL: https://codereview.chromium.org/1428663002 Cr-Commit-Position: refs/heads/master@{#31615}
-
- 27 Oct, 2015 13 commits
-
-
littledan authored
When == is invoked on a Symbol or SIMD vector and an object, the object should be converted to a primitive with ToPrimitive and then compared again. This means, for example, that for a Symbol or SIMD vector s, s == Object(s). This patch makes that change in the implementation of ==. Only the runtime function needed to be changed, as the code stubs and compiler specializations don't operate on Symbols or SIMD vectors, and on these types, a fallback to the runtime function is always used. BUG=v8:3593 LOG=Y R=adamk Review URL: https://codereview.chromium.org/1421413002 Cr-Commit-Position: refs/heads/master@{#31614}
-
mstarzinger authored
This fixes a missing SSA-renaming of the callee value used in the frame state of a call node. An OSR-entry within do-expressions contained in one of the argument expression can trigger that renaming. R=rossberg@chromium.org TEST=mjsunit/regress/regress-crbug-546968 BUG=chromium:546968 LOG=n Review URL: https://codereview.chromium.org/1430483002 Cr-Commit-Position: refs/heads/master@{#31613}
-
machenbach authored
BUG=chromium:535160 LOG=n Review URL: https://codereview.chromium.org/1420473003 Cr-Commit-Position: refs/heads/master@{#31612}
-
fedor authored
Scavenger should not attempt to visit ArrayBuffer's storage, it is a user-supplied pointer that may have any alignment. Visiting it, may result in a crash. BUG= R=jochen Review URL: https://codereview.chromium.org/1406133003 Cr-Commit-Position: refs/heads/master@{#31611}
-
littledan authored
Reland of Check that array length stays a safe integer in Array.prototype.push (patchset #1 id:1 of https://codereview.chromium.org/1418093007/ ) Reason for revert: The test failure was unrelated; relanding. Original issue's description: > Revert of Check that array length stays a safe integer in Array.prototype.push (patchset #7 id:120001 of https://codereview.chromium.org/1428483002/ ) > > Reason for revert: > Caused for-in-opt test to fail > > Original issue's description: > > Check that array length stays a safe integer in Array.prototype.push > > > > This patch adds a check in Array.prototype.push to assert that the new > > length does not become greater than 2**53-1. Such a length would be > > dangerous because integer arithmetic becomes imprecise after the > > boundary. The check is also required by a test262 test. > > > > R=adamk > > LOG=Y > > BUG=v8:3087 > > > > Committed: https://crrev.com/e68adf4548dd101dc08fcbff14444152fb1b7fe7 > > Cr-Commit-Position: refs/heads/master@{#31588} > > TBR=adamk@chromium.org > NOPRESUBMIT=true > NOTREECHECKS=true > NOTRY=true > BUG=v8:3087 > > Committed: https://crrev.com/78abedb94431a233842fcb2f7a910805a05bed09 > Cr-Commit-Position: refs/heads/master@{#31590} TBR=adamk@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=v8:3087 Review URL: https://codereview.chromium.org/1424823005 Cr-Commit-Position: refs/heads/master@{#31610}
-
bmeurer authored
Previously ChangeLowering would always box float64 values when going to tagged representation, but that introduces a lot of deoptimizer loops and polymorphism into TurboFan, which is unfortunate and unnecessary. This adds some logic to ChangeFloat64ToTagged to try harder to create a Smi when going from Float64 to Tagged, instead of always allocating a HeapNumber. This might need some additional tweaking, but at least it makes it possible to start comparing TurboFan and Crankshaft for some regular JavaScript. R=jarin@chromium.org Review URL: https://codereview.chromium.org/1420913003 Cr-Commit-Position: refs/heads/master@{#31609}
-
machenbach authored
BUG=chromium:535160 LOG=n Review URL: https://codereview.chromium.org/1424863002 Cr-Commit-Position: refs/heads/master@{#31608}
-
jkummerow authored
Full-codegen prepared for the bailout in the wrong place, causing side effects to be replayed when they shouldn't. Crankshaft and Turbofan are in agreement about where the deopt should jump to. TEST=mjsunit/for-in-opt R=jarin@chromium.org BUG=v8:4381 LOG=y Review URL: https://codereview.chromium.org/1413923005 Cr-Commit-Position: refs/heads/master@{#31607}
-
Michael Achenbach authored
Cr-Commit-Position: refs/heads/master@{#31606}
-
mbrandy authored
kExpectedPages should be ceil(kNumObjects / kNumObjectsPerPage) R=mlippautz@chromium.org, hpayer@chromium.org BUG= Review URL: https://codereview.chromium.org/1418143004 Cr-Commit-Position: refs/heads/master@{#31605}
-
rmcilroy authored
BUG=v8:4280 LOG=N Review URL: https://codereview.chromium.org/1413703007 Cr-Commit-Position: refs/heads/master@{#31604}
-
danno authored
Up until now, if one wanted to specify an explicit stack location or register as an operand for an instruction, it had to also be explicitly associated with a virtual register as a so-called FixedRegister or FixedStackSlot. For the implementation of tail calls, the plan is to use the gap resolver needs to shuffle stack locations from the caller to the tail-called callee. In order to do this, it must be possible to explicitly address operand locations on the stack that are not associated with virtual registers. This CL introduces ExplictOperands, which can specify a specific register or stack location that is not associated with virtual register. This will allow tail calls to specify the target locations for the necessary stack moves in the gap for the tail call without the core register allocation having to know about the target of the stack moves at all. In the process this CL: * creates a new Operand kind, ExplicitOperand, with which instructions can specify register and stack slots without an associated virtual register. * creates a LocationOperand class from which AllocatedOperand and ExplicitOperand are derived and provides a common interface to get Register, DoubleRegister and spill slot information. * removes RegisterOperand, DoubleRegisterOperand, StackSlotOperand and DoubleStackSlotOperand, they are subsumed by LocationOperand. * addresses a cleanup TODO in AllocatedOperand to reduce the redundancy of AllocatedOperand::Kind by using machine_type() to determine if an operand corresponds to a general purpose or double register. BUG=v8:4076 LOG=n Review URL: https://codereview.chromium.org/1389373002 Cr-Commit-Position: refs/heads/master@{#31603}
-
jarin authored
Review URL: https://codereview.chromium.org/1418423007 Cr-Commit-Position: refs/heads/master@{#31602}
-