- 05 Apr, 2016 24 commits
-
-
littledan authored
Previously, CreateDataProperty would fail a DCHECK when used to create an integer indexed property on a TypedArray. This patch makes it throw a TypeError instead. The issue came up when Array.prototype.concat was repaired to use CreateDataProperty rather than SetElement; concat can be tricked into making a new TypedArray if it is given an Array whose prototype is a TypedArray. This patch prevents the issue. R=adamk LOG=Y BUG=chromium:596394 Review URL: https://codereview.chromium.org/1821723004 Cr-Commit-Position: refs/heads/master@{#35271}
-
yangguo authored
R=neis@chromium.org BUG=v8:4887 LOG=N Review URL: https://codereview.chromium.org/1857263002 Cr-Commit-Position: refs/heads/master@{#35270}
-
cbruni authored
BUG=chromium:599414 LOG=n Review URL: https://codereview.chromium.org/1863553003 Cr-Commit-Position: refs/heads/master@{#35269}
-
ssanfilippo authored
LOG=N Review URL: https://codereview.chromium.org/1796863002 Cr-Commit-Position: refs/heads/master@{#35268}
-
jyan authored
In test regress-492.js, the return sequence require to adjust sp to sp + 513 * 8 bytes, which causes overflow of the displacement in LA. R=michael_dawson@ca.ibm.com,mbrandy@us.ibm.com,joransiu@ca.ibm.com BUG= Review URL: https://codereview.chromium.org/1865443002 Cr-Commit-Position: refs/heads/master@{#35267}
-
yangguo authored
R=ulan@chromium.org BUG=v8:4886 LOG=N Review URL: https://codereview.chromium.org/1859063003 Cr-Commit-Position: refs/heads/master@{#35266}
-
mstarzinger authored
This makes sure the type feedback vector is allocated and installed on the SharedFunctionInfo before any of the compilers are being called. Note that this now allows for an object state where a function is not compiled but has a valid feedback vector is installed. This is working as intended and supported by the rest of the system. R=mvstanton@chromium.org Review URL: https://codereview.chromium.org/1857203002 Cr-Commit-Position: refs/heads/master@{#35265}
-
jochen authored
Revert of [api] Restrict Template::Set to take templates or primitive values (patchset #1 id:1 of https://codereview.chromium.org/1839983002/ ) Reason for revert: Breaks node.js Original issue's description: > [api] Restrict Template::Set to take templates or primitive values > > Embedders that passed in non-primitive values should either use > getters/setters (templates) or install a native data property, > otherwise, the values would all result in cross-context leaks > > BUG=none > R=verwaest@chromium.org > LOG=y > > Committed: https://crrev.com/eebdee8eafa97849cc70c25f3fecf1b075bac248 > Cr-Commit-Position: refs/heads/master@{#35244} TBR=verwaest@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=none Review URL: https://codereview.chromium.org/1860003002 Cr-Commit-Position: refs/heads/master@{#35264}
-
mstarzinger authored
This makes sure the SharedFunctionInfo is available whenever we evaluate the UseIgnition predicate. This makes sure we can apply filters properly even when the interpreter causes eager compilation (instead of lazy). R=rmcilroy@chromium.org Review URL: https://codereview.chromium.org/1860943002 Cr-Commit-Position: refs/heads/master@{#35263}
-
jyan authored
Because the operands in this test are encoded in little endian format. Therefore, their bytes are all swapped when reading them on big endian machine. R=mbrandy@us.ibm.com,joransiu@ca.ibm.com,titzer@chromium.org,machenbach@chromium.org,bradnelson@chromium.org,ahaas@chromium.org BUG= Review URL: https://codereview.chromium.org/1858793002 Cr-Commit-Position: refs/heads/master@{#35262}
-
mlippautz authored
This change removes the large contiguous backing store from the young generation and replaces it regular pages. We keep a pool of pages that are committed/uncommitted to avoid creating virtual memory maps during growing and shrinking. BUG=chromium:581412 LOG=N Review URL: https://codereview.chromium.org/1853783002 Cr-Commit-Position: refs/heads/master@{#35261}
-
machenbach authored
Revert of Correctly annotate eval origin. (patchset #4 id:60001 of https://codereview.chromium.org/1854713002/ ) Reason for revert: [Sheriff] Crashes a layout test: https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/5855 Original issue's description: > Correctly annotate eval origin. > > There were a couple of issues with it: > - interpreter is not supported > - the source position was just accidentally correct for full-codegen > - the eval origin could have been cached > > Also fixes a few other places to use AbstractCode. > > R=mstarzinger@chromium.org > > Committed: https://crrev.com/2f3a171adc9e620c2235bf0562145b9d4eaba66d > Cr-Commit-Position: refs/heads/master@{#35257} TBR=mstarzinger@chromium.org,yangguo@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true Review URL: https://codereview.chromium.org/1858773004 Cr-Commit-Position: refs/heads/master@{#35260}
-
jarin authored
In simplified numbering, we make sanity checks based on types (e.g., NumberSubtract should take numbers as inputs), but this can be violated if optimization passes make types less precise. In this CL, we fix load elimination to make sure that types are smaller in the store -> load elimination by taking an intersection of the load's type with the store value's type and inserting a guard with that type. Note that the load type comes from type feedback, so it can be disjoint from the stored value type (in that case, this must be dead code because the map chack for the load should prevent us from using the stored value). BUG=chromium:599412 LOG=n Review URL: https://codereview.chromium.org/1857133003 Cr-Commit-Position: refs/heads/master@{#35259}
-
yangguo authored
If we use ScopeIterator inside a debug-evaluate call, we may iterate over a debug-evaluate context that we created for the debug-evaluate call. This may trigger assertions. The solution is to have the ScopeIterator hide debug-evaluate contexts by unwrapping it if it comes across any. R=cbruni@chromium.org BUG=chromium:599662 LOG=N Review URL: https://codereview.chromium.org/1859033002 Cr-Commit-Position: refs/heads/master@{#35258}
-
yangguo authored
There were a couple of issues with it: - interpreter is not supported - the source position was just accidentally correct for full-codegen - the eval origin could have been cached Also fixes a few other places to use AbstractCode. R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/1854713002 Cr-Commit-Position: refs/heads/master@{#35257}
-
marija.antic authored
Port 40bdbef9 Implement Int32MulPair operator for MIPS. BUG= Review URL: https://codereview.chromium.org/1848253002 Cr-Commit-Position: refs/heads/master@{#35256}
-
cbruni authored
BUG=v8:4882 LOG=n Review URL: https://codereview.chromium.org/1863543002 Cr-Commit-Position: refs/heads/master@{#35255}
-
ssanfilippo authored
BUG=v8:4280 LOG=N Review URL: https://codereview.chromium.org/1830593002 Cr-Commit-Position: refs/heads/master@{#35254}
-
ishell authored
BUG=chromium:537444, v8:4698 LOG=N TBR=bmeurer@chromium.org Review URL: https://codereview.chromium.org/1859763005 Cr-Commit-Position: refs/heads/master@{#35253}
-
yangguo authored
If a statement or expression does not produce any bytecode, it's position should always be overwritten by a following statement position. R=mstarzinger@chromium.org, vogelheim@chromium.org BUG=v8:4680 LOG=N Review URL: https://codereview.chromium.org/1854113002 Cr-Commit-Position: refs/heads/master@{#35252}
-
neis authored
When seeing a rest pattern, we used to get the remaining elements from the iterator by calling %concat_iterable_to_array on it. This was wrong because it caused an observable [[Get]] for @@iterator (which the iterator may not even provide). This CL gets rid of the call to %concat_iterable_to_array and does the iteration manually in a simple while-loop. It also gets rid of %concat_iterable_to_array itself because there aren't any other uses of it. BUG=v8:4759 LOG=n R=adamk@chromium.org Review URL: https://codereview.chromium.org/1852703002 Cr-Commit-Position: refs/heads/master@{#35251}
-
zhengxing.li authored
The CL #35067 (https://codereview.chromium.org/1830703003) exposed one hidden bug in x87 crankshaft code generation for DoMathFloor and DoMathRound. The current DoMathFloor will change the default round mode of x87 FPU and then deoptimized into FC code before the default x87 FPU's round mode was restored. This behavior caused several test cases fail as the FC code expected to run under the default x87 FPU's round mode. This CL fixed this bug. BUG= Review URL: https://codereview.chromium.org/1856303002 Cr-Commit-Position: refs/heads/master@{#35250}
-
bmeurer authored
This was missing from the previous fix. R=ishell@chromium.org BUG=chromium:599714 LOG=n Review URL: https://codereview.chromium.org/1861583002 Cr-Commit-Position: refs/heads/master@{#35249}
-
v8-autoroll authored
Rolling v8/base/trace_event/common to c8c8665c2deaf1cc749d9f8e153256d4f67bf1b8 Rolling v8/build/gyp to 4ec6c4e3a94bd04a6da2858163d40b2429b8aad1 Rolling v8/tools/clang to faee82e064e04e5cbf60cc7327e7a81d2a4557ad TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org Review URL: https://codereview.chromium.org/1856133003 Cr-Commit-Position: refs/heads/master@{#35248}
-
- 04 Apr, 2016 16 commits
-
-
jyan authored
Mask used in MacroAssembler::TestJSArrayForAllocationMemento was not supposed to shifted right by 16 bits before loaded in to register r0. R=michael_dawson@ca.ibm.com,mbrandy@us.ibm.com,joransiu@ca.ibm.com BUG= Review URL: https://codereview.chromium.org/1852403002 Cr-Commit-Position: refs/heads/master@{#35247}
-
bryleun authored
R=michael_dawson@ca.ibm.com,jyan@ca.ibm.com,mtbrandyberry@ca.ibm.com,joransiu@ca.ibm.com, BUG= Review URL: https://codereview.chromium.org/1852373002 Cr-Commit-Position: refs/heads/master@{#35246}
-
titzer authored
The background here is that graphs generated from WASM are not trimmed. That means there can be some floating control diamonds that are not reachable from end. An assertion in the scheduler for phis from floating diamonds checks that the use edge in this situation is the control edge, but in general, any edge could cause this. Scheduling still works without this assertion. The longer term fix is to either trim the graphs (more compile time overhead for WASM) or improve the scheduler's handling of dead code in the graph. Currently it does not schedule dead code but the potential use positions of dead code are used in the computation of the common dominator of uses. We could recognize dead nodes in PrepareUses() and check in GetBlockForUse() as per TODO. R=bradnelson@chromium.org, mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/1846933002 Cr-Commit-Position: refs/heads/master@{#35245}
-
jochen authored
Embedders that passed in non-primitive values should either use getters/setters (templates) or install a native data property, otherwise, the values would all result in cross-context leaks BUG=none R=verwaest@chromium.org LOG=y Review URL: https://codereview.chromium.org/1839983002 Cr-Commit-Position: refs/heads/master@{#35244}
-
mbrandy authored
Fix additional cases where the AIX compiler reports that a variable may be used uninitialized. R=titzer@chromium.org, ahaas@chromium.org, michael_dawson@ca.ibm.com BUG= Review URL: https://codereview.chromium.org/1853703003 Cr-Commit-Position: refs/heads/master@{#35243}
-
hablich authored
Revert of [Ignition] Skip failing tests (patchset #1 id:1 of https://codereview.chromium.org/1852263002/ ) Reason for revert: Already fixed Original issue's description: > [Ignition] Skip failing tests > > BUG=v8:4680 > LOG=N > TBR=machenbach@chromium.org,rmcilroy@chromium.org,mstarzinger@chromium.org > > Committed: https://crrev.com/2b46892be60b025dcba7513be749f504046055ef > Cr-Commit-Position: refs/heads/master@{#35241} TBR=machenbach@chromium.org,mstarzinger@chromium.org,rmcilroy@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=v8:4680 Review URL: https://codereview.chromium.org/1854143002 Cr-Commit-Position: refs/heads/master@{#35242}
-
hablich authored
BUG=v8:4680 LOG=N TBR=machenbach@chromium.org,rmcilroy@chromium.org,mstarzinger@chromium.org Review URL: https://codereview.chromium.org/1852263002 Cr-Commit-Position: refs/heads/master@{#35241}
-
mstarzinger authored
TBR=rmcilroy@chromium.org,machenbach@chromium.org TEST=mjsunit/regress/regress-crbug-513471 BUG=chromium:513471 LOG=n Review URL: https://codereview.chromium.org/1859523003 Cr-Commit-Position: refs/heads/master@{#35240}
-
joransiu authored
The existing FloatFloor/Ceiling functions had an issue with handling Number.MIN_VALUE (0x1 ==> 5e-324), and would incorrectly return MIN_VALUE instead of 0/1. Simplify the entire sequence by using the available hardware instruction with the appropriate rounding mode (POS_INF for Ceiling, NEG_INF for Floor). Add missing FIEBRA/FIDBRA cases to disassembler. R=jyan@ca.ibm.com,michael_dawson@ca.ibm.com,mbrandy@us.ibm.com BUG= Review URL: https://codereview.chromium.org/1853973002 Cr-Commit-Position: refs/heads/master@{#35239}
-
hpayer authored
BUG= Review URL: https://codereview.chromium.org/1844293005 Cr-Commit-Position: refs/heads/master@{#35238}
-
ivica.bogosavljevic authored
Run_Wasm_F32CopySign was failing because function copysign that is used to verify the results does implicit conversion from float to double. In this conversion we lose information about NaN sign and the test fails. Fix by using copysignf to avoid unnecessary float to double conversion. TEST=cctest/test-run-wasm/Run_Wasm_F32CopySign BUG= Review URL: https://codereview.chromium.org/1857753002 Cr-Commit-Position: refs/heads/master@{#35237}
-
yangguo authored
Statement positions should overwrite expression positions if they have the same bytecode offset. R=mstarzinger@chromium.org, vogelheim@chromium.org BUG=v8:4680,v8:4689 LOG=N Review URL: https://codereview.chromium.org/1855913002 Cr-Commit-Position: refs/heads/master@{#35236}
-
machenbach authored
Revert of [heap] Add optimized RecordWrites (patchset #3 id:40001 of https://codereview.chromium.org/1834373003/ ) Reason for revert: [Sheriff] Likely causing blink crashes: https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064%20%28dbg%29/builds/3667 Original issue's description: > [heap] Add optimized RecordWrites > BUG= > > Committed: https://crrev.com/5210f167e802a3758aac1f2900a6560c8de07831 > Cr-Commit-Position: refs/heads/master@{#35231} TBR=ulan@chromium.org,hpayer@chromium.org,mlippautz@chromium.org,cbruni@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG= Review URL: https://codereview.chromium.org/1860443003 Cr-Commit-Position: refs/heads/master@{#35235}
-
mstarzinger authored
This fixes a corner case where the generator function of a suspended generator has been marked for optimization. We assume the optimization approach will cause a bailout because generators are not optimized. But resuming is more resilient by always activating the unoptimized code. R=neis@chromium.org,bmeurer@chromium.org TEST=mjsunit/regress/regress-crbug-513471 BUG=chromium:513471 LOG=n Review URL: https://codereview.chromium.org/1856683002 Cr-Commit-Position: refs/heads/master@{#35234}
-
ulan authored
BUG=chromium:597310 LOG=NO Review URL: https://codereview.chromium.org/1851103002 Cr-Commit-Position: refs/heads/master@{#35233}
-
ishell authored
BUG=chromium:599003 LOG=N Review URL: https://codereview.chromium.org/1856653002 Cr-Commit-Position: refs/heads/master@{#35232}
-