- 12 Apr, 2017 35 commits
-
-
binji authored
It's required by the spec -- and observable -- that the index be validated before the conversion of the value(s) via ToInteger. The previous implementation also had an old test for validating the atomic index, which has now been switched to ToIndex. This also exposed an issue in the ia32 code generator: cmpxchg_b requires a byte register, but the ia32 instruction selector was ensuring that the new_value was a byte register, not the TempRegister. This change forces the temp register to use edx, which always can be used as a byte register (dl). This is the same behavior as currently used in UseByteRegister. BUG=v8:4614 R=jarin@chromium.org,jkummerow@chromium.org Review-Url: https://codereview.chromium.org/2814753003 Cr-Commit-Position: refs/heads/master@{#44626}
-
brucedawson authored
When doing VS 2017 official builds of some targets, including mksnapshot.exe, a warning about a buffer overrun is shown. After analysis and discussion with Microsoft it was decided that this warning is spurious. The warning is: warning C4789: buffer 'key' of size 16 bytes will be overrun; 4 bytes will be written starting at offset 16 Despite the certain language "4 bytes *will* be written..." it is in fact a heuristic based warning. Suppressing it at this point in the inlining stack appears to avoid the issues. R=hablich@chromium.org BUG=v8:6068 Review-Url: https://codereview.chromium.org/2804033005 Cr-Commit-Position: refs/heads/master@{#44625}
-
kozyatinskiy authored
We currently store it in parent stack trace but stacks with the same parent can have different creations stacks. BUG=v8:6189 R=dgozman@chromium.org Review-Url: https://codereview.chromium.org/2807273002 Cr-Commit-Position: refs/heads/master@{#44624}
-
hans authored
The arm64 MacroAssembler expects buffer_size to be an unsigned, not a size_t. BUG=chromium:710913 Review-Url: https://codereview.chromium.org/2818513002 Cr-Commit-Position: refs/heads/master@{#44623}
-
kozyatinskiy authored
Usually program doesn't contain a lot of different stack frames in collected stack trace. BUG=v8:6189 R=yangguo@chromium.orr TBR=bmeurer@chromium.org Review-Url: https://codereview.chromium.org/2788413004 Cr-Commit-Position: refs/heads/master@{#44622}
-
brucedawson authored
Optimizations are supposed to be disabled in our stack-trace code when building with VC++. However the check used #if defined(COMPILER_MSVC) when that is never defined in v8. The correct define in v8 is V8_CC_MSVC. R=hablich@chromium.org Review-Url: https://codereview.chromium.org/2800043003 Cr-Commit-Position: refs/heads/master@{#44621}
-
Franziska Hinkelmann authored
gdb_index is not in declare_args() and has no effect. NOTRY=true Change-Id: I88a9558937aa8fea30ab246899bea4a123947f82 Reviewed-on: https://chromium-review.googlesource.com/475772 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#44620}
-
Ross McIlroy authored
The BytecodePipeline is no longer used by any optimizers, so remove it and connect the BytecodeArrayBuilder directly to the BytecodeWriter. Also remove some functions from BytecodeNode which are no longer used. BUG=v8:6194 Change-Id: Id2ec94ff1d4db41b108a778100459283fbb2256c Reviewed-on: https://chromium-review.googlesource.com/471528Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#44619}
-
bjaideep authored
R=joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG= LOG=N Review-Url: https://codereview.chromium.org/2800813002 Cr-Commit-Position: refs/heads/master@{#44618}
-
Ross McIlroy authored
This relands commit a79f9031. Original change's description: > [Interpreter] Unify approach to building interpreter handler and Turbofan stubs. > > Moves interpreter-generator.cc to a similar model of building handlers as > Turbofan stubs elsewhere, to simplify moving code between stubs / builtins and > bytecode handlers. This removes the "__" hack from the Interpreter generator > code. > > Also make SetBytecodeOffset private to InterpreterAssembler and make > LdaImmutable[Current]ContextSlot and Lda[Current]ContextSlot share > handlers since they are identical. > > Change-Id: I9e91e7d37c2ea75513e4dcc3b95b4bb6517f83da > Reviewed-on: https://chromium-review.googlesource.com/471987 > Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Cr-Commit-Position: refs/heads/master@{#44534} > TBR=rmcilroy@chromium.org,jkummerow@chromium.org,machenbach@chromium.org,cbruni@chromium.org,leszeks@chromium.org,v8-reviews@googlegroups.com,ishell@chromium.org Change-Id: I282fe5582f681ccb0642537a70f89185558ee195 Reviewed-on: https://chromium-review.googlesource.com/474755Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#44617}
-
Michael Achenbach authored
This reverts commit b9194e93. Reason for revert: Makes old pipeline flaky with custom snapshot: https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20-%20custom%20snapshot%20-%20debug/builds/14049 Original change's description: > [heap-verification] Increase verification for arguments objects > > BUG: v8:6251 > Change-Id: I8a6dd528656a69c7910770acaf2133830b60c291 > Reviewed-on: https://chromium-review.googlesource.com/475651 > Commit-Queue: Camillo Bruni <cbruni@chromium.org> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> > Cr-Commit-Position: refs/heads/master@{#44609} TBR=jkummerow@chromium.org,cbruni@chromium.org,v8-reviews@googlegroups.com NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true Change-Id: Iedfdad290bf4f5f6ec2534e8c5378a7cc195db82 Reviewed-on: https://chromium-review.googlesource.com/475719Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#44616}
-
Marja Hölttä authored
Unfortunately, this test cannot test that a function was really skipped (i.e., not parsed). BUG=v8:5516 Change-Id: I8db5027d2216a95cc012ceae8e17554095cc1d4f Reviewed-on: https://chromium-review.googlesource.com/457037Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#44615}
-
hablich authored
Revert of [wasm] instantiate expressed in terms of compile (patchset #6 id:140001 of https://codereview.chromium.org/2806073002/ ) Reason for revert: Roll blocker: https://bugs.chromium.org/p/chromium/issues/detail?id=710824 Original issue's description: > [wasm] instantiate expressed in terms of compile > > Today, the semantics of: > > WebAssembly.instantiate > > and > > WebAssembly.compile().then(new WebAssemblyInstance) > > are subtly different, to the point where attempting the proposed > change uncovered bugs. > > In the future, it's possible that .instantiate actually have different > semantics - if we pre-specialized to the provided ffi, for example. > Right now that's not the case. > > This CL: > - gets our implementation closer to what developers may write using > the compile -> new Instance alternative, in particular wrt promise > creation. By reusing code paths, we uncover more bugs, and keep > maintenance cost lower. > > - it gives us the response-based WebAssembly.instantiate implicitly. > Otherwise, we'd need that same implementation on the blink side. The > negative is maintenance: imagine if the bugs I mentioned could only be > found when running in Blink. > > BUG=chromium:697028 > > Review-Url: https://codereview.chromium.org/2806073002 > Cr-Commit-Position: refs/heads/master@{#44592} > Committed: https://chromium.googlesource.com/v8/v8/+/7829af3275ff4644a2d0a1270abe1a1e4415e9fb TBR=bradnelson@chromium.org,ahaas@chromium.org,adamk@chromium.org,mtrofin@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=chromium:697028 Review-Url: https://codereview.chromium.org/2810203002 Cr-Commit-Position: refs/heads/master@{#44614}
-
Marja Hölttä authored
The biggest problem is isolate.h (this CL doesn't solve that yet). BUG=v8:5294 Change-Id: I56b32109f501c48facd99cd12ca6c8f427e188a9 Reviewed-on: https://chromium-review.googlesource.com/471487Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#44613}
-
bmeurer authored
R=jarin@chromium.org BUG=v8:5267 Review-Url: https://codereview.chromium.org/2813183002 Cr-Commit-Position: refs/heads/master@{#44612}
-
Daniel Vogelheim authored
Change-Id: I7f519cc778157f3ddd4c3135d0620a9f46d1193c Reviewed-on: https://chromium-review.googlesource.com/475873Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org> Cr-Commit-Position: refs/heads/master@{#44611}
-
Loo Rong Jie authored
BUG=v8:4742 R=machenbach@chromium.org,jkummerow@chromium.org Change-Id: I03e87db1536f33a67593437f8c72c33486ecdbd1 Reviewed-on: https://chromium-review.googlesource.com/474787 Commit-Queue: Loo Rong Jie <loorongjie@gmail.com> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#44610}
-
Camillo Bruni authored
BUG: v8:6251 Change-Id: I8a6dd528656a69c7910770acaf2133830b60c291 Reviewed-on: https://chromium-review.googlesource.com/475651 Commit-Queue: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#44609}
-
bmeurer authored
BUG=chromium:684208,chromium:709753,v8:5267 R=jarin@chromium.org Review-Url: https://codereview.chromium.org/2811153003 Cr-Commit-Position: refs/heads/master@{#44608}
-
yangguo authored
We used to reserve the 0-th embedder data field for the debug context id. This is no longer necessary since the inspector has migrated to be part of V8. This makes the API a bit simpler. R=clemensh@chromium.org, jochen@chromium.org, kozyatinskiy@chromium.org BUG=v8:5530 Review-Url: https://codereview.chromium.org/2806303002 Cr-Commit-Position: refs/heads/master@{#44607}
-
jgruber authored
This adds a fast path to skip runtime calls to GetSubstitution when the replacer string does not contain a '$' char. Extended background: String.prototype.replace is (roughly) structured as follows: * Check if {searchValue} has a @@replace Symbol, and delegate to that if so. We currently implement efficient fast paths when {searchValue} is a String or a fast RegExp. * A specialized fast path for single-char {searchValue}, "long" subject string, and String {replaceValue} that do not contain '$' chars (yes, this fast path is very specialized). * Check for the location of the first match using StringIndexOf, and exit early if no match is found. * Finally build the return value, which is 'prefix + replacement + suffix', where replacement is either the result of calling {replaceValue} (if it is callable), or GetSubstitution(ToString({replaceValue})) otherwise. There's several spots that could be improved. StringIndexOf currently calls into C++ runtime for all but the simple 1-byte, 1-char {searchValue} case. We need to finally add support for remaining cases. The runtime call to GetSubstitution can be skipped if the replacer string does not contain any '$' syntax. This CL handles that case. BUG= Review-Url: https://codereview.chromium.org/2813843002 Cr-Commit-Position: refs/heads/master@{#44606}
-
mic.besace authored
BUG= Review-Url: https://codereview.chromium.org/2757543004 Cr-Commit-Position: refs/heads/master@{#44605}
-
pwnall authored
This is necessary to appease "gn check" if gtest_prod.h becomes a part of the Chromium checkout, instead of a third-party repository brought over by Chromium's DEPS. The file is already listed in v8's DEPS, but gn does not use DEPS as an input. BUG=chromium:630705 Review-Url: https://codereview.chromium.org/2807353002 Cr-Commit-Position: refs/heads/master@{#44604}
-
bmeurer authored
The hole NaN should also have proper Type::Hole, and not silently hide in the Type::Number. This way we can remove all the special casing for the hole NaN, and we also finally get the CheckNumber right. This also allows us to remove some ducktape from the Deoptimizer, as for escape analyzed FixedDoubleArrays we always pass the hole value now to represent the actual holes. Also-By: jarin@chromium.org BUG=chromium:684208,chromium:709753,v8:5267 R=jarin@chromium.org Review-Url: https://codereview.chromium.org/2814013003 Cr-Commit-Position: refs/heads/master@{#44603}
-
Clemens Hammacher authored
The local variables were parsed two times, which in fact doubled the amount of local variables allocated for each called function. This was costing memory and performance. As the additional local variables were never used, we did not recognize this before. Add a test case for locals and stack values of interpreted frames. R=ahaas@chromium.org BUG=v8:5822 Change-Id: Ie5cb8d8f5441edee6abb46aa6bebef4a033d582b Reviewed-on: https://chromium-review.googlesource.com/474749 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#44602}
-
Michael Achenbach authored
This was missing in: TBR=vogelheim@chromium.org Bug: chromium:710409 TBR=vogelheim@chromium.org NOTRY=true Bug: chromium:710409 Change-Id: Ic4b59550e358860cd10adf3d5137342ff7e862a3 Reviewed-on: https://chromium-review.googlesource.com/475831 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#44601}
-
Clemens Hammacher authored
Similar to WasmInterpreter::Thread, we now also use the pimpl idiom for InterpretedFrame, hiding the implementation completely in the .cc file. This allows us to store just two things per InterpretedFrameImpl: The corresponding thread, and the frame index. The external interface changes to always return a std::unique_ptr, because the object layout is not known via the public interface, hence objects cannot be stack allocated. They also cannot be copied or passed by value. The frame inspection interface will be tested after another fix in https://chromium-review.googlesource.com/474749. R=ahaas@chromium.org BUG=v8:5822 Change-Id: I7b109da73df745fac97ec72cb0cf4f0ad71e5da9 Reviewed-on: https://chromium-review.googlesource.com/472887Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#44600}
-
jgruber authored
RationalizeConsecutiveAtoms optimizes ab|ac|az to a(?:b|c|d). Ensure that this optimization does not split surrogate pairs in unicode mode. BUG=chromium:641091 Review-Url: https://codereview.chromium.org/2813893002 Cr-Commit-Position: refs/heads/master@{#44599}
-
bmeurer authored
As of crrev.com/2760213003, the CheckBounds operator passes a truncation that identfies zero and minus zero. However that was not reflected in the typing rule, and as such the type of CheckBounds(-0,length) was always Type::None. That confused the typed alias analysis in the LoadElimination and led to ignoring StoreElement nodes. BUG=chromium:708050 R=jarin@chromium.org Review-Url: https://codereview.chromium.org/2812013006 Cr-Commit-Position: refs/heads/master@{#44598}
-
dusan.simicic authored
Add support for F32x4Abs, F32x4Neg, F32x4RecipApprox, F32x4RecipRefine, F32x4RecipSqrtApprox, F32x4RecipSqrtRefine, F32x4Add, F32x4Sub, F32x4Mul, F32x4Max, F32x4Min, F32x4Eq, F32x4Ne, F32x4Lt, F32x4Le, I32x4SConvertF32x4, I32x4UConvertF32x4 operations for mips32 and mips64 architectures. BUG= Review-Url: https://codereview.chromium.org/2778203002 Cr-Commit-Position: refs/heads/master@{#44597}
-
Camillo Bruni authored
Change-Id: I8a20bff1f029df74732899db0b8a9ddc1f4f26d6 Reviewed-on: https://chromium-review.googlesource.com/474827Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#44596}
-
bmeurer authored
Add the notion of reliable vs. unreliable receiver map information to the NodeProperties::InferReceiverMaps machinery. The information is considered reliable here if the maps are known to be valid based on the effect chain, and unreliable if there was a side-effect in between that might have changed the receiver map. Use this unreliable information for Array.prototype.push, guarded by either stability dependencies or map checks, which might present a potential deoptimization loop, which is very unlikely, but still needs fixing in the future. This is important to optimize calls to push even in cases like this array.push(something.func()); where we have a side-effect (the call to something.func) between the load of array.push and the actual call. R=jarin@chromium.org BUG=v8:5267,v8:6241 Review-Url: https://codereview.chromium.org/2812233002 Cr-Commit-Position: refs/heads/master@{#44595}
-
Sathya Gunasekaran authored
This change mirrors the semantics for derived class constructors. This change doesn't affect non class constructors. This change could potentially break web compat. More details: https://github.com/tc39/ecma262/pull/469 Bug=v8:5536 Change-Id: I519599949523733332d0b35e4f8d9ecb01cac495 Reviewed-on: https://chromium-review.googlesource.com/461225Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#44594}
-
bmeurer authored
This reverts commit 9df5674b because it is not compatible with the way that Array.prototype.reduceRight and Array.prototype.reduce deal with optional parameters at this point (i.e. parameters where the behavior is different depending on whether the parameter was skipped or undefined was passed). In general, it might be better to not adapt arguments for builtins with optional paramters, that are likely skipped, for example as in Object.create or Array.prototype.reduce. Since that will require arguments adaptor frames for normal calls, especially from baseline code. Instead it might make sense to use the variadic arguments support in the CodeStubAssembler instead to avoid the arguments adaptor in all cases (not only when called from TurboFan optimized code). BUG=v8:5267,chromium:709782,chromium:707992,chromium:708282,chromium:708599,chromium:709173,chromium:709747,chromium:707065,chromium:710417 TBR=danno@chromium.org Review-Url: https://codereview.chromium.org/2817653002 Cr-Commit-Position: refs/heads/master@{#44593}
-
mtrofin authored
Today, the semantics of: WebAssembly.instantiate and WebAssembly.compile().then(new WebAssemblyInstance) are subtly different, to the point where attempting the proposed change uncovered bugs. In the future, it's possible that .instantiate actually have different semantics - if we pre-specialized to the provided ffi, for example. Right now that's not the case. This CL: - gets our implementation closer to what developers may write using the compile -> new Instance alternative, in particular wrt promise creation. By reusing code paths, we uncover more bugs, and keep maintenance cost lower. - it gives us the response-based WebAssembly.instantiate implicitly. Otherwise, we'd need that same implementation on the blink side. The negative is maintenance: imagine if the bugs I mentioned could only be found when running in Blink. BUG=chromium:697028 Review-Url: https://codereview.chromium.org/2806073002 Cr-Commit-Position: refs/heads/master@{#44592}
-
- 11 Apr, 2017 5 commits
-
-
mtrofin authored
BUG= Review-Url: https://codereview.chromium.org/2809253002 Cr-Commit-Position: refs/heads/master@{#44591}
-
mtrofin authored
This also fixes an existing discrepancy. BUG=v8:6017 Review-Url: https://codereview.chromium.org/2808403002 Cr-Commit-Position: refs/heads/master@{#44590}
-
bjaideep authored
Port 57afd0bb Original Commit Message: Adds a collection of call bytecodes which have an implicit undefined receiver argument, for cases such as global calls where we know that the receiver has to be undefined. This way we can skip an LdaUndefined, decrease bytecode register pressure, and set a more accurate ConvertReceiverMode on the interpreter and TurboFan call. As a side effect, the "normal" Call bytecode now becomes a rare case (only with calls and super property calls), so we get rid of its 0-2 argument special cases and modify CallProperty[N] to use the NotNullOrUndefined ConvertReceiverMode. Reland of https://chromium-review.googlesource.com/c/463287 after fixing tests in https://codereview.chromium.org/2813873002. R=leszeks@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG= LOG=N Review-Url: https://codereview.chromium.org/2813563006 Cr-Commit-Position: refs/heads/master@{#44589}
-
kmackay authored
One of our internal Chromecast builds was failing due to undefined va_list in wasm-result.h. I also searched for other files where va_list was used without including stdarg.h and added it as necessary (since include-what-you-use is a thing). BUG=chromium:706443 Review-Url: https://codereview.chromium.org/2780913002 Cr-Commit-Position: refs/heads/master@{#44588}
-
hans authored
After r299061, MSan started complaining about uninitialized data in fwrite. BUG=chromium:710152 Review-Url: https://codereview.chromium.org/2808253002 Cr-Commit-Position: refs/heads/master@{#44587}
-