- 03 Nov, 2016 18 commits
-
-
ahaas authored
If a WebAssembly function is exported, its js-to-wasm wrapper has a field which contains a reference to the WebAssembly function. Originally this reference was an index into the export table, which then contains an index into the function table, which then contains the metadata of the WebAssembly function. With this CL we use the index into the function table directly as the reference to the WebAssembly function. TEST=mjsunit/wasm/test-import-export-wrapper R=rossberg@chromium.org, mtrofin@chromium.org CC=titzer@chromium.org Review-Url: https://codereview.chromium.org/2472103002 Cr-Commit-Position: refs/heads/master@{#40729}
-
ulan authored
BUG= Review-Url: https://codereview.chromium.org/2477733002 Cr-Commit-Position: refs/heads/master@{#40728}
-
Michael Achenbach authored
Cr-Commit-Position: refs/heads/master@{#40727}
-
danno authored
With an instance of CodeStubArguments, builtin stub generators can generate code that accesses the receiver passed to the builtin, as well as access and iterate over the variable number of arguments that are passed in. Review-Url: https://codereview.chromium.org/2469273003 Cr-Commit-Position: refs/heads/master@{#40726}
-
bmeurer authored
For lowering CheckHeapObject, always report TaggedPointer representation and let the RepresentationChanger come up with a reasonable conversion from whatever input representation to TaggedPointer. This way we no longer insert the useless ChangeSomethingToTagged and then check the result for HeapObject, i.e. mostly reduces the amount of useless code being generated. Note there are now two operators ChangeFloat64ToTaggedPointer and the old ChangeFloat64ToTagged, because their semantics different wrt. the strength reduction in the SimplifiedOperatorReducer. Also set the output MachineRepresentation::kTaggedPointer properly in SimplifiedLowering whenever we know that we produce a HeapObject. R=jarin@chromium.org BUG=v8:5267 Review-Url: https://codereview.chromium.org/2476593002 Cr-Commit-Position: refs/heads/master@{#40725}
-
rmcilroy authored
BUG=v8:4680 Review-Url: https://codereview.chromium.org/2467223005 Cr-Commit-Position: refs/heads/master@{#40724}
-
bmeurer authored
Also properly deal with constant indices for String element access in the JSNativeContextSpecialization. BUG=chromium:661949 R=jarin@chromium.org Review-Url: https://codereview.chromium.org/2474013002 Cr-Commit-Position: refs/heads/master@{#40723}
-
predrag.rudic authored
Removed a wrong condition test in TwoByteExternalBufferedStream. This changed fixes errors that may occur under some conditions. Review-Url: https://codereview.chromium.org/2469723002 Cr-Commit-Position: refs/heads/master@{#40722}
-
jarin authored
Review-Url: https://codereview.chromium.org/2475433005 Cr-Commit-Position: refs/heads/master@{#40721}
-
ulan authored
This ensures that incremental marking step does not change the top and limit pointers of the old space, which is needed for allocation folding. For more info see: https://bugs.chromium.org/p/chromium/issues/detail?id=659165#c13 BUG=chromium:659165 Review-Url: https://codereview.chromium.org/2469273002 Cr-Commit-Position: refs/heads/master@{#40720}
-
mlippautz authored
Allow swapping the tracer if not in a GC. BUG=chromium:468240 TBR=ulan@chromium.org NOTRY=true Review-Url: https://codereview.chromium.org/2475503004 Cr-Commit-Position: refs/heads/master@{#40719}
-
rmcilroy authored
BUG=v8:4680 Review-Url: https://codereview.chromium.org/2467223004 Cr-Commit-Position: refs/heads/master@{#40718}
-
qyearsley authored
Reason: We're planning to drop support for Linux Precise for layout tests. BUG=chromium:660580 NOTRY=true Review-Url: https://codereview.chromium.org/2475563002 Cr-Commit-Position: refs/heads/master@{#40717}
-
mstarzinger authored
This disables the usage of the {maybe_assigned} flag that the variable resolution computes for each variable on non-asm.js code. Note that the analysis is fundamentally broken for destructuring and top-level lexical variables. Also note that this still uses the analysis for asm.js code even though it is not validated. One can still trigger the bug by using invalid constructs within a function marked with "use asm". The fix is intentionally minimal so that it can be merged to release branches. R=bmeurer@chromium.org TEST=mjsunit/regress/regress-crbug-659915 BUG=chromium:659915 Review-Url: https://codereview.chromium.org/2471523005 Cr-Commit-Position: refs/heads/master@{#40716}
-
leszeks authored
This removes the first stack check in inlined functions in the bytecode graph builder, to match the behaviour of the AST graph builder. I measure a ~1% statistically significant (p < 0.01) improvement on Mandreel with --ignition-staging --turbo (on my x64 machine, YMMV). Review-Url: https://codereview.chromium.org/2392333002 Cr-Commit-Position: refs/heads/master@{#40715}
-
verwaest authored
This turns the ZoneList with minimum 6 words overhead into a linked list through variables, using 2 words for the empty list. Additionally the average number of pointers per entry goes down to the optimal 1 per variable that's in a list. This does introduce 1 pointer unnecessary overhead for dynamic variables. If that becomes a problem we could distinguish between variables in lists and variables not in lists. We can distinguish them at construction-time. BUG=v8:5209 Review-Url: https://codereview.chromium.org/2475433002 Cr-Commit-Position: refs/heads/master@{#40714}
-
ulan authored
Revert of [heap] Invoke incremental marking step before allocation. (patchset #1 id:1 of https://codereview.chromium.org/2464393002/ ) Reason for revert: Performance regression on Octane and V8 runtime stats. Original issue's description: > [heap] Invoke incremental marking step before allocation. > > This ensures that the newly allocated object immediatly precedes the > linear allocation area, which is needed for allocation folding. > > For more info see: > https://bugs.chromium.org/p/chromium/issues/detail?id=659165#c13 > > BUG=chromium:659165 TBR=hpayer@chromium.org,mlippautz@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=chromium:659165 Review-Url: https://codereview.chromium.org/2472043002 Cr-Commit-Position: refs/heads/master@{#40713}
-
danno authored
Review-Url: https://codereview.chromium.org/2467513002 Cr-Commit-Position: refs/heads/master@{#40712}
-
- 02 Nov, 2016 22 commits
-
-
dschuff authored
'a' and 'w' are mutually exclusive and just 'a' is what we actually want. Linux doesn't care (it just takes the first one) but Windows throws a ValueError. R=machenbach@chromium.org BUG=None Review-Url: https://codereview.chromium.org/2467363002 Cr-Commit-Position: refs/heads/master@{#40711}
-
cbruni authored
Revert of [tools] Support custom script injection for callstats.py (patchset #1 id:1 of https://codereview.chromium.org/2455623002/ ) Reason for revert: speculative revert to address regressions on cnn.com benchmark. Original issue's description: > [tools] Support custom script injection for callstats.py > > This is a poor-man's solution to trigger page interactions. > > BUG= TBR=jochen@chromium.org # Not skipping CQ checks because original CL landed more than 1 days ago. BUG= Review-Url: https://codereview.chromium.org/2464053005 Cr-Commit-Position: refs/heads/master@{#40710}
-
alph authored
Make RuntimeCallTimer::parent_ and RuntimeCallStats::current_timer_ fields atomic as they are accessed from the signal handler. BUG=chromium:660428 Review-Url: https://codereview.chromium.org/2464973002 Cr-Commit-Position: refs/heads/master@{#40709}
-
ahaas authored
The wasm interpreter crashed because it interpreted the table of br_table as a table of uint8, but according to the spec it is a table of varint32. Therefore the wasm interpreter misinterpreted 0x80 0x00 as 128 and not as 0, which caused a crash. R=tizer@chromium.org BUG=chromium:660262 TEST=cctest/test-run-wasm/RunWasmInterpreted_Regression_660262 Review-Url: https://codereview.chromium.org/2463063002 Cr-Commit-Position: refs/heads/master@{#40708}
-
yangguo authored
Apparently the previous clean up has regressed performance in some cases. This is an attempt to recover these regressions. R=ulan@chromium.org BUG=chromium:661567 Review-Url: https://codereview.chromium.org/2471493003 Cr-Commit-Position: refs/heads/master@{#40707}
-
rmcilroy authored
BUG=v8:4680 Review-Url: https://codereview.chromium.org/2469283002 Cr-Commit-Position: refs/heads/master@{#40706}
-
jochen authored
Original CL description: > Create internal fields on global proxy objects > > BUG=v8:5588 > R=verwaest@chromium.org BUG=v8:5588 TBR=verwaest@chromium.org Review-Url: https://codereview.chromium.org/2472573004 Cr-Commit-Position: refs/heads/master@{#40705}
-
ulan authored
This ensures that the newly allocated object immediatly precedes the linear allocation area, which is needed for allocation folding. For more info see: https://bugs.chromium.org/p/chromium/issues/detail?id=659165#c13 BUG=chromium:659165 Review-Url: https://codereview.chromium.org/2464393002 Cr-Commit-Position: refs/heads/master@{#40704}
-
verwaest authored
This reduces per-scope overhead from minimally 6 words to 2 words, with one additional pointer per entry, rather than an average of 2 per entry for larger-than-4 element lists. For temp zone parsed functions it additionally makes the declaration-list actually freeable. This introduces ThreadedList to implement the details of dealing with such a list. BUG=v8:5209 Review-Url: https://codereview.chromium.org/2457393003 Cr-Commit-Position: refs/heads/master@{#40703}
-
littledan authored
To enable the global object prototype chain to be frozen, all objects in the chain need to be marked as immutable prototype exotic objects. However, a bug in the previous implementation of immutable prototype exotic objects left the check in place when initially setting up the object, which made it impossible to allow inheritance chains. This patch removes that mistaken check. BUG=v8:5149 Review-Url: https://codereview.chromium.org/2449163004 Cr-Commit-Position: refs/heads/master@{#40702}
-
jkummerow authored
Revert of [ic] Experiment: disable map-specific handler cache. (patchset #1 id:1 of https://codereview.chromium.org/2462973003/ ) Reason for revert: Causes performance regressions (up to 10% on the "IC" bucket). :-( Original issue's description: > [ic] Experiment: disable map-specific handler cache. > > IC data handlers support most of the hot cases nowdays. Let's see if > the map-specific code cache still help us to improve things. > > BUG=v8:5561 TBR=ishell@chromium.org # Not skipping CQ checks because original CL landed more than 1 days ago. BUG=v8:5561 Review-Url: https://codereview.chromium.org/2474653002 Cr-Commit-Position: refs/heads/master@{#40701}
-
danno authored
In the process, add a more general mechanism for passing around and amending list of CodeStubAssembler Variables. That change makes it possible to more easily add Variables to loops that are generated by utility functions, e.g. BuildFastLoop. LOG=N Review-Url: https://codereview.chromium.org/2461363002 Cr-Commit-Position: refs/heads/master@{#40700}
-
danno authored
This is preparation for using TF to create builtins that handle variable number of arguments and have to remove these arguments dynamically from the stack upon return. The gist of the changes: - Added a second argument to the Return node which specifies the number of stack slots to pop upon return in addition to those specified by the Linkage of the compiled function. - Removed Tail -> Non-Tail fallback in the instruction selector. Since TF now should handles all tail-call cases except where the return value type differs, this fallback was not really useful and in fact caused unexpected behavior with variable sized argument popping, since it wasn't possible to materialize a Return node with the right pop count from the TailCall without additional context. - Modified existing Return generation to pass a constant zero as the additional pop argument since the variable pop functionality LOG=N Review-Url: https://codereview.chromium.org/2446543002 Cr-Commit-Position: refs/heads/master@{#40699}
-
mlippautz authored
Delayed chunks in the unmapper are chunks that should be unmapped but could potentially still be accessed by the sweeper (page header), hence their unmapping is delayed. During TearDown, however, we need to properly unmap those pages, i.e., check that they can now be unmapped (should always hold) and properly unmap them. BUG=chromium:656537 R=ulan@chromium.org Review-Url: https://codereview.chromium.org/2472573003 Cr-Commit-Position: refs/heads/master@{#40698}
-
rmcilroy authored
BUG=v8:4280 Review-Url: https://codereview.chromium.org/2463353002 Cr-Commit-Position: refs/heads/master@{#40697}
-
bbudge authored
Only ARM should have fixed live range arrays for float / simd128. LOG=N BUG=v8:4124 Review-Url: https://codereview.chromium.org/2471533002 Cr-Commit-Position: refs/heads/master@{#40696}
-
bmeurer authored
R=epertoso@chromium.org Review-Url: https://codereview.chromium.org/2223873002 Cr-Commit-Position: refs/heads/master@{#40695}
-
neis authored
R=rmcilroy@chromium.org BUG=v8:1569 Review-Url: https://codereview.chromium.org/2460403002 Cr-Commit-Position: refs/heads/master@{#40694}
-
Michael Achenbach authored
Cr-Commit-Position: refs/heads/master@{#40693}
-
zhengxing.li authored
port 5ef1bddf (r40690) original commit message: All vector ICs use the TypeFeedbackVector::ComputeCounts method now, while the remaining patching ICs still use the traditional way of counting on the TypeFeedbackInfo hanging off the fullcodegen code object. This fixes the problem that counts were sometimes off. BUG= Drive-by-fix: Move FullCodeGenerator::CallIC to fullcodegen.cc. Review-Url: https://codereview.chromium.org/2470063002 Cr-Commit-Position: refs/heads/master@{#40692}
-
machenbach authored
Revert of [turbofan] Support variable size argument popping in TF-generated functions (patchset #13 id:240001 of https://codereview.chromium.org/2446543002/ ) Reason for revert: Seems to break arm64 sim debug and blocks roll: https://build.chromium.org/p/client.v8.ports/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20debug/builds/3294 Original issue's description: > [turbofan] Support variable size argument removal in TF-generated functions > > This is preparation for using TF to create builtins that handle variable number of > arguments and have to remove these arguments dynamically from the stack upon > return. > > The gist of the changes: > - Added a second argument to the Return node which specifies the number of stack > slots to pop upon return in addition to those specified by the Linkage of the > compiled function. > - Removed Tail -> Non-Tail fallback in the instruction selector. Since TF now should > handles all tail-call cases except where the return value type differs, this fallback > was not really useful and in fact caused unexpected behavior with variable > sized argument popping, since it wasn't possible to materialize a Return node > with the right pop count from the TailCall without additional context. > - Modified existing Return generation to pass a constant zero as the additional > pop argument since the variable pop functionality > > LOG=N TBR=bmeurer@chromium.org,mstarzinger@chromium.org,epertoso@chromium.org,danno@chromium.org # Not skipping CQ checks because original CL landed more than 1 days ago. NOPRESUBMIT=true Review-Url: https://codereview.chromium.org/2473643002 Cr-Commit-Position: refs/heads/master@{#40691}
-
bmeurer authored
All vector ICs use the TypeFeedbackVector::ComputeCounts method now, while the remaining patching ICs still use the traditional way of counting on the TypeFeedbackInfo hanging off the fullcodegen code object. This fixes the problem that counts were sometimes off. Drive-by-fix: Move FullCodeGenerator::CallIC to fullcodegen.cc. R=yangguo@chromium.org Review-Url: https://codereview.chromium.org/2472653002 Cr-Commit-Position: refs/heads/master@{#40690}
-