- 02 Feb, 2017 8 commits
-
-
ahaas authored
First discovery by the names section fuzzer I think. During the decoding of the names of locals only ok() of the outer decoder was checked, not the ok() of the actual names section decoder. R=tizer@chromium.org BUG=chromium:684855 Review-Url: https://codereview.chromium.org/2648383007 Cr-Commit-Position: refs/heads/master@{#42880}
-
bmeurer authored
The CallIC is already not a traditional IC in the V8 sense, so it doesn't make sense to integrate with the traditional IC machinery. The plan is to migrate it away completely from the IC world and use the code that is already available in the interpreter instead. R=yangguo@chromium.org BUG=v8:5049 Review-Url: https://codereview.chromium.org/2676543002 Cr-Commit-Position: refs/heads/master@{#42879}
-
yangguo authored
- Remove obsolete BreakLocatorType. - Perform PrepareStepOnThrow after OnException event, in case stepping was scheduled in the exception event. - Use frame count instead of frame pointer for stepping. Frame pointer is not reliable due to possible deopts. - Consistently check for inlined functions in inlined frames. - Use SharedFunctionInfo in FloodWithOneshot and EnsureDebugInfo. R=jgruber@chromium.org BUG=v8:5901 Review-Url: https://codereview.chromium.org/2664793002 Cr-Commit-Position: refs/heads/master@{#42878}
-
bmeurer authored
First step to unify CallIC in Ignition, TurboFan/Crankshaft and fullcodegen. R=yangguo@chromium.org BUG=v8:5267 Review-Url: https://codereview.chromium.org/2669123002 Cr-Commit-Position: refs/heads/master@{#42877}
-
bmeurer authored
Rename the CallIC factory method to CallICTrampoline and the CallICInOptimizedCode to CallIC to match the naming of the stubs and better reflect their functionality. R=yangguo@chromium.org Review-Url: https://codereview.chromium.org/2670073002 Cr-Commit-Position: refs/heads/master@{#42876}
-
bmeurer authored
This introduces additional verification logic to ensure that the condition passed to Branch/Select operators is always of type Boolean. CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_win64_dbg TBR=jarin@chromium.org BUG=v8:5267 Review-Url: https://codereview.chromium.org/2672713002 Cr-Commit-Position: refs/heads/master@{#42875}
-
v8-autoroll authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/47e07d6..7a418db Rolling v8/third_party/catapult: https://chromium.googlesource.com/external/github.com/catapult-project/catapult/+log/4ee31ea..fc2f450 TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org Review-Url: https://codereview.chromium.org/2671563003 Cr-Commit-Position: refs/heads/master@{#42874}
-
mlippautz authored
Remove the cases that deal with a top pointer that is reset. We should always be in a sane state wrt. top and age mark. Also add more DCHECKs. BUG=chromium:672678 Review-Url: https://codereview.chromium.org/2674493002 Cr-Commit-Position: refs/heads/master@{#42873}
-
- 01 Feb, 2017 32 commits
-
-
jbroman authored
This avoids the need to pull in the UTF-8 encoding code from the public API, and allows it to take advantage of any supported way that i::String can be encoded (one- or two-byte). Backward compatibility is maintained, but this is the behavior beginning with this version. BUG=chromium:686159 Review-Url: https://codereview.chromium.org/2665653004 Cr-Commit-Position: refs/heads/master@{#42872}
-
binji authored
Also if the count is not specified, it should wake all waiters. BUG=v8:4777 Review-Url: https://codereview.chromium.org/2659083004 Cr-Commit-Position: refs/heads/master@{#42871}
-
bbudge authored
- Uses macros to reduce code duplication. - Uses calls to VisitRO, VisitRR, VisitRROFloat, and VisitFloatUnop to reduce code bloat. LOG=N BUG=v8:4124 Review-Url: https://codereview.chromium.org/2669683002 Cr-Original-Commit-Position: refs/heads/master@{#42830} Committed: https://chromium.googlesource.com/v8/v8/+/5e6eb91d0d66c9a118f1cc576accb649a17c5a9d Review-Url: https://codereview.chromium.org/2669683002 Cr-Commit-Position: refs/heads/master@{#42870}
-
jyan authored
R=bjaideep@ca.ibm.com, joransiu@ca.ibm.com BUG= Review-Url: https://codereview.chromium.org/2667203002 Cr-Commit-Position: refs/heads/master@{#42869}
-
jyan authored
R=bjaideep@ca.ibm.com, joransiu@ca.ibm.com BUG= Review-Url: https://codereview.chromium.org/2668763005 Cr-Commit-Position: refs/heads/master@{#42868}
-
jbroman authored
Even though the elements kind is FAST_DOUBLE_ELEMENTS, if length is zero the isolate's empty_fixed_array is used. It's illegal to cast this to FixedDoubleArray, so we avoid the cast. BUG=chromium:686479 Review-Url: https://codereview.chromium.org/2665313003 Cr-Commit-Position: refs/heads/master@{#42867}
-
ulan authored
BUG= Review-Url: https://codereview.chromium.org/2672503002 Cr-Commit-Position: refs/heads/master@{#42866}
-
bbudge authored
- Adds vqadd.s/u, vqsub.s/u for all integer lane sizes. - Refactors disassembler and simulator, using switches instead of long if-else chains. LOG=N BUG=v8:4124 Review-Url: https://codereview.chromium.org/2649323012 Cr-Commit-Position: refs/heads/master@{#42865}
-
bjaideep authored
R=joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG= LOG=N Review-Url: https://codereview.chromium.org/2668303002 Cr-Commit-Position: refs/heads/master@{#42864}
-
danno authored
This allows support for tagged representations of index/loop variables which asserted in BuildFastFixedArrayForEach's call to Increment up to this point. Review-Url: https://codereview.chromium.org/2665143002 Cr-Commit-Position: refs/heads/master@{#42863}
-
bbudge authored
- Uses macros to reduce code duplication. - Uses calls to VisitRO and VisitRR to reduce code bloat. LOG=N BUG=v8:4124 Review-Url: https://codereview.chromium.org/2668753004 Cr-Original-Commit-Position: refs/heads/master@{#42828} Committed: https://chromium.googlesource.com/v8/v8/+/e8e2e3c826d42490f809e1c45750bbb438b60d8c Review-Url: https://codereview.chromium.org/2668753004 Cr-Commit-Position: refs/heads/master@{#42862}
-
adamk authored
The hoist_scope member of DeclarationDescriptor was only used to pass the function scope for declaration of parameters containing sloppy evals, for example: function f(x = eval("var y")) { } In cases like this, "x" is declared in the function scope but "y" is declared in an inner scope. Rather than passing the function scope as "hoist_scope", we simply ask for the outer_scope() of the inner scope as needed in PatternRewriter. This reduces the cognitive overhead of understanding what a DeclarationDescriptor has; for example, it removes some dead code from the PreParser which never has to deal with a situation like the example above. Review-Url: https://codereview.chromium.org/2662183002 Cr-Commit-Position: refs/heads/master@{#42861}
-
ahaas authored
The int64-lowering only lowered store instructions with a word64 store representation. For all other stores the default lowering applied. The default lowering replaces all input nodes with both their replacement nodes, which can change the number of input nodes of the lowered node. In WebAssembly there exist stores which take an I64 input and store it with a different representation, e.g. I32. In TurboFan this translates to a store node with word32 store representation and a word64 value input. The default lowering replaces the word64 value input to become two word32 value inputs, which makes the number of inputs of the store node invalid. This CL discards the high word replacement of the value input so that the number of input nodes of a store node does not change in the default lowering. R=titzer@chromium.org CC=rossberg@chromium.org BUG= Review-Url: https://codereview.chromium.org/2668023004 Cr-Commit-Position: refs/heads/master@{#42860}
-
ishell authored
This is a step towards encoding all the necessary information in the feedback slot kind instead of storing it in the IC dispatcher's code object flags. BUG=v8:5849, v8:5917 Review-Url: https://codereview.chromium.org/2662113005 Cr-Commit-Position: refs/heads/master@{#42859}
-
bjaideep authored
Port 87d309da Original Commit Message: This is the first step to reduce the size of the out-of-line code of TrapIf. Instead of passing the context to the runtime call as a parameter, we pass Smi::kZero to the runtime call and then get the actual context from the WasmFrame on the stack. R=ahaas@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG=v8:5908 LOG=N Review-Url: https://codereview.chromium.org/2661363003 Cr-Commit-Position: refs/heads/master@{#42858}
-
marja authored
BUG=v8:5294 Review-Url: https://codereview.chromium.org/2662393004 Cr-Commit-Position: refs/heads/master@{#42857}
-
bmeurer authored
R=jarin@chromium.org Review-Url: https://codereview.chromium.org/2667123002 Cr-Commit-Position: refs/heads/master@{#42856}
-
neis authored
Using .caller, one can get access to the internal function that invokes the handler passed to Promise.prototype.then. This internal function is a TF builtin that was set up as non-native and without an argument adaptor. As a consequence of this, when accessing .arguments on it, the frame-walking logic in the .arguments accessor thinks the number of arguments is -1 and we try to allocate an array of size -1. This CL marks the builtin function as native (making its .arguments be null), along with a few others that may have been incorrect in the same way. BUG=chromium:682349 Review-Url: https://codereview.chromium.org/2672453002 Cr-Commit-Position: refs/heads/master@{#42855}
-
neis authored
Move set_native(true) from InstallFunction into CreateFunction in order to emphasize the places where we create non-native functions. No change in semantics overall. BUG= Review-Url: https://codereview.chromium.org/2667993005 Cr-Commit-Position: refs/heads/master@{#42854}
-
ahaas authored
This is the first step to reduce the size of the out-of-line code of TrapIf. Instead of passing the context to the runtime call as a parameter, we pass Smi::kZero to the runtime call and then get the actual context from the WasmFrame on the stack. BUG=v8:5908 R=titzer@chromium.org, clemensh@chromium.org Review-Url: https://codereview.chromium.org/2664273002 Cr-Commit-Position: refs/heads/master@{#42853}
-
bmeurer authored
Properly attribute all builtins, bytecode handlers and other stubs to the calling function unless --separate-ic is passed. R=jarin@chromium.org Review-Url: https://codereview.chromium.org/2668953002 Cr-Original-Commit-Position: refs/heads/master@{#42849} Committed: https://chromium.googlesource.com/v8/v8/+/42011d29975898c3648241749cf1e96eac074b85 Review-Url: https://codereview.chromium.org/2668953002 Cr-Commit-Position: refs/heads/master@{#42852}
-
bmeurer authored
Revert of [tools] Fix RegExp for ticksprocessor. (patchset #2 id:20001 of https://codereview.chromium.org/2668953002/ ) Reason for revert: AAAAAHHHHHHH Original issue's description: > [tools] Fix RegExp for ticksprocessor. > > Properly attribute all builtins, bytecode handlers and other stubs to > the calling function unless --separate-ic is passed. > > R=jarin@chromium.org > NOTRY=true > > Review-Url: https://codereview.chromium.org/2668953002 > Cr-Commit-Position: refs/heads/master@{#42849} > Committed: https://chromium.googlesource.com/v8/v8/+/42011d29975898c3648241749cf1e96eac074b85 TBR=jarin@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true Review-Url: https://codereview.chromium.org/2664033005 Cr-Commit-Position: refs/heads/master@{#42851}
-
ahaas authored
I removed some constant folding optimizations for float instruction in https://codereview.chromium.org/2647353007 because they were incorrect if the input was a signalling NaN. Removing these optimizations, however had an unexpectedly big impact on asm.js performance. With this CL I restore the optimizations again when the source origin is not wasm. In JavaScript signalling NaNs are not observable and therefore the optimizations are correct. R=titzer@chromium.org BUG=chromium:686654 Review-Url: https://codereview.chromium.org/2666903002 Cr-Commit-Position: refs/heads/master@{#42850}
-
bmeurer authored
Properly attribute all builtins, bytecode handlers and other stubs to the calling function unless --separate-ic is passed. R=jarin@chromium.org NOTRY=true Review-Url: https://codereview.chromium.org/2668953002 Cr-Commit-Position: refs/heads/master@{#42849}
-
neis authored
This is sound because the slot never changes, and it enables optimization by JSContextSpecialization. R=mstarzinger@chromium.org BUG= Review-Url: https://codereview.chromium.org/2662093004 Cr-Commit-Position: refs/heads/master@{#42848}
-
petermarshall authored
Review-Url: https://codereview.chromium.org/2666783007 Cr-Commit-Position: refs/heads/master@{#42847}
-
Michael Achenbach authored
Reland of: https://codereview.chromium.org/2592663004/ BUG=chromium:656900 TBR=yangguo@chromium.org, glider@chromium.org, titzer@chromium.org Change-Id: I89b5c6b7a4214e25b4fea6d2ee33cd31b47320cc Reviewed-on: https://chromium-review.googlesource.com/435319Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#42846}
-
bmeurer authored
Revert of [turbofan] Constant propagation for JumpIfFalse/JumpIfTrue. (patchset #4 id:60001 of https://codereview.chromium.org/2666283002/ ) Reason for revert: Breaks win64 it seems. Original issue's description: > [turbofan] Constant propagation for JumpIfFalse/JumpIfTrue. > > The JumpIfFalse and JumpIfTrue bytecodes test the accumulator, and > branch based on whether the accumulator is true or false (no other > value allowed, and in fact TurboFan would blow up if you would pass > anything else, since Branch operator can only deal with Boolean). > So for either branch we know exactly the value of the accumulator, > and we can update the environment to this constant value instead. > > This helps to avoid the useless bit materialization that currently > happens when || or && is being used in a value context. > > R=jarin@chromium.org > BUG=v8:5267 > > Review-Url: https://codereview.chromium.org/2666283002 > Cr-Commit-Position: refs/heads/master@{#42843} > Committed: https://chromium.googlesource.com/v8/v8/+/158ac9287193f315342ad31c38fe451620d176eb TBR=jarin@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=v8:5267 Review-Url: https://codereview.chromium.org/2668933002 Cr-Commit-Position: refs/heads/master@{#42845}
-
neis authored
The function being tested is forced to go through Turbofan anyway (since it references a module variable). Adding --turbo explicitly just to make a check happy. BUG= Review-Url: https://codereview.chromium.org/2664393003 Cr-Commit-Position: refs/heads/master@{#42844}
-
bmeurer authored
The JumpIfFalse and JumpIfTrue bytecodes test the accumulator, and branch based on whether the accumulator is true or false (no other value allowed, and in fact TurboFan would blow up if you would pass anything else, since Branch operator can only deal with Boolean). So for either branch we know exactly the value of the accumulator, and we can update the environment to this constant value instead. This helps to avoid the useless bit materialization that currently happens when || or && is being used in a value context. R=jarin@chromium.org BUG=v8:5267 Review-Url: https://codereview.chromium.org/2666283002 Cr-Commit-Position: refs/heads/master@{#42843}
-
jgruber authored
The String.prototype was altered after snapshot time (during experimental natives setup), invalidating the stored map used for fast-path checks. BUG= Review-Url: https://codereview.chromium.org/2663303003 Cr-Commit-Position: refs/heads/master@{#42842}
-
bmeurer authored
The InstructionSelector on x64 didn't properly implement VisitWord32Equal via VisitWordCompareZero, and thus it didn't properly combined useless Word32Equal comparisons with zero (which we use to implement bit negation). R=jarin@chromium.org BUG=v8:5267 Review-Url: https://codereview.chromium.org/2662123004 Cr-Commit-Position: refs/heads/master@{#42841}
-