- 11 Apr, 2018 12 commits
-
-
jgruber authored
All call sites passed nullptr as the isolate argument and DOUBLE as the exponent type. Remove these unused arguments and related dead code. Bug: v8:6666 Change-Id: Ie94d9b489f494b2a5c80f5cc3dc81013ed4f4414 Reviewed-on: https://chromium-review.googlesource.com/1006754Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#52545}
-
Sigurd Schneider authored
This test relies on allocation mementos remaining in place; with the new forced GC in the deoptimizer, this test can't be run with the deopt fuzzer on anymore. Bug: v8:7644 Change-Id: I6271c00a7b6c4e90a5e190bac5debaafad03a0e3 Reviewed-on: https://chromium-review.googlesource.com/1004774Reviewed-by: Michael Stanton <mvstanton@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#52544}
-
Michael Starzinger authored
This improves the stack layout of {WasmCompiledFrame} frames built by Liftoff so that the first spill slot immediately follows the frame marker. We will rely on this in the future when we expect the first spill slot to always hold a {WasmInstanceObject} reference. R=clemensh@chromium.org Change-Id: I2babe8a813af23f3b5bc139a2b0b334072625f7b Reviewed-on: https://chromium-review.googlesource.com/1006615Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#52543}
-
Clemens Hammacher authored
On indirect function calls, if the corresponding table entry is empty, we cannot call {GetCodeFromStartAddress}. In that case, the signature check will fail anyway, so perform the signature check first, and only get the code object if the check succeeds. R=mstarzinger@chromium.org Bug: chromium:831463 Change-Id: Iead949e4c12502b1a2a3949db2dabab4a184a1e7 Reviewed-on: https://chromium-review.googlesource.com/1005005Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#52542}
-
Simon Zünd authored
Benchmark now sorts every element type of TypedArray and groups the benchmarks by integer and floating point types. Also adding a sort benchmark that uses multiple custom compare functions. R=petermarshall@chromium.org Bug: v8:7624 Change-Id: Id0f44adf78398c99a17fe3edb6ee5d7fccc4d99b Reviewed-on: https://chromium-review.googlesource.com/1000774 Commit-Queue: Simon Zünd <szuend@google.com> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#52541}
-
Dan Elphick authored
Builds with and without embedded builtins (when combined with RO_SPACE changes) results in different v8heapconst.py. So this marks embedded builds as non-shipping. When embedded builtins becomes the default then this non-embedded builds should be marked as non-shipping. Bug: v8:7464 Change-Id: I8649183daf63ae9f54ed6207ed1104ecf33c89ff Reviewed-on: https://chromium-review.googlesource.com/1005515 Commit-Queue: Dan Elphick <delphick@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#52540}
-
Vlad Tsyrklevich authored
Blacklist two functions that can call casted function pointers, there is not an easy way to fix these failures yet. BUG=v8:7164 Change-Id: I895ccb09359d38c95c1ff93e41c306ecb1ad57fc Reviewed-on: https://chromium-review.googlesource.com/1003226Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#52539}
-
Clemens Hammacher authored
This reverts commit e5a687be. Reason for revert: Crashes on GCC: https://build.chromium.org/p/client.v8/builders/V8%20Linux%20gcc%204.8/builds/19002 Original change's description: > [CFI] Refactor test use to use GeneratedCode > > Replace direct call to generated code with call using GeneratedCode to > match the rest of v8. > > BUG=v8:7164 > > Change-Id: I3e45d3e7c45f06fc362a22217ee7f0f1b70745e2 > Reviewed-on: https://chromium-review.googlesource.com/1002534 > Commit-Queue: Clemens Hammacher <clemensh@chromium.org> > Reviewed-by: Clemens Hammacher <clemensh@chromium.org> > Cr-Commit-Position: refs/heads/master@{#52536} TBR=clemensh@chromium.org,vtsyrklevich@chromium.org Change-Id: I684a93d20f104244e2b74ab79ddc7d6e3a1ecf3c No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:7164 Reviewed-on: https://chromium-review.googlesource.com/1006614Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#52538}
-
Simon Zünd authored
The sort benchmarks are currently in their own directory, because we might want to run them in isolation during the upcoming sort rework. R=jgruber@chromium.org, petermarshall@chromium.org Bug: v8:7382 Change-Id: Ic2e4e34d2838690529511d591099a66d0b908b0a Reviewed-on: https://chromium-review.googlesource.com/1004997Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Peter Marshall <petermarshall@chromium.org> Commit-Queue: Simon Zünd <szuend@google.com> Cr-Commit-Position: refs/heads/master@{#52537}
-
Vlad Tsyrklevich authored
Replace direct call to generated code with call using GeneratedCode to match the rest of v8. BUG=v8:7164 Change-Id: I3e45d3e7c45f06fc362a22217ee7f0f1b70745e2 Reviewed-on: https://chromium-review.googlesource.com/1002534 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#52536}
-
Michael Achenbach authored
TBR=santa NOTREECHECKS=true Change-Id: Icb7495de49d4cb4fd675d9d7c128a94aa5e8a443 Reviewed-on: https://chromium-review.googlesource.com/1006574 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#52535}
-
v8-autoroll authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/c4de990..73e352e Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/1bae362..2c59f67 TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org Change-Id: I984a13dc91dddbf0ab6c79eca97395aaf6ad8c56 Reviewed-on: https://chromium-review.googlesource.com/1006097Reviewed-by: v8 autoroll <v8-autoroll@chromium.org> Commit-Queue: v8 autoroll <v8-autoroll@chromium.org> Cr-Commit-Position: refs/heads/master@{#52534}
-
- 10 Apr, 2018 28 commits
-
-
Matheus Marchini authored
Before Turbofan/Ignition it was possible to use external profilers to sample running V8/Node.js processes and generate reports/FlameGraphs from that. It's still possible to do so, but non-optimized JavaScript functions appear in the stack as InterpreterEntryTrampoline. This commit adds a runtime flag which makes interpreted frames visible on the process' native stack as distinguishable functions, making the sampled data gathered by external profilers such as Linux perf and DTrace more useful. R=bmeurer@google.com, franzih@google.com, jarin@google.com, yangguo@google.com Bug: v8:7155 Change-Id: I3dc8876aa3cd9f1b9766624842a7cc354ccca415 Reviewed-on: https://chromium-review.googlesource.com/959081 Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#52533}
-
Alexei Filippov authored
If it does not, the stack may be in an unconsistent state. Bailout if so. BUG=chromium:828881 Change-Id: Ia66077d3846bf9a1d556a37fd8e0ca856f9d2464 Reviewed-on: https://chromium-review.googlesource.com/1002535Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Alexei Filippov <alph@chromium.org> Cr-Commit-Position: refs/heads/master@{#52532}
-
Clemens Hammacher authored
The ImportedFunctionEntry and IndirectFunctionTableEntry stored handles internally, but were created from raw pointers. This is not allowed. The two options to fix this are to either handlify the whole interface, or do the opposite and use raw pointers everywhere. Since no current user depends on a handlified interface, and both objects are being used in performance critical code, this CL unhandlifies the interface and adds a DisallowHeapAllocation scope to enforce that no GC happens while any ImportedFunctionEntry or IndirectFunctionTableEntry is alive. R=mstarzinger@chromium.org CC=titzer@chromium.org Change-Id: I098c2abcdd28c4b117272ac3ea0358ff2e56b36c Reviewed-on: https://chromium-review.googlesource.com/1005075 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#52531}
-
Erik Luo authored
This whitelists Function-related builtins used by Blink callbacks at the DOM wrapping stage, and other BigInt methods. Bug: chromium:810176 Change-Id: If036114cd7f133f2c30247dff836698c2eb16a51 Reviewed-on: https://chromium-review.googlesource.com/1004000Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Erik Luo <luoe@chromium.org> Cr-Commit-Position: refs/heads/master@{#52530}
-
Junliang Yan authored
R=joransiu@ca.ibm.com Change-Id: I995c7ea23899a00a92b350cbd1878c41d56760c2 Reviewed-on: https://chromium-review.googlesource.com/1005279Reviewed-by: Joran Siu <joransiu@ca.ibm.com> Commit-Queue: Junliang Yan <jyan@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#52529}
-
Sigurd Schneider authored
This mjsunittest assumed specific internal types (i.e. Smi) for certain fields; it generates some dozens of variants of the test using new Function, but used the same property names in all of them. This causes V8 to sometimes learn more general types for fields (i.e. unboxed double), which the test did not expect. This commit uses unique field names for each of the test variants. Change-Id: Ib1ecb3ae33a57c8a1293a29a2233dad4e16a39fb Reviewed-on: https://chromium-review.googlesource.com/1004897 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#52528}
-
Michael Starzinger authored
This is in preparation of using some of these constants to compute values for the Liftoff assembler that are themselves constexpr. R=clemensh@chromium.org Change-Id: I573ef4ca164e0107968e482996963fde9a3960b0 Reviewed-on: https://chromium-review.googlesource.com/1005056Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#52527}
-
Ben L. Titzer authored
This CL fixes the pathological O(n^2) patching behavior that was introduced when simplifying the wasm instance/context data structures. It introduces a per-instance reverse mapping of function indexes to where they appear in import and indirect function tables. The mapping is created lazily and rebuild in response to too many failed lookups, which makes it robust to table mutations in the future. This CL also fixes a bug where the anonymous lazy compile stub was not being used for direct calls, confusing the indirect call patching mechanism. R=clemensh@chromium.org,mstarzinger@chromium.org Bug: v8:7424, chromium:830558 Change-Id: Ice0212593b31eb64687a3d52bd238020682a857f Reviewed-on: https://chromium-review.googlesource.com/1004294 Commit-Queue: Ben Titzer <titzer@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#52526}
-
Clemens Hammacher authored
Replace all uses by the existing RoundUp function. R=ulan@chromium.org Bug: v8:7570 Change-Id: I7ff5e76ebea7b429ff4e4f3a8157ee831e7891ae Reviewed-on: https://chromium-review.googlesource.com/1004898Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#52525}
-
Ulan Degenbaev authored
Change-Id: Ic10f599b6bb1c258082db61494a4e5c73220b00f Reviewed-on: https://chromium-review.googlesource.com/1005255Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#52524}
-
Igor Sheludko authored
... to see if it improves things in real-world area. Change-Id: Icf6a1ff47f35eb3f7e25b549d736f7404148f6ab Reviewed-on: https://chromium-review.googlesource.com/1004587 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#52523}
-
Sigurd Schneider authored
This CL adds a context slot to builtin continuation frames which stores the context, even for stub continuations. This context slot is used in NotifyDeoptimized to provide the JavaScript context. Bug: v8:7639 Change-Id: Ibdfe24141a759cda6d319db0933bea57919dc171 Reviewed-on: https://chromium-review.googlesource.com/1002776 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#52522}
-
Daniel Clifford authored
Change-Id: I170f47ee1c1e7e1a1296d5e5fc7fd1e2ab28a2f7 Reviewed-on: https://chromium-review.googlesource.com/1005076 Commit-Queue: Daniel Clifford <danno@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#52521}
-
peterwmwong authored
Bug: v8:6890 Change-Id: I0778aee65985852950c48b519baeb7fe6d81f8eb Reviewed-on: https://chromium-review.googlesource.com/998394 Commit-Queue: Peter Wong <peter.wm.wong@gmail.com> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#52520}
-
Marja Hölttä authored
New space objects which die after scavenging might contain weak references. IncrementalMarking::UpdateWeakReferencesAfterScavenge must drop the corresponding slot. This bug didn't surface before, since all weak slots are in the old space (but this will change soon). BUG=v8:7308 Change-Id: Ib1e507d4207e35547240dc0867ec7787b3f3103e Reviewed-on: https://chromium-review.googlesource.com/1005000Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#52519}
-
Jaroslav Sevcik authored
This re-enables stack pointer poisoning with untrusted code mitigations. Bug: chromium:798964 Change-Id: I68b60641efefccbf0c4fd81c54809777feabc4be Reviewed-on: https://chromium-review.googlesource.com/1002563Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#52518}
-
Daniel Clifford authored
Change-Id: Ic1f222e726694ffc5afe158ae1839ce9c55ec6d5 Reviewed-on: https://chromium-review.googlesource.com/1004996Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Daniel Clifford <danno@chromium.org> Cr-Commit-Position: refs/heads/master@{#52517}
-
v8-autoroll authored
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/b5c70ce..1bae362 TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org Change-Id: I963fd7e0240434546b1cc5620741f850b85ece23 Reviewed-on: https://chromium-review.googlesource.com/1004914Reviewed-by: v8 autoroll <v8-autoroll@chromium.org> Commit-Queue: v8 autoroll <v8-autoroll@chromium.org> Cr-Commit-Position: refs/heads/master@{#52516}
-
Jakob Gruber authored
This reverts commit 6823c0a4. Reason for revert: https://crbug.com/830499 Original change's description: > [runtime] Do some more StringTable shrinking > > This CL further lowers the kMaxEmptyFactor constant to more aggressively shrink > the StringTable when it's empty. > > Bug: v8:5443, chromium:818642 > Change-Id: I1c263a0afd7e6bed8a8bb857db032bf126c3ef4b > Reviewed-on: https://chromium-review.googlesource.com/995473 > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Commit-Queue: Camillo Bruni <cbruni@chromium.org> > Cr-Commit-Position: refs/heads/master@{#52401} TBR=mlippautz@chromium.org,cbruni@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: v8:5443, chromium:818642 Change-Id: Ibd009fe1e9fcd0b36f168ad425e1eb5e663a1ca8 Reviewed-on: https://chromium-review.googlesource.com/1004456Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#52515}
-
Daniel Clifford authored
Separating from main mega-CL for Torque to make landing it more manageable. Change-Id: Ic2cf2f5bff62613cb25cddd065479c85cfd9dd6c Reviewed-on: https://chromium-review.googlesource.com/963704Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Daniel Clifford <danno@chromium.org> Cr-Commit-Position: refs/heads/master@{#52514}
-
Jakob Gruber authored
This reverts commit 29308cf0. Reason for revert: Use existing runtime functions instead Original change's description: > Add boolean runtime checks for different element kinds. > > This will be used for Array.p.sort benchmarks to ensure that the > arrays will have the correct element kind. > > R=cbruni@chromium.org, jgruber@chromium.org > > Bug: v8:7382 > Change-Id: I4fe58d97d7f18fd193d4432964cf6b4f5335e0e7 > Reviewed-on: https://chromium-review.googlesource.com/1004754 > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Cr-Commit-Position: refs/heads/master@{#52511} TBR=cbruni@chromium.org,jgruber@chromium.org,szuend@google.com Change-Id: I45742879d3637470752335772f294d7e8ff3ce35 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:7382 Reviewed-on: https://chromium-review.googlesource.com/1004589Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#52513}
-
Ivica Bogosavljevic authored
Fix a6d974fe Change-Id: I0c8c5f3e86fcb4954f8854d7068c5267abb748a4 Reviewed-on: https://chromium-review.googlesource.com/1004580Reviewed-by: Sreten Kovacevic <sreten.kovacevic@mips.com> Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com> Cr-Commit-Position: refs/heads/master@{#52512}
-
Simon Zünd authored
This will be used for Array.p.sort benchmarks to ensure that the arrays will have the correct element kind. R=cbruni@chromium.org, jgruber@chromium.org Bug: v8:7382 Change-Id: I4fe58d97d7f18fd193d4432964cf6b4f5335e0e7 Reviewed-on: https://chromium-review.googlesource.com/1004754 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#52511}
-
Sigurd Schneider authored
Bug: v8:7570 Change-Id: I1653f216962b99161e21e0e8342164f10d5928cb Reviewed-on: https://chromium-review.googlesource.com/1004579Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#52510}
-
Ulan Degenbaev authored
The checked condition now more precisely corresponds to the actual ineffective GC detection heuristic. Change-Id: I727932c76ff3183e7b038437eefba564c9778ff7 Reviewed-on: https://chromium-review.googlesource.com/997634Reviewed-by: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#52509}
-
Igor Sheludko authored
Bug: chromium:823069 Change-Id: Ie5be40da1e64a11c7a3c6ba5d2bc193bd78ca737 Reviewed-on: https://chromium-review.googlesource.com/1002560Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#52508}
-
Clemens Hammacher authored
Came across this cast while checking a CFI issue. It reinterpret_casts between two identical function pointers, so it is redundant. R=ulan@chromium.org Bug: v8:7570 Change-Id: I2d92e93788027e41abdb12af8371251c0da6a709 Reviewed-on: https://chromium-review.googlesource.com/1004674Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#52507}
-
Marja Hölttä authored
The reloading was needed when GC would compact the Heap::retained_maps array. But that's no longer true; the compaction is done in Heap::AddRetainedMap, outside GC. So it's not possible that the length would change because of an allocation. (Pre-cleanup for in-place weak ref work.) BUG=v8:7308 Change-Id: I18554353014865992f9151002cc4097fb986faf1 Reviewed-on: https://chromium-review.googlesource.com/1002775Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#52506}
-