- 14 Feb, 2017 12 commits
-
-
ishell@chromium.org authored
BUG= Change-Id: I1e32fdcf9edda57f5de329c8b694620a5da4558b Reviewed-on: https://chromium-review.googlesource.com/442444Reviewed-by: Michael Stanton <mvstanton@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#43185}
-
tebbi authored
My hypothesis is that the OOM crash is caused by a loop of forgetting and reallocating a VirtualObject inside of a VirtualState. R=mstarzinger@chromium.org BUG=chromium:691487 Review-Url: https://codereview.chromium.org/2694723002 Cr-Commit-Position: refs/heads/master@{#43184}
-
Andrii Shyshkalov authored
CQ will only allow CL authors (owners in Gerrit) and V8 committers to trigger CQ in Gerrit codereview. Thus, CQ voting restriction to just committers can be lifted, letting every authenticated user attempt to trigger CQ. R=machenbach@chromium.org,agable@chromium.org BUG=641422,685318 NOTRY=True Change-Id: Ied310a65277d6fefa44a9945cc780cb8fe827e03 Reviewed-on: https://chromium-review.googlesource.com/442124 Commit-Queue: Andrii Shyshkalov <tandrii@chromium.org> Reviewed-by: Aaron Gable <agable@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#43183}
-
vabr authored
If the Reflect.construct receives an argument expected to be a constructor, and the argument is not a constructor, V8 currently declares that Reflect.construct is not a function. It should instead say that the offending argument is not a constructor. This is the case for all ports of builtins (Builtins::Generate_ReflectConstruct). All of them make an attempt to at least pass the right argument to the TypeError parametrised message, calling out the offending Reflect.construct argument. However, Runtime::kThrowCalledNonCallable extracts the callsite from those arguments, discarding the precise information. This CL adds Runtime::kNotConstructor, which reports the arguments passed to it, and the CL also modifies the ports of builtins to make use of Runtime::kNotConstructor BUG=v8:5671 Review-Url: https://codereview.chromium.org/2688393003 Cr-Commit-Position: refs/heads/master@{#43182}
-
Ross McIlroy authored
BUG=v8:5203 Change-Id: Ia64775756873a8abc5d5b9ee987201a16c190420 Reviewed-on: https://chromium-review.googlesource.com/441812Reviewed-by: Jochen Eisinger <jochen@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#43181}
-
gsathya authored
R=neis@chromium.org Review-Url: https://codereview.chromium.org/2690163004 Cr-Commit-Position: refs/heads/master@{#43180}
-
clemensh authored
I identified lots of asm.js tests that are actually not valid according to the spec, hence they execute in default-javascript-mode. This CL fixes most of them by adding additional type annotations. The atomic tests are totally non-spec-compliant by expecting a fourth argument, and infinite-loops-taken expects a function-type parameter, so I did not fix those. I also did not fix the regression tests. R=titzer@chromium.org, bradnelson@chromium.org BUG=v8:4203 Review-Url: https://codereview.chromium.org/2663243002 Cr-Commit-Position: refs/heads/master@{#43179}
-
clemensh authored
See associated bug: A continue if a do-while loop did jump back to the loop header, instead of jumping to the condition. This CL fixes this and adds a test case. R=bradnelson@chromium.org, titzer@chromium.org BUG=v8:5912 Review-Url: https://codereview.chromium.org/2693993002 Cr-Commit-Position: refs/heads/master@{#43178}
-
Andreas Haas authored
Within the initialization of a WasmInstanceWrapper a WeakCell is allocated for the wrapped instance. This allocation of the WeakCell can cause a garbage collection. The bug happened because a pointer to the WasmInstanceWrapper was stored in the unhandlified this pointer, which was invalidated by the garbage collection. R=clemensh@chromium.org CC=gdeepti@chromium.org BUG=chromium:691538 Change-Id: I7001ab7ad3ee30f4c87a13c42e2fd16c0c86027a Reviewed-on: https://chromium-review.googlesource.com/441766Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#43177}
-
bbudge authored
LOG=Y BUG=v8:4124,v8:5948 R=bradnelson@chromium.org,bmeurer@chromium.org,jochen@chromium.org,hpayer@chromium.org,danno@chromium.org Review-Url: https://codereview.chromium.org/2684313003 Cr-Original-Original-Commit-Position: refs/heads/master@{#43162} Committed: https://chromium.googlesource.com/v8/v8/+/d170c57ab996d00c4665a9d865bd5754a1806c6c Review-Url: https://codereview.chromium.org/2684313003 Cr-Original-Commit-Position: refs/heads/master@{#43169} Committed: https://chromium.googlesource.com/v8/v8/+/a9b59a11f1bfe069afabe5567f919727456f1f12 Review-Url: https://codereview.chromium.org/2684313003 Cr-Commit-Position: refs/heads/master@{#43176}
-
yangguo authored
R=jgruber@chromium.org, kozyatinskiy@chromium.org BUG=v8:5808 Review-Url: https://codereview.chromium.org/2694623003 Cr-Commit-Position: refs/heads/master@{#43175}
-
v8-autoroll authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/3e5cfce..0fdcf96 Rolling v8/third_party/catapult: https://chromium.googlesource.com/external/github.com/catapult-project/catapult/+log/67cf0dc..7f34a59 TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org Change-Id: I62a9982ea0c851b152a2ca5d13684a6cac0f2059 Reviewed-on: https://chromium-review.googlesource.com/442324Reviewed-by: v8 autoroll <v8-autoroll@chromium.org> Commit-Queue: v8 autoroll <v8-autoroll@chromium.org> Cr-Commit-Position: refs/heads/master@{#43174}
-
- 13 Feb, 2017 28 commits
-
-
adamk authored
Inheriting from ZoneObject already provides this operator. R=marja@chromium.org Review-Url: https://codereview.chromium.org/2688283002 Cr-Commit-Position: refs/heads/master@{#43173}
-
adamk authored
R=marja@chromium.org Review-Url: https://codereview.chromium.org/2687403003 Cr-Commit-Position: refs/heads/master@{#43172}
-
bjaideep authored
Port 6ee0b6ce Original Commit Message: This adds support for deoptimizing into the JSConstructStub after the receiver instantiation but before the actual constructor invocation. Such a deoptimization point is needed for cases where instantiation might be observed (e.g. when new.target is a proxy) and hence might trigger a deopt. We use this new deoptimization point for the "after" frame-state the inliner attaches to {JSCreate} nodes being inserted when constructor calls are being inlined. R=mstarzinger@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG=v8:5638 LOG=N Review-Url: https://codereview.chromium.org/2690213002 Cr-Commit-Position: refs/heads/master@{#43171}
-
franzih authored
Revert of Remove SIMD.js from V8. (patchset #7 id:120001 of https://codereview.chromium.org/2684313003/ ) Reason for revert: Breaks Node integration build. Original issue's description: > Remove SIMD.js from V8. > > LOG=Y > BUG=v8:4124,v8:5948 > R=bradnelson@chromium.org,bmeurer@chromium.org,jochen@chromium.org,hpayer@chromium.org,danno@chromium.org > > Review-Url: https://codereview.chromium.org/2684313003 > Cr-Original-Commit-Position: refs/heads/master@{#43162} > Committed: https://chromium.googlesource.com/v8/v8/+/d170c57ab996d00c4665a9d865bd5754a1806c6c > Review-Url: https://codereview.chromium.org/2684313003 > Cr-Commit-Position: refs/heads/master@{#43169} > Committed: https://chromium.googlesource.com/v8/v8/+/a9b59a11f1bfe069afabe5567f919727456f1f12 TBR=bradnelson@chromium.org,bmeurer@chromium.org,jochen@chromium.org,hpayer@chromium.org,danno@chromium.org,bradnelson@google.com,machenbach@chromium.org,bbudge@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=v8:4124,v8:5948 Review-Url: https://codereview.chromium.org/2695653005 Cr-Commit-Position: refs/heads/master@{#43170}
-
bbudge authored
LOG=Y BUG=v8:4124,v8:5948 R=bradnelson@chromium.org,bmeurer@chromium.org,jochen@chromium.org,hpayer@chromium.org,danno@chromium.org Review-Url: https://codereview.chromium.org/2684313003 Cr-Original-Commit-Position: refs/heads/master@{#43162} Committed: https://chromium.googlesource.com/v8/v8/+/d170c57ab996d00c4665a9d865bd5754a1806c6c Review-Url: https://codereview.chromium.org/2684313003 Cr-Commit-Position: refs/heads/master@{#43169}
-
bbudge authored
- Renames select, swizzle, and shuffle to be consistent with the S128 and existing S32x4 ops, and reflect that these aren't arithmetic. e.g. I16x8Swizzle -> S16x8Swizzle. - Implements S16x8 and S8x16 Select operations and tests. - Implements S128And, Or, Xor, Not operations and tests. - Implements Swizzle for 32x4 formats. - Refactors test macros that generate SIMD code. TEST=cctest/test-run-wasm-simd/* LOG=N BUG=v8:4124 Review-Url: https://codereview.chromium.org/2683713003 Cr-Commit-Position: refs/heads/master@{#43168}
-
bjaideep authored
Port 6c12d57e Original Commit Message: This fixes the case where the index passed to {HMaybeGrowElements} used to derive the new capacity for the elements backing store does not fit into Smi range. Such an overflow would fail the capacity check and cause growing to be skipped. Subsequent keyed stores would potentially go out of bounds. R=mstarzinger@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG=chromium:686427 LOG=N Review-Url: https://codereview.chromium.org/2697473004 Cr-Commit-Position: refs/heads/master@{#43167}
-
jyan authored
R=joransiu@ca.ibm.com, bjaideep@ca.ibm.com, danno@chromium.org, bmeurer@chromium.org BUG= Review-Url: https://codereview.chromium.org/2691893002 Cr-Commit-Position: refs/heads/master@{#43166}
-
verwaest authored
Unlike the old manually written LoadNonexistent stub, the data handler properly supports keyed loads out of the box. Simply remove the condition that disables it. BUG= Review-Url: https://codereview.chromium.org/2693913002 Cr-Commit-Position: refs/heads/master@{#43165}
-
bradnelson authored
Revert of Remove SIMD.js from V8. (patchset #7 id:120001 of https://codereview.chromium.org/2684313003/ ) Reason for revert: red Original issue's description: > Remove SIMD.js from V8. > > LOG=Y > BUG=v8:4124,5948 > R=bradnelson@chromium.org,bmeurer@chromium.org,jochen@chromium.org,hpayer@chromium.org,danno@chromium.org > (notry since trybots can't patch directory deletes) > NOTRY=true > > Review-Url: https://codereview.chromium.org/2684313003 > Cr-Commit-Position: refs/heads/master@{#43162} > Committed: https://chromium.googlesource.com/v8/v8/+/d170c57ab996d00c4665a9d865bd5754a1806c6c TBR=bmeurer@chromium.org,jochen@chromium.org,hpayer@chromium.org,danno@chromium.org,bradnelson@google.com,bbudge@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=v8:4124,5948 Review-Url: https://codereview.chromium.org/2692933002 Cr-Commit-Position: refs/heads/master@{#43164}
-
tebbi authored
R=bmeurer@chromium.org BUG= Review-Url: https://codereview.chromium.org/2680973013 Cr-Commit-Position: refs/heads/master@{#43163}
-
bbudge authored
LOG=Y BUG=v8:4124,5948 R=bradnelson@chromium.org,bmeurer@chromium.org,jochen@chromium.org,hpayer@chromium.org,danno@chromium.org (notry since trybots can't patch directory deletes) NOTRY=true Review-Url: https://codereview.chromium.org/2684313003 Cr-Commit-Position: refs/heads/master@{#43162}
-
Michael Achenbach authored
The environment variables for swarming shards are leaking into the gtest runs, which read them as well and in turn skip some tests. Now we make sure those environment variables aren't passed to the subprocesses. BUG=v8:5956 Change-Id: I9c93b1facc703a10a88e633074977743ccd24eb0 Reviewed-on: https://chromium-review.googlesource.com/441745Reviewed-by: Andrii Shyshkalov <tandrii@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#43161}
-
hpayer authored
BUG=chromium:673308,chromium:689555 Review-Url: https://codereview.chromium.org/2694763002 Cr-Commit-Position: refs/heads/master@{#43160}
-
hpayer authored
BUG=chromium:673308 Review-Url: https://codereview.chromium.org/2696563003 Cr-Commit-Position: refs/heads/master@{#43159}
-
Marja Hölttä authored
R=mstarzinger@chromium.org BUG=v8:5294 Change-Id: If2cdb4d38829e69ddd8aecb99c99c3a03050f57c Reviewed-on: https://chromium-review.googlesource.com/441824 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#43158}
-
Marja Hölttä authored
Test both cases where the interesting constructs occur at the laziness boundary and cases where they occur deeper. BUG=v8:5501 R=vogelheim@chromium.org Change-Id: I99e32cb0c829616011bf7d1f389a8d309b54d67e Reviewed-on: https://chromium-review.googlesource.com/441844Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#43157}
-
Marja Hölttä authored
BUG=v8:5950 NOTRY=true Change-Id: I735e9be997167aa9f7252ad592c0881f6f5f621d Reviewed-on: https://chromium-review.googlesource.com/441726Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#43156}
-
Michael Achenbach authored
BUG=chromium:691458 NOTRY=true TBR=tandrii@chromium.org Change-Id: I252f8624e18d54e0ba60800a2c4f3bf50c30c661 Reviewed-on: https://chromium-review.googlesource.com/441704Reviewed-by: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Andrii Shyshkalov <tandrii@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#43155}
-
Michael Achenbach authored
BUG=chromium:689886 Change-Id: I4fd0cacd8b1a2de6507a4f33dfa5a01df8a3b2bf Reviewed-on: https://chromium-review.googlesource.com/441725Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#43154}
-
Michael Achenbach authored
BUG=chromium:673246 NOTRY=true TBR=jarin@chromium.org,ahaas@chromium.org Change-Id: Ie2000f543e017dbef27c3faa49565fe838eddcee Reviewed-on: https://chromium-review.googlesource.com/441345Reviewed-by: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#43153}
-
bmeurer authored
The StringEqual builtin can now deal with ExternalOneByteStrings without going to the runtime. It still needs to go to the runtime if the external string is short, i.e. if the resource data pointer is not cached. R=yangguo@chromium.org BUG=v8:4913 Review-Url: https://codereview.chromium.org/2690853004 Cr-Commit-Position: refs/heads/master@{#43152}
-
vabr authored
The constructor for TypedArray in js/typedarray.js emitted kInvalidTypedArrayAlignment if the array offset exceeded the size of the underlying buffer. This seems like a typo introduced in https://codereview.chromium.org/2090353003. The error message to be emitted instead coincides with the already existing kInvalidDataViewOffset. The message string is independent of whether the object in question is a DataView or a typed array, so this CL: (1) renames kInvalidDataViewOffset to just kInvalidOffset, and (2) uses kInvalidOffset instead of kInvalidTypedArrayAlignment for cases when the TypedArray is constructed with an offset exceeding the buffer size. BUG=v8:5733 TEST=Run d8, execute "new Uint8Array(new ArrayBuffer(1),2)", see the error message mention the invalid offset 2. Review-Url: https://codereview.chromium.org/2692753002 Cr-Commit-Position: refs/heads/master@{#43151}
-
vabr authored
This CL fixes some nits in TypeError messages, unifying the form of kDefineDisallowed and kObjectNotExtensible to match what is used by the majority of the other messages: * "Cannot" vs. "Can't" -> choose "Cannot" * "property:%" -> "property %" * omit the full-stop at the end of the message BUG=v8:5673 Review-Url: https://codereview.chromium.org/2686233008 Cr-Commit-Position: refs/heads/master@{#43150}
-
Michael Starzinger authored
This adds support for deoptimizing into the JSConstructStub after the receiver instantiation but before the actual constructor invocation. Such a deoptimization point is needed for cases where instantiation might be observed (e.g. when new.target is a proxy) and hence might trigger a deopt. We use this new deoptimization point for the "after" frame-state the inliner attaches to {JSCreate} nodes being inserted when constructor calls are being inlined. R=jarin@chromium.org TEST=mjsunit/regress/regress-5638b BUG=v8:5638 Change-Id: I7c72c807ee8fb76d12e0e9ccab86d970ab1a0efd Reviewed-on: https://chromium-review.googlesource.com/440125Reviewed-by: Hannes Payer <hpayer@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#43149}
-
Leszek Swirski authored
Previously, accumulators and registers each had a single element cache, distinct from the local register cache. This meant that a) Dead accumulator state nodes were not re-used if the accumulator became live. b) Functions with only one parameter (the this object) or only one local register could not reuse the single-valued state value node of the accumulator. This patch introduces heavier re-use of state-value nodes, decreasing memory use when building the graph and decreasing the number of nodes created overall. Change-Id: Ie3cc6913483aab0819d99be382eb2cb42de8c3d2 Reviewed-on: https://chromium-review.googlesource.com/440926Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#43148}
-
Marja Hölttä authored
After this, only 2 illegal includes to objects-inl.h remain (some wasm stuff). R=mstarzinger@chromium.org BUG=v8:5294 Change-Id: I18682f42f0d2a7cc29a0a0be76f8e4eea26aafd9 Reviewed-on: https://chromium-review.googlesource.com/441744Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#43147}
-
clemensh authored
If exactly one byte in the upper half of the pushed 8-byte value is set, use a smaller code sequence to push this value on the stack. Before, we did movq r10,<constant> push r10 Now, we do push 0x0 movb [rsp+<offset>],<byte> The old sequence had 12 bytes, the new one has 7. Pushing such values is used a lot for stack frame markers, which are small numbers (1-17) encoded as SMIs. Review-Url: https://codereview.chromium.org/2685213004 Cr-Commit-Position: refs/heads/master@{#43146}
-