- 24 Jan, 2018 13 commits
-
-
Sigurd Schneider authored
Add effect input and output to String.p.char[Code]At/codePointAt. This is necessary to fix an hard to reproduce bug, a repro for which is included. However, the only way to get the repro included in this CL to fail is to run it with the patch of 873382: [turbofan] Speculate on bounds checks for String#char[Code]At but WITHOUT this patch. This fixes a scheduling problem triggered by 873382 that caused a bounds check to get scheduled after the associated access. Bug: v8:7326 Change-Id: I4b97c1726caac92ff8f74c23df2788f0ecfb1304 Reviewed-on: https://chromium-review.googlesource.com/881781Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#50832}
-
Choongwoo Han authored
- Remove TypedArray.prototype.subarray in js/typedarray.js - Implement TypedArray.prototype.subarray as a CSA - Implement TypedArraySpeciesCreateByArrayBuffer as a CSA - Move a helper function for relative index from builtins-string-gec.cc to code-stub-assembler.cc - Move SpeciesConstructor from builtins-promise-gen.cc to code-stub-assembler.cc Bug: v8:7161, v8:5929 Change-Id: If3340476e16aa21659540eb4b24e3ead54e6a313 Reviewed-on: https://chromium-review.googlesource.com/830992 Commit-Queue: Peter Marshall <petermarshall@chromium.org> Reviewed-by: Peter Marshall <petermarshall@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#50831}
-
Leszek Swirski authored
Instead of building suspend_ids in the AST numbering, collect suspend counts in the parser and assigning suspend ids during bytecode generation. Bug: v8:7178 Change-Id: I53421442afddc894db789fb9d0d3e3cc10e32ff0 Reviewed-on: https://chromium-review.googlesource.com/817598 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#50830}
-
Michael Achenbach authored
This reverts commit fffa4555. Reason for revert: https://build.chromium.org/p/client.v8/builders/V8%20Win32%20ASAN/builds/1905 Original change's description: > [build] Prepare switching win asan to 64 bits > > This switches the current win32 bots to win32 under the hood in MB. We'll > remove them and replace them with win64 bots in a follow up on the infra > side. > > This also infers the clang option from asan, because on windows we need > to set clang explicitly. > > TBR=sergiyb@chromium.org > > Bug: chromium:786303 > Change-Id: I9dddd5050a21a364c302a761ff15ddd21e97c7dc > Reviewed-on: https://chromium-review.googlesource.com/883103 > Reviewed-by: Michael Achenbach <machenbach@chromium.org> > Commit-Queue: Michael Achenbach <machenbach@chromium.org> > Cr-Commit-Position: refs/heads/master@{#50828} TBR=machenbach@chromium.org,sergiyb@chromium.org Change-Id: I2e17aa6ddf44a03d9da29e8b7f7dd2c9f6fe4cb9 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:786303 Reviewed-on: https://chromium-review.googlesource.com/883501Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#50829}
-
Michael Achenbach authored
This switches the current win32 bots to win32 under the hood in MB. We'll remove them and replace them with win64 bots in a follow up on the infra side. This also infers the clang option from asan, because on windows we need to set clang explicitly. TBR=sergiyb@chromium.org Bug: chromium:786303 Change-Id: I9dddd5050a21a364c302a761ff15ddd21e97c7dc Reviewed-on: https://chromium-review.googlesource.com/883103Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#50828}
-
jgruber authored
Bug: chromium:804801 Change-Id: I2d54e98df09b0ed5ccfcddd0815ad162641e03d6 Reviewed-on: https://chromium-review.googlesource.com/883121Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Peter Marshall <petermarshall@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#50827}
-
Michael Lippautz authored
No-try: true Bug: v8:7266 Change-Id: Ia3a0142488765d36485287d0bf4ffa1e2cc635b2 Reviewed-on: https://chromium-review.googlesource.com/883141Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#50826}
-
Michael Achenbach authored
This will affect all manual test runs with x64. Most bots on x64 already migrated. TBR=sergiyb@chromium.org NOTRY=true Bug: v8:7343 Change-Id: I87f46f1848a813c0b320b3e9901481b9232025a5 Reviewed-on: https://chromium-review.googlesource.com/883101 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#50825}
-
Tobias Tebbi authored
Bug: Change-Id: Ia5df528e7e2129a4c6e029b75279015836147c95 Reviewed-on: https://chromium-review.googlesource.com/881145 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#50824}
-
Georg Neis authored
A while ago we introduced MutableBigInt in order to enforce this check. R=jkummerow@chromium.org Bug: v8:6791 Change-Id: I700ff0b1df854d4f6b8beff6f6c984e11cd07e40 Reviewed-on: https://chromium-review.googlesource.com/881174Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#50823}
-
v8-autoroll authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/5d0c607..6f1e572 Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/c4b36e2..296e7c3 Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/e80cb0b..179d836 TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org Change-Id: I40ebd0e5d2ba9ae51e40892a89238a5eb191e6e9 Reviewed-on: https://chromium-review.googlesource.com/882884Reviewed-by: v8 autoroll <v8-autoroll@chromium.org> Commit-Queue: v8 autoroll <v8-autoroll@chromium.org> Cr-Commit-Position: refs/heads/master@{#50822}
-
Adam Klein authored
The chromium callers were updated in https://crrev.com/c/868287, while the pdfium callers were updated in https://pdfium-review.googlesource.com/c/pdfium/+/23058. As a precaution to avoid a repeat of https://crbug.com/803330, I've manually built pdfium, along with the additional gn flag "pdf_enable_xfa = true". Bug: v8:7269, v8:7282 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: I5b8cfb629c2b78627447c940a133d75d7ef7c6e9 Reviewed-on: https://chromium-review.googlesource.com/875252Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#50821}
-
Adam Klein authored
The calls in Chromium were removed in https://crrev.com/c/865535. Bug: v8:7269, v8:7276 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: Iae9fadead1167363893b258ba2a21710a1e080a8 Reviewed-on: https://chromium-review.googlesource.com/869146Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#50820}
-
- 23 Jan, 2018 27 commits
-
-
Michael Lippautz authored
Tbr: ulan@chromium.org Bug: v8:7266 Change-Id: I3bafffafc662856295fa34de2c77e876e3b2a58e Reviewed-on: https://chromium-review.googlesource.com/881172Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#50819}
-
Dan Elphick authored
Before we can set the length of the created array in CSA, first check that it's possible and will do what we want. I.e. check a) that the length is writable b) the backing store is not copy-on-write and c) the old length is not greater than the new length (as otherwise later insertion past the end could restore values from the original constructor). If not then fall back on Runtime::kSetProperty. Bug: chromium:804177 Change-Id: Id0e452f9d160704bbd71e87a075ba4e3983729a7 Reviewed-on: https://chromium-review.googlesource.com/880922 Commit-Queue: Dan Elphick <delphick@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#50818}
-
Eugene Ostroukhov authored
Change-Id: If0fdc76170ad29b4d3dadddbb32bc87c307c04af Reviewed-on: https://chromium-review.googlesource.com/881883Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> Commit-Queue: Eugene Ostroukhov <eostroukhov@chromium.org> Cr-Commit-Position: refs/heads/master@{#50817}
-
Ali Ijaz Sheikh authored
Do a step before selecting the limit for the next step. However, as seen on crbug.com/795323, while this fix makes us more precise in our accounting, we do ending up seeing steps more frequently. This ends up invoking the idle scavenger more frequently. To compensate, we adjust the idle scavenger step size. Bug: Change-Id: I7bc2b1785a564dee27aa3ce6a5a196efe9eb6283 Reviewed-on: https://chromium-review.googlesource.com/838440 Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#50816}
-
Junliang Yan authored
Port d3a4d15f Original Commit Message: This reloc mode is never encoded, so there is no reason to differentiate between 32 and 64 bit. Both are now replaced by RelocInfo::NONE. R=clemensh@chromium.org, joransiu@ca.ibm.com, bjaideep@ca.ibm.com, michael_dawson@ca.ibm.com BUG= LOG=N Change-Id: I9a5369315cc2c966bffd3862d15f29aea08960e4 Reviewed-on: https://chromium-review.googlesource.com/881463Reviewed-by: Joran Siu <joransiu@ca.ibm.com> Commit-Queue: Junliang Yan <jyan@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#50815}
-
Sigurd Schneider authored
When finding the initial element in A.p.reduce[Right], we did exclude holes, but did not reflect this is the type, which still included the hole. This CL inserts a TypeGuard to ensure that Turbofan knows the initial element is never the hole. Bug: chromium:804837 Change-Id: Ia118ddafb8e16dd5c02559fa23216c9b139dd59a Reviewed-on: https://chromium-review.googlesource.com/880967 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#50814}
-
Jaroslav Sevcik authored
This delays removing dead loop's loop exits after we iterate all uses of the loop. That way, we avoid mutating the use collection while iterating it. Bug: chromium:803022 Change-Id: I17462dd82c3cb78f2f630e5db81d8ccdcc517d83 Reviewed-on: https://chromium-review.googlesource.com/878329Reviewed-by: Michael Stanton <mvstanton@chromium.org> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#50813}
-
Michael Achenbach authored
This adds a tri-state flag --infra-staging and --no-infra-staging, which can be used to explicitly opt in or out of the staging test runner. If not specified, a new architecture whitelist will enable roll-out per arch for manual (none CI) runs. We'll start whitelisting archs in follow ups. Bug: v8:7343 Change-Id: I1228e48969fd379f5c231a2b8fad4afc01da94c0 Reviewed-on: https://chromium-review.googlesource.com/881169 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org> Cr-Commit-Position: refs/heads/master@{#50812}
-
Michael Achenbach authored
TBR=sergiyb@chromium.org Bug: v8:7343 Change-Id: Id17a931e00eda0bf018b5f1cb1cd6bac516ec26d Reviewed-on: https://chromium-review.googlesource.com/881482Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#50811}
-
Michal Majewski authored
Introduce option to run fuzzer processor without analysis phase. It will be used in fuzzing combined tests. Bug: v8:6917 Change-Id: Ic96d6b8c5a35c81da80340555bdd75c0d518cb5a Reviewed-on: https://chromium-review.googlesource.com/880948 Commit-Queue: Michał Majewski <majeski@google.com> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#50810}
-
Sigurd Schneider authored
This CL moves allocations in array-multiple-receiver-maps.js to prevent gc fuzzing from cleaning out code objects, which will mess with assertOptimized in the test. Bug: v8:7338 Change-Id: I9ee88cf5518307ff12302df2fdaca5258c23b779 Reviewed-on: https://chromium-review.googlesource.com/880957Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#50809}
-
Michael Lippautz authored
Otherwise stale values are shown in the UI No-try: true Bug: v8:7266 Change-Id: I1aaf15d3b54a8d5754ad4eeb72fb9853585c56eb Reviewed-on: https://chromium-review.googlesource.com/881442Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#50808}
-
Michael Lippautz authored
No-try: true Bug: v8:7266 Change-Id: I9ca2036a54c55c754cc2bb69dcca6157f88ea0fa Reviewed-on: https://chromium-review.googlesource.com/880960Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#50807}
-
Ben L. Titzer authored
R=clemensh@chromium.org,mstarzinger@chromium.org Bug: Change-Id: I1bc451f4d6f70f69e91217d3e44cecedcbdf07d4 Reviewed-on: https://chromium-review.googlesource.com/880951Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Ben Titzer <titzer@chromium.org> Cr-Commit-Position: refs/heads/master@{#50806}
-
Ben L. Titzer authored
As per TODO, this is its rightful place, which gets the module-compiler out of the business of doing finalization. R=mstarzinger@chromium.org,clemensh@chromium.org Bug: v8:7316 Change-Id: Ie419a1e348f14f2613f62fed7083e19365cd9347 Reviewed-on: https://chromium-review.googlesource.com/880950Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Ben Titzer <titzer@chromium.org> Cr-Commit-Position: refs/heads/master@{#50805}
-
Leszek Swirski authored
Currently, yields and awaits inside loops compile to bytecode which switches to the top of the loop header, and switch again once inside the loop. This is to make loops reducible. This replaces this switching logic with a single switch bytecode that directly jumps to the bytecode being resumed. Among other things, this allows us to no longer maintain the generator state after the switch at the top of the function, and avoid having to track loop suspend counts. TurboFan still needs to have reducible loops, so we now insert loop header switches during bytecode graph building, for suspends that are discovered to be inside loops during bytecode analysis. We do, however, do some environment magic across loop headers since we know that we will continue switching if and only if we reached that loop header via a generator resume. This allows us to generate fewer phis and tighten liveness. Change-Id: Id2720ce1d6955be9a48178322cc209b3a4b8d385 Reviewed-on: https://chromium-review.googlesource.com/866734 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#50804}
-
Michael Achenbach authored
TBR=sergiyb@chromium.org Bug: v8:7343 Change-Id: Id2f60f248b40592607a0bf8f74e1169866e317d7 Reviewed-on: https://chromium-review.googlesource.com/880947Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#50803}
-
Clemens Hammacher authored
Anonymous functions have no index, thus we cannot get their source position table. Technically, we are not even allowed to call {index()} on anonymous functions, as this will DCHECK that {index_} contains a value. R=mstarzinger@chromium.org Change-Id: I9a8b07cf836671e080cc1784c1712ecd88778972 Reviewed-on: https://chromium-review.googlesource.com/880921 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#50802}
-
Georg Neis authored
It must be monotone. R=bmeurer@chromium.org Bug: v8:7354 Change-Id: I08dcd3333518029eef08c074c2b91b5c20ad699e Reviewed-on: https://chromium-review.googlesource.com/880982Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#50801}
-
Benedikt Meurer authored
Reduce the code duplication overhead in the InternalPerformPromiseThen helper, which saves quite a bit of space and makes code more concise and readable. Bug: v8:7253, v8:7310 Change-Id: I64d11661d7258ced32df564d2e83c5ea45955415 Reviewed-on: https://chromium-review.googlesource.com/880722Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#50800}
-
Michael Starzinger authored
This fixes a corner-case where deserialization of a module containing multiple exported functions of the same signature forgot to properly unprotect the code-space. Test coverage has been added. R=clemensh@chromium.org TEST=mjsunit/wasm/compiled-module-serialization BUG=chromium:804767 Change-Id: I0082303db19bcc14c4de30f29d604665e281d79d Reviewed-on: https://chromium-review.googlesource.com/880844Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#50799}
-
Ben L. Titzer authored
As part of the effort to despecialize WASM code, convert many uses of WasmInstanceObject which were simply indirecting through to either the compiled module or the shared module data with helpers on the respective Frame objects. R=mstarzinger@chromium.org Bug: Change-Id: I05bd1a18b1d81cceef8a80d9f6988e4f5d537e66 Reviewed-on: https://chromium-review.googlesource.com/876125 Commit-Queue: Ben Titzer <titzer@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#50798}
-
Clemens Hammacher authored
When spilling a value to the stack, make sure to fill it as the same type later. Otherwise, we might load garbage from the stack and violate the assumption that the upper 32 bits of a 64 bit register are zero if it currently holds a 32 bit value. R=titzer@chromium.org Bug: v8:7353, v8:6600 Change-Id: I7f2b1b31b7f3c13aa152c682cb59400fb5a3ebf0 Reviewed-on: https://chromium-review.googlesource.com/880682 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Ben Titzer <titzer@chromium.org> Cr-Commit-Position: refs/heads/master@{#50797}
-
Leszek Swirski authored
Now that SuspendGenerator returns, we have to update the interrupt budget during that return to ensure that generators can be optimized. Bug: chromium:804796 Change-Id: I8a9fa1c2399da81a3c2a7d8a07a774d5648d1c5e Reviewed-on: https://chromium-review.googlesource.com/880821Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#50796}
-
Michael Lippautz authored
Bug: v8:7266 Change-Id: I1436d39281caa9daf33289840d19a4a5e1ba476d Reviewed-on: https://chromium-review.googlesource.com/880843Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#50795}
-
Benedikt Meurer authored
Use this in the PromiseThen operation to skip the (expensive) lookup in the SpeciesConstructor operation. This yields in a nice 3-5% improvement on the bluebird and wikipedia benchmarks, and paves the way for inlining certain Promise operations into TurboFan optimized code later. On the micro-benchmark mentioned in the bug (from the findings doc), we reduce the overall execution time by 25%, which makes sense given that Promise.prototype.then spends a significant portion of it's time just figuring out the appropriate constructor. Bug: v8:7253, v8:7349 Change-Id: Ia1577b59d1b7e4b8dbda83e2186583edab76695a Reviewed-on: https://chromium-review.googlesource.com/880681Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#50794}
-
Ulan Degenbaev authored
The predicatable mode sets --single-threaded flag, which disables --wasm-async-compilation. The test relies on async compilation. Change-Id: I49dae829506c69f21f148cc9c9565c136abcda42 Reviewed-on: https://chromium-review.googlesource.com/880842Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#50793}
-