- 24 Jun, 2015 25 commits
-
-
machenbach authored
Revert of Fix receiver when calling eval() bound by with scope (patchset #3 id:40001 of https://codereview.chromium.org/1202963005/) Reason for revert: [Sheriff] Breaks layout tests. Please fix upstream blink first. http://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Mac/builds/574 Please consider extra blink trybots on a reland. Original issue's description: > Fix receiver when calling eval() bound by with scope > > Thanks to André Bargull for the report. > > BUG=v8:4214 > LOG=N > R=arv@chromium.org, mstarzinger@chromium.org > > Committed: https://crrev.com/3c5f0db3a1768ade68108bf003676ce378d1cbdc > Cr-Commit-Position: refs/heads/master@{#29259} TBR=arv@chromium.org,mstarzinger@chromium.org,verwaest@chromium.org,wingo@igalia.com NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=v8:4214 Review URL: https://codereview.chromium.org/1201273004 Cr-Commit-Position: refs/heads/master@{#29267}
-
machenbach authored
Revert of Extend big-disjunction optimization to case-independent regexps (patchset #5 id:80001 of https://codereview.chromium.org/1182783009/) Reason for revert: [Sheriff] Test times out now on msan: http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/builds/2947 Original issue's description: > Extend big-disjunction optimization to case-independent regexps > > R=yangguo@chromium.org > BUG=chromium:482998 > LOG=n > > Committed: https://crrev.com/d2135603bcf462e15a1284d8ed969f6692610dda > Cr-Commit-Position: refs/heads/master@{#29264} TBR=yangguo@chromium.org,erikcorry@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=chromium:482998 Review URL: https://codereview.chromium.org/1204013003 Cr-Commit-Position: refs/heads/master@{#29266}
-
binji authored
Shell::SerializeValue was using a HandleScope, but was also storing Handles in an ObjectList. The ObjectList handles would persist after the function had returned, but will have already been destroyed by the HandleScope, so there is a use-after-free. This change removes the HandleScope in Shell::SerializeValue and relies on the caller's HandleScope. BUG=chromium:503968 R=jochen@chromium.org LOG=n Review URL: https://codereview.chromium.org/1211433003 Cr-Commit-Position: refs/heads/master@{#29265}
-
erikcorry authored
R=yangguo@chromium.org BUG=chromium:482998 LOG=n Review URL: https://codereview.chromium.org/1182783009 Cr-Commit-Position: refs/heads/master@{#29264}
-
binji authored
BUG=chromium:503991 R=jochen@chromium.org LOG=n Review URL: https://codereview.chromium.org/1210623002 Cr-Commit-Position: refs/heads/master@{#29263}
-
wingo authored
Some tokens need special messages because their token corresponds to many names. R=arv@chromium.org BUG=v8:4213 LOG=N Review URL: https://codereview.chromium.org/1207743004 Cr-Commit-Position: refs/heads/master@{#29262}
-
binji authored
BUG=chromium:503698 R=jochen@chromium.org LOG=n Review URL: https://codereview.chromium.org/1208573003 Cr-Commit-Position: refs/heads/master@{#29261}
-
dslomov authored
JS runtime function calls cause Hydrogen to bail out. R=adamk@chromiunm.org,arv@chromium.org Review URL: https://codereview.chromium.org/1210533003 Cr-Commit-Position: refs/heads/master@{#29260}
-
wingo authored
Thanks to André Bargull for the report. BUG=v8:4214 LOG=N R=arv@chromium.org, mstarzinger@chromium.org Review URL: https://codereview.chromium.org/1202963005 Cr-Commit-Position: refs/heads/master@{#29259}
-
hpayer authored
BUG= Review URL: https://codereview.chromium.org/1211513002 Cr-Commit-Position: refs/heads/master@{#29258}
-
mbrandy authored
Port c019d7f4 Original commit message: - Thread Type::FunctionType through stubs and the TF pipeline. - Augment Typer to decorate parameter nodes with types from a Type::FunctionType associated with interface descriptors. - Factor interface descriptors into platform-specific and platform-independent components so that all descriptors share a common Type::FunctionType for all platforms. R=danno@chromium.org, dstence@us.ibm.com, michael_dawson@ca.ibm.com BUG= Review URL: https://codereview.chromium.org/1206893002 Cr-Commit-Position: refs/heads/master@{#29257}
-
ishell authored
Review URL: https://codereview.chromium.org/1203873005 Cr-Commit-Position: refs/heads/master@{#29256}
-
yangguo authored
If we do not clear next links during serialization, the serializer would simply follow those links and serialize arbitrary objects held by weak cells. This breaks the invariant in the code serializer, which crashes if it sees context-dependent objects. R=ulan@chromium.org BUG=chromium:503552 LOG=Y Review URL: https://codereview.chromium.org/1203973002 Cr-Commit-Position: refs/heads/master@{#29255}
-
mbrandy authored
Port 8196c28a Original commit message: JSConstructStub for subclass constructors instead locates new.target in a known location on the stack. R=dslomov@chromium.org, dstence@us.ibm.com, michael_dawson@ca.ibm.com BUG= Review URL: https://codereview.chromium.org/1208443002 Cr-Commit-Position: refs/heads/master@{#29254}
-
wingo authored
R=jkummerow@chromium.org LOG=N BUG= Review URL: https://codereview.chromium.org/1202843006 Cr-Commit-Position: refs/heads/master@{#29253}
-
machenbach authored
TBR=ulan, jochen NOTRY=true Review URL: https://codereview.chromium.org/1209453003 Cr-Commit-Position: refs/heads/master@{#29252}
-
bmeurer authored
This way we need the common types only once per process and we don't need to recreate them for every compilation. It uses the same pattern that we already apply to caching operators. This simplifies the type cache a lot. R=svenpanne@chromium.org Review URL: https://codereview.chromium.org/1209513002 Cr-Commit-Position: refs/heads/master@{#29251}
-
bmeurer authored
This fixes a slight inconsistency in the InstructionSelector that basically disabled the optimization for things like ObjectIsSmi. R=jarin@chromium.org Review URL: https://codereview.chromium.org/1206773002 Cr-Commit-Position: refs/heads/master@{#29250}
-
jacob.bramley authored
The original implementation assumed that LPushArguments and LInvoke/Call* could be assumed to be exclusively sequential. However, this isn't always the case. For example, GenerateCallFunction pushes some arguments and then selects between HInvokeFunction and HCallFunction. This fixed implementation resets a pushed_arguments_ counter based on the argument_count() of the preceeding basic block, then tracks it per-instruction as before (except that now we maintain a count rather than a boolean flag). At the same time, since we now track exactly how many arguments have been pushed onto the stack, I was able to adjust the offset accordingly and use jssp for stack slots even when arguments have been pushed. BUG= Review URL: https://codereview.chromium.org/1038363002 Cr-Commit-Position: refs/heads/master@{#29249}
-
danno authored
- Thread Type::FunctionType through stubs and the TF pipeline. - Augment Typer to decorate parameter nodes with types from a Type::FunctionType associated with interface descriptors. - Factor interface descriptors into platform-specific and platform-independent components so that all descriptors share a common Type::FunctionType for all platforms. Review URL: https://codereview.chromium.org/1197703002 Cr-Commit-Position: refs/heads/master@{#29248}
-
bbudge authored
SIMD values will require their own type code for conversion to boolean. LOG=N BUG=v8:4124 Review URL: https://codereview.chromium.org/1202973003 Cr-Commit-Position: refs/heads/master@{#29247}
-
binji authored
Worker is not defined on the V8 Shared bots. BUG=chromium:503578 R=jarin@chromium.org LOG=n Review URL: https://codereview.chromium.org/1202763004 Cr-Commit-Position: refs/heads/master@{#29246}
-
machenbach authored
BUG=chromium:502176 LOG=n Review URL: https://codereview.chromium.org/1203653002 Cr-Commit-Position: refs/heads/master@{#29245}
-
binji authored
BUG=503578 R=jarin@chromium.org LOG=n Review URL: https://codereview.chromium.org/1204753002 Cr-Commit-Position: refs/heads/master@{#29244}
-
mstarzinger authored
R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/1197793005 Cr-Commit-Position: refs/heads/master@{#29243}
-
- 23 Jun, 2015 15 commits
-
-
arv authored
We used to call toString as a method which is not safe. BUG=v8:4225 LOG=Y R=adamk, littledan CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel Review URL: https://codereview.chromium.org/1200033003 Cr-Commit-Position: refs/heads/master@{#29242}
-
adamk authored
Speculative revert in the hopes of fixing serializer crashes seen in canary. This reverts commit c1669450, as well as followup change "Do not look for existing shared function info when compiling a new script." (commit 7c43967b). BUG=chromium:503552,v8:4132 TBR=yangguo@chromium.org LOG=n Review URL: https://codereview.chromium.org/1207583002 Cr-Commit-Position: refs/heads/master@{#29241}
-
mathias authored
TEST=mjsunit/date BUG=v8:4226 LOG=N Review URL: https://codereview.chromium.org/1203733002 Cr-Commit-Position: refs/heads/master@{#29240}
-
titzer authored
R=mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/1199053011 Cr-Commit-Position: refs/heads/master@{#29239}
-
dslomov authored
JSConstructStub for subclass constructors instead locates new.target in a known location on the stack. R=arv@chromium.org,adamk@chromium.org BUG=v8:3886 LOG=N Review URL: https://codereview.chromium.org/1196193014 Cr-Commit-Position: refs/heads/master@{#29238}
-
adamk authored
Map: get, set, has, delete, clear Set: add, has, delete, clear All except clear are implemented as calls into collection.js. Note that some of these shadow methods of v8::Object. It's unclear how confusing that's going to be: on the one hand, it seems likely that most operations you would want to do on a Map or Set are these. On the other, generic code could get confused if it somehow gets ahold of a variable that happens to be C++-typed as a v8::Map or v8::Set. BUG=v8:3340 LOG=y Review URL: https://codereview.chromium.org/1204623002 Cr-Commit-Position: refs/heads/master@{#29237}
-
ishell authored
BUG=chromium:501711 LOG=N Review URL: https://codereview.chromium.org/1207453002 Cr-Commit-Position: refs/heads/master@{#29236}
-
jochen authored
BUG=none R=hpayer@chromium.org LOG=n Review URL: https://codereview.chromium.org/1201993002 Cr-Commit-Position: refs/heads/master@{#29235}
-
mbrandy authored
The optimized instruction sequences for floating-point min/max do not have the same behaviour as TurboFan's Float(32|64)(Min|Max) functions (incorrect handling for NaN operands). R=dstence@us.ibm.com, michael_dawson@ca.ibm.com BUG= Review URL: https://codereview.chromium.org/1193843015 Cr-Commit-Position: refs/heads/master@{#29234}
-
verwaest authored
BUG=chromium:499790 LOG=n Review URL: https://codereview.chromium.org/1203653003 Cr-Commit-Position: refs/heads/master@{#29233}
-
verwaest authored
BUG=v8:4137 LOG=n Review URL: https://codereview.chromium.org/1196163005 Cr-Commit-Position: refs/heads/master@{#29232}
-
mstarzinger authored
This is a precursor to using specialized LoadIC and StoreIC stubs for global variable access. It also removes the need to keep track of the global object in the type system, hence freeing up one bit. R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/1205473004 Cr-Commit-Position: refs/heads/master@{#29231}
-
bmeurer authored
BUG=v8:4207 LOG=y R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/1198993009 Cr-Commit-Position: refs/heads/master@{#29230}
-
jacob.bramley authored
ARM64's `fmin` and `fmax` instructions don't have the same behaviour as TurboFan's Float(32|64)(Min|Max) functions. BUG=4206 LOG=N Review URL: https://codereview.chromium.org/1200123004 Cr-Commit-Position: refs/heads/master@{#29229}
-
verwaest authored
BUG=chromium:503457 LOG=n Review URL: https://codereview.chromium.org/1198993008 Cr-Commit-Position: refs/heads/master@{#29228}
-