- 03 Apr, 2017 12 commits
-
-
Michael Starzinger authored
This adds support for tracking token positions in the asm.js scanner and uses these positions to emit a mapping from WASM to asm.js positions. Note that the mapping is still incomplete (some call sites are not yet covered). R=clemensh@chromium.org TEST=debugger/debug/wasm/asm-debug BUG=v8:6127 Change-Id: Ic8aad1a85e7d9e19da2eec523fcc73d4984afcc8 Reviewed-on: https://chromium-review.googlesource.com/466046 Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#44335}
-
tgfjt.mail authored
This comment was just left behind: https://codereview.chromium.org/6006 BUG=v8:5413 Review-Url: https://codereview.chromium.org/2794863002 Cr-Commit-Position: refs/heads/master@{#44334}
-
Andreas Haas authored
titzer@ originally created this CL (https://codereview.chromium.org/2757903002). I fixed crashing tests and adressed some comments of the reviewers. R=bradnelson@chromium.org, clemensh@chromium.org, mtrofin@chromium.org BUG=v8:6003 Change-Id: I4ab6d503909402d24043657a896200032e6d1023 Reviewed-on: https://chromium-review.googlesource.com/464887Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Mircea Trofin <mtrofin@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#44333}
-
Clemens Hammacher authored
A DCHECK was failing if we unwind an activation which is not the bottom-most. This CL fixes this and adds a test for this. R=ahaas@chromium.org BUG=v8:5822 Change-Id: Ib69116b4c45a7b2a0d6cab97ad984dfdcda55918 Reviewed-on: https://chromium-review.googlesource.com/464788Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#44332}
-
jgruber authored
BUG=v8:5437 Review-Url: https://codereview.chromium.org/2779033003 Cr-Commit-Position: refs/heads/master@{#44331}
-
Daniel Ehrenberg authored
This reverts commit fa314341. Reason for revert: Causes a significant bug: https://bugs.chromium.org/p/v8/issues/detail?id=6190 Original change's description: > Stage --harmony-function-tostring > > BUG=v8:4958 > > Change-Id: Id02d36fce76eed54a5a3d348dbac2ea7d43f4ef3 > Reviewed-on: https://chromium-review.googlesource.com/462336 > Reviewed-by: Daniel Ehrenberg <littledan@chromium.org> > Commit-Queue: Adam Klein <adamk@chromium.org> > Cr-Commit-Position: refs/heads/master@{#44275} TBR=adamk@chromium.org,littledan@chromium.org,hablich@chromium.org,v8-reviews@googlegroups.com # Not skipping CQ checks because original CL landed > 1 day ago. BUG=v8:4958 Change-Id: I43388674e454275fb93a15b9af03e3d8c3cfaaa2 Reviewed-on: https://chromium-review.googlesource.com/465810Reviewed-by: Daniel Ehrenberg <littledan@chromium.org> Commit-Queue: Daniel Ehrenberg <littledan@chromium.org> Cr-Commit-Position: refs/heads/master@{#44330}
-
yangguo authored
R=jgruber@chromium.org BUG=v8:6165 Review-Url: https://codereview.chromium.org/2794443002 Cr-Commit-Position: refs/heads/master@{#44329}
-
Josh Wolfe authored
* When V8_I18N_SUPPORT, completely omit the Unibrow no-op placeholder, and instead use the CPP builtin that uses ICU. * Remove %StringNormalize() runtime function. Bug: v8:5751 CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_linux_noi18n_rel_ng Change-Id: I3499fa4305d421859253a226f4f09794abe94f4c Change-Id: I3499fa4305d421859253a226f4f09794abe94f4c Reviewed-on: https://chromium-review.googlesource.com/462405Reviewed-by: Caitlin Potter <caitp@igalia.com> Reviewed-by: Daniel Ehrenberg <littledan@chromium.org> Commit-Queue: Daniel Ehrenberg <littledan@chromium.org> Cr-Commit-Position: refs/heads/master@{#44328}
-
bmeurer authored
For speculative number comparisons with SignedSmall feedback, we always enforce either TaggedSigned or Word32 comparisons. But this is not really beneficial if one of the inputs is already in Float64 representation; in that case it's cheaper to just convert the other input to a Float64. R=jarin@chromium.org Review-Url: https://codereview.chromium.org/2790833004 Cr-Commit-Position: refs/heads/master@{#44327}
-
dusan.simicic authored
Adds support for I32x4Splat, I32x4ExtractLane, I32x4ReplaceLane, I32x4Add, I32x4Sub, S128Zero operations for mips32 and mips64 architectures. BUG= Note: Depends on patch: https://codereview.chromium.org/2740123004/ Review-Url: https://codereview.chromium.org/2753903004 Cr-Commit-Position: refs/heads/master@{#44326}
-
pierre.langlois authored
The "perf inject" command will place the generated function into a .text section, placed directly after the ELF header. As a result, source position addresses need to be adjusted according to the size of the ELF header, which is 0x40 for 64 bit architectures and 0x34 on 32 bit architectures. We would previously adjust the addresses with 0x40 regardless of the architecture. BUG= Review-Url: https://codereview.chromium.org/2783203005 Cr-Commit-Position: refs/heads/master@{#44325}
-
jgruber authored
Previously, named captures (and related functionality) were restricted to unicode-mode regexps. This CL extends that support to non-unicode patterns. Named groups are supported regardless of the mode, and named back-references are supported if the regexp is in unicode mode or if it contains a named capture (otherwise '\k' is treated as an identity escape). BUG=v8:5437,v8:6192 Review-Url: https://codereview.chromium.org/2788873002 Cr-Commit-Position: refs/heads/master@{#44324}
-
- 02 Apr, 2017 1 commit
-
-
v8-autoroll authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/6491c78..e00daf3 Rolling v8/third_party/catapult: https://chromium.googlesource.com/external/github.com/catapult-project/catapult/+log/93bc1a8..6b686d1 TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org Change-Id: I7f29f3db5f477e88950fa55fc334bd43b9f2f412 Reviewed-on: https://chromium-review.googlesource.com/465567Reviewed-by: v8 autoroll <v8-autoroll@chromium.org> Commit-Queue: v8 autoroll <v8-autoroll@chromium.org> Cr-Commit-Position: refs/heads/master@{#44323}
-
- 01 Apr, 2017 3 commits
-
-
cwhan.tunz authored
- Implement %TypedArray%.prototype.slice to C++ builtins - Remove TypedArraySlice in src/js/typedarray.js - Implement TypedArraySpeciesCreate in builtins-typedarray.cc - Implement TypedArrayCreate in builtins-typedarray.cc BUG=v8:5929 Review-Url: https://codereview.chromium.org/2763473002 Cr-Commit-Position: refs/heads/master@{#44322}
-
v8-autoroll authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/673a8f4..6491c78 Rolling v8/third_party/catapult: https://chromium.googlesource.com/external/github.com/catapult-project/catapult/+log/b13bd47..93bc1a8 Rolling v8/third_party/instrumented_libraries: https://chromium.googlesource.com/chromium/src/third_party/instrumented_libraries/+log/48dcb2c..61065eb TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org Change-Id: I250016d204248badff52d7e29a4b466e52d20a06 Reviewed-on: https://chromium-review.googlesource.com/465726Reviewed-by: v8 autoroll <v8-autoroll@chromium.org> Commit-Queue: v8 autoroll <v8-autoroll@chromium.org> Cr-Commit-Position: refs/heads/master@{#44321}
-
jbroman authored
This was missed when Latin-1 encoding replaced UTF-8 encoding when one-byte strings (like most keys) are serialized. BUG=chromium:686159 Review-Url: https://codereview.chromium.org/2784423002 Cr-Commit-Position: refs/heads/master@{#44320}
-
- 31 Mar, 2017 24 commits
-
-
gdeepti authored
BUG=chromium:702460 R=mtrofin@chromium.org, bbudge@chromium.org Review-Url: https://codereview.chromium.org/2794693002 Cr-Commit-Position: refs/heads/master@{#44319}
-
kschimpf authored
Records histogram of ArrayBuffer/SharedArrayBuffer new allocations that failed because it couldn't allocate space for the buffer. Histogram is based on the buffer size requested. This counter is intended to give some clue as to how often, and what sizes are being requested. Unfortunately, the how often can't be answered with the current counter. The problem is that V8 doesn't currently support this possibility yet. Hence, for now, introducing a counter that at least counts the number/size of failing requests. BUG=chromium:704922 R=bbudge@chromium.org,bradnelson@chromium.org,mtrofin@chromium.org Review-Url: https://codereview.chromium.org/2786913004 Cr-Commit-Position: refs/heads/master@{#44318}
-
kschimpf authored
Adds a counter for large array buffers. Used to give an indication of how common large array buffers are allocated in V8. For the moment, we assume a 1Mb cutoff for the notion of large array buffers. We also use log2(length) to cleanly bucket sizes into a histogram. BUG=chromium:704922 R=bbudge@chromium.org,bradnelson@chromium.org,mtrofin@chromium.org Review-Url: https://codereview.chromium.org/2792623002 Cr-Commit-Position: refs/heads/master@{#44317}
-
bmeurer authored
Currently x instanceof RegExp checks cannot take the fast path, since the RegExp constructor has dictionary properties. To avoid that, just forcibly migrate the RegExp constructor to fast properties again once it's fully setup in the bootstrapper. This yields a 10x improvement for x instanceof RegExp checks. R=yangguo@chromium.org BUG=v8:5902 Review-Url: https://codereview.chromium.org/2786143004 Cr-Commit-Position: refs/heads/master@{#44316}
-
bjaideep authored
Port 776d89f9 Original Commit Message: Rewrite returns in derived constructors to only replace undefined with this, and otherwise just return the value, and let the construct stub builtin throw an exception if the result is a primitive instead of a JSReceiver. R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG=chromium:706642 LOG=N Review-Url: https://codereview.chromium.org/2786413003 Cr-Commit-Position: refs/heads/master@{#44315}
-
kschimpf authored
Looking at UMA results, we are getting a fair number of modules with more than 10,000 functions (5.2%) that are being lumped into the maximal entry. To get more visibility into what values are being lumped, this CL lifts the maximum to 100,000. BUG=chromium:704922 R=bbudge@chromium.org,bradnelson@chromium.org Review-Url: https://codereview.chromium.org/2787163002 Cr-Commit-Position: refs/heads/master@{#44314}
-
kschimpf authored
Looking at UMA results, we are geting a number of instantiations (4%) that are being lumped into the 1 second (plus) maximum entry. To get more visibility into the values in this bucket, this CL lift the maximun to 10 seconds. BUG=chromium:704922 R=bbudge@chromium.org,bradnelson@chromium.org Review-Url: https://codereview.chromium.org/2780353004 Cr-Commit-Position: refs/heads/master@{#44313}
-
kschimpf authored
Looking at UMA results, we are getting a lot of compilations (over 5%) that are being lumped into the 1 second (plus) maximum entry. To get more visibility into this, this CL lifts the maxiumum to 10 seconds. BUG=chromium:704922 R=bbudge@chromium.org,bradnelson@chromium.org Review-Url: https://codereview.chromium.org/2785313002 Cr-Commit-Position: refs/heads/master@{#44312}
-
jgruber authored
Fixes a crash found by clusterfuzz caused by a call to std::vector::reserve with a huge capacity, and reverts to ZoneList handling as a tentative fix for performance regressions on the slow @@replace path. BUG=chromium:707187,chromium:706748,v8:5437 Review-Url: https://codereview.chromium.org/2787343002 Cr-Commit-Position: refs/heads/master@{#44311}
-
jyan authored
some arch like s390 has native instr can benefit from this. see ~10% improvement on MathAbs on s390 Review-Url: https://codereview.chromium.org/2785773002 Cr-Commit-Position: refs/heads/master@{#44310}
-
tebbi authored
R=bmeuerer@chromium.org Review-Url: https://codereview.chromium.org/2789713003 Cr-Commit-Position: refs/heads/master@{#44309}
-
Ross McIlroy authored
Check that a register used as a local is within the bytecode array's local count. BUG=chromium:706234 Change-Id: I51f6a0a8be065b93b9a4e1dca623e98c51685b51 Reviewed-on: https://chromium-review.googlesource.com/464768Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#44308}
-
machenbach authored
This reverts commit 4506382d. We don't allow DEPS'ing things outside googlesource. This requires a mirror. Also .gitignore entry is missing. NOTRY=true NOTREECHECKS=true NOPRESUBMIT=true TBR=bmeurer@chromium.org Review-Url: https://codereview.chromium.org/2785183005 Cr-Commit-Position: refs/heads/master@{#44307}
-
martyn.capewell authored
Add assembler, disassembler and simulator support for NEON in the ARM64 backend. BUG= Review-Url: https://codereview.chromium.org/2622643005 Cr-Commit-Position: refs/heads/master@{#44306}
-
bmeurer authored
R=jarin@chromium.org BUG=v8:5267,v8:6181 Review-Url: https://codereview.chromium.org/2792553002 Cr-Commit-Position: refs/heads/master@{#44305}
-
Peter Marshall authored
This CL uses the same logic as spread calls to check whether the iteration over an array would produce different results to simply accessing the backing store directly. Skipping the full iteration protocol for normal arrays gives us a ~10x speedup on the construct-typedarray benchmark. BUG=v8:5977,v8:5699,v8:4782,chromium:698173 Change-Id: Ib878d39691e99b739afef0dd05a6a6efc5b6b5d4 Reviewed-on: https://chromium-review.googlesource.com/463367Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#44304}
-
jgruber authored
Numbered back-references that occur before the referenced capture trigger an internal mini-parser that looks ahead in the pattern and counts capturing groups. This updates the mini-parser to correctly handle named captures. BUG=v8:5437 Review-Url: https://codereview.chromium.org/2792523002 Cr-Commit-Position: refs/heads/master@{#44303}
-
hpayer authored
Revert of [heap] Take page lock when scavenging old to new references in Scavenger. (patchset #2 id:20001 of https://codereview.chromium.org/2781363002/ ) Reason for revert: This results in a deadlock when the scavenger decides to perform sweeping and re-grabs the same mutex. Original issue's description: > [heap] Take page lock when scavenging old to new references in Scavenger. > > BUG=v8:5807 > > Review-Url: https://codereview.chromium.org/2781363002 > Cr-Commit-Position: refs/heads/master@{#44268} > Committed: https://chromium.googlesource.com/v8/v8/+/4024e6a1bb0b803a5cd16fcd11f39cc305b943c6 TBR=ulan@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=v8:5807 Review-Url: https://codereview.chromium.org/2786313003 Cr-Commit-Position: refs/heads/master@{#44302}
-
Peter Marshall authored
The last CL https://chromium-review.googlesource.com/c/456707/ caused some pretty heavy performance regressions. After experimenting, it seems the easiest and most straight-forward way to copy the elements into the new typed array is to do it in JS. Adds a fast path for typed arrays, where the source typed array has the same elements kind, in which case we can just copy the backing store using memcpy. This CL also removes regression test 319120 which is from a pwn2own vulnerability. The old code path enforced a maximum byte_length that was too low, which this change removes. The length property of the typed array must be a Smi, but the byte_length, which can be up to 8x larger than length for a Float64Array, can be a heap number. We can also re-use some of the logic from ConstructByLength when deciding whether to allocate the buffer on- or off-heap, so that is factored out into InitializeBasedOnLength. We can also re-use the DoInitialize helper instead of calling into the runtime, meaning we can remove InitializeFromArrayLike. BUG=v8:5977,chromium:705503,chromium:705394 Change-Id: I63372652091d4bdf3a9491acef9b4e3ac793a755 Reviewed-on: https://chromium-review.googlesource.com/459621Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#44301}
-
Andreas Haas authored
The original CL was reverted because regression test used i18n stuff, which was not available in the no-i18n bot. The regression test turned out to be flaky, because I cannot even reproduce the crash now without the fix. I think the reason is that for the crash to happen a stack check has to fail within the rejection of a promise. Small changes can cause the stack check to fail somewhere else. Investigations showed though that the crash should still be possible. I propose therefore to land the fix now without the regression test. Original message: We check that if we do not get a result, or if we get a negative result, then there has to be a scheduled exception. R=clemensh@chromium.org BUG=chromium:704127 Change-Id: Iaf355249686412a636074a476687413b621aac68 Reviewed-on: https://chromium-review.googlesource.com/464846Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#44300}
-
Franziska Hinkelmann authored
Add the source position to variables if they are parameters. Collect type information for parameters and return values. Index the types by their corresponding source position. For the types of return values, use the function end as source position. Sample output for a function with 2 parameters (at source position 252 and 258, and function end at 443) ************* Function: testFunction 252: Object number string number 258: undefined boolean undefined undefined 443: Object number string number ************* BUG=v8:5933 Change-Id: I3b8749afcac706c1834146abf1b5b4a3fd130fb6 Reviewed-on: https://chromium-review.googlesource.com/461919Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Marja Hölttä <marja@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Franziska Hinkelmann <franzih@chromium.org> Cr-Commit-Position: refs/heads/master@{#44299}
-
Michael Starzinger authored
This fixes printing of {CallRuntime} nodes that are backed by JavaScript functions. Issues with the printing that was in place: - Crash because it was accessing {context} instead of {native_context} - Printout was not comparable, raw heap pointer different between runs R=bmeurer@chromium.org Change-Id: I941944b46550bd908ec14a324bc255d6c8f96fbe Reviewed-on: https://chromium-review.googlesource.com/464766Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#44298}
-
Clemens Hammacher authored
grow_memory was working from test cases, but not in combination with compiled code. This CL makes the effect of grow_memory executed either in the interpreter or compiled code always be reflected in both execution environments. It also adds a %RedirectToWasmInterpreter runtime function for testing this interaction. R=ahaas@chromium.org CC=gdeepti@chromium.org BUG=v8:5822 Change-Id: I3e7c184c42ef655d1c30d2e0dddad7fb783455fc Reviewed-on: https://chromium-review.googlesource.com/463506 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#44297}
-
Clemens Hammacher authored
Add a limit to the number of nested call frames in the C++ wasm interpreter. Both the size of the value stack as well as the size of the block stack are limited per call frame. Thus, a limit on only the call frame stack is enough to limit the overall memory consumption of one interpreter instance. R=ahaas@chromium.org BUG=v8:5822 Change-Id: If9f7e547cd1d003bc2ae3c7586ece6b3cf3be587 Reviewed-on: https://chromium-review.googlesource.com/463486 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#44296}
-