- 18 Dec, 2017 24 commits
-
-
Clemens Hammacher authored
Make sure that a continue still executed the increment part of a for loop by adding another nested block for the body, which is the break target for a continue in the body. The increment code lives outside this block, in the original loop. R=bradnelson@chromium.org CC=mstarzinger@chromium.org Bug: chromium:788916 Change-Id: I178b874ffac16d9237a0f4da097d2742bd93335a Reviewed-on: https://chromium-review.googlesource.com/832447 Commit-Queue: Brad Nelson <bradnelson@chromium.org> Reviewed-by:
Brad Nelson <bradnelson@chromium.org> Cr-Commit-Position: refs/heads/master@{#50169}
-
Leszek Swirski authored
Move literal initialization out of AST numbering and into the parser. The initialization includes setting the depth and flags of Object and Array literals, and calculating the emit store of object literals. Bug: v8:7178 Change-Id: I9af59a2fea44f8a1adcc5a0261f29ce97fa8da92 Reviewed-on: https://chromium-review.googlesource.com/814634 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#50168}
-
Sigurd Schneider authored
This change is quite invasive, because CheckSmi is lowered through representation change depending on UseInfo to several different checked conversion operators. This CL adds feedback to every checked conversion operator to Int32. Bug: v8:7127, v8:7204 Change-Id: Icb780e5a69d321c2ec161c3c2a32984bdcf101f1 Reviewed-on: https://chromium-review.googlesource.com/831521Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#50167}
-
Clemens Hammacher authored
This makes --print-code and --print-wasm-code also print code emitted on the native wasm heap. It also extends code printing to include the code kind and the index. R=mtrofin@chromium.org Change-Id: I39c23f4b65168c059f23477ec5d264924ca83e82 Reviewed-on: https://chromium-review.googlesource.com/831987Reviewed-by:
Mircea Trofin <mtrofin@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#50166}
-
Clemens Hammacher authored
The pattern "handle->foo(factory->NewXX())" is unsafe, because the evaluation order of the receiver (dereferencing the handle) and the argument (allocating something on the heap) is undefined. If the receiver is evaluated first, then the allocation in the evaluation of the argument might invalidate the receiver. In general, gcmole should catch these errors, but sadly, if the method "foo" receives a Handle, it seems to not catch them. We should generally refactor our getters and setters to receive and return raw pointers instead of handles, just like most other code in our code base. R=mtrofin@chromium.org, ahaas@chromium.org Bug: v8:7224 Change-Id: If9e84e4ca7efe02c40b97a8c5c549c222947d6bb Reviewed-on: https://chromium-review.googlesource.com/832268Reviewed-by:
-
Igor Sheludko authored
... by "inlining" the Tuple2 object into the data handler. Bug: v8:7206, v8:5561 Change-Id: I8517b2faa8d13bd16b8ec99c7ea8ab97c73a5f2a Reviewed-on: https://chromium-review.googlesource.com/819233Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#50164}
-
Michal Majewski authored
Bug: v8:6917 Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng Change-Id: I69d15801b79bf7aa846582367e9f3037b6612431 Reviewed-on: https://chromium-review.googlesource.com/829033 Commit-Queue: Michał Majewski <majeski@google.com> Reviewed-by:
Michael Achenbach <machenbach@chromium.org> Reviewed-by:
Sergiy Byelozyorov <sergiyb@chromium.org> Cr-Commit-Position: refs/heads/master@{#50163}
-
Clemens Hammacher authored
Add additional protection against OOB accesses by masking the index to access by a mask precomputed from the memory size. R=clemensh@chromium.org, bradnelson@chromium.org Change-Id: I1d5875121e1904074b115a2c88ca773b6c1c1a66 Reviewed-on: https://chromium-review.googlesource.com/830394Reviewed-by:
Andreas Haas <ahaas@chromium.org> Reviewed-by:
Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#50162}
-
Sergiy Byelozyorov authored
TBR=machenbach@chromium.org No-Try: true Bug: chromium:747960 Change-Id: I2befa4776ba51d0512a86e43a44a5ca4afd34b1b Reviewed-on: https://chromium-review.googlesource.com/832446 Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org> Reviewed-by:
-
Michael Achenbach authored
If a command prefix should be used in predictable mode, it should wrap around d8 and not around the predictable wrapper. NOTRY=true TBR=majeski@google.com Bug: v8:7166 Change-Id: I16f33090c647ea4f6f040c6194908df6500b82a3 Reviewed-on: https://chromium-review.googlesource.com/832206 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by:
-
Michal Majewski authored
Bug: v8:6917 Change-Id: I45ee0277bd243559746f9bc9396d1a8900c891cc Reviewed-on: https://chromium-review.googlesource.com/832026 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by:
-
Camillo Bruni authored
The new maptracer provides a timeline visualization of the maps logged with --trace-maps. Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: I896d677e1d28ceb7b94e29139d25c1476c8ce157 Reviewed-on: https://chromium-review.googlesource.com/664719Reviewed-by:
Mathias Bynens <mathias@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#50158}
-
Clemens Hammacher authored
We had a number of accessors defined on {WasmCompiledModule}, which redirected to {WasmSharedModuleData}. This is uncommon in the code base and hides where information is really stored. This CL removes them and accesses information directly from the {WasmSharedModuleData} instead. R=ahaas@chromium.org Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: I54fce75dbf7dcb2f16dcf13e4634b5618225a429 Reviewed-on: https://chromium-review.googlesource.com/831510Reviewed-by:Jakob Gruber <jgruber@chromium.org> Reviewed-by:
-
Clemens Hammacher authored
Many methods currently defined in WasmCompiledModule actually only use shared information from WasmSharedModuleData. Hence, move them to this class. R=ahaas@chromium.org Bug: chromium:750256 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: Ia298306c3757fca8e2d93eaaf3424d6f91150212 Reviewed-on: https://chromium-review.googlesource.com/831509Reviewed-by:
-
Kanghua Yu authored
Remove redundant jmp in AdvanceBytecodeOffset(), safely add a couple of {Label::kNear} hint for forward jmp instructions. Bug: Change-Id: Iefc8c1c4656963e7e8a56c5127391e0c508ca401 Reviewed-on: https://chromium-review.googlesource.com/810216 Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by:Michael Starzinger <mstarzinger@chromium.org> Reviewed-by:
Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#50155}
-
jgruber authored
See https://github.com/tc39/proposal-regexp-named-groups/pull/40. The spec is being changed to always create a 'groups' property on regexp result objects. Its value is undefined if no named captures exist, and the object containing named captures otherwise. Bug: v8:7192, v8:5437 Change-Id: I1fb00ffc186c7effd84b5692dcbed420581855c3 Reviewed-on: https://chromium-review.googlesource.com/829137Reviewed-by:
Yang Guo <yangguo@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#50154}
-
Mythri authored
Instruction selector computes the range of case statement labels to choose between a table or lookup based switch. We need to special case this when there are no case statements. Bug: chromium:794825 Change-Id: I46ef57d17f5e2b99a3570f7f3c4ff06e75d78fab Reviewed-on: https://chromium-review.googlesource.com/830013Reviewed-by:
-
Yang Guo authored
Once this CL lands and is included in Node.js, we can - run `tools/node/fetch_deps.py <v8_path>` to fetch necessary deps. - run `tools/node/build_gn.py <build mode> <v8_path> <out_dir>` to build. - use new v8_monolith target in v8.gyp to call build_gn.py. R=machenbach@chromium.org Bug: v8:6105 Change-Id: I482bfddb40f77df62394a913335bd43627cc0c43 Reviewed-on: https://chromium-review.googlesource.com/792944Reviewed-by:
-
Georg Neis authored
Bug: v8:6791 Change-Id: I31acb7f24323f544a2930e6338a178ac66806ea9 Reviewed-on: https://chromium-review.googlesource.com/829134Reviewed-by:
-
Choongwoo Han authored
Add a test case to check performance of TypedArray.prototype.slice for non-species cases. Bug: v8:5929 Change-Id: Ic4aa43575c442c80a4ff981df38c0262f6b2a7b8 Reviewed-on: https://chromium-review.googlesource.com/831308 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by:
-
Choongwoo Han authored
Add a test case to check performance of TypedArray.prototype.subarray for non-species cases. Bug: v8:7161 Change-Id: Idab8187403cc61596ce90fe03ab2300c38055857 Reviewed-on: https://chromium-review.googlesource.com/831370Reviewed-by:
-
Yang Guo authored
This changes the implementation of v8::ScriptCompiler::CompileFunctionInContext See design doc: https://goo.gl/ppkK6Q R=adamk@chromium.org, marja@chromium.org, mstarzinger@chromium.org Bug: v8:7172, chromium:70895 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: Iab0b6e879c1a3b33b623bfa2af9c706643c06fa7 Reviewed-on: https://chromium-review.googlesource.com/810946 Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by:
Adam Klein <adamk@chromium.org> Reviewed-by:
-
jgruber authored
ICU is needed to parse unicode property names. NOTRY=true NOPRESUBMIT=true NOTREECHECKS=true TBR=mths@chromium.org Bug: chromium:793588 Change-Id: I7a4cd2885713c490fbc53867079fba69a26cba75 Reviewed-on: https://chromium-review.googlesource.com/831515 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by:
-
jgruber authored
The irregexp compiler expects RegExpCharacterClass instances to contain at least one range. This preserves that invariant when parsing the negated \P{Any} unicode property. Bug: chromium:793588 Change-Id: If71fdce014a7e64d8af559084ee88108303d694b Reviewed-on: https://chromium-review.googlesource.com/827010Reviewed-by:Erik Corry <erikcorry@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#50146}
-
- 16 Dec, 2017 2 commits
-
-
Sigurd Schneider authored
Add feedback to GrowFastElements operator and thread it through to the deoptimize node it the lowering. The CL uses the feedback to allow Array.push to disable speculation if the grow operation deopts. Bug: v8:7127, v8:7204 Change-Id: Ib5850a93759b9194c0fc2f191f6adf5d49cb7f55 Reviewed-on: https://chromium-review.googlesource.com/827128Reviewed-by:
-
Michael Achenbach authored
This reverts commit bcf11729. Reason for revert: https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap%20-%20debug/builds/16791 The test cctest/test-run-tail-calls/FuzzStackParamCount hangs on the nosnap debug bot and times out. Original change's description: > [arm64] Preparation for padding of arguments > > As part of JSSP removal, we need to align the arguments passed to functions > on the stack, by adding a padding slot when the total number of arguments > is odd. > > This patch introduces the kPadArguments flag (which is currently set to > false for all architectures), which will control padding of arguments in > architecture-independent parts of the code (deoptimizer, instruction > selector). > > It also adds some executable tests for tail calls with various stack > parameter counts on the caller and callee sides. > > This will be turned on for arm64 together with arm64-specific changes to > the code generator, the MacroAsembler and the builtins, in a later patch. > > Bug: v8:6644 > Change-Id: I79a5c149123fe8130cedd1ccffec3d9b50361e08 > Reviewed-on: https://chromium-review.googlesource.com/806554 > Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> > Cr-Commit-Position: refs/heads/master@{#50134} TBR=rmcilroy@chromium.org,jarin@chromium.org,georgia.kouveli@arm.com Change-Id: Iff4d7da418204834822842b160eacb8980058172 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:6644 Reviewed-on: https://chromium-review.googlesource.com/830847Reviewed-by:
-
- 15 Dec, 2017 14 commits
-
-
Adam Klein authored
Bug: v8:7218 Change-Id: I69a7f7340becc66aebe83448632f4fd47cd0ea7a Reviewed-on: https://chromium-review.googlesource.com/827901Reviewed-by:
Bill Budge <bbudge@chromium.org> Commit-Queue: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#50143}
-
Mircea Trofin authored
The function wasn't off-the-heap aware. Bug: chromium:795020 Change-Id: I133dce54e570ff74b1475192882761d2bc377d6f Reviewed-on: https://chromium-review.googlesource.com/830819Reviewed-by:
Eric Holk <eholk@chromium.org> Commit-Queue: Mircea Trofin <mtrofin@chromium.org> Cr-Commit-Position: refs/heads/master@{#50142}
-
Clemens Hammacher authored
Add support for memory operations without trap handling, i.e. emit memory bounds checks. Drive-by: Reorganize liftoff-assembler-defs.h. R=titzer@chromium.org Bug: v8:6600, v8:7210 Change-Id: I30d84dfcaabd4bd9d147e007e525d00fa474b155 Reviewed-on: https://chromium-review.googlesource.com/824275 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by:
Ben Titzer <titzer@chromium.org> Cr-Commit-Position: refs/heads/master@{#50141}
-
Ben L. Titzer authored
Bug: Change-Id: I1f4a9d06e91a0523e590a77f8073800d6f1994d6 Reviewed-on: https://chromium-review.googlesource.com/830393 Commit-Queue: Ben Titzer <titzer@chromium.org> Reviewed-by:
-
Bill Budge authored
- Creates a memory management API in v8::internal, which corresponds to the existing one in base::OS. - Implements the new API in terms of the old one. - Changes all usage of the base::OS API to the one in v8::internal. This includes all tests, except platform and OS tests. - Makes OS:: methods private. - Moves all LSAN calls into the v8::internal functions. Bug: chromium:756050 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: Iaa3f022e3e12fdebf937f3c76b6c6455014beb8a Reviewed-on: https://chromium-review.googlesource.com/794856 Commit-Queue: Bill Budge <bbudge@chromium.org> Reviewed-by:
Hannes Payer <hpayer@chromium.org> Cr-Commit-Position: refs/heads/master@{#50139}
-
Caitlin Potter authored
This gets rid of all the RewriteNonPattern gunk in the parser and expression classifier, and removes one use of RewritableExpression. This borrows pieces from several other CLs of mine which are currently open, and includes a new and modernized abstraction for dealing with iterators in BytecodeGenerator (so, this CL adds that, moves code from BuildGetIterator around, and makes some minor changes to yield* which should maintain compatability with the old behaviour). This also implements a portion of the changes to the iteration protocol (implemented fully in https://chromium-review.googlesource.com/c/v8/v8/+/687997), but only for the spread operator in Array Literals (the rest will follow). BUG=v8:5940, v8:3018 R=rmcilroy@chromium.org, marja@chromium.org, adamk@chromium.org TBR=adamk@chromium.org Change-Id: Ifc494d663d8e46066a439c3541c33f0243726234 Reviewed-on: https://chromium-review.googlesource.com/804396 Commit-Queue: Caitlin Potter <caitp@igalia.com> Reviewed-by:
Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Reviewed-by:
Mythri Alle <mythria@chromium.org> Cr-Commit-Position: refs/heads/master@{#50138}
-
Mythri authored
Bytecode jump table for switch statements can have holes when the corresponding case statements do not exist (either because the case was missing or was eliminated because it was dead code). The iterator deals with this by skipping over the holes and setting the iterator to the next valid entry. Bounds check was missing during this skipping over if the last element is a hole. Bug: chromium:794825 Change-Id: Ifdb63257e2997d2fd2868467a56da72b68feb47e Reviewed-on: https://chromium-review.googlesource.com/829774Reviewed-by:
-
Mircea Trofin authored
Bug: chromium:793714 Change-Id: I8c1ea8a2e27b5a7fe9cd1f8260873057a3bf9fd9 Reviewed-on: https://chromium-review.googlesource.com/826030 Commit-Queue: Mircea Trofin <mtrofin@chromium.org> Reviewed-by:
-
Bill Budge authored
Bug: chromium:793196 Change-Id: I289653be3968b221bfe4c0f03e8430b2ca76c55c Reviewed-on: https://chromium-review.googlesource.com/827645Reviewed-by:
-
Georgia Kouveli authored
As part of JSSP removal, we need to align the arguments passed to functions on the stack, by adding a padding slot when the total number of arguments is odd. This patch introduces the kPadArguments flag (which is currently set to false for all architectures), which will control padding of arguments in architecture-independent parts of the code (deoptimizer, instruction selector). It also adds some executable tests for tail calls with various stack parameter counts on the caller and callee sides. This will be turned on for arm64 together with arm64-specific changes to the code generator, the MacroAsembler and the builtins, in a later patch. Bug: v8:6644 Change-Id: I79a5c149123fe8130cedd1ccffec3d9b50361e08 Reviewed-on: https://chromium-review.googlesource.com/806554 Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com> Reviewed-by:
-
peterwmwong authored
Support inlining Array.prototype.findIndex in Turbofan. Depending on array size, quick benchmarks show a >2x improvement: https://github.com/peterwmwong/v8-perf/blob/master/array-find-findIndex-tf/README.md Bug: chromium:791045, v8:1956, v8:7165 Change-Id: I250554885f924c97b0072e09ee289713df5cbe63 Reviewed-on: https://chromium-review.googlesource.com/824382 Commit-Queue: Peter Wong <peter.wm.wong@gmail.com> Reviewed-by:
Michael Stanton <mvstanton@chromium.org> Reviewed-by:
-
Ulan Degenbaev authored
The function assumes that the area of a page after the high watermark is not in the free list. This does not hold if allocation observer are active during deserialization. Change-Id: I1f8d0586be6dc535e85d9da5b0fb2791f1de1031 Reviewed-on: https://chromium-review.googlesource.com/829573Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#50132}
-
Mythri authored
Bug: chromium:783124 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: If2b5d8030d2a8c86c67cb460632a41a11e2c4371 Reviewed-on: https://chromium-review.googlesource.com/828978Reviewed-by:
-
jgruber authored
The unicode property escape syntax restricts unicode property names and unicode property values to consist only of characters taken from the [a-zA-Z0-9_] character class. See the spec at: https://tc39.github.io/proposal-regexp-unicode-property-escapes/ In most cases, we do not actually need to validate that this is the case, since subsequent property lookup in ICU will fail (and throw a SyntaxError) if the given property does not exist. However, there one special case. The ICU lookup takes the property name as a null-terminated string, so it will accept carefully malformed property names (e.g. '\p{Number\0[}'). This can end up confusing the regexp parser. With this CL, we explicitly restrict potential property names / values to the character set as specified. Bug: v8:4743, chromium:793793 Change-Id: Ic97deea8602571ec6793b79c4bb858e1c7597405 Reviewed-on: https://chromium-review.googlesource.com/824272Reviewed-by:
-
