- 02 Dec, 2015 14 commits
-
-
verwaest authored
non-constructors are not allowed to have initial maps. The optimizing compilers used to add initial maps unconditionally to functions used as right-hand-side in instanceof. BUG= Review URL: https://codereview.chromium.org/1490003003 Cr-Commit-Position: refs/heads/master@{#32497}
-
jkummerow authored
And use it to fix Object.keys() for proxies. BUG=v8:1543 LOG=n R=cbruni@chromium.org Review URL: https://codereview.chromium.org/1488873003 Cr-Commit-Position: refs/heads/master@{#32496}
-
mlippautz authored
1. Let X be the aborted slot (slot in an evacuated object in an aborted page) 2. Assume X contains pointer to Y and Y is in the new space, so X is in the store buffer. 3. Store buffer rebuilding will not filter out X (it checks InNewSpace(Y)). 4. The current mark-sweep finishes. The slot X is in free space and is also in the store buffer. 5. A string of length 9 "abcdefghi" is allocated in the new space. The string looks like |MAP|LENGTH|hgfedcba|NNNNNNNi| in memory, where NNNNNNN is previous garbage. Let's assume that NNNNNNN0 was pointing to a new space object before. 6. Scavenge happens. 7. Slot X is still in free space and in store buffer. [It causes scavenge of the object Y in store_buffer()->IteratePointersToNewSpace(&Scavenger::ScavengeObject). But it is not important]. 8. Our string is promoted and is allocated over the slot X, such that NNNNNNNi is written in X. 9. The scavenge finishes. 9. Another scavenge starts. 10. We crash in store_buffer()->IteratePointersToNewSpace(&Scavenger::ScavengeObject) when processing slot X, because it doesn't point to valid map. BUG=chromium:524425,chromium:564498 LOG=N R=hpayer@chromium.org, ulan@chromium.org Review URL: https://codereview.chromium.org/1493653002 Cr-Commit-Position: refs/heads/master@{#32495}
-
yangguo authored
R=bmeurer@chromium.org BUG=v8:4581 LOG=N Review URL: https://codereview.chromium.org/1495473002 Cr-Commit-Position: refs/heads/master@{#32494}
-
hablich authored
BUG=chromium:500934 LOG=N TBR=yangguo@chromium.org Review URL: https://codereview.chromium.org/1486343003 Cr-Commit-Position: refs/heads/master@{#32493}
-
zhengxing.li authored
port 74434403 (r32261) original commit message: I implemented the optional Float32RoundDown operator on x64, ia32, arm, and arm64. For arm I also had to adjust the simulator. BUG= Review URL: https://codereview.chromium.org/1490113003 Cr-Commit-Position: refs/heads/master@{#32492}
-
bmeurer authored
Sanitize ConstructStub handling and add a test case to ensure that the Symbol constructor is using the correct context. R=jarin@chromium.org BUG=v8:4413 LOG=n Review URL: https://codereview.chromium.org/1489323002 Cr-Commit-Position: refs/heads/master@{#32491}
-
zhengxing.li authored
port dffecf31 (r32005) original commit message: The TiesEven rounding mode rounds float64 numbers to the nearest integer. If there are two nearest integers, then the number is rounded to the even one. This is the default rounding mode according to IEEE~754. I implemented the operator on ia32, x64, arm, arm64, mips, and mips64. I think there is a bug in the current implementation of the ppc simulator, which kept me from implementing the operator on ppc. According to my understanding of the ppc instruction manual, the FRIN instruction provides the right behavior for Float64RoundTiesEven. In the simulator, however, FRIN provides a different semantics. If there are two nearest integers, then the simulator returns the one which is further away form 0. BUG= Review URL: https://codereview.chromium.org/1486323003 Cr-Commit-Position: refs/heads/master@{#32490}
-
zhengxing.li authored
port d2f78c6b (r32476) original commit message: This becomes visible if an exception is thrown by the constructor. We do this on "new Array(3.5)", throwing a RangeError. BUG= Review URL: https://codereview.chromium.org/1491153002 Cr-Commit-Position: refs/heads/master@{#32489}
-
zhengxing.li authored
port 66d5a9df (r32452) original commit message: CallIC and CallConstructStub look so alike, at least in the feedback they gather even if the implementation differs...and CallIC has such a nice way of surfacing the feedback (CallICNexus), that there BUG= Review URL: https://codereview.chromium.org/1491063003 Cr-Commit-Position: refs/heads/master@{#32488}
-
zhengxing.li authored
port 2f559f21 (r32449) original commit message: BUG= Review URL: https://codereview.chromium.org/1494453002 Cr-Commit-Position: refs/heads/master@{#32487}
-
zhengxing.li authored
port c83db2d0 (r32456) original commit message: BUG= Review URL: https://codereview.chromium.org/1487293002 Cr-Commit-Position: refs/heads/master@{#32486}
-
v8-autoroll authored
Rolling v8/build/gyp to e2313c02ad7b6d589b38fe578f5d39970a9bbc20 Rolling v8/tools/clang to 3cc3dac50b26c67176bfed187a300741f31651bf TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org Review URL: https://codereview.chromium.org/1491133002 Cr-Commit-Position: refs/heads/master@{#32485}
-
zhengxing.li authored
port 1389b9f5 (r32004) original commit message: I implemented it on x64, ia32, arm, arm64, mips, mips64, and ppc. BUG= Review URL: https://codereview.chromium.org/1488993002 Cr-Commit-Position: refs/heads/master@{#32484}
-
- 01 Dec, 2015 26 commits
-
-
yangguo authored
We currently use the outdated contexts list provided by the serializer to update the receiver (the global proxy) in script contexts. However, this is not actually necessary, since the global proxy is passed to the deserializer and replaced as we deserialize. Originally, the outdated contexts list is to update the global object field in contexts. This was necessary since at the time the deserializer creates the native context, the global object has not yet been created. But the global proxy already exists. R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/1488873004 Cr-Commit-Position: refs/heads/master@{#32483}
-
mbrandy authored
Port 2f559f21 R=yangguo@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG= Review URL: https://codereview.chromium.org/1490923004 Cr-Commit-Position: refs/heads/master@{#32482}
-
mbrandy authored
Port 66d5a9df Original commit message: CallIC and CallConstructStub look so alike, at least in the feedback they gather even if the implementation differs...and CallIC has such a nice way of surfacing the feedback (CallICNexus), that there is a request to make CallConstructStub look analogous. Enter ConstructICStub. R=mvstanton@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG= Review URL: https://codereview.chromium.org/1485303002 Cr-Commit-Position: refs/heads/master@{#32481}
-
mbrandy authored
Port d2f78c6b Original commit message: This becomes visible if an exception is thrown by the constructor. We do this on "new Array(3.5)", throwing a RangeError. R=mvstanton@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG= Review URL: https://codereview.chromium.org/1484423003 Cr-Commit-Position: refs/heads/master@{#32480}
-
dusan.m.milosavljevic authored
TEST=unittests/InstructionSelectorTest.Word(32|64)AndToClearBits BUG= Review URL: https://codereview.chromium.org/1485023004 Cr-Commit-Position: refs/heads/master@{#32479}
-
dusan.m.milosavljevic authored
Xori instruction can only have unisgned 16-bit immediates for right input, as such it is not suitable for bit negation on mips. TEST=unittests/InstructionSecetorTest.Word(32|64)XorMinusOneWithParameter BUG= Review URL: https://codereview.chromium.org/1485833003 Cr-Commit-Position: refs/heads/master@{#32478}
-
caitpotter88 authored
BUG=v8:4585 LOG=N R=adamk@chromium.org, rossberg@chromium.org Review URL: https://codereview.chromium.org/1488043002 Cr-Commit-Position: refs/heads/master@{#32477}
-
mvstanton authored
This becomes visible if an exception is thrown by the constructor. We do this on "new Array(3.5)", throwing a RangeError. BUG= Review URL: https://codereview.chromium.org/1483053004 Cr-Commit-Position: refs/heads/master@{#32476}
-
cbruni authored
Object.prototype.hasOwnProperty should use JSReceiver::HasOwnProperty for proxies. BUG=v8:1543 LOG=N Review URL: https://codereview.chromium.org/1480213004 Cr-Commit-Position: refs/heads/master@{#32475}
-
mythria authored
Adds implementation and tests for LdaContextSlot, StaeContextSlot, PushContext, and PopContext to bytecode graph builder BUG=v8:4280 LOG=N Review URL: https://codereview.chromium.org/1489863002 Cr-Commit-Position: refs/heads/master@{#32474}
-
cbruni authored
proxies. BUG=v8:1543 LOG=N Review URL: https://codereview.chromium.org/1484313003 Cr-Commit-Position: refs/heads/master@{#32473}
-
titzer authored
R=mstarzinger@chromium.org BUG= Review URL: https://codereview.chromium.org/1492433003 Cr-Commit-Position: refs/heads/master@{#32472}
-
cbruni authored
LOG=N BUG=v8:1543 Review URL: https://codereview.chromium.org/1481383003 Cr-Commit-Position: refs/heads/master@{#32471}
-
mstarzinger authored
R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/1479233002 Cr-Commit-Position: refs/heads/master@{#32470}
-
yangguo authored
Native scripts must not accidentally pollute the global object. R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/1490783002 Cr-Commit-Position: refs/heads/master@{#32469}
-
mstarzinger authored
This moves the bailout for functions containing new.target variable to the correct place so that Crankshaft doesn't accidentally inline such functions, yielding an "undefined" new.target value all the time. R=bmeurer@chromium.org TEST=mjsunit/es6/regress/regress-inlined-new-target Review URL: https://codereview.chromium.org/1484163003 Cr-Commit-Position: refs/heads/master@{#32468}
-
bbudge authored
Remove two unused fields. Define register codes the same way register names are defined and eliminate static methods. #error if target isn't defined. LOG=N BUG=v8:4124 Review URL: https://codereview.chromium.org/1482963003 Cr-Commit-Position: refs/heads/master@{#32467}
-
cbruni authored
BUG=v8:1543 LOG=N Review URL: https://codereview.chromium.org/1482283002 Cr-Commit-Position: refs/heads/master@{#32466}
-
dusan.m.milosavljevic authored
TEST= BUG= Review URL: https://codereview.chromium.org/1483973002 Cr-Commit-Position: refs/heads/master@{#32465}
-
machenbach authored
Revert of [CQ] Update proto format to fix triggered builders. (patchset #1 id:1 of https://codereview.chromium.org/1486963002/ ) Reason for revert: Maybe causing problems Original issue's description: > [CQ] Update proto format to fix triggered builders. > > Depends on https://chromereviews.googleplex.com/319777013/ > > BUG=chromium:561530 > LOG=n > TBR=sergiyb@chromium.org, tandrii@chromium.org > NOTRY=true > > Committed: https://crrev.com/51d6d619330080a76c5bc7a2ebdafebc6a808aa8 > Cr-Commit-Position: refs/heads/master@{#32453} TBR=sergiyb@chromium.org,tandrii@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=chromium:561530 Review URL: https://codereview.chromium.org/1485813004 Cr-Commit-Position: refs/heads/master@{#32464}
-
hpayer authored
Revert of [heap] Remove eager shortcut in JSFunction visitor. (patchset #1 id:1 of https://codereview.chromium.org/1476223002/ ) Reason for revert: Still investigating bad canary. Original issue's description: > [heap] Remove eager shortcut in JSFunction visitor. > > This removes an optimization in the static JSFunction visitor that > eagerly marked through to the SharedFunctionInfo for code flushing > candidates. This causes all processing in VisitJSFunction to be > side-stepped and hence might cause leaks. > > R=hpayer@chromium.org > > Committed: https://crrev.com/a29f0576c32e8fda90bf7ab19c6d170568150a7f > Cr-Commit-Position: refs/heads/master@{#32332} TBR=mstarzinger@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true Review URL: https://codereview.chromium.org/1488063002 Cr-Commit-Position: refs/heads/master@{#32463}
-
hpayer authored
Revert of [heap] Refactor evacuation for young and old gen into visitors. (patchset #5 id:80001 of https://codereview.chromium.org/1470253002/ ) Reason for revert: Still investigating bad canary. Original issue's description: > [heap] Refactor evacuation for young and old gen into visitors. > > Create a visitor for evacuating objects for young and old generation. This is > the first step of preparing a task to process, both, newspace and oldspace > pages in parallel. > > BUG=chromium:524425 > LOG=N > > Committed: https://crrev.com/138d9bae5d7014e0d205634a49b5eac3697744c8 > Cr-Commit-Position: refs/heads/master@{#32349} TBR=mlippautz@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=chromium:524425 Review URL: https://codereview.chromium.org/1483393002 Cr-Commit-Position: refs/heads/master@{#32462}
-
hpayer authored
Revert of [heap] Cleanup mark bit usage. (patchset #1 id:1 of https://codereview.chromium.org/1474203003/ ) Reason for revert: Still investigating bad canary. Original issue's description: > [heap] Cleanup mark bit usage. > > BUG= > > Committed: https://crrev.com/5874ac783ff9bc4bb4b2fda81f5077f06619f96c > Cr-Commit-Position: refs/heads/master@{#32362} TBR=mlippautz@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG= Review URL: https://codereview.chromium.org/1490753003 Cr-Commit-Position: refs/heads/master@{#32461}
-
hpayer authored
Revert of [heap] Unify evacuating an object for new and old generation. (patchset #2 id:20001 of https://codereview.chromium.org/1481873002/ ) Reason for revert: Still investigating bad canary. Original issue's description: > [heap] Unify evacuating an object for new and old generation. > > BUG=chromium:524425 > LOG=N > > Committed: https://crrev.com/afb8bcce8ba889280ed747eb218d287ddd233b4a > Cr-Commit-Position: refs/heads/master@{#32365} TBR=mlippautz@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=chromium:524425 Review URL: https://codereview.chromium.org/1483963004 Cr-Commit-Position: refs/heads/master@{#32460}
-
hpayer authored
Revert of [heap] Remove live weak cells from weak cell list when finalizing incremental marking. (patchset #3 id:40001 of https://codereview.chromium.org/1474303002/ ) Reason for revert: Still investigating bad canary. Original issue's description: > [heap] Remove live weak cells from weak cell list when finalizing incremental marking. > > BUG=chromium:548562 > LOG=n > > Committed: https://crrev.com/6190c608c8f3ced0f00ff53965e115b78646cecd > Cr-Commit-Position: refs/heads/master@{#32372} TBR=ulan@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=chromium:548562 Review URL: https://codereview.chromium.org/1481383004 Cr-Commit-Position: refs/heads/master@{#32459}
-
neis authored
R=machenbach@chromium.org BUG= NOTRY=true Review URL: https://codereview.chromium.org/1486083002 Cr-Commit-Position: refs/heads/master@{#32458}
-