- 17 Dec, 2015 5 commits
-
-
Benedikt Meurer authored
The FIRST-LAST_NONCALLABLE_SPEC_OBJECT_TYPE range was accidentially used in field type tracking, where we should check for JSReceiver instead (there's no need to exclude JSProxy or JSFunction from tracking). And the use in %_ClassOf was actually wrong and didn't match the C++ implementation in JSReceiver::class_name() anymore. Now it's consistent again. R=yangguo@chromium.org BUG=chromium:535408 LOG=n Review URL: https://codereview.chromium.org/1535523003 . Cr-Commit-Position: refs/heads/master@{#32926}
-
Benedikt Meurer authored
There's actually no need to restrict the inline allocation of receivers for class constructors anymore; the relevant issues were addressed in the compiler and runtime several weeks ago. R=yangguo@chromium.org Review URL: https://codereview.chromium.org/1532453004 . Cr-Commit-Position: refs/heads/master@{#32925}
-
zhengxing.li authored
port 2c75e3d2 (r32903) original commit message: We can no longer just walk the prototype chain without doing proper access-checks. When installing a proxy as the __proto__ of the global object we might accidentally end up invoking cross-realm code without access-checks (see proxies-cross-realm-ecxeption.js). BUG= Review URL: https://codereview.chromium.org/1534663002 Cr-Commit-Position: refs/heads/master@{#32924}
-
v8-autoroll authored
Rolling v8/third_party/android_tools to f4c36ad89b2696b37d9cd7ca7d984b691888b188 Rolling v8/tools/clang to 67c5521f1878f7929f8f0afc74b31627b3bbffb3 TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org Review URL: https://codereview.chromium.org/1530413002 Cr-Commit-Position: refs/heads/master@{#32923}
-
zhengxing.li authored
port 025d476c (r32906) original commit message: Adds a slot for the bytecode offset to interpreter stack frames and saves it on calls, and restores after calls. Also fixes RawMachineAssembler::Return() to call MergeControlToEnd. BUG= Review URL: https://codereview.chromium.org/1535613003 Cr-Commit-Position: refs/heads/master@{#32922}
-
- 16 Dec, 2015 35 commits
-
-
balazs.kilvady authored
MIPS: Fix `[proxies] fix access issue when having proxies on the prototype-chain of global objects.` Port 2c75e3d2 Original commit message: We can no longer just walk the prototype chain without doing proper access-checks. When installing a proxy as the __proto__ of the global object we might accidentally end up invoking cross-realm code without access-checks (see proxies-cross-realm-ecxeption.js). BUG= Review URL: https://codereview.chromium.org/1526253006 Cr-Commit-Position: refs/heads/master@{#32921}
-
mbrandy authored
Port 025d476c Original commit message: Adds a slot for the bytecode offset to interpreter stack frames and saves it on calls, and restores after calls. Also fixes RawMachineAssembler::Return() to call MergeControlToEnd. R=rmcilroy@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG=v8:4280 LOG=N Review URL: https://codereview.chromium.org/1531873002 Cr-Commit-Position: refs/heads/master@{#32920}
-
mbrandy authored
Port 97161a29 Original commit message: TryTruncateFloat32ToUint64 converts a float32 to a uint64. Additionally it provides an optional second return value which indicates whether the conversion succeeded (i.e. float32 value was within uint64 range) or not. Additionally I fixed a bug on x64 and mips64 in the implementation of TryTruncateFloat64ToUint64. Cases where the input value was between -1 and 0 were handled incorrectly. R=ahaas@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG= Review URL: https://codereview.chromium.org/1533613002 Cr-Commit-Position: refs/heads/master@{#32919}
-
mbrandy authored
Port 89bb66de Original commit message: Original CL: https://codereview.chromium.org/1375253002/ Implement machine instruction scheduling after instruction selection. R=baptiste.afsa@arm.com, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG= Review URL: https://codereview.chromium.org/1534433004 Cr-Commit-Position: refs/heads/master@{#32918}
-
mbrandy authored
Use appropriate load instruction for 32-bit mode. R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG=v8:3330 LOG=n Review URL: https://codereview.chromium.org/1532673002 Cr-Commit-Position: refs/heads/master@{#32917}
-
mbrandy authored
Port bb2a830d Port 56673804 Original commit messages: MachineType is now a class with two enum fields: - MachineRepresentation - MachineSemantic Both enums are usable on their own, and this change switches some places from using MachineType to use just MachineRepresentation. Most notably: - register allocator now uses just the representation. - Phi and Select nodes only refer to representations. Store nodes use only MachineRepresentation, not MachineType. R=jarin@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG= Review URL: https://codereview.chromium.org/1523373003 Cr-Commit-Position: refs/heads/master@{#32916}
-
mbrandy authored
Port 2c75e3d2 R=cbruni@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG= Review URL: https://codereview.chromium.org/1530233003 Cr-Commit-Position: refs/heads/master@{#32915}
-
mbrandy authored
Port 28261daa Original commit message: This operator now provides a second output which indicates whether the conversion from float32 to int64 was successful or not. The second output returns 0 if the conversion fails, or something else if the conversion succeeds. The second output can be ignored, which means that the operator can be used the same as the original operator. R=ahaas@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG= Review URL: https://codereview.chromium.org/1530273002 Cr-Commit-Position: refs/heads/master@{#32914}
-
mythria authored
Adds support for loading and storing lookup variables. BUG=v8:4280 LOG=N Review URL: https://codereview.chromium.org/1524803003 Cr-Commit-Position: refs/heads/master@{#32913}
-
oth authored
BUG=V8:4280 LOG=N Review URL: https://codereview.chromium.org/1524893003 Cr-Commit-Position: refs/heads/master@{#32912}
-
oth authored
This change adds support for local control flow when building graphs from bytecode. The change ensures loop emitted from the bytecode generator are in natural order so the only back branches are for loops. BUG=v8:4280 LOG=N Review URL: https://codereview.chromium.org/1502243002 Cr-Commit-Position: refs/heads/master@{#32911}
-
mvstanton authored
BUG=chromium:568765 LOG=N R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/1534453002 Cr-Commit-Position: refs/heads/master@{#32910}
-
akodat authored
If many threads use the same Isolate (or many Isolates) and then terminate, their PerIsolateThreadData objects are never cleaned up, resulting in a slow memory leak and, worse, the PerIsolateThreadData chain getting larger and larger, adversely affecting performance. In this situation, embedders will now be encouraged to apply DiscardThreadSpecificMetadata against any Isolate a thread is done with, especially if the thread is about to terminate. Note that it is harmless to run DiscardThreadSpecificMetadata against an Isolate for which a thread has no thread data and per-Isolate thread data can be reestablished if a thread starts using an Isolate again after running DiscardThreadSpecificMetadata against it. It is, however, an embedder error to run DiscardThreadSpecificMetadata against an Isolate in thread with a Locker for the Isolate in the stack or against an Entered Isolate. This change cannot cause any change in behavior in existing apps as the only added coded can only be reached via the new DiscardThreadSpecificMetadata method. R=Jakob, jochen BUG= Review URL: https://codereview.chromium.org/1522703002 Cr-Commit-Position: refs/heads/master@{#32909}
-
ahaas authored
On x64 and arm64 TryTruncateFloatXXToInt64 incorrectly failed when the input was INT64_MIN. R=bradnelson@chromium.org, mstarzinger@chromium.org, v8-arm-ports@googlegroups.com Review URL: https://codereview.chromium.org/1526293002 Cr-Commit-Position: refs/heads/master@{#32908}
-
agrieve authored
BUG=chromium:568883 LOG=n Review URL: https://codereview.chromium.org/1517983002 Cr-Commit-Position: refs/heads/master@{#32907}
-
rmcilroy authored
Adds a slot for the bytecode offset to interpreter stack frames and saves it on calls, and restores after calls. Also fixes RawMachineAssembler::Return() to call MergeControlToEnd. BUG=v8:4280 LOG=N Review URL: https://codereview.chromium.org/1512543002 Cr-Commit-Position: refs/heads/master@{#32906}
-
adamk authored
BUG=v8:811 LOG=y Review URL: https://codereview.chromium.org/1515613009 Cr-Commit-Position: refs/heads/master@{#32905}
-
bmeurer authored
R=verwaest@chromium.org Review URL: https://codereview.chromium.org/1534443002 Cr-Commit-Position: refs/heads/master@{#32904}
-
cbruni authored
We can no longer just walk the prototype chain without doing proper access-checks. When installing a proxy as the __proto__ of the global object we might accidentally end up invoking cross-realm code without access-checks (see proxies-cross-realm-ecxeption.js). Review URL: https://codereview.chromium.org/1521953002 Cr-Commit-Position: refs/heads/master@{#32903}
-
neis authored
We must print "[object Array]" for proxies that satisfy Array.isArray. Cosmetic change on the side: move ObjectProtoToString from JSObject to Object since it deals with arbitrary objects. R=adamk@chromium.org, verwaest@chromium.org BUG=v8:1543 LOG=n Review URL: https://codereview.chromium.org/1526023002 Cr-Commit-Position: refs/heads/master@{#32902}
-
bmeurer authored
Introduce JSCreateIterResultObject operator, as a way to optimize the %_CreateIterResultObject intrinsic, which is used to provide uniform, non-polymorphic result objects for iterators (and generators). We cannot utilize the existing JSCreate operator here, because there's no constructor function for iterator result objects (as required by the spec). R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/1531753002 Cr-Commit-Position: refs/heads/master@{#32901}
-
neis authored
R=rossberg BUG=v8:1543 LOG=n Review URL: https://codereview.chromium.org/1525983002 Cr-Commit-Position: refs/heads/master@{#32900}
-
mlippautz authored
Tests for * aborting a full page. * partially aborting a page. * partially aborting a page with pointers between aborted pages. * partially aborting a page with store buffer entries. Also introduces force_oom() which prohibits a old space to expand BUG=chromium:524425 LOG=N CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_nosnap_rel,v8_linux_nosnap_dbg,v8_win_nosnap_shared_rel,v8_win_nosnap_shared_compile_rel Review URL: https://codereview.chromium.org/1518803005 Cr-Commit-Position: refs/heads/master@{#32899}
-
yangguo authored
R=erik.corry@gmail.com BUG=chromium:570241 LOG=N Review URL: https://codereview.chromium.org/1528333002 Cr-Commit-Position: refs/heads/master@{#32898}
-
yangguo authored
The problem is this: when stepping over a recursive function call, the recursive function is flooded with one-shot break points so that we break after the call, but since the callee is the same function, the callee is also flooded, resulting a break in the callee. That however would have been a "step in" instead of "step over". The original solution was to recognize this by comparing FP. If we end up in Debug::Break, we still have to check the current FP against the remembered FP to see whether we are on the same stack height. If we are deeper, then it's not a "step over", and we do not trigger a debug break event. In that case, we queue up the step-over, and temporarily step out until we hit the desired stack height. Note that in order to step out, we flood the caller, which in our example is the same function as the callee. So we break at every flooded break location, and comparing with FP to make sure we stepped out prevents us from triggering debug break events. The new solution simply ignores breaks when the FP compare fails. We simply carry on until we hit a break where the FP compare succeeds. There is no need to do a step out. The number of calls to Debug::Break that do not trigger a debug break event due to failing FP compare is the same. But the code is a lot easier to read. R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/1527253002 Cr-Commit-Position: refs/heads/master@{#32897}
-
jochen authored
While not really fitting our directory layout, the DEPS entry needs to be at exactly the same position as it is in chromium, otherwise either standalone or chromium build won't work :-/ BUG=none R=machenbach@chromium.org LOG=y Review URL: https://codereview.chromium.org/1526843004 Cr-Commit-Position: refs/heads/master@{#32896}
-
aseemgarg authored
TEST=asm-wasm.js R=titzer@chromium.org,bradnelson@google.com BUG= Review URL: https://codereview.chromium.org/1523843003 Cr-Commit-Position: refs/heads/master@{#32895}
-
ahaas authored
The new implementation also changes the sign bit if the input is NaN. (https://github.com/WebAssembly/v8-native-prototype/issues/99) R=bradnelson@chromium.org Review URL: https://codereview.chromium.org/1532513002 Cr-Commit-Position: refs/heads/master@{#32894}
-
ahaas authored
The code generation for pushing call parameters on the stack does not distinguish between float32 and float64 parameters because both are stored in the same registers. Therefore float32 parameters require two words on the stack. The wasm linkage, however, only considered one word on the stack for float32 parameters, which caused the problem that float32 parameters were not located correctly on the stack. I fixed the problem by considering two words for float32 parameters on the stack. R=bradnelson@chromium.org Review URL: https://codereview.chromium.org/1529773003 Cr-Commit-Position: refs/heads/master@{#32893}
-
jkummerow authored
BUG=v8:1543,chromium:570120 LOG=n Review URL: https://codereview.chromium.org/1530873002 Cr-Commit-Position: refs/heads/master@{#32892}
-
cbruni authored
LOG=n BUG=v8:1543 Review URL: https://codereview.chromium.org/1531683002 Cr-Commit-Position: refs/heads/master@{#32891}
-
bmeurer authored
Following up on https://crrev.com/1517243002, we use the %_GetSuperConstructor consistently for all super calls now (inlining the intrinsic code in fullcodegen). R=mstarzinger@chromium.org BUG=v8:3330 LOG=n Review URL: https://codereview.chromium.org/1529113002 Cr-Commit-Position: refs/heads/master@{#32890}
-
yangguo authored
R=hablich@chromium.org BUG=v8:4545 LOG=Y Review URL: https://codereview.chromium.org/1524233003 Cr-Commit-Position: refs/heads/master@{#32889}
-
caitpotter88 authored
BUG=v8:4613 LOG=N R=adamk@chromium.org Review URL: https://codereview.chromium.org/1522693002 Cr-Commit-Position: refs/heads/master@{#32888}
-
Miran.Karic authored
Fix invalid usage of layout_descriptor() function on 32-bit arch's, which doesn't perform necessary checks. Test failure is observed only on mips32 big-endian, and on mips32 little-endian as an alignment issue, but the problem appears to be generic for all 32-bit arch's. TEST=test/mjsunit/es6/classes-subclass-builtins.js BUG= Review URL: https://codereview.chromium.org/1522203004 Cr-Commit-Position: refs/heads/master@{#32887}
-