- 15 Dec, 2017 2 commits
-
-
peterwmwong authored
- Added ObjectPrototypeToLocaleString TFJ - Remove v8natives.js - Move GetMethod and GetIterator into prologue.js TBR=adamk@chromium.org Bug: v8:6005 Change-Id: I2b5b65892304e62bf64375458f8ffb9473b2c9b7 Reviewed-on: https://chromium-review.googlesource.com/826479Reviewed-by:
Peter Wong <peter.wm.wong@gmail.com> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Commit-Queue: Peter Wong <peter.wm.wong@gmail.com> Cr-Commit-Position: refs/heads/master@{#50120}
-
Jaroslav Sevcik authored
This reverts commit 917b9cb9. In this CL, we canonicalize the fixed array when allocating storage for empty fixed array. During initialization, we also make sure that we do not write to the empty fixed array. This is quite hacky, but it seems to be the least intrusive change. Bug: chromium:793863 Change-Id: I1449ebac7c1e390467566a759bf70e7e2fabda31 Reviewed-on: https://chromium-review.googlesource.com/827013Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#50119}
-
- 14 Dec, 2017 25 commits
-
-
Adam Klein authored
Bug: v8:6822 Change-Id: If6a22e19873b1f3196a4ece48fc79859257ce41d Reviewed-on: https://chromium-review.googlesource.com/804152Reviewed-by:
Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#50118}
-
Alexey Kozyatinskiy authored
Async stack trace can contain empty syncrhonous stack and external stack. R=dgozman@chromium.org Bug: chromium:790567 Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel Change-Id: I2b04743f7c4f15a038eb1041cc7fc117d438b6b2 Reviewed-on: https://chromium-review.googlesource.com/822971 Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> Reviewed-by:
Dmitry Gozman <dgozman@chromium.org> Cr-Commit-Position: refs/heads/master@{#50117}
-
Choongwoo Han authored
Even though IsWasmCompileAllowed function in runtime/runtime-test.cc can be invoked only when native calls are allowed, so this is not an actual bug, fuzzing or random testing can call this function and make a false positive. Thus, add a checking if the given argument is actually an array buffer. Bug: v8:5981 Change-Id: I3918c4d68b67a507c93865effa490d7259d63cb1 Reviewed-on: https://chromium-review.googlesource.com/732383Reviewed-by:
Mircea Trofin <mtrofin@chromium.org> Commit-Queue: Mircea Trofin <mtrofin@chromium.org> Cr-Commit-Position: refs/heads/master@{#50116}
-
Andreas Haas authored
Finishing a chunk of data during streaming compilation caused background tasks to be restarted unconditionally. However, restarting background tasks is not possible after compilation has already finished. With this CL we do not allow anymore to restart background tasks after they have been finished. R=clemensh@chromium.org CC=mtrofin@chromium.org Change-Id: I4c0a9761fb627f04b254f72e05873e29e7647eb0 Reviewed-on: https://chromium-review.googlesource.com/827008 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by:
Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#50115}
-
Igor Sheludko authored
Bug: v8:7206, v8:5561 Change-Id: I3b0e569ac52c889e1b1897cd98bcb7799f308ffb Reviewed-on: https://chromium-review.googlesource.com/819254 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#50114}
-
Igor Sheludko authored
This CL also adds support for "lookup on dictionary receivers" to store ICs. Bug: v8:7206, v8:5561 Change-Id: Icebbc2d52c71f5d25b43f2f2a8adf674e4ec2cbc Reviewed-on: https://chromium-review.googlesource.com/819232 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by:
-
Sigurd Schneider authored
This CL adds a performace counter similar to https://www.chromestatus.com/metrics/feature/timeline/popularity/2238 to estimate how often speculation is disabled in the wild. Bug: v8:7216, v8:7127 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: I421637b386534da4a3aed549a9665870e3b97eb1 Reviewed-on: https://chromium-review.googlesource.com/827012Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
Michael Hablich <hablich@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#50112}
-
Michael Achenbach authored
NOTRY=true TBR=ulan@chromium.org Bug: chromium:794911 Change-Id: Ib7be4b44f796153d3972afc878a8ec4911327576 Reviewed-on: https://chromium-review.googlesource.com/827067Reviewed-by:
Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#50111}
-
Michael Achenbach authored
This moves the error-code check for verify-predictable mode to the API method checking for status file outcomes, overwriting the default behavior. This is resembling the behavior prior to: https://chromium-review.googlesource.com/c/808971/ Otherwise, the status file outcomes will expect some negative tests to fail in the mozilla test suite, which pass in predictable mode. Now, negative tests are simply not supported. Bug: v8:7166 Change-Id: I1d4bcaf66cb54c5fbb217dd9091b88ecc5b0e456 Reviewed-on: https://chromium-review.googlesource.com/817741Reviewed-by:
Sergiy Byelozyorov <sergiyb@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#50110}
-
Igor Sheludko authored
Bug: v8:7206, v8:5561 Change-Id: Ieb8bae0a245c6135d375cec0f76ce80a240391b9 Reviewed-on: https://chromium-review.googlesource.com/819290 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by:
-
Sathya Gunasekaran authored
The IsPromise brand check is now replaced with an IsObject check. The spec was changed here: https://github.com/tc39/proposal-promise-finally/commit/a1628886f85a897df5cd967ea36f025e8f89cb7a Bug: v8:7095 Change-Id: I5668083c888f9efcdfc1491c919c810c75d73ac7 Reviewed-on: https://chromium-review.googlesource.com/826606Reviewed-by:
Georg Neis <neis@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#50108}
-
Ulan Degenbaev authored
The following events in v8.gc category are emitted: - V8.GC_BACKGROUND_ARRAY_BUFFER_FREE - V8.GC_BACKGROUND_STORE_BUFFER - V8.GC_BACKGROUND_UNMAPPER - V8.GC_MC_BACKGROUND_EVACUATE_COPY - V8.GC_MC_BACKGROUND_EVACUATE_UPDATE_POINTERS - V8.GC_MC_BACKGROUND_MARKING - V8.GC_MC_BACKGROUND_SWEEPING - V8.GC_MINOR_MC_BACKGROUND_EVACUATE_COPY - V8.GC_MINOR_MC_BACKGROUND_EVACUATE_UPDATE_POINTERS - V8.GC_MINOR_MC_BACKGROUND_MARKING - V8.GC_SCAVENGER_BACKGROUND_SCAVENGE_PARALLEL Bug: chromium:758183 Change-Id: I04368f75ac740cbc832a864609709e5a46f5baef Reviewed-on: https://chromium-review.googlesource.com/825203 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by:
Hannes Payer <hpayer@chromium.org> Cr-Commit-Position: refs/heads/master@{#50107}
-
Michael Achenbach authored
TBR=hablich@chromium.org NOTRY=true Bug: v8:5193 Change-Id: Ia5e91f50e35ca361cdb1eae8c2ca5cc2e2fd866c Reviewed-on: https://chromium-review.googlesource.com/827005Reviewed-by:
-
Michael Starzinger authored
This makes sure that breaking dependencies during compilation is also caught properly in release mode (not only in debug mode). When this happens the generated code would be invalid from the beginning and we need to prevent using such code. R=bmeurer@chromium.org BUG=chromium:794394,chromium:786723 Change-Id: I76fd85786c16807389f69a9c44b9f893004b1c6f Reviewed-on: https://chromium-review.googlesource.com/826635Reviewed-by:
-
Igor Sheludko authored
This CL also removes LoadICProtoArray* builtins which are no longer necessary. Bug: v8:7206, v8:5561 Change-Id: Ic5d9a3d4d21c4bd5e5e1cd110bd029ced157a000 Reviewed-on: https://chromium-review.googlesource.com/819252 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by:
-
Sigurd Schneider authored
Bug: v8:7204, v8:7127 Change-Id: Id99b0e83385275508a9e7f46e17bb8263f7b256a Reviewed-on: https://chromium-review.googlesource.com/826626Reviewed-by:
-
Igor Sheludko authored
Given that we already treat feedback vector as a source of truth for language mode of other store operations and given that the StoreGlobalIC dispatcher does not depend on the language more anymore, we can just combine these two bytecodes. Bug: v8:7206 Change-Id: I27f03f2102ff79ec20fa997eb18dde816f376b00 Reviewed-on: https://chromium-review.googlesource.com/823846Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Reviewed-by:
Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#50102}
-
Sigurd Schneider authored
Bug: v8:7127, v8:7204 Change-Id: I923658dd9142d658f1155015f5ee02526d280e2a Reviewed-on: https://chromium-review.googlesource.com/824171 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by:
-
Igor Sheludko authored
... instead of checking if the property cell is still empty when loading/storing through JSGlobalObject prototype. Also invalidate the validity cell when new global lexical variables appear in the script. Bug: v8:5561 Change-Id: Iaf122dffe76d57b32e2b69291dee079e772b271c Reviewed-on: https://chromium-review.googlesource.com/819230Reviewed-by:
-
Sigurd Schneider authored
Bug: v8:7127 Change-Id: Ia2e291d2b57150ea12bca6427b0c6843356b300e Reviewed-on: https://chromium-review.googlesource.com/826625 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by:
-
Michael Hablich authored
This reverts commit bee8c168. Reason for revert: blocks roll https://chromium-review.googlesource.com/c/chromium/src/+/822232 Original change's description: > [deoptimizer] Use empty fixed array when materializing empty arguments elements. > > Bug: chromium:793863 > Change-Id: I68860924c3252184f63dbea8561e5c4fe6bfa4ca > Reviewed-on: https://chromium-review.googlesource.com/822071 > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> > Cr-Commit-Position: refs/heads/master@{#50028} TBR=jarin@chromium.org,tebbi@chromium.org NOTRY=true Bug: chromium:793863 Change-Id: Iee622cd96333671277029fdd766f4ea137c9efc2 Reviewed-on: https://chromium-review.googlesource.com/826962 Commit-Queue: Michael Hablich <hablich@chromium.org> Reviewed-by:
-
Sigurd Schneider authored
Add support for disallowing speculation upon deoptimize from a CheckBound node, and use this in the case of array builtins in js-call-reducer to prevent deoptimization loops. Bug: v8:7127 Change-Id: I04cf655b10178d2938d2f0ee6b336601fab6463b Reviewed-on: https://chromium-review.googlesource.com/822195 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by:
-
Brad Nelson authored
R=jarin@chromium.org Bug: Change-Id: I43c72aa222a6b41b22b3f80f3d4ce3113b965a81 Reviewed-on: https://chromium-review.googlesource.com/822526Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#50096}
-
v8-autoroll authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/3d92234..9caf5bf Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/fbee132..9cfb34e Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/73924d8..ec766dc TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org Change-Id: I9c3106b436041575140f3bfc447585ee0613a617 Reviewed-on: https://chromium-review.googlesource.com/826862Reviewed-by:
v8 autoroll <v8-autoroll@chromium.org> Commit-Queue: v8 autoroll <v8-autoroll@chromium.org> Cr-Commit-Position: refs/heads/master@{#50095}
-
bsheedy authored
Adds static_cast<int> to a number of return values in disasm-arm64.cc. The implicit conversion from size_t (unsigned long) to int was causing compilation warnings/errors when upgrading to Android NDK r16. Bug: chromium:771171 Change-Id: I9a5f80d65565e1a9ab4caf2cf874240f04f406a1 Reviewed-on: https://chromium-review.googlesource.com/826254 Commit-Queue: Brian Sheedy <bsheedy@chromium.org> Reviewed-by:
Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#50094}
-
- 13 Dec, 2017 13 commits
-
-
Jakob Kummerow authored
Bug: v8:7109 Change-Id: I6384546566a760bd2956685a09d2327616eabd6d Reviewed-on: https://chromium-review.googlesource.com/810266 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by:
-
Adam Klein authored
This would help separate such API misuses from other Invoke() crashes which indicate crashes in generated code. Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: I6c596fb63950d7306fab1b689dd913a61764d257 Reviewed-on: https://chromium-review.googlesource.com/825942Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#50092}
-
Junliang Yan authored
Port bd732f7d Original Commit Message: The original CL introduced a test which uses a random number generator. I disable the test for now, which is okay because this CL adds to a work-in-progress feature anyways, and I will fix the problem in another CL. Original description: Add the ability to return (multiple) return values on the stack: - Extend stack frames with a new buffer region for return slots. This region is located at the end of a caller's frame such that its slots can be indexed as caller frame slots in a callee (located beyond its parameters) and assigned return values. - Adjust stack frame constructon and deconstruction accordingly. - Extend linkage computation to support register plus stack returns. - Reserve return slots in caller frame when respective calls occur. - Introduce and generate architecture instructions ('peek') for reading back results from return slots in the caller. - Aggressive tests. - Some minor clean-up. So far, only ia32 and x64 are implemented. R=ahaas@chromium.org, joransiu@ca.ibm.com, jbarboza@ca.ibm.com BUG= LOG=N Change-Id: I8d63286aa5af5f52cc2eeaf2adeee13d0ff19e7d Reviewed-on: https://chromium-review.googlesource.com/823084 Commit-Queue: Junliang Yan <jyan@ca.ibm.com> Reviewed-by:
Joran Siu <joransiu@ca.ibm.com> Reviewed-by:
Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#50091}
-
Andreas Haas authored
In a certain scenario streaming compilation got stuck and did never finish. This CL fixes this issue. Scenario: * Streaming compilation starts * The compilation tasks execute all compiation units in the working queue and set the finished_ flag to true. * New data arrives over streaming * The compilation tasks compile so fast that the executed_units_ queue gets full. The compilation tasks stop executing and wait for the finisher task to restart them. * The finisher task does not restart the compilation tasks because the finished_ flag is set. With this CL I remove the finished flag and instead look at the size of the working queue directly. In addition I added a test which does not actually reproduce this scenario but seems good to have anyways. R=mtrofin@chromium.org Change-Id: I44560c43e51be13c4461208368e21137b115656c Reviewed-on: https://chromium-review.googlesource.com/824523Reviewed-by:
-
Sergiy Byelozyorov authored
R=majeski@google.com TBR=machenbach@chromium.org This is breaking some test runs, e.g. https://chromium-swarm.appspot.com/task?id=3a69c31ccb964d10&refresh=10&show_raw=1. Bug: v8:6917 Change-Id: I61c12eafdf12a1bee2bf08de75f26b0d44fd0056 Reviewed-on: https://chromium-review.googlesource.com/825122 Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org> Reviewed-by:
-
Ali Ijaz Sheikh authored
top_on_previous_step_ can only be valid when Allocation Observers are active. Add some assertions in the code to ensure this holds. Use AllocationObserversActive() more pervasively. Remove some code based on the established invariant. Bug: Change-Id: I7f0d4c4f617ed9fa05c6b94202a90953fbc33cfd Reviewed-on: https://chromium-review.googlesource.com/823576Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com> Cr-Commit-Position: refs/heads/master@{#50088}
-
Bill Budge authored
- Makes ArrayBufferAllocatorBase forward all operations to default ArrayBufferAllocator. - ShellArrayBufferAllocator uses VM for allocations over a threshold. Bug: chromium:793750,v8:7146 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: I62d8f9281b744e987223a16fbb762bd77747bf39 Reviewed-on: https://chromium-review.googlesource.com/822764Reviewed-by:
Eric Holk <eholk@chromium.org> Commit-Queue: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#50087}
-
Ulan Degenbaev authored
This ensures that MigrateFastToFast does not overflow the length of the property array. Bug: chromium:789393 Change-Id: I77adc319c1c8c469ea482bad35ead8661d535192 Reviewed-on: https://chromium-review.googlesource.com/824167 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Reviewed-by:
-
Sergiy Byelozyorov authored
TBR=sergiyb@chromium.org Bug: chromium:747960 Change-Id: I4b28456f7a2809065ef8581a2440b87161996332 Reviewed-on: https://chromium-review.googlesource.com/824169 Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org> Reviewed-by:
-
Benedikt Meurer authored
The k value passed to NumberAdd was outside the integer range, which meant it had to choose Double as the only valid representation. The other array builtins pass the result of CheckBounds here to specifically force the types into integer range, which allows the representation selection to pick Word32 instead of Float64 representation. Drive-by-fix: Pass kind to AccessBuilder::ForJSArrayLength() as well. Bug: chromium:791045, v8:1956 Change-Id: I357e1ba0dc52be544e631e4d554ab772b9b4c9bb Reviewed-on: https://chromium-review.googlesource.com/823968Reviewed-by:
-
Sergiy Byelozyorov authored
TBR=machenbach@chromium.org No-Try: true Bug: chromium:747960 Change-Id: If7cb86066c7579a02b3cb56bb64084574fa4187d Reviewed-on: https://chromium-review.googlesource.com/824922 Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org> Reviewed-by:
-
Michael Starzinger authored
R=clemensh@chromium.org Change-Id: I80201b16c5d7a373ae5ff56bfafb46f4425bf997 Reviewed-on: https://chromium-review.googlesource.com/824243 Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by:
-
Igor Sheludko authored
The dispatcher is responsible for handling stores to lexical environment variables and for storing directly to the JSGlobalObject. In the latter case the dispatcher also ensures that JSGlobalProxy is provided as a receiver if a setter function has to be called. Unlike StoreIC the calling convention for the StoreGlobalIC does not include receiver. Bug: v8:7206, chromium:576312, v8:5561 Change-Id: Ifa896c7b41bf440785b757c2272ec91211e79c98 Reviewed-on: https://chromium-review.googlesource.com/818965 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by:
-
