- 01 Jul, 2016 24 commits
-
-
caitpotter88 authored
BUG=v8:4663 R=littledan@chromium.org, adamk@chromium.org Review-Url: https://codereview.chromium.org/2116053003 Cr-Commit-Position: refs/heads/master@{#37485}
-
caitpotter88 authored
Corrects a small problem with the current implementation of the AsyncFunction constructor. See https://tc39.github.io/ecmascript-asyncawait/#async-function-constructor for details. BUG=v8:4483 R=littledan@chromium.org, adamk@chromium.org, jwolfe@igalia.com Review-Url: https://codereview.chromium.org/2118653004 Cr-Commit-Position: refs/heads/master@{#37484}
-
bbudge authored
LOG=N BUG=v8:4124 Review-Url: https://codereview.chromium.org/2117703003 Cr-Commit-Position: refs/heads/master@{#37483}
-
littledan authored
This patch implements "immutable prototype exotic objects" from the ECMAScript spec, which are objects whose __proto__ cannot be changed, but are not otherwise frozen. They are introduced in order to prevent a Proxy from being introduced to the prototype chain of the global object. The API is extended by a SetImmutablePrototype() call in ObjectTemplate, which can be used to vend new immutable prototype objects. Additionally, Object.prototype is an immutable prototype object. In the implementation, a new bit is added to Maps to say whether the prototype is immutable, which is read by SetPrototype. Map transitions to the immutable prototype state are not saved in the transition tree because the main use case is just for the prototype chain of the global object, which there will be only one of per Context, so no need to take up the extra word for a pointer in each full transition tree. BUG=v8:5149 Review-Url: https://codereview.chromium.org/2108203002 Cr-Commit-Position: refs/heads/master@{#37482}
-
balazs.kilvady authored
Port b86ac0e0 Original commit message: Both of these were broken in different ways: * On arm, the loop counter was passed as argc on the stack. * On arm64, we passed argc + 1 instead of argc. The result in both cases was an incorrect receiver for the builtin frame when generating stack traces. BUG=v8:4815 Review-Url: https://codereview.chromium.org/2120463002 Cr-Commit-Position: refs/heads/master@{#37481}
-
mstarzinger authored
This makes the elimination of checkpoints flowing effect-wise into nodes having the {Return} operator more permissive. We can cut out checkpoints even when they are not wholly owned by the return. This also alleviates a problem where TCO no longer applies. R=jarin@chromium.org TEST=mjsunit/regress/regress-crbug-624747 BUG=chromium:624747 Review-Url: https://codereview.chromium.org/2118793002 Cr-Commit-Position: refs/heads/master@{#37480}
-
bmeurer authored
R=jarin@chromium.org BUG=chromium:625121 Review-Url: https://codereview.chromium.org/2116533004 Cr-Commit-Position: refs/heads/master@{#37479}
-
titzer authored
R=mstarzinger@chromium.org,bradnelson@chromium.org BUG= Review-Url: https://codereview.chromium.org/2118733003 Cr-Commit-Position: refs/heads/master@{#37478}
-
danno authored
This optimizes the passing of stack parameters in function calls. For some architectures (ia32/x64), using pushes when possible instead of bumping the stack and then storing parameters generates much smaller code, and in some cases is faster (e.g. when a push of a memory location can implement a memory-to-memory copy and thus elide an intermediate load. On others (e.g. ARM), the benefit is smaller, where it's only possible to elide direct stack pointer adjustment in certain cases or combine multiple register stores into a single instruction in other limited situations. On yet other platforms (ARM64, MIPS), there are no push instructions, and this optimization isn't used at all. Ideally, this mechanism would be used for both tail calls and normal calls, but "normal" calls are currently pretty efficient, and tail calls are very inefficient, so this CL sets the bar low for building a new mechanism to handle parameter pushing that only needs to raise the bar on tail calls for now. The key aspect of this change is that adjustment to the stack pointer for tail calls (and perhaps later real calls) is an explicit step separate from instruction selection and gap resolution, but aware of both, making it possible to safely recognize gap moves that are actually pushes. Review-Url: https://codereview.chromium.org/2082263002 Cr-Commit-Position: refs/heads/master@{#37477}
-
bmeurer authored
Import fdlibm versions of acos, acosh, asin and asinh, which are more precise and produce the same result across platforms (we were using libm versions for asin and acos so far, where both speed and precision depended on the operating system so far). Introduce appropriate TurboFan operators for these functions and use them both for inlining and for the generic builtin. Also migrate the Math.imul and Math.fround builtins to TurboFan builtins to ensure that their behavior is always exactly the same as the inlined TurboFan version (i.e. C++ truncation semantics for double to float don't necessarily meet the JavaScript semantics). For completeness, also migrate Math.sign, which can even get some nice love in TurboFan. Drive-by-fix: Some alpha-sorting on the Math related functions, and cleanup the list of Math intrinsics that we have to export via the native context currently. BUG=v8:3266,v8:3496,v8:3509,v8:3952,v8:5169,v8:5170,v8:5171,v8:5172 TBR=rossberg@chromium.org R=franzih@chromium.org Review-Url: https://codereview.chromium.org/2116753002 Cr-Commit-Position: refs/heads/master@{#37476}
-
mstarzinger authored
This ensures no eager bailout point is emitted after a comma expression in test context where the right-hand side omitted an eager bailout point as well. This is to stay in sync with full-codegen. R=jarin@chromium.org TEST=mjsunit/regress/regress-crbug-624919 BUG=chromium:624919 Review-Url: https://codereview.chromium.org/2113893004 Cr-Commit-Position: refs/heads/master@{#37475}
-
neis authored
BUG= Review-Url: https://codereview.chromium.org/2111153002 Cr-Commit-Position: refs/heads/master@{#37474}
-
franzih authored
Migrate Math.hypot() from JS to C++ builtins. Use normalization and Kahan summation to avoid overflow and rounding errors. R=bmeurer@chromium.org BUG=v8:5165, v8:5086 LOG=n Review-Url: https://codereview.chromium.org/2102223005 Cr-Commit-Position: refs/heads/master@{#37473}
-
zhengxing.li authored
Since the workaround (CL 36697 : 22a73e0d) for sNaN issue works, enable those test cases. BUG= Review-Url: https://codereview.chromium.org/2114853002 Cr-Commit-Position: refs/heads/master@{#37472}
-
jgruber authored
Both of these were broken in different ways: * On arm, the loop counter was passed as argc on the stack. * On arm64, we passed argc + 1 instead of argc. The result in both cases was an incorrect receiver for the builtin frame when generating stack traces. BUG=v8:4815 R=bmeurer@chromium.org Review-Url: https://codereview.chromium.org/2112883002 Cr-Commit-Position: refs/heads/master@{#37471}
-
bradnelson authored
Directs 'use asm' traffic through asm-wasm conversion when --validate-asm is passed. Adds a builtin that handles the fallback to JS. BUG= https://bugs.chromium.org/p/v8/issues/detail?id=4203 TEST=asm-wasm R=mstarzinger@chromium.org,titzer@chromium.org LOG=N Review-Url: https://codereview.chromium.org/2057403003 Cr-Commit-Position: refs/heads/master@{#37470}
-
zhengxing.li authored
port 588e15c0 (r37345) original commit message: The opcodes for 'cmpw r/m16, r16' and 'cmpw r16, r/m16' were swapped, causing a few issues when less than/greater than comparison were performed. Adds a regression test. BUG= Review-Url: https://codereview.chromium.org/2119793002 Cr-Commit-Position: refs/heads/master@{#37469}
-
zhengxing.li authored
port e607e12e (r37323) original commit message: Introduce a new machine operator Float64Pow that for now is backed by the existing MathPowStub to start the unification of Math.pow, and at the same time address the main performance issue that TurboFan still has with the imaging-darkroom benchmark in Kraken. Also migrate the Math.pow builtin itself to a TurboFan builtin and remove a few hundred lines of hand-written platform code for special handling of the fullcodegen Math.pow version. BUG= Review-Url: https://codereview.chromium.org/2119773003 Cr-Commit-Position: refs/heads/master@{#37468}
-
v8-autoroll authored
Rolling v8/build to c80c063b314ab9cc6c3c5955c7444c2fa514bcec Rolling v8/buildtools to 454e53abae6e4d68ee992b0a93a4174b75519393 Rolling v8/tools/mb to ea4154b4daca60a5f5c04ef764b7eaf50362250c TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org Review-Url: https://codereview.chromium.org/2113243002 Cr-Commit-Position: refs/heads/master@{#37467}
-
zhengxing.li authored
port 5e058540 (r37325) original commit message: The reason for reverting is: This breaks gc-stress bot: https://chromegw.corp.google.com/i/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot Abortion of compaction could cause duplicate entries in the typed-old-to-new remembered set. These duplicates could cause a DCHECK to trigger which checks that slots recorded in the remembered set neve Original issue's description: Cells were needed originally because there was no typed remembered set to record direct pointers from code space to new space. A previous CL (https://codereview.chromium.org/2003553002/) already introduced the remembered set, this CL uses it. This CL * stores direct pointers in code objects, even if the target is in new space, * records the slot of the pointer in typed-old-to-new remembered set, * adds a list which stores weak code-to-new-space references, * adds a test to test-heap.cc for weak code-to-new-space references, * removes prints in tail-call-megatest.js BUG= Review-Url: https://codereview.chromium.org/2112193002 Cr-Commit-Position: refs/heads/master@{#37466}
-
bjaideep authored
Port cede9ce5 R=mvstanton@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com BUG=v8:5086 LOG=N Review-Url: https://codereview.chromium.org/2113193002 Cr-Commit-Position: refs/heads/master@{#37465}
-
bakkot authored
Revert of Add errors for declarations which conflict with catch parameters. (patchset #6 id:100001 of https://codereview.chromium.org/2109733003/ ) Reason for revert: Fuzzer claims `try { \"\" ; } catch(x) { let x1 = [1,,], x = x; }` causes a crash. Original issue's description: > Add errors for declarations which conflict with catch parameters. > > Catch parameters are largely treated as lexical declarations in the > block which contains their body for the purposes of early syntax errors, > with some exceptions outlined in B.3.5. This patch introduces most of > those errors, except those from `eval('for (var e of ...);')` inside of > a catch with a simple parameter named 'e'. > > Note that annex B.3.5 allows var declarations to conflict with simple > catch parameters, except when the variable declaration is the init of a > for-of statement. > > BUG=v8:5112,v8:4231 > > Committed: https://crrev.com/2907c726b2bb5cf20b2bec639ca9e6a521585406 > Cr-Commit-Position: refs/heads/master@{#37462} TBR=littledan@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=v8:5112,v8:4231 Review-Url: https://codereview.chromium.org/2112223002 Cr-Commit-Position: refs/heads/master@{#37464}
-
bbudge authored
- Uses byte_width() to determine if spill ranges can be merged. - Modifies InstructionOperand canonicalization to ignore representation for stack slots. LOG=N BUG=v8:4124 Review-Url: https://codereview.chromium.org/2074323002 Cr-Commit-Position: refs/heads/master@{#37463}
-
bakkot authored
Catch parameters are largely treated as lexical declarations in the block which contains their body for the purposes of early syntax errors, with some exceptions outlined in B.3.5. This patch introduces most of those errors, except those from `eval('for (var e of ...);')` inside of a catch with a simple parameter named 'e'. Note that annex B.3.5 allows var declarations to conflict with simple catch parameters, except when the variable declaration is the init of a for-of statement. BUG=v8:5112,v8:4231 Review-Url: https://codereview.chromium.org/2109733003 Cr-Commit-Position: refs/heads/master@{#37462}
-
- 30 Jun, 2016 16 commits
-
-
bjaideep authored
Port 5febc27b Original commit message: Prior to this commit, calls to C++ builtins created standard exit frames, which are skipped when constructing JS stack traces. In order to show these calls on traces, we introduce a new builtin exit frame type. Builtin exit frames contain target and new.target on the stack and are not skipped during stack trace construction. R=jgruber@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com BUG=v8:4815 LOG=N Review-Url: https://codereview.chromium.org/2105023008 Cr-Commit-Position: refs/heads/master@{#37461}
-
jyan authored
MathMaxMin creates frame on stack without removing top bit of r14 on 31-bit. R=joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com, bjaideep@ca.ibm.com BUG= Review-Url: https://codereview.chromium.org/2111263002 Cr-Commit-Position: refs/heads/master@{#37460}
-
adamk authored
AddBoundMethod, in i18n.js, returns functions all of which share the same backing SharedFunctionInfo, which means that its calls to InstallGetter were causing all such functions to have a single name (that of the last caller, "get breakType"). This patch skips calling InstallGetter and instead directly calls %DefineGetterPropertyUnchecked, which itself sets the name property on the JSFunction instance (it knows how to do this in order to handle getters that have computed property names). Also takes care of a TODO having to do with the inner boundMethod: its name is now made empty, by using a new macro that gets around ES2015's function name inference. Finally, removes a redundant %FunctionRemovePrototype: arrow functions have no prototypes to begin with. R=littledan@chromium.org BUG=v8:4778 Review-Url: https://codereview.chromium.org/2109223002 Cr-Commit-Position: refs/heads/master@{#37459}
-
adamk authored
Reland of Add crash instrumentation for crbug.com/621147 (patchset #1 id:1 of https://codereview.chromium.org/2118493002/ ) Reason for revert: By request from ishell, plan is to leave this in master for awhile longer Original issue's description: > Revert of Add crash instrumentation for crbug.com/621147 (patchset #5 id:80001 of https://codereview.chromium.org/2100313002/ ) > > Reason for revert: > Instrumentation not needed on master branch > > Original issue's description: > > Add crash instrumentation for crbug.com/621147 > > > > BUG=chromium:621147 > > LOG=N > > R=ishell@chromium.org,cbruni@chromium.org > > > > Committed: https://crrev.com/5ff508a82299f20a0d9828cf73072a4f4772fab8 > > Cr-Commit-Position: refs/heads/master@{#37328} > > TBR=verwaest@chromium.org,cbruni@chromium.org,ishell@chromium.org,mlippautz@chromium.org > # Not skipping CQ checks because original CL landed more than 1 days ago. > BUG=chromium:621147, chromium:624764 > > Committed: https://crrev.com/b324850900e531ccee03f1712333f13dfcf15427 > Cr-Commit-Position: refs/heads/master@{#37456} TBR=verwaest@chromium.org,cbruni@chromium.org,ishell@chromium.org,mlippautz@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=chromium:621147, chromium:624764 Review-Url: https://codereview.chromium.org/2114743002 Cr-Commit-Position: refs/heads/master@{#37458}
-
georgia.kouveli authored
Added missing GetExtraICState() function for CompareICStub. Without it, code->extra_ic_state() in IC::StateFromCode was returning zero, which was causing some performance regressions, as the TypeFeedbackInfo was not updated correctly, resulting in the runtime profiler choosing not to optimise some functions that we previously would. BUG= Review-Url: https://codereview.chromium.org/2116523002 Cr-Commit-Position: refs/heads/master@{#37457}
-
adamk authored
Revert of Add crash instrumentation for crbug.com/621147 (patchset #5 id:80001 of https://codereview.chromium.org/2100313002/ ) Reason for revert: Instrumentation not needed on master branch Original issue's description: > Add crash instrumentation for crbug.com/621147 > > BUG=chromium:621147 > LOG=N > R=ishell@chromium.org,cbruni@chromium.org > > Committed: https://crrev.com/5ff508a82299f20a0d9828cf73072a4f4772fab8 > Cr-Commit-Position: refs/heads/master@{#37328} TBR=verwaest@chromium.org,cbruni@chromium.org,ishell@chromium.org,mlippautz@chromium.org # Not skipping CQ checks because original CL landed more than 1 days ago. BUG=chromium:621147, chromium:624764 Review-Url: https://codereview.chromium.org/2118493002 Cr-Commit-Position: refs/heads/master@{#37456}
-
ishell authored
Currently only property queries are supported. This CL also factores out prototype chain iteration logic. GetPropertyStub is not used yet. BUG=v8:4911 LOG=Y Review-Url: https://codereview.chromium.org/2087863002 Cr-Commit-Position: refs/heads/master@{#37455}
-
lpy authored
BUG=v8:5000 Review-Url: https://codereview.chromium.org/2106243002 Cr-Commit-Position: refs/heads/master@{#37454}
-
rmcilroy authored
BUG=v8:4280 Review-Url: https://codereview.chromium.org/2113613002 Cr-Commit-Position: refs/heads/master@{#37453}
-
verwaest authored
This turns the blacklist back into a white-list adding all binary operations as allowed operations. The one known fix is that it forces canonicalization of the double-hole as double constant. BUG=chromium:621147 Review-Url: https://codereview.chromium.org/2106393002 Cr-Commit-Position: refs/heads/master@{#37452}
-
ulan authored
BUG=chromium:624544 LOG=NO Review-Url: https://codereview.chromium.org/2110213003 Cr-Commit-Position: refs/heads/master@{#37451}
-
mstarzinger authored
This removes the need to thread through frame states for eager bailout points from the call-site into the reduction helper. The node under reduction is known to JSBinopReduction, frame states are loaded late. R=jarin@chromium.org Review-Url: https://codereview.chromium.org/2112643006 Cr-Commit-Position: refs/heads/master@{#37450}
-
littledan authored
Revert of Put RegExp js code in strict mode (patchset #2 id:20001 of https://codereview.chromium.org/1776883005/ ) Reason for revert: Found to break SAP Web IDE, and these semantics are not shipped in any other browser. Revert to legacy semantics while assessing web compatibility. BUG=chromium:624318 Original issue's description: > Put RegExp js code in strict mode > > src/js/regexp.js was one of the few files that was left in sloppy > mode. The ES2017 draft specification requires that writes to > lastIndex throw when the property is non-writable, and test262 > tests enforce this behavior. This patch puts that file in strict > mode. > > BUG=v8:4504 > R=yangguo@chromium.org > LOG=Y > > Committed: https://crrev.com/80b1b2a45bbd9bf3d08e4e6516acfaaa8f438213 > Cr-Commit-Position: refs/heads/master@{#34801} TBR=yangguo@chromium.org,adamk@chromium.org Review-Url: https://codereview.chromium.org/2112713003 Cr-Commit-Position: refs/heads/master@{#37449}
-
ahaas authored
In the current implementation of wasm an unrepresentable input of the float32-to-int32 conversion is detected by first truncating the input, then converting the truncated input to int32 and back to float32, and then checking whether the result is the same as the truncated input. This input check does not work on arm and arm64 for an input of (INT32_MAX + 1) because on these platforms the float32-to-int32 conversion results in INT32_MAX if the input is greater than INT32_MAX. When INT32_MAX is converted back to float32, then the result is (INT32_MAX + 1) again because INT32_MAX cannot be represented precisely as float32, and rounding-to-nearest results in (INT32_MAX + 1). Since (INT32_MAX + 1) equals the truncated input value, the input appears to be representable. With the changes in this CL, the result of the float32-to-int32 conversion is incremented by 1 if the original result was INT32_MAX. Thereby the detection of unrepresenable inputs in wasm works. Note that since INT32_MAX cannot be represented precisely in float32, it can also never be a valid result of the float32-to-int32 conversion. @v8-mips-ports, can you do a similar implementation for mips? R=titzer@chromium.org, Rodolph.Perfetta@arm.com Review-Url: https://codereview.chromium.org/2105313002 Cr-Commit-Position: refs/heads/master@{#37448}
-
machenbach authored
Having presubmit called from within the test runner often requires logic to remove the call again. After the GN transition it would be better if presubmit is called by a wrapper script if needed at all. It is run on upload and on the tryservers anyways. BUG=chromium:474921 Review-Url: https://codereview.chromium.org/2114653002 Cr-Commit-Position: refs/heads/master@{#37447}
-
machenbach authored
This executes an action as part of the build, writing a json configuration that includes all build flags relevant to v8 testing. The test runner will derive all build-dependent flags from the file if it detects it. BUG=chromium:474921 Review-Url: https://codereview.chromium.org/2106423002 Cr-Commit-Position: refs/heads/master@{#37446}
-