- 20 Mar, 2017 4 commits
-
-
ahaas authored
Without the check it happened that the builtin call in the trap code was too far away from the constant pool and therefore crashed. BUG=v8:6054 R=bmeurer@chromium.org, v8-arm-ports@googlegroups.com Review-Url: https://codereview.chromium.org/2738683003 Cr-Commit-Position: refs/heads/master@{#43928}
-
ahaas authored
The code-generator used i.InputInt6 to get the mask-width from the instruction. However, thereby 64 got wrapped to 0, which is an invalid mask width. I changed the i.InputInt6 to an i.InputInt32, which should be okay because the mask-width comes from base::bits::CountPopulation64. BUG=v8:6122 R=bmeurer@chromium.org, v8-arm-ports@googlegroups.com Review-Url: https://codereview.chromium.org/2755373002 Cr-Commit-Position: refs/heads/master@{#43927}
-
Jochen Eisinger authored
Just ensure that all background and foreground tasks finished, then we should be in a defined state BUG=v8:6069 R=rmcilroy@chromium.org Change-Id: Ie5bd11c61402dccb2c65cb8fe57fd1c0f550e9a7 Reviewed-on: https://chromium-review.googlesource.com/456418Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Jochen Eisinger <jochen@chromium.org> Cr-Commit-Position: refs/heads/master@{#43926}
-
bmeurer authored
Don't ignore IfException (and IfSuccess) projections on JSForInNext nodes during JSTypedLowering::ReduceJSForInNext, but instead rewrire the IfException projection to the ForInFilter stub call, which can throw exceptions in case of proxies. R=yangguo@chromium.org BUG=v8:6121 Review-Url: https://codereview.chromium.org/2761703002 Cr-Commit-Position: refs/heads/master@{#43925}
-
- 19 Mar, 2017 1 commit
-
-
v8-autoroll authored
Rolling v8/third_party/catapult: https://chromium.googlesource.com/external/github.com/catapult-project/catapult/+log/73f2994..2d86f95 TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org Change-Id: I011f9e13d444ef796e236fb06e6e2de82b2413ae Reviewed-on: https://chromium-review.googlesource.com/456802Reviewed-by: v8 autoroll <v8-autoroll@chromium.org> Commit-Queue: v8 autoroll <v8-autoroll@chromium.org> Cr-Commit-Position: refs/heads/master@{#43924}
-
- 18 Mar, 2017 4 commits
-
-
Leszek Swirski authored
Prints the disassembly of code objects on the heap after deserialization, if --print-builtin-code is on. This allows us to annotate the disassembly of builtins in the same way as we do optimised code now, for example using `perf report --objdump=v8/tools/objdump`. Change-Id: I1781302de6fca035ea9bd4c4f7d58796a957f4af Reviewed-on: https://chromium-review.googlesource.com/456340Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#43923}
-
Yang Guo authored
Also add tests for operators. BUG=v8:5821 Change-Id: I76cfde94324c7f05de61cb60f26d5168da0a9aa5 Reviewed-on: https://chromium-review.googlesource.com/456500Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#43922}
-
v8-autoroll authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/72004d5..4c534d4 Rolling v8/third_party/catapult: https://chromium.googlesource.com/external/github.com/catapult-project/catapult/+log/7b2dc0f..73f2994 TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org Change-Id: I05e77392da0d8f99750c6a6755d44ff1fa0b209c Reviewed-on: https://chromium-review.googlesource.com/456801Reviewed-by: v8 autoroll <v8-autoroll@chromium.org> Commit-Queue: v8 autoroll <v8-autoroll@chromium.org> Cr-Commit-Position: refs/heads/master@{#43921}
-
Jakob Kummerow authored
BUG=chromium:702793 Change-Id: Ia52823968a757f8f7fc8802deab60f570ffdb58c Reviewed-on: https://chromium-review.googlesource.com/456280Reviewed-by: Adam Klein <adamk@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#43920}
-
- 17 Mar, 2017 31 commits
-
-
aseemgarg authored
Revert of [wasm] re-enable simd-scalar-lowering tests (patchset #1 id:1 of https://codereview.chromium.org/2754393002/ ) Reason for revert: Seems like this is breaking V8 Linux - arm64 - sim - MSAN Original issue's description: > [wasm] re-enable simd-scalar-lowering tests > > R=bbudge@chromium.org > BUG=v8:6020 > > Review-Url: https://codereview.chromium.org/2754393002 > Cr-Commit-Position: refs/heads/master@{#43918} > Committed: https://chromium.googlesource.com/v8/v8/+/931714675b3ac323d7121e275c4fe7ff32f59eec TBR=bbudge@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=v8:6020 Review-Url: https://codereview.chromium.org/2749023010 Cr-Commit-Position: refs/heads/master@{#43919}
-
aseemgarg authored
R=bbudge@chromium.org BUG=v8:6020 Review-Url: https://codereview.chromium.org/2754393002 Cr-Commit-Position: refs/heads/master@{#43918}
-
sampsong authored
R=littledan@chromium.org, ulan@chromium.org, bjaideep@ca.ibm.com BUG= Review-Url: https://codereview.chromium.org/2740353002 Cr-Commit-Position: refs/heads/master@{#43917}
-
neis authored
BUG= Review-Url: https://codereview.chromium.org/2754003007 Cr-Commit-Position: refs/heads/master@{#43916}
-
dusan.simicic authored
BUG= Review-Url: https://codereview.chromium.org/2759673002 Cr-Commit-Position: refs/heads/master@{#43915}
-
neis authored
Typer::Visitor::ToLength was unsound (and non-monotonic). For instance, if the input type was Range(2^53, 2^53+1), the result type was Constant(2^53). Now the result is type Constant(2^53-1). (The result of ToLength is guaranteed to be between 0 and 2^53-1.) BUG= Review-Url: https://codereview.chromium.org/2753773010 Cr-Commit-Position: refs/heads/master@{#43914}
-
bbudge authored
BUG=none Review-Url: https://codereview.chromium.org/2759513002 Cr-Commit-Position: refs/heads/master@{#43913}
-
jbroman authored
This makes it more similar to other handle types (like PersistentBase), by simply storing an i::Object** cast to T*. This means that it is not necessary to look up the handle in the eternal handles table to access the underlying value. Like the built-in roots (null, etc.), an eternal handle can never be destroyed, so we don't even need to allocate a separate local handle. Instead, the Local<T> can point directly at the eternal reference. This makes Eternal<T>::Get trivial. Review-Url: https://codereview.chromium.org/2751263003 Cr-Commit-Position: refs/heads/master@{#43912}
-
Jochen Eisinger authored
BUG=v8:6069 R=rmcilroy@chromium.org Change-Id: I0e1096e20fa96af0a4875704f3f90e8458750356 Reviewed-on: https://chromium-review.googlesource.com/456557Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Jochen Eisinger <jochen@chromium.org> Cr-Commit-Position: refs/heads/master@{#43911}
-
jgruber authored
NOTREECHECKS=true TBR=machenbach@chromium.org Review-Url: https://codereview.chromium.org/2754283002 Cr-Commit-Position: refs/heads/master@{#43910}
-
jgruber authored
Default to the chromium-internal build config (instead of the more permissive no_chromium_code config). BUG=v8:5878 Review-Url: https://codereview.chromium.org/2758563002 Cr-Commit-Position: refs/heads/master@{#43909}
-
Marja Hölttä authored
The data needed to be modified a bit to actually allow skipping over functions based on it. In particular, we need to allow skipping over an unknown inner scope structure (in the previous stage, we just had tests comparing the data against some baseline truth, so it wasn't needed). also removing the current "skip functions based on preparse data" logic, since preparser data is not used any more. At a later stage, I'll consider plugging the preparser-scope-analysis-data into that pipeline (so I don't want to remove the full code yet). Integration to the various forms of compilation is still incomplete; this CL integrates just enough to get the minimal example to pass: (function foo() { function preparsed() { var var1 = 10; function skip_me() { print(var1); } return skip_me; } return preparsed; })()()(); BUG=v8:5516 Change-Id: I0d24b4c3b338f7e6b6c3bf7cf2c1ceb29608e2f2 Reviewed-on: https://chromium-review.googlesource.com/446336 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#43908}
-
jbroman authored
They do not modify the state of the handle. Review-Url: https://codereview.chromium.org/2753973002 Cr-Commit-Position: refs/heads/master@{#43907}
-
Toon Verwaest authored
We don't invalidate the map of the global object anymore. BUG=v8:5561 Change-Id: I006066e9b675dd3d118efc8d00687b97419c427b Reviewed-on: https://chromium-review.googlesource.com/456417Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#43906}
-
georgia.kouveli authored
This shows an improvement in the code size of the bytecode handlers. When a range is split (because for example the preferred register gets clobbered by a call and is not available for the whole range), trying to allocate the preferred register for the first range that results from the split avoids some extra register moves. BUG= Review-Url: https://codereview.chromium.org/2749023005 Cr-Commit-Position: refs/heads/master@{#43905}
-
jkummerow authored
NOTRY=true Review-Url: https://codereview.chromium.org/2754253002 Cr-Commit-Position: refs/heads/master@{#43904}
-
Wiktor Garbacz authored
Parse tasks are still WIP so there is really no benefit turning them on. Turn off irrelevant tests. Fix duplicate parameters inverted logic. Fix use_counts tracking. Fix language mode, super_property, evals. Fix modules and stack overflow. BUG=v8:6093 Change-Id: I8567b36eef7b9de6799789e7520810bde9c86e5b Reviewed-on: https://chromium-review.googlesource.com/455916 Commit-Queue: Wiktor Garbacz <wiktorg@google.com> Reviewed-by: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#43903}
-
Michael Starzinger authored
R=jarin@chromium.org Change-Id: Ib8f657957895f703189f2347f5d8017e16de05ae Reviewed-on: https://chromium-review.googlesource.com/455798Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#43902}
-
Leszek Swirski authored
Don't trash stdout with "dropped: overflow" messages (or other errors) in the log reader, which then cause generated json files to fail to be read by other tools. Change-Id: Ie27639dbbee6fc9e8da0bc6901667c3a2835fbef Reviewed-on: https://chromium-review.googlesource.com/456499Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#43901}
-
titzer authored
This CL renames all occurrences of "internal field" to "embedder field" to prevent confusion. As it turns out, these fields are not internal to V8, but are actually embedder provided fields that should not be mucked with by the internal implementation of V8. Note that WASM does use these fields, and it should not. BUG=v8:6058 Review-Url: https://codereview.chromium.org/2741683004 Cr-Commit-Position: refs/heads/master@{#43900}
-
Michael Starzinger authored
This is a first stab at extending the existing early lowering approach to property access operations. Currently we only handle the case where named property loads are lowered to a soft deoptimize operation, due to insufficient type feedback. R=jarin@chromium.org Change-Id: I779ffb99978023237da5ad9eaf0241fe74243882 Reviewed-on: https://chromium-review.googlesource.com/456316 Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#43899}
-
Yang Guo authored
During bootstapping installing native functions may cause map transitions. There are no dependent code groups, but the assertion still triggers. BUG=chromium:617892 Change-Id: Id7cb87575a0fe176e7aff785d4dd249db44deec8 Reviewed-on: https://chromium-review.googlesource.com/457036Reviewed-by: Jochen Eisinger <jochen@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#43898}
-
jgruber authored
ToDirectStringAssembler is used in StringCharCodeAt and SubString (which uses StringCharCodeAt internally). SubString is used all over the place (e.g. RegExp result construction), and is critical for benchmark performance. The CL introducing ToDirectStringAssembler caused a couple of regressions which this is intended to fix by adding a fast path for sequential strings. BUG=chromium:702246 Review-Url: https://codereview.chromium.org/2754933003 Cr-Commit-Position: refs/heads/master@{#43897}
-
Toon Verwaest authored
The ForDeopt stub isn't actually necessary anymore; but I don't want to fix the deoptimizer in the same CL. BUG=v8:5561 Change-Id: I7101cec4b783949bcfbf1ebdb80541d1b558e2e2 Reviewed-on: https://chromium-review.googlesource.com/455858 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#43896}
-
Marja Hölttä authored
There are at least 3 mechanisms for detecting duplicate parameters. - ExpressionClassifier - Scope::DeclareParameter checking IsDeclaredParameter - PatternRewriter::VisitVariableProxy failing to declare a duplicate parameter The conditions for when duplicate parameters are allowed and when not are pretty involved too. They are allowed when - the function is not an arrow function and not a concise method *and* - when the parameter list is simple *and* - we're in sloppy mode (incl. the function doesn't declare itself strict). In addition, we don't recognize some of the early errors, and it's non-trivial to see which ones are recognized and which not (see bug v8:6108). E.g., (dup, dup) => {}; is recognized but (dup, [dup]) => {} is not. And (dup, [dup]) => 1; is. We do have tests for some aspects of duplicate parameters (e.g., arrow function duplicate parameters are included in arrow function tests), but it's hard to see whether all combinations of the relevant conditions are tested. This CL adds more structured tests which hopefully enables reducing the duplicate parameter detection mechanisms to 2 or maybe even to 1. BUG=v8:6092 Change-Id: Idd3db43b380aae4b9a89be5f1ed0755d39bfb36d Reviewed-on: https://chromium-review.googlesource.com/456336 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org> Cr-Commit-Position: refs/heads/master@{#43895}
-
Leszek Swirski authored
When displaying a single function's timeline, display all its variants (colour-coded by kind) instead of just the ones with the same code-id. This allows us to see all optimised versions of a function, as well as changes between optimised and unoptimised. Drive-by -- Do some rounding to get rendering pixel-perfect. Change-Id: I385c83b39414ac5e59208b7a25b488d6a283e2b0 NOTRY=true Change-Id: I385c83b39414ac5e59208b7a25b488d6a283e2b0 Reviewed-on: https://chromium-review.googlesource.com/455833 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#43894}
-
clemensh authored
Revert of MIPS[64]: Fix unaligned arguments storage in Wasm-to-interpreter entry (patchset #3 id:40001 of https://codereview.chromium.org/2705293011/ ) Reason for revert: Did not fix the issue. Original issue's description: > MIPS[64]: Fix unaligned arguments storage in Wasm-to-interpreter entry > > In Wasm-to-interpeter entry creation, arguments for the interpreter > are stored in an argument buffer. Depending on the order of the > arguments some arguments may be misaligned and this causes crashes > on those architectures that do not support unaligned memory access. > > TEST=cctest/test-wasm-interpreter-entry/TestArgumentPassing_AllTypes > BUG= > > Review-Url: https://codereview.chromium.org/2705293011 > Cr-Commit-Position: refs/heads/master@{#43476} > Committed: https://chromium.googlesource.com/v8/v8/+/84ff6e4c1997b63c01e95504c31ee6c5504430d5 TBR=titzer@chromium.org,ivica.bogosavljevic@imgtec.com # Not skipping CQ checks because original CL landed more than 1 days ago. BUG= Review-Url: https://codereview.chromium.org/2760603002 Cr-Commit-Position: refs/heads/master@{#43893}
-
Jochen Eisinger authored
BUG=none R=yangguo@chromium.org Change-Id: I53811859efacee9126ba1bdbe5690793833c96e1 Reviewed-on: https://chromium-review.googlesource.com/456338 Commit-Queue: Jochen Eisinger <jochen@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#43892}
-
bmeurer authored
Revert of [ignition] Decrease code size multiiplier to 24. (patchset #1 id:1 of https://codereview.chromium.org/2758503002/ ) Reason for revert: Doesn't seem to help with peak performance, and seems to hurt startup performance a bit, so reverting for now Original issue's description: > [ignition] Decrease code size multiplier to 24. > > BUG= > > Review-Url: https://codereview.chromium.org/2758503002 > Cr-Commit-Position: refs/heads/master@{#43861} > Committed: https://chromium.googlesource.com/v8/v8/+/b880309bc7f2c4be67f12bac04249f09b0fdd66d TBR=rmcilroy@chromium.org,jarin@chromium.org,danno@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG= Review-Url: https://codereview.chromium.org/2751913007 Cr-Commit-Position: refs/heads/master@{#43891}
-
neis authored
This is a first step towards moving Turbofan code generation off the main thread. Summary of the changes: - AssemblerBase no longer has a pointer to the isolate. Instead, its constructor receives the few things that it needs from the isolate (on most architectures this is just the serializer_enabled flag). - RelocInfo no longer has a pointer to the isolate. Instead, the functions that need it take it as an argument. (There are currently still a few that implicitly access the isolate through a HeapObject.) - The MacroAssembler now explicitly holds a pointer to the isolate (before, it used to get it from the Assembler). - The jit_cookie also moved from AssemblerBase to the MacroAssemblers, since it's not used at all in the Assemblers. - A few architectures implemented parts of the Assembler with the help of a Codepatcher that is based on MacroAssembler. Since the Assembler no longer has the isolate, but the MacroAssembler still needs it, this doesn't work anymore. Instead, these Assemblers now use a new PatchingAssembler. BUG=v8:6048 Review-Url: https://codereview.chromium.org/2732273003 Cr-Commit-Position: refs/heads/master@{#43890}
-
jgruber authored
CSA builtins can become very large, and the RegExp builtins are currently the main offender (e.g. @@match's code size is over 50k). This is due to the fact that most RegExp builtins rely on RegExpBuiltinExec (fairly large itself), which is then inlined multiple times in many builtins. This CL reduces the snapshot size for an x64 release build by 80k by turning slow-path RegExpBuiltinExec calls into stub calls (i.e. removing code duplication through inlining) and completely removing the code path for fast RegExp instances in RegExpExec (it is never taken). BUG=v8:5339,v8:5737 Review-Url: https://codereview.chromium.org/2745053003 Cr-Commit-Position: refs/heads/master@{#43889}
-