- 21 Feb, 2018 27 commits
-
-
jgruber authored
This is a step towards off-heap (and eventually isolate-independent) builtins. Off-heap code cannot use the standard CallStub/CallRuntime mechanisms, since they directly embed the callee code object pointer within the caller. There are two main issues with that: 1. the callee may be moved by GC, and 2. the pc-relative addressing we currently use breaks (i.e. ends up pointing to a random spot on the heap) when moving the caller off-heap. This CL addresses that by introducing a constants list stored on the roots array. Instead of embedding code targets, we now have the option of loading them from constants list. The code sequence is: REX.W movq rax,[r13+0x4a0] // Load the constants cache. REX.W movq rdx,[rax+0xf] // From there, load the code target. ... REX.W addq rdx,0x5f // Add instruction_start. call rdx There's no visible performance impact on the web tooling benchmark. This list will later be extended to also contain other constants such as Strings. Bug: v8:6666 Change-Id: Ifcf67d1f682804ba0b6d3d0383216e16575b6bf5 Reviewed-on: https://chromium-review.googlesource.com/923729 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#51434}
-
Ben Noordhuis authored
Make --max_old_space_size and friends work with values >= 2**31. Such values did not work reliably (or sometimes not all) due to signed integer overflow in size computations, which is UB. Fixes https://github.com/nodejs/node/issues/18786. Bug: chromium:814138 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: Ibe23cef2417fd5b4a727022b8b0d4b50f1417182 Reviewed-on: https://chromium-review.googlesource.com/927063 Commit-Queue: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#51433}
-
Ulan Degenbaev authored
Bug: chromium:811925 Change-Id: I0b2d9562fa77d6d198a689769705a2d5e977abf9 Reviewed-on: https://chromium-review.googlesource.com/928701Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#51432}
-
Benedikt Meurer authored
WriteBarrierKindFor would always return kMapWriteBarrier in SimplifiedLowering even if the map that's to be stored is part of the immortal immovable roots which don't need write barriers ever. Bug: v8:7310 Change-Id: I0a87a1c3ddd7f71ccf8ebacba8409067dc00cd1c Reviewed-on: https://chromium-review.googlesource.com/928564 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#51431}
-
Gabriel Charette authored
Reland reason : the failure was Check failed: IsGlobalEmpty(). v8::base::debug::StackTrace::StackTrace() v8::platform::(anonymous namespace)::PrintStackTrace() V8_Fatal(char const*, int, char const*, ...) v8::internal::Worklist<v8::internal::HeapObject*, 64>::~Worklist() v8::internal::MarkCompactCollector::~MarkCompactCollector() v8::internal::MarkCompactCollector::~MarkCompactCollector() v8::internal::Heap::TearDown() v8::internal::Isolate::Deinit() v8::internal::Isolate::TearDown() v8::Shell::OnExit(v8::Isolate*) v8::Shell::Main(int, char**) this is believed to be fixed by the change to flush the shared worklist to global in https://chromium-review.googlesource.com/c/v8/v8/+/925267 Follow-up to https://chromium-review.googlesource.com/c/v8/v8/+/924867 (cherry picked from commit 8b53b9d9) Bug: chromium:812178 Change-Id: I796204656e2c89e7efecda2c275a1888c31aba7b Reviewed-on: https://chromium-review.googlesource.com/925268 Commit-Queue: Gabriel Charette <gab@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#51430}
-
Yang Guo authored
R=petermarshall@chromium.org Bug: v8:7433 Change-Id: Ibeef2c6855b8ffb6076be889a859da513877171f Reviewed-on: https://chromium-review.googlesource.com/928563 Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#51429}
-
Sigurd Schneider authored
This CL removes a GC invocation which might not be needed anymore. Change-Id: I27c57936677ba2ec0bc32588c485a2c3b6ffed01 Reviewed-on: https://chromium-review.googlesource.com/928241Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#51428}
-
Ben L. Titzer authored
This CL changes the WASM implementation to access indirect function tables through the WasmContext, whereas previously indirect function tables and their sizes were constants that were inlined into compiled into code, requiring code patching. This is a necessary step for sharing code between instances and eventually, isolates. R=clemensh@chromium.org,mstarzinger@chromium.org Bug: v8:7424 Change-Id: Ida4138ed92729730dfbc0a81a84d8484b233d808 Reviewed-on: https://chromium-review.googlesource.com/895683 Commit-Queue: Ben Titzer <titzer@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#51427}
-
Sigurd Schneider authored
This CL also adds speculation to all Math builtins, and refactors the JSCallReducer. Bug: v8:7250, v8:7240 Change-Id: Icdaddb767e875bb191939d907f65c7a8dcf79b8b Reviewed-on: https://chromium-review.googlesource.com/873916 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#51426}
-
Martyn Capewell authored
Add support for CSDB in the 32-bit assembler, disassembler and simulator. Change-Id: I0e5432e4d219dd4699d5f9b7f911791acc87114c Reviewed-on: https://chromium-review.googlesource.com/928522Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Martyn Capewell <martyn.capewell@arm.com> Cr-Commit-Position: refs/heads/master@{#51425}
-
Marja Hölttä authored
(Simplifying the code in preparation for in-place weak references.) BUG=v8:7308 Change-Id: I8348e108ae12bcd5b218f2d987f34017a1eb5394 Reviewed-on: https://chromium-review.googlesource.com/928421 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#51424}
-
Gabriel Charette authored
Reland reason : fixed errors, see PS1->PS4 diff. Follow-up to https://chromium-review.googlesource.com/c/v8/v8/+/924867 This is the core goal of the initial CL @ https://chromium-review.googlesource.com/c/v8/v8/+/922103 which was since split into multiple to diagnose a bots-only failure. R=ulan@chromium.org (cherry picked from commit e9750cb8) Bug: chromium:812178 Change-Id: Ib9474b5c90bf11f4741a93ac35c99b4979e8b4f9 Reviewed-on: https://chromium-review.googlesource.com/925267 Commit-Queue: Gabriel Charette <gab@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#51423}
-
Clemens Hammacher authored
R=titzer@chromium.org Bug: v8:6600 Change-Id: Id2bd29b89a0db47d7e9ea957521df1558baa6e4a Reviewed-on: https://chromium-review.googlesource.com/926201 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Ben Titzer <titzer@chromium.org> Cr-Commit-Position: refs/heads/master@{#51422}
-
Ross McIlroy authored
Moves BackgroundParsingTask to compiler.cc and renames as BackgroundCompileTask. This moves code out api.cc and parsing/ into compiler.cc where it belongs. BUG=v8:7311,v8:5203 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: I08a72ab8a6bdb480f519d42b36875d347b801ddc Reviewed-on: https://chromium-review.googlesource.com/919481 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Marja Hölttä <marja@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Cr-Commit-Position: refs/heads/master@{#51421}
-
Martyn Capewell authored
Add support for CSDB, equivalent to HINT #20, in the system instruction space. Additionally, relax the "unallocated" identification of hint instructions that we don't support, such that they'll now disassemble as "unimplemented (System)" rather than "unallocated". Change-Id: Ia36d13fe17a98edb872f234e7cdda33d033618e8 Reviewed-on: https://chromium-review.googlesource.com/926806Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Martyn Capewell <martyn.capewell@arm.com> Cr-Commit-Position: refs/heads/master@{#51420}
-
Dan Elphick authored
Simplifies boolean logic since shortcuts mean most will never be executed and also replaces variables with constants to improve readability. Change-Id: Ic1678bc60c3e85daced758ce139f7d03c25632dc Reviewed-on: https://chromium-review.googlesource.com/928320Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#51419}
-
sreten.kovacevic authored
Implemented fp binops for both 32-bit and 64-bit operands. Bug: v8:6600 Change-Id: Ide223ad0df58f625adef2b2232d0e93c7dcb3524 Reviewed-on: https://chromium-review.googlesource.com/926802 Commit-Queue: Sreten Kovacevic <sreten.kovacevic@mips.com> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#51418}
-
Peter Marshall authored
This adds a frame state for the call to the executor in inlined promise constructors. We provide a continuation function in case of deopts which just returns the created promise. This is not totally correct yet: if the executor function also throws, we need to catch it and call the reject function instead. We also still need to add a frame state for the isCallable check on the executor, so that the stack is correct for the thrown TypeError. Bug: v8:7253 Change-Id: I3ee042ec82f1a9a35d59e576f6c8efe9bc98698c Reviewed-on: https://chromium-review.googlesource.com/926523Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#51417}
-
Mythri authored
We don't use parser caches anymore and request code caches explicitly using ScriptCompiler::CreateCodeCache. Hence removing the support for both parser cache and code cache options. They are still retained in CompileOptions for backwards compatibility. Apart from the api.cc, no other part should see this option. Bug: chromium:779254, chromium:783124 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: Ic8ad9afe3fa44bbb5adc71bdde59c0b4057a523d Reviewed-on: https://chromium-review.googlesource.com/916261 Commit-Queue: Mythri Alle <mythria@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#51416}
-
Choongwoo Han authored
- Use CallCFunction to call C implementation of copying elements for slice, instead of Runtime call - Copy elements without allocating handles when copying different types of typed arrays Bug: v8:5929 Change-Id: Icd4fed8846542e71b623e600ba9aaac64062f0d4 Reviewed-on: https://chromium-review.googlesource.com/920563 Commit-Queue: Peter Marshall <petermarshall@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#51415}
-
Clemens Hammacher authored
This allows liftoff compiled functions to receive f64 values as parameters and pass f64 values as arguments to called functions. R=titzer@chromium.org Bug: v8:6600 Change-Id: Ie7467b424ccdf1ec8b7f7625d9439ab4ea427022 Reviewed-on: https://chromium-review.googlesource.com/926105 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Ben Titzer <titzer@chromium.org> Cr-Commit-Position: refs/heads/master@{#51414}
-
Sigurd Schneider authored
Bug: v8:7327 Change-Id: Id1dbe6ad2cbf790075e360c5d0b5422d2ca4271b Reviewed-on: https://chromium-review.googlesource.com/928221Reviewed-by: Daniel Clifford <danno@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#51413}
-
v8-autoroll authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/10345cd..3206b7c Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/8273e47..7ae2122 TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org Change-Id: I215ea4470dc201c588ee5e270db83795bc6071e8 Reviewed-on: https://chromium-review.googlesource.com/927981Reviewed-by: v8 autoroll <v8-autoroll@chromium.org> Commit-Queue: v8 autoroll <v8-autoroll@chromium.org> Cr-Commit-Position: refs/heads/master@{#51412}
-
Sathya Gunasekaran authored
Change-Id: I5a706b015a36a7a176a03e740f3fc3c406e6a837 Reviewed-on: https://chromium-review.googlesource.com/927263 Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#51411}
-
Michael Achenbach authored
Before, configurations were chosen on clusterfuzz side. This migrates the choice to the V8 repo, to enable easier changing it and to allow sharing it between different fuzzers. NOTRY=true TBR=sergiyb@chromium.org Bug: chromium:813833 Change-Id: I9890a36fd6aab171d3e13172fc55b274f189e532 Reviewed-on: https://chromium-review.googlesource.com/927681Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#51410}
-
Adam Klein authored
This is the same treatment we give other numeric literals, and seems sensible since they end up referenced from Ignition's constant pool. R=jkummerow@chromium.org Bug: v8:6791 Change-Id: Ia689c709d402e4e87b7d2d22c582108400c25580 Reviewed-on: https://chromium-review.googlesource.com/922283 Commit-Queue: Adam Klein <adamk@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Cr-Commit-Position: refs/heads/master@{#51409}
-
Eric Holk authored
There were two failure paths where the CodeProtectionInfo object would not be freed. This adds a free() on those paths to prevent a memory leak. Bug: v8:7434 Change-Id: I48d60aee3255d829bf39b51cc30fabaf76b1fb07 Reviewed-on: https://chromium-review.googlesource.com/927746Reviewed-by: Brad Nelson <bradnelson@chromium.org> Commit-Queue: Eric Holk <eholk@chromium.org> Cr-Commit-Position: refs/heads/master@{#51408}
-
- 20 Feb, 2018 13 commits
-
-
Vasili Skurydzin authored
Disable download of prebuild clang binaries on AIX platform when fetching v8. Affects AIX only. Change-Id: Ib3ed02c2cb292e4815904cbe5fedfca19c347f81 Reviewed-on: https://chromium-review.googlesource.com/919187Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Junliang Yan <jyan@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#51407}
-
Clemens Hammacher authored
Liftoff currently allocates a stack frame of fixed size for each function, and bails out if more stack space is needed during code generation for the function. This CL prepares the interface and the assemblers on ia32 and x64 to allow patching of the stack frame size after the whole function body was generated. R=mstarzinger@chromium.org, titzer@chromium.org CC=sreten.kovacevic@mips.com Bug: v8:6600 Change-Id: Iff54ff65f3e6e13d53ff90ec34b2c5cf7d276d5e Reviewed-on: https://chromium-review.googlesource.com/925463 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Ben Titzer <titzer@chromium.org> Cr-Commit-Position: refs/heads/master@{#51406}
-
Justin Ridgewell authored
Too many files know how to deal with decoding, counting, and splitting UTF-8 into uc16 chars. This consolidates several callers who deal with full (Vector<char>, not streaming) bytes by using a UTF-8 Iterator to decode bytes into individual uc16 chars. R=marja@chromium.org Bug: Change-Id: Ia36df3e8c1abd0398415ad23a474557c71c19a01 Reviewed-on: https://chromium-review.googlesource.com/831093Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Justin Ridgewell <jridgewell@google.com> Cr-Commit-Position: refs/heads/master@{#51405}
-
Adam Klein authored
After f1a55180, we no longer have to deal with a case where we rewrite destructuring assignments belonging to some inner function. Remove a bit of code and add DCHECKs to reflect that fact. Change-Id: I7553e86d4ae2f6290853eee38f85d2f243b778a9 Reviewed-on: https://chromium-review.googlesource.com/922893Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#51404}
-
Adam Klein authored
Also delete a bit of dead code depending on dead types. Change-Id: I6cfc7e2f6c8fd006bd0de054bfc3e9f725996741 Reviewed-on: https://chromium-review.googlesource.com/923083Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#51403}
-
Deepti Gandluri authored
Bug: v8:6532 Change-Id: Ib11f01be1d7fec9107ceb0ee13add83da4b88e95 Reviewed-on: https://chromium-review.googlesource.com/924647Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Deepti Gandluri <gdeepti@chromium.org> Cr-Commit-Position: refs/heads/master@{#51402}
-
Bill Budge authored
- Changes assert to reflect that we might exceed the number of attempts to allocate a padded memory region while attempting to get an aligned allocation and return null instead. Bug: chromium:813587 Change-Id: I0e225f50b7a64a2f2a72de15322525574445efbd Reviewed-on: https://chromium-review.googlesource.com/926968Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#51401}
-
Gabriel Charette authored
This is in an attempt to diagnose why it's seen as a highly idle step in some traces, e.g. https://docs.google.com/document/d/1bdlWAWeP3j2yo2DYfeok6URqFCrt57yx-nucGMybGGQ/edit#heading=h.1baa99zf8jc0 https://drive.google.com/file/d/1kLfH1dM5TOJbiD2v_KJsxWXakpd2k-7q/view R=mlippautz@chromium.org Bug: chromium:813824 Change-Id: I743d9b7430a3970751398b4c5a4d569fbcae2cbe Reviewed-on: https://chromium-review.googlesource.com/926844Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Gabriel Charette <gab@chromium.org> Cr-Commit-Position: refs/heads/master@{#51400}
-
Michael Achenbach authored
This is a partial revert of: https://crrev.com/c/890938 and https://crrev.com/c/893982 Before this CL, the test runner blocked on ongoing tests in order to process their results after an internal timeout. However, the logic required for this feature was overly complicated and prevented an acceptable implementation for fast aborts. Furthermore, also the fuzzers suffered from timeouts on swarming due to hanging tests. Instead, we now abort immediately on internal timeout (used on fuzzers), SIGINT (Ctrl-C) and SIGTERM. Ongoing tests are immediately terminated and their results are disregarded. On SIGTERM and SIGINT, we return with non-zero exit codes, and zero on internal timeout. This will also properly return json output, when the external hard timeout is reached on swarming (causes SIGTERM). TBR=sergiyb@chromium.org Bug: v8:7423, chromium:813065 Change-Id: Ib20f835f58a0970693bdd3b21dc5d766d8e115d8 Reviewed-on: https://chromium-review.googlesource.com/924852Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#51399}
-
Ivica Bogosavljevic authored
During hash calculation, an array type was reinterpreted from uint16_[] to uint32_t[]. Uint32 arrays have stricter alignment requirements and these causes failures of several tests from the debugger suite. TEST=debugger/debug/debug-eval-scope Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel Change-Id: I463c7aeb56a1010ddfb0c34f8404f05b75e6c466 Reviewed-on: https://chromium-review.googlesource.com/926341 Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com> Reviewed-by: Dmitry Gozman <dgozman@chromium.org> Cr-Commit-Position: refs/heads/master@{#51398}
-
Michael Starzinger authored
This makes sure that an existing unmodified snapshot works together with the --branch-load-poisoning feature by unconditionally resetting the underlying register in {CEntryStub::Generate}. R=mvstanton@chromium.org Change-Id: I4d9f12a3b45bd7b46eda55a342beadf9b9a4bb8a Reviewed-on: https://chromium-review.googlesource.com/926365 Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/master@{#51397}
-
Stephan Herhut authored
For some wasm functions, name information is not available, resulting in a nullptr being passed to the profiling event listener. While we probably should have better names, this at least prevents a crash. Change-Id: I41bd7827124e9c193a076a57d3a134f5df1d6a15 Reviewed-on: https://chromium-review.googlesource.com/926367 Commit-Queue: Stephan Herhut <herhut@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#51396}
-
Tobias Tebbi authored
Without processing the input, a phi node can be flagged as unused and replaced with {Dead}, although it is used by a {DeadValue} node. Bug: chromium:808472 Change-Id: I7446883535b34770e31e4e26e1c242eb05673a91 Reviewed-on: https://chromium-review.googlesource.com/919362 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#51395}
-