- 03 Sep, 2019 25 commits
-
-
Francis McCabe authored
This reverts commit 8b89a7c3. Reason for revert: GC Stress tests timing out. See https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20gc%20stress/24272 Original change's description: > Update GetIterator bytecode to load and call object[Symbol.iterator] > > The functionality of the GetIterator bytecode introduced previously is > now extended from loading the @@iterator property to calling the property > as well. This change basically absorbs the functionality of additional > two bytecodes - Star, CallProperty0 in the GetIterator bytecode. > Importantly, this change handles the cases of eager and lazy deoptimization > in the middle of the bytecode, i.e., lazy deopt for LdaNamedProperty and > eager deopt of the CallProperty0 bytecode, using the continuation builtins. > This mechanism can work as a template for the future bytecode that require > handling such inter-bytecode deopt scenario. The tests evaluating the eager > and lazy deopt scenarios are also included. > > Bug: v8:9489 > Change-Id: I93eb022bbc3d37582407820aa8482a343cac6c12 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1758313 > Commit-Queue: Swapnil Gaikwad <swapnilgaikwad@google.com> > Reviewed-by: Leszek Swirski <leszeks@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63528} TBR=rmcilroy@chromium.org,neis@chromium.org,leszeks@chromium.org,tebbi@chromium.org,swapnilgaikwad@google.com Change-Id: I9ae475f71275f71f1b9e60b8bf0578e21ce2704b No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:9489 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1783736Reviewed-by: Francis McCabe <fgm@chromium.org> Commit-Queue: Francis McCabe <fgm@chromium.org> Cr-Commit-Position: refs/heads/master@{#63536}
-
Dominik Inführ authored
This reverts commit 93063ade. Reason for revert: Clusterfuzz found issue. Original change's description: > [heap] Remove size from invalidated slots > > Slots are always valid inside an invalidated area when outside the > respective object's current size. This allows us to remove the size > from the InvalidatedSlots data structure. > > This change was enabled by https://crrev.com/c/1771793. > > Bug: v8:9454 > Change-Id: I2b5a7234d47227cb6ad8d67de20e9b5a2028ae83 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1773242 > Reviewed-by: Sigurd Schneider <sigurds@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63510} TBR=ulan@chromium.org,sigurds@chromium.org,tebbi@chromium.org,dinfuehr@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: v8:9454 Change-Id: I7daf96cf50aaedd4dbdab48fd550182df94e54bf Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1783106Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#63535}
-
Milad Farazmand authored
Port 85e2dbb3 R=zhin@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG= LOG=N Change-Id: I2edef96f0323a5fd480e3dab02b80f1ab401efd8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1780339Reviewed-by: Joran Siu <joransiu@ca.ibm.com> Reviewed-by: Zhi An Ng <zhin@chromium.org> Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#63534}
-
Z Nguyen-Huu authored
Bug: v8:8976 Change-Id: I6ed0a8d4b64a15b071d9b59121e08db9f6679694 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1779331 Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#63533}
-
Ng Zhi An authored
Bug: v8:8460 Change-Id: I529310a35b74964cb034b4c757981c7ec70f1d19 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1765442Reviewed-by: Bill Budge <bbudge@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#63532}
-
Ng Zhi An authored
Bug: v8:9666,v8:3770 Change-Id: I06ab353e9e3b492e73f692861280c0f278759e98 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1776843Reviewed-by: Martyn Capewell <martyn.capewell@arm.com> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#63531}
-
Toon Verwaest authored
Bug: chromium:999853 Change-Id: I5ff8a1d742b871487bc0b0235f4f24d0aaf5c20e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1782176 Auto-Submit: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#63530}
-
Jakob Kummerow authored
memcpy doesn't like being called with dest=nullptr and size=0. Change-Id: Ie01991834a867991ff51287cbe43d22f636b800e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781695Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Auto-Submit: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#63529}
-
Swapnil Gaikwad authored
The functionality of the GetIterator bytecode introduced previously is now extended from loading the @@iterator property to calling the property as well. This change basically absorbs the functionality of additional two bytecodes - Star, CallProperty0 in the GetIterator bytecode. Importantly, this change handles the cases of eager and lazy deoptimization in the middle of the bytecode, i.e., lazy deopt for LdaNamedProperty and eager deopt of the CallProperty0 bytecode, using the continuation builtins. This mechanism can work as a template for the future bytecode that require handling such inter-bytecode deopt scenario. The tests evaluating the eager and lazy deopt scenarios are also included. Bug: v8:9489 Change-Id: I93eb022bbc3d37582407820aa8482a343cac6c12 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1758313 Commit-Queue: Swapnil Gaikwad <swapnilgaikwad@google.com> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#63528}
-
Jakob Kummerow authored
This CL makes ThreadManager::InitThread *the* place that's responsible for initializing metadata for a new thread, and ensures that all new threads actually go through there. This was previously not the case, and e.g. test-lockers/LockerUnlocker exposed a case where some threads were trying to use another thread's simulator instance because the ThreadLocalTop on the Isolate was in inconsistent state. Change-Id: I302c643f420457f6ba73897fd45eb87969e1331c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781688 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Auto-Submit: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#63527}
-
Jakob Kummerow authored
to avoid undefined behavior on signed integer overflow. Change-Id: Ib55b427723a81dddc26f3ce4b2b3b8cc69c9c017 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1782166 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Auto-Submit: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#63526}
-
Maya Lekova authored
This is a reland of d82600ec Added missing builtin serializations that were breaking Clusterfuzz, layout tests and Speedometer. Original change's description: > [turbofan] Serialize missing objects > > Added a few objects to the standard objects list, as well as specific > builtins when the corresponding runtime calls are detected in the > serializer. Now JSHeapCopyReducer is needed only when concurrent > inlining is disabled. > > Bug: v8:7790 > Change-Id: I91d933611b0352df8ede4fded665f13669591fef > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781053 > Reviewed-by: Georg Neis <neis@chromium.org> > Commit-Queue: Maya Lekova <mslekova@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63509} Bug: v8:7790, chromium:1000136 Change-Id: I4775014bfe8100fb76f60e4088f1bdf2a8da64a2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781681 Commit-Queue: Maya Lekova <mslekova@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#63525}
-
Joshua Litt authored
NativeContext will soon outgrow the limits of the fixed sized map. This CL simply moves NativeContext back to the variable sized map. Bug: v8:9463 Change-Id: I477dc5f19ed22b5b2b8d3415daad9d87e785bdcb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1774185Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Joshua Litt <joshualitt@chromium.org> Cr-Commit-Position: refs/heads/master@{#63524}
-
Martyn Capewell authored
This reverts commit 2869d9de. Reason for revert: Failing on V8 Arm - debug Original change's description: > [turbofan,arm64] Add float loads poisoning. > > Also extend load poisoning testing for arm and arm64. > > This is a port of I1ef202296744a39054366f2bc424d6952c3bbe9d, > originally introduced for arm. > > Change-Id: I7d317bba6be633dd1e563daa7231d3c5e930f8e4 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1691032 > Commit-Queue: Martyn Capewell <martyn.capewell@arm.com> > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63519} TBR=rmcilroy@chromium.org,mvstanton@chromium.org,neis@chromium.org,tebbi@chromium.org,martyn.capewell@arm.com,artem.serov@arm.com Change-Id: I60ae552f98ae843d4fecbe163d60580a9f1a7068 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1782163Reviewed-by: Martyn Capewell <martyn.capewell@arm.com> Commit-Queue: Martyn Capewell <martyn.capewell@arm.com> Cr-Commit-Position: refs/heads/master@{#63523}
-
Santiago Aboy Solanes authored
The important bit is using MachineType::TaggedSigned instead of AnyTagged in CSA. Everything else, it's just the result of adding types to variables. SloppyTNode-ify LoadAndUntagToWord32ObjectField. Both LoadAndUntagSmi and StoreAndTagSmi were only used once, and their names were not clear. Inline those where they were used. TNodify: * ReloadBytecodeOffset * LoadAndUntagRegister * GetInterpretedFramePointer * Advance (the three variants) * SaveBytecodeOffset * BytecodeOffset Type variables: * interpreted_frame_pointer_ * bytecode_offset_ Create macros: * TYPED_VARIABLE_CONSTRUCTOR * TVARIABLE_CONSTRUCTOR which are similar to their non-typed counterparts. Bug: v8:7703, v8:6949 Change-Id: I776e3fe16ca642f868bb635b8bcd5b8b78ca6fea Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1758308Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#63522}
-
Michael Starzinger authored
R=clemensh@chromium.org TEST=mjsunit/wasm/asm-wasm-math-intrinsic BUG=v8:8505 Change-Id: I883c9ad174f7fda5ec5dd24e71ca674de51239b3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1782160Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#63521}
-
Jakob Gruber authored
The regexp species protector was recently moved from the isolate onto the native context to avoid cross-context pollution of the regexp fast path state. The implementation was incomplete. We unconditionally used the isolate's current native context, but it is possible for the object we are looking at to come from a different context (= its creation context). The fix is two-fold. 1. when speed is not too important (e.g. when invalidating the protector), grab the creation context off the object. 2. in the regexp fast path check, just document how our current solution is sufficient: although we may initially look at the wrong protector cell, we'd later bail out when comparing the object's map against the initial regexp map (stored on the current native context). Bug: v8:9463 Change-Id: I653732b573f2dd456b3c6b723653dcacf9ead591 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1776078 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Auto-Submit: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#63520}
-
Artem Serov authored
Also extend load poisoning testing for arm and arm64. This is a port of I1ef202296744a39054366f2bc424d6952c3bbe9d, originally introduced for arm. Change-Id: I7d317bba6be633dd1e563daa7231d3c5e930f8e4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1691032 Commit-Queue: Martyn Capewell <martyn.capewell@arm.com> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#63519}
-
Pierre Langlois authored
The `Instruction::IsValidImmPCOffset()` method was taking an `offset` argument in numbers of *instructions* while we were passing it numbers of *bytes*. See `Instruction::IsTargetInImmPCOffsetRange()` and `MacroAssembler::NeedExtraInstructionsOrRegisterBranch()`. As a result, we were 4 times too conservative when computing branch ranges going backwards, forcing us to generate the following sequence for TBZ more often than needed: ``` TBNZ <skip> B <target> skip: ``` This happened rarely for loops, but a lot when doing an early return from out-of-line calls to write barriers. Since out-of-line code is easily out of range of 8K, although the real range of TBZ is 32K. This fixes it by changing this method to take a byte offset instead of instructions, as this is more intuitive and in line with similar methods. For instance, `Instruction::ImmPcOffset()` returns an offset in bytes. The tests are adapted so that they would have caught such a bug: * TEST(far_branch_backward): This test used to only check the code worked if the branch was very far away, but it didn't test the range was correct. So this test was changed to check each branch type separately, and test in-range and out-of-range cases separately too. * TEST(far_branch_veneer_broken_link_chain): Because of the backwards range bug, this test wasn't actually testing what it should. The idea of the test is to make sure the MacroAssembler can still cope when the chain of links is broken after a veneer was emitted. But no veneers were ever emitted. Change-Id: Iddb5c683a71147455175f38fa7ae57da0a3e7337 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781058Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#63518}
-
Leszek Swirski authored
This reverts commit ab089c78. Reason for revert: Breaking GC stress (https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/27523) Original change's description: > [turbofan] Prepare for moving part of CreateGraph into the background > > - Pass Refs, not Handles, to graph builder, and drop bytecode array argument > (get it from SFI instead). > - Add some fields to FeedbackVectorRef that are needed to avoid heap access > in BytecodeGraphBuilderPhase. > - Rename FeedbackVectorRef's SerializeSlots to Serialize, since it's more > than just the feedback slots. > - Rearrange the last steps in PipelineCompilationJob::PrepareJobImpl such > that CreateGraph is last. > > Bug: v8:7790 > Change-Id: I4b17790d1d74da41ba63ee68e3a33968662fc398 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781682 > Reviewed-by: Maya Lekova <mslekova@chromium.org> > Commit-Queue: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63515} TBR=neis@chromium.org,mslekova@chromium.org Change-Id: I4dc95907657597d12cbe1ce6a8ebb694ef44e915 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:7790 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781687Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#63517}
-
Andreas Haas authored
In https://crrev.com/c/1768581 I only enabled the --wasm-staging flag, but that is useless without the implications defined in flag-definitions.h. With this CL I now just set each flag one by one. R=clemensh@chromium.org Bug: v8:9601 Change-Id: Ie0e16f9516aa32b8c958cf58c8c9d4d6cb6f3b22 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781060Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#63516}
-
Georg Neis authored
- Pass Refs, not Handles, to graph builder, and drop bytecode array argument (get it from SFI instead). - Add some fields to FeedbackVectorRef that are needed to avoid heap access in BytecodeGraphBuilderPhase. - Rename FeedbackVectorRef's SerializeSlots to Serialize, since it's more than just the feedback slots. - Rearrange the last steps in PipelineCompilationJob::PrepareJobImpl such that CreateGraph is last. Bug: v8:7790 Change-Id: I4b17790d1d74da41ba63ee68e3a33968662fc398 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781682Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#63515}
-
Maya Lekova authored
This reverts commit d82600ec. Reason for revert: Blocking the roll, see https://ci.chromium.org/p/chromium/builders/try/linux-rel/181725 Original change's description: > [turbofan] Serialize missing objects > > Added a few objects to the standard objects list, as well as specific > builtins when the corresponding runtime calls are detected in the > serializer. Now JSHeapCopyReducer is needed only when concurrent > inlining is disabled. > > Bug: v8:7790 > Change-Id: I91d933611b0352df8ede4fded665f13669591fef > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781053 > Reviewed-by: Georg Neis <neis@chromium.org> > Commit-Queue: Maya Lekova <mslekova@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63509} TBR=neis@chromium.org,mslekova@chromium.org Change-Id: I5eb8a8371994822debb852fc2a090ba585826d4a No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:7790 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1782157Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#63514}
-
Simon Zünd authored
"--print-scopes" uses the {function_} variable to print the function name and locals of a function scope. In case of a pre-parsed function, the function variable of the scope lives in a zone which is nuked after pre-parsing, while the scope lives on. This leaves the {function_} variable pointer in the scope in a state where it points to invalid memory, causing "--print-scopes" to crash. This CL fixes the crash by properly resetting the {function_} pointer. TBR=verwaest@chromium.org Change-Id: Id24dbb605bec883317f676265a920fe0ca662301 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1776094Reviewed-by: Simon Zünd <szuend@chromium.org> Commit-Queue: Simon Zünd <szuend@chromium.org> Auto-Submit: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#63513}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/5dd1782..4fa36b1 Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/9f64c5c..5198ea1 Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/6783233..2fef805 TBR=machenbach@chromium.org,tmrts@chromium.org Change-Id: I2357d1ea3e6b28825b4b952ad6bc5db852bdfb18 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1780230Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#63512}
-
- 02 Sep, 2019 15 commits
-
-
Michael Lippautz authored
Those object types can carry embedder fields as they are generated from embedder-provided function templates. Bug: v8:9672 Change-Id: Iaea794ba8bea2ffec3559131eecfe1941479759a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781048Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#63511}
-
Dominik Inführ authored
Slots are always valid inside an invalidated area when outside the respective object's current size. This allows us to remove the size from the InvalidatedSlots data structure. This change was enabled by https://crrev.com/c/1771793. Bug: v8:9454 Change-Id: I2b5a7234d47227cb6ad8d67de20e9b5a2028ae83 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1773242Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#63510}
-
Maya Lekova authored
Added a few objects to the standard objects list, as well as specific builtins when the corresponding runtime calls are detected in the serializer. Now JSHeapCopyReducer is needed only when concurrent inlining is disabled. Bug: v8:7790 Change-Id: I91d933611b0352df8ede4fded665f13669591fef Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781053Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#63509}
-
Jakob Gruber authored
.. and use it for generating faster loads of external references. This changes the stack check instruction sequence from mov ecx,0x567651dc // The address of the stack limit. cmp esp,[ecx] to cmp esp,[ebx+0x3c] This addressing mode was likely forgotten when we recently added root register support on ia32. Bug: chromium:998751,v8:9534 Change-Id: I3521519da1e9d373dfcd83831b3e399e0e9c895b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781056Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#63508}
-
Michael Achenbach authored
NOTRY=true Bug: v8:9601 Change-Id: I0406326dab681843ef8accadefa10a9e85593fb1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781055Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#63507}
-
Maya Lekova authored
Bug: v8:7790 Change-Id: I79b81d66751707756139db50720080a144bdcd38 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781045 Commit-Queue: Maya Lekova <mslekova@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#63506}
-
Yang Guo authored
R=sigurds@chromium.org Bug: chromium:956475 Change-Id: Ie4ccd84e1c239d771fd9238599c687782ddb1356 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1776097Reviewed-by: Simon Zünd <szuend@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#63505}
-
Leszek Swirski authored
Similar to https://crrev.com/c/1781047, WordEqual already does the right truncation in the instruction selector. Bug: v8:8948 Change-Id: I92e74bafab6a467aeca1570494e9044f9cf18c46 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781049 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#63504}
-
Ana Peško authored
This CL adds initial tests for the tier-up logic. Change-Id: I6e6ff69604b14387e81b08d178f98d2227b4f496 Bug: v8:9566 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1776080 Commit-Queue: Ana Pesko <anapesko@google.com> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#63503}
-
Thibaud Michaud authored
Allow the backward spilling heuristic to look and spill before the start of the current range. This solves a common scenario where control-flow aware allocation cannot apply the heuristic as efficiently as splintering because it creates smaller live ranges. Bug: v8:9088 Change-Id: I7f8af8bb9c82849fbae0c652baa5011fd890690e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1776085 Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#63502}
-
Igor Sheludko authored
... which already does good the right job of generating 32-bit comparisons while Word32Equal() seems to break some optimizations in TurboFan and produce a little bit slower code. Bug: v8:8948 Change-Id: I288656479fa32c34a7253c4879cb3566d7470a6a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781047 Commit-Queue: Igor Sheludko <ishell@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Auto-Submit: Igor Sheludko <ishell@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#63501}
-
Dan Elphick authored
If a bytecode mismatch occurs, the original and new bytecode are now printed along with the position of the bytecode mismatch. Bug: v8:8510 Change-Id: Ia3b016fb4e0edde46944533a6a768499b20678d2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1774722 Commit-Queue: Dan Elphick <delphick@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#63500}
-
Leszek Swirski authored
This is a reland of 0736599a. This is a reland of 7e1fbe8f. Original change description: > [ic] In-place Double -> Tagged transitions > > With no more MutableHeapNumber, we can make Double -> Tagged transitions > in-place, at the cost of an extra map check when accessing double fields > to make sure they are still doubles. > > Bug: v8:9606 > Change-Id: I74ff39ed6fba62ee223cd37dfe761f7d73020e1c > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1743973 > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Commit-Queue: Leszek Swirski <leszeks@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63374} TBR=verwaest@chromium.org, tebbi@chromium.org Bug: v8:9606 Change-Id: I2d1b7416064d743582f4983fb868316b7e8a4cf2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1777661Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#63499}
-
Georg Neis authored
Print the file name instead of the function name, as the function name can be ambiguous. Bug: v8:7790 Change-Id: I079eb0e5a0012aff1d241618d132ecd2d3d93c8f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781043Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#63498}
-
Georg Neis authored
- Add serialization for CallNoFeedback, which was missing. - Extend serialization for CallJSRuntime. - Serialize for calls to higher-order Array builtins. - Serialize for calls to Function#apply and Function#call. - Serialize for calls to Reflect.apply and Reflect.construct. - Serialize for calls to Promise constructor. - Fix ConvertReceiverMode in serialization for CallProperty. Bug: v8:7790 Change-Id: I4bba6f45f9b7948ed2ba9c70bd423a23ec29ecf7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1763530Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#63497}
-