- 06 Jul, 2015 15 commits
-
-
fedor authored
`WriteUtf16Slow` should not assume that the output buffer has enough bytes to hold both words of surrogate pair. It should pass the number of remaining bytes to the `Utf8::ValueOf` instead, just as we already do in `Utf8DecoderBase::Reset`. Otherwise it will attempt to write the trail uint16_t past the buffer boundary, leading to memory corruption and possible crash. Originally reported by: Kris Reeves <kris.re@bbhmedia.com> BUG=v8:4274 R=danno R=svenpanne LOG=y Review URL: https://codereview.chromium.org/1226493003 Cr-Commit-Position: refs/heads/master@{#29485}
-
verwaest authored
BUG= Review URL: https://codereview.chromium.org/1221363002 Cr-Commit-Position: refs/heads/master@{#29484}
-
machenbach authored
Revert of [test] Move test262-es6 into test262. (patchset #2 id:20001 of https://codereview.chromium.org/1215303008/) Reason for revert: [Sheriff] Breaks test262 on mac Original issue's description: > [test] Move test262-es6 into test262. > > BUG=v8:4254 > LOG=n > > Committed: https://crrev.com/aaa457b26f6c0f624cf5887e60dc497f6dccabae > Cr-Commit-Position: refs/heads/master@{#29479} TBR=rossberg@chromium.org,arv@chromium.org,littledan@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=v8:4254 Review URL: https://codereview.chromium.org/1227503002 Cr-Commit-Position: refs/heads/master@{#29483}
-
verwaest authored
BUG=chromium:506952 LOG=n Review URL: https://codereview.chromium.org/1226783002 Cr-Commit-Position: refs/heads/master@{#29482}
-
yangguo authored
R=ishell@chromium.org BUG=chromium:505539 LOG=N Review URL: https://codereview.chromium.org/1214373005 Cr-Commit-Position: refs/heads/master@{#29481}
-
machenbach authored
Also revert "[turbofan] Perform OSR deconstruction early and remove type propagation." This reverts commit b0a852e8. This reverts commit cdbb6c48. NOTRY=true NOTREECHECKS=true BUG=v8:4273 LOG=n TBR=bmeurer@chromium.org Review URL: https://codereview.chromium.org/1225743002 Cr-Commit-Position: refs/heads/master@{#29480}
-
machenbach authored
BUG=v8:4254 LOG=n Review URL: https://codereview.chromium.org/1215303008 Cr-Commit-Position: refs/heads/master@{#29479}
-
bmeurer authored
This way we don't have to deal with dead pre-OSR code in the graph and risk optimizing the wrong code, especially we don't make optimistic assumptions in the dead code that leaks into the OSR code (i.e. deopt guards are in dead code, but the types propagate to OSR code via the OsrValue type back propagation). BUG=v8:4273 LOG=n R=jarin@chromium.org Review URL: https://codereview.chromium.org/1215333005 Cr-Commit-Position: refs/heads/master@{#29478}
-
verwaest authored
BUG=v8:4137 LOG=n Review URL: https://codereview.chromium.org/1218813012 Cr-Commit-Position: refs/heads/master@{#29477}
-
bmeurer authored
The JSFrameSpecialization specializes an OSR graph to the current unoptimized frame on which we will perform the on-stack replacement. This is used for asm.js functions, where we cannot reuse the OSR code object anyway because of context specialization, and so we could as well specialize to the max instead. It works by replacing all OsrValues in the graph with their values in the JavaScriptFrame. The idea is that using this trick we get better performance without doing the unsound backpropagation of types to OsrValues later. This is the first step towards fixing OSR for TurboFan. R=jarin@chromium.org BUG=v8:4273 LOG=n Review URL: https://codereview.chromium.org/1225683004 Cr-Commit-Position: refs/heads/master@{#29476}
-
machenbach authored
Revert of Concurrent sweeping of code space. (patchset #4 id:60001 of https://codereview.chromium.org/1222013002/) Reason for revert: [Sheriff] Increased flaky crashes. See: https://code.google.com/p/v8/issues/detail?id=4275 Original issue's description: > Concurrent sweeping of code space. > > BUG= > > Committed: https://crrev.com/3050b52f57d652dc45c8baf416e174f22dc2c159 > Cr-Commit-Position: refs/heads/master@{#29456} TBR=jochen@chromium.org,hpayer@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG= Review URL: https://codereview.chromium.org/1223763003 Cr-Commit-Position: refs/heads/master@{#29475}
-
jochen authored
BUG=v8:4134 R=bmeurer@chromium.org LOG=n Review URL: https://codereview.chromium.org/1217123004 Cr-Commit-Position: refs/heads/master@{#29474}
-
jochen authored
BUG=v8:4131 R=bmeurer@chromium.org LOG=n Review URL: https://codereview.chromium.org/1224623004 Cr-Commit-Position: refs/heads/master@{#29473}
-
mstarzinger authored
The context constant cannot be materialized from the frame when we are compiling for OSR, because the context spill slot contains the current instead of the outermost context in full-codegen. R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/1220013003 Cr-Commit-Position: refs/heads/master@{#29472}
-
mstarzinger authored
This changes the OsrValue insertion in the AstGraphBuilder to emit a proper OsrValue instead of a special Parameter for the inner context value at the OSR entry point. R=titzer@chromium.org Review URL: https://codereview.chromium.org/1213043005 Cr-Commit-Position: refs/heads/master@{#29471}
-
- 05 Jul, 2015 2 commits
-
-
machenbach authored
Revert of Replace reduce-memory mode in idle notification with delayed clean-up GC. (patchset #17 id:320001 of https://codereview.chromium.org/1218863002/) Reason for revert: [Sheriff] Looks like it blocks the roll (bisected). Speculative revert. https://codereview.chromium.org/1210293003/ Original issue's description: > Replace reduce-memory mode in idle notification with delayed clean-up GC. > > BUG=490559 > LOG=NO > > Committed: https://crrev.com/0ecd9e1bd2c6b519d4e7285f46cb7e844bc2235c > Cr-Commit-Position: refs/heads/master@{#29451} TBR=hpayer@chromium.org,ulan@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=490559 Review URL: https://codereview.chromium.org/1226703002 Cr-Commit-Position: refs/heads/master@{#29470}
-
machenbach authored
Revert of Make ARM compiler happy after 0ecd9e1b (patchset #1 id:1 of https://codereview.chromium.org/1219863003/) Reason for revert: Revert in order to revert 0ecd9e1b Original issue's description: > Make ARM compiler happy after 0ecd9e1b > > BUG= > TBR=hpayer@chromium.org > NOPRESUBMIT=true > NOTREECHECKS=true > NOTRY=true > > Committed: https://crrev.com/bef1cbfdf9991f05ca142448098e8076cb7c2d26 > Cr-Commit-Position: refs/heads/master@{#29454} TBR=ulan@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG= Review URL: https://codereview.chromium.org/1221303002 Cr-Commit-Position: refs/heads/master@{#29469}
-
- 03 Jul, 2015 9 commits
-
-
verwaest authored
Additionally speed up instantiation of ObjectTemplates by preallocating enough space in the descriptor arrays BUG=v8:4184 LOG=n Review URL: https://codereview.chromium.org/1218403002 Cr-Commit-Position: refs/heads/master@{#29468}
-
verwaest authored
BUG=v8:4137 LOG=n Review URL: https://codereview.chromium.org/1224533003 Cr-Commit-Position: refs/heads/master@{#29467}
-
hpayer authored
BUG=chromium:506811 LOG=n Review URL: https://codereview.chromium.org/1225573002 Cr-Commit-Position: refs/heads/master@{#29466}
-
bmeurer authored
Currently we lower shifts directly to machine operators, and add an appropriate Word32And to implement the & 0x1F operation on the right hand side required by the specification. However for Word32And we assume Int32 in simplified lowering, which is basically changes the right hand side bit interpretation for the shifts from Uint32 to Int32, which is obviously wrong. So now we represent that explicitly by proper simplified operators for the shifts, which are lowered to machine in simplified lowering. R=jarin@chromium.org Review URL: https://codereview.chromium.org/1213803008 Cr-Commit-Position: refs/heads/master@{#29465}
-
yangguo authored
R=machenbach@chromium.org BUG=v8:4127 LOG=N Review URL: https://codereview.chromium.org/1215123002 Cr-Commit-Position: refs/heads/master@{#29464}
-
yangguo authored
LOG=N R=bmeurer@chromium.org BUG=chromium:506443 Review URL: https://codereview.chromium.org/1217673003 Cr-Commit-Position: refs/heads/master@{#29463}
-
Ilija.Pavlovic authored
MIPS: Disassembler enhancement. Disassembled branch instruction displays branch target absolute address. TEST=cctest/test-disasm-mips[64] BUG= Review URL: https://codereview.chromium.org/1213553004 Cr-Commit-Position: refs/heads/master@{#29462}
-
mstarzinger authored
This makes sure that the GC fully flushes the optimized code map when the serializer is preparing a snapshot. Otherwise closures and contexts could end up in the startup snapshot. R=hpayer@chromium.org TEST=cctest/test-serialize/SerializeInternalReference Review URL: https://codereview.chromium.org/1215063007 Cr-Commit-Position: refs/heads/master@{#29461}
-
titzer authored
Also add control inputs to 64-bit integer divide and modulus operations. R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/1223613002 Cr-Commit-Position: refs/heads/master@{#29460}
-
- 02 Jul, 2015 14 commits
-
-
dstence authored
R=mbrandy@us.ibm.com, michael_dawson@ca.ibm.com BUG= Review URL: https://codereview.chromium.org/1222133004 Cr-Commit-Position: refs/heads/master@{#29459}
-
ulan authored
BUG= Review URL: https://codereview.chromium.org/1222203003 Cr-Commit-Position: refs/heads/master@{#29458}
-
ulan authored
BUG=chromium:505776 LOG=NO Review URL: https://codereview.chromium.org/1221573003 Cr-Commit-Position: refs/heads/master@{#29457}
-
hpayer authored
BUG= Review URL: https://codereview.chromium.org/1222013002 Cr-Commit-Position: refs/heads/master@{#29456}
-
verwaest authored
BUG=v8:4137 LOG=n Review URL: https://codereview.chromium.org/1225493002 Cr-Commit-Position: refs/heads/master@{#29455}
-
ulan authored
BUG= TBR=hpayer@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true Review URL: https://codereview.chromium.org/1219863003 Cr-Commit-Position: refs/heads/master@{#29454}
-
mbrandy authored
Port 1fa4285e Original commit message: This involves: - Enabling the tail call optimization reducer in all cases. - Adding an addition flag to CallFunctionParameters to mark call sites that can be tail-called enabled. - Only set the tail-call flag for %_CallFunction. R=danno@chromium.org, dstence@us.ibm.com, michael_dawson@ca.ibm.com BUG= Review URL: https://codereview.chromium.org/1224533002 Cr-Commit-Position: refs/heads/master@{#29453}
-
jochen authored
BUG=v8:4134 R=vogelheim@chromium.org LOG=n Review URL: https://codereview.chromium.org/1219133004 Cr-Commit-Position: refs/heads/master@{#29452}
-
ulan authored
BUG=490559 LOG=NO Review URL: https://codereview.chromium.org/1218863002 Cr-Commit-Position: refs/heads/master@{#29451}
-
verwaest authored
Additionally rips out (now) unnecessary duplicate code in DefineArrayProperty. BUG= Review URL: https://codereview.chromium.org/1224523002 Cr-Commit-Position: refs/heads/master@{#29450}
-
conradw authored
Keeping this CL separate in case there are more GC-stress problems. BUG=v8:3956 LOG=N Review URL: https://codereview.chromium.org/1217543006 Cr-Commit-Position: refs/heads/master@{#29449}
-
conradw authored
BUG=v8:3956 LOG=N Review URL: https://codereview.chromium.org/1219663009 Cr-Commit-Position: refs/heads/master@{#29448}
-
verwaest authored
BUG=v8:4137 LOG=n Review URL: https://codereview.chromium.org/1221713003 Cr-Commit-Position: refs/heads/master@{#29447}
-
ulan authored
BUG= Review URL: https://codereview.chromium.org/1221083004 Cr-Commit-Position: refs/heads/master@{#29446}
-