- 14 May, 2018 1 commit
-
-
Benedikt Meurer authored
This reverts commit 42334363. Reason for revert: Seems to lead to floating point exceptions, i.e. with this code: ```js __v_0 = 'x'.repeat(); var __f_1 = (function __f_0() { "use asm"; function __f_1(__v_5, __v_0) { __v_5 = __v_5 | 0; __v_0 = __v_0 | 0; return ((__v_5 >>> 4) % (__v_0 >>> 1073741824)) | -1073741825; } return { __f_1: __f_1 }; })().__f_1; for (var __v_5 = 0; __v_5 < 4294967296; __v_5 += 3999773) {__v_5 % __v_0 | 0, __f_1(); } ``` Running with UBSan via `d8-ubsan-vptr-linux-release-v8-component-53134/d8 --random-seed=54105979 --disable-in-process-stack-traces --stress-marking=100 fuzz-02382.js` Original change's description: > [turbofan][x64] Reduce compare-zero followed by flags-setting binop > > On IA architecture, arithmetic and shifting operations set the flags > according to the computation result. > > subl rsi,0x1 > REX.W movq rbx,[rbx+0x17] > cmpl rsi, 0 <-- TO BE REDUCED > jnz 0x3f54d2dcef0 > ==> > REX.W movq rbx,[rbx+0x17] > subl rsi,0x1 > jnz 0x3f54d2dcef0 > & > orl rdx,rbx > cmpl rdx,0x0 <-- TO BE REDUCED > jnz 0x3f54d22b0f5 > ==> > orl rdx,rbx > jnz 0x3f54d22b0f5 > > Change-Id: If69c023712212ad7b9fa8b29f4b98274f7885e35 > Reviewed-on: https://chromium-review.googlesource.com/1051445 > Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> > Commit-Queue: Kanghua Yu <kanghua.yu@intel.com> > Cr-Commit-Position: refs/heads/master@{#53118} TBR=bmeurer@chromium.org,kanghua.yu@intel.com # Not skipping CQ checks because original CL landed > 1 day ago. Change-Id: I8a177b9268a2fefcd6877d8f33134e7e0c980926 Reviewed-on: https://chromium-review.googlesource.com/1057067Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#53137}
-
- 13 May, 2018 2 commits
-
-
peterwmwong authored
Change-Id: I37ed9115c099f3d17f23a26348a1bbf5f773ee32 Reviewed-on: https://chromium-review.googlesource.com/1056668Reviewed-by:
Daniel Clifford <danno@chromium.org> Commit-Queue: Peter Wong <peter.wm.wong@gmail.com> Cr-Commit-Position: refs/heads/master@{#53136}
-
Daniel Clifford authored
In the process, add a few simple tests for "constexpr" expressions, which identified a few bugs that are also fixed in this CL. Change-Id: I97486c781572642d2b574b92133b1f9cda3db592 Reviewed-on: https://chromium-review.googlesource.com/1055493 Commit-Queue: Daniel Clifford <danno@chromium.org> Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#53135}
-
- 11 May, 2018 17 commits
-
-
Hannes Payer authored
Bug: chromium:842083 Change-Id: Ic28d47df055277878cb8e066cd2276cedf06d3cf Reviewed-on: https://chromium-review.googlesource.com/1054074 Commit-Queue: Hannes Payer <hpayer@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#53134}
-
Alexei Filippov authored
Change-Id: I8b9308d7628d7efc2a2212ef3a3aa52ccddbfb36 Reviewed-on: https://chromium-review.googlesource.com/1048036 Commit-Queue: Alexei Filippov <alph@chromium.org> Reviewed-by:
Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#53133}
-
Matheus Marchini authored
Node.js still support older versions of clang, and some of those versions require us to explicitly declare default constructors for classes. While updating V8 to 6.7 on Node.js we hit a build failure on Mac OS X and FreeBSD because there was one constructor not complying with that rule. This commit fixes it. R=bmeurer@google.com, franzih@google.com, ofrobots@google.com, yangguo@google.com Bug: v8:7743 Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel Change-Id: I1f57f0c88c27e4755c9e05f6fedd9def55d8cb77 Reviewed-on: https://chromium-review.googlesource.com/1050666Reviewed-by:
Clemens Hammacher <clemensh@chromium.org> Reviewed-by:
Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com> Cr-Commit-Position: refs/heads/master@{#53132}
-
Michael Starzinger authored
This makes the fact that export wrapper code is shared across instances explicit by hanging the {export_wrappers} array off the module object instead of the instance-specific {WasmCompiledModule} object. R=titzer@chromium.org Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: Ic5c73bcc17f759e520c105317361e5654628b99e Reviewed-on: https://chromium-review.googlesource.com/1051987 Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by:Ben Titzer <titzer@chromium.org> Cr-Commit-Position: refs/heads/master@{#53131}
-
sreten.kovacevic authored
In case of {kLoadI32}, use same sequence of instructions as in case of {kI64LoadI32S}. This fixes irregular behavior on target. TEST=cctest/test-run-wasm/RunWasmLiftoff_I32ShrSOnDifferentRegisters Change-Id: I7ae6915c8b9bacb682e01db2c00f0c280dbb8254 Reviewed-on: https://chromium-review.googlesource.com/1054878Reviewed-by:Ivica Bogosavljevic <ivica.bogosavljevic@mips.com> Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com> Cr-Commit-Position: refs/heads/master@{#53130}
-
Ulan Degenbaev authored
This reverts commit be2f237d. Original change's description: > [heap] Unprotect code pages on demand in MinorMC > > This reduces average pause of MinorMC in Richards benchmark from 0.32ms > to 0.25ms: > > baseline pause > len: 22 > min: 0.3 > max: 0.6 > avg: 0.322727272727 > [0,5[: 22 > > pause > len: 22 > min: 0.2 > max: 0.7 > avg: 0.254545454545 > [0,5[: 22 > > Bug: chromium:651354 Change-Id: I9d70037dda612528368fb1ba330dc6f6510a14a6 Reviewed-on: https://chromium-review.googlesource.com/1055450Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#53129}
-
Ulan Degenbaev authored
The root visitor now collects marked roots in the marking worklist and filters out objects that are not in the new space. This reduces average marking time in MinorMC in Richards from 0.08ms to 0.04ms: baseline mark: len: 22 min: 0.07 max: 0.18 avg: 0.0809090909091 [0,5[: 22 mark len: 22 min: 0.03 max: 0.13 avg: 0.0409090909091 [0,5[: 22 Bug: chromium:651354 Change-Id: I979e2f5ba331f88029b69bab23978f7fcadb7024 Reviewed-on: https://chromium-review.googlesource.com/1055490 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by:
Hannes Payer <hpayer@chromium.org> Cr-Commit-Position: refs/heads/master@{#53128}
-
Ulan Degenbaev authored
This reverts commit 0bf9c60c. Reason for revert: breaks minor_mc bot Original change's description: > [heap] Unprotect code pages on demand in MinorMC > > This reduces average pause of MinorMC in Richards benchmark from 0.32ms > to 0.25ms: > > baseline pause > len: 22 > min: 0.3 > max: 0.6 > avg: 0.322727272727 > [0,5[: 22 > > pause > len: 22 > min: 0.2 > max: 0.7 > avg: 0.254545454545 > [0,5[: 22 > > Bug: chromium:651354 > Change-Id: I701ca800d7c6986534d1de2e3051476e91a88d7d > Reviewed-on: https://chromium-review.googlesource.com/1055507 > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Reviewed-by: Hannes Payer <hpayer@chromium.org> > Commit-Queue: Ulan Degenbaev <ulan@chromium.org> > Cr-Commit-Position: refs/heads/master@{#53125} TBR=ulan@chromium.org,hpayer@chromium.org,mlippautz@chromium.org Change-Id: Ib227e37fa60d608f94c3111a9b431baf0f488790 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:651354 Reviewed-on: https://chromium-review.googlesource.com/1053970Reviewed-by:
-
Michael Starzinger authored
R=titzer@chromium.org BUG=v8:7754,v8:7490 Change-Id: Ib6d34c1716f9f877c7e04391ee59c2a12df2d0d3 Reviewed-on: https://chromium-review.googlesource.com/1054873Reviewed-by:
Marja Hölttä <marja@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#53126}
-
Ulan Degenbaev authored
This reduces average pause of MinorMC in Richards benchmark from 0.32ms to 0.25ms: baseline pause len: 22 min: 0.3 max: 0.6 avg: 0.322727272727 [0,5[: 22 pause len: 22 min: 0.2 max: 0.7 avg: 0.254545454545 [0,5[: 22 Bug: chromium:651354 Change-Id: I701ca800d7c6986534d1de2e3051476e91a88d7d Reviewed-on: https://chromium-review.googlesource.com/1055507Reviewed-by:
-
Dan Elphick authored
This was already the case for 1-byte strings. This prevents crashes when attempting to externalize such strings. Bug: chromium:842078, v8:7464 Change-Id: I3092a6748edaf77b2689f7b6f6b949929998e508 Reviewed-on: https://chromium-review.googlesource.com/1054290Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Commit-Queue: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#53124}
-
Hannes Payer authored
Currently we are throwing an out-of-memory fatal error. Bug: chromium:840329 Change-Id: I736dee890b6a338b458c9a4cc1c3fbb95e95742b Reviewed-on: https://chromium-review.googlesource.com/1050285 Commit-Queue: Hannes Payer <hpayer@chromium.org> Reviewed-by:
Michael Starzinger <mstarzinger@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#53123}
-
Igor Sheludko authored
Bug: v8:7754 Change-Id: I44d20d55f5da0a0f95b89a565dbe21304c6d174c Reviewed-on: https://chromium-review.googlesource.com/1052111 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by:
-
Hannes Payer authored
Bug: chromium:842083 Change-Id: Ided2d8542e4501250208dde6146f00da77410f48 Reviewed-on: https://chromium-review.googlesource.com/1054234Reviewed-by:
-
Hannes Payer authored
Bug: chromium:842083 Change-Id: I4ce2b58aa7fcafe7e886a3c80d3ddf7bfe3e4415 Reviewed-on: https://chromium-review.googlesource.com/1055389 Commit-Queue: Hannes Payer <hpayer@chromium.org> Reviewed-by:
-
Hannes Payer authored
This reverts commit c280e7d4. Reason for revert: <INSERT REASONING HERE> Original change's description: > [heap] Clear the memory of pooled pages when allocating from the pool. > > Bug: chromium:999634 > Change-Id: Ia7a0dd6ddc2477a7656a26548e9a247470d9143f > Reviewed-on: https://chromium-review.googlesource.com/1041688 > Commit-Queue: Hannes Payer <hpayer@chromium.org> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Cr-Commit-Position: refs/heads/master@{#52948} TBR=hpayer@chromium.org,mlippautz@chromium.org Change-Id: I838d5fe1e6c6ac8b726a90a44b2eacbea9057866 Reviewed-on: https://chromium-review.googlesource.com/1054070 Commit-Queue: Hannes Payer <hpayer@chromium.org> Reviewed-by:
-
Kanghua Yu authored
On IA architecture, arithmetic and shifting operations set the flags according to the computation result. subl rsi,0x1 REX.W movq rbx,[rbx+0x17] cmpl rsi, 0 <-- TO BE REDUCED jnz 0x3f54d2dcef0 ==> REX.W movq rbx,[rbx+0x17] subl rsi,0x1 jnz 0x3f54d2dcef0 & orl rdx,rbx cmpl rdx,0x0 <-- TO BE REDUCED jnz 0x3f54d22b0f5 ==> orl rdx,rbx jnz 0x3f54d22b0f5 Change-Id: If69c023712212ad7b9fa8b29f4b98274f7885e35 Reviewed-on: https://chromium-review.googlesource.com/1051445Reviewed-by:
-
- 10 May, 2018 2 commits
-
-
Ivica Bogosavljevic authored
Test mjsunit/wasm/compiled-module-serialization fails on those architectures that do not support missaligned memory access. We fix this by adding padding between code header and code start in NativeModule serializer/deserializer so the code start is properly aligned. TEST=mjsunit/wasm/compiled-module-serializationx Change-Id: I4f35b78a1190194088795b6f09becc3ad4251fdb Reviewed-on: https://chromium-review.googlesource.com/1044186 Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com> Reviewed-by:
-
Dan Elphick authored
Avoid writing NumberOfElements to HashTable when it hasn't changed as the HashTable could be in RO_SPACE and this operation will crash. Bug: v8:841592 Change-Id: Iffadd567fc10aa9cd13d953da81275464b16c6c0 Reviewed-on: https://chromium-review.googlesource.com/1052693 Commit-Queue: Dan Elphick <delphick@chromium.org> Reviewed-by:
-
- 09 May, 2018 18 commits
-
-
Alexey Kozyatinskiy authored
Allocation is super slow and produce big performance regression on blink side. Bug: chromium:839567,chromium:839809 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: I3e9989435515ecfaedaee60c1f0c6939b9053e95 Reviewed-on: https://chromium-review.googlesource.com/1053105 Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> Reviewed-by:
-
Vincent Belliard authored
Remove cp from cache register list Bug: v8:6600 Change-Id: If17d4558e4f89dd620c757e2a8288658f1489435 Reviewed-on: https://chromium-review.googlesource.com/1047645Reviewed-by:
-
Alexei Filippov authored
We cannot drop the deprecated API right away because we need to keep binary compatiblity. As a short term solution create CPU profiler lazily if the API is called. BUG=v8:7070 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: I04029844895976b25db165f4fba6afbfe1681913 Reviewed-on: https://chromium-review.googlesource.com/1047848Reviewed-by:
-
Andreas Haas authored
The CompilationManager was introduced to manage the memory of AsyncCompileJobs. However, by now this can be done better by the new WasmEngine. This CL just moves the code to wasm-engine.[h,cc] and adjusts the callsites. R=titzer@chromium.org Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: Icd2c1f19feeaa854c74e020b41e314b8ad00cea5 Reviewed-on: https://chromium-review.googlesource.com/1052109Reviewed-by:
-
Clemens Hammacher authored
This is a reland of e084eea6. Undefined behavious was fixed in https://crrev.com/c/1051235. Original change's description: > Fix SourcePositionInfo for wasm > > In wasm we often don't have a SharedFunctionInfo associated with a > compilation job, so we can't get a Script. Just print "unknown" in > these cases (instead of crashing). > > R=titzer@chromium.org > CC=herhut@chromium.org > > Bug: chromium:840757, v8:7738 > Change-Id: I850c6adfd9e07c9a0f6dd018f1a9314feb89d887 > Reviewed-on: https://chromium-review.googlesource.com/1049632 > Commit-Queue: Clemens Hammacher <clemensh@chromium.org> > Reviewed-by: Ben Titzer <titzer@chromium.org> > Cr-Commit-Position: refs/heads/master@{#53080} TBR=titzer@chromium.org Bug: chromium:840757, v8:7738 Change-Id: If04040a33766955cfed78e7c27226dd04c3f9b9f Reviewed-on: https://chromium-review.googlesource.com/1051266Reviewed-by:
-
Igor Sheludko authored
Bug: v8:7570 Change-Id: I2101a3fed996385b076352d20a2ca4d65c31a828 Reviewed-on: https://chromium-review.googlesource.com/1044374 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by:
-
Clemens Hammacher authored
The 'pause' instruction is used for implementing retpolines. It is currently being printed as 'nop', which is incorrect. R=titzer@chromium.org Change-Id: I134b6dae332103fd7f9b3c4e5520f0d5db06ba74 Reviewed-on: https://chromium-review.googlesource.com/1051789Reviewed-by:
-
Clemens Hammacher authored
As SSCA mitigation, use retpoline for each indirect call. We currently only support retpolines on ia32 and x64. R=titzer@chromium.org Bug: v8:6600, chromium:798964 Change-Id: I32472c15e149977b00bf923f4d87e259b7b54800 Reviewed-on: https://chromium-review.googlesource.com/1052113Reviewed-by:
-
Clemens Hammacher authored
Code comments are heap-allocated and never freed. We don't want to attach them to the code object via a finalizer, since that could change gc timing and heap layout when you enable code comments. They are used to testing only anyway, so leaking is acceptable here. R=bmeurer@chromium.org, jarin@chromium.org Bug: v8:7738 Change-Id: I27b0f95db1d66b57f4f113c154f23edb84e6700d Reviewed-on: https://chromium-review.googlesource.com/1051241 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by:
-
Dominic Farolino authored
Implement console.countReset() from the WHATWG Console Standard R=bmeurer@chromium.org, dgozman@chromium.org, kozyatinskiy@chromium.org Bug: chromium:839947 Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel Change-Id: I8a900e9cdf3e5b08506f709cf6497476c8c6c00b Reviewed-on: https://chromium-review.googlesource.com/1044902Reviewed-by:
-
Andreas Haas authored
R=ulan@chromium.org CC=jbroman@chromium.org Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: I606a182774188b953247b62e5426ee7feadd1a74 Reviewed-on: https://chromium-review.googlesource.com/1047206 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by:
-
Andreas Haas authored
R=ulan@chromium.org Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: Iaa9968945ce8196de75b4c4a637bda9ee57c0509 Reviewed-on: https://chromium-review.googlesource.com/1047207Reviewed-by:
-
Marja Hölttä authored
Bug: v8:7308 Change-Id: I967e036dc584f585dddda0eef480389a33e45bdf Reviewed-on: https://chromium-review.googlesource.com/1046649Reviewed-by:
Igor Sheludko <ishell@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#53103}
-
Igor Sheludko authored
Plus a bit of CSA typification. Bug: v8:7725 Change-Id: I43fea4a4c0739f9c24d84035816b046e742372ee Reviewed-on: https://chromium-review.googlesource.com/1051653Reviewed-by:
-
Simon Zünd authored
This CL adds a counter for sorting non-packed JSArrays where Object.prototype was modified, or the prototype of the instance differs from Array.prototype. This is the V8 side of the change. The Chromium-side CL: https://crrev.com/c/1051651 R=jgruber@chromium.org Bug: v8:7382 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: I3ce9789a5df4bb9af5d1bfc89681fcd112e28e83 Reviewed-on: https://chromium-review.googlesource.com/1051650 Commit-Queue: Simon Zünd <szuend@google.com> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
-
Clemens Hammacher authored
The {CommentOperator}, used for implementing the --code-comments flag, is not UBSan-safe. This CL fixes this and adds a test which uses code comments. R=bmeurer@chromium.org Bug: v8:7744 Change-Id: Ia6ec509e77d998df085ac7377cb24854354e3aa2 Reviewed-on: https://chromium-review.googlesource.com/1051235 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: -
Marja Hölttä authored
The previous version was correct too, since we check sminess before. But with the new check, it's easier to see it's correct. BUG=v8:7308 Change-Id: I1632353ee5dfd305479858ec4a690b17bb70e6a6 Reviewed-on: https://chromium-review.googlesource.com/1039525Reviewed-by:
-
Clemens Hammacher authored
Instead of {base::AtomicNumber<intptr_t>} use {std::atomic<size_t>}, since we really want to store a size_t in there, and only abused negative values before to avoid a compare-and-swap loop. R=mstarzinger@chromium.org Bug: v8:7570 Change-Id: Ibff0fe0550396f11b343f7e3c098ccf94f6e8dbb Reviewed-on: https://chromium-review.googlesource.com/1049067Reviewed-by:
-
