- 07 Jun, 2017 22 commits
-
-
jarin authored
BUG=chromium:729369 Review-Url: https://codereview.chromium.org/2926063002 Cr-Commit-Position: refs/heads/master@{#45770}
-
Sathya Gunasekaran authored
Bug: v8:5717 Change-Id: Idf29fd079c0cdd6c2498b2ea5bfb54e0c0d52c56 Reviewed-on: https://chromium-review.googlesource.com/526433 Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#45769}
-
jgruber authored
Use the new ToString_Inline function instead, which performs a quick IsString check and calls the ToString builtin to handled conversion. This reduces builtins code size by 3K. BUG=v8:5737 Change-Id: I103e628b905aed9d74dd7b4c4a98c5b0a16fd476 Reviewed-on: https://chromium-review.googlesource.com/527133Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#45768}
-
Camillo Bruni authored
Bug: chromium:727000 Change-Id: I0fb6fecc9564aee97bcf7c0e9201c580572061be Reviewed-on: https://chromium-review.googlesource.com/525717 Commit-Queue: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#45767}
-
Michael Achenbach authored
Bug: v8:6408 Change-Id: I10a191561fbb1f0312b1c4270b21c393e8efe51c Reviewed-on: https://chromium-review.googlesource.com/527075Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#45766}
-
Alexey Kozyatinskiy authored
BytecodeArrayBreakIterator doesn't iterate through locations in position() order. SkipToPosition is looking for closest break_index to passed one. So we should iterate through all breakable locations in function to get all of them. R=jgruber@chromium.org Bug: v8:6469 Change-Id: Ida0b849e9df40458a13e0a0f7af6a00349088228 Reviewed-on: https://chromium-review.googlesource.com/527135Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> Cr-Commit-Position: refs/heads/master@{#45765}
-
danno authored
This CL contains a few pieces: - A new mechanism to create "BuiltinContinuation" checkpoints in TurboFan graphs, which--when triggered--swizzle the values in the the FrameState to be parameters to a typically TF-generated builtin that resumes execution to finish the slow-case functionality. - Continuation builtins that have special handling in the deoptimizer and their own new frame type to ensure that the values they need to begin executing can be stashed away and restored immediately before the builtin is called via a trampoline that runs when the continuation builtin's frame execution resumes. - An implementation of Array.prototype.forEach in TurboFan that can be used to inline it. The inlined forEach implementation uses the checkpoints mechanism described above to deopt in the middle of the forEach in the cases that optimization invariants are violated. There is a slightly different continuation stub for each deopt point in the forEach implementation to ensure the correct side-effects, i.e. that the deopt of the builtin isn't programmatically observable. Review-Url: https://codereview.chromium.org/2803853005 Cr-Commit-Position: refs/heads/master@{#45764}
-
hpayer authored
BUG=chromium:729521 CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_rel_ng Review-Url: https://codereview.chromium.org/2923563006 Cr-Commit-Position: refs/heads/master@{#45763}
-
Michael Starzinger authored
R=jkummerow@chromium.org Change-Id: I8e972d27c3f106b7838b4341a053b07f516d7c1e Reviewed-on: https://chromium-review.googlesource.com/527035Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#45762}
-
Ulan Degenbaev authored
This patch also changes String body descriptor to use synchronized length and adds atomic live_bytes accessor. BUG=chromium:694255 Change-Id: I41233b2097ec5c6a4ea2c45d4b8febf7ffca155e Reviewed-on: https://chromium-review.googlesource.com/527093Reviewed-by: Hannes Payer <hpayer@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#45761}
-
Ross McIlroy authored
Adds support for Speculatively lower ToPrimitiveToString to CheckString where the type hint shows the value has always been a string. BUG=v8:6243 Change-Id: I7f36deb8c2bc309e6d0546e099c76ac518c6be09 Reviewed-on: https://chromium-review.googlesource.com/521123 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#45760}
-
Jakob Kummerow authored
When the slow path for Array.prototype.indexOf calls a Proxy's "has" trap, it must check afterwards whether an exception was thrown. BUG=chromium:728813 Change-Id: I998bba6ddcd65adfed2eefb63b3285da60d2a43c Reviewed-on: https://chromium-review.googlesource.com/527173Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#45759}
-
Michael Starzinger authored
This removes the test suite variant for stressing Crankshaft from the list of supported variants. Other stress variants remain untouched. R=machenbach@chromium.org Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng Change-Id: Iad236c2b80a1dea21b8be9b931e6a4e88f3ebcc5 Reviewed-on: https://chromium-review.googlesource.com/527094Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#45758}
-
Mythri authored
This cl: https://chromium-review.googlesource.com/509613 changed CheckNotTaggedHole to not produce any value output. This would mean that in some cases, we could leak hole on value edges. This violates the assumption that we cannot see a hole on several operators. Fixing this back to the original state. Bug: chromium:730254 Change-Id: I3512930e88dbe15e9d9b4b0d276868f354cc2ae2 Reviewed-on: https://chromium-review.googlesource.com/527033Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Mythri Alle <mythria@chromium.org> Cr-Commit-Position: refs/heads/master@{#45757}
-
Ross McIlroy authored
Adds support for lowering of ToPrimitiveToString and StringConcat bytecodes to the corresponding builtins. As part of this, moves the interpreter implementation of these operations into the appropriate builtin generators and add builtin support for them. Also adds TailCallRuntimeN operator to code-assembler which enables tail calling a runtime function when the arguments have already been pushed onto the stack. BUG=v8:6243 Change-Id: Id5c851bc42e4ff490d9a23a8990ae331c7eac73e Reviewed-on: https://chromium-review.googlesource.com/515362 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#45756}
-
martyn.capewell authored
NEON loads and stores need notifiers for the local and global memory access monitors. Add these whilst removing the address argument from the notifier, making implementation simpler. BUG= Review-Url: https://codereview.chromium.org/2916853002 Cr-Commit-Position: refs/heads/master@{#45755}
-
Andreas Haas authored
The old implementation of Table.Set in wasm-js.cc accessed information which should be hidden from this level of abstraction, e.g. the internal structure of a WasmTableObject. With this CL, all that is done in wasm-js.cc is the extraction of parameters. The actual logic is happening in wasm-module.{h|cc}. This CL will also make refactoring wasm-module.cc easier. R=clemensh@chromium.org, mtrofin@chromium.org Change-Id: Ifbce6f739459dffc9f9d47e4cd8227638867f3e9 Reviewed-on: https://chromium-review.googlesource.com/525694 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#45754}
-
bmeurer authored
R=jarin@chromium.org, jkummerow@chromium.org Review-Url: https://codereview.chromium.org/2923983002 Cr-Commit-Position: refs/heads/master@{#45753}
-
jgruber authored
It's possible to build circular objects through the reviver function in JSON.parse. Recursion needs to check for stack overflows and throw as needed. BUG=chromium:729671 Change-Id: I52ccd9ed9fea5829810879f8dd8207043fa6d910 Reviewed-on: https://chromium-review.googlesource.com/525812 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#45752}
-
bmeurer authored
The inlining of Function.prototype.bind can lead to escape analyzed bound functions, which weren't handled by the Deoptimizer previously. BUG=chromium:729573 R=jarin@chromium.org,cbruni@chromium.org Review-Url: https://codereview.chromium.org/2931483003 Cr-Commit-Position: refs/heads/master@{#45751}
-
v8-autoroll authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/cd94ef8..d122cd7 Rolling v8/third_party/catapult: https://chromium.googlesource.com/external/github.com/catapult-project/catapult/+log/e7bf345..3919ea6 TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org Change-Id: I4f37b8a4bafb117002e6d8b5acc216835428b64c Reviewed-on: https://chromium-review.googlesource.com/526992Reviewed-by: v8 autoroll <v8-autoroll@chromium.org> Commit-Queue: v8 autoroll <v8-autoroll@chromium.org> Cr-Commit-Position: refs/heads/master@{#45750}
-
dgozman authored
... as opposite to a global per-isolate one. Also streamlined multiple checks into a single acceptsPause() method. BUG=chromium:590878 Review-Url: https://codereview.chromium.org/2925903002 Cr-Commit-Position: refs/heads/master@{#45749}
-
- 06 Jun, 2017 18 commits
-
-
sampsong authored
BUG= R=bjaideep@ca.ibm.com, jyan@ca.ibm.com, joransiu@ca.ibm.com, machenbach@chromium.org, rossberg@chromium.org Review-Url: https://codereview.chromium.org/2921293002 Cr-Commit-Position: refs/heads/master@{#45748}
-
dgozman authored
... when trying to resume or step. BUG=none Review-Url: https://codereview.chromium.org/2923243002 Cr-Commit-Position: refs/heads/master@{#45747}
-
Alexey Kozyatinskiy authored
Bug: v8:6197 Change-Id: I7b9e6d0979630dfd1ce5ee7f23f715cdb2f51802 R: dgozman@chromium.org Reviewed-on: https://chromium-review.googlesource.com/524045Reviewed-by: Dmitry Gozman <dgozman@chromium.org> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> Cr-Commit-Position: refs/heads/master@{#45746}
-
ulan authored
TBR=hpayer@chromium.org BUG=chromium:729868,chromium:729521 CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_rel_ng Review-Url: https://codereview.chromium.org/2929463002 Cr-Commit-Position: refs/heads/master@{#45745}
-
Igor Sheludko authored
Properly propagate the fact that the function has a statically known name from parser to SharedFunctionInfo objects. The empty string that has been set as name before this CL does not help to distinguish cases like: var o1 = { ''(){} }; var o1 = { [foo()](){} }; or var o2 = { get ''(){} }; var o2 = { get [foo()](){} }; This is a preliminary step for using different layouts for closure objects with and without computed names. TBR=bmeurer@chromium.org, marja@chromium.org Bug: v8:6459 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: I10afa6f4bda7881c3714711a75f720f83c1d875d Reviewed-on: https://chromium-review.googlesource.com/522073 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#45744}
-
kschimpf authored
Fixes issues raised in CL https://codereview.chromium.org/2887193002. That is: 1) Remove using mutex in Isolate::InitializeCounters(). 2) Use counters_shared_.get() instead of counters_ (and hence, also remove field counters_). BUG=v8:6361 Review-Url: https://codereview.chromium.org/2919953003 Cr-Commit-Position: refs/heads/master@{#45743}
-
dgozman authored
Found multiple issues (added TODOs for them): - isPaused() check is global, so one can resume from another session/context group without receiving 'paused' notification; - setBreakpointsActive flag is global affecting all sessions and context groups; - max async call stack depth is global, and should be per context group. BUG=chromium:590878 Review-Url: https://codereview.chromium.org/2921373002 Cr-Commit-Position: refs/heads/master@{#45742}
-
Daniel Vogelheim authored
R=marja@chromium.org CC=adamk@chromium.org Bug=v8:6401 Change-Id: Iac47c149d8c9136f4d0f5ef9844d2eaa95c2e497 Reviewed-on: https://chromium-review.googlesource.com/508696 Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org> Reviewed-by: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#45741}
-
Sathya Gunasekaran authored
OrderedHashSet doesn't need a ::Get, so we can move it to OrderedHashMap. Bug: v8:5717 Change-Id: I9606d8c4608473f9daecf8a87b4dd2e3b9570246 Reviewed-on: https://chromium-review.googlesource.com/522348Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#45740}
-
Clemens Hammacher authored
The regression is already fixed. This just adds a regression test to ensure it will never be reintroduced. R=ahaas@chromium.org BUG=chromium:729991 Change-Id: I5cf960cc756cbb7723041bc06a78d6a14c66e241 Reviewed-on: https://chromium-review.googlesource.com/525538Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#45739}
-
Franziska Hinkelmann authored
There's no point in using our own implemention of List for this. Bug:v8:6325 Change-Id: Ibe9a5c65df3c9ae577ece93616bcfa47f332c212 Reviewed-on: https://chromium-review.googlesource.com/489542Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Daniel Clifford <danno@chromium.org> Commit-Queue: Franziska Hinkelmann <franzih@chromium.org> Cr-Commit-Position: refs/heads/master@{#45738}
-
jgruber authored
This CL implements general infrastructure for block coverage together with initial support for if-statements. Coverage output can be generated in lcov format by d8 as follows: $ d8 --block-coverage --lcov=$(echo ~/simple-if.lcov) ~/simple-if.js $ genhtml ~/simple-if.lcov -o ~/simple-if $ chrome ~/simple-if/index.html A high level overview of the implementation follows: The parser now collects source ranges unconditionally for relevant AST nodes. Memory overhead is very low and this seemed like the cleanest and simplest alternative. Bytecode generation uses these ranges to allocate coverage slots and insert IncBlockCounter instructions (e.g. at the beginning of then- and else blocks for if-statements). The slot-range mapping is generated here and passed on through CompilationInfo, and is later accessible through the SharedFunctionInfo. The IncBlockCounter bytecode fetches the slot-range mapping (called CoverageInfo) from the shared function info and simply increments the counter. We don't collect native-context-specific counts as they are irrelevant to our use-cases. Coverage information is finally generated on-demand through Coverage::Collect. The only current consumer is a d8 front-end with lcov-style output, but the short-term goal is to expose this through the inspector protocol. BUG=v8:6000 CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_rel_ng Review-Url: https://codereview.chromium.org/2882973002 Cr-Commit-Position: refs/heads/master@{#45737}
-
dgozman authored
Revert of [inspector] Test how Profiler interacts with multiple sessions (patchset #3 id:30001 of https://codereview.chromium.org/2920313002/ ) Reason for revert: DCHECKS triggering in debug build. Original issue's description: > [inspector] Test how Profiler interacts with multiple sessions > > BUG=chromium:590878 > > Review-Url: https://codereview.chromium.org/2920313002 > Cr-Original-Commit-Position: refs/heads/master@{#45715} > Committed: https://chromium.googlesource.com/v8/v8/+/754f81e20e9e7abfb3ce82e73a3389a72f4657a6 > Review-Url: https://codereview.chromium.org/2920313002 > Cr-Commit-Position: refs/heads/master@{#45717} > Committed: https://chromium.googlesource.com/v8/v8/+/679604bdd2991a19cadf7ab5c462fc6f368f32fc TBR=alph@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=chromium:590878 Review-Url: https://codereview.chromium.org/2926533003 Cr-Commit-Position: refs/heads/master@{#45736}
-
georgia.kouveli authored
Inline SMI checks in ICs are performed with a TBZ/TBNZ instruction, which has a 32 kB range. To allow patching the SMI check, the location of the TBZ/TBNZ instruction is stored after the call to the IC using a MOVZ instruction, in particular using 11 bits of the immediate (so the number of instructions between the inline data and the SMI check must be encodable in 11 bits). To make sure we do not exceed these ranges, we need to block pool emission between the check, the patch info, and the label the check branches to. BUG= Review-Url: https://codereview.chromium.org/2917403002 Cr-Commit-Position: refs/heads/master@{#45735}
-
jarin authored
This takes into account the type of the type guard when choosing representation for a node. To make the representation changes unambiguous, we pass the restricted type to the changer. BUG=chromium:726554 Review-Url: https://codereview.chromium.org/2920193004 Cr-Commit-Position: refs/heads/master@{#45734}
-
Ulan Degenbaev authored
This reverts commit 0d06e42b. Reason for revert: clusterfuzz and canary crashes. BUG=chromium:729209,v8:6456 Original change's description: > [heap] Use partial free when shrinking instead of uncommitting > > This fixes the counter inconsistencies while leaving the memory in an > inaccessible state. > > Bug: chromium:724947 > Change-Id: I431eb6fda84922a52dfb9380c6b482ada55bccee > Reviewed-on: https://chromium-review.googlesource.com/519164 > Commit-Queue: Michael Lippautz <mlippautz@chromium.org> > Reviewed-by: Hannes Payer <hpayer@chromium.org> > Cr-Commit-Position: refs/heads/master@{#45647} TBR=hpayer@chromium.org,mlippautz@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: chromium:724947 Change-Id: I6c52b478b89a858ba984fe17f86cdf15fcfa974c Reviewed-on: https://chromium-review.googlesource.com/525716Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#45733}
-
bmeurer authored
Previously Ignition would collect precise Number feedback for binary operators, but TurboFan would just ignore that and treat it the same as NumberOrOddball. That however generates a lot of unnecessary code, plus it defeats redundancy elimination if the same input is also used by compare operations, which do properly distinguish feedback Number and NumberOrOddball. This CL adds the missing bits to connect the existing functionality properly, i.e. adding the missing BinaryOperationHint and using the NumberOperationHint::kNumber in the representation selection for tagged inputs. R=jarin@chromium.org Review-Url: https://codereview.chromium.org/2923543003 Cr-Commit-Position: refs/heads/master@{#45732}
-
Ulan Degenbaev authored
The boundary cells of the mark-bitmap can be access concurrently, so they need to be updated with atomic CAS. BUG=chromium:694255 Change-Id: Ibe85f00c8b4ccc61edc43b400c5b08a6d0ba620e Reviewed-on: https://chromium-review.googlesource.com/521103 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Cr-Commit-Position: refs/heads/master@{#45731}
-