- 30 Aug, 2016 11 commits
-
-
titzer authored
This CL is a prequisite for the stack machine changes, which will need to use temporaries in various places due to the stack height requirements on blocks. R=ahaas@chromium.org,bradnelson@chromium.org BUG= Review-Url: https://codereview.chromium.org/2280063002 Cr-Commit-Position: refs/heads/master@{#39001}
-
jbroman authored
It emits spurious -Wmaybe-uninitialized warnings. Initializing these variables shouldn't do any harm (with an optimizing compiler), so this seems the quickest way to mollify gcc. BUG=chromium:148757 Review-Url: https://codereview.chromium.org/2290653003 Cr-Commit-Position: refs/heads/master@{#39000}
-
jochen authored
Otherwise, we'd hold on to the resources until the embedder frees them which might take a long time R=marja@chromium.org,verwaest@chromium.org BUG= Review-Url: https://codereview.chromium.org/2297523002 Cr-Commit-Position: refs/heads/master@{#38999}
-
https://codereview.chromium.org/2289063002/machenbach authored
Reason for revert: Breaks tsan build generation: https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN/builds/11441 Original issue's description: > Update V8 DEPS. > > Rolling v8/build to 52f474cdb9e67007b938fd4a47220cb3c012e5e8 > > Rolling v8/third_party/WebKit/Source/platform/inspector_protocol to 84d90b2cc3f01a39bf73a8119a5cec0337d00c9f > > Rolling v8/tools/clang to 3e1948978834c16073c1b076410df1a80adda1f5 > > Rolling v8/tools/mb to ac239cc82ef08858d6f2b75216dd13afcdbc6ac3 > > TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org > > Committed: https://crrev.com/3b8a2e5129fec64674bb0191cba5aa4592d08d5f > Cr-Commit-Position: refs/heads/master@{#38995} TBR=hablich@chromium.org,vogelheim@chromium.org,v8-autoroll@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true Review-Url: https://codereview.chromium.org/2290163002 Cr-Commit-Position: refs/heads/master@{#38998}
-
oth authored
TBR=rmcilroy@chromium.org BUG=NONE Review-Url: https://codereview.chromium.org/2290633004 Cr-Commit-Position: refs/heads/master@{#38997}
-
jgruber authored
This was exposed on win64 and manifested as a negative offset during stack frame collection, i.e. pc < Code::instruction_start() for a BUILTIN frame. This happened because StackFrame::LookupCode returns the wrong code object when call is the last instruction in a code object: * pc is actually the return address for all but the topmost frame. * pc points at the next instruction after the call. * This is beyond the current code object if call is the last instruction. * Lookup itself is naive in that it just returns the first code object for which (next_code_obj_addr > pc). It does not check that pc is actually within [instruction_start, instruction_end[. * In this specific case, the pc (== return address) actually pointed at the beginning of the header of the next code object. * We finally calculated offset as (code->instruction_start() - pc), but with the wrong code object. This should be followed up by a proper fix at some point. For instance, this could be setting pc to (return address - 1) for all but the topmost frame. BUG=v8:5311 Review-Url: https://codereview.chromium.org/2284673002 Cr-Commit-Position: refs/heads/master@{#38996}
-
v8-autoroll authored
Rolling v8/build to 52f474cdb9e67007b938fd4a47220cb3c012e5e8 Rolling v8/third_party/WebKit/Source/platform/inspector_protocol to 84d90b2cc3f01a39bf73a8119a5cec0337d00c9f Rolling v8/tools/clang to 3e1948978834c16073c1b076410df1a80adda1f5 Rolling v8/tools/mb to ac239cc82ef08858d6f2b75216dd13afcdbc6ac3 TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org Review-Url: https://codereview.chromium.org/2289063002 Cr-Commit-Position: refs/heads/master@{#38995}
-
akos.palfi authored
Fixes the MIPS big-endian build after https://codereview.chromium.org/2276733002/ . BUG= Review-Url: https://codereview.chromium.org/2296473002 Cr-Commit-Position: refs/heads/master@{#38994}
-
zhengxing.li authored
port 56429fc1 (r38978) original commit message: Introduced MachineType::TaggedSigned() and TaggedPointer(). The idea is to quit using the representational dimension of Type, and instead encode this information in the MachineRepresentation (itself lightly wrapped in MachineType, along with MachineSemantic). There are three parts to the whole change: 1) Places that set the machine representation - constant nodes, loads nad stores, global object and native context specialization. 2) Places that propagate type/representation - this is representation inference (aka simplified lowering). At the end of this process we expect to have a MachineRepresentation for every node. An interesting part of this is phi merging. 3) Places that examine representation - WriteBarrier elimination does this. Currently it's looking at the Type representation dimension, but as a part of this change (or in a soon-to-follow change) it can simply examine the MachineRepresentation. BUG= Review-Url: https://codereview.chromium.org/2293603003 Cr-Commit-Position: refs/heads/master@{#38993}
-
zhengxing.li authored
port 1915762c (r38968) original commit message: These JavaScript operators were special hacks to ensure that we always operate on Smis for the magic for-in index variable, but this never really worked in the OSR case, because the OsrValue for the index variable didn't have the proper information (that we have for the JSForInPrepare in the non-OSR case). Now that we have loop induction variable analysis and binary operation hints, we can just use JSLessThan and JSAdd instead with appropriate Smi hints, which handle the OSR case by inserting Smi checks (that are always true). Thanks to OSR deconstruction and loop peeling these Smi checks will be hoisted so they don't hurt the OSR case too much. Drive-by-change: Rename the ForInDone bytecode to ForInContinue, since we have to lower it to JSLessThan to get the loop induction variable goodness. BUG= Review-Url: https://codereview.chromium.org/2286353003 Cr-Commit-Position: refs/heads/master@{#38992}
-
bmeurer authored
TBR=machenbach@chromium.org BUG=chromium:635798,chromium:638295 Review-Url: https://codereview.chromium.org/2288813003 Cr-Commit-Position: refs/heads/master@{#38991}
-
- 29 Aug, 2016 28 commits
-
-
mtrofin authored
This unblocks moving off having to hold on to a compiled module template. Once we don't have the template, when we have a single instance, the instance and wasm module share the same compiled code. We will want to clear that code off instance-specific stuff, when the instance is unreferenced and should be GC-ed (stuff like the instance heap, for instance). However, the deopt data will maintain a strong reference, blocking the GC: the module object strongly references the compiled code, which strongly references the instance object through the deopt data. This change addresses that by making that last reference weak. BUG=v8:5316 Review-Url: https://codereview.chromium.org/2284683005 Cr-Commit-Position: refs/heads/master@{#38990}
-
bradnelson authored
BUG=None TEST=None R=mtrofin@chromium.org Review-Url: https://codereview.chromium.org/2290803002 Cr-Commit-Position: refs/heads/master@{#38989}
-
jarin authored
Review-Url: https://codereview.chromium.org/2290583002 Cr-Commit-Position: refs/heads/master@{#38988}
-
bradnelson authored
This adds: * A script (tools/update-wasm-fuzzers.sh), which creates a new fuzzing seed corpus and uploads to google storage (you must have the right credentials). * A new pair of DEPS entries to pull in the current version of the corpus based on a checked in pair of hash files. BUG=None TEST=None R=ahaas@chromium.org,kcc@chromium.org,mvstanton@chromium.org Review-Url: https://codereview.chromium.org/2273303002 Cr-Commit-Position: refs/heads/master@{#38987}
-
littledan authored
Tail calls don't make sense from async functions and generators, as each activation of these functions needs to make a new, distnict, non-reused generator object. These tail calls are not required per spec. This patch disables both syntactic and implicit tail calls in async functions and generators. R=neis BUG=v8:5301,chromium:639270 Review-Url: https://codereview.chromium.org/2278413003 Cr-Commit-Position: refs/heads/master@{#38986}
-
mlippautz authored
V8 can use this metter to better estimate the amount of work that is still to be done by the embedder. Supposed to be used to decide whether incremental marking should be finalized or not. BUG=chromium:468240 R=ulan@chromium.org Review-Url: https://codereview.chromium.org/2291613002 Cr-Commit-Position: refs/heads/master@{#38985}
-
jbroman authored
The format of this is a little strange, and has to do with the previous implementation maintaining a "stack" of objects as it works. As a result, the format writes the array buffer before giving any hint that the reason for doing so is to obtain a view wrapping it. Handling this without creating an explicit on-heap stack requires checking whether the next tag is 'V' after obtaining an array buffer. BUG=chromium:148757 Review-Url: https://codereview.chromium.org/2287653002 Cr-Commit-Position: refs/heads/master@{#38984}
-
ahaas authored
The new fuzzer constructs a dummy module header and uses the fuzzer data only as function code. R=titzer@chromium.org, jochen@chromium.org Review-Url: https://codereview.chromium.org/2280623002 Cr-Commit-Position: refs/heads/master@{#38983}
-
franzih authored
Add comments to make it easier to browse the HTML documentation generated with Doxygen. BUG=v8:5260 Review-Url: https://codereview.chromium.org/2290553003 Cr-Commit-Position: refs/heads/master@{#38982}
-
ahaas authored
These DCHECKs are executed when a wasm module is instantiated. However, invalid load/store offsets should trigger runtime traps, not instantiation-time errors. R=titzer@chromium.org Review-Url: https://codereview.chromium.org/2285223002 Cr-Commit-Position: refs/heads/master@{#38981}
-
verwaest authored
This additionally gets rid of old approach to global shortcuts. BUG=v8:5209 Review-Url: https://codereview.chromium.org/2287173002 Cr-Commit-Position: refs/heads/master@{#38980}
-
marja authored
Parser::Declare has a lot of Scope-related logic inside; especially it does Lookup in Scope. Scope should be the class which knows how to declare variables in different kinds of Scopes, not Parser. BUG= Review-Url: https://codereview.chromium.org/2280033002 Cr-Commit-Position: refs/heads/master@{#38979}
-
mvstanton authored
Introduced MachineType::TaggedSigned() and TaggedPointer(). The idea is to quit using the representational dimension of Type, and instead encode this information in the MachineRepresentation (itself lightly wrapped in MachineType, along with MachineSemantic). There are three parts to the whole change: 1) Places that set the machine representation - constant nodes, loads nad stores, global object and native context specialization. 2) Places that propagate type/representation - this is representation inference (aka simplified lowering). At the end of this process we expect to have a MachineRepresentation for every node. An interesting part of this is phi merging. 3) Places that examine representation - WriteBarrier elimination does this. Currently it's looking at the Type representation dimension, but as a part of this change (or in a soon-to-follow change) it can simply examine the MachineRepresentation. BUG= Review-Url: https://codereview.chromium.org/2258073002 Cr-Commit-Position: refs/heads/master@{#38978}
-
bgeron authored
BUG= R=jarin Review-Url: https://codereview.chromium.org/2287313002 Cr-Commit-Position: refs/heads/master@{#38977}
-
bgeron authored
This removes test/webkit/fast/js/stack-overflow-arrity-catch.js, which tests that the stack overflows in a very particular way. It doesn't seem to test anything important, and only used to work because we didn't inline into try-blocks. BUG= R=jarin Review-Url: https://codereview.chromium.org/2216353002 Cr-Commit-Position: refs/heads/master@{#38976}
-
bmeurer authored
If we know statically that x and y are both in Unsigned32 or NaN or -0, and we have SignedSmall or Signed32 feedback for x % y, then we can take the feedback on the inputs and lower to Uint32Mod. Drive-by-fix: Refactor this logic into a separate method. R=jarin@chromium.org BUG=v8:5267 Review-Url: https://codereview.chromium.org/2287303002 Cr-Commit-Position: refs/heads/master@{#38975}
-
bgeron authored
- Make constants more interesting. - Add an addition to be done after the inlined call in the try-block. - On command line, have a bit more output. - New alternative that deopts from unoptimized code. BUG= R=jarin Review-Url: https://codereview.chromium.org/2285743002 Cr-Commit-Position: refs/heads/master@{#38974}
-
bmeurer authored
Infer exact types for the various Date getter builtins, and also inline the Date.prototype.getTime() builtin, which just returns the Date value and thus doesn't need to check the cache stamp. R=epertoso@chromium.org Review-Url: https://codereview.chromium.org/2285213002 Cr-Commit-Position: refs/heads/master@{#38973}
-
franzih authored
BUG= Review-Url: https://codereview.chromium.org/2284303003 Cr-Commit-Position: refs/heads/master@{#38972}
-
mlippautz authored
BUG=chromium:639818 R=ulan@chromium.org Review-Url: https://codereview.chromium.org/2288693002 Cr-Commit-Position: refs/heads/master@{#38971}
-
bmeurer authored
Drop the typing rules for the machine operators and replace them with UNREACHABLE. These typing rules were never correct and there's also no need to have those rules at all. Drive-by-fix: Remove the extremely annoying test-simplified-lowering.cc file, which is not very useful, but consumes a large amount of time to keep it compiling and passing. Instead we should introduce appropriate tests for the SimplifiedLowering that also test something meaningful w/o just cementing the implementation. R=jarin@chromium.org BUG=v8:5267 Review-Url: https://codereview.chromium.org/2292463002 Cr-Commit-Position: refs/heads/master@{#38970}
-
neis authored
This will be used for scope infos in a follow-up CL. R=adamk@chromium.org BUG=v8:1569 Review-Url: https://codereview.chromium.org/2277273002 Cr-Commit-Position: refs/heads/master@{#38969}
-
bmeurer authored
These JavaScript operators were special hacks to ensure that we always operate on Smis for the magic for-in index variable, but this never really worked in the OSR case, because the OsrValue for the index variable didn't have the proper information (that we have for the JSForInPrepare in the non-OSR case). Now that we have loop induction variable analysis and binary operation hints, we can just use JSLessThan and JSAdd instead with appropriate Smi hints, which handle the OSR case by inserting Smi checks (that are always true). Thanks to OSR deconstruction and loop peeling these Smi checks will be hoisted so they don't hurt the OSR case too much. Drive-by-change: Rename the ForInDone bytecode to ForInContinue, since we have to lower it to JSLessThan to get the loop induction variable goodness. R=epertoso@chromium.org BUG=v8:5267 Review-Url: https://codereview.chromium.org/2289613002 Cr-Commit-Position: refs/heads/master@{#38968}
-
heimbuef authored
Used a BitField to for Variable fields instead of relying on the compiler, saving some memory probably. This reduces sizeof(Variable) from 64 to 40 on x64 BUG=v8:5209 Committed: https://crrev.com/955606506c256ea389d6c4a8e07babfea512d190 Review-Url: https://codereview.chromium.org/2257493002 Cr-Original-Commit-Position: refs/heads/master@{#38891} Cr-Commit-Position: refs/heads/master@{#38967}
-
bmeurer authored
R=jarin@chromium.org BUG=v8:5267 Review-Url: https://codereview.chromium.org/2291433003 Cr-Commit-Position: refs/heads/master@{#38966}
-
bmeurer authored
Typing these operators should never happen and doesn't make any sense at all. R=jarin@chromium.org Review-Url: https://codereview.chromium.org/2286253002 Cr-Commit-Position: refs/heads/master@{#38965}
-
bmeurer authored
For asm.js we now have a dedicated AsmTyper, that uses it's own type system (which is tailored towards asm.js), and so we don't need the special asm.js types anymore in the TypeCache. This also moves the TypeCache into the src/compiler directory, because it doesn't make sense to use outside anyways. TBR=ahaas@chromium.org R=jarin@chromium.org BUG=v8:5267 Review-Url: https://codereview.chromium.org/2289573002 Cr-Commit-Position: refs/heads/master@{#38964}
-
bmeurer authored
There's no need to preserve the exact callee for lazy bailouts from JSCallFunction in the AstGraphBuilder, as fullcodegen code will never look at that value after the callee returns. So we just push optimized_out instead. BUG=v8:5267 R=jarin@chromium.org Review-Url: https://codereview.chromium.org/2285183002 Cr-Commit-Position: refs/heads/master@{#38963}
-
- 28 Aug, 2016 1 commit
-
-
hablich authored
Reland of Fix compiler warnings on "make android_arm" (patchset #1 id:1 of https://codereview.chromium.org/2286163002/ ) Reason for revert: Roll was unstuck before the revert landed => reland Original issue's description: > Revert of Fix compiler warnings on "make android_arm" (patchset #1 id:1 of https://codereview.chromium.org/2264283007/ ) > > Reason for revert: > Speculative revert because of roll blocker https://build.chromium.org/p/client.v8.ports/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20debug/builds/2241 > > Original issue's description: > > Fix compiler warnings on "make android_arm" > > > > Committed: https://crrev.com/3e809a6129d0097529c885579ac46e4acf4e99f6 > > Cr-Commit-Position: refs/heads/master@{#38937} > > TBR=bmeurer@chromium.org,jkummerow@chromium.org > # Not skipping CQ checks because original CL landed more than 1 days ago. > > Committed: https://crrev.com/d992c1f52f116930239ed90cc033442047e789b4 > Cr-Commit-Position: refs/heads/master@{#38961} TBR=bmeurer@chromium.org,jkummerow@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true Review-Url: https://codereview.chromium.org/2285113002 Cr-Commit-Position: refs/heads/master@{#38962}
-