- 16 Sep, 2015 20 commits
-
-
mtrofin authored
This is a performance bug, not a functional bug: we were losing grouping opportunities. BUG= Review URL: https://codereview.chromium.org/1342243003 Cr-Commit-Position: refs/heads/master@{#30776}
-
caitpotter88 authored
Some cleanup of ParsePropertyDefinition --- Replaces certain hacks with more structured, clean code, and adds additional comments to aid in comprehension of this tricky area of the ambiguous recursive descent parser. BUG=v8:3583 LOG=N R=adamk, aperez, wingo, rossberg Review URL: https://codereview.chromium.org/1348773004 Cr-Commit-Position: refs/heads/master@{#30775}
-
adamk authored
We already disallowed observing the global proxy; now we also disallow any observation of access-checked objects (regardless of whether the access check would succeed or fail, since there's not a good way to tell the embedder what kind of access is being requested). Also disallow Object.getNotifier for the same reasons. BUG=chromium:531891 LOG=y Review URL: https://codereview.chromium.org/1346813002 Cr-Commit-Position: refs/heads/master@{#30774}
-
domenic authored
This adds a utils object meant specifically for V8 extras, presenting a limited API surface for doing things that would otherwise require %-functions. BUG=v8:4276 LOG=Y R=jochen@chromium.org,yangguo@chromium.org Review URL: https://codereview.chromium.org/1343113003 Cr-Commit-Position: refs/heads/master@{#30773}
-
aperez authored
Defines a new --harmony-tolength flag, and a ToLengthFlagged() runtime function, that is used where ES6 requires ToLength(), but a pre-ES6 conversion existed before. When the flag is disabled, the function uses TO_UINT32(), which is the pre-ES6 behaviour. When the flag enabled, the ES6-compliant ToLength() conversion is used. Based on a patch initially from Diego Pino <dpino@igalia.com> BUG=v8:3087 LOG=Y Review URL: https://codereview.chromium.org/1309243003 Cr-Commit-Position: refs/heads/master@{#30772}
-
fedor authored
ArrayBuffer's backing store is a pointer to external heap, and can't be treated as a heap object. Doing so will result in crashes, when the backing store is unaligned. See: https://github.com/nodejs/node/issues/2791 BUG=chromium:530531 R=mlippautz@chromium.org LOG=N Review URL: https://codereview.chromium.org/1327403002 Cr-Commit-Position: refs/heads/master@{#30771}
-
karl authored
```` var array = new Uint8Array(65000); var startDate = Date.now(); var counter = 0; while (counter++ < 50000000) { array.subarray(start, end); } var endDate = Date.now(); print(endDate - startDate); ```` 4200 ms -> 3500 ms (16.67%) BUG= Review URL: https://codereview.chromium.org/1331993004 Cr-Commit-Position: refs/heads/master@{#30770}
-
caitpotter88 authored
Add support for `get` and `set` as shorthand properties. Also supports them for CoverInitializedName in BindingPatterns and (once implemented) AssignmentPatterns. BUG=v8:4412, v8:3584 LOG=N R=adamk, aperez, wingo, rossberg Review URL: https://codereview.chromium.org/1328083002 Cr-Commit-Position: refs/heads/master@{#30769}
-
mvstanton authored
This will catch an invalid receiver before being passed to a load ic miss handler in the runtime. BUG= R=jkummerow@chromium.org Review URL: https://codereview.chromium.org/1351493002 Cr-Commit-Position: refs/heads/master@{#30768}
-
mvstanton authored
There isn't a plan to turn it on soon, so we'll take it out in favor of cleaner code. BUG= Review URL: https://codereview.chromium.org/1202173002 Cr-Commit-Position: refs/heads/master@{#30767}
-
mstarzinger authored
This makes sure that the arguments object materialization in the method prologue is composable with respect to inlining. The generic runtime functions materializing those objects now respect the deoptimization information when reconstructing the original arguments. R=mvstanton@chromium.org Review URL: https://codereview.chromium.org/1340313003 Cr-Commit-Position: refs/heads/master@{#30766}
-
ivica.bogosavljevic authored
Fixing floating point register clobbering for MIPSr6 (32 and 64) due to using of f31 floating point register as double compare register, without saving the value of the register before using it. TEST=cctest/test-debug/* BUG= Review URL: https://codereview.chromium.org/1346623002 Cr-Commit-Position: refs/heads/master@{#30765}
-
jarin authored
Review URL: https://codereview.chromium.org/1348073002 Cr-Commit-Position: refs/heads/master@{#30764}
-
vogelheim authored
BUG=v8:4422 R=jochen@chromium.org LOG=Y Review URL: https://codereview.chromium.org/1346613002 Cr-Commit-Position: refs/heads/master@{#30763}
-
bmeurer authored
No need to rely on the %_IsConstructCall magic here, we can just implement the Symbol constructor in C++ altogether (it was just a stupid wrapper around %CreateSymbol anyway). R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/1349643002 Cr-Commit-Position: refs/heads/master@{#30762}
-
mstarzinger authored
This adds debug code that makes sure that the runtime functions that materialize arguments objects, {Runtime_New[Sloppy|Strict]Arguments}, are not being called from within an inlined scope. They would produce wrong results and we should avoid producing code that does this. R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/1343763002 Cr-Commit-Position: refs/heads/master@{#30761}
-
mlippautz authored
Adds concurrency support for: - MemoryChunk: Fragmentation counters - MemoryChunk: High-water mark - MemoryAllocator: Lowest and highest ever allocated addresses, size, and capacity R=hpayer@chromium.org BUG=chromium:524425 LOG=N This reverts commit 0db34dbe. BUG= Review URL: https://codereview.chromium.org/1346973002 Cr-Commit-Position: refs/heads/master@{#30760}
-
bmeurer authored
Implement the String constructor completely as native builtin, avoiding the need to do gymnastics in JavaScript builtin to properly detect the no argument case (which is different from the undefined argument case) and also allowing to just tailcall through to ToString or SymbolDescriptiveString for the common case. Also the JavaScript builtin was misleading since the case for construct call was unused, but could be triggered in a wrong way once we support tail calls from constructor functions. This refactoring allows us to properly implement subclassing for String builtins, once we have the correct initial_map on derived classes (it's merely a matter of using NewTarget instead of the target register now). This introduces a new %SymbolDescriptiveString runtime entry, which is also used by Symbol.toString() now. R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/1344893002 Cr-Commit-Position: refs/heads/master@{#30759}
-
mvstanton authored
BUG=v8:4423 LOG=N Review URL: https://codereview.chromium.org/1342013003 Cr-Commit-Position: refs/heads/master@{#30758}
-
jochen authored
R=hpayer@chromium.org BUG= NOTRY=true Review URL: https://codereview.chromium.org/1350633003 Cr-Commit-Position: refs/heads/master@{#30757}
-
- 15 Sep, 2015 20 commits
-
-
paul.lind authored
Same as https://codereview.chromium.org/1340303002/ BUG= Review URL: https://codereview.chromium.org/1339763005 Cr-Commit-Position: refs/heads/master@{#30756}
-
binji authored
R=jarin@chromium.org Review URL: https://codereview.chromium.org/1318713007 Cr-Commit-Position: refs/heads/master@{#30755}
-
adamk authored
Mark ArrayLiterals utilizing the spread operator as non-simple. This causes them to return false for IsCompileTimeValue, and thus causes spread to work as expected in nested literals. BUG=v8:4417 LOG=y Review URL: https://codereview.chromium.org/1336123002 Cr-Commit-Position: refs/heads/master@{#30754}
-
jarin authored
Review URL: https://codereview.chromium.org/1340303002 Cr-Commit-Position: refs/heads/master@{#30753}
-
mlippautz authored
Revert of [heap] Concurrency support for heap book-keeping info (patchset #4 id:60001 of https://codereview.chromium.org/1340923004/ ) Reason for revert: crashing: http://build.chromium.org/p/client.v8/builders/V8%20Win32%20-%20debug%20-%203/builds/4716 Original issue's description: > [heap] Concurrency support for heap book-keeping info. > > Adds concurrency support for: > - MemoryChunk: Fragmentation counters > - MemoryChunk: High-water mark > - MemoryAllocator: Lowest and highest ever allocated addresses, size, and > capacity > > R=hpayer@chromium.org > BUG=chromium:524425 > LOG=N > > Committed: https://crrev.com/63190721cda4966e01d71e92a730ce48ea789fbc > Cr-Commit-Position: refs/heads/master@{#30749} TBR=hpayer@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=chromium:524425 Review URL: https://codereview.chromium.org/1340323002 Cr-Commit-Position: refs/heads/master@{#30752}
-
mlippautz authored
Loads get an acquire, store/cas a release. Increment gets a full barrier. R=hpayer@chromium.org BUG= Review URL: https://codereview.chromium.org/1343883004 Cr-Commit-Position: refs/heads/master@{#30751}
-
bmeurer authored
The ES6 specification says that "Built-in functions that are ECMAScript function objects must be strict mode functions", which in particular means that you can never test for them using the "caller" field of a sloppy mode function. CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg,v8_linux_nosnap_dbg R=mstarzinger@chromium.org BUG=v8:105 LOG=n Review URL: https://codereview.chromium.org/1347663002 Cr-Commit-Position: refs/heads/master@{#30750}
-
mlippautz authored
Adds concurrency support for: - MemoryChunk: Fragmentation counters - MemoryChunk: High-water mark - MemoryAllocator: Lowest and highest ever allocated addresses, size, and capacity R=hpayer@chromium.org BUG=chromium:524425 LOG=N Review URL: https://codereview.chromium.org/1340923004 Cr-Commit-Position: refs/heads/master@{#30749}
-
mlippautz authored
Previously the mutex only guarded free_list_. The extension covers also allocation_list_. BUG=chromium:524425 LOG=N Review URL: https://codereview.chromium.org/1341293002 Cr-Commit-Position: refs/heads/master@{#30748}
-
bmeurer authored
Move the implementation of the Abstract Equality Comparison to the runtime and thereby remove the EQUALS dispatcher builtin. Also remove the various runtime entry points that were only used to support the EQUALS builtin. Now the Abstract Equality Comparison is also using the correct ToPrimitive implementation, which properly supports @@toPrimitive. CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg,v8_linux_nosnap_dbg R=mstarzinger@chromium.org BUG=v8:4307 LOG=n Review URL: https://codereview.chromium.org/1337993005 Cr-Commit-Position: refs/heads/master@{#30747}
-
hpayer authored
BUG= Review URL: https://codereview.chromium.org/1343043002 Cr-Commit-Position: refs/heads/master@{#30746}
-
chunyang.dai authored
port e7fb2339 (r30710). original commit message: Adds support for JS calls to the interpreter. In order to support calls from the interpreter, the PushArgsAndCall builtin is added which pushes a sequence of arguments onto the stack and calls builtin::Call. Adds the Call bytecode. BUG= Review URL: https://codereview.chromium.org/1334153004 Cr-Commit-Position: refs/heads/master@{#30745}
-
chunyang.dai authored
port eadfd666 (r30706). original commit message: The String constructor was somewhat complex with a lot of micro optimizations that are not relevant or even misguided. It would be really hard to port that code to ES6, which requires String to be subclassable. So as a first step we reduced the necessary complexity to the bare minimum (also removing the last user of the fairly complex MacroAssembler::LookupNumberStringCache method). This also removes the counters for the String constructor, which were not properly exposed anymore (and not kept in sync with inlined versions of the String constructor anyway). BUG= Review URL: https://codereview.chromium.org/1336133003 Cr-Commit-Position: refs/heads/master@{#30744}
-
chunyang.dai authored
port 9fc4fc14 (r30695). BUG= Review URL: https://codereview.chromium.org/1339293002 Cr-Commit-Position: refs/heads/master@{#30743}
-
mlippautz authored
R=hpayer@chromium.org BUG=chromium:524425 LOG=N Review URL: https://codereview.chromium.org/1340253004 Cr-Commit-Position: refs/heads/master@{#30742}
-
chunyang.dai authored
port 39604dda (r30693). original commit message: Just use a %ThrowStackOverflow runtime function instead, which does the trick, especially since the Isolate already has a preallocated StackOverflow error for that. BUG= Review URL: https://codereview.chromium.org/1344793002 Cr-Commit-Position: refs/heads/master@{#30741}
-
chunyang.dai authored
port 622fa0ea (r30691). original commit message: Currently we do this dance between the CallConstructStub, the CALL_* builtins and the %GetConstructorDelegate, %GetProxyTrap, and %Apply runtime functions for every [[Construct]] operation on non-function callables. This is complexity is unnecessary, and can be simplified to work without any JS builtin. This will also make it a lot easier to implement ES6 compliant [[Construct]] for proxies. Also sanitize the invariant for CallConstructStub, which up until now always restored the context itself, but that force us to always create another copy of all arguments in case of proxies and other callables, so we can relax that constraint by making the caller restore the context (this only affects fullcodegen, since the optimizing compilers already properly restore the context anyway). BUG= Review URL: https://codereview.chromium.org/1341233002 Cr-Commit-Position: refs/heads/master@{#30740}
-
chunyang.dai authored
X87: Vector ICs: The Oracle needs to report feedback for the object literals and the count operation. port 752b0308 (r30686). original commit message: The refactoring is because it's awkward and error-prone to deterimine which IC slot an ObjectLiteralProperty uses for feedback. The fix is for each one to know it's own slot. In the numbering pass, we allocate slots for the ObjectLiteral, then hand out those slots into the properties. It adds one word to the ObjectLiteralProperty expression - I'm investigating if thats a problem. This changes makes compiling the object literal cleaner across the three compilers. Also, the slot allocation logic in ObjectLiteral::ComputeFeedbackRequirements() was refactoring to mimic the style in full-codegen. This is useful since it must remain in sync with FullCodegen::VisitObjectLiteral(). BUG= Review URL: https://codereview.chromium.org/1341223002 Cr-Commit-Position: refs/heads/master@{#30739}
-
mstarzinger authored
The assumption that every function body produces a value does not hold for functions that e.g. unconditionally throw or endlessly loop. This fixes the inlining logic to handle such cases. R=bmeurer@chromium.org TEST=mjsunit/regress/regress-crbug-530598 BUG=chromium:530598 LOG=n Review URL: https://codereview.chromium.org/1333193005 Cr-Commit-Position: refs/heads/master@{#30738}
-
mvstanton authored
(reason for revert/reland: patch incorrectly left --vector-stores flag on, helpfully revealing some gcstress issues to look at, but they don't need to block this CL). Some pretty hacky code was used to carry out the tail-call handler dispatch on ia32 vector stores due to a lack of free registers. It really tanks performance. A better approach is to use a virtual register on the isolate. BUG= TBR=jkummerow@chromium.org, vogelheim@chromium.org Review URL: https://codereview.chromium.org/1346573002 Cr-Commit-Position: refs/heads/master@{#30737}
-