- 18 May, 2017 3 commits
-
-
bmeurer authored
We already had an optimization to turn Function.prototype.apply with arguments object, i.e. function foo() { return bar.apply(this, arguments); } into a special operator JSCallForwardVarargs, which avoids the allocation and deconstruction of the arguments object, but just passes along the incoming parameters. We can do the same for rest parameters and spread calls/constructs, i.e. class A extends B { constructor(...args) { super(...args); } } or function foo(...args) { return bar(1, 2, 3, ...args); } where we basically pass along the parameters (plus maybe additional statically known parameters). For this, we introduce a new JSConstructForwardVarargs operator and generalize the CallForwardVarargs builtins that are backing this. BUG=v8:6407,v8:6278,v8:6344 R=jarin@chromium.org Review-Url: https://codereview.chromium.org/2890023004 Cr-Commit-Position: refs/heads/master@{#45388}
-
Mircea Trofin authored
We use Schedule::EnsureDeferredCodeSingleEntryPoint as a helper for hand-crafted builtin code, to ensure deferred code isn't entered from a mix of deferred and non-deferred code (invariant required for hot/cold allocation, or "splintering"). When we create a "merger" block, it may be the case that the original block had a few phi operands. Those need to be moved as well. This bug was uncovered by both v8:6390, and, earlier, by v8:5998. We fixed the earlier one by authoring a the builtin to avoid the need for EnsureDeferredCodeSingleEntryPoint. I proposed earlier an alternative where we'd replace the Ensure... method with a Verify, and throw early when the builtin is assembled, however, we may want to maintain the slightly higher level DSL for authoring builtins, and perform such graph adjustments for the lower level constraints afterwards, hence this current CL. Bug: v8:5998 v8:6390 Change-Id: Ia3143f7a66904fe480d8edb5b52bf915b8d185dc Reviewed-on: https://chromium-review.googlesource.com/505264 Commit-Queue: Mircea Trofin <mtrofin@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#45387}
-
v8-autoroll authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/8b49e99..ce01161 Rolling v8/third_party/catapult: https://chromium.googlesource.com/external/github.com/catapult-project/catapult/+log/37015fb..d76621c Rolling v8/third_party/icu: https://chromium.googlesource.com/chromium/deps/icu/+log/87232d8..fd2abab TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org Change-Id: Iba04b2ab7b423bc49897de8f159f7960fd0813a3 Reviewed-on: https://chromium-review.googlesource.com/508332Reviewed-by: v8 autoroll <v8-autoroll@chromium.org> Commit-Queue: v8 autoroll <v8-autoroll@chromium.org> Cr-Commit-Position: refs/heads/master@{#45386}
-
- 17 May, 2017 30 commits
-
-
bjaideep authored
Port 11a211ff Port 663a8ef4 Original Commit Message: Since the feedback vector is itself a native context structure, why not store optimized code for a function in there rather than in a map from native context to code? This allows us to get rid of the optimized code map in the SharedFunctionInfo, saving a pointer, and making lookup of any optimized code quicker. Original patch by Michael Stanton <mvstanton@chromium.org> R=rmcilroy@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG=v8:6246,chromium:718891 LOG=N Review-Url: https://codereview.chromium.org/2892663002 Cr-Commit-Position: refs/heads/master@{#45385}
-
Igor Sheludko authored
IC system does its best to properly mark stable transition source maps as unstable (see https://chromium-review.googlesource.com/483442) however an already recorded map can be deprecated later and the optimizing compiler may try to generate an elements kind transition from the updated version of deprecated map which can "become" stable again. Bug: chromium:723455 Change-Id: Ic0c392f153587c3cd7c7623a3a6ea85ec72ad5bd Reviewed-on: https://chromium-review.googlesource.com/507887 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#45384}
-
bjaideep authored
PPC/s390: [turbofan] [builtins] Unify construct builtins for JS functions and classes and add inlining and deoptimizer support Port 2026d5cb R=tebbi@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG=v8:6180 LOG=N Review-Url: https://codereview.chromium.org/2875073003 Cr-Commit-Position: refs/heads/master@{#45383}
-
Adam Klein authored
Mark Runtime::kInlineGeneratorGetContext as not needing a FrameState (matching the other Generator field-loading intrinsics) and avoid a call to PrepareEagerCheckpoint() in VisitResumeGenerator() (since there should never be a deopt during resume). Change-Id: I03a2d89914bc7de27bbfe6228ca115e635ea4c4e Reviewed-on: https://chromium-review.googlesource.com/506815Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#45382}
-
Tobias Tebbi authored
In analogy to the CHECK() macro, this generates an assertion check in CSA that is enabled in release builds. Intended for some security-relevant assertions in TypedArray builtins. Bug: Change-Id: Ie15a3892c4698a916bcd53bd9bfb4411eec6ebe4 Reviewed-on: https://chromium-review.googlesource.com/506158 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#45381}
-
tebbi authored
R=danno@chromium.org Review-Url: https://codereview.chromium.org/2814683002 Cr-Commit-Position: refs/heads/master@{#45380}
-
ulan authored
BUG=chromium:723600 Review-Url: https://codereview.chromium.org/2888093003 Cr-Commit-Position: refs/heads/master@{#45379}
-
Tobias Tebbi authored
Bug: v8:6380 Change-Id: I85728099bcf188929c81e234a34b2bc308ddab16 Reviewed-on: https://chromium-review.googlesource.com/506016 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/master@{#45378}
-
Michael Starzinger authored
This uses a separate temporary zone for running the asm.js parser, which can be discarded immediately after the parser finished validating one module. It reduces the lifetime of all data-structures local to the parser and only uses the compilation zone to hold the resulting module. R=clemensh@chromium.org Change-Id: I5f5a613e0abd24cd85a49ebd97f9ee7cee46b02a Reviewed-on: https://chromium-review.googlesource.com/506733 Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#45377}
-
Marja Hölttä authored
Super calls need to refer to .this_function, .new.target and this, and super property references need to refer to .this_function and this, so that the is_used for those variables will be set and they will be allocated correctly. BUG=v8:5516 Change-Id: Idc58539fccad70c995e029051b59a67ea66bff91 Reviewed-on: https://chromium-review.googlesource.com/506094Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#45376}
-
Jakob Kummerow authored
BUG=chromium:722756 Change-Id: I04fc7fa0b8ef1e56d25f829fc5c8f53ae439aa52 Reviewed-on: https://chromium-review.googlesource.com/507209Reviewed-by: Daniel Clifford <danno@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#45375}
-
Andreas Haas authored
This CL refactors the module decoder so that it can process a list of section buffers instead of one module buffer. This change is needed for streaming compilation. Streaming compilation may require additional changes. This CL introduces the following interface to the module decoder: StartDecoding -- starts the decoding DecodeModuleHeader -- decodes the module header DecodeSection -- decodes the section FinishDecoding -- finishes the decoding and returns the WasmModule Aside from the different interface the biggest change to the module decoder is the introduction of a buffer_offset, which is the offset of the current section buffer of the module decoder in the module bytes. This buffer_offset is used to translate from section offsets to module offsets and back. Another nice change is that the module decoder does not have a zone anymore. Instead the zone is stored directly in the WasmModule where it belongs. Zone ownership is also more obvious now. R=mtrofin@chromium.org, clemensh@chromium.org Change-Id: I815d777ec380f4c617c39e828ea0c9746c0bae20 Reviewed-on: https://chromium-review.googlesource.com/505490 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#45374}
-
Michael Starzinger authored
R=ahaas@chromium.org Change-Id: If0001d1b829540d76a3cef54a495322ca624d030 Reviewed-on: https://chromium-review.googlesource.com/507227Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#45373}
-
Georg Neis authored
AssembleCode will eventually be moved into ExecuteJob, i.e., off the main thread. Bug: v8:6048 Change-Id: If84ee2aaca6c8827cb769c7d69e5094fb4f32e4b Reviewed-on: https://chromium-review.googlesource.com/506669 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#45372}
-
Georg Neis authored
Original CL description: [compiler] Delay allocation of heap numbers for deoptimization literals. ... until after the main bulk of code generation, which will soon run on a different thread. Bug: v8:6048, chromium:722978 Change-Id: I690c0b009211a2bac60cf06f577720a914c21000 Reviewed-on: https://chromium-review.googlesource.com/507207Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#45371}
-
Marja Hölttä authored
AstNodeFactory used to get the Zone directly from AstValueFactory. But that's generally the wrong Zone (the main Zone, instead of the temp Zone), and the creator of AstNodeFactory had to call set_zone right after. By adding a Zone param, we can pass the correct Zone right away. Also made PreParserFactory have an AstNodeFactory, so that we don't need to create temporary AstNodeFactories all the time. Also removed AstNodeFactory::BodyScope since DiscardableZoneScope essentially did the same thing already. BUG=v8:5516,v8:6092 Change-Id: I189d2e6afe91c91e49d8ed7e3496a0d9c405e1c5 Reviewed-on: https://chromium-review.googlesource.com/507129 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org> Cr-Commit-Position: refs/heads/master@{#45370}
-
Marja Hölttä authored
Previous version was https://chromium-review.googlesource.com/502808 BUG=v8:5402 Change-Id: If327f4d7884577b7e5e6159372bf28a80cd21e51 Reviewed-on: https://chromium-review.googlesource.com/506073 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#45369}
-
Michael Starzinger authored
This makes message reporting use the same message text for the normal as well as --predictable execution. Running in predictable mode should just suppress all asm.js messages wholesale if needed. R=clemensh@chromium.org Change-Id: Ice1e83c4b098fbc4c3b301c685614afe26190016 Reviewed-on: https://chromium-review.googlesource.com/506093Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#45368}
-
mmoroz authored
Non-printable characters do not make sense. Inputs with non balanced brackets are mostly useless as well. This validation function makes the fuzzer 15-20x faster. Also use -only_ascii=1 option of libFuzzer: https://codereview.chromium.org/2875933003 BUG=chromium:584819 Review-Url: https://codereview.chromium.org/2881583002 Cr-Commit-Position: refs/heads/master@{#45367}
-
Georg Neis authored
This reverts commit bb90a2e8. Reason for revert: https://bugs.chromium.org/p/chromium/issues/detail?id=722978 Original change's description: > [compiler] Delay allocation of heap numbers for deoptimization literals. > > ... until after the main bulk of code generation, which will soon run on a > different thread. > > R=jarin@chromium.org > > Bug: v8:6048 > Change-Id: I12aaaf2725e2422f588c29f50084eb77b56ad9a5 > Reviewed-on: https://chromium-review.googlesource.com/505616 > Commit-Queue: Georg Neis <neis@chromium.org> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> > Cr-Commit-Position: refs/heads/master@{#45340} TBR=jarin@chromium.org,neis@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true Bug: v8:6048 Change-Id: I161f175685c24dc59ee4e761ea6d00a235573e7a Reviewed-on: https://chromium-review.googlesource.com/506021Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#45366}
-
Clemens Hammacher authored
The underlying issue is that TF Nodes cannot handle input counts outside the integer range. On an illegal br_table instruction, we generated a switch node with a control output count >kMaxInt. Operator::ControlOutputCount turned this into a negative integer later, leading to a failing DCHECK. Since such large numbers cannot occur in any valid wasm function anyway, we just add an additional check to the br table count. There is already a TODO in the code to change Operator::ControlOutputCount to size_t. R=ahaas@chromium.org BUG=chromium:722445 Change-Id: I1975072226e073dee6c8da3b9fa9a050a4695917 Reviewed-on: https://chromium-review.googlesource.com/505496Reviewed-by: Andreas Haas <ahaas@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#45365}
-
Clemens Hammacher authored
The interpreter does not implement all asm.js specific opcodes. Thus the combination of --validate-asm and --wasm-interpret-all might crash. The interpreter does not need to execute asm.js modules, as they are debugged by executing them in turbofan instead of the wasm interpreter. This CL thus excludes asm.js modules from --wasm-interpret-all. R=ahaas@chromium.org BUG=chromium:719175 Change-Id: I14228ea11ee3ea8a229cfa6e4179338a442b6cca Reviewed-on: https://chromium-review.googlesource.com/506160 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#45364}
-
Michael Lippautz authored
Bug: chromium:651354 Change-Id: I9df2ca542112f04787987bda67657fc4015787b5 Reviewed-on: https://chromium-review.googlesource.com/506152 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#45363}
-
Michael Starzinger authored
This encapsulates message reporting into separate functions independent from the logic of asm.js compilation and instantiation. It is mostly refactoring with a small fix to also report successful instantiation of the "single function" case. R=clemensh@chromium.org Change-Id: I89c2d62707e891bf51c19945c4067195f41290a4 Reviewed-on: https://chromium-review.googlesource.com/506195 Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#45362}
-
bmeurer authored
Migrate the Object.keys builtin to the CodeStubAssembler and use the enum cache backing store whenever it is available. This gives a nice speedup of 1.5x to 2x when using Object.keys on fast-mode objects that have (or can have) an enum cache. R=cbruni@chromium.org BUG=v8:5269,v8:6405 Review-Url: https://codereview.chromium.org/2853393002 Cr-Commit-Position: refs/heads/master@{#45361}
-
Michael Lippautz authored
TBR=ulan@chromium.org Bug: chromium:651354 Change-Id: Ib3a53a62e048e438bc31cbfd2ea44d17fd6a3b94 Reviewed-on: https://chromium-review.googlesource.com/506204Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#45360}
-
Andrii Shyshkalov authored
Example failure: https://uberchromegw.corp.google.com/i/tryserver.v8/builders/v8_node_linux64_rel/builds/2022/steps/update%20v8/logs/stdio R=machenbach@chromium.org Bug: chromium:722853 Change-Id: I5483dd7e09ac20fce214cd90ca949118fe1e52b0 Reviewed-on: https://chromium-review.googlesource.com/505622 Commit-Queue: Andrii Shyshkalov <tandrii@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#45359}
-
Michael Achenbach authored
TBR=phajdan.jr@chromium.org NOTRY=true Change-Id: Ifaec5818beda86020f14b2be39821759a3ee058e Reviewed-on: https://chromium-review.googlesource.com/506731Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#45358}
-
v8-autoroll authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/7571a8a..8b49e99 TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org Change-Id: I23ffca10b9188f67adf5fd9436f71974f9db85e4 Reviewed-on: https://chromium-review.googlesource.com/505637Reviewed-by: v8 autoroll <v8-autoroll@chromium.org> Commit-Queue: v8 autoroll <v8-autoroll@chromium.org> Cr-Commit-Position: refs/heads/master@{#45357}
-
dgozman authored
BUG=none Review-Url: https://codereview.chromium.org/2887013002 Cr-Commit-Position: refs/heads/master@{#45356}
-
- 16 May, 2017 7 commits
-
-
dgozman authored
This brings clear separation to tasks vs isolate management. BUG=none Review-Url: https://codereview.chromium.org/2885253002 Cr-Commit-Position: refs/heads/master@{#45355}
-
kozyatinskiy authored
By default we just break when we first time reach passed location, with current - we'll break at passed location only when it happens within the same stack frame. BUG=v8:6397 R=dgozman@chromium.org Review-Url: https://codereview.chromium.org/2879923003 Cr-Commit-Position: refs/heads/master@{#45354}
-
Michael Lippautz authored
Adds a generic job that is based on items and tasks. Bug: chromium:651354 Change-Id: I378e04741c5761ea6c4a74816b9af8ea22867f53 Reviewed-on: https://chromium-review.googlesource.com/506075 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#45353}
-
dgozman authored
This will make it easier to create more connections/context groups. BUG=none Review-Url: https://codereview.chromium.org/2886903003 Cr-Commit-Position: refs/heads/master@{#45352}
-
bbudge authored
- Adds vdup.<size> Dd/Qd, Dm[i] instruction. - Adds vsli, vsri instructions. - Changes VMovExtended to use these to avoid moves to core registers. LOG=N BUG=v8:6020 Review-Url: https://codereview.chromium.org/2868603002 Cr-Commit-Position: refs/heads/master@{#45351}
-
Franziska Hinkelmann authored
No need to return an empty map. Return a JSObject instead. Bug: v8:5933 Change-Id: I9fb727c5e1920ba94fd3d5e7ef2a7d9d602f56d8 Reviewed-on: https://chromium-review.googlesource.com/506194Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Franziska Hinkelmann <franzih@chromium.org> Cr-Commit-Position: refs/heads/master@{#45350}
-
kozyatinskiy authored
So continue to location can be called only for one context group id at the same time. BUG=v8:6397 Review-Url: https://codereview.chromium.org/2882213004 Cr-Commit-Position: refs/heads/master@{#45349}
-