- 12 Jan, 2018 18 commits
-
-
Clemens Hammacher authored
Liftoff could only call to code object on the gc heap so far. This CL extends this to support calls to the native wasm heap. This became urgent since --jit-to-native is enabled by default now. R=titzer@chromium.org Bug: v8:6600 Change-Id: Ie07416a4041d4e6ea26a8c315008a41d81f52aab Reviewed-on: https://chromium-review.googlesource.com/863667 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by:
Ben Titzer <titzer@chromium.org> Cr-Commit-Position: refs/heads/master@{#50537}
-
Yang Guo authored
TBR=machenbach@chromium.org Bug: v8:6105 Change-Id: I52d241cfa05ee3787dda7cbdaca8b83fe7508218 Reviewed-on: https://chromium-review.googlesource.com/864043 Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by:
Yang Guo <yangguo@chromium.org> Reviewed-by:
Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#50536}
-
Hannes Payer authored
This reverts commit 8d7522bc and fixes the TSAN issue. Bug: chromium:800251 Change-Id: Ie88e5281f7543bb3420703e798416d4a6dbbd91a Reviewed-on: https://chromium-review.googlesource.com/864042Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Hannes Payer <hpayer@chromium.org> Cr-Commit-Position: refs/heads/master@{#50535}
-
Sigurd Schneider authored
Bug: v8:7205 Change-Id: I3de97ca0990ca4d791c990eee7e23f29a75eff31 Reviewed-on: https://chromium-review.googlesource.com/856558 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/master@{#50534}
-
Jakob Gruber authored
This fixes a spec bug in which the order of calls to 1) the flag getter and 2) ToUint32(limit) was incorrect if ToUint32 pushes the regexp instance onto the slow path. We are now more restrictive and completely avoid ToUint32 on the fast path. Bug: chromium:801171 Change-Id: I21d15fe566754d2bc05853f895636bb882fbf599 Reviewed-on: https://chromium-review.googlesource.com/863644Reviewed-by:
-
Andreas Haas authored
This CL makes a fuzzer out of the cctest test-multiple-return/ReturnMultipleRandom. The fuzzer creates a CallDescriptor with input parameters and returns, and a function which maps input parameters to returns. The fuzzer then calls this function with a wrapper which checks that the correct mapping happened. R=clemensh@chromium.org Change-Id: Ib89c4063638baae69540a44486d7b2e9d13f8c1f Reviewed-on: https://chromium-review.googlesource.com/859768Reviewed-by:
Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#50532}
-
Martyn Capewell authored
Unify PokeCSP/JSSP and ClaimCSP/JSSP, remove RestoreJSSP/CSP, and remove UseNativeStack. Bug: v8:6644 Change-Id: I482237a0e112f986c6155dce253749f55bd08f5f Reviewed-on: https://chromium-review.googlesource.com/860104Reviewed-by:
Andreas Haas <ahaas@chromium.org> Commit-Queue: Martyn Capewell <martyn.capewell@arm.com> Cr-Commit-Position: refs/heads/master@{#50531}
-
Michael Lippautz authored
Each of those types have to split off a single actual instance type. There can be many that split off the same instance type. Bug: v8:7266 Change-Id: Ic78b707e26e67bdd2072cd8a716c89eaae024e48 Reviewed-on: https://chromium-review.googlesource.com/860651Reviewed-by:
Camillo Bruni <cbruni@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#50530}
-
Jakob Gruber authored
Instead of bailing out and assuming everything will be fine if a builtin hasn't been deserialized yet, deserialize eagerly and perform the full check. Change-Id: I60b0d33786a266e124358e2eebe926d8f785881d Reviewed-on: https://chromium-review.googlesource.com/859998 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by:
-
Clemens Hammacher authored
This adds support for i32.popcnt. If no hardware instruction for popcnt is available, call out to C. R=titzer@chromium.org Bug: v8:6600 Change-Id: I9ae9e1d1e1392168d19c0eedcdd33eeea609a54f Reviewed-on: https://chromium-review.googlesource.com/860658 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by:
-
Michal Majewski authored
Bug: v8:7209 Change-Id: Ia10479d7eea6ef2f352d008e2f4b74e2394ab79b Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel_ng Reviewed-on: https://chromium-review.googlesource.com/861623 Commit-Queue: Michał Majewski <majeski@google.com> Reviewed-by:
Ali Ijaz Sheikh <ofrobots@google.com> Cr-Commit-Position: refs/heads/master@{#50527}
-
Camillo Bruni authored
Bug: chromium:800032 Change-Id: I2ba740a3617df3652475e8fc5bd8e8e33cb14a0d Reviewed-on: https://chromium-review.googlesource.com/861886 Commit-Queue: Camillo Bruni <cbruni@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#50526}
-
Michal Majewski authored
Bug: v8:6917 Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel_ng;luci.v8.try:v8_linux_noi18n_rel_ng Change-Id: Ib5bfdf4d6fee6102f62c7334a1b22146f1a1fc5b Reviewed-on: https://chromium-review.googlesource.com/857376 Commit-Queue: Michał Majewski <majeski@google.com> Reviewed-by:
-
Sigurd Schneider authored
This is a reland of ae14edca Original change's description: > [turbofan] Handle mixed packed/unpacked multimaps in Array.prototype.push > > Bug: v8:7127, v8:7204, v8:7205 > Change-Id: I4eb009492222b208ff8875b4b7940174dfb132ff > Reviewed-on: https://chromium-review.googlesource.com/847576 > Commit-Queue: Sigurd Schneider <sigurds@chromium.org> > Reviewed-by: Michael Stanton <mvstanton@chromium.org> > Cr-Commit-Position: refs/heads/master@{#50451} Bug: v8:7127, v8:7204, v8:7205 Change-Id: I327aa69f0a12f8b3e3fd4e00219591f59e7ed746 Reviewed-on: https://chromium-review.googlesource.com/859857Reviewed-by:
-
Sigurd Schneider authored
- Turbolizer highlights input and output nodes on hover. - The three panes support resizing now (snap to side still works). Bug: Change-Id: Ida1513fd714a02ab772885ea1fdf6d9da8d540f6 Reviewed-on: https://chromium-review.googlesource.com/837068 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by:
Daniel Clifford <danno@chromium.org> Cr-Commit-Position: refs/heads/master@{#50523}
-
Yang Guo authored
Also change fetch_deps.py to no longer be a no-op and rename Main function for importing from other scripts. R=machenbach@chromium.org Bug: v8:6105 Change-Id: I067a212827316248f60e97ff27e9bb2dc20addfd Reviewed-on: https://chromium-review.googlesource.com/860007Reviewed-by:
-
Kanghua Yu authored
R=jgruber@chromium.org Bug: Change-Id: I344697a56cfc6d66173806c0038a5edcd94f8260 Reviewed-on: https://chromium-review.googlesource.com/842183 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
-
v8-autoroll authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/e176e6f..28d46dd Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/6385d5b..30e5a9f Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/2ae8604..2708887 Rolling v8/tools/swarming_client: https://chromium.googlesource.com/infra/luci/client-py/+log/36e0979..8822987 TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org Change-Id: Ifa356460efa17d6d2e8d29504167f0d9b7f6eb16 Reviewed-on: https://chromium-review.googlesource.com/863283 Commit-Queue: v8 autoroll <v8-autoroll@chromium.org> Reviewed-by:
v8 autoroll <v8-autoroll@chromium.org> Cr-Commit-Position: refs/heads/master@{#50520}
-
- 11 Jan, 2018 22 commits
-
-
Junliang Yan authored
R=joransiu@ca.ibm.com Bug: Change-Id: I7d65f467ece4b93c268d481318f3d0e6f0485069 Reviewed-on: https://chromium-review.googlesource.com/860763Reviewed-by:
Joran Siu <joransiu@ca.ibm.com> Commit-Queue: Junliang Yan <jyan@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#50519}
-
Caitlin Potter authored
https://github.com/tc39/ecma262/pull/988 gained concensus during the september 2017 TC39 meetings. This moves the load of the "next" method to the very beginning of the iteration protocol, rather than during each iteration step. This impacts: - yield* - for-of loops - spread arguments - array spreads In the v8 implementation, this also affects async iteration versions of these things (the sole exception being the Async-From-Sync iterator, which requires a few more changes to work with this, likely done in a followup patch). This change introduces a new AST node, ResolvedProperty, which can be used as a callee by Call nodes to produce the same bytecode as Property calls, without observably re-loading the property. This is used in several AST-desugarings involving the iteration protocol. BUG=v8:6861, v8:5699 R=rmcilroy@chromium.org TBR=neis@chromium.org, adamk@chromium.org Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng Change-Id: I9685db6e85315ba8a2df87a4537c2bf491e1e35b Reviewed-on: https://chromium-review.googlesource.com/857593 Commit-Queue: Caitlin Potter <caitp@igalia.com> Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#50518}
-
Georg Neis authored
Also sort some lists to improve readability. Bug: Change-Id: I296d1706e7c568c325732e9c57622bc4de571d62 Reviewed-on: https://chromium-review.googlesource.com/859240Reviewed-by:
-
Vlad Tsyrklevich authored
CFI-icall checking makes use of compile-time information to verify whether a given indirect call is valid; however, this is impossible to verify for calls into JITed code. Mark functions calling into JITed code with an attribute disabling CFI-icall checking. Bug=v8:7164 Change-Id: I20161510b810744ff5e234d77cf603913482a539 Reviewed-on: https://chromium-review.googlesource.com/861305Reviewed-by:
-
Jungshik Shin authored
The timezone offset in effect on Dec 25, 1995 won't be applicable in years far away from 1995 (e.g. year 1111). Calculate the timezone offset in Feb 1, 1995 and run other tests on the same day. This issue has been hidden because the current implementation doesn't take into account the history of timezone offset changes(crbug.com/3547), but was exposed when a correct implementation based on ICU was tried. ( https://chromium-review.googlesource.com/c/v8/v8/+/572148 ). Bug: v8:7268 Test: webkit/date-constructor Change-Id: I09834cff0baa47d6c8981e7712ebf39541e5ecb7 Reviewed-on: https://chromium-review.googlesource.com/861196 Commit-Queue: Jungshik Shin <jshin@chromium.org> Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#50515}
-
Leszek Swirski authored
Two usability improvements to the GDB jco macro: * Check if the desired pc is within the code space (or large object space), to avoid failures * Highlight the current pc in the outputted code (yellow and bold) to make it easier to find. Change-Id: Ia094f33b61ed0fd2dd1e5e456992a17d97048639 Reviewed-on: https://chromium-review.googlesource.com/860102 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by:
-
Martyn Capewell authored
This is a reland of 50baf934 This fixes the number of expected instructions in MaybeCallEntryHookDelayed, only exposed by nosnap tests. Original change's description: > [arm64] Switch jssp to csp > > Switch stack pointer to using csp directly, making jssp redundant. > > Bug: v8:6644 > Change-Id: I8e38eda50d56a25161b187c0a033608dd9f90239 > Reviewed-on: https://chromium-review.googlesource.com/860097 > Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> > Commit-Queue: Martyn Capewell <martyn.capewell@arm.com> > Cr-Commit-Position: refs/heads/master@{#50487} Bug: v8:6644 Change-Id: Ie9a969ccbf00fd7a7cff8f45b73cdb6bc4f17df9 Reviewed-on: https://chromium-review.googlesource.com/860639Reviewed-by:
-
Adam Klein authored
This reverts commit 6af43874. Reason for revert: Linux TSAN failures: https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN/builds/19028 Original change's description: > [heap] Remove page header tag from owner field. > > Bug: chromium:800251 > Change-Id: I101131b4651b0bb27a79e5107ee43caf1229ffc7 > Reviewed-on: https://chromium-review.googlesource.com/860010 > Commit-Queue: Hannes Payer <hpayer@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Cr-Commit-Position: refs/heads/master@{#50507} TBR=ulan@chromium.org,hpayer@chromium.org Change-Id: I29001423959f6d9faadbdba5228b28cfb1f5b341 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:800251 Reviewed-on: https://chromium-review.googlesource.com/861923Reviewed-by:
Adam Klein <adamk@chromium.org> Commit-Queue: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#50512}
-
jgruber authored
Band-aid fix for infinite recursion in RegExp TFJ builtins. TFJ builtins don't contain stack checks in general, so any deep recursion involving only TFJ builtins can end up overflowing the stack and segfaulting on the red area. RegExp builtins in particular can only build such recursions using RegExp.p.exec, and (as far as I can tell) only by modifying the instance or prototype, thus hitting the slow path in all builtins. This CL adds a stack check to RegExpExec, which is the choke point for calling exec on slow-mode RegExps. Bug: v8:7239, chromium:797481 Regression test Change-Id: I78dbb5f868a775d9697606d513623f912639d7db Reviewed-on: https://chromium-review.googlesource.com/856777Reviewed-by:
-
Ben L. Titzer authored
R=ahaas@chromium.org Bug: Change-Id: I3817745013828d455ca1b623724d8789cc5f01ce Reviewed-on: https://chromium-review.googlesource.com/860643Reviewed-by:
-
Michael Achenbach authored
NOTRY=true TBR=gsathya@chromium.org Bug: chromium:800651 Change-Id: I72717fcd694609132b76431c13c26fb3f79432dd Reviewed-on: https://chromium-review.googlesource.com/860926Reviewed-by:
-
Clemens Hammacher authored
Ensure that for setcc, we only use a byte register as destination register. R=titzer@chromium.org Bug: v8:6600, chromium:800756 Change-Id: Ie33f3faf602e7eda845205ba0ed2d9966460fd54 Reviewed-on: https://chromium-review.googlesource.com/860640Reviewed-by:
-
Hannes Payer authored
Bug: chromium:800251 Change-Id: I101131b4651b0bb27a79e5107ee43caf1229ffc7 Reviewed-on: https://chromium-review.googlesource.com/860010 Commit-Queue: Hannes Payer <hpayer@chromium.org> Reviewed-by:
-
Dan Elphick authored
Non-constant SMIs were being shifted to the right with SHR instead of SAR, which caused corruption of negative offsets. Add tests for SMI access to arguments using CodeStubArguments. Change-Id: I6cc4fc0a5dd0018524f5ff4f16f9e9a21866363f Reviewed-on: https://chromium-review.googlesource.com/854055Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Reviewed-by:
-
Clemens Hammacher authored
set_local was implemented before, but not added to any list of alternatives. tee_local is now additionally implemented and added. R=ahaas@chromium.org Change-Id: I51f0b35c7b507e8af06efd1f9baac30790f28a3b Reviewed-on: https://chromium-review.googlesource.com/860460Reviewed-by:
-
Hannes Payer authored
Bug: chromium:800251 Change-Id: I44d997bd54be214c34ca2864470f7cdfc3cc30f3 Reviewed-on: https://chromium-review.googlesource.com/859437 Commit-Queue: Hannes Payer <hpayer@chromium.org> Reviewed-by:
-
Ben L. Titzer authored
This CL centralizes constants related to decoding from several places into one place and makes it no longer necessary to include wasm-opcodes.h for some simple constants. R=clemensh@chromium.org Bug: Change-Id: I53aa81e34167df467bc7455b717bf67083033943 Reviewed-on: https://chromium-review.googlesource.com/859764 Commit-Queue: Ben Titzer <titzer@chromium.org> Reviewed-by:
-
Michael Lippautz authored
Move heap iteration to object stats to untangle the dependency from MC. Bug: v8:7266 Change-Id: I6f0f4f5f3bb0a911591a211ffd71580343765cdd Reviewed-on: https://chromium-review.googlesource.com/860358Reviewed-by:
-
Michael Starzinger authored
This funnels all serialization and deserialization calls through the common interface in the wasm-serialization.h file. All call sites are now uniform, independent of the --wasm-jit-to-native feature. R=titzer@chromium.org BUG=v8:6876 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: I105907acfeba4b0e277b2003d099c5db6ab59dd3 Reviewed-on: https://chromium-review.googlesource.com/860042Reviewed-by:
-
Michael Starzinger authored
This removes the explicit --write-protect-code-memory flag from the list of flags in the "stress_incremental_marking". The feature is enabled by default by now and no longer needs explicit testing. R=ulan@chromium.org BUG=v8:6792 Change-Id: I5d6ba21dff261488bbe1b0148ce204bf78d57334 Reviewed-on: https://chromium-review.googlesource.com/860661Reviewed-by:
-
Leszek Swirski authored
This makes RestoreGeneratorRegisters do a fuller resume process: update the state register to indicate that it is now executing, and update the accumulator with the input_or_debug_pos of the generator - i.e., perform the boilerplate generator resuming in one bytecode instead of several. Change-Id: Ia87b6766ac023064b40d3e9a143e7b32118ea3a0 Reviewed-on: https://chromium-review.googlesource.com/859770 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#50499}
-
Michael Starzinger authored
R=titzer@chromium.org BUG=v8:6876 Change-Id: Ib9821123e89b4a198cfa921ffd4cf5bee55cc93d Reviewed-on: https://chromium-review.googlesource.com/856999Reviewed-by:
-
