- 03 Dec, 2015 40 commits
-
-
mbrandy authored
Port 0e956833 Original commit message: Whenever the InstanceOfStub finds a proxy (either passed as object or somewhere on the prototype chain), it should bailout to the %HasInPrototypeChain runtime function, which will do the right thing (soonish). R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG=v8:1543 LOG=n Review URL: https://codereview.chromium.org/1495513004 Cr-Commit-Position: refs/heads/master@{#32586}
-
mbrandy authored
Port 440a42b7 Original commit message: This passes the new.target value in a register instead of through a side-channel via the construct stub. Note that this marks the last consumer of said side-channel and the special slot in the construct stub frame can be removed as a follow-up. R=mstarzinger@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com TEST=mjsunit/es6/regress/regress-new-target-context BUG= Review URL: https://codereview.chromium.org/1494003004 Cr-Commit-Position: refs/heads/master@{#32585}
-
mbrandy authored
Port eaa0e596 Original commit message: This drops the specific slot containing the new.target value from our construct stub frames. This side-channel has been deprecated and will no longer be accessed by any consumers. R=mstarzinger@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG= Review URL: https://codereview.chromium.org/1494593005 Cr-Commit-Position: refs/heads/master@{#32584}
-
mbrandy authored
Port a330af0e Original commit message: The optimized code generated by Crankshaft cannot properly deal with proxies (in the prototype chain), and there's probably no point in trying to make that work^Wfast with Crankshaft at all. TurboFan will handle that properly; Crankshaft just bails out to fullcodegen, which then goes to the runtime, which should do the right thing soon. R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG=v8:1543 LOG=n Review URL: https://codereview.chromium.org/1496843004 Cr-Commit-Position: refs/heads/master@{#32583}
-
machenbach authored
Revert of [debugger] do not restart frames that reference new.target for liveedit. (patchset #1 id:1 of https://codereview.chromium.org/1493363002/ ) Reason for revert: [Sheriff] Speculative revert for https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/3225 Original issue's description: > [debugger] do not restart frames that reference new.target for liveedit. > > R=mstarzinger@chromium.org > > Committed: https://crrev.com/6fca870240bdbb07a365189b5eb0c98fa65b3682 > Cr-Commit-Position: refs/heads/master@{#32572} TBR=mstarzinger@chromium.org,yangguo@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true Review URL: https://codereview.chromium.org/1493863004 Cr-Commit-Position: refs/heads/master@{#32582}
-
bradnelson authored
Fix several operations in the parser that rewrite constant expressions to preserve knowledge regarding whether a value originally contained a ".". This information is required to accurately validate Asm.js typing. Making the assumption that if either side of a binary operation contains a dot, that the rewritten expression should be treated as a double for Asm.js purposes. This is a slight deviation from the spec (which would forbid mix type operations). BUG= https://code.google.com/p/v8/issues/detail?id=4203 TEST=test-asm-validator, test-parsing R=titzer@chromium.org,marja@chromium.org,aseemgarg@chromium.org LOG=N Review URL: https://codereview.chromium.org/1492123002 Cr-Commit-Position: refs/heads/master@{#32581}
-
verwaest authored
BUG= Review URL: https://codereview.chromium.org/1500683002 Cr-Commit-Position: refs/heads/master@{#32580}
-
neis authored
R=rossberg BUG=v8:1543 LOG=n Review URL: https://codereview.chromium.org/1491863002 Cr-Commit-Position: refs/heads/master@{#32579}
-
neis authored
R=cbruni@chromium.org BUG= Review URL: https://codereview.chromium.org/1499573004 Cr-Commit-Position: refs/heads/master@{#32578}
-
ahaas authored
I added a flag to the CallDescriptor which indicates that the native stack should be used for a CallObject instead of the js stack on arm64. Additionally I removed the use of EmitPrepareArguments because the current implementation does not work when float and int parameters are mixed. I plan to fix it in a future CL, because currently I have a problem figuring out the type of a parameter. R=titzer@chromium.org, v8-arm-ports@googlegroups.com Review URL: https://codereview.chromium.org/1494123002 Cr-Commit-Position: refs/heads/master@{#32577}
-
bmeurer authored
Extract ToBoolean hints from the fullcodegen code object and put them into the ToBoolean nodes created by the AstGraphBuilder. We currently do not yet consume this feedback, that will be done in a followup CL. R=mstarzinger@chromium.org BUG=v8:4583 LOG=n Review URL: https://codereview.chromium.org/1494973002 Cr-Commit-Position: refs/heads/master@{#32576}
-
ivica.bogosavljevic authored
Warning in test-asm-validator.cc fixed by splitting the function causing the warning into two functions. This is how it has been done earlier this way, e.g. https://codereview.chromium.org/1164893003 BUG= Review URL: https://codereview.chromium.org/1491583002 Cr-Commit-Position: refs/heads/master@{#32575}
-
neis authored
Reason for revert: Probably causes GC stress test failures. TBR=mvstanton@chromium.org BUG= NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true Review URL: https://codereview.chromium.org/1493393002 Cr-Commit-Position: refs/heads/master@{#32574}
-
jochen authored
Embedders should use the factory method that takes an Isolate* instead BUG=none R=vogelheim@chromium.org LOG=y Review URL: https://codereview.chromium.org/1494503003 Cr-Commit-Position: refs/heads/master@{#32573}
-
yangguo authored
R=mstarzinger@chromium.org Review URL: https://codereview.chromium.org/1493363002 Cr-Commit-Position: refs/heads/master@{#32572}
-
jkummerow authored
Not exposed/used yet, therefore also not testable yet. Review URL: https://codereview.chromium.org/1491743008 Cr-Commit-Position: refs/heads/master@{#32571}
-
caitpotter88 authored
BUG=v8:4537 LOG=N R=neis@chromium.org, rossberg@chromium.org, jkummerow@chromium.org Review URL: https://codereview.chromium.org/1492923002 Cr-Commit-Position: refs/heads/master@{#32570}
-
neis authored
R=rossberg, verwaest@chromium.org BUG=v8:1543 LOG=n Review URL: https://codereview.chromium.org/1492863002 Cr-Commit-Position: refs/heads/master@{#32569}
-
machenbach authored
TBR=sergiyb@chromium.org,tandrii@chromium.org NOTRY=true BUG=chromium:561530 LOG=n Review URL: https://codereview.chromium.org/1497743002 Cr-Commit-Position: refs/heads/master@{#32568}
-
mvstanton authored
It's expensive to walk all shared function infos during the gc atomic pause. Instead, use WeakCells to implement this structure without manual clearing. BUG= Review URL: https://codereview.chromium.org/1478943003 Cr-Commit-Position: refs/heads/master@{#32567}
-
ofrobots authored
Inline allocations performed during mark compact aren't real allocations. They should not trigger inline-allocation-observer notifications. R=hpayer@chromium.org, ulan@chromium.org BUG= Review URL: https://codereview.chromium.org/1465223009 Cr-Commit-Position: refs/heads/master@{#32566}
-
machenbach authored
Revert of [debugger] do not predict step in target for liveedit. (patchset #1 id:1 of https://codereview.chromium.org/1491743005/ ) Reason for revert: [Sheriff] Layout test crashes: https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/3220 Original issue's description: > [debugger] do not predict step in target for liveedit. > > R=verwaest@chromium.org > > Committed: https://crrev.com/8f87ff5d62e996b07ffbde7e735daa603c1d7290 > Cr-Commit-Position: refs/heads/master@{#32553} TBR=verwaest@chromium.org,yangguo@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true Review URL: https://codereview.chromium.org/1494143002 Cr-Commit-Position: refs/heads/master@{#32565}
-
titzer authored
R=bmeurer@chromium.org,jarin@chromium.org BUG= Review URL: https://codereview.chromium.org/1498833002 Cr-Commit-Position: refs/heads/master@{#32564}
-
mstarzinger authored
This moves the proper handling for the end node withing the constructed graph into the RawMachineAssembler. This simplifies all assemblers and makes the handling of {Start} and {End} symmetrical. R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/1493963003 Cr-Commit-Position: refs/heads/master@{#32563}
-
mythria authored
Adds implementation and tests for Inc and Dec to bytecode graph builder. BUG=v8:4280 LOG=N Review URL: https://codereview.chromium.org/1499593002 Cr-Commit-Position: refs/heads/master@{#32562}
-
hpayer authored
Reland of Introduce instance type for transition arrays. (patchset #1 id:1 of https://codereview.chromium.org/1483003002/ ) Reason for revert: Suspect for crashing found, relanding for canary coverage. Original issue's description: > Revert of Introduce instance type for transition arrays. (patchset #6 id:100001 of https://codereview.chromium.org/1480873003/ ) > > Reason for revert: > Broken canary. Trying to find out root cause. > > Original issue's description: > > Introduce instance type for transition arrays. > > > > The motivation is to allow specialized marking visitor for transition arrays and collect all transition array in a list for post-processing in ClearNonLiveReferences. > > > > BUG=chromium:554488 > > LOG=NO > > > > Committed: https://crrev.com/026095a3c7932573e1810b8064ec3008ed696601 > > Cr-Commit-Position: refs/heads/master@{#32396} > > TBR=mlippautz@chromium.org,jkummerow@chromium.org,ulan@chromium.org > NOPRESUBMIT=true > NOTREECHECKS=true > NOTRY=true > BUG=chromium:554488 > > Committed: https://crrev.com/38bf70b9cd2a07b99ac0c0b7eda111849e79c146 > Cr-Commit-Position: refs/heads/master@{#32404} TBR=mlippautz@chromium.org,jkummerow@chromium.org,ulan@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=chromium:554488 Review URL: https://codereview.chromium.org/1500623002 Cr-Commit-Position: refs/heads/master@{#32561}
-
hpayer authored
Reland of Tenure transition array. (patchset #1 id:1 of https://codereview.chromium.org/1485613003/ ) Reason for revert: Suspect for crashing found, relanding for canary coverage. Original issue's description: > Revert of Tenure transition array. (patchset #1 id:1 of https://codereview.chromium.org/1472363007/ ) > > Reason for revert: > Broken canary. Trying to find out root cause. > > Original issue's description: > > Tenure transition array. > > > > BUG= > > > > Committed: https://crrev.com/c88d7cd1e09d921e8a9a2930cfe6f2dfbea3dc90 > > Cr-Commit-Position: refs/heads/master@{#32378} > > TBR=ulan@chromium.org > NOPRESUBMIT=true > NOTREECHECKS=true > NOTRY=true > BUG=chromium:563378 > > Committed: https://crrev.com/cdb4b8fba1774f7617e51228c89286bcbd0425f0 > Cr-Commit-Position: refs/heads/master@{#32405} TBR=ulan@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=chromium:563378 Review URL: https://codereview.chromium.org/1492223003 Cr-Commit-Position: refs/heads/master@{#32560}
-
machenbach authored
Reason for revert: Should be fixed after https://chromereviews.googleplex.com/318207014/ TBR=sergiyb@chromium.org,tandrii@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=chromium:561530 Review URL: https://codereview.chromium.org/1494893003 Cr-Commit-Position: refs/heads/master@{#32559}
-
neis authored
An array is either a JSArray or a proxy whose target is an array. R=bmeurer@chromium.org BUG= Review URL: https://codereview.chromium.org/1497483004 Cr-Commit-Position: refs/heads/master@{#32558}
-
cbruni authored
LOG=n BUG=v8:1543 Review URL: https://codereview.chromium.org/1500553002 Cr-Commit-Position: refs/heads/master@{#32557}
-
verwaest authored
For non-prototype objects constructed using base==new.target, use the cached constructor to render the name. BUG=chromium:563791 LOG=y Review URL: https://codereview.chromium.org/1494673004 Cr-Commit-Position: refs/heads/master@{#32556}
-
hpayer authored
Reland of Do not remove write barriers for stores of old space references in most recent old space allocation. (patchset #1 id:1 of https://codereview.chromium.org/1482973003/ ) Reason for revert: Suspect for crashing found, relanding for canary coverage. Original issue's description: > Revert of Do not remove write barriers for stores of old space references in most recent old space allocation. (patchset #1 id:1 of https://codereview.chromium.org/1478113002/ ) > > Reason for revert: > Broken canary. Trying to find out root cause. > > Original issue's description: > > Do not remove write barriers for stores of old space references in most recent old space allocation. > > > > BUG=chromium:561449 > > LOG=n > > > > Committed: https://crrev.com/369778ec55a63ebe51e8fa8497edb5b681069b9b > > Cr-Commit-Position: refs/heads/master@{#32368} > > TBR=ulan@chromium.org,bmeurer@chromium.org > NOPRESUBMIT=true > NOTREECHECKS=true > NOTRY=true > BUG=chromium:561449 > > Committed: https://crrev.com/da56525478f1820e3da629576ab61acc5f84daac > Cr-Commit-Position: refs/heads/master@{#32406} TBR=ulan@chromium.org,bmeurer@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=chromium:561449 Review URL: https://codereview.chromium.org/1493313002 Cr-Commit-Position: refs/heads/master@{#32555}
-
hpayer authored
Reland of [heap] Remove eager shortcut in JSFunction visitor. (patchset #1 id:1 of https://codereview.chromium.org/1488063002/ ) Reason for revert: Suspect for crashing found, relanding for canary coverage. Original issue's description: > Revert of [heap] Remove eager shortcut in JSFunction visitor. (patchset #1 id:1 of https://codereview.chromium.org/1476223002/ ) > > Reason for revert: > Still investigating bad canary. > > Original issue's description: > > [heap] Remove eager shortcut in JSFunction visitor. > > > > This removes an optimization in the static JSFunction visitor that > > eagerly marked through to the SharedFunctionInfo for code flushing > > candidates. This causes all processing in VisitJSFunction to be > > side-stepped and hence might cause leaks. > > > > R=hpayer@chromium.org > > > > Committed: https://crrev.com/a29f0576c32e8fda90bf7ab19c6d170568150a7f > > Cr-Commit-Position: refs/heads/master@{#32332} > > TBR=mstarzinger@chromium.org > NOPRESUBMIT=true > NOTREECHECKS=true > NOTRY=true > > Committed: https://crrev.com/672b49119b857c4f96234b03e48b4b60de256969 > Cr-Commit-Position: refs/heads/master@{#32463} TBR=mstarzinger@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true Review URL: https://codereview.chromium.org/1486413006 Cr-Commit-Position: refs/heads/master@{#32554}
-
yangguo authored
R=verwaest@chromium.org Review URL: https://codereview.chromium.org/1491743005 Cr-Commit-Position: refs/heads/master@{#32553}
-
hpayer authored
Between requesting finalization of incremental marking and the time where we handle the request in the stack guard, the current full GC may have finished. In that case the stack guard triggers to late and tries to finalize marking in a state where marking is not going on. Note that a cleaner fix would be to express the finalization phase in a special marking phase. I will do that in a follow-up CL. BUG= Review URL: https://codereview.chromium.org/1493133003 Cr-Commit-Position: refs/heads/master@{#32552}
-
jochen authored
BUG=none R=neis@chromium.org LOG=y Review URL: https://codereview.chromium.org/1493053004 Cr-Commit-Position: refs/heads/master@{#32551}
-
mstarzinger authored
This drops the specific slot containing the new.target value from our construct stub frames. This side-channel has been deprecated and will no longer be accessed by any consumers. R=verwaest@chromium.org Review URL: https://codereview.chromium.org/1489353004 Cr-Commit-Position: refs/heads/master@{#32550}
-
bmeurer authored
Whenever the InstanceOfStub finds a proxy (either passed as object or somewhere on the prototype chain), it should bailout to the %HasInPrototypeChain runtime function, which will do the right thing (soonish). R=yangguo@chromium.org BUG=v8:1543 LOG=n Review URL: https://codereview.chromium.org/1492243003 Cr-Commit-Position: refs/heads/master@{#32549}
-
mstarzinger authored
This passes the new.target value in a register instead of through a side-channel via the construct stub. Note that this marks the last consumer of said side-channel and the special slot in the construct stub frame can be removed as a follow-up. R=bmeurer@chromium.org,yangguo@chromium.org TEST=mjsunit/es6/regress/regress-new-target-context Review URL: https://codereview.chromium.org/1492793002 Cr-Commit-Position: refs/heads/master@{#32548}
-
ishell authored
It didn't support subclassing case at all and in non-subclassing case the runtime allocation didn't do the slack tracking step. BUG=chromium:563339 LOG=Y Review URL: https://codereview.chromium.org/1488023002 Cr-Commit-Position: refs/heads/master@{#32547}
-