- 21 Feb, 2017 3 commits
-
-
clemensh authored
The limit needs to be checked before casting the length to int in ModuleWireBytes. R=titzer@chromium.org BUG=694433 Review-Url: https://codereview.chromium.org/2705233002 Cr-Commit-Position: refs/heads/master@{#43352}
-
Michael Starzinger authored
This fixes a missing name check for keyed property loads targeting the global object where the feedback was warmed up with a single name. This affects {JSLoadProperty} nodes only, syntactic global property loads via the {JSLoadGlobal} operator are not affected. R=bmeurer@chromium.org TEST=mjsunit/regress/regress-crbug-694416 BUG=chromium:694416 Change-Id: I54aa3f27eaa72630539f02602ec7642b04835b27 Reviewed-on: https://chromium-review.googlesource.com/445224Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#43344}
-
mtrofin authored
Two controls, one for instantiation and one for compilation. They allow the embedder (e.g. Chrome) check properties of the parameters of those two operations, and decide if they are allowed to continue. For example, Chrome may now decline compilation of certain size buffers, in synchronous cases; same for instantiation (where the buffer size refers to the size of the buffer containing wasm wire bytes) BUG=v8:5981 Review-Url: https://codereview.chromium.org/2699843003 Cr-Original-Commit-Position: refs/heads/master@{#43295} Committed: https://chromium.googlesource.com/v8/v8/+/d9bc0ffb16e633d52d7bcfd547a6125f0e4dfb87 Review-Url: https://codereview.chromium.org/2699843003 Cr-Commit-Position: refs/heads/master@{#43336}
-
- 20 Feb, 2017 6 commits
-
-
littledan authored
This patch refactors the Atomics builtins so that they are implemented as C++ builtins rather than experimental JS builtins. Previously, each of these functions called out to a runtime function, so no significant change in performance is anticipated. The goal of this patch is to remove the last user of experimental JS builtins so that the mechanism can be removed, for performance reasons. The patch includes a drive-by fix of a check-fail. For the most part, the patch is just moving code without modification from runtime-atomics.cc to builtins-sharedarraybuffer.cc . BUG=v8:5880 Review-Url: https://codereview.chromium.org/2698813004 Cr-Commit-Position: refs/heads/master@{#43335}
-
dusan.simicic authored
qNaN and sNaN values have different binary representation on MIPS compared to ARM/x86 architectures. We are skipping these tests because we can't provide specific NaNs encodings from ARM/x86 architectures. BUG= Review-Url: https://codereview.chromium.org/2702213003 Cr-Commit-Position: refs/heads/master@{#43327}
-
Caitlin Potter authored
Take runtime path if startIndex parameter requires a ToInteger() call, which can modify the elements kind of the receiver. This removes a stub call from the builtin, and simplifies code slightly. BUG=v8:5986 R=bmeurer@chromium.org, cbruni@chromium.org Change-Id: Id238a81ab8ba28621858004b34d00a4356b8037f Reviewed-on: https://chromium-review.googlesource.com/445006Reviewed-by:
Camillo Bruni <cbruni@chromium.org> Commit-Queue: Caitlin Potter <caitp@igalia.com> Cr-Commit-Position: refs/heads/master@{#43323}
-
jgruber authored
info.This returns a Local<Object>, which results in a call to Utils::OpenHandle<JSReceiver>. Casting to a Local<Value> first uses the correct OpenHandle<Object> overload. BUG=chromium:693500 Review-Url: https://codereview.chromium.org/2706833002 Cr-Commit-Position: refs/heads/master@{#43314}
-
Igor Sheludko authored
The constant field tracking is still disabled. BUG=v8:5495 Change-Id: I543fe50b82e2255bbf200ea785ec53e3623e30cb Reviewed-on: https://chromium-review.googlesource.com/440924 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#43304}
-
hablich authored
Revert of [wasm] Embedder can control what buffers wasm compilation works on. (patchset #3 id:60001 of https://codereview.chromium.org/2699843003/ ) Reason for revert: Introduces a new test failure/flake: https://build.chromium.org/p/client.v8/builders/V8%20Linux/builds/16427 Original issue's description: > [wasm] Embedder can control what buffers wasm compilation works on. > > Two controls, one for instantiation and one for compilation. They allow > the embedder (e.g. Chrome) check properties of the parameters of those > two operations, and decide if they are allowed to continue. > > For example, Chrome may now decline compilation of certain size buffers, > in synchronous cases; same for instantiation (where the buffer size > refers to the size of the buffer containing wasm wire bytes) > > BUG=v8:5981 > > Review-Url: https://codereview.chromium.org/2699843003 > Cr-Commit-Position: refs/heads/master@{#43295} > Committed: https://chromium.googlesource.com/v8/v8/+/d9bc0ffb16e633d52d7bcfd547a6125f0e4dfb87 TBR=bradnelson@chromium.org,titzer@chromium.org,mtrofin@chromium.org # Not skipping CQ checks because original CL landed more than 1 days ago. BUG=v8:5981 Review-Url: https://codereview.chromium.org/2701413002 Cr-Commit-Position: refs/heads/master@{#43303}
-
- 19 Feb, 2017 1 commit
-
-
Georg Neis authored
The bytecode generator did not necessarily know for which scope, and thus language mode, it was generating code, because it only tracked scopes that have a context. This led to wrong behavior in some examples involving class expressions (which are always in strict mode). With this CL, the bytecode generator explicitly tracks the current scope, independent of whether it has a context. BUG=v8:5927 Change-Id: Ifa6b3ee5e13e07b63d00e74c7f557a328633c88b Reviewed-on: https://chromium-review.googlesource.com/444785 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Reviewed-by:
Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#43300}
-
- 18 Feb, 2017 2 commits
-
-
vabr authored
Currently, typeof o, where o is an undetectable callable object (such as document.all), returns 'function' if optimised. It should, however, return 'undefined'. This CL excludes undetectable objects from the optimization resulting in type 'function' and renames the related code to reflect that. BUG=v8:5972 R=bmeurer@chromium.org Review-Url: https://codereview.chromium.org/2697063002 Cr-Commit-Position: refs/heads/master@{#43298}
-
mtrofin authored
Two controls, one for instantiation and one for compilation. They allow the embedder (e.g. Chrome) check properties of the parameters of those two operations, and decide if they are allowed to continue. For example, Chrome may now decline compilation of certain size buffers, in synchronous cases; same for instantiation (where the buffer size refers to the size of the buffer containing wasm wire bytes) BUG=v8:5981 Review-Url: https://codereview.chromium.org/2699843003 Cr-Commit-Position: refs/heads/master@{#43295}
-
- 17 Feb, 2017 3 commits
-
-
gsathya authored
Adds five new TF builtins for the spec defined functions/closures. This follows mechanism similar to promise resolving functions approach where we store the closure variables in a custom context. Adds a new --harmony-promise-finally flag. BUG=v8:5967 Review-Url: https://codereview.chromium.org/2695753002 Cr-Commit-Position: refs/heads/master@{#43294}
-
binji authored
BUG=v8:5906 R=machenbach@chromium.org Review-Url: https://codereview.chromium.org/2697723004 Cr-Commit-Position: refs/heads/master@{#43292}
-
Camillo Bruni authored
BUG=691323 Change-Id: I84f2c90355982567c421639e115745eadd5fcb21 Reviewed-on: https://chromium-review.googlesource.com/441964Reviewed-by:
Caitlin Potter <caitp@igalia.com> Reviewed-by:
Camillo Bruni <cbruni@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#43279}
-
- 16 Feb, 2017 10 commits
-
-
jwolfe authored
For functions declared in source code, the .toString() representation will be an excerpt of the source code. * For functions declared with the "function" keyword, the excerpt starts at the "function" or "async" keyword and ends at the final "}". The previous behavior would start the excerpt at the "(" of the parameter list, and prepend a canonical `"function " + name` or similar, which would discard comments and formatting surrounding the function's name. Anonymous functions declared as function expressions no longer get the name "anonymous" in their toString representation. * For methods, the excerpt starts at the "get", "set", "*" (for generator methods), or property name, whichever comes first. Previously, the toString representation for methods would use a canonical prefix before the "(" of the parameter list. Note that any "static" keyword is omitted. * For arrow functions and class declarations, the excerpt is unchanged. For functions created with the Function, GeneratorFunction, or AsyncFunction constructors: * The string separating the parameter text and body text is now "\n) {\n", where previously it was "\n/*``*/) {\n" or ") {\n". * At one point, newline normalization was required by the spec here, but that was removed from the spec, and so this CL does not do it. Included in this CL is a fix for CreateDynamicFunction parsing. ')' and '`' characters in the parameter string are no longer disallowed, and Function("a=function(", "}){") is no longer allowed. BUG=v8:4958, v8:4230 Review-Url: https://codereview.chromium.org/2156303002 Cr-Commit-Position: refs/heads/master@{#43262}
-
gsathya authored
Errors are swallowed by promises, so just exit with stack trace. Review-Url: https://codereview.chromium.org/2693383004 Cr-Commit-Position: refs/heads/master@{#43254}
-
mvstanton authored
This is a workaround for the fact that %SetCode can "lose" the script for a js native. If the js native is re-initialized (for a Realm or something), then the source SharedFunctionInfo won't have a script anymore. Nonetheless, we may want to optimize the function. If we've compiled bytecode, then we can compile optimized code without a script. Here, we carve out a special exception for this case, so that we can turn on the --mark-shared-functions-for-tier-up. BUG=v8:5946 R=leszeks@chromium.org Review-Url: https://codereview.chromium.org/2684033007 Cr-Original-Commit-Position: refs/heads/master@{#43240} Committed: https://chromium.googlesource.com/v8/v8/+/4123a3dd790495c40cf839990318a85c146e057d Review-Url: https://codereview.chromium.org/2684033007 Cr-Commit-Position: refs/heads/master@{#43252}
-
rossberg authored
We were looking at the unreachable flag or stack_depth of the target frame instead of the current one in a couple of places (most notably BreakTo). This change fixes these bugs and makes us pass the latest spec tests for br_table validation. Also need to ensure that br_table targets have consistent types, which is not implied if the stack is polymorphic. R=titzer@chromium.org BUG= Review-Url: https://codereview.chromium.org/2696813002 Cr-Commit-Position: refs/heads/master@{#43250}
-
Andreas Haas authored
One optimization in the machine-operator-reducer did not consider that that word32 shift left instructions only consider the last 5 bits of the shift input. The issue only occurs for WebAssembly because in JavaScript we always add a "& 0xf" on the shift value to the TurboFan graph. For additional background: The JavaScript and WebAssembly spec both say that only the last 5 bits of the shift value are used in the word32-shift-left operation. This means that an "x << 0x29", in the code is actually executed as "x << 0x09". Therefore the changes in this CL are okay because they mask the last 5 bit of the shift value. BUG=chromium:689450 Change-Id: Id92f298ed6d7f1714b109b3f4fbcecd5ac6d30f7 Reviewed-on: https://chromium-review.googlesource.com/439312Reviewed-by:
Ben Titzer <titzer@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#43245}
-
machenbach authored
Revert of Allow a ParseInfo without a script for %SetCode users (patchset #5 id:220001 of https://codereview.chromium.org/2684033007/ ) Reason for revert: Please remove the file in status file too. Breaks presubmit: https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20presubmit/builds/14754 Or lets call it post-submit :( Original issue's description: > This is a workaround for the fact that %SetCode can "lose" the script for a js native. If the js native is re-initialized (for a Realm or something), then the source SharedFunctionInfo won't have a script anymore. Nonetheless, we may want to optimize the function. If we've compiled bytecode, then we can compile optimized code without a script. > > Here, we carve out a special exception for this case, so that we can turn on the --mark-shared-functions-for-tier-up. > > BUG=v8:5946 > R=leszeks@chromium.org > > Review-Url: https://codereview.chromium.org/2684033007 > Cr-Commit-Position: refs/heads/master@{#43240} > Committed: https://chromium.googlesource.com/v8/v8/+/4123a3dd790495c40cf839990318a85c146e057d TBR=leszeks@chromium.org,mstarzinger@chromium.org,marja@chromium.org,mvstanton@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=v8:5946 Review-Url: https://codereview.chromium.org/2703553002 Cr-Commit-Position: refs/heads/master@{#43242}
-
mvstanton authored
This is a workaround for the fact that %SetCode can "lose" the script for a js native. If the js native is re-initialized (for a Realm or something), then the source SharedFunctionInfo won't have a script anymore. Nonetheless, we may want to optimize the function. If we've compiled bytecode, then we can compile optimized code without a script. Here, we carve out a special exception for this case, so that we can turn on the --mark-shared-functions-for-tier-up. BUG=v8:5946 R=leszeks@chromium.org Review-Url: https://codereview.chromium.org/2684033007 Cr-Commit-Position: refs/heads/master@{#43240}
-
littledan authored
ES2016 changed the default timezone of dates to be conditional on whether a time is included. The semantics were a compromise approach based on web compatibility feedback from V8, but until now, we have been shipping ES5.1 default timezone semantics. This patch implements the new semantics, following ChakraCore and SpiderMonkey (though JSC implements V8's previous semantics). BUG=chromium:589858 Review-Url: https://codereview.chromium.org/2648603002 Cr-Commit-Position: refs/heads/master@{#43239}
-
jgruber authored
@@replace has a pretty complex implementation, taking different paths for various situations (e.g.: global/nonglobal regexp, functional/string replace argument, etc.). Each of these paths must implement similar logic for calling into the RegExpBuiltinExec spec operation, and many paths get this subtly wrong. This CL fixes a couple of issues related to the way @@replace handles lastIndex: * All paths now respect lastIndex when calling into exec (some used to assume 0). * lastIndex is now advanced after a successful match for sticky regexps. * lastIndex is now only reset to 0 on failure for sticky regexps. BUG=v8:5361 Review-Url: https://codereview.chromium.org/2685183003 Cr-Commit-Position: refs/heads/master@{#43234}
-
yangguo authored
The inspector uses V8's API handles and should not access V8 internals. This change makes sure it can use the coverage data in an encapsulated way. R=jgruber@chromium.org, kozyatinskiy@chromium.org BUG=v8:5808 Review-Url: https://codereview.chromium.org/2696163002 Cr-Commit-Position: refs/heads/master@{#43231}
-
- 15 Feb, 2017 5 commits
-
-
caitp authored
When --harmony-async-iteration is enabled, it is now possible to use the for-await-of loop, which uses the Async Iteration protocol rather than the ordinary ES6 Iteration protocol. the Async-from-Sync Iterator object is not implemented in this CL, and so for-await-of loops will abort execution if the iterated object does not have a Symbol.asyncIterator() method. Async-from-Sync Iterators are implemented seperately in https://codereview.chromium.org/2645313003/ BUG=v8:5855, v8:4483 R=neis@chromium.org, littledan@chromium.org, adamk@chromium.org Review-Url: https://codereview.chromium.org/2637403008 Cr-Commit-Position: refs/heads/master@{#43224}
-
Peter Marshall authored
The mips64 implementation always ended up in the slowpath due to some loads that were the wrong width, so that is also fixed here. BUG=v8:5974 Change-Id: Ie448a1fab5b7fca87597c5a1bf75443864e30c28 Reviewed-on: https://chromium-review.googlesource.com/443247 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#43222}
-
caitp authored
- Removes shared InnerArrayCopyWithin JS builtin from src/js/array.js - Implements %TypedArray%.prototype.copyWithin as a C++ builtin, which relies on std::memmove rather than accessing individual eleements. - Fixes the case where copyWithin is invoked on a TypedArray with a detached buffer. - Add tests to ensure that +/-Infinity (for all 3 parameters) is handled correctly by the algorithm The C++ version gets through the benchmark more than 25000 times as quickly as the JS implementation. BUG=v8:5925, v8:5929, v8:4648 R=cbruni@chromium.org, adamk@chromium.org, littledan@chromium.org Review-Url: https://codereview.chromium.org/2697593002 Cr-Commit-Position: refs/heads/master@{#43213}
-
ishell@chromium.org authored
BUG= Change-Id: I859fef6b18e51cca80343a89e2b6f38eee95d408 Reviewed-on: https://chromium-review.googlesource.com/442428 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by:
Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/master@{#43206}
-
vabr authored
ParserBase::is_any_identifier currently does not recognise Token::ESCAPED_STRICT_RESERVED_WORD as an identifier. This seems different from what ParserBase::ParseIdentifierName does, and also prevents "l\u0065t", unlike "let", from becoming a label. This CL extends is_any_identifier to also accept ESCAPED_STRICT_RESERVED_WORD. BUG=v8:5692 Review-Url: https://codereview.chromium.org/2695973003 Cr-Commit-Position: refs/heads/master@{#43204}
-
- 14 Feb, 2017 8 commits
-
-
eholk authored
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5507 Review-Url: https://codereview.chromium.org/2660903003 Cr-Original-Commit-Position: refs/heads/master@{#42821} Committed: https://chromium.googlesource.com/v8/v8/+/eb9b5edffb8c5acb0abdff0729901f95dbd3ccac Review-Url: https://codereview.chromium.org/2660903003 Cr-Commit-Position: refs/heads/master@{#43201}
-
Georg Neis authored
BUG= Change-Id: I4a5db9bc045a63e710d0115523ab23b98e7c7ae6 Reviewed-on: https://chromium-review.googlesource.com/442504Reviewed-by:
Georg Neis <neis@chromium.org> Reviewed-by:
Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#43189}
-
vabr authored
If the Reflect.construct receives an argument expected to be a constructor, and the argument is not a constructor, V8 currently declares that Reflect.construct is not a function. It should instead say that the offending argument is not a constructor. This is the case for all ports of builtins (Builtins::Generate_ReflectConstruct). All of them make an attempt to at least pass the right argument to the TypeError parametrised message, calling out the offending Reflect.construct argument. However, Runtime::kThrowCalledNonCallable extracts the callsite from those arguments, discarding the precise information. This CL adds Runtime::kNotConstructor, which reports the arguments passed to it, and the CL also modifies the ports of builtins to make use of Runtime::kNotConstructor BUG=v8:5671 Review-Url: https://codereview.chromium.org/2688393003 Cr-Commit-Position: refs/heads/master@{#43182}
-
gsathya authored
R=neis@chromium.org Review-Url: https://codereview.chromium.org/2690163004 Cr-Commit-Position: refs/heads/master@{#43180}
-
clemensh authored
I identified lots of asm.js tests that are actually not valid according to the spec, hence they execute in default-javascript-mode. This CL fixes most of them by adding additional type annotations. The atomic tests are totally non-spec-compliant by expecting a fourth argument, and infinite-loops-taken expects a function-type parameter, so I did not fix those. I also did not fix the regression tests. R=titzer@chromium.org, bradnelson@chromium.org BUG=v8:4203 Review-Url: https://codereview.chromium.org/2663243002 Cr-Commit-Position: refs/heads/master@{#43179}
-
clemensh authored
See associated bug: A continue if a do-while loop did jump back to the loop header, instead of jumping to the condition. This CL fixes this and adds a test case. R=bradnelson@chromium.org, titzer@chromium.org BUG=v8:5912 Review-Url: https://codereview.chromium.org/2693993002 Cr-Commit-Position: refs/heads/master@{#43178}
-
bbudge authored
LOG=Y BUG=v8:4124,v8:5948 R=bradnelson@chromium.org,bmeurer@chromium.org,jochen@chromium.org,hpayer@chromium.org,danno@chromium.org Review-Url: https://codereview.chromium.org/2684313003 Cr-Original-Original-Commit-Position: refs/heads/master@{#43162} Committed: https://chromium.googlesource.com/v8/v8/+/d170c57ab996d00c4665a9d865bd5754a1806c6c Review-Url: https://codereview.chromium.org/2684313003 Cr-Original-Commit-Position: refs/heads/master@{#43169} Committed: https://chromium.googlesource.com/v8/v8/+/a9b59a11f1bfe069afabe5567f919727456f1f12 Review-Url: https://codereview.chromium.org/2684313003 Cr-Commit-Position: refs/heads/master@{#43176}
-
yangguo authored
R=jgruber@chromium.org, kozyatinskiy@chromium.org BUG=v8:5808 Review-Url: https://codereview.chromium.org/2694623003 Cr-Commit-Position: refs/heads/master@{#43175}
-
- 13 Feb, 2017 2 commits
-
-
franzih authored
Revert of Remove SIMD.js from V8. (patchset #7 id:120001 of https://codereview.chromium.org/2684313003/ ) Reason for revert: Breaks Node integration build. Original issue's description: > Remove SIMD.js from V8. > > LOG=Y > BUG=v8:4124,v8:5948 > R=bradnelson@chromium.org,bmeurer@chromium.org,jochen@chromium.org,hpayer@chromium.org,danno@chromium.org > > Review-Url: https://codereview.chromium.org/2684313003 > Cr-Original-Commit-Position: refs/heads/master@{#43162} > Committed: https://chromium.googlesource.com/v8/v8/+/d170c57ab996d00c4665a9d865bd5754a1806c6c > Review-Url: https://codereview.chromium.org/2684313003 > Cr-Commit-Position: refs/heads/master@{#43169} > Committed: https://chromium.googlesource.com/v8/v8/+/a9b59a11f1bfe069afabe5567f919727456f1f12 TBR=bradnelson@chromium.org,bmeurer@chromium.org,jochen@chromium.org,hpayer@chromium.org,danno@chromium.org,bradnelson@google.com,machenbach@chromium.org,bbudge@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=v8:4124,v8:5948 Review-Url: https://codereview.chromium.org/2695653005 Cr-Commit-Position: refs/heads/master@{#43170}
-
bbudge authored
LOG=Y BUG=v8:4124,v8:5948 R=bradnelson@chromium.org,bmeurer@chromium.org,jochen@chromium.org,hpayer@chromium.org,danno@chromium.org Review-Url: https://codereview.chromium.org/2684313003 Cr-Original-Commit-Position: refs/heads/master@{#43162} Committed: https://chromium.googlesource.com/v8/v8/+/d170c57ab996d00c4665a9d865bd5754a1806c6c Review-Url: https://codereview.chromium.org/2684313003 Cr-Commit-Position: refs/heads/master@{#43169}
-