- 03 Apr, 2017 22 commits
-
-
Clemens Hammacher authored
For OOB checks on memory accesses, we first subtracted the size of the type to load/store from the memory size, and then compared against this effective_size. If the memory size is smaller than the size of the type, this would lead to an integer underflow, and we would try to load the value. This CL fixes this, and adds a test case for this. R=ahaas@chromium.org BUG=v8:5822 Change-Id: I26fcba0be7343c88b8459d029b0c0af095d2466a Reviewed-on: https://chromium-review.googlesource.com/465946 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#44345}
-
kozyatinskiy authored
JSObject is slow: creating strings for keys and storing values by these keys after takes significant amount of time. With this CL console methods (most of them collect top stack frame to calculate source location) are ~33% faster. V8Debugger::captureStackTrace is ~50% faster. BUG=v8:6189 R=yangguo@chromium.org TBR=bmeurer@chromium.org Review-Url: https://codereview.chromium.org/2789073002 Cr-Commit-Position: refs/heads/master@{#44344}
-
jgruber authored
Bool flags can be as small as one byte, so testing an IntPtr-sized value is incorrect. BUG=v8:6172 Review-Url: https://codereview.chromium.org/2792963002 Cr-Commit-Position: refs/heads/master@{#44343}
-
Michael Achenbach authored
This reverts commit 7a6e6bb1. Reason for revert: breaks layout tests: https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/14688 See: https://github.com/v8/v8/wiki/Blink-layout-tests Original change's description: > [wasm] Make WebAssembly.compile() asynchronous > > titzer@ originally created this > CL (https://codereview.chromium.org/2757903002). I fixed crashing tests > and adressed some comments of the reviewers. > > R=bradnelson@chromium.org, clemensh@chromium.org, mtrofin@chromium.org > BUG=v8:6003 > > Change-Id: I4ab6d503909402d24043657a896200032e6d1023 > Reviewed-on: https://chromium-review.googlesource.com/464887 > Reviewed-by: Clemens Hammacher <clemensh@chromium.org> > Reviewed-by: Mircea Trofin <mtrofin@chromium.org> > Commit-Queue: Andreas Haas <ahaas@chromium.org> > Cr-Commit-Position: refs/heads/master@{#44333} TBR=bradnelson@chromium.org,mtrofin@chromium.org,ahaas@chromium.org,clemensh@chromium.org,titzer@chromium.org,v8-reviews@googlegroups.com NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=v8:6003 Change-Id: I87dbdbba0be4624828b6b0a94e02b6681593e335 Reviewed-on: https://chromium-review.googlesource.com/465813Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#44342}
-
rmcilroy authored
Translates code of the form 'if (x === undefined)' into the JumpIfUndefined bytecode, and similarly for comparisons with null. Also adds bytecodes for JumpIfNotUndefined / Null. Moves the peephole optimization for CompareUndefined out of the peephole optimizer and into the BytecodeGenerator, having the side-effect of enabling it for comparisons with undefined on both side of the compare operation. BUG=v8:6107 Review-Url: https://codereview.chromium.org/2793923002 Cr-Commit-Position: refs/heads/master@{#44341}
-
Caitlin Potter authored
With --harmony-function-tostring enabled (now enabled by --harmony), CompileFunctionInContext would produce incorrect results whenever called with 1 or more argument parameters, due to specifying an incorrect end position for the parameters. BUG=v8:6190, v8:4958 R=littledan@chromium.org, adamk@chromium.org, jwolfe@igalia.com Change-Id: Ied2bcba44116311ebcae3967963472b4e1058fd3 Reviewed-on: https://chromium-review.googlesource.com/465515 Commit-Queue: Caitlin Potter <caitp@igalia.com> Reviewed-by: Daniel Ehrenberg <littledan@chromium.org> Cr-Commit-Position: refs/heads/master@{#44340}
-
Camillo Bruni authored
This CL adds support to parse a PushStackTraceAndDie dump on a windows minidump: Stack Message: magic1: 00000000bbbbbbbb magic2: 00000000bbbbbbbb ptr1: 00000015f9ca78d1 T ptr2: 0000000000000000 message start: 00000000002c58f0 S stack_start: 00000000002cd8f0 S All addresses within the message are annotated with the address marker to make it easier to spot objects that are contained in the minidump. Currently this doesn't work on OSX yet as we do not correctly push the two magic markers on the stack. Change-Id: I8385bb66a76bd253c4014bc7e25971d03830dd4d Reviewed-on: https://chromium-review.googlesource.com/466007Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#44339}
-
Camillo Bruni authored
Change-Id: I169b4d91463cb59aa2a91e79eda2d7e877f88d72 Reviewed-on: https://chromium-review.googlesource.com/456319 Commit-Queue: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Michael Hablich <hablich@chromium.org> Cr-Commit-Position: refs/heads/master@{#44338}
-
ivica.bogosavljevic authored
Fix 776d89f9 Fix typo in MIPS implementation BUG= Review-Url: https://codereview.chromium.org/2788123002 Cr-Commit-Position: refs/heads/master@{#44337}
-
Peter Marshall authored
The byte_length field of the TypedArray is not set to 0 on neutering, but JSArrayBufferView::byte_length() returns 0 if WasNeutered() is true. We should use the length property here instead. We can just short-circuit if the length is 0. Added checks to the memcpy path that assert length and neutered status are sane. Bug:chromium:707472,chromium:707595,chromium:707364,chromium:707410 Change-Id: Ia1dec53f175357673012cbbc5e2fc40207e03623 Reviewed-on: https://chromium-review.googlesource.com/465987Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#44336}
-
Michael Starzinger authored
This adds support for tracking token positions in the asm.js scanner and uses these positions to emit a mapping from WASM to asm.js positions. Note that the mapping is still incomplete (some call sites are not yet covered). R=clemensh@chromium.org TEST=debugger/debug/wasm/asm-debug BUG=v8:6127 Change-Id: Ic8aad1a85e7d9e19da2eec523fcc73d4984afcc8 Reviewed-on: https://chromium-review.googlesource.com/466046 Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#44335}
-
tgfjt.mail authored
This comment was just left behind: https://codereview.chromium.org/6006 BUG=v8:5413 Review-Url: https://codereview.chromium.org/2794863002 Cr-Commit-Position: refs/heads/master@{#44334}
-
Andreas Haas authored
titzer@ originally created this CL (https://codereview.chromium.org/2757903002). I fixed crashing tests and adressed some comments of the reviewers. R=bradnelson@chromium.org, clemensh@chromium.org, mtrofin@chromium.org BUG=v8:6003 Change-Id: I4ab6d503909402d24043657a896200032e6d1023 Reviewed-on: https://chromium-review.googlesource.com/464887Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Mircea Trofin <mtrofin@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#44333}
-
Clemens Hammacher authored
A DCHECK was failing if we unwind an activation which is not the bottom-most. This CL fixes this and adds a test for this. R=ahaas@chromium.org BUG=v8:5822 Change-Id: Ib69116b4c45a7b2a0d6cab97ad984dfdcda55918 Reviewed-on: https://chromium-review.googlesource.com/464788Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#44332}
-
jgruber authored
BUG=v8:5437 Review-Url: https://codereview.chromium.org/2779033003 Cr-Commit-Position: refs/heads/master@{#44331}
-
Daniel Ehrenberg authored
This reverts commit fa314341. Reason for revert: Causes a significant bug: https://bugs.chromium.org/p/v8/issues/detail?id=6190 Original change's description: > Stage --harmony-function-tostring > > BUG=v8:4958 > > Change-Id: Id02d36fce76eed54a5a3d348dbac2ea7d43f4ef3 > Reviewed-on: https://chromium-review.googlesource.com/462336 > Reviewed-by: Daniel Ehrenberg <littledan@chromium.org> > Commit-Queue: Adam Klein <adamk@chromium.org> > Cr-Commit-Position: refs/heads/master@{#44275} TBR=adamk@chromium.org,littledan@chromium.org,hablich@chromium.org,v8-reviews@googlegroups.com # Not skipping CQ checks because original CL landed > 1 day ago. BUG=v8:4958 Change-Id: I43388674e454275fb93a15b9af03e3d8c3cfaaa2 Reviewed-on: https://chromium-review.googlesource.com/465810Reviewed-by: Daniel Ehrenberg <littledan@chromium.org> Commit-Queue: Daniel Ehrenberg <littledan@chromium.org> Cr-Commit-Position: refs/heads/master@{#44330}
-
yangguo authored
R=jgruber@chromium.org BUG=v8:6165 Review-Url: https://codereview.chromium.org/2794443002 Cr-Commit-Position: refs/heads/master@{#44329}
-
Josh Wolfe authored
* When V8_I18N_SUPPORT, completely omit the Unibrow no-op placeholder, and instead use the CPP builtin that uses ICU. * Remove %StringNormalize() runtime function. Bug: v8:5751 CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_linux_noi18n_rel_ng Change-Id: I3499fa4305d421859253a226f4f09794abe94f4c Change-Id: I3499fa4305d421859253a226f4f09794abe94f4c Reviewed-on: https://chromium-review.googlesource.com/462405Reviewed-by: Caitlin Potter <caitp@igalia.com> Reviewed-by: Daniel Ehrenberg <littledan@chromium.org> Commit-Queue: Daniel Ehrenberg <littledan@chromium.org> Cr-Commit-Position: refs/heads/master@{#44328}
-
bmeurer authored
For speculative number comparisons with SignedSmall feedback, we always enforce either TaggedSigned or Word32 comparisons. But this is not really beneficial if one of the inputs is already in Float64 representation; in that case it's cheaper to just convert the other input to a Float64. R=jarin@chromium.org Review-Url: https://codereview.chromium.org/2790833004 Cr-Commit-Position: refs/heads/master@{#44327}
-
dusan.simicic authored
Adds support for I32x4Splat, I32x4ExtractLane, I32x4ReplaceLane, I32x4Add, I32x4Sub, S128Zero operations for mips32 and mips64 architectures. BUG= Note: Depends on patch: https://codereview.chromium.org/2740123004/ Review-Url: https://codereview.chromium.org/2753903004 Cr-Commit-Position: refs/heads/master@{#44326}
-
pierre.langlois authored
The "perf inject" command will place the generated function into a .text section, placed directly after the ELF header. As a result, source position addresses need to be adjusted according to the size of the ELF header, which is 0x40 for 64 bit architectures and 0x34 on 32 bit architectures. We would previously adjust the addresses with 0x40 regardless of the architecture. BUG= Review-Url: https://codereview.chromium.org/2783203005 Cr-Commit-Position: refs/heads/master@{#44325}
-
jgruber authored
Previously, named captures (and related functionality) were restricted to unicode-mode regexps. This CL extends that support to non-unicode patterns. Named groups are supported regardless of the mode, and named back-references are supported if the regexp is in unicode mode or if it contains a named capture (otherwise '\k' is treated as an identity escape). BUG=v8:5437,v8:6192 Review-Url: https://codereview.chromium.org/2788873002 Cr-Commit-Position: refs/heads/master@{#44324}
-
- 02 Apr, 2017 1 commit
-
-
v8-autoroll authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/6491c78..e00daf3 Rolling v8/third_party/catapult: https://chromium.googlesource.com/external/github.com/catapult-project/catapult/+log/93bc1a8..6b686d1 TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org Change-Id: I7f29f3db5f477e88950fa55fc334bd43b9f2f412 Reviewed-on: https://chromium-review.googlesource.com/465567Reviewed-by: v8 autoroll <v8-autoroll@chromium.org> Commit-Queue: v8 autoroll <v8-autoroll@chromium.org> Cr-Commit-Position: refs/heads/master@{#44323}
-
- 01 Apr, 2017 3 commits
-
-
cwhan.tunz authored
- Implement %TypedArray%.prototype.slice to C++ builtins - Remove TypedArraySlice in src/js/typedarray.js - Implement TypedArraySpeciesCreate in builtins-typedarray.cc - Implement TypedArrayCreate in builtins-typedarray.cc BUG=v8:5929 Review-Url: https://codereview.chromium.org/2763473002 Cr-Commit-Position: refs/heads/master@{#44322}
-
v8-autoroll authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/673a8f4..6491c78 Rolling v8/third_party/catapult: https://chromium.googlesource.com/external/github.com/catapult-project/catapult/+log/b13bd47..93bc1a8 Rolling v8/third_party/instrumented_libraries: https://chromium.googlesource.com/chromium/src/third_party/instrumented_libraries/+log/48dcb2c..61065eb TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org Change-Id: I250016d204248badff52d7e29a4b466e52d20a06 Reviewed-on: https://chromium-review.googlesource.com/465726Reviewed-by: v8 autoroll <v8-autoroll@chromium.org> Commit-Queue: v8 autoroll <v8-autoroll@chromium.org> Cr-Commit-Position: refs/heads/master@{#44321}
-
jbroman authored
This was missed when Latin-1 encoding replaced UTF-8 encoding when one-byte strings (like most keys) are serialized. BUG=chromium:686159 Review-Url: https://codereview.chromium.org/2784423002 Cr-Commit-Position: refs/heads/master@{#44320}
-
- 31 Mar, 2017 14 commits
-
-
gdeepti authored
BUG=chromium:702460 R=mtrofin@chromium.org, bbudge@chromium.org Review-Url: https://codereview.chromium.org/2794693002 Cr-Commit-Position: refs/heads/master@{#44319}
-
kschimpf authored
Records histogram of ArrayBuffer/SharedArrayBuffer new allocations that failed because it couldn't allocate space for the buffer. Histogram is based on the buffer size requested. This counter is intended to give some clue as to how often, and what sizes are being requested. Unfortunately, the how often can't be answered with the current counter. The problem is that V8 doesn't currently support this possibility yet. Hence, for now, introducing a counter that at least counts the number/size of failing requests. BUG=chromium:704922 R=bbudge@chromium.org,bradnelson@chromium.org,mtrofin@chromium.org Review-Url: https://codereview.chromium.org/2786913004 Cr-Commit-Position: refs/heads/master@{#44318}
-
kschimpf authored
Adds a counter for large array buffers. Used to give an indication of how common large array buffers are allocated in V8. For the moment, we assume a 1Mb cutoff for the notion of large array buffers. We also use log2(length) to cleanly bucket sizes into a histogram. BUG=chromium:704922 R=bbudge@chromium.org,bradnelson@chromium.org,mtrofin@chromium.org Review-Url: https://codereview.chromium.org/2792623002 Cr-Commit-Position: refs/heads/master@{#44317}
-
bmeurer authored
Currently x instanceof RegExp checks cannot take the fast path, since the RegExp constructor has dictionary properties. To avoid that, just forcibly migrate the RegExp constructor to fast properties again once it's fully setup in the bootstrapper. This yields a 10x improvement for x instanceof RegExp checks. R=yangguo@chromium.org BUG=v8:5902 Review-Url: https://codereview.chromium.org/2786143004 Cr-Commit-Position: refs/heads/master@{#44316}
-
bjaideep authored
Port 776d89f9 Original Commit Message: Rewrite returns in derived constructors to only replace undefined with this, and otherwise just return the value, and let the construct stub builtin throw an exception if the result is a primitive instead of a JSReceiver. R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG=chromium:706642 LOG=N Review-Url: https://codereview.chromium.org/2786413003 Cr-Commit-Position: refs/heads/master@{#44315}
-
kschimpf authored
Looking at UMA results, we are getting a fair number of modules with more than 10,000 functions (5.2%) that are being lumped into the maximal entry. To get more visibility into what values are being lumped, this CL lifts the maximum to 100,000. BUG=chromium:704922 R=bbudge@chromium.org,bradnelson@chromium.org Review-Url: https://codereview.chromium.org/2787163002 Cr-Commit-Position: refs/heads/master@{#44314}
-
kschimpf authored
Looking at UMA results, we are geting a number of instantiations (4%) that are being lumped into the 1 second (plus) maximum entry. To get more visibility into the values in this bucket, this CL lift the maximun to 10 seconds. BUG=chromium:704922 R=bbudge@chromium.org,bradnelson@chromium.org Review-Url: https://codereview.chromium.org/2780353004 Cr-Commit-Position: refs/heads/master@{#44313}
-
kschimpf authored
Looking at UMA results, we are getting a lot of compilations (over 5%) that are being lumped into the 1 second (plus) maximum entry. To get more visibility into this, this CL lifts the maxiumum to 10 seconds. BUG=chromium:704922 R=bbudge@chromium.org,bradnelson@chromium.org Review-Url: https://codereview.chromium.org/2785313002 Cr-Commit-Position: refs/heads/master@{#44312}
-
jgruber authored
Fixes a crash found by clusterfuzz caused by a call to std::vector::reserve with a huge capacity, and reverts to ZoneList handling as a tentative fix for performance regressions on the slow @@replace path. BUG=chromium:707187,chromium:706748,v8:5437 Review-Url: https://codereview.chromium.org/2787343002 Cr-Commit-Position: refs/heads/master@{#44311}
-
jyan authored
some arch like s390 has native instr can benefit from this. see ~10% improvement on MathAbs on s390 Review-Url: https://codereview.chromium.org/2785773002 Cr-Commit-Position: refs/heads/master@{#44310}
-
tebbi authored
R=bmeuerer@chromium.org Review-Url: https://codereview.chromium.org/2789713003 Cr-Commit-Position: refs/heads/master@{#44309}
-
Ross McIlroy authored
Check that a register used as a local is within the bytecode array's local count. BUG=chromium:706234 Change-Id: I51f6a0a8be065b93b9a4e1dca623e98c51685b51 Reviewed-on: https://chromium-review.googlesource.com/464768Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#44308}
-
machenbach authored
This reverts commit 4506382d. We don't allow DEPS'ing things outside googlesource. This requires a mirror. Also .gitignore entry is missing. NOTRY=true NOTREECHECKS=true NOPRESUBMIT=true TBR=bmeurer@chromium.org Review-Url: https://codereview.chromium.org/2785183005 Cr-Commit-Position: refs/heads/master@{#44307}
-
martyn.capewell authored
Add assembler, disassembler and simulator support for NEON in the ARM64 backend. BUG= Review-Url: https://codereview.chromium.org/2622643005 Cr-Commit-Position: refs/heads/master@{#44306}
-