- 12 Jun, 2017 40 commits
-
-
Ulan Degenbaev authored
The race happens when an object transitions to a newly created map. The map initializing stores can be reordered after object->set_map(map), which will cause the concurrent marker to observe inconsistent map. The fix is to use store-release when setting the map pointer and acquire-load when reading the map in the concurrent marker. BUG=chromium:694255 Change-Id: I4fd6bc27dd70ff1a30f56a4cec13310ccdd627c8 Reviewed-on: https://chromium-review.googlesource.com/528118Reviewed-by:
Hannes Payer <hpayer@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#45876}
-
hpayer authored
BUG=chromium:728228 Review-Url: https://codereview.chromium.org/2930333002 Cr-Commit-Position: refs/heads/master@{#45875}
-
Michael Lippautz authored
- Remove commented out line - Simulate full space properly, independently of flags set Bug: Change-Id: I6013caae43eb40dd568fbd872eb0ee78288c61bf Reviewed-on: https://chromium-review.googlesource.com/531084Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#45874}
-
Toon Verwaest authored
Distinguish the compilation caches instead by the shape of the key (cow fixed array map meaning eval or script cache). This allows us to remove the odd "key" argument from Shrink, EnsureCapacity and Rehash. Bug: v8:6474 Change-Id: Ibcad22813063c3a9050da13dc51359f5b59e1254 Reviewed-on: https://chromium-review.googlesource.com/531184Reviewed-by:
Camillo Bruni <cbruni@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#45873}
-
Sathya Gunasekaran authored
Bug: v8:5717, v8:6354 Change-Id: I4ae2a0b629ca8fe03fb8f645aa5f22cf7f2e4a20 Reviewed-on: https://chromium-review.googlesource.com/515024Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#45872}
-
Igor Sheludko authored
... by reading the |map_index| value from the SharedFunctionInfo's |compiler_hints| field directly. Bug: v8:6459 Change-Id: I32c4c903b16fa9f7e7da755667dadef7fadfc5e0 Reviewed-on: https://chromium-review.googlesource.com/531024 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#45871}
-
Michael Starzinger authored
This adds missing support for in-object properties within objects having the {JSGeneratorObject} type to materialization during deoptimization. For corner-cases where the implicit generator object is statically known not to escape, object layout might still be arbitrarily complex. R=jarin@chromium.org TEST=mjsunit/regress/regress-crbug-732169 BUG=chromium:732169,v8:6481 Change-Id: I32f373913d60af64981dc4ed66873cc8a1dbe872 Reviewed-on: https://chromium-review.googlesource.com/530230Reviewed-by:Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#45870}
-
Igor Sheludko authored
Reshuffle |compiler_hints| bits to allow using smaller mask constants when generating code that checks if certain bit is set. Bug: v8:6470 Change-Id: I4c5de882405a575200a49355065dc5909ad88f58 Reviewed-on: https://chromium-review.googlesource.com/530309 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by:
-
Ulan Degenbaev authored
The fence ensures that the concurrent marker observes consistent state of mark-bits for newly allocated objects. The patch also moves Bitmap functions to cc file and removes non-atomic versions of SetRange and ClearRange. BUG=chromium:694255 Change-Id: I466bef654f3d4a21b7aaebdfd6d5a39ddb5f2a0a Reviewed-on: https://chromium-review.googlesource.com/530367Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#45868}
-
Igor Sheludko authored
Use new macros for defining bit fields. Bug: v8:6470 Change-Id: Ie580ba7fc64f9958a3d4586d54d67e5dc66f1b53 Reviewed-on: https://chromium-review.googlesource.com/529824 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by:
-
hpayer authored
[heap] Register an idle embedder garbage collection when starting incremental marking through reached marking limit. We need to schedule an idle garbage collection in the embedder to drive progress. The embedder is responsible to schedule the request or ignore it. BUG=chromium:728228 Review-Url: https://codereview.chromium.org/2937433002 Cr-Commit-Position: refs/heads/master@{#45866}
-
sampsong authored
BUG= R=bjaideep@ca.ibm.com, jyan@ca.ibm.com, joransiu@ca.ibm.com, machenbach@chromium.org, rossberg@chromium.org Review-Url: https://codereview.chromium.org/2931133002 Cr-Commit-Position: refs/heads/master@{#45865}
-
Alexey Kozyatinskiy authored
console.context(name:string) method returns console instance, this console instance fully implements console interface (including fact that any method can be called without console as receiver). Protocol.Runtime.consoleAPICalled notification contains additional context:string field: - "anonymous#unique-id" for any method call on unnamed console context, - "name#unique-id" for any method call on named console context. console.count and console.timeEnd have context as a scope. console.clear clear all messages regardless on what context instance it was called. console calls is ~10% slower with this CL since we need to store and then fetch console_context_id and console_context_name from function object. We recently (in April) made console calls twice faster so 10% doesn't sound critical and existing of console.log call in hot code is problem by itself. R=pfeldman@chromium.org Bug: chromium:728767 Change-Id: I5fc73216fb8b28bfe1e8c2c1b393ebfbe43cd02e Reviewed-on: https://chromium-review.googlesource.com/522128Reviewed-by:
Igor Sheludko <ishell@chromium.org> Reviewed-by:
Dmitry Gozman <dgozman@chromium.org> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> Cr-Commit-Position: refs/heads/master@{#45864}
-
Georg Neis authored
MIPS port of https://chromium-review.googlesource.com/c/519165/. R=ivica.bogosavljevic@imgtec.com, jarin@chromium.org Bug: v8:6048 Change-Id: I27c8b43726119904441f286a6c97d602fd2d0150 Reviewed-on: https://chromium-review.googlesource.com/530806Reviewed-by:
Ivica Bogosavljevic <ivica.bogosavljevic@imgtec.com> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#45863}
-
Andreas Haas authored
The EnableFlagScope is useful also for non-boolean flags. With the template we can use if for example in the wasm fuzzers to reduce the maximum memory size of a wasm module. In addition I put the EnableFlagScope into the v8::internal namespace, and I fixed a small typo. BUG=v8:6474 R=clemensh@chromium.org Change-Id: Iae5d5c058c334cd0f9e09d20adfd229fc2d6c585 Reviewed-on: https://chromium-review.googlesource.com/531005 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by:
Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#45862}
-
Clemens Hammacher authored
This method is dead now (after https://chromium-review.googlesource.com/529844 and https://chromium-review.googlesource.com/529210). R=ahaas@chromium.org BUG=v8:6474 Change-Id: Icd355283312bfae712c0db61bb5049925762060b Reviewed-on: https://chromium-review.googlesource.com/530312Reviewed-by:
Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#45861}
-
Igor Sheludko authored
Don't use byte-width instructions when accessing |compiler_hints| field. This CL eases adding new bit fields to the compiler hints field. Bug: v8:6470 Change-Id: I7b07c1c8d0a11a303eebb5272d2846a5a84005f7 Reviewed-on: https://chromium-review.googlesource.com/529804 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by:
-
Clemens Hammacher authored
In many places in WasmModule and contained structs we store references into the wire bytes as pairs of offset and length. This CL introduces a WireBytesRef struct which encapsulates these two connected fields. This makes it easier to pass them and assign them as one unit. R=ahaas@chromium.org, mtrofin@chromium.org BUG=v8:6474 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: I4f2a40d848a51dc6f6f599f9253c3c6ed6e51627 Reviewed-on: https://chromium-review.googlesource.com/530687 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by:
-
Andreas Haas authored
This CL is the first step in introducing a compilation manager for asynchronous compile jobs in WebAssembly. The compilation manager holds a list of currently active AsyncCompileJobs. With the compilation manager these compile jobs get deallocated when the isolate shuts down. Note that this CL is not enough to provide a graceful isolate shutdown. For this we have to wait for all compilation tasks to finish before we shut down, and we have to make the tasks stateless. I plan to do these changes in separate CLs. R=clemensh@chromium.org, mtrofin@chromium.org BUG=v8:6436 Change-Id: I9a6e165dd2ef6d33944ca303fed49f7940eea7a2 Reviewed-on: https://chromium-review.googlesource.com/528079Reviewed-by:
-
Clemens Hammacher authored
We were emitting the table index once in the element section instead of once per element segment. This did not cause failures because we never had more than one element segment. This CL fixes this, and adds a test for more than one segment. R=rossberg@chromium.org Change-Id: I13923baf3dae383c72760286e24242d0ad55c4db Reviewed-on: https://chromium-review.googlesource.com/527155Reviewed-by:
Andreas Rossberg <rossberg@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#45857}
-
Ulan Degenbaev authored
BUG=chromium:694255 Change-Id: I5dc1efff984c4e358313960fc4c1598e3a3ff313 Reviewed-on: https://chromium-review.googlesource.com/528105Reviewed-by:
-
Ulan Degenbaev authored
BUG=chromium:694255 Change-Id: Ibfffc68a513511866dc4eebcf0728e51feb1a7fd Reviewed-on: https://chromium-review.googlesource.com/530746Reviewed-by:
-
Ulan Degenbaev authored
BUG=v8:6474 Change-Id: I820ed47f18a41a1e281a78f1754f483a81627de8 Reviewed-on: https://chromium-review.googlesource.com/528104Reviewed-by:
-
Marja Hölttä authored
BUG=v8:5402,v8:6474 Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng Change-Id: Id38249fe9dc88001218aa1faa1b31c9d2f9703d1 Reviewed-on: https://chromium-review.googlesource.com/528102 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by:
Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#45853}
-
Clemens Hammacher authored
This is a testing-only function, which is semantically equivalent to a SyncCompile followed by SyncInstantiate. We add a new SyncCompileAndInstantiate function to do those two steps in one go, and use this method instead. For AsmJs modules, a new testing function CompileAndRunAsmWasmModule is introduced. This is part of our effort to reduce the number of special paths for testing. It is connected with https://chromium-review.googlesource.com/529210, but should not conflict with it. After landing both CLs, we can later also get rid of InstantiateModuleForTesting. R=ahaas@chromium.org, mtrofin@chromium.org BUG=v8:6474 Change-Id: I7891e968370d5eb68803076ce2639c65a2799dcc Reviewed-on: https://chromium-review.googlesource.com/529844Reviewed-by:
-
Andreas Haas authored
This CL removes unnecessary code duplication in the fuzzer code. Instead of having special testing functions to compile and instantiate a WebAssembly module, we now just call SyncCompile and SyncInstantiate. This also fixed a problem when the fuzzer generated a GrowMemory instruction. BUG=v8:6474 R=clemensh@chromium.org Change-Id: I5f2f23349b5866ea67be20a0826271791e1a013e Reviewed-on: https://chromium-review.googlesource.com/529210 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by:
-
hpayer authored
BUG=chromium:716032 Review-Url: https://codereview.chromium.org/2919023003 Cr-Commit-Position: refs/heads/master@{#45850}
-
Michael Starzinger authored
This adds support for materializing objects of {JSGeneratorObject} type during deoptimization. Cases where soft-deopts remove any escaping use of the implicit generator object can cause it to be escape analyzed. R=jarin@chromium.org TEST=mjsunit/regress/regress-crbug-732169 BUG=chromium:732169 Change-Id: I2ec10b2a509a4f37a456a8ca2fd74b8de2fb55be Reviewed-on: https://chromium-review.googlesource.com/530847Reviewed-by:Georg Neis <neis@chromium.org> Reviewed-by:
-
Michael Achenbach authored
Explicitly set argument for use_cfi_recover introduced in: https://codereview.chromium.org/2920963002 This retains the behavior we had in GYP: Print useful diagnostics, but crash to make the errors show up. Also set use_cfi_cast=true. In gyp we've set this by default: -fsanitize=cfi-derived-cast -fsanitize=cfi-unrelated-cast In GN it now lives behind the use_cfi_cast flag. NOTRY=true TBR=vogelheim@chromium.org Bug: chromium:726584 Change-Id: If202bc42fff3d5ff398576a114af7a7c3fb3fd2b Reviewed-on: https://chromium-review.googlesource.com/528175Reviewed-by:
Daniel Vogelheim <vogelheim@chromium.org> Reviewed-by:
Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#45848}
-
Michael Starzinger authored
This removes support for disabling TurboFan by default via the build time {v8_disable_turbo} flag. We no longer need to be able to build binaries with TurboFan disabled. R=machenbach@chromium.org BUG=v8:6408 Change-Id: I4062914c2bf823ab42250595ad67d1dc8da3f1d3 Reviewed-on: https://chromium-review.googlesource.com/528138Reviewed-by:Ross McIlroy <rmcilroy@chromium.org> Reviewed-by:
-
Clemens Hammacher authored
* add functionality to wasm-module-builder.js to emit the module name in the name section. * extend WasmModule to store the module name length and offset. * add functionality to module-decoder.cc to decode the module name. * use the module name for printing stack traces. more uses should follow. * extend one message test to contain a module name. R=ahaas@chromium.org Change-Id: I94e6f1f2eb99cb656a92a85bb7afe0742292046f Reviewed-on: https://chromium-review.googlesource.com/530366Reviewed-by:
-
Georg Neis authored
Leftover from https://chromium-review.googlesource.com/522664. TBR=jgruber@chromium.org Bug: Change-Id: Ifb37d235bc1be83b310a821514c61e901b594540 Reviewed-on: https://chromium-review.googlesource.com/530787 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by:
-
Igor Sheludko authored
Don't use byte-width instructions when accessing |compiler_hints| field (only FunctionKind bit field accesses are yet to be fixed). This CL eases adding new bit fields to the compiler hints field. Bug: v8:6470 Change-Id: Ibc2dfb42c0bf0df49fcb9e37c10fda789db4c3c8 Reviewed-on: https://chromium-review.googlesource.com/528120Reviewed-by:
-
hpayer authored
This reverts commit 195eab46. BUG=chromium:626082, chromium:728228 Review-Url: https://codereview.chromium.org/2931393002 Cr-Commit-Position: refs/heads/master@{#45843}
-
Toon Verwaest authored
Only the CompilationCache doesn't actually specialize the table to the point where it knows how to hash stored keys. This moves the virtual HashForObject down from HashTableKey to CompilationCacheKey, and moves previous virtual implementations to the respective shapes. Bug: v8:6474 Change-Id: I0a1ae26a224d602d16692d2b09c96a2ab193f07f Reviewed-on: https://chromium-review.googlesource.com/529110Reviewed-by:
-
Jochen Eisinger authored
TBR=mvstanton@chromium.org Change-Id: I1f348a050c321968cb20c783ebe4b55f6beed27c Reviewed-on: https://chromium-review.googlesource.com/530826Reviewed-by:
Jochen Eisinger <jochen@chromium.org> Commit-Queue: Jochen Eisinger <jochen@chromium.org> Cr-Commit-Position: refs/heads/master@{#45841}
-
Clemens Hammacher authored
This allows us to just call this method without returning dummy {nullptr} values or even calling {graph()->NewNode()} afterwards. R=ahaas@chromium.org BUG=v8:6474 Change-Id: I6c03eb639dfb635ce791e7d3a731d9dfdf7800a8 Reviewed-on: https://chromium-review.googlesource.com/529308 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: -
Jakob Gruber authored
Callables for TF builtins are autogenerated and accessible through Builtins::CallableFor. This removes the manually written accessors from CodeFactory. Bug: v8:6474,v8:5737 Change-Id: I9d8dec97995471c1bb258147220c190bf72e5de8 Reviewed-on: https://chromium-review.googlesource.com/530745Reviewed-by:
-
Clemens Hammacher authored
For more static type safety: Avoid passing wasm objects as Object and casting them before use. Use the correct type right away. R=ahaas@chromium.org BUG=v8:6474 Change-Id: Id0c486560115dd1a7bd9b6a12d2fb938e06520ef Reviewed-on: https://chromium-review.googlesource.com/530744Reviewed-by:
-
Clemens Hammacher authored
The respective code was removed in May 2015: c5eb9573 R=jochen@chromium.org BUG=v8:6474 NOTRY=true Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: I21be194e16b0a10613d62bc38fa10faee082da41 Reviewed-on: https://chromium-review.googlesource.com/530685Reviewed-by:
-
