- 14 Feb, 2017 4 commits
-
-
Andreas Haas authored
Within the initialization of a WasmInstanceWrapper a WeakCell is allocated for the wrapped instance. This allocation of the WeakCell can cause a garbage collection. The bug happened because a pointer to the WasmInstanceWrapper was stored in the unhandlified this pointer, which was invalidated by the garbage collection. R=clemensh@chromium.org CC=gdeepti@chromium.org BUG=chromium:691538 Change-Id: I7001ab7ad3ee30f4c87a13c42e2fd16c0c86027a Reviewed-on: https://chromium-review.googlesource.com/441766Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#43177}
-
bbudge authored
LOG=Y BUG=v8:4124,v8:5948 R=bradnelson@chromium.org,bmeurer@chromium.org,jochen@chromium.org,hpayer@chromium.org,danno@chromium.org Review-Url: https://codereview.chromium.org/2684313003 Cr-Original-Original-Commit-Position: refs/heads/master@{#43162} Committed: https://chromium.googlesource.com/v8/v8/+/d170c57ab996d00c4665a9d865bd5754a1806c6c Review-Url: https://codereview.chromium.org/2684313003 Cr-Original-Commit-Position: refs/heads/master@{#43169} Committed: https://chromium.googlesource.com/v8/v8/+/a9b59a11f1bfe069afabe5567f919727456f1f12 Review-Url: https://codereview.chromium.org/2684313003 Cr-Commit-Position: refs/heads/master@{#43176}
-
yangguo authored
R=jgruber@chromium.org, kozyatinskiy@chromium.org BUG=v8:5808 Review-Url: https://codereview.chromium.org/2694623003 Cr-Commit-Position: refs/heads/master@{#43175}
-
v8-autoroll authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/3e5cfce..0fdcf96 Rolling v8/third_party/catapult: https://chromium.googlesource.com/external/github.com/catapult-project/catapult/+log/67cf0dc..7f34a59 TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org Change-Id: I62a9982ea0c851b152a2ca5d13684a6cac0f2059 Reviewed-on: https://chromium-review.googlesource.com/442324Reviewed-by: v8 autoroll <v8-autoroll@chromium.org> Commit-Queue: v8 autoroll <v8-autoroll@chromium.org> Cr-Commit-Position: refs/heads/master@{#43174}
-
- 13 Feb, 2017 36 commits
-
-
adamk authored
Inheriting from ZoneObject already provides this operator. R=marja@chromium.org Review-Url: https://codereview.chromium.org/2688283002 Cr-Commit-Position: refs/heads/master@{#43173}
-
adamk authored
R=marja@chromium.org Review-Url: https://codereview.chromium.org/2687403003 Cr-Commit-Position: refs/heads/master@{#43172}
-
bjaideep authored
Port 6ee0b6ce Original Commit Message: This adds support for deoptimizing into the JSConstructStub after the receiver instantiation but before the actual constructor invocation. Such a deoptimization point is needed for cases where instantiation might be observed (e.g. when new.target is a proxy) and hence might trigger a deopt. We use this new deoptimization point for the "after" frame-state the inliner attaches to {JSCreate} nodes being inserted when constructor calls are being inlined. R=mstarzinger@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG=v8:5638 LOG=N Review-Url: https://codereview.chromium.org/2690213002 Cr-Commit-Position: refs/heads/master@{#43171}
-
franzih authored
Revert of Remove SIMD.js from V8. (patchset #7 id:120001 of https://codereview.chromium.org/2684313003/ ) Reason for revert: Breaks Node integration build. Original issue's description: > Remove SIMD.js from V8. > > LOG=Y > BUG=v8:4124,v8:5948 > R=bradnelson@chromium.org,bmeurer@chromium.org,jochen@chromium.org,hpayer@chromium.org,danno@chromium.org > > Review-Url: https://codereview.chromium.org/2684313003 > Cr-Original-Commit-Position: refs/heads/master@{#43162} > Committed: https://chromium.googlesource.com/v8/v8/+/d170c57ab996d00c4665a9d865bd5754a1806c6c > Review-Url: https://codereview.chromium.org/2684313003 > Cr-Commit-Position: refs/heads/master@{#43169} > Committed: https://chromium.googlesource.com/v8/v8/+/a9b59a11f1bfe069afabe5567f919727456f1f12 TBR=bradnelson@chromium.org,bmeurer@chromium.org,jochen@chromium.org,hpayer@chromium.org,danno@chromium.org,bradnelson@google.com,machenbach@chromium.org,bbudge@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=v8:4124,v8:5948 Review-Url: https://codereview.chromium.org/2695653005 Cr-Commit-Position: refs/heads/master@{#43170}
-
bbudge authored
LOG=Y BUG=v8:4124,v8:5948 R=bradnelson@chromium.org,bmeurer@chromium.org,jochen@chromium.org,hpayer@chromium.org,danno@chromium.org Review-Url: https://codereview.chromium.org/2684313003 Cr-Original-Commit-Position: refs/heads/master@{#43162} Committed: https://chromium.googlesource.com/v8/v8/+/d170c57ab996d00c4665a9d865bd5754a1806c6c Review-Url: https://codereview.chromium.org/2684313003 Cr-Commit-Position: refs/heads/master@{#43169}
-
bbudge authored
- Renames select, swizzle, and shuffle to be consistent with the S128 and existing S32x4 ops, and reflect that these aren't arithmetic. e.g. I16x8Swizzle -> S16x8Swizzle. - Implements S16x8 and S8x16 Select operations and tests. - Implements S128And, Or, Xor, Not operations and tests. - Implements Swizzle for 32x4 formats. - Refactors test macros that generate SIMD code. TEST=cctest/test-run-wasm-simd/* LOG=N BUG=v8:4124 Review-Url: https://codereview.chromium.org/2683713003 Cr-Commit-Position: refs/heads/master@{#43168}
-
bjaideep authored
Port 6c12d57e Original Commit Message: This fixes the case where the index passed to {HMaybeGrowElements} used to derive the new capacity for the elements backing store does not fit into Smi range. Such an overflow would fail the capacity check and cause growing to be skipped. Subsequent keyed stores would potentially go out of bounds. R=mstarzinger@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG=chromium:686427 LOG=N Review-Url: https://codereview.chromium.org/2697473004 Cr-Commit-Position: refs/heads/master@{#43167}
-
jyan authored
R=joransiu@ca.ibm.com, bjaideep@ca.ibm.com, danno@chromium.org, bmeurer@chromium.org BUG= Review-Url: https://codereview.chromium.org/2691893002 Cr-Commit-Position: refs/heads/master@{#43166}
-
verwaest authored
Unlike the old manually written LoadNonexistent stub, the data handler properly supports keyed loads out of the box. Simply remove the condition that disables it. BUG= Review-Url: https://codereview.chromium.org/2693913002 Cr-Commit-Position: refs/heads/master@{#43165}
-
bradnelson authored
Revert of Remove SIMD.js from V8. (patchset #7 id:120001 of https://codereview.chromium.org/2684313003/ ) Reason for revert: red Original issue's description: > Remove SIMD.js from V8. > > LOG=Y > BUG=v8:4124,5948 > R=bradnelson@chromium.org,bmeurer@chromium.org,jochen@chromium.org,hpayer@chromium.org,danno@chromium.org > (notry since trybots can't patch directory deletes) > NOTRY=true > > Review-Url: https://codereview.chromium.org/2684313003 > Cr-Commit-Position: refs/heads/master@{#43162} > Committed: https://chromium.googlesource.com/v8/v8/+/d170c57ab996d00c4665a9d865bd5754a1806c6c TBR=bmeurer@chromium.org,jochen@chromium.org,hpayer@chromium.org,danno@chromium.org,bradnelson@google.com,bbudge@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=v8:4124,5948 Review-Url: https://codereview.chromium.org/2692933002 Cr-Commit-Position: refs/heads/master@{#43164}
-
tebbi authored
R=bmeurer@chromium.org BUG= Review-Url: https://codereview.chromium.org/2680973013 Cr-Commit-Position: refs/heads/master@{#43163}
-
bbudge authored
LOG=Y BUG=v8:4124,5948 R=bradnelson@chromium.org,bmeurer@chromium.org,jochen@chromium.org,hpayer@chromium.org,danno@chromium.org (notry since trybots can't patch directory deletes) NOTRY=true Review-Url: https://codereview.chromium.org/2684313003 Cr-Commit-Position: refs/heads/master@{#43162}
-
Michael Achenbach authored
The environment variables for swarming shards are leaking into the gtest runs, which read them as well and in turn skip some tests. Now we make sure those environment variables aren't passed to the subprocesses. BUG=v8:5956 Change-Id: I9c93b1facc703a10a88e633074977743ccd24eb0 Reviewed-on: https://chromium-review.googlesource.com/441745Reviewed-by: Andrii Shyshkalov <tandrii@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#43161}
-
hpayer authored
BUG=chromium:673308,chromium:689555 Review-Url: https://codereview.chromium.org/2694763002 Cr-Commit-Position: refs/heads/master@{#43160}
-
hpayer authored
BUG=chromium:673308 Review-Url: https://codereview.chromium.org/2696563003 Cr-Commit-Position: refs/heads/master@{#43159}
-
Marja Hölttä authored
R=mstarzinger@chromium.org BUG=v8:5294 Change-Id: If2cdb4d38829e69ddd8aecb99c99c3a03050f57c Reviewed-on: https://chromium-review.googlesource.com/441824 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#43158}
-
Marja Hölttä authored
Test both cases where the interesting constructs occur at the laziness boundary and cases where they occur deeper. BUG=v8:5501 R=vogelheim@chromium.org Change-Id: I99e32cb0c829616011bf7d1f389a8d309b54d67e Reviewed-on: https://chromium-review.googlesource.com/441844Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#43157}
-
Marja Hölttä authored
BUG=v8:5950 NOTRY=true Change-Id: I735e9be997167aa9f7252ad592c0881f6f5f621d Reviewed-on: https://chromium-review.googlesource.com/441726Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#43156}
-
Michael Achenbach authored
BUG=chromium:691458 NOTRY=true TBR=tandrii@chromium.org Change-Id: I252f8624e18d54e0ba60800a2c4f3bf50c30c661 Reviewed-on: https://chromium-review.googlesource.com/441704Reviewed-by: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Andrii Shyshkalov <tandrii@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#43155}
-
Michael Achenbach authored
BUG=chromium:689886 Change-Id: I4fd0cacd8b1a2de6507a4f33dfa5a01df8a3b2bf Reviewed-on: https://chromium-review.googlesource.com/441725Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#43154}
-
Michael Achenbach authored
BUG=chromium:673246 NOTRY=true TBR=jarin@chromium.org,ahaas@chromium.org Change-Id: Ie2000f543e017dbef27c3faa49565fe838eddcee Reviewed-on: https://chromium-review.googlesource.com/441345Reviewed-by: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#43153}
-
bmeurer authored
The StringEqual builtin can now deal with ExternalOneByteStrings without going to the runtime. It still needs to go to the runtime if the external string is short, i.e. if the resource data pointer is not cached. R=yangguo@chromium.org BUG=v8:4913 Review-Url: https://codereview.chromium.org/2690853004 Cr-Commit-Position: refs/heads/master@{#43152}
-
vabr authored
The constructor for TypedArray in js/typedarray.js emitted kInvalidTypedArrayAlignment if the array offset exceeded the size of the underlying buffer. This seems like a typo introduced in https://codereview.chromium.org/2090353003. The error message to be emitted instead coincides with the already existing kInvalidDataViewOffset. The message string is independent of whether the object in question is a DataView or a typed array, so this CL: (1) renames kInvalidDataViewOffset to just kInvalidOffset, and (2) uses kInvalidOffset instead of kInvalidTypedArrayAlignment for cases when the TypedArray is constructed with an offset exceeding the buffer size. BUG=v8:5733 TEST=Run d8, execute "new Uint8Array(new ArrayBuffer(1),2)", see the error message mention the invalid offset 2. Review-Url: https://codereview.chromium.org/2692753002 Cr-Commit-Position: refs/heads/master@{#43151}
-
vabr authored
This CL fixes some nits in TypeError messages, unifying the form of kDefineDisallowed and kObjectNotExtensible to match what is used by the majority of the other messages: * "Cannot" vs. "Can't" -> choose "Cannot" * "property:%" -> "property %" * omit the full-stop at the end of the message BUG=v8:5673 Review-Url: https://codereview.chromium.org/2686233008 Cr-Commit-Position: refs/heads/master@{#43150}
-
Michael Starzinger authored
This adds support for deoptimizing into the JSConstructStub after the receiver instantiation but before the actual constructor invocation. Such a deoptimization point is needed for cases where instantiation might be observed (e.g. when new.target is a proxy) and hence might trigger a deopt. We use this new deoptimization point for the "after" frame-state the inliner attaches to {JSCreate} nodes being inserted when constructor calls are being inlined. R=jarin@chromium.org TEST=mjsunit/regress/regress-5638b BUG=v8:5638 Change-Id: I7c72c807ee8fb76d12e0e9ccab86d970ab1a0efd Reviewed-on: https://chromium-review.googlesource.com/440125Reviewed-by: Hannes Payer <hpayer@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#43149}
-
Leszek Swirski authored
Previously, accumulators and registers each had a single element cache, distinct from the local register cache. This meant that a) Dead accumulator state nodes were not re-used if the accumulator became live. b) Functions with only one parameter (the this object) or only one local register could not reuse the single-valued state value node of the accumulator. This patch introduces heavier re-use of state-value nodes, decreasing memory use when building the graph and decreasing the number of nodes created overall. Change-Id: Ie3cc6913483aab0819d99be382eb2cb42de8c3d2 Reviewed-on: https://chromium-review.googlesource.com/440926Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#43148}
-
Marja Hölttä authored
After this, only 2 illegal includes to objects-inl.h remain (some wasm stuff). R=mstarzinger@chromium.org BUG=v8:5294 Change-Id: I18682f42f0d2a7cc29a0a0be76f8e4eea26aafd9 Reviewed-on: https://chromium-review.googlesource.com/441744Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#43147}
-
clemensh authored
If exactly one byte in the upper half of the pushed 8-byte value is set, use a smaller code sequence to push this value on the stack. Before, we did movq r10,<constant> push r10 Now, we do push 0x0 movb [rsp+<offset>],<byte> The old sequence had 12 bytes, the new one has 7. Pushing such values is used a lot for stack frame markers, which are small numbers (1-17) encoded as SMIs. Review-Url: https://codereview.chromium.org/2685213004 Cr-Commit-Position: refs/heads/master@{#43146}
-
Michael Achenbach authored
BUG=chromium:673246 NOTRY=true TBR=marja@chromium.org Change-Id: If1fe4e886f03b3d6df57fb55df4db7efe7c625fa Reviewed-on: https://chromium-review.googlesource.com/441764Reviewed-by: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#43145}
-
adamk authored
R=neis@chromium.org Review-Url: https://codereview.chromium.org/2690723002 Cr-Commit-Position: refs/heads/master@{#43144}
-
bmeurer authored
This way it's possible to disable Assert() even in Debug builds via --nodebug-code. R=danno@chromium.org BUG=v8:5268 Review-Url: https://codereview.chromium.org/2690983002 Cr-Commit-Position: refs/heads/master@{#43143}
-
Marja Hölttä authored
(The bug below is fixed.) BUG=v8:5938 Change-Id: Ifa0213b1475b1f065238ffad77a03cdfdc49bd28 Reviewed-on: https://chromium-review.googlesource.com/441724Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#43142}
-
Jochen Eisinger authored
Windows won't create empty .lib files, and will subsequently fail to find the library other rules expect R=machenbach@chromium.org BUG= Change-Id: I8b848834a6957c2164f0eafc853587d39ccb6ca9 Reviewed-on: https://chromium-review.googlesource.com/440244Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Jochen Eisinger <jochen@chromium.org> Cr-Commit-Position: refs/heads/master@{#43141}
-
ahaas authored
NOTRY=true R=hablich@chromium.org Review-Url: https://codereview.chromium.org/2692443002 Cr-Original-Commit-Position: refs/heads/master@{#43138} Committed: https://chromium.googlesource.com/v8/v8/+/a3de4726c3c1ced8c85a221edb66a55a2ed2a04c Review-Url: https://codereview.chromium.org/2692443002 Cr-Commit-Position: refs/heads/master@{#43140}
-
ahaas authored
Revert of [fuzzer] Format README.md (patchset #2 id:20001 of https://codereview.chromium.org/2692443002/ ) Reason for revert: Found another mistake Original issue's description: > [fuzzer] Format README.md > > NOTRY=true > R=hablich@chromium.org > > Review-Url: https://codereview.chromium.org/2692443002 > Cr-Commit-Position: refs/heads/master@{#43138} > Committed: https://chromium.googlesource.com/v8/v8/+/a3de4726c3c1ced8c85a221edb66a55a2ed2a04c TBR=hablich@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true Review-Url: https://codereview.chromium.org/2693863002 Cr-Commit-Position: refs/heads/master@{#43139}
-
ahaas authored
NOTRY=true R=hablich@chromium.org Review-Url: https://codereview.chromium.org/2692443002 Cr-Commit-Position: refs/heads/master@{#43138}
-