- 31 Oct, 2018 38 commits
-
-
Frank Tang authored
Bug: v8:8387 Change-Id: Ifd640603febddd32a778167bbce84e96539ac9c2 Reviewed-on: https://chromium-review.googlesource.com/c/1311373Reviewed-by: Mathias Bynens <mathias@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/master@{#57190}
-
Tobias Tebbi authored
Bug: chromium:899029 Change-Id: I0fc724d5c77e5cbf2580de53f48934ae6f968934 Reviewed-on: https://chromium-review.googlesource.com/c/1310196Reviewed-by: Mathias Bynens <mathias@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#57189}
-
Frank Tang authored
The Intl.RelativeTimeFormat.prototype.formatToParts does not correctly implement the spec. Change the implementation by refactoring the JSNumber::FormatToParts and delegate part of the JSRelativeTimeFormat::FormatToParts to call the new refactored function. Bug: v8:8382 Change-Id: Ie153aa256ca78ce71c92efcdad55262564349ca9 Reviewed-on: https://chromium-review.googlesource.com/c/1305936 Commit-Queue: Frank Tang <ftang@chromium.org> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#57188}
-
Junliang Yan authored
R=joransiu@ca.ibm.com Change-Id: I7d8f430df2f1f35145df7ba2326b3149d3193a60 Reviewed-on: https://chromium-review.googlesource.com/c/1297487 Commit-Queue: Junliang Yan <jyan@ca.ibm.com> Reviewed-by: Joran Siu <joransiu@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#57187}
-
Toon Verwaest authored
Bug: chromium:900585 Change-Id: I2f6045ce23af9a15baddc73127b0c4e3e514841c Reviewed-on: https://chromium-review.googlesource.com/c/1310294 Commit-Queue: Maya Lekova <mslekova@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#57186}
-
Yang Guo authored
This reverts commit 5f9b9b99. Reason for revert: not longer necessary. Original change's description: > [tools] Temporarily make Node.js bot experimental > > R=sergiyb@chromium.org,yangguo@chromium.org > NOTRY=true > > Bug: v8:8397 > Change-Id: I528642fe0cf023fab7d653e9370a0d5a39a6bbb4 > Reviewed-on: https://chromium-review.googlesource.com/c/1310198 > Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org> > Commit-Queue: Maya Lekova <mslekova@chromium.org> > Cr-Commit-Position: refs/heads/master@{#57179} TBR=yangguo@chromium.org,sergiyb@chromium.org,mslekova@chromium.org Change-Id: Iaa14f5358f925313a450916c5caaa355b00e07be No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:8397 Reviewed-on: https://chromium-review.googlesource.com/c/1310873Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#57185}
-
Daniel Clifford authored
This is a reland of 0f15ed05 Original change's description: > [torque]: Implement catch handlers for try blocks > > In addition (and in combination), try statements now support "catch" > clauses at the end that catch JavaScript exceptions throw by any builtin > or runtime function contained in the try block: > > try { > ThrowTypeError(context, ...); > } > catch (e) { > // e has type Object > } > > Bug: v8:7793 > Change-Id: Ie285ff888c49c112276240f7360f70c8b540ed19 > Reviewed-on: https://chromium-review.googlesource.com/c/1302055 > Commit-Queue: Daniel Clifford <danno@chromium.org> > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Cr-Commit-Position: refs/heads/master@{#57169} Bug: v8:7793 Change-Id: I3c4182303acfdfa625654976bec372cf531d954f Reviewed-on: https://chromium-review.googlesource.com/c/1310295Reviewed-by: Maya Lekova <mslekova@chromium.org> Reviewed-by: Daniel Clifford <danno@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#57184}
-
Toon Verwaest authored
Change-Id: I44ac330e093a4cbca4540a1948c9365c08f73914 Reviewed-on: https://chromium-review.googlesource.com/c/1310293Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#57183}
-
Toon Verwaest authored
We'd flatten upon compile anyway; and hashing the cons string also creates a local flattened version that's not cached. Change-Id: Ib5c82385ab009464b45bf1ceb289d04caaa77fcf Reviewed-on: https://chromium-review.googlesource.com/c/1309827Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#57182}
-
Alexey Kozyatinskiy authored
- introduced ValueMirror interface, this interface contains methods to generate different protocol entities, - introduced DebugPropertyIterator, this iterator iterates through object properties in the following order: exotic indices, enumerable strings, all other properties, - removed all injected script infra, e.g. closure compiler, R=dgozman@chromium.org TBR=yangguo@chromium.org Bug: chromium:595206 Change-Id: I030fdb3a80074ca6edd4749f86b39b590776ae6f Reviewed-on: https://chromium-review.googlesource.com/c/1310056Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> Cr-Commit-Position: refs/heads/master@{#57181}
-
Alexei Filippov authored
JSON format does not support \xNN encoding. Use \uNNNN instead. + Add myself to the src/tracing/OWNERS BUG=chromium:895974 Change-Id: I410a09d44af08b61837579fa09d263d897b9385e Reviewed-on: https://chromium-review.googlesource.com/c/1303535Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Dmitry Gozman <dgozman@chromium.org> Commit-Queue: Alexei Filippov <alph@chromium.org> Cr-Commit-Position: refs/heads/master@{#57180}
-
Maya Lekova authored
R=sergiyb@chromium.org,yangguo@chromium.org NOTRY=true Bug: v8:8397 Change-Id: I528642fe0cf023fab7d653e9370a0d5a39a6bbb4 Reviewed-on: https://chromium-review.googlesource.com/c/1310198Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#57179}
-
Michael Achenbach authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/49671d3..277ad43 Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/36a23a7..5e1c1c2 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/cb629a4..f170af4 Rolling v8/third_party/icu: https://chromium.googlesource.com/chromium/deps/icu/+log/b029971..42d5027 Rolling v8/third_party/instrumented_libraries: https://chromium.googlesource.com/chromium/src/third_party/instrumented_libraries/+log/a90cbf3..a959e4f TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org Change-Id: I951bed28ed3181406ceab213cee37c473a7c0c7f Reviewed-on: https://chromium-review.googlesource.com/c/1309294Reviewed-by: Michael Achenbach <machenbach@chromium.org> Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org> Cr-Commit-Position: refs/heads/master@{#57178}
-
Maya Lekova authored
This reverts commit 0f15ed05. Reason for revert: Braking Node.js integration, see https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux64%20-%20node.js%20integration/3917 Original change's description: > [torque]: Implement catch handlers for try blocks > > In addition (and in combination), try statements now support "catch" > clauses at the end that catch JavaScript exceptions throw by any builtin > or runtime function contained in the try block: > > try { > ThrowTypeError(context, ...); > } > catch (e) { > // e has type Object > } > > Bug: v8:7793 > Change-Id: Ie285ff888c49c112276240f7360f70c8b540ed19 > Reviewed-on: https://chromium-review.googlesource.com/c/1302055 > Commit-Queue: Daniel Clifford <danno@chromium.org> > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Cr-Commit-Position: refs/heads/master@{#57169} TBR=danno@chromium.org,mstarzinger@chromium.org,tebbi@chromium.org Change-Id: Ib9e3155ef46cc46851c4ca8a2624fd7634238e13 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:7793 Reviewed-on: https://chromium-review.googlesource.com/c/1310197Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#57177}
-
Aleksey Kozyatinskiy authored
This reverts commit 7e079c66. Reason for revert: native implementation should be ready for navigation. Original change's description: > inspector: move injected script source to native > > - introduced ValueMirror interface, this interface contains methods to generate > different protocol entities, > - introduced DebugPropertyIterator, this iterator iterates through object properties > in the following order: exotic indices, enumerable strings, all other properties, > - removed all injected script infra, e.g. closure compiler, > > R=dgozman@chromium.org > TBR=yangguo@chromium.org > > Bug: chromium:595206 > Change-Id: Idcfc04489ee52e015ad1d1d191c3474cc65e63f2 > Reviewed-on: https://chromium-review.googlesource.com/c/1308353 > Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> > Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> > Cr-Commit-Position: refs/heads/master@{#57150} TBR=dgozman@chromium.org,yangguo@chromium.org,kozyatinskiy@chromium.org Change-Id: I8c5c61f4cfe5a66cd33eadd02ab4acec539cc3bb No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:595206 Reviewed-on: https://chromium-review.googlesource.com/c/1310055Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> Cr-Commit-Position: refs/heads/master@{#57176}
-
Maya Lekova authored
This reverts commit fd22cfc8. Reason for revert: Breaking MSAN build, see https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/23602 Original change's description: > [parser] Remove RETURN_IF* part 16 > > Bug: v8:8363, v8:7926 > Change-Id: I9f0b9e25cf6b47c8ff32451880e348b92ab3cfaa > Reviewed-on: https://chromium-review.googlesource.com/c/1309760 > Commit-Queue: Toon Verwaest <verwaest@chromium.org> > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Cr-Commit-Position: refs/heads/master@{#57172} TBR=ishell@chromium.org,verwaest@chromium.org Change-Id: Ic03a669c1a9598c7bd5ca186d783987e91dca5b5 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:8363, v8:7926 Reviewed-on: https://chromium-review.googlesource.com/c/1309828Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#57175}
-
Maya Lekova authored
This reverts commit 93927279. Reason for revert: Speculative revert, seems the most probable cause of https://bugs.chromium.org/p/v8/issues/detail?id=8396 Revert "[ubsan] More Object** replacements" This reverts commit 5cce694d. Speculative revert. NOTRY=true Bug: v8:8396 Change-Id: I9c2866a9db707cd03e4cf90822acde20813cebf0 Reviewed-on: https://chromium-review.googlesource.com/c/1309761 Commit-Queue: Maya Lekova <mslekova@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#57174}
-
Georg Neis authored
The slow path in Runtime_ArrayIndexOf allocates handles in each iteration over the input object. This CL gives each iteration its own handle scope in order to avoid consuming more and more memory the longer the loop runs. This can be observed e.g. by executing console.log(new Proxy(new Array(2**30), {}).indexOf(42)) which used to run out of memory on my machine. Bug: v8:8386 Change-Id: Idab98ef7e1e4047c21c1dc0e01ba2d3d363c1f09 Reviewed-on: https://chromium-review.googlesource.com/c/1309759 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#57173}
-
Toon Verwaest authored
Bug: v8:8363, v8:7926 Change-Id: I9f0b9e25cf6b47c8ff32451880e348b92ab3cfaa Reviewed-on: https://chromium-review.googlesource.com/c/1309760 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#57172}
-
Jakob Gruber authored
This addresses comments remaining from https://crrev.com/c/1301512 Bug: v8:8238 Change-Id: Ia7687d65e90f061bb3bb87c37b84ec5559083816 Reviewed-on: https://chromium-review.googlesource.com/c/1309819Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#57171}
-
Toon Verwaest authored
Bug: v8:7926 Change-Id: I012b5bbf25b7aa4cbef64cce302c8ae971589663 Reviewed-on: https://chromium-review.googlesource.com/c/1309758Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#57170}
-
Daniel Clifford authored
In addition (and in combination), try statements now support "catch" clauses at the end that catch JavaScript exceptions throw by any builtin or runtime function contained in the try block: try { ThrowTypeError(context, ...); } catch (e) { // e has type Object } Bug: v8:7793 Change-Id: Ie285ff888c49c112276240f7360f70c8b540ed19 Reviewed-on: https://chromium-review.googlesource.com/c/1302055 Commit-Queue: Daniel Clifford <danno@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#57169}
-
Toon Verwaest authored
Bug: v8:7926 Change-Id: Icbdd05b799afd26a8eaaa67905516d82f4b1d2bd Reviewed-on: https://chromium-review.googlesource.com/c/1309815 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#57168}
-
Clemens Hammacher authored
R=titzer@chromium.org Bug: v8:6600 Change-Id: Ib926c068b468df6fcbaab9ef4734e9cd90ba553c Reviewed-on: https://chromium-review.googlesource.com/c/1309814Reviewed-by: Ben Titzer <titzer@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#57167}
-
Toon Verwaest authored
Bug: v8:8363, v8:7926 Change-Id: I227febcb3aafb56e1c5138650b6639ddeb883b52 Reviewed-on: https://chromium-review.googlesource.com/c/1309813Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#57166}
-
Clemens Hammacher authored
Move code logging out of the finisher task. Schedule a separate task for logging, but only if logging is actually enabled. R=mstarzinger@chromium.org Bug: v8:7921 Change-Id: Ib2c7db22c87e60e204096df3e8ef5b354802984f Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng Reviewed-on: https://chromium-review.googlesource.com/c/1308113 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#57165}
-
Sigurd Schneider authored
Notry: true Change-Id: Ia3cb4872703a6d1e5f6d0007a5e59afcd743907d Bug: v8:7327 Reviewed-on: https://chromium-review.googlesource.com/c/1309754Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#57164}
-
Sigurd Schneider authored
You can now serve the page locally by running npm i npm run-script build npm run-script dev-server Notry: true Change-Id: Iefe8459a8c53445570ecfed4cc843a4e8ed9c42d Bug: v8:7327 Reviewed-on: https://chromium-review.googlesource.com/c/1309753Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#57163}
-
Toon Verwaest authored
This allows the compiler to generate slightly better code and actually reduces binary size a little. Bug: v8:7926 Change-Id: Ib43ff1508ab85b5ffabfa4338d4f0ebacb7eac0c Reviewed-on: https://chromium-review.googlesource.com/c/1309637 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#57162}
-
Toon Verwaest authored
Bug: v8:8363, v8:7926 Change-Id: Ibecb5c8df0703249207c1541ae42e60dd9f50d80 Reviewed-on: https://chromium-review.googlesource.com/c/1309635 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#57161}
-
Jakob Gruber authored
Now that lazy deserialization has been removed, we can roll back all the mechanisms we introduced to support lazy single-builtin deserialization. This CL moves serialized builtin code objects (i.e. off-heap-trampolines in most cases) back into the startup snapshot. Support classes for builtin serialization and deserialization, as well as the builtins snapshot itself are removed. Templatization on the allocator class is removed as well. Tbr: delphick@chromium.org Bug: v8:6666, v8:7990 Change-Id: I2a910f8d3278b7e27b5f18ad408361ebd18871cc Reviewed-on: https://chromium-review.googlesource.com/c/1304539Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#57160}
-
Jakob Gruber authored
Obvious in hindsight. The problem wasn't that a signaling nan snuck into the array, but that equality comparisons always return false if either operand is a nan. Bug: chromium:900133 Change-Id: I9cf82afd1ad1fcc3bf7138b612f615b1bd51b98a Reviewed-on: https://chromium-review.googlesource.com/c/1309634Reviewed-by: Peter Marshall <petermarshall@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#57159}
-
Toon Verwaest authored
Bug: chromium:900383, v8:8363, v8:7926 Change-Id: I6e3e38ee4cc986757926ef745d2e35865ba797a1 Reviewed-on: https://chromium-review.googlesource.com/c/1309633Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#57158}
-
Sigurd Schneider authored
CanCover is not transitive. The counter example are Nodes A,B,C such that CanCover(A, B) and CanCover(B,C) and B is pure. In this case the effect level of A and B might differ. This CL adds a missing CanCover check to a case of shift reduction where we assumed transitivity. Change-Id: I9f368ffa6907d2af21bbc87b3e6570d0d422e125 Bug: v8:8384 Reviewed-on: https://chromium-review.googlesource.com/c/1307419 Commit-Queue: Sigurd Schneider <sigurds@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#57157}
-
Mathias Bynens authored
This patch adds a micro-benchmark comparing Array#indexOf, Array#includes, and a roughly equivalent `for` loop. The benchmark can be used to measure any Array#{indexOf,includes} optimizations we implement in the future. Test: tools/run_perf.py --binary-override-path=out/x64.release/d8 \ --filter=JSTests/ArrayIndexOfIncludesPolymorphic \ --extra-flags=--trace-turbo test/js-perf-test/JSTests.json Bug: v8:8388 Change-Id: I9150d3e56e9d4cb2ffe6baa50ee8cddf8df0ac74 Reviewed-on: https://chromium-review.googlesource.com/c/1307430Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Mathias Bynens <mathias@chromium.org> Cr-Commit-Position: refs/heads/master@{#57156}
-
Yang Guo authored
TBR=petermarshall@chromium.org Bug: v8:8385 Change-Id: Iba13004e0fd03a82cb65ed497d4bd2b4d006b424 Reviewed-on: https://chromium-review.googlesource.com/c/1307417Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#57155}
-
Jakob Kummerow authored
mostly in HandleScopeImplementer and related classes. Bug: v8:3770 Change-Id: I9da757c60be99434b711fe74a5f5d296a0f08b22 Reviewed-on: https://chromium-review.googlesource.com/c/1300854 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#57154}
-
Jakob Kummerow authored
as part of the continuing quest to get rid of Object*/Object** entirely. Since it fits nicely, this CL as a bonus includes the planned change to make Handle::location() return an Address*, in the process dropping the temporarily needed duplicate Handle::location_as_address_ptr(). Bug: v8:3770 Change-Id: I87480289ce2a62ea1ae503e73d179256b7108c5c Reviewed-on: https://chromium-review.googlesource.com/c/1298389Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#57153}
-
- 30 Oct, 2018 2 commits
-
-
Junliang Yan authored
Port 15c31fe4 Original Commit Message: This introduces Word64 support for the CheckBounds operator, which now lowers to either CheckedUint32Bounds or CheckedUint64Bounds after the representation selection. The right hand side of CheckBounds can now be any positive safe integer on 64-bit architectures, whereas it remains Unsigned31 for 32-bit architectures. We only use the extended Word64 support when the right hand side is outside the Unsigned31 range, so for everything except DataViews this means that the performance should remain the same. The typing rule for the CheckBounds operator was updated to reflect this new behavior. The CheckBounds with a right hand side outside the Unsigned31 range will pass a new Signed64 feedback kind, which is handled with newly introduced CheckedFloat64ToInt64 and CheckedTaggedToInt64 operators in representation selection. The JSCallReducer lowering for DataView getType()/setType() methods was updated to not smi-check the [[ByteLength]] and [[ByteOffset]] anymore, but instead just use the raw uintptr_t values and operate on any value (for 64-bit architectures these fields can hold any positive safe integer, for 32-bit architectures it's limited to Unsigned31 range as before). This means that V8 can now handle huge DataViews fully, without falling off a performance cliff. This refactoring even gave us some performance improvements, on a simple micro-benchmark just exercising different DataView accesses we go from testDataViewGetUint8: 796 ms. testDataViewGetUint16: 997 ms. testDataViewGetInt32: 994 ms. testDataViewGetFloat64: 997 ms. to testDataViewGetUint8: 895 ms. testDataViewGetUint16: 889 ms. testDataViewGetInt32: 888 ms. testDataViewGetFloat64: 890 ms. meaning we lost around 10% on the single byte case, but gained 10% across the board for all the other element sizes. R=bmeurer@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com BUG= LOG=N Change-Id: Ia86089ca9ccc75405aa13600b031c72bac0279dd Reviewed-on: https://chromium-review.googlesource.com/c/1305035Reviewed-by: Joran Siu <joransiu@ca.ibm.com> Commit-Queue: Junliang Yan <jyan@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#57152}
-
Frank Tang authored
Bug: v8:7834 Change-Id: I2016b8d5e561546ec2f9b81d24c75bff0b950367 Reviewed-on: https://chromium-review.googlesource.com/c/1306896 Commit-Queue: Frank Tang <ftang@chromium.org> Reviewed-by: Mathias Bynens <mathias@chromium.org> Cr-Commit-Position: refs/heads/master@{#57151}
-