- 27 Oct, 2015 3 commits
-
-
littledan authored
This patch adds a check in Array.prototype.push to assert that the new length does not become greater than 2**53-1. Such a length would be dangerous because integer arithmetic becomes imprecise after the boundary. The check is also required by a test262 test. R=adamk LOG=Y BUG=v8:3087 Review URL: https://codereview.chromium.org/1428483002 Cr-Commit-Position: refs/heads/master@{#31588}
-
adamk authored
- inner_scope_uses_arguments_ was completely unused - The public accessor for contains_with() was not called - inside_with() had helper methods on Parser and PatternRewriter, but was only called in one place. Review URL: https://codereview.chromium.org/1409253007 Cr-Commit-Position: refs/heads/master@{#31587}
-
ahaas authored
R=titzer@chromium.org Review URL: https://codereview.chromium.org/1423923003 Cr-Commit-Position: refs/heads/master@{#31586}
-
- 26 Oct, 2015 37 commits
-
-
Michael Achenbach authored
Cr-Commit-Position: refs/heads/master@{#31585}
-
rmcilroy authored
Adds support for loading from and storing to outer context variables. Also adds support for declaring functions on contexts and locals. Finally, fixes a couple of issues with StaContextSlot where we weren't emitting the write barrier and therefore would crash in the GC. Also added code so that --print-bytecode will output the function name before the bytecodes, and replaces MachineType with StoreRepresentation in RawMachineAssembler::Store and updates tests. BUG=v8:4280 LOG=N Review URL: https://codereview.chromium.org/1425633002 Cr-Commit-Position: refs/heads/master@{#31584}
-
mbrandy authored
Fix additional cases where the AIX compiler reports that a variable may be used uninitialized. R=danno@chromium.org, michael_dawson@ca.ibm.com BUG= Review URL: https://codereview.chromium.org/1420273006 Cr-Commit-Position: refs/heads/master@{#31583}
-
paul.lind authored
The upper 32-bits of the FP compare register are undefined in the float32 case. The compare instruction returns all 1's or all 0's, so just use the LS bit. Remove unnecessary use of 'at' reg. Change mips32 for consistency, but it did not have the bug. TEST=mjsunit/asm/embenchen/box2d (r6) BUG= Review URL: https://codereview.chromium.org/1425603002 Cr-Commit-Position: refs/heads/master@{#31582}
-
mtrofin authored
https://codereview.chromium.org/1412123009/ )" This reverts commit 5308a999. BUG=chromium:546416 LOG=N Review URL: https://codereview.chromium.org/1424653004 Cr-Commit-Position: refs/heads/master@{#31581}
-
cbruni authored
LOG=N BUG=v8:4026 Review URL: https://codereview.chromium.org/1416873008 Cr-Commit-Position: refs/heads/master@{#31580}
-
mbrandy authored
R=hpayer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com BUG=chromium:542823 LOG=n Review URL: https://codereview.chromium.org/1415143004 Cr-Commit-Position: refs/heads/master@{#31579}
-
jkummerow authored
along with follow-up fixes: - "introduce LookupIterator::Restart() and use it" - "always reset the LookupIterator before storing" - "API-style accessors can throw, check for that" Revert reason was fixed in Chromium: https://codereview.chromium.org/1415453003/ This reverts the following commits: 0188aead 984f8af8 dc9d2c16 a0f5d499 Review URL: https://codereview.chromium.org/1424503003 Cr-Commit-Position: refs/heads/master@{#31578}
-
bmeurer authored
Drive-by-fix: Move IC::GetRootConstructor to Map::GetConstructorFunction, so we can use that in the ICs, Crankshaft and Turbofan. R=jarin@chromium.org BUG=v8:4470 LOG=n Review URL: https://codereview.chromium.org/1416493007 Cr-Commit-Position: refs/heads/master@{#31577}
-
yangguo authored
R=bmeurer@chromium.org Committed: https://crrev.com/15f36b2b1e166a511966a9991fddea94f890a755 Cr-Commit-Position: refs/heads/master@{#31566} Review URL: https://codereview.chromium.org/1423833003 Cr-Commit-Position: refs/heads/master@{#31576}
-
rmcilroy authored
Adds support and tests for conditional (ternary) expressions. BUG=v8:4280 LOG=N Review URL: https://codereview.chromium.org/1417053004 Cr-Commit-Position: refs/heads/master@{#31575}
-
ofrobots authored
Revert of [heap] remove unneeded call to LowerInlineAllocationLimit (patchset #2 id:20001 of https://codereview.chromium.org/1390013002/ ) Reason for revert: Causes memory footprint regression: https://code.google.com/p/chromium/issues/detail?id=541135 The intent of the code here was to advance the inline allocation limit without counting the allocated memory towards a step. Calling LowerInlineAllocationLimit this way is a blunt way of doing it, but it works. At this point it is simplest to revert this CL. My follow-on CL (https://codereview.chromium.org/1404523002/) can address the 'bluntness' of calling LowerInlineAllocationLimit from here along with leaving a comment about the intent. revert_cq: 1 revert_reason_textarea: Causes memory footprint regression: https://code.google.com/p/chromium/issues/detail?id=541135 The intent of the code here was to advance the inline allocation limit without counting the allocated memory towards a step. Calling LowerInlineAllocationLimit this way is a blunt way of doing it, but it works. At this point it is simplest to revert this CL. My follow-on CL (https://codereview.chromium.org/1404523002/) can address the 'bluntness' of calling LowerInlineAllocationLimit from here along with leaving a comment about the intent. Original issue's description: > [heap] remove unneeded call to LowerInlineAllocationLimit > > Calling LowerInlineAllocationLimit from the bottom of Heap::Scavenge seems to be > a no-op. > > new_space_.LowerInlineAllocationLimit( > new_space_.inline_allocation_limit_step()); > > LowerInlineAllocatoinLimit does the following things: > > 1. Set the inline_allocation_limit_step_ to the passed in value. No-op. > 2. Calls UpdateInlineAllocationLimit(0). This is unnecessary here as it has > already been called when new_space_.ResetAllocationInfo was called above. > 3. Sets top_on_previous_step_. This again is unnecessary as it gets reached by > ResetAllocationInfo as well. > > BUG= > R=hpayer@chromium.org,ulan@chromium.org > > Committed: https://crrev.com/9f8e8b835a468b1622c5350a01a97bc32c5b2fb7 > Cr-Commit-Position: refs/heads/master@{#31156} TBR=hpayer@chromium.org,ulan@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=chromium:541135 LOG=n Review URL: https://codereview.chromium.org/1405043005 Cr-Commit-Position: refs/heads/master@{#31574}
-
neis authored
BUG= Review URL: https://codereview.chromium.org/1422973002 Cr-Commit-Position: refs/heads/master@{#31573}
-
mstarzinger authored
R=bmeurer@chromium.org TEST=mjsunit/tools/profviz BUG=v8:4493 LOG=n Review URL: https://codereview.chromium.org/1419333003 Cr-Commit-Position: refs/heads/master@{#31572}
-
machenbach authored
Revert of Assume that ReportFailedAccessCheck always schedules an exception. (patchset #1 id:1 of https://codereview.chromium.org/1420413002/ ) Reason for revert: [Sheriff] Crashes in layout tests: http://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/2539 # # Fatal error in , line 0 # unreachable code # Original issue's description: > Assume that ReportFailedAccessCheck always schedules an exception. > > R=verwaest@chromium.org > BUG= > > Committed: https://crrev.com/effe76ad25c23bfd8be447930bd5d5126b1c9096 > Cr-Commit-Position: refs/heads/master@{#31560} TBR=verwaest@chromium.org,neis@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG= Review URL: https://codereview.chromium.org/1424703002 Cr-Commit-Position: refs/heads/master@{#31571}
-
yangguo authored
Revert of Canonicalize handles for optimized compilation. (patchset #1 id:1 of https://codereview.chromium.org/1423833003/ ) Reason for revert: GC stress failure on ia32 optdebug: /tmp/runfswAKT/out/Debug/d8 --test --random-seed=-1536184370 --turbo --always-opt --nohard-abort --nodead-code-elimination --nofold-constants --enable-slow-asserts --debug-code --verify-heap --stack-size=46 /tmp/runfswAKT/test/mjsunit/mjsunit.js /tmp/runfswAKT/test/mjsunit/regress/regress-1132.js --gc-interval=500 --stress-compaction --concurrent-recompilation-queue-length=64 --concurrent-recompilation-delay=500 --concurrent-recompilation Run #1 Exit code: -6 Result: FAIL Expected outcomes: PASS Duration: 00:06:279 Stderr: # # Fatal error in ../../src/hashmap.h, line 248 # Check failed: base::bits::IsPowerOfTwo32(capacity_). # ==== C stack trace =============================== Original issue's description: > Canonicalize handles for optimized compilation. > > R=bmeurer@chromium.org > > Committed: https://crrev.com/15f36b2b1e166a511966a9991fddea94f890a755 > Cr-Commit-Position: refs/heads/master@{#31566} TBR=jochen@chromium.org,bmeurer@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true Review URL: https://codereview.chromium.org/1417013007 Cr-Commit-Position: refs/heads/master@{#31570}
-
mstarzinger authored
R=mvstanton@chromium.org Review URL: https://codereview.chromium.org/1425643002 Cr-Commit-Position: refs/heads/master@{#31569}
-
bmeurer authored
Turn the DCHECK in the Typer into a CHECK, and don't silently continue in production. This way we know that we will always make progress towards the fixpoint. R=jarin@chromium.org, rossberg@chromium.org Review URL: https://codereview.chromium.org/1422893003 Cr-Commit-Position: refs/heads/master@{#31568}
-
bmeurer authored
Introduce new typing rules for LoadField[Map], which try to take into account stable map information if the object either has type Constant or type Class. If the map of the object is stable but can transition we have to introduce a code dependency in the Typer to make sure that the information (the Constant type we infer for LoadField[Map]) is valid (and stays valid). This also settles the policy for depending on map stability: The definition can introduce any number of maps, without having to pay attention to stability (i.e. you can always use Type::Class to introduce a map that is propagated along the value edges), and the use site is responsible for checking that the type information is valid before using it. I.e. if you use stable map information, you'll have to add a stability dependency (or make sure the map cannot transition). Drive-by-improvement: Add ReferenceEqualTyper which takes input types into account for improved constant folding. Drive-by-fix: Apply policy mentioned above to JSNativeContextSpecialization. R=jarin@chromium.org, rossberg@chromium.org BUG=v8:4470 LOG=n Review URL: https://codereview.chromium.org/1410953006 Cr-Commit-Position: refs/heads/master@{#31567}
-
yangguo authored
R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/1423833003 Cr-Commit-Position: refs/heads/master@{#31566}
-
mstarzinger authored
From the Google C++ style guide: "You may not use a using-directive to make all names from a namespace available". This would be covered by presubmit linter checks if build/namespaces were not blacklisted. R=bmeurer@chromium.org Review URL: https://codereview.chromium.org/1410073004 Cr-Commit-Position: refs/heads/master@{#31565}
-
yangguo authored
R=rmcilroy@chromium.org Review URL: https://codereview.chromium.org/1415253006 Cr-Commit-Position: refs/heads/master@{#31564}
-
jochen authored
Because that's what it actually does R=verwaest@chromium.org BUG=none LOG=n Review URL: https://codereview.chromium.org/1410073005 Cr-Commit-Position: refs/heads/master@{#31563}
-
mvstanton authored
BUG= Review URL: https://codereview.chromium.org/1420933004 Cr-Commit-Position: refs/heads/master@{#31562}
-
jarin authored
Review URL: https://codereview.chromium.org/1414223004 Cr-Commit-Position: refs/heads/master@{#31561}
-
neis authored
R=verwaest@chromium.org BUG= Review URL: https://codereview.chromium.org/1420413002 Cr-Commit-Position: refs/heads/master@{#31560}
-
verwaest authored
Revert of Ignore test failure for mjsunit/for-in-opt in gc stress. (patchset #1 id:1 of https://codereview.chromium.org/1295513004/ ) Reason for revert: This test should work. Original issue's description: > Ignore test failure for mjsunit/for-in-opt in gc stress. > > TBR=hablich@chromium.org > BUG=v8:4381 > > Committed: https://crrev.com/22cf0b591968b7b305094d386d6b10e6c0e723cc > Cr-Commit-Position: refs/heads/master@{#30245} TBR=hablich@chromium.org,yangguo@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=v8:4381 LOG=n Review URL: https://codereview.chromium.org/1419823009 Cr-Commit-Position: refs/heads/master@{#31559}
-
mstarzinger authored
This fixes the representation type for values in JSArray::length fields when JSNativeContextSpecialization lowers loads. Only arrays with fast elements kind are guaranteed to have a Smi represented length. R=bmeurer@chromium.org TEST=mjsunit/regress/regress-4515 BUG=v8:4515, v8:4493, v8:4470 LOG=n Review URL: https://codereview.chromium.org/1410393006 Cr-Commit-Position: refs/heads/master@{#31558}
-
cbruni authored
LOG=N BUG=chromium:545503 Review URL: https://codereview.chromium.org/1409073005 Cr-Commit-Position: refs/heads/master@{#31557}
-
verwaest authored
BUG=v8:4460 LOG=n Review URL: https://codereview.chromium.org/1419823008 Cr-Commit-Position: refs/heads/master@{#31556}
-
jochen authored
The data field is passed to the failed access check callback which blink depends on. BUG=none R=verwaest@chromium.org LOG=n Review URL: https://codereview.chromium.org/1427443002 Cr-Commit-Position: refs/heads/master@{#31555}
-
ulan authored
the memory reducer is enabled. BUG= Review URL: https://codereview.chromium.org/1419393002 Cr-Commit-Position: refs/heads/master@{#31554}
-
bmeurer authored
Currently we (mostly) infer FunctionType for JSFunction constants, and match the FunctionType in the typing rule for JSCallFunction. This has several drawbacks for JavaScript, especially we don't have Constant types for global functions (i.e. String, Object, Reflect and friends). Plus the FunctionType magic doesn't actually buy us anything. So this changes the typing rule for HeapConstant constant to actually infer Constant types for JSFunction objects and moves the recognition of builtin functions to the typing rule for JSCallFunction. Also adapts the specialized lowering in JSTypedLowering to Constant functions instead of FunctionType, which has the additional advantage that we can do the receiver wrapping/converting based on the (known) SharedFunctionInfo. R=jarin@chromium.org Review URL: https://codereview.chromium.org/1420093005 Cr-Commit-Position: refs/heads/master@{#31553}
-
chunyang.dai authored
The reason is when native_context_specialization flag is ture, X87 turbofan will hit the known issue that X87 will change a sNaN to qNaN by default. And then it will fail when bit-comparing the source (sNaN) and the result (qNaN). reland https://codereview.chromium.org/1414733004/. BUG= Review URL: https://codereview.chromium.org/1419573007 Cr-Commit-Position: refs/heads/master@{#31552}
-
Michael Achenbach authored
Cr-Commit-Position: refs/heads/master@{#31551}
-
mstarzinger authored
This lowers JSCreateArguments nodes within inline (i.e. non-outermost) frames that create "unmapped arguments objects" to inline allocations. The arguments count as well as each value is statically known and can be directly stored into the arguments object. Note that the object is still context-dependent and the map is loaded from the current context. The object size is not taken into account for now, we might want to limit it later though to keep code size bounded. R=jarin@chromium.org Review URL: https://codereview.chromium.org/1412113004 Cr-Commit-Position: refs/heads/master@{#31550}
-
hablich authored
LOG=N NOTRY=true R=machenbach@chromium.org Review URL: https://codereview.chromium.org/1420833004 Cr-Commit-Position: refs/heads/master@{#31549}
-