- 10 Oct, 2017 19 commits
-
-
Eric Holk authored
This is primarily needed to test D8 under ASan. ASan installs a signal handler early in the process startup to show stack traces from crashes. We need to make sure that if V8 does not handle a signal then the existing handler gets a chance. This change only applies when using V8's default signal handler. When integrating with the embedder's signal handler the behavior is unchanged. Bug: chromium:771948 Change-Id: Ifd560acf9700ec5f714f009530258fa92c83cabe Reviewed-on: https://chromium-review.googlesource.com/705823Reviewed-by:
Deepti Gandluri <gdeepti@chromium.org> Commit-Queue: Eric Holk <eholk@chromium.org> Cr-Commit-Position: refs/heads/master@{#48429}
-
Sergiy Byelozyorov authored
TBR=machenbach@chromium.org Bug: chromium:769910 No-Try: true No-Tree-Checks: true Change-Id: I541d09bc20aa797b8360362eba12bd00c2148bc2 Reviewed-on: https://chromium-review.googlesource.com/708801 Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org> Reviewed-by:
Sergiy Byelozyorov <sergiyb@chromium.org> Cr-Commit-Position: refs/heads/master@{#48428}
-
jgruber authored
kScratchRegister is not guaranteed to be preserved across calls to RecordWriteField. Bug: v8:6844 Change-Id: I65377852807f52be821be4d5911b07886102c5ee Reviewed-on: https://chromium-review.googlesource.com/709114Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#48427}
-
jgruber authored
The specced semantics of GetSubstitution are expected to change in the case of malformed named references, or named references to nonexistent named groups. The former will evaluate to the identity replacement of '$<', while the latter will result in replacement by the empty string. See also: https://github.com/tc39/proposal-regexp-named-groups/issues/29 Bug: v8:5437, v8:6912 Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng Change-Id: I879288f775774cb0ec563f9d9129a99710efb77c Reviewed-on: https://chromium-review.googlesource.com/708654 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#48426}
-
Andreas Haas authored
R=titzer@chromium.org Change-Id: Ie65c03347b0619a107bc06725ce587e0270fa9a1 Reviewed-on: https://chromium-review.googlesource.com/707102 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by:
Clemens Hammacher <clemensh@chromium.org> Reviewed-by:
Ben Titzer <titzer@chromium.org> Cr-Commit-Position: refs/heads/master@{#48425}
-
Michael Lippautz authored
When hitting objects that are allocated in the most recent lienar allocation area, the concurrent marker currently has to bail out to the main thread. However, we only have to delay processing those objects until we are at a safepoint, e.g. IM::Step(). With this change we flush those on-hold-objects back to the shared queue upon performing an incremental marking step. Bug: chromium:694255 Change-Id: I25647d0fc581a5c4de0346bc394dc51062f65f70 Reviewed-on: https://chromium-review.googlesource.com/707315 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
-
Caitlin Potter authored
Previously, JS_ASYNC_GENERATOR_OBJECT_TYPE maps led to an UNREACHABLE macro, but are now restored like ordinary JSGeneratorObjects. BUG=chromium:772649, v8:5855 R=adamk@chromium.org, yangguo@chromium.org, verwaest@chromium.org Change-Id: I02e101565625f8a057d0e5b242a5fe0df263df89 Reviewed-on: https://chromium-review.googlesource.com/706780 Commit-Queue: Caitlin Potter <caitp@igalia.com> Reviewed-by:
Jaroslav Sevcik <jarin@chromium.org> Reviewed-by:
-
Yang Guo authored
Bug: v8:6867 TBR=ofrobots@google.com Change-Id: I0eaebe04863f4cc9152655fedbeb67225a4d8103 Reviewed-on: https://chromium-review.googlesource.com/691722Reviewed-by:
Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#48422}
-
Anna Henningsen authored
In Debug mode, V8 disallows executing JavaScript during `ScriptCompiler::CompileUnbound()` calls. This restriction makes sense during compilation, but not really for the post-compile notification, and currently at least one Node.js test (`test/inspector/test-contexts.js`) fails because of this in debug mode. Bug: Change-Id: I930b5f06083c0e87f1613414da3dfe2bcdf0f386 Reviewed-on: https://chromium-review.googlesource.com/706943Reviewed-by:
-
Clemens Hammacher authored
This reverts commit 7c80f9ce. Reason for revert: arm64 msan failures: https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/builds/17455/steps/Check/logs/copy_slots_up Original change's description: > [arm64] Add slot copier to masm and use in builtins > > Abstract some stack slot copies through a macro assembler function. This > eliminates some non-paired stack operations. > > This is a reland of 1cc93be0 with > additional tests, originally reviewed on > https://chromium-review.googlesource.com/685238 and reverted due to an > unrelated intermittent x64 failure. > > Bug: v8:6644 > Change-Id: If22b359dbda4bab1cb83cd8c44a2af5801012c37 > Reviewed-on: https://chromium-review.googlesource.com/707247 > Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> > Commit-Queue: Martyn Capewell <martyn.capewell@arm.com> > Cr-Commit-Position: refs/heads/master@{#48419} TBR=rmcilroy@chromium.org,martyn.capewell@arm.com,bmeurer@chromium.org Change-Id: I8a8aeff89b6995d5fffaab1f2e4e45f478c28bed No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:6644 Reviewed-on: https://chromium-review.googlesource.com/708814Reviewed-by:
-
Martyn Capewell authored
Abstract some stack slot copies through a macro assembler function. This eliminates some non-paired stack operations. This is a reland of 1cc93be0 with additional tests, originally reviewed on https://chromium-review.googlesource.com/685238 and reverted due to an unrelated intermittent x64 failure. Bug: v8:6644 Change-Id: If22b359dbda4bab1cb83cd8c44a2af5801012c37 Reviewed-on: https://chromium-review.googlesource.com/707247Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Martyn Capewell <martyn.capewell@arm.com> Cr-Commit-Position: refs/heads/master@{#48419}
-
Camillo Bruni authored
Bug: v8:6211 Change-Id: Ie838cf118679e12483689e2c223e7ecc8335db18 Reviewed-on: https://chromium-review.googlesource.com/662759Reviewed-by:
Marja Hölttä <marja@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#48418}
-
Georg Neis authored
R=jkummerow@chromium.org Bug: v8:6791 Change-Id: I9bbb4c6b9b387fa0cd29fa24058ae807157f40de Reviewed-on: https://chromium-review.googlesource.com/707004 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#48417}
-
Michael Lippautz authored
Bug: Change-Id: I1bb6c6e3853317851544ca9f4eba1df76a147bfb Reviewed-on: https://chromium-review.googlesource.com/707317Reviewed-by:
-
Michael Starzinger authored
This makes sure that frames representing builtin stub continuations not only materialize all stack slots, but also spilled register values. Note that this also applies when the stub frame is not the top-most frame. R=jarin@chromium.org TEST=mjsunit/regress/regress-6907 BUG=v8:6907 Change-Id: I01a2edf5629de6aac61ceea350d1ab5f91dc2dc1 Reviewed-on: https://chromium-review.googlesource.com/707245Reviewed-by:
-
Michael Achenbach authored
The new deopt stress is implemented for x64 only. NOTRY=true TBR=sergiyb@chromium.org Bug: v8:6900 Change-Id: I542cb89de643c477875893f6b0b73ced44108b9e Reviewed-on: https://chromium-review.googlesource.com/708259 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by:
Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#48414}
-
Michael Achenbach authored
Bug: chromium:754168 Change-Id: Ie3c80b7f566f6738893cc30f26b35b7862eccc6c Reviewed-on: https://chromium-review.googlesource.com/706996 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by:
-
Alexei Filippov authored
BUG=chromium:760649 TBR=cbruni@chromium.org Change-Id: I9fcd6e25f78f3d6cbd563c77c96a5b175d1ba125 Reviewed-on: https://chromium-review.googlesource.com/707901Reviewed-by:
Alexei Filippov <alph@chromium.org> Commit-Queue: Alexei Filippov <alph@chromium.org> Cr-Commit-Position: refs/heads/master@{#48412}
-
Eric Holk authored
This flag was originally added as a staging mechanism to let us land and test guard regions without the full trap handler feature landing. Additionally, we thought we might enable guard regions without trap handlers on some systems. Trap handlers are now supported, and there's not a real compelling reason for why we need guard regions without trap handlers. Keeping the separate flag leads to confusion, since some code treats guard regions and trap handlers the same, while other code treats them as independent. Removing this flag and its associated special cases makes everything more uniform and predictable. R=gdeepti@chromium.org Change-Id: Icebab91d1f1e0c55e7a35c75b880085d37fa14ae Reviewed-on: https://chromium-review.googlesource.com/706570Reviewed-by:
Mircea Trofin <mtrofin@chromium.org> Commit-Queue: Eric Holk <eholk@chromium.org> Cr-Commit-Position: refs/heads/master@{#48411}
-
- 09 Oct, 2017 21 commits
-
-
Toon Verwaest authored
Bug: Change-Id: I0c2dabebbfa709589c19b1c48ec8de4c7f7a3952 Reviewed-on: https://chromium-review.googlesource.com/707151 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by:
Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#48410}
-
Alexei Filippov authored
The RuntimeCallStats object happen to be created on the main thread, but then got used in a worker. Make sure the thread checks do not fire false positives in this case. BUG=chromium:760649 Change-Id: I8f2a2b4d1da1bc48416987ea378688ec15b9d955 Reviewed-on: https://chromium-review.googlesource.com/706181Reviewed-by:
-
Eric Holk authored
This was causing trouble with Fuchsia, since mksnapshot was built and run on Linux which supports trap handlers, while Fuchsia does not yet. This change causes the external references to match between Fuchsia and Linux. Bug: chromium:772057 Change-Id: I8e8f3539e3f5c4b798c364101ef2d16b5137f16d Reviewed-on: https://chromium-review.googlesource.com/706109Reviewed-by:
-
Tobias Tebbi authored
This reverts commit 6ddb5e7d. Reason for revert: chromium:772873 chromium:772872 Original change's description: > Reland^2 "[turbofan] eagerly prune None types and deadness from the graph" > > Now, the EffectControlLinearizer connects all occurrences of Unreachable to the > graph end. This fixes issues with later phases running DeadCodeElimination and > introducing new DeadValue nodes when processing uses of Unreachable. > > This is a reland of 3c4bc27f > Original change's description: > > Reland "[turbofan] eagerly prune None types and deadness from the graph" > > > > This is a reland of e1cdda25 > > Original change's description: > > > [turbofan] eagerly prune None types and deadness from the graph > > > > > > In addition to using the {Dead} node to prune dead control nodes and nodes that > > > depend on them, we introduce a {DeadValue} node representing an impossible value > > > that can occur at any position in the graph. The extended {DeadCodeElimination} > > > prunes {DeadValue} and its uses, inserting a crashing {Unreachable} node into > > > the effect chain when possible. The remaining uses of {DeadValue} are handled > > > in {EffectControlLinearizer}, where we always have access to the effect chain. > > > In addition to explicitly introduced {DeadValue} nodes, we consider any value use > > > of a node with type {None} as dead. > > > > > > Bug: chromium:741225 > > > Change-Id: Icc4b636d1d018c452ba1a2fa7cd3e00e522f1655 > > > Reviewed-on: https://chromium-review.googlesource.com/641250 > > > Commit-Queue: Tobias Tebbi <tebbi@chromium.org> > > > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> > > > Cr-Commit-Position: refs/heads/master@{#48208} > > > > Bug: chromium:741225 > > Change-Id: I21316913dae02864f7a6d7c9269405a79f054138 > > Reviewed-on: https://chromium-review.googlesource.com/692034 > > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> > > Commit-Queue: Tobias Tebbi <tebbi@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#48232} > > Bug: chromium:741225 > Change-Id: I5702ec34856c075717162153adc765774453c45f > Reviewed-on: https://chromium-review.googlesource.com/702264 > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> > Commit-Queue: Tobias Tebbi <tebbi@chromium.org> > Cr-Commit-Position: refs/heads/master@{#48366} TBR=jarin@chromium.org,tebbi@chromium.org Change-Id: Ib0f59b8463681abf6a9158112515aefae3c76b5f No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:741225 Reviewed-on: https://chromium-review.googlesource.com/707275Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#48407}
-
Benedikt Meurer authored
We don't need an explicit diamond in JSBuiltinReducer to produce a Boolean. The NumberEqual operator already produces a Boolean, so we just need to negate the result. Change-Id: I442b0d98a4ab83002757906d6cc104682b87a853 Reviewed-on: https://chromium-review.googlesource.com/707434Reviewed-by:
Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#48406}
-
Ulan Degenbaev authored
This ensures that platform is initialized before the isolate and properly restores the previous platform at the end of the test. Bug: Change-Id: I2771b7538362c400c5ff61411222beb7d7e62b02 Reviewed-on: https://chromium-review.googlesource.com/707111 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by:
Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#48405}
-
Benedikt Meurer authored
Rename the MapLookupHashIndex builtin to FindOrderedHashMapEntry and also rename the TurboFan operators LookupHashStorageIndex and LookupSigned32HashStorageIndex to FindOrderedHashMapEntry and FindOrderedHashMapEntryForInt32Key respectively. This way the naming is more consistent and it's immediately obvious from the operator name that this operator deals with OrderedHashMaps, which wasn't clear before. Also fix the result of the operation to be either -1 or the index of the entry relative to the hash table start (that is, no longer eagerly add hash table start plus value offset to the entry index). This removes this non-foldable integer additon from TurboFan code for both Map#get and Map#has. Drive-by-fix: Also provide more concrete types for the FindOrderedHashMapEntry operators. Bug: v8:5049 Change-Id: I418d107b806f3031a52a525cffc20456dc2342db Reviewed-on: https://chromium-review.googlesource.com/707414Reviewed-by:
-
Benedikt Meurer authored
We use the naming convention <Constructor>Prototype<Method> for builtins that implement methods on a certain builtin constructors prototype. Fix the collection builtins (Map and Set) to match this naming convention. Bug: v8:5049 Change-Id: I8ced50c2ac9ebc8f4390bcbbc6aec426a0026813 Reviewed-on: https://chromium-review.googlesource.com/707318Reviewed-by:
-
Georg Neis authored
R=jkummerow@chromium.org Bug: v8:6791 Change-Id: I7b3efcd0033ecb8c872342cd573f416fd22daf73 Reviewed-on: https://chromium-review.googlesource.com/707006Reviewed-by:
-
Toon Verwaest authored
Bug: Change-Id: I78403ce3c36f3c8276358f0bafff88131b2c7c00 Reviewed-on: https://chromium-review.googlesource.com/707316Reviewed-by:
-
Benedikt Meurer authored
The contract in TurboFan is that "the hole" is never passed to "user JavaScript", which we unfortunately still don't check strictly. Now the inlined code for Array#forEach properly checks for "the hole", but the type of the element Node passed to the callback function doesn't reflect that. So introduce a proper TypeGuard here to reflect this check. This will also improve code generation for iteration of HOLEY arrays better and might improve performance a bit. Bug: v8:1956 Change-Id: Ib6b3c444b16fcf44551bda1b39f976d66b9362ab Reviewed-on: https://chromium-review.googlesource.com/705954Reviewed-by:
Daniel Clifford <danno@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#48400}
-
Benedikt Meurer authored
We no longer use the terminology "fast elements", so drop the "Fast" from both NewFastSmiOrObjectElements and NewFastDoubleElements operator names. Bug: v8:6399, v8:6901 Tbr: jarin@chromium.org Change-Id: Icc204623f2b459b0d0e172e26ddd73e29fe6c884 Reviewed-on: https://chromium-review.googlesource.com/707246Reviewed-by:
-
Toon Verwaest authored
Bug: Change-Id: I0f050d9ca57738267bcf461ac101f781a2e01fdf Reviewed-on: https://chromium-review.googlesource.com/707148 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by:
-
Toon Verwaest authored
Bug: Change-Id: Ic305df479b7e059b312bb06842814b992e2ab140 Reviewed-on: https://chromium-review.googlesource.com/707147 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by:
-
Sergiy Byelozyorov authored
TBR=machenbach@chromium.org Bug: chromium:747960 No-Tree-Checks: true No-Try: true No-Presubmit: true Change-Id: Ia2a5964e7229d08a9b88f60c609daad0f9571287 Reviewed-on: https://chromium-review.googlesource.com/707237 Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org> Reviewed-by:
-
Ulan Degenbaev authored
Bug: chromium:694255 Change-Id: I5c0c0b58cdcf3cf745670148724e3c6ecc34d485 Reviewed-on: https://chromium-review.googlesource.com/707149Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#48395}
-
Toon Verwaest authored
Bug: Change-Id: I62e95cebbc02ac867e396796f298b004f7f2ee4d Reviewed-on: https://chromium-review.googlesource.com/707150Reviewed-by:
-
Toon Verwaest authored
Bug: Change-Id: I8055db7268bfaca31aa2fe41d5882acd2649a9e8 Reviewed-on: https://chromium-review.googlesource.com/707143 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by:
-
Martyn Capewell authored
Missed from the earlier ObjectTriple removal, commit fc413158. Bug: Change-Id: I2fd9c17b4a4d888d81dc0b51586bec6f191cc7ed Reviewed-on: https://chromium-review.googlesource.com/707138Reviewed-by:
-
Toon Verwaest authored
Bug: Change-Id: I67a0062a5a2f5ce16f9b83e1fa7a8b91042e75c1 Reviewed-on: https://chromium-review.googlesource.com/707105 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by:
Hannes Payer <hpayer@chromium.org> Cr-Commit-Position: refs/heads/master@{#48391}
-
Ulan Degenbaev authored
The marked bytes counter needs to be updated before decrementing the pending task counter. Bug: chromium:694255 Change-Id: I19c4dfbdccfb32ded5b7bb707dc93d53e188e34a Reviewed-on: https://chromium-review.googlesource.com/707140Reviewed-by:
-
