- 28 Feb, 2017 16 commits
-
-
Marja Hölttä authored
The x64 side is included in https://chromium-review.googlesource.com/c/444226/ BUG=v8:5294 Change-Id: Ie255604c5e38c72e3c2b76e1ca3557a5fde108ee Reviewed-on: https://chromium-review.googlesource.com/446394Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#43481}
-
Michael Starzinger authored
R=yangguo@chromium.org TEST=message/regress/regress-crbug-691194 BUG=chromium:691194 Change-Id: I72198e087f88abf89cdd38b99c19e10cbebda08d Reviewed-on: https://chromium-review.googlesource.com/445942Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#43480}
-
Michael Starzinger authored
The above intrinsic by now has to perform a check whether the prototype of a derived constructor is actually a constructor function itself. This is done as part of the {JSGetConstructorCall} operator. The intrinsic should just reduce down to the operator to maintain correct semantics. R=bmeurer@chromium.org TEST=mjsunit/regress/regress-crbug-696622 BUG=chromium:696622 Change-Id: Ia19c188f17ad16b12248db1f01a01b8d7258499b Reviewed-on: https://chromium-review.googlesource.com/447716Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#43479}
-
tebbi authored
R=bmeurer@chromium.org BUG= Review-Url: https://codereview.chromium.org/2680973013 Cr-Original-Commit-Position: refs/heads/master@{#43163} Committed: https://chromium.googlesource.com/v8/v8/+/f01c8a6e4b24ab38e58bb141fc251bc6b75dbe21 Review-Url: https://codereview.chromium.org/2680973013 Cr-Commit-Position: refs/heads/master@{#43478}
-
jarin authored
BUG=chromium:694088 Review-Url: https://codereview.chromium.org/2725593002 Cr-Commit-Position: refs/heads/master@{#43477}
-
ivica.bogosavljevic authored
In Wasm-to-interpeter entry creation, arguments for the interpreter are stored in an argument buffer. Depending on the order of the arguments some arguments may be misaligned and this causes crashes on those architectures that do not support unaligned memory access. TEST=cctest/test-wasm-interpreter-entry/TestArgumentPassing_AllTypes BUG= Review-Url: https://codereview.chromium.org/2705293011 Cr-Commit-Position: refs/heads/master@{#43476}
-
tebbi authored
The new NewUnmappedArgumentsElements node now takes two inputs: - the frame holding the arguments (current frame or arguments adaptor frame) - the length of the suffix of passed arguments to be copied into the backing store These inputs are computed with two new node types: ArgumentsFrame() ArgumentsLength[formal_parameter_count,is_rest_length](Node* arguments_frame) The node type NewRestParameterElements can now be expressed with NewUnmappedArgumentsElements and an appropriate length and is thus not needed anymore. In escape analysis, we lower loads from the length field of NewUnmappedArgumentsElements with its length input and if we find out that no write access to the arguments elements exists, we replace element loads with direct stack access and replace the NewUnmappedArgumentsElements node with a node of the new node type ArgumentsElementsState. This corresponds to an ObjectState node and gets translated into a deoptimizer instruction to allocate the backing store. Together with the already existing deoptimizer support for the actual arguments object/rest parameters, this allows to remove all allocations for arguments objects/rest parameters in this case. In the deoptimizer, we read the actual parameters from the stack while transforming the static deopt info into TranslatedValue objects. If escape analysis cannot remove the backing store allocation, NewUnmappedArgumentsElements gets lo BUG=v8:5726 Review-Url: https://codereview.chromium.org/2692753004 Cr-Commit-Position: refs/heads/master@{#43475}
-
jkummerow authored
Avoiding runtime call overhead. There's a fast path for Function.prototype loads, which are very common. BUG=v8:5269 Review-Url: https://codereview.chromium.org/2711353002 Cr-Commit-Position: refs/heads/master@{#43474}
-
hablich authored
TBR=machenbach@chromium.org NOTRY=true NOTREECHECKS=true Review-Url: https://codereview.chromium.org/2721593004 Cr-Commit-Position: refs/heads/master@{#43473}
-
Michael Starzinger authored
R=bradnelson@chromium.org TEST=mjsunit/wasm/asm-with-wasm-off BUG=chromium:696655 Change-Id: I9375d8ac2f111009233dc480529fd0f0e00fe811 Reviewed-on: https://chromium-review.googlesource.com/447398Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#43472}
-
Michael Starzinger authored
This handles relational comparison operations (no equality yet) having number feedback during the early type-hint lowering (i.e. during graph construction). R=jarin@chromium.org Change-Id: Ia276d1d7c5931f1e92f31e4e24c181d82d48a138 Reviewed-on: https://chromium-review.googlesource.com/446762Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#43471}
-
v8-autoroll authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/c7c2db6..d25400d Rolling v8/buildtools: https://chromium.googlesource.com/chromium/buildtools/+log/7e53759..b3771b1 Rolling v8/third_party/catapult: https://chromium.googlesource.com/external/github.com/catapult-project/catapult/+log/47b9857..4f3d6da Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/9913fb1..37d701b TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org Change-Id: I23061bacabda9ed97edf9d849d6811ed313bac7e Reviewed-on: https://chromium-review.googlesource.com/447360Reviewed-by: v8 autoroll <v8-autoroll@chromium.org> Commit-Queue: v8 autoroll <v8-autoroll@chromium.org> Cr-Commit-Position: refs/heads/master@{#43470}
-
hablich authored
NOTRY=true TBR=machenbach@chromium.org Review-Url: https://codereview.chromium.org/2721663004 Cr-Commit-Position: refs/heads/master@{#43469}
-
yangguo authored
Add tests for local variables in function scopes and async features. R=jgruber@chromium.org BUG=v8:5821 Review-Url: https://codereview.chromium.org/2707043003 Cr-Commit-Position: refs/heads/master@{#43468}
-
aseemgarg authored
Revert "Revert of [Atomics] Implement ldaxr/stlxr instructions in ARM64 simulator (patchset #8 id:140001 of https://codereview.chromium.org/2711473002/ )" This reverts commit 2362f869. BUG=v8:4614 Review-Url: https://codereview.chromium.org/2720133004 Cr-Commit-Position: refs/heads/master@{#43467}
-
jbroman authored
This makes it no longer necessary to ensure that V8 and Blink have non-colliding tags, which makes it easier for them to evolve independently, and also makes the wire format more suitable for other V8 embedders, who would not necessarily be surveyed before V8 introduced a new tag that might collide with theirs. BUG=chromium:686159 Review-Url: https://codereview.chromium.org/2709023003 Cr-Commit-Position: refs/heads/master@{#43466}
-
- 27 Feb, 2017 24 commits
-
-
aseemgarg authored
BUG=v8:4124 R=bradnelson@chromium.org,bbudge@chromium.org,gdeepti@chromium.org Review-Url: https://codereview.chromium.org/2713613005 Cr-Commit-Position: refs/heads/master@{#43465}
-
bjaideep authored
R=joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com BUG= LOG=N Review-Url: https://codereview.chromium.org/2722603003 Cr-Commit-Position: refs/heads/master@{#43464}
-
littledan authored
Revert of [Atomics] Implement ldaxr/stlxr instructions in ARM64 simulator (patchset #8 id:140001 of https://codereview.chromium.org/2711473002/ ) Reason for revert: The tree is closed due to an msan violation (use of uninitialized value) in the arm64 simulator soon after this patch landed; this seems related https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/builds/13607/steps/Check/logs/simulator_invalidate_.. Original issue's description: > [Atomics] Implement ldaxr/stlxr instructions in ARM64 simulator > > BUG=v8:4614 > R=binji@chromium.org > > Review-Url: https://codereview.chromium.org/2711473002 > Cr-Commit-Position: refs/heads/master@{#43461} > Committed: https://chromium.googlesource.com/v8/v8/+/a2a2c1b9eeccd86e77f2c7e6eda3e1b09bb5306c TBR=binji@chromium.org,jarin@chromium.org,jacob.bramley@arm.com,aseemgarg@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=v8:4614 Review-Url: https://codereview.chromium.org/2720133003 Cr-Commit-Position: refs/heads/master@{#43463}
-
binji authored
perf regression. See crbug.com/695653 for more info. Revert "[SAB] Move Atomics builtins to C++" This reverts commit 2b9840d8. Revert "[SAB] Remove unreachable Uint8Clamped atomics paths" This reverts commit d1160fb1. Revert "Remove tiny unit test for MinSimple/MaxSimple" This reverts commit 837760ec. Revert "Remove infrastructure for experimental JS natives" This reverts commit 8cfe45b6. BUG=695653 TBR=hablich@chromium.org Review-Url: https://codereview.chromium.org/2715223003 Cr-Commit-Position: refs/heads/master@{#43462}
-
aseemgarg authored
BUG=v8:4614 R=binji@chromium.org Review-Url: https://codereview.chromium.org/2711473002 Cr-Commit-Position: refs/heads/master@{#43461}
-
Eric Holk authored
BUG= https://bugs.chromium.org/p/chromium/issues/detail?id=694954 Change-Id: I07d7eeccca716028e1151db3df7ebee81d4a9ef2 Reviewed-on: https://chromium-review.googlesource.com/446707 Commit-Queue: Eric Holk <eholk@chromium.org> Reviewed-by: Mircea Trofin <mtrofin@chromium.org> Cr-Commit-Position: refs/heads/master@{#43460}
-
kozyatinskiy authored
BUG=none R=dgozman@chromium.org Review-Url: https://codereview.chromium.org/2710903003 Cr-Commit-Position: refs/heads/master@{#43459}
-
kozyatinskiy authored
This test helps to prevent regressions during work on new break locations. BUG=none R=dgozman@chromium.org Review-Url: https://codereview.chromium.org/2719763002 Cr-Commit-Position: refs/heads/master@{#43458}
-
kozyatinskiy authored
BUG=chromium:695236 R=dgozman@chromium.org,yangguo@chromium.org Review-Url: https://codereview.chromium.org/2710953004 Cr-Commit-Position: refs/heads/master@{#43457}
-
sampsong authored
BUG= R=bjaideep@ca.ibm.com, jyan@ca.ibm.com, joransiu@ca.ibm.com Review-Url: https://codereview.chromium.org/2712193002 Cr-Commit-Position: refs/heads/master@{#43456}
-
Daniel Cheng authored
This will randomly break compilation units that don't happen to #define DCHECK before v8-util.h is included. BUG=chromium:688155 Change-Id: I7abdaf87c8bb7aca995d9e6e7ef8b4faff0dc50c Reviewed-on: https://chromium-review.googlesource.com/447002Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Daniel Cheng <dcheng@chromium.org> Cr-Commit-Position: refs/heads/master@{#43455}
-
leszeks authored
Make MarkerIs[Not]FrameType actually use their argument instead of a fixed value for the stack frame type. Review-Url: https://codereview.chromium.org/2709953002 Cr-Commit-Position: refs/heads/master@{#43454}
-
bmeurer authored
Inline the Array.isArray builtin during typed lowering, which generates ideal code for the common case (non-JSProxy arg), and use the existing %ArrayIsArray runtime function for the JSProxy case just like in baseline. BUG=v8:5267 R=jarin@chromium.org Review-Url: https://codereview.chromium.org/2719023002 Cr-Commit-Position: refs/heads/master@{#43453}
-
Toon Verwaest authored
When an instance of a constructor goes dictionary mode, this changes the initial map of that constructor to also be in dictionary mode. This avoids spurious hidden class creation, that also results in IC misses. BUG= Change-Id: I0e70f822ac345d0224f2092ec473621a603d4cc5 Reviewed-on: https://chromium-review.googlesource.com/446361Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#43452}
-
Igor Sheludko authored
BUG=chromium:688734 Change-Id: If5dd370971cb02c4463fa20a489d0fa60b0423c4 Reviewed-on: https://chromium-review.googlesource.com/446845Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#43451}
-
clemensh authored
R=titzer@chromium.org, ahaas@chromium.org Review-Url: https://codereview.chromium.org/2714403004 Cr-Commit-Position: refs/heads/master@{#43450}
-
clemensh authored
Skip parallel compilation if less than two functions need to be compiled, and skip over imported functions instead of adding nullptrs for them to the compilation_units_ vector. R=titzer@chromium.org, ahaas@chromium.org Review-Url: https://codereview.chromium.org/2718053002 Cr-Commit-Position: refs/heads/master@{#43449}
-
littledan authored
In spec review, the Intl constructor fallback semantics ended up changing a bit; this patch updates V8 to the newest semantics. BUG=v8:4360,v8:4870 Review-Url: https://codereview.chromium.org/2618533002 Cr-Commit-Position: refs/heads/master@{#43448}
-
Michael Starzinger authored
This extends the existing typer for JS-level comparisons to also be applied on simplified-level number comparisons. Now that nodes having such operators are introduced early during graph construction, precise type information has become more important. R=jarin@chromium.org TEST=unittests/TyperTest Change-Id: Ibcfda36cadf72381b3c63138dd8ad2f6b1f7fbba Reviewed-on: https://chromium-review.googlesource.com/445879 Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#43447}
-
Choongwoo Han authored
Compare function for std::sort should satisfy strict weak ordering relation. BUG=chromium:696251 Change-Id: I1c07e3bb1b012fd203bc059a21a75ae0fc61f5ac Reviewed-on: https://chromium-review.googlesource.com/447036Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#43446}
-
Michael Starzinger authored
Nodes having the {Throw} operator are just used as terminators for control-flow leaving the function body with an exception completion, they turn into basic-block terminators within the schedule. Actually raising an exception is done solely via runtime calls. Hence {Throw} nodes no longer need any value input. R=bmeurer@chromium.org Change-Id: Id6d8e46b12c4b84f4e7a8ac96623c8efb1f27b26 Reviewed-on: https://chromium-review.googlesource.com/446501 Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#43445}
-
ulan authored
This should have been removed with 9e187e. BUG= Review-Url: https://codereview.chromium.org/2719013002 Cr-Commit-Position: refs/heads/master@{#43444}
-
bmeurer authored
Don't just blindly bake in CallIC feedback in the JSCallReducer, but instead try to estimate first whether it makes sense to bake it in (and risk potential eager deoptimization exits). We already didn't use the CallIC feedback when the call target is a known constant, but we should also not use it if the target is a JSCreateClosure node or a Phi of known constants / JSCreateClosure nodes. R=jarin@chromium.org BUG=v8:5267 Review-Url: https://codereview.chromium.org/2721483003 Cr-Commit-Position: refs/heads/master@{#43443}
-
Camillo Bruni authored
Change-Id: I10ca732853729564c59755648d5fb369fb49ce97 Reviewed-on: https://chromium-review.googlesource.com/446364Reviewed-by: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#43442}
-