- 27 Jun, 2016 40 commits
-
-
ddchen authored
When reading malformed input, the length of variable-length types can be very large. Computing operand length with this and adding it to PC will overflow and screw up decode. This patch switches to unsigned int for arity and lengths, terminates loop analysis on error, adds overflow checking to BranchTableOperand, and adds a unit test. Review-Url: https://codereview.chromium.org/2052623003 Cr-Commit-Position: refs/heads/master@{#37301}
-
bjaideep authored
Constantpool register is being used with no frame, and therefore it points to its parent stub's constantpool causing segfault. Disable constantpool before CallStub if frame not set. R=joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com BUG= LOG=N Review-Url: https://codereview.chromium.org/2106493002 Cr-Commit-Position: refs/heads/master@{#37300}
-
machenbach authored
Revert of Refactor CreateApiFunction (patchset #2 id:20001 of https://codereview.chromium.org/2095953002/ ) Reason for revert: [Sheriff] Changes a layout test. Please rebase upstream if intended: https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/7742 Original issue's description: > Refactor CreateApiFunction > > BUG= > > Committed: https://crrev.com/705574970f3899a6eda0c61130c8c31693df4039 > Cr-Commit-Position: refs/heads/master@{#37290} TBR=jochen@chromium.org,verwaest@chromium.org # Not skipping CQ checks because original CL landed more than 1 days ago. BUG= Review-Url: https://codereview.chromium.org/2099983004 Cr-Commit-Position: refs/heads/master@{#37299}
-
mythria authored
Removes failure expectation for observer-expectations layout test. BUG=v8:4280,v8:5096 LOG=N Review-Url: https://codereview.chromium.org/2094353002 Cr-Commit-Position: refs/heads/master@{#37298}
-
bbudge authored
Replaces ArchDefault method with Crankshaft and Turbofan getters. Eliminates IsAllocated method on Register, FloatRegister, DoubleRegister. Eliminates ToString method too. Changes call sites to access appropriate arch default RegisterConfiguration. LOG=N BUG= Review-Url: https://codereview.chromium.org/2092413002 Cr-Commit-Position: refs/heads/master@{#37297}
-
ssanfilippo authored
the .eh_frame format as part of the jitdump generated when FLAG_perf_prof is enabled. The final goal is allowing precise unwinding of callchains that include JITted code when profiling V8 using perf. Unwinding information is stored in the body of code objects after the code itself, prefixed with its length and aligned to a 8-byte boundary. A boolean flag in the header signals its presence, resulting in zero memory overhead when the generation of unwinding info is disabled or no such information was attached to the code object. A new jitdump record type (with id 4) is introduced for specifying optional unwinding information for code load records. The EhFrameHdr struct is also introduced, together with a constructor to initialise it from the associated code object. At this stage no unwinding information is written to the jitdump, but the infrastructure for doing so is ready in place. BUG=v8:4899 LOG=N Review-Url: https://codereview.chromium.org/1993653003 Cr-Commit-Position: refs/heads/master@{#37296}
-
ivica.bogosavljevic authored
BUG= Review-Url: https://codereview.chromium.org/2069933003 Cr-Commit-Position: refs/heads/master@{#37295}
-
mstarzinger authored
This adds a missing lazy bailout point when defining data properties with computed property names in object literals. The runtime call to Runtime::kDefineDataPropertyInLiteral can trigger deopts. The necessary bailout ID already exists and is now properly used. R=jarin@chromium.org TEST=mjsunit/regress/regress-crbug-621816 BUG=chromium:621816 Review-Url: https://codereview.chromium.org/2099133003 Cr-Commit-Position: refs/heads/master@{#37294}
-
franzih authored
Instead of a JS implementation that calls C++ runtime functions, migrate String.fromCodePoint() to C++. BUG=v8:5049 Review-Url: https://codereview.chromium.org/2038563003 Cr-Commit-Position: refs/heads/master@{#37293}
-
jochen authored
R=yangguo@chromium.org,danno@chromium.org BUG= Review-Url: https://codereview.chromium.org/2094293002 Cr-Commit-Position: refs/heads/master@{#37292}
-
ishell authored
This is a building block for GetPropertyStub. It supports querying fast, slow and global objects without native accessors and interceptors. BUG=v8:4911 LOG=Y Review-Url: https://codereview.chromium.org/2079823002 Cr-Commit-Position: refs/heads/master@{#37291}
-
verwaest authored
BUG= Review-Url: https://codereview.chromium.org/2095953002 Cr-Commit-Position: refs/heads/master@{#37290}
-
franzih authored
Proxy objects need special treatment in toString(). Usually, we use the @@toStringTag, if it is set, otherwise we determine the result of toString() by checking IsArray() and other internal slots. According to ES2017 19.1.3.6, IsArray() and the internal slots must be checked first, then get(@@toStringTag). The result of IsArray() and internal slots is discarded if @@toStringTag is set. For proxy objects, we must obey this order, because get() can have side-effects, i.e., revoke the proxy. For all other objects, we can skip the check of the internal slots, if @@toStringTag is set. BUG= CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel Review-Url: https://codereview.chromium.org/2090773006 Cr-Commit-Position: refs/heads/master@{#37289}
-
bbudge authored
- Add a const bool kSimpleFPAliasing variable for each platform so it's easier for the compiler to eliminate dead code. - Modify RegisterAllocator to use it. LOG=N BUG=v8:4124 Review-Url: https://codereview.chromium.org/2101473002 Cr-Commit-Position: refs/heads/master@{#37288}
-
machenbach authored
This adds generate-bytecode-expectations and parser_shell. BUG=chromium:474921 NOTRY=true Review-Url: https://codereview.chromium.org/2102483002 Cr-Commit-Position: refs/heads/master@{#37287}
-
jochen authored
This superseeds all-can-read/all-can-write properties BUG=chromium:618305 R=verwaest@chromium.org Review-Url: https://codereview.chromium.org/2087823002 Cr-Commit-Position: refs/heads/master@{#37286}
-
bbudge authored
Removes OperandConverter::*Float32* and *Float64* methods. LOG=N BUG=v8:4124 Review-Url: https://codereview.chromium.org/2091973002 Cr-Commit-Position: refs/heads/master@{#37285}
-
mlippautz authored
BUG=chromium:581412 LOG=N R=jochen@chromium.org Review-Url: https://codereview.chromium.org/2094753002 Cr-Commit-Position: refs/heads/master@{#37284}
-
franzih authored
We can check if the instance type of an object is JS_PROMISE_TYPE to determine if it is a promise rather than test whether the property promise_state_symbol is present. BUG= CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel Review-Url: https://codereview.chromium.org/2091243002 Cr-Commit-Position: refs/heads/master@{#37283}
-
zhengxing.li authored
port f5b83dec (r37061) original commit message: As a first step towards showing builtin frames in stack traces, we will now push target and new target unconditionally. Since the various specializations of BuiltinArguments are made redundant by this change, we can remove them and all related code. BUG= Review-Url: https://codereview.chromium.org/2095323002 Cr-Commit-Position: refs/heads/master@{#37282}
-
neis authored
R=littledan@chromium.org BUG= Review-Url: https://codereview.chromium.org/2088813002 Cr-Commit-Position: refs/heads/master@{#37281}
-
neis authored
R=adamk@chromium.org BUG= Review-Url: https://codereview.chromium.org/2081163002 Cr-Commit-Position: refs/heads/master@{#37280}
-
franzih authored
Replace explicit Object::IsErrorObject() and v8::IsNativeError() with macro generated functions Object::IsJSError() and HeapObject::IsJSError(). BUG= Committed: https://crrev.com/90e4fd136387ca7271d8ea87f4fc667e4f55063b Cr-Commit-Position: refs/heads/master@{#37244} CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel Review-Url: https://codereview.chromium.org/2090333002 Cr-Commit-Position: refs/heads/master@{#37279}
-
ishell authored
The global object can be loaded from the native context and the name can be loaded in the type feedback metadata. BUG=chromium:576312 Review-Url: https://codereview.chromium.org/2096653003 Cr-Commit-Position: refs/heads/master@{#37278}
-
zhengxing.li authored
port 4d4eb611 (r37058) original commit message: BUG= Review-Url: https://codereview.chromium.org/2097323002 Cr-Commit-Position: refs/heads/master@{#37277}
-
franzih authored
BUG=623021 Review-Url: https://codereview.chromium.org/2099923002 Cr-Commit-Position: refs/heads/master@{#37276}
-
zhengxing.li authored
port 198e09de (r37053) original commit message: Construct a BUILTIN frame before throwing an exception from runtime. BUG= Review-Url: https://codereview.chromium.org/2094223002 Cr-Commit-Position: refs/heads/master@{#37275}
-
machenbach authored
Fix after: https://codereview.chromium.org/2060743002/ https://codereview.chromium.org/2086653003/ BUG=v8:5086, v8:5092, v8:4124 TBR=bmeurer@chromium.org, yangguo@chromium.org, bbudge@chromium.org NOTRY=true Review-Url: https://codereview.chromium.org/2095313002 Cr-Commit-Position: refs/heads/master@{#37274}
-
bmeurer authored
If we know that a constant can be represented as word32, then we don't need to insert a checked conversion, but just change the constant appropriately. R=jarin@chromium.org Review-Url: https://codereview.chromium.org/2100063002 Cr-Commit-Position: refs/heads/master@{#37273}
-
thakis authored
See https://codereview.chromium.org/2076483002 for a lengthy reasoning. The two mysterious files called out there were in boringssl and nacl, so for v8 this should be a complete no-op. BUG=chromium:592745 Review-Url: https://codereview.chromium.org/2099843002 Cr-Commit-Position: refs/heads/master@{#37272}
-
mlippautz authored
BUG=chromium:611688 LOG=N R=machenbach@chromium.org Review-Url: https://codereview.chromium.org/2098443002 Cr-Commit-Position: refs/heads/master@{#37271}
-
zhengxing.li authored
port f47b9e98 (r37051) original commit message: This adds a new BUILTIN frame type, which supports variable number of arguments for builtins implemented in hand-written native code (we will extend this mechanism to TurboFan builtins at some point). Convert the Math.max and Math.min builtins to construct a BUILTIN frame if required. This does not yet work for C++ builtins, but that'll be the next step. BUG= Review-Url: https://codereview.chromium.org/2096283003 Cr-Commit-Position: refs/heads/master@{#37270}
-
zhengxing.li authored
port d5f2ac5e (r37047) original commit message: Import base::ieee754::exp() from FreeBSD msun and introduce a Float64Exp TurboFan operator based on that, similar to what we do for Float64Log. Rewrite Math.exp() as TurboFan builtin and use that operator to also inline Math.exp() into optimized TurboFan functions. BUG= Review-Url: https://codereview.chromium.org/2096283002 Cr-Commit-Position: refs/heads/master@{#37269}
-
zhengxing.li authored
port d9bf520a (r37035) original commit message: BUG= Review-Url: https://codereview.chromium.org/2100023002 Cr-Commit-Position: refs/heads/master@{#37268}
-
zhengxing.li authored
port c5e3c9bf (r37011) original commit message: Only Intel needed changes, arm and mips work as expected. BUG= Review-Url: https://codereview.chromium.org/2094143003 Cr-Commit-Position: refs/heads/master@{#37267}
-
zhengxing.li authored
port 2d1f977c (r36978) original commit message: Support for relocatable globals, to facilitate compilation before instantiation. BUG= Review-Url: https://codereview.chromium.org/2096273002 Cr-Commit-Position: refs/heads/master@{#37266}
-
zhengxing.li authored
port 6470ddad (r36950) original commit message: This introduces SilenceNaN operator, which makes sure that we only store quiet NaNs into holey arrays. We omit the NaN silencing code at instruction selection time if the input is an operation that cannot possibly produce signalling NaNs. BUG= Review-Url: https://codereview.chromium.org/2099143002 Cr-Commit-Position: refs/heads/master@{#37265}
-
v8-autoroll authored
Rolling v8/build to 95bb77009ecdeaa992b031b947142fbf7da57ed6 Rolling v8/tools/mb to 62e2d060db3b06208f5d6558db03efd140ecd180 TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org Review-Url: https://codereview.chromium.org/2098293002 Cr-Commit-Position: refs/heads/master@{#37264}
-
zhengxing.li authored
port e95cfafb (r36917) original commit message: This fixes FastNewStrictArgumentsStub and FastNewRestParameterStub to no longer assume that the strict arguments object being allocated will fit into new-space. The case where said object needs to move to large object space is now handled in the runtime. BUG= Review-Url: https://codereview.chromium.org/2100003002 Cr-Commit-Position: refs/heads/master@{#37263}
-
zhengxing.li authored
port 89d8c57b (r36916) original commit message: Import base::ieee754::atan() and base::ieee754::atan2() from fdlibm and introduce Float64Atan and Float64Atan2 TurboFan operators based on those, similar to what we already did for Float64Log and Float64Log1p. Rewrite Math.atan() and Math.atan2() as TurboFan builtin and use the operators to also inline Math.atan() and Math.atan2() into optimized TurboFan functions. BUG= Review-Url: https://codereview.chromium.org/2093423003 Cr-Commit-Position: refs/heads/master@{#37262}
-