- 15 Mar, 2018 24 commits
-
-
Jakob Gruber authored
This reverts commit f1b1ec70. Reason for revert: Tentative revert for https://logs.chromium.org/v/?s=chromium%2Fbb%2Fclient.v8.fyi%2FV8-Blink_Mac%2F13696%2F%2B%2Frecipes%2Fsteps%2Fwebkit_unit_tests%2F0%2Fstdout Original change's description: > [builtins] Remove off-heap builtins from the snapshot > > This CL is the final major step towards shipping off-heap-safe builtins > embedded into the binary. > > Prior to snapshot serialization, we now: > * create the embedded blob containing off-heap instruction streams, > * use that to generate embedded.cc (containing embedded binary data), > * replace off-heap-safe builtins with trampolines, > * and serialize those into the final snapshot. > > The new RelocInfo::OFF_HEAP_TARGET kind is used to fix up trampoline > targets on deserialization. > > Bug: v8:6666 > Change-Id: Ib07aea9e3bd7ecdec42291c1388b3a7453ea96ce > Reviewed-on: https://chromium-review.googlesource.com/950775 > Commit-Queue: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Reviewed-by: Yang Guo <yangguo@chromium.org> > Cr-Commit-Position: refs/heads/master@{#51960} TBR=yangguo@chromium.org,mstarzinger@chromium.org,jgruber@chromium.org Change-Id: I58dd4bf9a99d37416855b48807150e1dd9ecd9e8 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:6666 Reviewed-on: https://chromium-review.googlesource.com/964363Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#51962}
-
Hannes Payer authored
Change-Id: I57da95525e09820ed1a1697cc4eb1e39ecb7c7cc Reviewed-on: https://chromium-review.googlesource.com/964282Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Hannes Payer <hpayer@chromium.org> Cr-Commit-Position: refs/heads/master@{#51961}
-
jgruber authored
This CL is the final major step towards shipping off-heap-safe builtins embedded into the binary. Prior to snapshot serialization, we now: * create the embedded blob containing off-heap instruction streams, * use that to generate embedded.cc (containing embedded binary data), * replace off-heap-safe builtins with trampolines, * and serialize those into the final snapshot. The new RelocInfo::OFF_HEAP_TARGET kind is used to fix up trampoline targets on deserialization. Bug: v8:6666 Change-Id: Ib07aea9e3bd7ecdec42291c1388b3a7453ea96ce Reviewed-on: https://chromium-review.googlesource.com/950775 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#51960}
-
Ben L. Titzer authored
- Rename WasmCode::owner() to WasmCode::native_module() and - Make {shared} field of WasmCompiledModule no-longer const, since it had a setter masquerading under the {OnWasmModuleDeserialization()}. - Refactor and simplify the flow of "owner" in module-compiler.cc R=mstarzinger@chromium.org Change-Id: If9ee371124678fbbc845fc4e93279bf14f8f7ce8 Reviewed-on: https://chromium-review.googlesource.com/964263Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Ben Titzer <titzer@chromium.org> Cr-Commit-Position: refs/heads/master@{#51959}
-
Sathya Gunasekaran authored
Bug: v8:7317 Change-Id: I44713155597549a148bdab7a6f16641cc3918a66 Reviewed-on: https://chromium-review.googlesource.com/962147 Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by: Mathias Bynens <mathias@chromium.org> Cr-Commit-Position: refs/heads/master@{#51958}
-
Michael Achenbach authored
Bug: v8:7441 Change-Id: I4dda34f22a1281c869fdf7b31108908f834ab30c Reviewed-on: https://chromium-review.googlesource.com/960034Reviewed-by: Yang Guo <yangguo@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#51957}
-
Ulan Degenbaev authored
This function re-uses the implementation of InitializeICUDefaultLocation. Removal of the API breaks embedders' code without providing any benefit. Bug: v8:7561 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: I006cd307887ac132f574af26ca9cd1d5e5317644 Reviewed-on: https://chromium-review.googlesource.com/963024Reviewed-by: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#51956}
-
Hannes Payer authored
Bug: chromium:818585 Change-Id: I31032ba230ee2eb9f0bbcab0af720e23c3d6ae11 Reviewed-on: https://chromium-review.googlesource.com/962428Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Hannes Payer <hpayer@chromium.org> Cr-Commit-Position: refs/heads/master@{#51955}
-
Michael Starzinger authored
R=clemensh@chromium.org BUG=v8:7549 Change-Id: I713b458236cd0257eeb468caa2c6cfb68afb7a37 Reviewed-on: https://chromium-review.googlesource.com/964122Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#51954}
-
Daniel Clifford authored
Change-Id: Ic682a8e0a3340fe20a0f6300508197e6ec8f211d Reviewed-on: https://chromium-review.googlesource.com/963710Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Daniel Clifford <danno@chromium.org> Cr-Commit-Position: refs/heads/master@{#51953}
-
Clemens Hammacher authored
After processing the string loaded from a file, don't process message queues. Otherwise, stack traces generated in any processed task will contain the stack trace of the load. This also introduces nondeterminism, since it depends on the timing whether something will be processed inside the load or outside. Drive-by: Introduce enums for the different bools, to make their meaning more obvious at call sites. R=yangguo@chromium.org CC=herhut@chromium.org Change-Id: Ib48ee01be8c443a2a408ecb1c9e34bb9ba5a8fe7 Reviewed-on: https://chromium-review.googlesource.com/964141Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#51952}
-
Ulan Degenbaev authored
This also undeprecates Message::GetStartColumn API. The simple versions are easier to use for the embedders and have the same implementation as the complex versions. Bug: v8:7560 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: I656161b04c5d9de6d1de9435b7825009f96572a5 Reviewed-on: https://chromium-review.googlesource.com/963322 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#51951}
-
Sathya Gunasekaran authored
Pointing to the exact spot of the incorrect numeric separator seems clearer both in terms of the error itself, and the resulting code in scanner because we don't have to keep track of the start position. Previously, the error was: ➜ ./out.gn/x64.release/d8 --harmony-numeric-separator -e '0x1__1' unnamed:1: SyntaxError: Only one underscore is allowed as numeric separator 0x1__1 ^^^^ SyntaxError: Only one underscore is allowed as numeric separator Now, the error is: ➜ ./out.gn/x64.release/d8 --harmony-numeric-separator -e '0x1__1' unnamed:1: SyntaxError: Only one underscore is allowed as numeric separator 0x1__1 ^ SyntaxError: Only one underscore is allowed as numeric separator Bug: v8:7317 Change-Id: I7df1b39816e51a97234da6ed0fca1bf8c0223c3e Reviewed-on: https://chromium-review.googlesource.com/962241 Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by: Mathias Bynens <mathias@chromium.org> Cr-Commit-Position: refs/heads/master@{#51950}
-
Tobias Tebbi authored
This reverts commit d504203e. Reason for revert: b/74469145 Original change's description: > [turbofan] Consistently use String feedback for JSAdd. > > Currently we didn't always consistently use the String feedback on > JSAdd, but only if JSTypedLowering would already figure out statically > that one of the inputs is already a String. That leads to some odd > performance cliffs, as highlighted in the referenced bug. > > This CL fixes the JSTypedLowering::ReduceJSAdd to always bake in the > String feedback. This improves the relevant performance tests from the > bug from > > console.timeEnd: Runtime join3, 967.512000 > console.timeEnd: Runtime join, 1004.599000 > console.timeEnd: Runtime join3, 1124.764000 > console.timeEnd: Runtime join, 966.164000 > console.timeEnd: Runtime join3, 1145.296000 > console.timeEnd: Runtime join, 966.176000 > console.timeEnd: Runtime join3, 1145.272000 > console.timeEnd: Runtime join, 931.266000 > > to > > console.timeEnd: Runtime join3, 903.050000 > console.timeEnd: Runtime join, 856.509000 > console.timeEnd: Runtime join3, 945.144000 > console.timeEnd: Runtime join, 840.038000 > console.timeEnd: Runtime join3, 927.965000 > console.timeEnd: Runtime join, 841.263000 > console.timeEnd: Runtime join3, 929.342000 > console.timeEnd: Runtime join, 858.143000 > > which corresponds to an 8-18% improvement. > > Bug: v8:7415 > Change-Id: I62e008298e4ee0864885b37817c91d055acf2a09 > Reviewed-on: https://chromium-review.googlesource.com/936643 > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> > Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> > Cr-Commit-Position: refs/heads/master@{#51551} TBR=jarin@chromium.org,bmeurer@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: v8:7415 Change-Id: I106a314bcd4187abdad6dc11306226d0c28ef524 Reviewed-on: https://chromium-review.googlesource.com/963522Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#51949}
-
Vasili Skurydzin authored
Port ab9ac994 Original Commit Message: We can reduce boilerplate if we pass the continuation to some InstructionSelector::Emit.* methods. R=mvstanton@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com BUG= LOG=N Change-Id: Ia9ddd0dcf5d6115ee9f8c35e1b05c10f9f0c4b39 Reviewed-on: https://chromium-review.googlesource.com/959441 Commit-Queue: Junliang Yan <jyan@ca.ibm.com> Reviewed-by: Junliang Yan <jyan@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#51948}
-
Clemens Hammacher authored
On x64, the upper 32 bit of a register holding a 32-bit value are always zero. Add several assertions to check that. This is particularly important for memory accesses, where the whole 64-bit register is used as offset for the memory access. R=titzer@chromium.org Bug: v8:6600 Change-Id: Ifd3c6e90bb0056dbc2b8c66de919f35c7787965b Reviewed-on: https://chromium-review.googlesource.com/963321 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Ben Titzer <titzer@chromium.org> Cr-Commit-Position: refs/heads/master@{#51947}
-
Sathya Gunasekaran authored
Bug: v8:7317 Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng Change-Id: I2920abc732b9006a24fcf11edb6bb779ac627d5a Reviewed-on: https://chromium-review.googlesource.com/961064Reviewed-by: Mathias Bynens <mathias@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#51946}
-
Ulan Degenbaev authored
This patch extends ExtractContextReferences to handle all declaration contexts, not only function/module/eval contexts. Bug: chromium:817954 Change-Id: Ibe2827a9d6b2939552da26a60df959c9b22ea059 Reviewed-on: https://chromium-review.googlesource.com/962763 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Alexei Filippov <alph@chromium.org> Cr-Commit-Position: refs/heads/master@{#51945}
-
Junliang Yan authored
Bug: v8:7558 Change-Id: I7f4eae87fad6b707c5defa033f4eaf6037c864ba Reviewed-on: https://chromium-review.googlesource.com/963166 Commit-Queue: Peter Marshall <petermarshall@chromium.org> Reviewed-by: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#51944}
-
Sathya Gunasekaran authored
Bug: v8:7317 Change-Id: I20fb706c05852668a5a6ae8b69c150ae2e6b2f65 Reviewed-on: https://chromium-review.googlesource.com/960901Reviewed-by: Mathias Bynens <mathias@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#51943}
-
sreten.kovacevic authored
Implement Push and Load CallerFrameSlot instructions. Also, fix some issues that was revealed after these changes. Bug: v8:6600 Change-Id: I658c26b0dcec489e7e549d4f1fbd4ccd89a6ea99 Reviewed-on: https://chromium-review.googlesource.com/964001Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com> Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com> Cr-Commit-Position: refs/heads/master@{#51942}
-
Michael Starzinger authored
R=titzer@chromium.org Change-Id: I9c947440e4e92ff7176d8dc2f334182c524898f9 Reviewed-on: https://chromium-review.googlesource.com/962451 Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Ben Titzer <titzer@chromium.org> Cr-Commit-Position: refs/heads/master@{#51941}
-
Ilija Pavlovic authored
This test creates a BigInt object with size more then 250 MB. On certain test systems, this large memory consumption will cause the test failing. Therefore, this test will be skipped for MIPS32 architecture. TEST=mjsunit/harmony/bigint/regressions BUG= Change-Id: I21bf86c3e6058818c6db3ed8970c0f1e3873e0a6 Reviewed-on: https://chromium-review.googlesource.com/962381 Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com> Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com> Cr-Commit-Position: refs/heads/master@{#51940}
-
Yang Guo authored
Previously install-sysroot.py relied on gyp. This should be fixed now. This way, tools/node/fetch_deps.py can also be used to fetch dependencies when building V8 to run V8 tests from a Node.js checkout. R=machenbach@chromium.org Change-Id: Ic4ee425d6ae744c32f604d14fbfdb0554a00c486 Reviewed-on: https://chromium-review.googlesource.com/962421 Commit-Queue: Yang Guo <yangguo@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#51939}
-
- 14 Mar, 2018 16 commits
-
-
Erik Luo authored
Now, 'queryObjects' takes an optional 'objectGroup' argument, allowing the frontend to release the response value. This is important because each call produces a new Array, which could not be released before. Bug: chromium:815263 Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel Change-Id: I18c9a68c4ba45020fce9eea63cb263396a18d498 Reviewed-on: https://chromium-review.googlesource.com/935153 Commit-Queue: Erik Luo <luoe@chromium.org> Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> Reviewed-by: Dmitry Gozman <dgozman@chromium.org> Cr-Commit-Position: refs/heads/master@{#51938}
-
Junliang Yan authored
- Update CodeSpecialization::RelocateDirectCalls and ApplyToWholeInstance to take a native module instead - Use CodeSpecialization on NativeModule::LinkAll Bug: v8:7539 Change-Id: I71ceb3114e8a0fca71dfa32f0721ef5fb4485eb4 Reviewed-on: https://chromium-review.googlesource.com/959592 Commit-Queue: Junliang Yan <jyan@ca.ibm.com> Reviewed-by: Ben Titzer <titzer@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#51937}
-
Michael Lippautz authored
Annotate global handle with label to identify the context held alive for debugging in DevTools Bug: chromium:811842 Change-Id: I24f08b4d01939421ba1b7ec7b03982f00ebbdd1a Reviewed-on: https://chromium-review.googlesource.com/962788Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#51936}
-
Corentin Wallez authored
TBR=machenbach@chromium.org BUG=chromium:815092 Change-Id: Ib49dc50e41f0a7ec26d974b3d9d302003230f6e4 Reviewed-on: https://chromium-review.googlesource.com/962993Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Corentin Wallez <cwallez@chromium.org> Cr-Commit-Position: refs/heads/master@{#51935}
-
Sergiy Byelozyorov authored
TBR=sergiyb@chromium.org No-Try: true No-Presubmit: true No-Tree-Checks: true Bug: chromium:821689 Change-Id: Ia4010368738791ded4f0b27ef28d54ca3961e165 Reviewed-on: https://chromium-review.googlesource.com/962790 Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org> Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org> Cr-Commit-Position: refs/heads/master@{#51934}
-
Caitlin Potter authored
- Add a new bytecode for the ToString operation, replacing the old intrinsic call (currently does not collect type feedback). - Add a new AST node to represent TemplateLiterals, and avoid generating unnecessary ToString operations in some simple cases. - Use a single feedback slot for each string addition, because the type feedback should always be the same for each addition This seems to produce a very slight improvement on JSTests benchmarks and bench-ruben.js from v8:7415, and it's possible that type feedback for the ToString bytecode could provide more opportunities to eliminate the runtime call in TurboFan. Doesn't touch tagged templates [esnext] fix OOB read in ASTPrinter::VisistTemplateLiteral Fixes an error where TemplateLiteral printing in --print-ast would try to read an element beyond the length of a vector. BUG=v8:7415, chromium:820596 R=adamk@chromium.org, gsathya@chromum.org, rmcilroy@chromium.org, ishell@chromium.org, bmeurer@chromium.org Change-Id: Ie56894f73a6445550a5f95f42160c4e29ab1da42 Reviewed-on: https://chromium-review.googlesource.com/958408Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Caitlin Potter <caitp@igalia.com> Cr-Commit-Position: refs/heads/master@{#51933}
-
Ben L. Titzer authored
This CL is preparation for moving the contents of the WasmContext directly into the WasmInstanceObject. The moved fields are all untagged pointers to C++ memory or untagged sizes which will be used in generated machine code for WASM. They are not currently used, but they are all set to kHeapObjectTag to make sure they are not interpreted as tagged by the GC, using a custom object descriptor. R=mstarzinger@chromium.org CC=clemensh@chromium.org Bug: v8:7424 Change-Id: Ie5d5161df32564dcac74c6ff659f1a38ddca3cb0 Reviewed-on: https://chromium-review.googlesource.com/961065 Commit-Queue: Ben Titzer <titzer@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#51932}
-
Sergiy Byelozyorov authored
TBR=sergiyb@chromium.org No-Try: true No-Presubmit: true Bug: chromium:821689 Change-Id: Ia5c13fb9d22a5695025434f3e48821469a79a0a3 Reviewed-on: https://chromium-review.googlesource.com/963021 Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org> Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org> Cr-Commit-Position: refs/heads/master@{#51931}
-
Clemens Hammacher authored
This adds support for i32.wrap/i64, i64.extend_s/i32, and i64.extend_u/i32. R=titzer@chromium.org Bug: v8:6600 Change-Id: Iaeac1d24a53d044151cb244fffe3eab04314d908 Reviewed-on: https://chromium-review.googlesource.com/962281 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Ben Titzer <titzer@chromium.org> Cr-Commit-Position: refs/heads/master@{#51930}
-
Dan Elphick authored
Now that Array.from() always calls the runtime to set the length if it's not equal to the current length, don't actually set it on the fast path since it's unobservable and doesn't change anything. Also remove check for the array being writable since it's no longer needed. Change-Id: I0928d80b445807912fd925f7957c9a76385fc6bc Reviewed-on: https://chromium-review.googlesource.com/961403Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#51929}
-
Michael Starzinger authored
R=titzer@chromium.org BUG=v8:7549 Change-Id: Ie77a22f0a6204d673d130be45ca20d5986cddd88 Reviewed-on: https://chromium-review.googlesource.com/962423 Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Ben Titzer <titzer@chromium.org> Cr-Commit-Position: refs/heads/master@{#51928}
-
Michael Starzinger authored
R=titzer@chromium.org BUG=v8:7549 Change-Id: Ibae3ea41306ae89ee5caaa6ab2fdec6f08f2040c Reviewed-on: https://chromium-review.googlesource.com/962361Reviewed-by: Ben Titzer <titzer@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#51927}
-
Ben L. Titzer authored
This removes the relocation mode and code specialization for table sizes. These are now stored in the context and not inlined into code. Bug: v8:7549, v8:7424 R=mstarzinger@chromium.org Change-Id: I4cec78fdd365cd0c1dab9f5f4b40ffb69f540bda Reviewed-on: https://chromium-review.googlesource.com/962221 Commit-Queue: Ben Titzer <titzer@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#51926}
-
Michael Starzinger authored
R=clemensh@chromium.org BUG=v8:7549 Change-Id: Ied73ba2c146441c87c5ada65285037b68a83abe1 Reviewed-on: https://chromium-review.googlesource.com/962026Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#51925}
-
Benedikt Meurer authored
This is a partial revert of e583fc83. The reasoning here is that the treatment of SpeculativeToNumber[hint] was not consistent (which led to the original bug that caused the performance regression): The semantics of the operator is that it turns its input into a number, and might bailout if the input is too complex to accomplish that within optimized code. It can use the hint to handle even fewer cases without the risk of a deoptimization loop. However it cannot rely on the hint influencing the output, especially not before SimplifiedLowering ran. The code for the OOB element access however relied on the hint being enforced, which caused the original bug. This CL repairs that and instead uses CheckSmi for the OOB element access guard. Also-By: tebbi@chromium.org Bug: chromium:819298, chromium:820729 Change-Id: I9b2170ccf9b5561d698c0108e93e538cac1e708c Reviewed-on: https://chromium-review.googlesource.com/961066Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#51924}
-
Michael Starzinger authored
R=clemensh@chromium.org BUG=v8:7549 Change-Id: Ie2d9d9b569b46396e78b3a6c39fe7e36b6090608 Reviewed-on: https://chromium-review.googlesource.com/962247Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#51923}
-