- 08 Jun, 2017 14 commits
-
-
Toon Verwaest authored
[builtins] Make sure to perform ToPrimitive(key, hint string) in hasOwnProperty even if the receiver is a smi. Bug: chromium:707580 Change-Id: I38f8740ac0df5d5e4e99808e4fa20bae88a23a11 Reviewed-on: https://chromium-review.googlesource.com/528077Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#45790}
-
Michael Starzinger authored
Both TurboFan and ThinStrings have been enabled by default for a while. This just disentangles the implication between those two flags and sets the --thin-strings individually. There is no technical reason for the implication. R=jkummerow@chromium.org Change-Id: I26e5357ffaf953de897c76d6edb8ac640bbeafd0 Reviewed-on: https://chromium-review.googlesource.com/528076Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#45789}
-
v8-autoroll authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/4161431..9d6666d TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org Change-Id: I3bddd9d99ea1840cce06dcb2c5b2bed33d2e7a7b Reviewed-on: https://chromium-review.googlesource.com/527576Reviewed-by: v8 autoroll <v8-autoroll@chromium.org> Commit-Queue: v8 autoroll <v8-autoroll@chromium.org> Cr-Commit-Position: refs/heads/master@{#45788}
-
Sathya Gunasekaran authored
Bug: v8:5717 Change-Id: I03579764656aa743bbc9bbf08e6affecd626d73d Reviewed-on: https://chromium-review.googlesource.com/527338Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#45787}
-
Ross McIlroy authored
Add the ability for the typer to track whether a string could be the empty string. This is needed for typed lowering of JSStringConcat since we can't create cons string chain with the empty string in arbitrary positions. The ToPrimitiveToString bytecode handler is modified to collect feedback on whether it has ever seen the empty string, which is used by SpeculativeToPrimitiveToString to ensure that the output is non-empty (or depot) which will subsiquently be used to enable inline cons-string creation for the JSStringConcat operator in typed lowering in a subsiquent CL. BUG=v8:6243 Change-Id: I41b99b59798993f756aada8cff90fb137d65ea52 Reviewed-on: https://chromium-review.googlesource.com/522122 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#45786}
-
Michael Starzinger authored
The variant in question was intended to test Crankshaft, which is being deprecated. Note that the variants 'nooptimization' and 'fullcode' still test configuration where TurboFan is not active. R=machenbach@chromium.org BUG=v8:6408 Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng Change-Id: I587c3eee7ba511dfc270aab66b546d2532bc635f Reviewed-on: https://chromium-review.googlesource.com/528133Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#45785}
-
hpayer authored
BUG=chromium:626082, chromium:728228 Review-Url: https://codereview.chromium.org/2927553003 Cr-Commit-Position: refs/heads/master@{#45784}
-
Mythri authored
ThrowIfHole bytecodes were handled by introducing deopt points to check for a hole. To avoid deopt loops a hole check protector was used to generate control flow if there was a deopt due to a hole. However, the normal control flow version should be as fast as the deopt version in general. The deopt version could potentially consume less compile time but it may not be worth the complexity added. Hence simplifying it to only construct the control flow. Bug: v8:6383 Change-Id: Icace11f7a6e21e64e1cebd104496e3f559bc85f7 Reviewed-on: https://chromium-review.googlesource.com/525573Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Mythri Alle <mythria@chromium.org> Cr-Commit-Position: refs/heads/master@{#45783}
-
Michael Starzinger authored
This removes the last remaining dual implications between sets of flags. Support for this was originally added to support multiple subsequent calls to {SetFlagFromString} switching a set of flags on and off. Now that Chrome no longer relies on this behavior we can remove support for this entirely. Original CL: https://crrev.com/f774d8c56f00de92614886fc4cb541411eff7aa1 R=rmcilroy@chromium.org BUG=v8:6408 Change-Id: I5f9db8457c562c0b434ea7d6eca9941c76fe7d19 Reviewed-on: https://chromium-review.googlesource.com/527174Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#45782}
-
Toon Verwaest authored
Don't treat new prototypes differently depending on how they become a prototype. This is work towards always keeping prototypes in slow-mode. Bug: v8:6471 Change-Id: I62de1018e21d91fda3a5da044615f32c718910b1 Reviewed-on: https://chromium-review.googlesource.com/526596Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#45781}
-
gdeepti authored
Review-Url: https://codereview.chromium.org/2930833002 Cr-Commit-Position: refs/heads/master@{#45780}
-
jgruber authored
This adds block coverage support for simple iteration. For-of and for-in loops are not yet covered, and we don't yet keep execution counts for init, cond, and next statements. BUG=v8:6000 Change-Id: I30b468a2c93f0bb60e857b6632be92920f6857e0 Reviewed-on: https://chromium-review.googlesource.com/527113 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Marja Hölttä <marja@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#45779}
-
v8-autoroll authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/d122cd7..4161431 Rolling v8/third_party/catapult: https://chromium.googlesource.com/external/github.com/catapult-project/catapult/+log/3919ea6..32bdd96 TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org Change-Id: I89800f7149815faaf1c83764275b09d206515055 Reviewed-on: https://chromium-review.googlesource.com/527481Reviewed-by: v8 autoroll <v8-autoroll@chromium.org> Commit-Queue: v8 autoroll <v8-autoroll@chromium.org> Cr-Commit-Position: refs/heads/master@{#45778}
-
Eric Holk authored
Array buffers can now have an allocation that is larger than the actual buffer, such as when WebAssembly guard regions are enabled. Embedders need to know the actual allocation start and length when externalizing a buffer so they can deallocate it properly. Bug: chromium:720302, v8:5277 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: Ifc184fdd59d77af01c07a64d2c0229ca859a01b0 Reviewed-on: https://chromium-review.googlesource.com/523271 Commit-Queue: Eric Holk <eholk@chromium.org> Reviewed-by: Jochen Eisinger <jochen@chromium.org> Cr-Commit-Position: refs/heads/master@{#45777}
-
- 07 Jun, 2017 26 commits
-
-
sander authored
Calling `read(filename, 'binary')` should return an ArrayBuffer like SpiderMonkey does. It is possible to call `readbuffer` instead, but that function is not available in the SpiderMonkey JS shell. BUG=v8:6464 R=bradnelson@chromium.org Review-Url: https://codereview.chromium.org/2922353002 Cr-Commit-Position: refs/heads/master@{#45776}
-
Igor Sheludko authored
Store the rest raw data fields as ints. Bug: v8:6470 Change-Id: I3d4ab56a722ed6c0b5cb30ecee2d94d7c8f07b40 Reviewed-on: https://chromium-review.googlesource.com/526638 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#45775}
-
Igor Sheludko authored
Store 'length' and 'formal_parameter_count' fields as raw ints. Also fixed a couple of issues on the way. TBR=verwaest@chromium.org Bug: v8:6470 Change-Id: I74ecd87cb0f041e61dab50d8bc29e3604dd1d09c Reviewed-on: https://chromium-review.googlesource.com/527156 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#45774}
-
Andreas Haas authored
This CL extracts the classes CompilationHelper, InstantiationHelper, and AsyncCompileJob from wasm-module.cc and puts them into module-compiler.{h|cc}. This is necessary to introduce a WasmCompilationManager which is known to the isolate and manages the lifetime of all AsyncCompileJobs. In addition to the mechanical changes of copying the code and splitting class declaration from instantiation, I did the following changes: * I renamed the CompilationHelper to ModuleCompiler. * A finalizer function is passed to the InstantiationHelper as a parameter. * Adjusted UpdateDispatchTable in wasm-module.cc to make it available in wasm-module.h, also with the internal signature. * Duplicate the ResolvePromise/RejectPromise helper functions. I did not rename InstantiationHelper because I could not come up with a good name, and it could benefit from a small special refactoring anyways. BUG=v8:6436 R=clemensh@chromium.org, mtrofin@chromium.org Change-Id: I4abe854c36dfc995b34c9d7b3e7ec0f4f0aa562e Reviewed-on: https://chromium-review.googlesource.com/525572 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Mircea Trofin <mtrofin@chromium.org> Cr-Commit-Position: refs/heads/master@{#45773}
-
Michael Starzinger authored
The two variants "turbofan" and "turbofan_opt" are not part of any of the default sets of variants that run-tests.py uses. The only way to trigger execution would be via the --variants flag directly, which our infrastructure is not doing. R=machenbach@chromium.org Change-Id: Ifa58cb4a83a3760ffba73e8b40b417a845f53506 Reviewed-on: https://chromium-review.googlesource.com/526637Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#45772}
-
danno authored
Review-Url: https://codereview.chromium.org/2926123002 Cr-Commit-Position: refs/heads/master@{#45771}
-
jarin authored
BUG=chromium:729369 Review-Url: https://codereview.chromium.org/2926063002 Cr-Commit-Position: refs/heads/master@{#45770}
-
Sathya Gunasekaran authored
Bug: v8:5717 Change-Id: Idf29fd079c0cdd6c2498b2ea5bfb54e0c0d52c56 Reviewed-on: https://chromium-review.googlesource.com/526433 Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#45769}
-
jgruber authored
Use the new ToString_Inline function instead, which performs a quick IsString check and calls the ToString builtin to handled conversion. This reduces builtins code size by 3K. BUG=v8:5737 Change-Id: I103e628b905aed9d74dd7b4c4a98c5b0a16fd476 Reviewed-on: https://chromium-review.googlesource.com/527133Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#45768}
-
Camillo Bruni authored
Bug: chromium:727000 Change-Id: I0fb6fecc9564aee97bcf7c0e9201c580572061be Reviewed-on: https://chromium-review.googlesource.com/525717 Commit-Queue: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#45767}
-
Michael Achenbach authored
Bug: v8:6408 Change-Id: I10a191561fbb1f0312b1c4270b21c393e8efe51c Reviewed-on: https://chromium-review.googlesource.com/527075Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#45766}
-
Alexey Kozyatinskiy authored
BytecodeArrayBreakIterator doesn't iterate through locations in position() order. SkipToPosition is looking for closest break_index to passed one. So we should iterate through all breakable locations in function to get all of them. R=jgruber@chromium.org Bug: v8:6469 Change-Id: Ida0b849e9df40458a13e0a0f7af6a00349088228 Reviewed-on: https://chromium-review.googlesource.com/527135Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> Cr-Commit-Position: refs/heads/master@{#45765}
-
danno authored
This CL contains a few pieces: - A new mechanism to create "BuiltinContinuation" checkpoints in TurboFan graphs, which--when triggered--swizzle the values in the the FrameState to be parameters to a typically TF-generated builtin that resumes execution to finish the slow-case functionality. - Continuation builtins that have special handling in the deoptimizer and their own new frame type to ensure that the values they need to begin executing can be stashed away and restored immediately before the builtin is called via a trampoline that runs when the continuation builtin's frame execution resumes. - An implementation of Array.prototype.forEach in TurboFan that can be used to inline it. The inlined forEach implementation uses the checkpoints mechanism described above to deopt in the middle of the forEach in the cases that optimization invariants are violated. There is a slightly different continuation stub for each deopt point in the forEach implementation to ensure the correct side-effects, i.e. that the deopt of the builtin isn't programmatically observable. Review-Url: https://codereview.chromium.org/2803853005 Cr-Commit-Position: refs/heads/master@{#45764}
-
hpayer authored
BUG=chromium:729521 CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_rel_ng Review-Url: https://codereview.chromium.org/2923563006 Cr-Commit-Position: refs/heads/master@{#45763}
-
Michael Starzinger authored
R=jkummerow@chromium.org Change-Id: I8e972d27c3f106b7838b4341a053b07f516d7c1e Reviewed-on: https://chromium-review.googlesource.com/527035Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#45762}
-
Ulan Degenbaev authored
This patch also changes String body descriptor to use synchronized length and adds atomic live_bytes accessor. BUG=chromium:694255 Change-Id: I41233b2097ec5c6a4ea2c45d4b8febf7ffca155e Reviewed-on: https://chromium-review.googlesource.com/527093Reviewed-by: Hannes Payer <hpayer@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#45761}
-
Ross McIlroy authored
Adds support for Speculatively lower ToPrimitiveToString to CheckString where the type hint shows the value has always been a string. BUG=v8:6243 Change-Id: I7f36deb8c2bc309e6d0546e099c76ac518c6be09 Reviewed-on: https://chromium-review.googlesource.com/521123 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#45760}
-
Jakob Kummerow authored
When the slow path for Array.prototype.indexOf calls a Proxy's "has" trap, it must check afterwards whether an exception was thrown. BUG=chromium:728813 Change-Id: I998bba6ddcd65adfed2eefb63b3285da60d2a43c Reviewed-on: https://chromium-review.googlesource.com/527173Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#45759}
-
Michael Starzinger authored
This removes the test suite variant for stressing Crankshaft from the list of supported variants. Other stress variants remain untouched. R=machenbach@chromium.org Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng Change-Id: Iad236c2b80a1dea21b8be9b931e6a4e88f3ebcc5 Reviewed-on: https://chromium-review.googlesource.com/527094Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#45758}
-
Mythri authored
This cl: https://chromium-review.googlesource.com/509613 changed CheckNotTaggedHole to not produce any value output. This would mean that in some cases, we could leak hole on value edges. This violates the assumption that we cannot see a hole on several operators. Fixing this back to the original state. Bug: chromium:730254 Change-Id: I3512930e88dbe15e9d9b4b0d276868f354cc2ae2 Reviewed-on: https://chromium-review.googlesource.com/527033Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Mythri Alle <mythria@chromium.org> Cr-Commit-Position: refs/heads/master@{#45757}
-
Ross McIlroy authored
Adds support for lowering of ToPrimitiveToString and StringConcat bytecodes to the corresponding builtins. As part of this, moves the interpreter implementation of these operations into the appropriate builtin generators and add builtin support for them. Also adds TailCallRuntimeN operator to code-assembler which enables tail calling a runtime function when the arguments have already been pushed onto the stack. BUG=v8:6243 Change-Id: Id5c851bc42e4ff490d9a23a8990ae331c7eac73e Reviewed-on: https://chromium-review.googlesource.com/515362 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#45756}
-
martyn.capewell authored
NEON loads and stores need notifiers for the local and global memory access monitors. Add these whilst removing the address argument from the notifier, making implementation simpler. BUG= Review-Url: https://codereview.chromium.org/2916853002 Cr-Commit-Position: refs/heads/master@{#45755}
-
Andreas Haas authored
The old implementation of Table.Set in wasm-js.cc accessed information which should be hidden from this level of abstraction, e.g. the internal structure of a WasmTableObject. With this CL, all that is done in wasm-js.cc is the extraction of parameters. The actual logic is happening in wasm-module.{h|cc}. This CL will also make refactoring wasm-module.cc easier. R=clemensh@chromium.org, mtrofin@chromium.org Change-Id: Ifbce6f739459dffc9f9d47e4cd8227638867f3e9 Reviewed-on: https://chromium-review.googlesource.com/525694 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#45754}
-
bmeurer authored
R=jarin@chromium.org, jkummerow@chromium.org Review-Url: https://codereview.chromium.org/2923983002 Cr-Commit-Position: refs/heads/master@{#45753}
-
jgruber authored
It's possible to build circular objects through the reviver function in JSON.parse. Recursion needs to check for stack overflows and throw as needed. BUG=chromium:729671 Change-Id: I52ccd9ed9fea5829810879f8dd8207043fa6d910 Reviewed-on: https://chromium-review.googlesource.com/525812 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#45752}
-
bmeurer authored
The inlining of Function.prototype.bind can lead to escape analyzed bound functions, which weren't handled by the Deoptimizer previously. BUG=chromium:729573 R=jarin@chromium.org,cbruni@chromium.org Review-Url: https://codereview.chromium.org/2931483003 Cr-Commit-Position: refs/heads/master@{#45751}
-