Commit Graph

37424 Commits

Author SHA1 Message Date
machenbach
2517b79cd6 Revert of [string] Migrate String.prototype.{split,replace} to TF (patchset #12 id:220001 of https://codereview.chromium.org/2663803002/ )
Reason for revert:
Breaks win64 debug:
https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20debug/builds/14967

Original issue's description:
> [string] Migrate String.prototype.{split,replace} to TF
>
> BUG=
>
> Review-Url: https://codereview.chromium.org/2663803002
> Cr-Commit-Position: refs/heads/master@{#42881}
> Committed: 65ad1e35d9

TBR=bmeurer@chromium.org,ishell@chromium.org,yangguo@chromium.org,jgruber@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review-Url: https://codereview.chromium.org/2671673003
Cr-Commit-Position: refs/heads/master@{#42882}
2017-02-02 11:10:26 +00:00
jgruber
65ad1e35d9 [string] Migrate String.prototype.{split,replace} to TF
BUG=

Review-Url: https://codereview.chromium.org/2663803002
Cr-Commit-Position: refs/heads/master@{#42881}
2017-02-02 10:09:10 +00:00
ahaas
864799d3eb [wasm] Decoding the names section should stop if there is a problem with locals.
First discovery by the names section fuzzer I think. During the decoding
of the names of locals only ok() of the outer decoder was checked, not
the ok() of the actual names section decoder.

R=tizer@chromium.org
BUG=chromium:684855

Review-Url: https://codereview.chromium.org/2648383007
Cr-Commit-Position: refs/heads/master@{#42880}
2017-02-02 08:38:34 +00:00
bmeurer
2a5046c458 [stubs] Rip out obsolete CallICState.
The CallIC is already not a traditional IC in the V8 sense, so it
doesn't make sense to integrate with the traditional IC machinery.
The plan is to migrate it away completely from the IC world and use
the code that is already available in the interpreter instead.

R=yangguo@chromium.org
BUG=v8:5049

Review-Url: https://codereview.chromium.org/2676543002
Cr-Commit-Position: refs/heads/master@{#42879}
2017-02-02 07:44:18 +00:00
yangguo
d9399cc36b [debugger] account for inlined functions when stepping.
- Remove obsolete BreakLocatorType.
- Perform PrepareStepOnThrow after OnException event, in case stepping
  was scheduled in the exception event.
- Use frame count instead of frame pointer for stepping. Frame pointer
  is not reliable due to possible deopts.
- Consistently check for inlined functions in inlined frames.
- Use SharedFunctionInfo in FloodWithOneshot and EnsureDebugInfo.

R=jgruber@chromium.org
BUG=v8:5901

Review-Url: https://codereview.chromium.org/2664793002
Cr-Commit-Position: refs/heads/master@{#42878}
2017-02-02 07:31:09 +00:00
bmeurer
9432eb5c6a [stubs] Port CallICTrampolineStub to CodeStubAssembler.
First step to unify CallIC in Ignition, TurboFan/Crankshaft and
fullcodegen.

R=yangguo@chromium.org
BUG=v8:5267

Review-Url: https://codereview.chromium.org/2669123002
Cr-Commit-Position: refs/heads/master@{#42877}
2017-02-02 07:25:12 +00:00
bmeurer
9121f72a91 [stubs] Fix naming of CallIC and CallICTrampoline.
Rename the CallIC factory method to CallICTrampoline and the
CallICInOptimizedCode to CallIC to match the naming of the
stubs and better reflect their functionality.

R=yangguo@chromium.org

Review-Url: https://codereview.chromium.org/2670073002
Cr-Commit-Position: refs/heads/master@{#42876}
2017-02-02 06:54:27 +00:00
bmeurer
ed3834db3d [turbofan] Guard invariant that Branch/Select condition must be Boolean.
This introduces additional verification logic to ensure that the
condition passed to Branch/Select operators is always of type
Boolean.

CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_win64_dbg
TBR=jarin@chromium.org
BUG=v8:5267

Review-Url: https://codereview.chromium.org/2672713002
Cr-Commit-Position: refs/heads/master@{#42875}
2017-02-02 06:01:00 +00:00
v8-autoroll
faa0ab66ef Update V8 DEPS.
Rolling v8/build: 47e07d6..7a418db

Rolling v8/third_party/catapult: 4ee31ea..fc2f450

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review-Url: https://codereview.chromium.org/2671563003
Cr-Commit-Position: refs/heads/master@{#42874}
2017-02-02 04:25:10 +00:00
mlippautz
70a31eeb4a [heap] Refactor AllocatedSinceLastGC
Remove the cases that deal with a top pointer that is reset. We should always
be in a sane state wrt. top and age mark. Also add more DCHECKs.

BUG=chromium:672678

Review-Url: https://codereview.chromium.org/2674493002
Cr-Commit-Position: refs/heads/master@{#42873}
2017-02-02 00:14:08 +00:00
jbroman
591cc0b4cc ValueSerializer: Share string encoding code with String and RegExp objects.
This avoids the need to pull in the UTF-8 encoding code from the public API,
and allows it to take advantage of any supported way that i::String can be
encoded (one- or two-byte).

Backward compatibility is maintained, but this is the behavior beginning
with this version.

BUG=chromium:686159

Review-Url: https://codereview.chromium.org/2665653004
Cr-Commit-Position: refs/heads/master@{#42872}
2017-02-01 22:27:02 +00:00
binji
aa3422b671 [SAB] Fix crash in Atomics.wake w/ infinite count.
Also if the count is not specified, it should wake all waiters.

BUG=v8:4777

Review-Url: https://codereview.chromium.org/2659083004
Cr-Commit-Position: refs/heads/master@{#42871}
2017-02-01 21:47:22 +00:00
bbudge
6a82fe9068 [Turbofan] Macro-ize instruction selection for ia32.
- Uses macros to reduce code duplication.
- Uses calls to VisitRO, VisitRR, VisitRROFloat, and VisitFloatUnop to
  reduce code bloat.

LOG=N
BUG=v8:4124

Review-Url: https://codereview.chromium.org/2669683002
Cr-Original-Commit-Position: refs/heads/master@{#42830}
Committed: 5e6eb91d0d
Review-Url: https://codereview.chromium.org/2669683002
Cr-Commit-Position: refs/heads/master@{#42870}
2017-02-01 21:37:35 +00:00
jyan
5b000593c9 s390: fix ri-c format for brc
R=bjaideep@ca.ibm.com, joransiu@ca.ibm.com
BUG=

Review-Url: https://codereview.chromium.org/2667203002
Cr-Commit-Position: refs/heads/master@{#42869}
2017-02-01 20:31:50 +00:00
jyan
8877a3883f s390: fix shift operand overflow
R=bjaideep@ca.ibm.com, joransiu@ca.ibm.com
BUG=

Review-Url: https://codereview.chromium.org/2668763005
Cr-Commit-Position: refs/heads/master@{#42868}
2017-02-01 20:29:01 +00:00
jbroman
c3856de371 ValueSerializer: Check for zero length before casting to FixedDoubleArray.
Even though the elements kind is FAST_DOUBLE_ELEMENTS, if length is zero
the isolate's empty_fixed_array is used. It's illegal to cast this to
FixedDoubleArray, so we avoid the cast.

BUG=chromium:686479

Review-Url: https://codereview.chromium.org/2665313003
Cr-Commit-Position: refs/heads/master@{#42867}
2017-02-01 20:25:56 +00:00
ulan
4975ac41c3 [heap] Respect the old generation max limit when moving new space pages.
BUG=

Review-Url: https://codereview.chromium.org/2672503002
Cr-Commit-Position: refs/heads/master@{#42866}
2017-02-01 20:09:41 +00:00
bbudge
b7df78f363 [ARM] Add Neon saturating add and subtract instructions.
- Adds vqadd.s/u, vqsub.s/u for all integer lane sizes.
- Refactors disassembler and simulator, using switches instead
of long if-else chains.

LOG=N
BUG=v8:4124

Review-Url: https://codereview.chromium.org/2649323012
Cr-Commit-Position: refs/heads/master@{#42865}
2017-02-01 18:56:28 +00:00
bjaideep
5a02d3e88d PPC/S390: Use Load Byte to fix endianess issue
R=joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Review-Url: https://codereview.chromium.org/2668303002
Cr-Commit-Position: refs/heads/master@{#42864}
2017-02-01 18:45:58 +00:00
danno
c9f7f303b9 [csa] Universally use ParameterMode in BuildFastFixedArrayForEach
This allows support for tagged representations of index/loop variables which
asserted in BuildFastFixedArrayForEach's call to Increment up to this point.

Review-Url: https://codereview.chromium.org/2665143002
Cr-Commit-Position: refs/heads/master@{#42863}
2017-02-01 18:23:13 +00:00
bbudge
d8ab932ceb [Turbofan] Macro-ize instruction selection for x64.
- Uses macros to reduce code duplication.
- Uses calls to VisitRO and VisitRR to reduce code bloat.

LOG=N
BUG=v8:4124

Review-Url: https://codereview.chromium.org/2668753004
Cr-Original-Commit-Position: refs/heads/master@{#42828}
Committed: e8e2e3c826
Review-Url: https://codereview.chromium.org/2668753004
Cr-Commit-Position: refs/heads/master@{#42862}
2017-02-01 17:02:57 +00:00
adamk
59b8496c81 [parser] Remove hoist_scope from DeclarationDescriptor
The hoist_scope member of DeclarationDescriptor was only used to pass the function
scope for declaration of parameters containing sloppy evals, for example:

  function f(x = eval("var y")) { }

In cases like this, "x" is declared in the function scope but "y" is declared in an inner scope.
Rather than passing the function scope as "hoist_scope", we simply ask for the outer_scope()
of the inner scope as needed in PatternRewriter.

This reduces the cognitive overhead of understanding what a DeclarationDescriptor has; for
example, it removes some dead code from the PreParser which never has to deal
with a situation like the example above.

Review-Url: https://codereview.chromium.org/2662183002
Cr-Commit-Position: refs/heads/master@{#42861}
2017-02-01 16:55:21 +00:00
ahaas
dd51dd926e [wasm] Change the default lowering of stores.
The int64-lowering only lowered store instructions with a word64 store
representation. For all other stores the default lowering applied. The
default lowering replaces all input nodes with both their replacement
nodes, which can change the number of input nodes of the lowered node.

In WebAssembly there exist stores which take an I64 input and store it
with a different representation, e.g. I32. In TurboFan this translates
to a store node with word32 store representation and a word64 value
input. The default lowering replaces the word64 value input to become
two word32 value inputs, which makes the number of inputs of the store
node invalid. This CL discards the high word replacement of the value
input so that the number of input nodes of a store node does not change
in the default lowering.

R=titzer@chromium.org
CC=rossberg@chromium.org

BUG=

Review-Url: https://codereview.chromium.org/2668023004
Cr-Commit-Position: refs/heads/master@{#42860}
2017-02-01 16:27:12 +00:00
ishell
93f181b6b9 [ic] Introduce IsXyzIC() predicates.
This is a step towards encoding all the necessary information in
the feedback slot kind instead of storing it in the IC dispatcher's
code object flags.

BUG=v8:5849, v8:5917

Review-Url: https://codereview.chromium.org/2662113005
Cr-Commit-Position: refs/heads/master@{#42859}
2017-02-01 16:22:03 +00:00
bjaideep
c00aeb0300 PPC/s390: [wasm] Acquire the context for TrapIf from a wasm frame
Port 87d309dadd

Original Commit Message:

    This is the first step to reduce the size of the out-of-line code of
    TrapIf. Instead of passing the context to the runtime call as a
    parameter, we pass Smi::kZero to the runtime call and then get the
    actual context from the WasmFrame on the stack.

R=ahaas@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=v8:5908
LOG=N

Review-Url: https://codereview.chromium.org/2661363003
Cr-Commit-Position: refs/heads/master@{#42858}
2017-02-01 15:59:01 +00:00
marja
a6e24607f6 [iwyu] Minor iwyu fixes.
BUG=v8:5294

Review-Url: https://codereview.chromium.org/2662393004
Cr-Commit-Position: refs/heads/master@{#42857}
2017-02-01 14:46:14 +00:00
bmeurer
c3fb4b3e5c [tools] Also handle LoadGlobalIC in tickprocessor.
R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2667123002
Cr-Commit-Position: refs/heads/master@{#42856}
2017-02-01 14:11:07 +00:00
neis
5020db7f9c [promises] Fix .arguments on builtin function.
Using .caller, one can get access to the internal function that invokes the
handler passed to Promise.prototype.then.  This internal function is a TF
builtin that was set up as non-native and without an argument adaptor.  As a
consequence of this, when accessing .arguments on it, the frame-walking logic in
the .arguments accessor thinks the number of arguments is -1 and we try to
allocate an array of size -1.

This CL marks the builtin function as native (making its .arguments be null),
along with a few others that may have been incorrect in the same way.

BUG=chromium:682349

Review-Url: https://codereview.chromium.org/2672453002
Cr-Commit-Position: refs/heads/master@{#42855}
2017-02-01 14:06:38 +00:00
neis
f555b07354 [bootstrapper] Refactor CreateFunction and InstallFunction.
Move set_native(true) from InstallFunction into CreateFunction in order to
emphasize the places where we create non-native functions.

No change in semantics overall.

BUG=

Review-Url: https://codereview.chromium.org/2667993005
Cr-Commit-Position: refs/heads/master@{#42854}
2017-02-01 14:02:59 +00:00
ahaas
87d309dadd [wasm] Acquire the context for TrapIf from a wasm frame
This is the first step to reduce the size of the out-of-line code of
TrapIf. Instead of passing the context to the runtime call as a
parameter, we pass Smi::kZero to the runtime call and then get the
actual context from the WasmFrame on the stack.

BUG=v8:5908
R=titzer@chromium.org, clemensh@chromium.org

Review-Url: https://codereview.chromium.org/2664273002
Cr-Commit-Position: refs/heads/master@{#42853}
2017-02-01 13:22:55 +00:00
bmeurer
58611d0115 [tools] Fix RegExp for ticksprocessor.
Properly attribute all builtins, bytecode handlers and other stubs to
the calling function unless --separate-ic is passed.

R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2668953002
Cr-Original-Commit-Position: refs/heads/master@{#42849}
Committed: 42011d2997
Review-Url: https://codereview.chromium.org/2668953002
Cr-Commit-Position: refs/heads/master@{#42852}
2017-02-01 12:32:53 +00:00
bmeurer
2f78186ee9 Revert of [tools] Fix RegExp for ticksprocessor. (patchset #2 id:20001 of https://codereview.chromium.org/2668953002/ )
Reason for revert:
AAAAAHHHHHHH

Original issue's description:
> [tools] Fix RegExp for ticksprocessor.
>
> Properly attribute all builtins, bytecode handlers and other stubs to
> the calling function unless --separate-ic is passed.
>
> R=jarin@chromium.org
> NOTRY=true
>
> Review-Url: https://codereview.chromium.org/2668953002
> Cr-Commit-Position: refs/heads/master@{#42849}
> Committed: 42011d2997

TBR=jarin@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review-Url: https://codereview.chromium.org/2664033005
Cr-Commit-Position: refs/heads/master@{#42851}
2017-02-01 12:02:23 +00:00
ahaas
3b2301650e [wasm] Do float constant folding if the origin is not wasm
I removed some constant folding optimizations for float instruction in
https://codereview.chromium.org/2647353007 because they were incorrect
if the input was a signalling NaN. Removing these optimizations, however
had an unexpectedly big impact on asm.js performance. With this CL I
restore the optimizations again when the source origin is not wasm. In
JavaScript signalling NaNs are not observable and therefore the
optimizations are correct.

R=titzer@chromium.org
BUG=chromium:686654

Review-Url: https://codereview.chromium.org/2666903002
Cr-Commit-Position: refs/heads/master@{#42850}
2017-02-01 11:51:59 +00:00
bmeurer
42011d2997 [tools] Fix RegExp for ticksprocessor.
Properly attribute all builtins, bytecode handlers and other stubs to
the calling function unless --separate-ic is passed.

R=jarin@chromium.org
NOTRY=true

Review-Url: https://codereview.chromium.org/2668953002
Cr-Commit-Position: refs/heads/master@{#42849}
2017-02-01 11:46:40 +00:00
neis
68a8cb532e [turbofan] Mark loads of a module (from a module context) immutable.
This is sound because the slot never changes, and it enables optimization by
JSContextSpecialization.

R=mstarzinger@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2662093004
Cr-Commit-Position: refs/heads/master@{#42848}
2017-02-01 10:51:20 +00:00
petermarshall
cd85a88d78 [turbo] Rename CallFunction* JSOperators to Call*.
Review-Url: https://codereview.chromium.org/2666783007
Cr-Commit-Position: refs/heads/master@{#42847}
2017-02-01 10:45:10 +00:00
Michael Achenbach
8b597e291b Reland "[test] Add back lsan leak detection"
Reland of:
https://codereview.chromium.org/2592663004/

BUG=chromium:656900
TBR=yangguo@chromium.org, glider@chromium.org, titzer@chromium.org

Change-Id: I89b5c6b7a4214e25b4fea6d2ee33cd31b47320cc
Reviewed-on: https://chromium-review.googlesource.com/435319
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#42846}
2017-02-01 10:39:28 +00:00
bmeurer
d369c4dc47 Revert of [turbofan] Constant propagation for JumpIfFalse/JumpIfTrue. (patchset #4 id:60001 of https://codereview.chromium.org/2666283002/ )
Reason for revert:
Breaks win64 it seems.

Original issue's description:
> [turbofan] Constant propagation for JumpIfFalse/JumpIfTrue.
>
> The JumpIfFalse and JumpIfTrue bytecodes test the accumulator, and
> branch based on whether the accumulator is true or false (no other
> value allowed, and in fact TurboFan would blow up if you would pass
> anything else, since Branch operator can only deal with Boolean).
> So for either branch we know exactly the value of the accumulator,
> and we can update the environment to this constant value instead.
>
> This helps to avoid the useless bit materialization that currently
> happens when || or && is being used in a value context.
>
> R=jarin@chromium.org
> BUG=v8:5267
>
> Review-Url: https://codereview.chromium.org/2666283002
> Cr-Commit-Position: refs/heads/master@{#42843}
> Committed: 158ac92871

TBR=jarin@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5267

Review-Url: https://codereview.chromium.org/2668933002
Cr-Commit-Position: refs/heads/master@{#42845}
2017-02-01 10:37:19 +00:00
neis
ed3d888df6 [test] Remove bogus --crankshaft flag from a modules test.
The function being tested is forced to go through Turbofan anyway (since it references a module variable).

Adding --turbo explicitly just to make a check happy.

BUG=

Review-Url: https://codereview.chromium.org/2664393003
Cr-Commit-Position: refs/heads/master@{#42844}
2017-02-01 10:36:09 +00:00
bmeurer
158ac92871 [turbofan] Constant propagation for JumpIfFalse/JumpIfTrue.
The JumpIfFalse and JumpIfTrue bytecodes test the accumulator, and
branch based on whether the accumulator is true or false (no other
value allowed, and in fact TurboFan would blow up if you would pass
anything else, since Branch operator can only deal with Boolean).
So for either branch we know exactly the value of the accumulator,
and we can update the environment to this constant value instead.

This helps to avoid the useless bit materialization that currently
happens when || or && is being used in a value context.

R=jarin@chromium.org
BUG=v8:5267

Review-Url: https://codereview.chromium.org/2666283002
Cr-Commit-Position: refs/heads/master@{#42843}
2017-02-01 09:51:40 +00:00
jgruber
c67dc7e243 Store correct String.prototype map on the context
The String.prototype was altered after snapshot time (during
experimental natives setup), invalidating the stored map used for
fast-path checks.

BUG=

Review-Url: https://codereview.chromium.org/2663303003
Cr-Commit-Position: refs/heads/master@{#42842}
2017-02-01 09:29:50 +00:00
bmeurer
ad9dfc0911 [turbofan][x64] Fix instruction selection for Word32Equal.
The InstructionSelector on x64 didn't properly implement
VisitWord32Equal via VisitWordCompareZero, and thus it didn't
properly combined useless Word32Equal comparisons with zero
(which we use to implement bit negation).

R=jarin@chromium.org
BUG=v8:5267

Review-Url: https://codereview.chromium.org/2662123004
Cr-Commit-Position: refs/heads/master@{#42841}
2017-02-01 09:08:41 +00:00
petermarshall
a7ba61fdb5 [Ignition] Rename New and NewWithSpread bytecodes.
Rename to Construct and ConstructWithSpread, to match the names of
the JSOperators used.

Unfortunately, I can't find a way for auto-formatting to stay happy unless we
change the indentation for the whole BYTECODE_LIST macro.

Review-Url: https://codereview.chromium.org/2663963003
Cr-Commit-Position: refs/heads/master@{#42840}
2017-02-01 09:04:04 +00:00
bmeurer
44cac16f48 [turbofan] Also push Return into Merge even if there's no EffectPhi.
We already had an optimization in the CommonOperatorReducer that would
duplicate a Return with Phi, EffectPhi and Merge inputs into the
respective branches. But we can also do the same if the effect input of
the Return dominates all branches, i.e. if the Return and Phi nodes are
the only users of the Merge node.

This helps with the awkward code generation that we currently observe
for || and && in return position.

R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2668903002
Cr-Commit-Position: refs/heads/master@{#42839}
2017-02-01 08:59:23 +00:00
jgruber
d52ec9e6cf [regexp] Store named captures on the regexp result
This implements storing named captures on the regexp result object.
For instance, /(?<a>.)/u.exec("b") will return a result such that:

result.group.a  // "b"

https://tc39.github.io/proposal-regexp-named-groups/

BUG=v8:5437

Review-Url: https://codereview.chromium.org/2630233003
Cr-Original-Original-Original-Commit-Position: refs/heads/master@{#42532}
Committed: 70000946eb
Review-Url: https://codereview.chromium.org/2630233003
Cr-Original-Original-Commit-Position: refs/heads/master@{#42570}
Committed: ee94fa11ed
Review-Url: https://codereview.chromium.org/2630233003
Cr-Original-Commit-Position: refs/heads/master@{#42676}
Committed: 8bf52534f6
Review-Url: https://codereview.chromium.org/2630233003
Cr-Commit-Position: refs/heads/master@{#42838}
2017-02-01 08:54:38 +00:00
jgruber
0c3a507b3a [heap] Fix GrowAndShrinkNewSpace heap test
BUG=

Review-Url: https://codereview.chromium.org/2659573002
Cr-Commit-Position: refs/heads/master@{#42837}
2017-02-01 08:20:31 +00:00
petermarshall
1a1a3cc492 [turbo] Rename CallConstruct* operators to Construct*.
Review-Url: https://codereview.chromium.org/2662263002
Cr-Commit-Position: refs/heads/master@{#42836}
2017-02-01 08:11:43 +00:00
marja
f33cd98cd6 [scopes]: With --print-scopes, print preparsed scopes before destroying them.
BUG=v8:5516

Review-Url: https://codereview.chromium.org/2666053003
Cr-Commit-Position: refs/heads/master@{#42835}
2017-02-01 07:39:08 +00:00
v8-autoroll
a964fa2900 Update V8 DEPS.
Rolling v8/build: 02f71fd..47e07d6

Rolling v8/buildtools: c302711..a7cc7a3

Rolling v8/third_party/catapult: 986b4e8..4ee31ea

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review-Url: https://codereview.chromium.org/2663373002
Cr-Commit-Position: refs/heads/master@{#42834}
2017-02-01 04:26:52 +00:00
bradnelson
8cee1e7e17 [wasm][asm.js] Fix incorrect stack depth in some returns.
Previously we allowed unreachable returns to be skipped.
This won't work if we strictly follow the spec.

BUG=None
TEST=Manual against more strict wasm validation
R=titzer@chromium.org,rossberg@chromium.org

Review-Url: https://codereview.chromium.org/2668873003
Cr-Commit-Position: refs/heads/master@{#42833}
2017-02-01 04:04:45 +00:00