While enabling "-fstack-protector", compiler generates code in
function prologue and epilogue to do stack check. However, without
knowing that 'r1', 'r2' and 'r3' is used/destroyed in inline asm,
compiler assumes that 'r1', 'r2', or 'r3' can be used exclusively,
which leads to a core dump.
Fix to this is quite straightforward, just add clobber list to the
inlineasm.
BUG=None
TEST=manually checked the generated asm code,boot up chrome browser successfully with this modification
Review URL: https://chromiumcodereview.appspot.com/9618017
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10977 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This is a preparatory step for using the HashMap clas with Literal keys in the
full code generator. It removes some duplicated code already and removes the
need for 2 HashMaps at each use, which was overly complicated.
Removed one dead function on the way.
Review URL: https://chromiumcodereview.appspot.com/9639011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10973 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
1. The write barrier (RecordWriteStub) expects that pointer stored
points to an initialized object. Specifically, the map must be set
before it is stored.
2. The backing store for smi-only elements can only be reused for
double elements if it is in new-space. Otherwise, we need to allocate
a fresh one because the old one is in pointer-space and the new one
has to be in data-space.
BUG=117037
Review URL: https://chromiumcodereview.appspot.com/9633017
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10968 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
All module expressions, and all variables that might refer to modules,
are assigned interfaces (module types) that are resolved using
unification. This is necessary to deal with the highly recursive
nature of ES6 modules, which does not allow any kind of bottom-up
strategy for resolving module names and paths.
Error messages are rudimental right now. Probably need to track
more information to make them nicer.
R=svenpanne@chromium.org
BUG=v8:1569
TEST=
Review URL: https://chromiumcodereview.appspot.com/9615009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10966 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Previously, there were 1 or 2 calls to the runtime when accessors were changed
or set. This doesn't really work well with property attributes, leading to some
hacks and complicates things even further when trying to share maps in presence
of accessors. Therefore, the runtime entry now takes the full triple (getter,
setter, attributes), where the getter and/or the setter can be null in case they
shouldn't be changed.
For now, we do basically the same on the native side as we did before on the
JavaScript side, but this will change in future CLs, the current CL is already
large enough.
Note that object literals with a getter and a setter for the same property still
do 2 calls, but this is a little bit more tricky to fix and will be handled in a
separate CL.
Review URL: https://chromiumcodereview.appspot.com/9616016
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10956 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
The heap profiler randomly crashed because of memory corruption caused
by unexpected heap objects layout changes occured between count and fill
passes. The changes lead the number of retainers counted on the first pass
did not match its number on the fill pass leading to the out of bounds
array access.
Besides that the mark bit scheme has been changed to a plain vector one in
dominators building algorithm. It is up to 4x faster because of smaller
memory access footprint.
BUG=
TEST=
Review URL: https://chromiumcodereview.appspot.com/9594020
Patch from Alexei Filippov <alexeif@chromium.org>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10928 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Port r10905 (2a997cf).
Original commit message:
Allow Crankshaft to inline ordered relational comparisons (<, >, <=, >=) that have undefined arguments in addition to double value arguments (rather than calling the generic Compare stub).
BUG=
TEST=
Review URL: https://chromiumcodereview.appspot.com/9583038
Patch from Daniel Kalmar <kalmard@homejinni.com>.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10925 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Inlined strict mode functions (that are not called as methods) will get
their receiver reset to undefined. This should not happen when inlining
constructors.
This change also simplifies the test suite to reuse the same closures
into which constructors get inlined and use gc() to force V8 to forget
collected type feedback.
R=vegorov@chromium.org
TEST=mjsunit/compiler/inline-construct
Review URL: https://chromiumcodereview.appspot.com/9597017
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10920 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This is essential for the upcoming map sharing with accessors, and we aleady
have enough machinery to handle the holes now. Furthermore, use "To" template in
2 nearby functions, and made naming a bit more consistent.
In a nutshell: This CL should have no visible effect at all at the moment.
Famous last words...
Review URL: https://chromiumcodereview.appspot.com/9594013
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10919 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
