AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
24,117 Commits 1 Branch 0 Tags 839 MiB
7f34af65aa
Commit Graph

1422 Commits

Author SHA1 Message Date
verwaest
01f40e6ad6 Fix keyed element access wrt string wrappers 
BUG=v8:4296
LOG=n

Review URL: https://codereview.chromium.org/1228063004

Cr-Commit-Position: refs/heads/master@{#29618}
 2015-07-13 15:39:07 +00:00
verwaest
0b3d6f7a7d Reload the map of typed arrays after performing ToNumber. 
BUG=chromium:507980
LOG=n

Review URL: https://codereview.chromium.org/1234553002

Cr-Commit-Position: refs/heads/master@{#29570}
 2015-07-10 12:49:40 +00:00
ishell
b625d4d8cc [arm64] Fixed unnecessary environment assignment to LSmiTag instruction. 
BUG=chromium:490021
LOG=N

Review URL: https://codereview.chromium.org/1235563002

Cr-Commit-Position: refs/heads/master@{#29567}
 2015-07-10 11:36:17 +00:00
binji
d42e81d587 d8 workers: fix race on quit() with context_mutex_ 
When quit() is called, d8 shell exits without cleanup. If a worker is running,
it might be holding the context_mutex_, which if destroyed will DCHECK.

BUG=4279
R=jarin@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1231473002

Cr-Commit-Position: refs/heads/master@{#29557}
 2015-07-09 19:30:29 +00:00
binji
54920cd2f0 Fix cluster-fuzz found regression with d8 Workers 
This one occurred when serializing an object. When the property getter threw an
exception, that value was skipped, but the property count wasn't updated. The
deserializer then tried to deserialize the wrong value.

BUG=chromium:506549
R=jarin@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1220193004

Cr-Commit-Position: refs/heads/master@{#29541}
 2015-07-08 17:58:00 +00:00
ishell
52b3e41799 Fixed a couple of proxies-related unhandled exceptions. 
BUG=chromium:506956, chromium:505907
LOG=N

Review URL: https://codereview.chromium.org/1215463012

Cr-Commit-Position: refs/heads/master@{#29530}
 2015-07-08 11:46:14 +00:00
jkummerow
5379d8bc36 [x64] Fix handling of Smi constants in LSubI and LBitI 
Smi immediates are not supported, so instructions with Smi representations need their constants in a register. LAddI has already been doing this. The manifestation of the bug was that an operation would compute 0 instead of the correct result.

BUG=chromium:478612
LOG=y
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/1224623017

Cr-Commit-Position: refs/heads/master@{#29529}
 2015-07-08 10:20:31 +00:00
machenbach
650ef15c00 Revert of [d8] bounds-check before getting Shell::Worker internal field (patchset #4 id:80001 of https://codereview.chromium.org/1214053004/) 
Reason for revert:
[Sheriff] Fails here:
http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20shared/builds/4737

Original issue's description:
> [d8] bounds-check before getting Shell::Worker internal field
>
> Prevents fatal error in debug builds
>
> BUG=v8:4271
> R=binji@chromium.org
> LOG=N
>
> Committed: https://crrev.com/43ce9c6f101c4224addd9a54e0c39963188dc7fa
> Cr-Commit-Position: refs/heads/master@{#29524}

TBR=binji@chromium.org,jochen@chromium.org,adamk@chromium.org,caitpotter88@gmail.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4271

Review URL: https://codereview.chromium.org/1215333012

Cr-Commit-Position: refs/heads/master@{#29525}
 2015-07-07 21:17:00 +00:00
caitpotter88
43ce9c6f10 [d8] bounds-check before getting Shell::Worker internal field 
Prevents fatal error in debug builds

BUG=v8:4271
R=binji@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/1214053004

Cr-Commit-Position: refs/heads/master@{#29524}
 2015-07-07 21:06:19 +00:00
mstarzinger
b8ecd94c72 [turbofan] Fix bogus materialization from frame with OSR. 
The context constant cannot be materialized from the frame when we are
compiling for OSR, because the context spill slot contains the current
instead of the outermost context in full-codegen.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1220013003

Cr-Commit-Position: refs/heads/master@{#29472}
 2015-07-06 03:40:29 +00:00
yangguo
619570b3dd Make sure the constant pool size is as promised. 
LOG=N
R=bmeurer@chromium.org
BUG=chromium:506443

Review URL: https://codereview.chromium.org/1217673003

Cr-Commit-Position: refs/heads/master@{#29463}
 2015-07-03 10:32:37 +00:00
binji
ffa6b5fe6c Change d8 Worker API so it takes a string instead of a function. 
This is more consistent with the DOM API, and is clearer w.r.t. which values
are available in the lexical environment of the Worker.

BUG=chromium:497295
R=jarin@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1218553004

Cr-Commit-Position: refs/heads/master@{#29426}
 2015-07-01 16:41:56 +00:00
binji
abaa094a2b Fix cluster-fuzz found regression in d8 Workers 
v8::Internal::List will DCHECK when indexing out of the array, even if just to
get the address, and the value is never used. So this construct will fail:

    memcpy(p, &data[0], length);

When data is empty and length is 0.

BUG=chromium:505778
R=mstarzinger@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1216853003

Cr-Commit-Position: refs/heads/master@{#29388}
 2015-06-30 16:49:09 +00:00
yangguo
4f9cf2bb1e Use correct LookupIterator in CallSite::GetMethodName. 
R=verwaest@chromium.org
BUG=chromium:505370
LOG=N

Review URL: https://codereview.chromium.org/1218023002

Cr-Commit-Position: refs/heads/master@{#29385}
 2015-06-30 16:28:07 +00:00
mstarzinger
a7697bdcc7 Fix clobbered register when setting this_function variable. 
Reland of https://crrev.com/bf2bbc8ba508ccd21edf3c08d2e4192c4764ae91

R=bmeurer@chromium.org
TEST=mjsunit/regress/regress-crbug-498022
BUG=chromium:498022
LOG=N

Review URL: https://codereview.chromium.org/1214483008

Cr-Commit-Position: refs/heads/master@{#29372}
 2015-06-30 10:39:16 +00:00
ishell
b8cce79f41 A couple of other "stack overflow" vs. "has_pending_exception()" issues in debugger fixed. 
BUG=chromium:505007
LOG=N

Review URL: https://codereview.chromium.org/1219693003

Cr-Commit-Position: refs/heads/master@{#29369}
 2015-06-30 08:30:18 +00:00
mstarzinger
df06f1c715 [turbofan] Fix exit control flow in TryCatchBuilder. 
This makes sure that the exit control flow that merges the try-block
with the catch-block after a try-catch-statement creates a new merge
node in cases where it has to. Otherwise dangling phi nodes might have
the wrong number of value inputs.

R=bmeurer@chromium.org
TEST=mjsunit/regress/regress-crbug-505354
BUG=chromium:505354
LOG=N

Review URL: https://codereview.chromium.org/1213183003

Cr-Commit-Position: refs/heads/master@{#29362}
 2015-06-30 03:23:41 +00:00
oth
cff8c9b933 Ensure mjsunit tests use dashes not underscores in flags directives. 
BUG=chromium:505228
LOG=Y

Review URL: https://codereview.chromium.org/1219723002

Cr-Commit-Position: refs/heads/master@{#29355}
 2015-06-29 17:08:18 +00:00
yangguo
972beef14c Parse eagerly inside block scopes. 
Only this way we can precisely determine how to allocate let variables
inside the scope.

R=rossberg@chromium.org
BUG=v8:4255
LOG=N

Review URL: https://codereview.chromium.org/1216013002

Cr-Commit-Position: refs/heads/master@{#29354}
 2015-06-29 16:16:21 +00:00
binji
e291b78a8e Fix cluster-fuzz found regression in d8 Workers. 
This one occurs when Function.prototype.toString is overridden to return a
non-string.

BUG=chromium:504729
R=mstarzinger@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1214803004

Cr-Commit-Position: refs/heads/master@{#29351}
 2015-06-29 15:53:22 +00:00
binji
93c43523ea Fix cluster-fuzz found regression in d8 Workers. 
Dumb typo introduced in refs/heads/master@{#29306}. I thought I was turning on
report_exceptions in Shell::ExecuteString, but instead I turned on print_result
(which assumes an interactive debugger and a HandleScope for the
utility_context_).

BUG=chromium:504727,chromium:504728
R=mstarzinger@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1219563002

Cr-Commit-Position: refs/heads/master@{#29350}
 2015-06-29 15:48:39 +00:00
arv
47dd45c0ab [es6] Remove harmony-object-literal flag 
And move tests to es6 directory

BUG=v8:3516
LOG=N
R=adamk@chromium.org, rossberg@chromium.org

Review URL: https://codereview.chromium.org/1218473003

Cr-Commit-Position: refs/heads/master@{#29334}
 2015-06-26 19:49:53 +00:00
yangguo
8c72792b6d Mark function info as compiled after EnsureDeoptimizationSupport. 
Note that prior to having canonical shared function infos, this has
been a source of duplicate shared function infos.

R=bmeurer@chromium.org
BUG=chromium:504787
LOG=N

Review URL: https://codereview.chromium.org/1209383002

Cr-Commit-Position: refs/heads/master@{#29326}
 2015-06-26 13:17:05 +00:00
binji
28b0129b03 Fix cluster-fuzz regression when getting message from Worker 
The issue is that Worker.prototype.terminate was deleting the C++ Worker
object, and then Worker.prototype.getMessage was trying to read messages from
the queue.

The simplest solution is to keep workers in a zombie state when they have been
terminated. They won't be reaped until Shell::CleanupWorkers is called.

I've also fixed some threading issues with Workers:

* Workers can be created by another Worker, so the Shell::workers_ variable
must be protected by a mutex.

* An individual Worker can typically only be accessed by the isolate that
created it, but the main thread can always terminate it, so the Worker::state_
must be accessed in a thread-safe way.

BUG=chromium:504136
R=jochen@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1208733002

Cr-Commit-Position: refs/heads/master@{#29306}
 2015-06-25 18:01:22 +00:00
wingo
40b7d874b2 Reapply "Fix receiver when calling eval() bound by with scope" 
Originally applied in https://codereview.chromium.org/1202963005

BUG=v8:4214
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
LOG=N
R=arv@chromium.org, mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1208873002

Cr-Commit-Position: refs/heads/master@{#29293}
 2015-06-25 13:46:46 +00:00
yangguo
6434ec3087 Reland 2 "Keep a canonical list of shared function infos." 
BUG=v8:4132
LOG=N

Review URL: https://codereview.chromium.org/1211803002

Cr-Commit-Position: refs/heads/master@{#29291}
 2015-06-25 12:20:06 +00:00
erikcorry
daef0ec5f4 Reland Extend big-disjunction optimization to case-independent regexps 
Previous code review https://codereview.chromium.org/1182783009/
R=yangguo@chromium.org
BUG=chromium:482998
LOG=n

Review URL: https://codereview.chromium.org/1204123003

Cr-Commit-Position: refs/heads/master@{#29290}
 2015-06-25 11:42:20 +00:00
yangguo
f7ef0c9921 Revert of Reland "Keep a canonical list of shared function infos." (patchset #3 id:40001 of https://codereview.chromium.org/1211453002/) 
Reason for revert:
proxies test failing https://chromegw.corp.google.com/i/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/903/steps/Mjsunit/logs/proxies

Original issue's description:
> Reland "Keep a canonical list of shared function infos."
>
> This reverts commit 3164aa7483.
>
> Committed: https://crrev.com/cacb646d80daa429f6915824a741f595db7d5044
> Cr-Commit-Position: refs/heads/master@{#29282}

TBR=adamk@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1206263002

Cr-Commit-Position: refs/heads/master@{#29285}
 2015-06-25 10:35:12 +00:00
yangguo
cacb646d80 Reland "Keep a canonical list of shared function infos." 
This reverts commit 3164aa7483.

Review URL: https://codereview.chromium.org/1211453002

Cr-Commit-Position: refs/heads/master@{#29282}
 2015-06-25 09:09:44 +00:00
machenbach
93d130ce70 Revert of Fix receiver when calling eval() bound by with scope (patchset #3 id:40001 of https://codereview.chromium.org/1202963005/) 
Reason for revert:
[Sheriff] Breaks layout tests. Please fix upstream blink first.
http://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Mac/builds/574

Please consider extra blink trybots on a reland.

Original issue's description:
> Fix receiver when calling eval() bound by with scope
>
> Thanks to André Bargull for the report.
>
> BUG=v8:4214
> LOG=N
> R=arv@chromium.org, mstarzinger@chromium.org
>
> Committed: https://crrev.com/3c5f0db3a1768ade68108bf003676ce378d1cbdc
> Cr-Commit-Position: refs/heads/master@{#29259}

TBR=arv@chromium.org,mstarzinger@chromium.org,verwaest@chromium.org,wingo@igalia.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4214

Review URL: https://codereview.chromium.org/1201273004

Cr-Commit-Position: refs/heads/master@{#29267}
 2015-06-24 19:08:35 +00:00
machenbach
3eae40d7a4 Revert of Extend big-disjunction optimization to case-independent regexps (patchset #5 id:80001 of https://codereview.chromium.org/1182783009/) 
Reason for revert:
[Sheriff] Test times out now on msan:
http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/builds/2947

Original issue's description:
> Extend big-disjunction optimization to case-independent regexps
>
> R=yangguo@chromium.org
> BUG=chromium:482998
> LOG=n
>
> Committed: https://crrev.com/d2135603bcf462e15a1284d8ed969f6692610dda
> Cr-Commit-Position: refs/heads/master@{#29264}

TBR=yangguo@chromium.org,erikcorry@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:482998

Review URL: https://codereview.chromium.org/1204013003

Cr-Commit-Position: refs/heads/master@{#29266}
 2015-06-24 19:04:15 +00:00
binji
5023335b4d Fix cluster-fuzz regression with Workers and recursive serialization 
Shell::SerializeValue was using a HandleScope, but was also storing Handles in
an ObjectList. The ObjectList handles would persist after the function had
returned, but will have already been destroyed by the HandleScope, so there is
a use-after-free.

This change removes the HandleScope in Shell::SerializeValue and relies on the
caller's HandleScope.

BUG=chromium:503968
R=jochen@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1211433003

Cr-Commit-Position: refs/heads/master@{#29265}
 2015-06-24 18:31:50 +00:00
erikcorry
d2135603bc Extend big-disjunction optimization to case-independent regexps 
R=yangguo@chromium.org
BUG=chromium:482998
LOG=n

Review URL: https://codereview.chromium.org/1182783009

Cr-Commit-Position: refs/heads/master@{#29264}
 2015-06-24 18:17:41 +00:00
binji
b3bd7289f7 Fix cluster-fuzz regression with Workers when serializing empty string 
BUG=chromium:503991
R=jochen@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1210623002

Cr-Commit-Position: refs/heads/master@{#29263}
 2015-06-24 17:47:23 +00:00
binji
627627b327 Fix cluster-fuzz regression with Workers on mips.debug 
BUG=chromium:503698
R=jochen@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1208573003

Cr-Commit-Position: refs/heads/master@{#29261}
 2015-06-24 17:09:59 +00:00
wingo
3c5f0db3a1 Fix receiver when calling eval() bound by with scope 
Thanks to André Bargull for the report.

BUG=v8:4214
LOG=N
R=arv@chromium.org, mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1202963005

Cr-Commit-Position: refs/heads/master@{#29259}
 2015-06-24 16:47:58 +00:00
binji
3e2c6a2eb7 Fix ReferenceError of Worker in regress-crbug-503578 
Worker is not defined on the V8 Shared bots.

BUG=chromium:503578
R=jarin@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1202763004

Cr-Commit-Position: refs/heads/master@{#29246}
 2015-06-24 05:36:20 +00:00
binji
10b6af71b8 Fix cluster-fuzz found regression in d8 when deserializing ArrayBuffer 
BUG=503578
R=jarin@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1204753002

Cr-Commit-Position: refs/heads/master@{#29244}
 2015-06-24 04:23:58 +00:00
adamk
3164aa7483 Revert "Keep a canonical list of shared function infos." 
Speculative revert in the hopes of fixing serializer crashes seen in canary.

This reverts commit c166945083, as well as
followup change "Do not look for existing shared function info when compiling a new script."
(commit 7c43967bb7).

BUG=chromium:503552,v8:4132
TBR=yangguo@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1207583002

Cr-Commit-Position: refs/heads/master@{#29241}
 2015-06-23 22:59:30 +00:00
ishell
bcb276c6f7 Fixed exception handling in Realm.create(). 
BUG=chromium:501711
LOG=N

Review URL: https://codereview.chromium.org/1207453002

Cr-Commit-Position: refs/heads/master@{#29236}
 2015-06-23 15:08:50 +00:00
verwaest
c49659b008 Don't insert elements transitions into normalized maps 
BUG=chromium:499790
LOG=n

Review URL: https://codereview.chromium.org/1203653003

Cr-Commit-Position: refs/heads/master@{#29233}
 2015-06-23 14:33:11 +00:00
ishell
47421760f4 Map::ReconfigureProperty() should mark map as unstable when it returns a different map. 
BUG=chromium:502930
LOG=N

Review URL: https://codereview.chromium.org/1200003002

Cr-Commit-Position: refs/heads/master@{#29226}
 2015-06-23 11:30:58 +00:00
ishell
5c4aae390f Global handle leak in Realm.create() fixed. 
BUG=chromium:501808
LOG=N

Review URL: https://codereview.chromium.org/1197403002

Cr-Commit-Position: refs/heads/master@{#29224}
 2015-06-23 11:04:21 +00:00
dslomov
e7cdb615ae [destructuring] Implement parameter pattern matching. 
Scoping for initializers is yet incorrect. Defaults are not supported.

R=arv@chromium.org,rossberg@chromium.org
BUG=v8:811
LOG=N

Committed: https://crrev.com/42f30f4ded2b1ca0c4caa7639e6206e93c78ee70
Cr-Commit-Position: refs/heads/master@{#29184}

Review URL: https://codereview.chromium.org/1189743003

Cr-Commit-Position: refs/heads/master@{#29192}
 2015-06-22 14:16:02 +00:00
caitpotter88
5337508fe3 [es6] ship Rest Parameters 
BUG=v8:2159
LOG=N
R=arv@chromium.org, dslomov@chromium.org, rossberg@chromium.org

Review URL: https://codereview.chromium.org/1191653008

Cr-Commit-Position: refs/heads/master@{#29191}
 2015-06-22 13:43:26 +00:00
machenbach
82e8060515 Revert of [destructuring] Implement parameter pattern matching. (patchset #7 id:120001 of https://codereview.chromium.org/1189743003/) 
Reason for revert:
[Sheriff] Breaks tsan:
http://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN/builds/4392

Original issue's description:
> [destructuring] Implement parameter pattern matching.
>
> Scoping for initializers is yet incorrect. Defaults are not supported.
>
> R=arv@chromium.org,rossberg@chromium.org
> BUG=v8:811
> LOG=N
>
> Committed: https://crrev.com/42f30f4ded2b1ca0c4caa7639e6206e93c78ee70
> Cr-Commit-Position: refs/heads/master@{#29184}

TBR=arv@chromium.org,rossberg@chromium.org,caitpotter88@gmail.com,wingo@igalia.com,dslomov@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:811

Review URL: https://codereview.chromium.org/1195163007

Cr-Commit-Position: refs/heads/master@{#29188}
 2015-06-22 13:14:24 +00:00
dslomov
42f30f4ded [destructuring] Implement parameter pattern matching. 
Scoping for initializers is yet incorrect. Defaults are not supported.

R=arv@chromium.org,rossberg@chromium.org
BUG=v8:811
LOG=N

Review URL: https://codereview.chromium.org/1189743003

Cr-Commit-Position: refs/heads/master@{#29184}
 2015-06-22 12:07:13 +00:00
machenbach
a002cbd743 Revert of Ship Harmony Array/TypedArray methods (patchset #6 id:100001 of https://codereview.chromium.org/1187543003/) 
Reason for revert:
[Sheriff] Breaks gcstress and mac asan:
http://build.chromium.org/p/client.v8/builders/V8%20GC%20Stress%20-%203/builds/3896
http://build.chromium.org/p/client.v8/builders/V8%20Mac64%20ASAN/builds/1774

Original issue's description:
> Ship Harmony Array/TypedArray methods
>
> CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
> BUG=v8:3578
> LOG=Y
> R=adamk
>
> Committed: https://crrev.com/7142b0d211b732e1c119fded80f43fbbd9cea0f8
> Cr-Commit-Position: refs/heads/master@{#29170}

TBR=adamk@chromium.org,littledan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3578

Review URL: https://codereview.chromium.org/1195163002

Cr-Commit-Position: refs/heads/master@{#29171}
 2015-06-20 07:25:27 +00:00
littledan
7142b0d211 Ship Harmony Array/TypedArray methods 
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
BUG=v8:3578
LOG=Y
R=adamk

Review URL: https://codereview.chromium.org/1187543003

Cr-Commit-Position: refs/heads/master@{#29170}
 2015-06-20 00:02:02 +00:00
binji
e6fed5e895 Fix cluster-fuzz bug introduced in refs/heads/master@{#28796} 
Don't DCHECK in the atomic runtime functions.

BUG=chromium:501809,chromium:497295
R=jarin@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1189223003

Cr-Commit-Position: refs/heads/master@{#29159}
 2015-06-19 16:14:15 +00:00