On MIPS32 we can't read a 8 bytes long data from a not 8 bytes aligned memory address.
BUG=
TEST=mjsunit/debug-backtrace
Review URL: https://codereview.chromium.org/1193433002
Cr-Commit-Position: refs/heads/master@{#29100}
Currently this verifier will post an informative error if the author has not signed CLA, instead of rejecting the CL.
LOG=N
BUG=457428
Review URL: https://codereview.chromium.org/1185193009
Cr-Commit-Position: refs/heads/master@{#29096}
Otherwise we'd have to probe for pending exceptions.
I'll do the same to other interceptors in follow-up CLs
BUG=chromium:495949,v8:4137
LOG=n
Review URL: https://codereview.chromium.org/1190023002
Cr-Commit-Position: refs/heads/master@{#29090}
The condition of a Branch or Select can never be a NumberConstant,
because the resulting graph would be invalid, so we don't need to
optimize this case. It can only ever be a tagged boolean or an untagged
bit.
Drive-by-fix: Test the interesting cases in the unit tests instead.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1195443004
Cr-Commit-Position: refs/heads/master@{#29089}
Currently the Typer is installed on the Graph, no matter if we actually
use the types or not (read: even in the generic pipeline). Also the
Typer tries hard to eagerly type nodes during graph building, which
takes time, just to remove those types later again, and retype
everything from scratch. Plus this is inconsistent, since it only
applies to the outermost graph, not the inlined graphs (which are
eagerly typed once the nodes are copied). So in summary, what's
currently implemented is neither useful nor well defined, so for now we
stick to the full typing approach until a proper design for eager typing
is available that will actually benefit us.
R=rossberg@chromium.org,mstarzinger@chromium.org,jarin@chromium.org
Review URL: https://codereview.chromium.org/1192553002
Cr-Commit-Position: refs/heads/master@{#29086}
Reason for revert:
[Sheriff] This breaks layout test expectations:
http://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2032/builds/437
See:
https://storage.googleapis.com/chromium-layout-test-archives/V8-Blink_Linux_32/437/layout-test-results/fast/dom/create-element-after-stack-overflow-pretty-diff.html
Please land a needsmanualrebaseline change on the blink-side before relanding this, if the change was intended.
Please include a blink trybot on relanding this.
Original issue's description:
> Added constructor call on object in InstantiateObject method
>
> I found after upgrading from 4.2.2 where apinatives.js still
> existed to 4.4.56 where everything had been converted to C++ in
> api-natives.cc, my constructors for ObjectTemplate instantiated objects
> were no longer being called. After investigation, I noticed in
> apinatives.js that a new call would handle that, but there was no
> corresponding constructor call in api-natives.cc (or anywhere else
> along the chain of InstantiateObject), so I added a call to
> Execution::Call to actually construct the object. Forgive me if that
> isn't the right place to add it (InitializeBody in objects-inl.h also
> looked like a good place), or if there's a reason constructors are
> not being called.
>
> I also added myself to the AUTHORS file in this CL.
>
> Committed: https://crrev.com/e61a957b2a9726294cdd2802a6a2b6e3a9ef657d
> Cr-Commit-Position: refs/heads/master@{#29076}
TBR=verwaest@chromium.org,svenpanne@chromium.org,dtalley@gmail.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1188233002
Cr-Commit-Position: refs/heads/master@{#29085}
Delayed tasks can be used to perform non-urgent clean up work.
BUG=chromium:490559
LOG=NO
Review URL: https://codereview.chromium.org/1179153002
Cr-Commit-Position: refs/heads/master@{#29084}
- fix truthfulness of comments
- use InitializeFieldsWithFiller more consistently
- use unsigned comparisons for pointers
No change in functionality intended.
Bonus: improve JavaScriptFrame::Print() for an enhanced debugging experience:
- print PC of each frame
- print the function's source also for optimized frames
Review URL: https://codereview.chromium.org/1186823003
Cr-Commit-Position: refs/heads/master@{#29082}
Now that the graph is being trimmed after generic lowering, we can drop
this workaround. The diamond will no longer confuse the scheduler.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1191913002
Cr-Commit-Position: refs/heads/master@{#29081}
This fixes a bug where new-space GC could be triggered by non-folded allocations for some of the in-object properties, while the object was only partially initialized.
BUG=chromium:500497
LOG=y
R=ishell@chromium.org
Review URL: https://codereview.chromium.org/1182113007
Cr-Commit-Position: refs/heads/master@{#29079}
Up until now that was still mixed with control reduction in the
ControlReducer. This separation allows us to remove the horrible
Reducer::Finish hack and also do graph trimming at more appropriate
places in the pipeline (i.e. trim dead nodes after generic lowering,
which can also make nodes dead).
R=jarin@chromium.org,mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1188433010
Cr-Commit-Position: refs/heads/master@{#29077}
I found after upgrading from 4.2.2 where apinatives.js still
existed to 4.4.56 where everything had been converted to C++ in
api-natives.cc, my constructors for ObjectTemplate instantiated objects
were no longer being called. After investigation, I noticed in
apinatives.js that a new call would handle that, but there was no
corresponding constructor call in api-natives.cc (or anywhere else
along the chain of InstantiateObject), so I added a call to
Execution::Call to actually construct the object. Forgive me if that
isn't the right place to add it (InitializeBody in objects-inl.h also
looked like a good place), or if there's a reason constructors are
not being called.
I also added myself to the AUTHORS file in this CL.
Review URL: https://codereview.chromium.org/1137693003
Cr-Commit-Position: refs/heads/master@{#29076}
The remaining uses need some non-mechanical work:
* non-standard-layout type, probably due to mixed access control
* extended field designators
Review URL: https://codereview.chromium.org/1173343006
Cr-Commit-Position: refs/heads/master@{#29071}
This fixes CodeGenerator::EnsureSpaceForLazyDeopt to no longer be
treated as a lazy deopt site in itself. Calls mark themselves as lazy
bailout sites in CodeGenerator::RecordCallPosition, which suffices.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1186353003
Cr-Commit-Position: refs/heads/master@{#29069}
This optimization just duplicates part of the ToBoolean rule in the
Typer, and it doesn't make sense to have adhoc partial typing rules in
the ControlReducer anyway.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1189963002
Cr-Commit-Position: refs/heads/master@{#29064}
Revert "Revert of Decompiler improvements. (patchset #2 id:20001 of https://codereview.chromium.org/1177123002/)"
This reverts commit e2ce468165, avoiding the hex->dec changes, and re-introducing the block pretty printing of the original CL.
The hex-dec issue would be handled separately.
BUG=
Review URL: https://codereview.chromium.org/1186273005
Cr-Commit-Position: refs/heads/master@{#29063}
AstGraphBuilder::BuildToBoolean() can be optimized easily without types,
especially since the types are only present on some nodes during graph
building. So this optimization is both more efficient and more effective
at the same time. We will probably refactor this code into a separate
optimization method/class later.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1188503003
Cr-Commit-Position: refs/heads/master@{#29062}
This ensures there is a lazy bailout point at the entry of every
exception handler so that deoptimized code is not re-entered through
caught exceptions.
R=jarin@chromium.org
TEST=cctest/test-run-deopt/DeoptExceptionHandler
Review URL: https://codereview.chromium.org/1173253004
Cr-Commit-Position: refs/heads/master@{#29061}
According to the ES6 spec, the main methods and getters shouldn't
be properties of the individual TypedArray objects and prototypes
but instead on %TypedArray% and %TypedArray%.prototype. This
difference is observable through introspection. This patch moves
some methods and getters to the proper place, with the exception
of %TypedArray%.prototype.subarray and harmony methods. These will
be moved in follow-on patches.
BUG=v8:4085
LOG=Y
R=adamk
Review URL: https://codereview.chromium.org/1186733002
Cr-Commit-Position: refs/heads/master@{#29057}
Opportunistically removed GreedyAllocator::TryReuseSpillForPhi because it is actually unsuitable for Greedy. It was copied from Linear and it relies on hints, however, the current implementation of hints assumes linear scan.
This change doesn't aim to address performance nor correctness for Greedy.
BUG=
Review URL: https://codereview.chromium.org/1184183002
Cr-Commit-Position: refs/heads/master@{#29054}