Google Git
Sign in
chromium / v8 / v8 / d3d125417db0c278a2d27e4a965ad4e82c66e2af
commitd3d125417db0c278a2d27e4a965ad4e82c66e2af[log] [tgz]
authorclemensh <clemensh@chromium.org>Thu Dec 08 17:35:57 2016
committerCommit bot <commit-bot@chromium.org>Thu Dec 08 17:36:14 2016
tree089667b40a6f875df6869d7951a0450aa377acd5
parent6595e7405769dc9d49e9568d61485efc6d468baf [diff]
Revert of [wasm] Fix location for error in asm.js ToNumber conversion (patchset #5 id:80001 of https://codereview.chromium.org/2555243002/ )

Reason for revert:
gc-stress failures

Original issue's description:
> [wasm] Fix location for error in asm.js ToNumber conversion
>
> In the asm.js code translated to wasm, we call imported functions via a
> WASM_TO_JS stub, which first calls the function and then calls ToNumber
> on the return value. Exceptions can happen in both calls.
> We were only ever reporting the location of the function call, whereas
> asm.js code executed via turbofan reported the location of the type
> coercion operator ("+" on "+foo()" or "|" on "foo()|0").
>
> This CL implements the same behaviour for asm.js code translated to
> wasm. The following is changed:
> - the AsmWasmBuilder records the parent node when descending on a binary
>   operator (also "+foo()" is represented by a binary operation).
> - it stores not one location per call in the source position side
>   table, but two (one for the call, one for the parent which does the
>   type coercion).
> - the wasm compiler annotates the source positions "0" and "1" to the
>   two calls in the WASM_TO_JS wrapper (only if the module origin is
>   asm.js).
> - during stack trace generation (in the StackTraceIterator), when we
>   move from the WASM_TO_JS frame to the WASM frame, we remember at which
>   call inside the WASM_TO_JS wrapper we are, and encode this information
>   in the generated caller state, used for the WASM frame.
> - the same information is also stored in the FrameArray which is used
>   to reconstruct the stack trace later.
>
> R=titzer@chromium.org, bradnelson@chromium.org
> CC=jgruber@chromium.org
> BUG=v8:4203,v8:5724
>
> Committed: https://crrev.com/94cd46b55e24fa2bb7b06b3da4d5ba7f029bc262
> Cr-Commit-Position: refs/heads/master@{#41599}

TBR=bradnelson@chromium.org,mstarzinger@chromium.org,titzer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4203,v8:5724

Review-Url: https://codereview.chromium.org/2563613003
Cr-Commit-Position: refs/heads/master@{#41601}
20 files changed
tree: 089667b40a6f875df6869d7951a0450aa377acd5
  1. benchmarks/
  2. build_overrides/
  3. docs/
  4. gni/
  5. gypfiles/
  6. include/
  7. infra/
  8. samples/
  9. src/
  10. test/
  11. testing/
  12. third_party/
  13. tools/
  14. .clang-format
  15. .gitignore
  16. .gn
  17. .ycm_extra_conf.py
  18. AUTHORS
  19. BUILD.gn
  20. ChangeLog
  21. CODE_OF_CONDUCT.md
  22. codereview.settings
  23. DEPS
  24. LICENSE
  25. LICENSE.fdlibm
  26. LICENSE.strongtalk
  27. LICENSE.v8
  28. LICENSE.valgrind
  29. Makefile
  30. Makefile.android
  31. OWNERS
  32. PRESUBMIT.py
  33. README.md
  34. snapshot_toolchain.gni
  35. WATCHLISTS
README.md

V8 JavaScript Engine

V8 is Google's open source JavaScript engine.

V8 implements ECMAScript as specified in ECMA-262.

V8 is written in C++ and is used in Google Chrome, the open source browser from Google.

V8 can run standalone, or can be embedded into any C++ application.

V8 Project page: https://github.com/v8/v8/wiki

Getting the Code

Checkout depot tools, and run

    fetch v8

This will checkout V8 into the directory v8 and fetch all of its dependencies. To stay up to date, run

    git pull origin
    gclient sync

For fetching all branches, add the following into your remote configuration in .git/config:

    fetch = +refs/branch-heads/*:refs/remotes/branch-heads/*
    fetch = +refs/tags/*:refs/tags/*

Contributing

Please follow the instructions mentioned on the V8 wiki.