platform/upstream/v8.git
9 years ago[turbofan] Greedy: faster compile time.
mtrofin [Thu, 17 Sep 2015 03:53:43 +0000 (20:53 -0700)]
[turbofan] Greedy: faster compile time.

Avoiding unnecessarily traversing conflicts when doing weight
comparisons. This reduced compile time regressions from a few
multiples to under 10% - at least for zlib.

Review URL: https://codereview.chromium.org/1346263004

Cr-Commit-Position: refs/heads/master@{#30783}

9 years agoUpdate V8 DEPS.
v8-autoroll [Thu, 17 Sep 2015 03:26:17 +0000 (20:26 -0700)]
Update V8 DEPS.

Rolling v8/tools/clang to eea56c7ed84778edadbcd43f06793b0311a56b28

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review URL: https://codereview.chromium.org/1350993003

Cr-Commit-Position: refs/heads/master@{#30782}

9 years agoX87: Reland VectorICs: ia32 store ics need a virtual register.
chunyang.dai [Thu, 17 Sep 2015 01:25:23 +0000 (18:25 -0700)]
X87: Reland VectorICs: ia32 store ics need a virtual register.

port 1e00bb57a2969e3e428a1d552116752a95c06022 (r30737).

original commit message:

    (reason for revert/reland: patch incorrectly left --vector-stores flag
     on, helpfully revealing some gcstress issues to look at, but they
     don't need to block this CL).

    Some pretty hacky code was used to carry out the tail-call
    handler dispatch on ia32 vector stores due to a lack
    of free registers. It really tanks performance. A better
    approach is to use a virtual register on the isolate.

BUG=

Review URL: https://codereview.chromium.org/1344383002

Cr-Commit-Position: refs/heads/master@{#30781}

9 years agoX87: [runtime] Replace the EQUALS builtin with proper Object::Equals.
chunyang.dai [Thu, 17 Sep 2015 01:21:46 +0000 (18:21 -0700)]
X87: [runtime] Replace the EQUALS builtin with proper Object::Equals.

port 54bab695f5de5bf5948c5b50b217628a00d60f91 (r30747).

original commit message:

    Move the implementation of the Abstract Equality Comparison to the
    runtime and thereby remove the EQUALS dispatcher builtin. Also remove
    the various runtime entry points that were only used to support the
    EQUALS builtin.

    Now the Abstract Equality Comparison is also using the correct
    ToPrimitive implementation, which properly supports @@toPrimitive.

BUG=

Review URL: https://codereview.chromium.org/1349623002

Cr-Commit-Position: refs/heads/master@{#30780}

9 years agoFix ASAN after r30777
alph [Thu, 17 Sep 2015 00:56:33 +0000 (17:56 -0700)]
Fix ASAN after r30777

TBR=bmeurer,yurys
NOTRY=true

Review URL: https://codereview.chromium.org/1349953002

Cr-Commit-Position: refs/heads/master@{#30779}

9 years agoimprove allocation accounting for incremental mark
ofrobots [Thu, 17 Sep 2015 00:55:24 +0000 (17:55 -0700)]
improve allocation accounting for incremental mark

Add an assertion that allocated_bytes >= 0 in IncrementalMark::Step and then
make it pass. We were not being diligent in maintaining top_on_previous_step_
and as a result inaccurate, and even negative values of allocated_bytes were
being reported to Step.

BUG=
R=hpayer@chromium.org

Review URL: https://codereview.chromium.org/1274453002

Cr-Commit-Position: refs/heads/master@{#30778}

9 years ago[profiler] Make no frame region detection code more robust
alph [Thu, 17 Sep 2015 00:12:08 +0000 (17:12 -0700)]
[profiler] Make no frame region detection code more robust

Upon collection of the stack trace if the current PC falls into
the frame building code, the top frame might be in a non-consistent
state. That leads to some of the frames could be missing from the
stack trace.

The patch makes it check instructions under current PC and if they
look like the frame setup/destroy code, it skips the entire sample.

Support for x86/x64

BUG=chromium:529931
LOG=N

Review URL: https://codereview.chromium.org/1341413002

Cr-Commit-Position: refs/heads/master@{#30777}

9 years ago[turbofan] Greedy: small fix in groupping algo.
mtrofin [Wed, 16 Sep 2015 21:43:19 +0000 (14:43 -0700)]
[turbofan] Greedy: small fix in groupping algo.

This is a performance bug, not a functional bug: we were
losing grouping opportunities.

BUG=

Review URL: https://codereview.chromium.org/1342243003

Cr-Commit-Position: refs/heads/master@{#30776}

9 years ago[cleanup] refactor ParsePropertyDefinition for clarity
caitpotter88 [Wed, 16 Sep 2015 21:27:19 +0000 (14:27 -0700)]
[cleanup] refactor ParsePropertyDefinition for clarity

Some cleanup of ParsePropertyDefinition --- Replaces certain hacks with
more structured, clean code, and adds additional comments to aid in
comprehension of this tricky area of the ambiguous recursive descent
parser.

BUG=v8:3583
LOG=N
R=adamk, aperez, wingo, rossberg

Review URL: https://codereview.chromium.org/1348773004

Cr-Commit-Position: refs/heads/master@{#30775}

9 years agoDisallow Object.observe calls on access-checked objects
adamk [Wed, 16 Sep 2015 21:19:21 +0000 (14:19 -0700)]
Disallow Object.observe calls on access-checked objects

We already disallowed observing the global proxy; now we also
disallow any observation of access-checked objects (regardless
of whether the access check would succeed or fail, since there's
not a good way to tell the embedder what kind of access is being
requested).

Also disallow Object.getNotifier for the same reasons.

BUG=chromium:531891
LOG=y

Review URL: https://codereview.chromium.org/1346813002

Cr-Commit-Position: refs/heads/master@{#30774}

9 years agoImplement V8 extras utils object
domenic [Wed, 16 Sep 2015 21:00:45 +0000 (14:00 -0700)]
Implement V8 extras utils object

This adds a utils object meant specifically for V8 extras, presenting a limited
API surface for doing things that would otherwise require %-functions.

BUG=v8:4276
LOG=Y
R=jochen@chromium.org,yangguo@chromium.org

Review URL: https://codereview.chromium.org/1343113003

Cr-Commit-Position: refs/heads/master@{#30773}

9 years agoES6: Array.prototype.slice and friends should use ToLength instead of ToUint32
aperez [Wed, 16 Sep 2015 18:01:38 +0000 (11:01 -0700)]
ES6: Array.prototype.slice and friends should use ToLength instead of ToUint32

Defines a new --harmony-tolength flag, and a ToLengthFlagged() runtime function,
that is used where ES6 requires ToLength(), but a pre-ES6 conversion existed
before. When the flag is disabled, the function uses TO_UINT32(), which is
the pre-ES6 behaviour. When the flag enabled, the ES6-compliant ToLength()
conversion is used.

Based on a patch initially from Diego Pino <dpino@igalia.com>

BUG=v8:3087
LOG=Y

Review URL: https://codereview.chromium.org/1309243003

Cr-Commit-Position: refs/heads/master@{#30772}

9 years ago[objects] do not visit ArrayBuffer's backing store
fedor [Wed, 16 Sep 2015 17:27:40 +0000 (10:27 -0700)]
[objects] do not visit ArrayBuffer's backing store

ArrayBuffer's backing store is a pointer to external heap, and can't be
treated as a heap object. Doing so will result in crashes, when the
backing store is unaligned.

See: https://github.com/nodejs/node/issues/2791

BUG=chromium:530531
R=mlippautz@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/1327403002

Cr-Commit-Position: refs/heads/master@{#30771}

9 years ago[es6] Optimize TypedArray.subarray()
karl [Wed, 16 Sep 2015 16:21:33 +0000 (09:21 -0700)]
[es6] Optimize TypedArray.subarray()

````
var array = new Uint8Array(65000);
var startDate = Date.now();
var counter = 0;
while (counter++ < 50000000) {
  array.subarray(start, end);
}
var endDate = Date.now();
print(endDate - startDate);
````

4200 ms -> 3500 ms (16.67%)

BUG=

Review URL: https://codereview.chromium.org/1331993004

Cr-Commit-Position: refs/heads/master@{#30770}

9 years ago[es6] support `get` and `set` in shorthand properties
caitpotter88 [Wed, 16 Sep 2015 16:01:47 +0000 (09:01 -0700)]
[es6] support `get` and `set` in shorthand properties

Add support for `get` and `set` as shorthand properties. Also
supports them for CoverInitializedName in BindingPatterns and (once implemented)
AssignmentPatterns.

BUG=v8:4412, v8:3584
LOG=N
R=adamk, aperez, wingo, rossberg

Review URL: https://codereview.chromium.org/1328083002

Cr-Commit-Position: refs/heads/master@{#30769}

9 years agoExtra code to diagnose a crash bug.
mvstanton [Wed, 16 Sep 2015 15:38:37 +0000 (08:38 -0700)]
Extra code to diagnose a crash bug.

This will catch an invalid receiver before being passed to a load ic miss
handler in the runtime.

BUG=
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1351493002

Cr-Commit-Position: refs/heads/master@{#30768}

9 years agoRemove --pretenure-call-new
mvstanton [Wed, 16 Sep 2015 15:12:24 +0000 (08:12 -0700)]
Remove --pretenure-call-new

There isn't a plan to turn it on soon, so we'll take it out in favor of cleaner code.

BUG=

Review URL: https://codereview.chromium.org/1202173002

Cr-Commit-Position: refs/heads/master@{#30767}

9 years ago[turbofan] Make arguments object materialization inlinable.
mstarzinger [Wed, 16 Sep 2015 13:04:25 +0000 (06:04 -0700)]
[turbofan] Make arguments object materialization inlinable.

This makes sure that the arguments object materialization in the method
prologue is composable with respect to inlining. The generic runtime
functions materializing those objects now respect the deoptimization
information when reconstructing the original arguments.

R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/1340313003

Cr-Commit-Position: refs/heads/master@{#30766}

9 years agoMIPS: Fixing floating point register clobbering
ivica.bogosavljevic [Wed, 16 Sep 2015 12:15:15 +0000 (05:15 -0700)]
MIPS: Fixing floating point register clobbering

Fixing floating point register clobbering for MIPSr6 (32 and 64)
due to using of f31 floating point register as double compare register,
without saving the value of the register before using it.

TEST=cctest/test-debug/*
BUG=

Review URL: https://codereview.chromium.org/1346623002

Cr-Commit-Position: refs/heads/master@{#30765}

9 years ago[turbofan] Get rid of type lower bounds.
jarin [Wed, 16 Sep 2015 11:55:27 +0000 (04:55 -0700)]
[turbofan] Get rid of type lower bounds.

Review URL: https://codereview.chromium.org/1348073002

Cr-Commit-Position: refs/heads/master@{#30764}

9 years agoAvoid excessive data copying for ExternalStreamingStream::SetBookmark.
vogelheim [Wed, 16 Sep 2015 11:37:04 +0000 (04:37 -0700)]
Avoid excessive data copying for ExternalStreamingStream::SetBookmark.

BUG=v8:4422
R=jochen@chromium.org
LOG=Y

Review URL: https://codereview.chromium.org/1346613002

Cr-Commit-Position: refs/heads/master@{#30763}

9 years ago[builtins] Also simplify the Symbol constructor.
bmeurer [Wed, 16 Sep 2015 11:35:15 +0000 (04:35 -0700)]
[builtins] Also simplify the Symbol constructor.

No need to rely on the %_IsConstructCall magic here, we can just
implement the Symbol constructor in C++ altogether (it was just a
stupid wrapper around %CreateSymbol anyway).

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1349643002

Cr-Commit-Position: refs/heads/master@{#30762}

9 years ago[turbofan] Add inlining guards to Runtime_NewArguments.
mstarzinger [Wed, 16 Sep 2015 11:32:54 +0000 (04:32 -0700)]
[turbofan] Add inlining guards to Runtime_NewArguments.

This adds debug code that makes sure that the runtime functions that
materialize arguments objects, {Runtime_New[Sloppy|Strict]Arguments},
are not being called from within an inlined scope. They would produce
wrong results and we should avoid producing code that does this.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1343763002

Cr-Commit-Position: refs/heads/master@{#30761}

9 years agoReland of "[heap] Concurrency support for heap book-keeping info"
mlippautz [Wed, 16 Sep 2015 11:18:07 +0000 (04:18 -0700)]
Reland of "[heap] Concurrency support for heap book-keeping info"

Adds concurrency support for:
- MemoryChunk: Fragmentation counters
- MemoryChunk: High-water mark
- MemoryAllocator: Lowest and highest ever allocated addresses, size, and
  capacity

R=hpayer@chromium.org
BUG=chromium:524425
LOG=N

This reverts commit 0db34dbe8111f8670c82bb4c42110400a9050d08.

BUG=

Review URL: https://codereview.chromium.org/1346973002

Cr-Commit-Position: refs/heads/master@{#30760}

9 years ago[builtins] Unify the String constructor.
bmeurer [Wed, 16 Sep 2015 10:44:36 +0000 (03:44 -0700)]
[builtins] Unify the String constructor.

Implement the String constructor completely as native builtin,
avoiding the need to do gymnastics in JavaScript builtin to
properly detect the no argument case (which is different from
the undefined argument case) and also allowing to just
tailcall through to ToString or SymbolDescriptiveString for
the common case. Also the JavaScript builtin was misleading
since the case for construct call was unused, but could be
triggered in a wrong way once we support tail calls from
constructor functions.

This refactoring allows us to properly implement subclassing
for String builtins, once we have the correct initial_map on
derived classes (it's merely a matter of using NewTarget
instead of the target register now).

This introduces a new %SymbolDescriptiveString runtime
entry, which is also used by Symbol.toString() now.

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1344893002

Cr-Commit-Position: refs/heads/master@{#30759}

9 years agoVector ICs: Hook up vectors in platform builtins to their SharedFunctionInfos.
mvstanton [Wed, 16 Sep 2015 10:08:50 +0000 (03:08 -0700)]
Vector ICs: Hook up vectors in platform builtins to their SharedFunctionInfos.

BUG=v8:4423
LOG=N

Review URL: https://codereview.chromium.org/1342013003

Cr-Commit-Position: refs/heads/master@{#30758}

9 years agoAdd myself to heap owners
jochen [Wed, 16 Sep 2015 07:31:40 +0000 (00:31 -0700)]
Add myself to heap owners

R=hpayer@chromium.org
BUG=
NOTRY=true

Review URL: https://codereview.chromium.org/1350633003

Cr-Commit-Position: refs/heads/master@{#30757}

9 years agoMIPS64: Fix unittests (to not use invalid load representation).
paul.lind [Tue, 15 Sep 2015 21:28:13 +0000 (14:28 -0700)]
MIPS64: Fix unittests (to not use invalid load representation).

Same as https://codereview.chromium.org/1340303002/

BUG=

Review URL: https://codereview.chromium.org/1339763005

Cr-Commit-Position: refs/heads/master@{#30756}

9 years ago[Atomics] Remove support for atomic accesses on floating-point values.
binji [Tue, 15 Sep 2015 21:24:50 +0000 (14:24 -0700)]
[Atomics] Remove support for atomic accesses on floating-point values.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1318713007

Cr-Commit-Position: refs/heads/master@{#30755}

9 years agoFix spread operator in ArrayLiterals when nested in other literals
adamk [Tue, 15 Sep 2015 16:43:29 +0000 (09:43 -0700)]
Fix spread operator in ArrayLiterals when nested in other literals

Mark ArrayLiterals utilizing the spread operator as non-simple.
This causes them to return false for IsCompileTimeValue, and thus
causes spread to work as expected in nested literals.

BUG=v8:4417
LOG=y

Review URL: https://codereview.chromium.org/1336123002

Cr-Commit-Position: refs/heads/master@{#30754}

9 years ago[mips] Fix mips unittests (to not use invalid load representation).
jarin [Tue, 15 Sep 2015 15:50:32 +0000 (08:50 -0700)]
[mips] Fix mips unittests (to not use invalid load representation).

Review URL: https://codereview.chromium.org/1340303002

Cr-Commit-Position: refs/heads/master@{#30753}

9 years agoRevert of [heap] Concurrency support for heap book-keeping info (patchset #4 id:60001...
mlippautz [Tue, 15 Sep 2015 15:11:36 +0000 (08:11 -0700)]
Revert of [heap] Concurrency support for heap book-keeping info (patchset #4 id:60001 of https://codereview.chromium.org/1340923004/ )

Reason for revert:
crashing: http://build.chromium.org/p/client.v8/builders/V8%20Win32%20-%20debug%20-%203/builds/4716

Original issue's description:
> [heap] Concurrency support for heap book-keeping info.
>
> Adds concurrency support for:
> - MemoryChunk: Fragmentation counters
> - MemoryChunk: High-water mark
> - MemoryAllocator: Lowest and highest ever allocated addresses, size, and
>   capacity
>
> R=hpayer@chromium.org
> BUG=chromium:524425
> LOG=N
>
> Committed: https://crrev.com/63190721cda4966e01d71e92a730ce48ea789fbc
> Cr-Commit-Position: refs/heads/master@{#30749}

TBR=hpayer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:524425

Review URL: https://codereview.chromium.org/1340323002

Cr-Commit-Position: refs/heads/master@{#30752}

9 years agoAdd barriers to atomic utils.
mlippautz [Tue, 15 Sep 2015 14:58:44 +0000 (07:58 -0700)]
Add barriers to atomic utils.

Loads get an acquire, store/cas a release. Increment gets a full barrier.

R=hpayer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1343883004

Cr-Commit-Position: refs/heads/master@{#30751}

9 years ago[es6] Move builtin constructors for primitives to strict mode.
bmeurer [Tue, 15 Sep 2015 14:32:25 +0000 (07:32 -0700)]
[es6] Move builtin constructors for primitives to strict mode.

The ES6 specification says that "Built-in functions that are ECMAScript
function objects must be strict mode functions", which in particular
means that you can never test for them using the "caller" field of a
sloppy mode function.

CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg,v8_linux_nosnap_dbg
R=mstarzinger@chromium.org
BUG=v8:105
LOG=n

Review URL: https://codereview.chromium.org/1347663002

Cr-Commit-Position: refs/heads/master@{#30750}

9 years ago[heap] Concurrency support for heap book-keeping info.
mlippautz [Tue, 15 Sep 2015 13:50:26 +0000 (06:50 -0700)]
[heap] Concurrency support for heap book-keeping info.

Adds concurrency support for:
- MemoryChunk: Fragmentation counters
- MemoryChunk: High-water mark
- MemoryAllocator: Lowest and highest ever allocated addresses, size, and
  capacity

R=hpayer@chromium.org
BUG=chromium:524425
LOG=N

Review URL: https://codereview.chromium.org/1340923004

Cr-Commit-Position: refs/heads/master@{#30749}

9 years ago[heap] Extend mutex guards for CodeRange.
mlippautz [Tue, 15 Sep 2015 13:45:18 +0000 (06:45 -0700)]
[heap] Extend mutex guards for CodeRange.

Previously the mutex only guarded free_list_. The extension covers also
allocation_list_.

BUG=chromium:524425
LOG=N

Review URL: https://codereview.chromium.org/1341293002

Cr-Commit-Position: refs/heads/master@{#30748}

9 years ago[runtime] Replace the EQUALS builtin with proper Object::Equals.
bmeurer [Tue, 15 Sep 2015 13:14:36 +0000 (06:14 -0700)]
[runtime] Replace the EQUALS builtin with proper Object::Equals.

Move the implementation of the Abstract Equality Comparison to the
runtime and thereby remove the EQUALS dispatcher builtin. Also remove
the various runtime entry points that were only used to support the
EQUALS builtin.

Now the Abstract Equality Comparison is also using the correct
ToPrimitive implementation, which properly supports @@toPrimitive.

CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg,v8_linux_nosnap_dbg
R=mstarzinger@chromium.org
BUG=v8:4307
LOG=n

Review URL: https://codereview.chromium.org/1337993005

Cr-Commit-Position: refs/heads/master@{#30747}

9 years ago[heap] Move slots buffer into a separate file.
hpayer [Tue, 15 Sep 2015 12:35:05 +0000 (05:35 -0700)]
[heap] Move slots buffer into a separate file.

BUG=

Review URL: https://codereview.chromium.org/1343043002

Cr-Commit-Position: refs/heads/master@{#30746}

9 years agoX87: [Interpreter] Add support for JS calls.
chunyang.dai [Tue, 15 Sep 2015 12:24:48 +0000 (05:24 -0700)]
X87: [Interpreter] Add support for JS calls.

port e7fb233946b990ecbbbd76cc6529f62bd5da64e3 (r30710).

original commit message:

    Adds support for JS calls to the interpreter. In order to support
    calls from the interpreter, the PushArgsAndCall builtin is added
    which pushes a sequence of arguments onto the stack and calls
    builtin::Call.

    Adds the Call bytecode.

BUG=

Review URL: https://codereview.chromium.org/1334153004

Cr-Commit-Position: refs/heads/master@{#30745}

9 years agoX87: [builtins] Simplify String constructor code.
chunyang.dai [Tue, 15 Sep 2015 12:16:35 +0000 (05:16 -0700)]
X87: [builtins] Simplify String constructor code.

port eadfd666318c1dd959d7fac7c27538ef478a8b72 (r30706).

original commit message:

    The String constructor was somewhat complex with a lot of micro
    optimizations that are not relevant or even misguided. It would be
    really hard to port that code to ES6, which requires String to be
    subclassable. So as a first step we reduced the necessary complexity
    to the bare minimum (also removing the last user of the fairly complex
    MacroAssembler::LookupNumberStringCache method).

    This also removes the counters for the String constructor, which
    were not properly exposed anymore (and not kept in sync with inlined
    versions of the String constructor anyway).

BUG=

Review URL: https://codereview.chromium.org/1336133003

Cr-Commit-Position: refs/heads/master@{#30744}

9 years agoX87: Make FlushICache part of Assembler(Base) and take Isolate as parameter.
chunyang.dai [Tue, 15 Sep 2015 11:51:38 +0000 (04:51 -0700)]
X87: Make FlushICache part of Assembler(Base) and take Isolate as parameter.

port 9fc4fc141fa1d1aa1a3ccb901518cdffa0d6d268 (r30695).

BUG=

Review URL: https://codereview.chromium.org/1339293002

Cr-Commit-Position: refs/heads/master@{#30743}

9 years ago[heap] Let caller figure out target space for evacuation when compacting.
mlippautz [Tue, 15 Sep 2015 11:44:48 +0000 (04:44 -0700)]
[heap] Let caller figure out target space for evacuation when compacting.

R=hpayer@chromium.org
BUG=chromium:524425
LOG=N

Review URL: https://codereview.chromium.org/1340253004

Cr-Commit-Position: refs/heads/master@{#30742}

9 years agoX87: [builtins] Remove the weird STACK_OVERFLOW builtin.
chunyang.dai [Tue, 15 Sep 2015 11:31:13 +0000 (04:31 -0700)]
X87: [builtins] Remove the weird STACK_OVERFLOW builtin.

port 39604dda567b9ba9f4dcfe42f95471f30ec7cb6b (r30693).

original commit message:

    Just use a %ThrowStackOverflow runtime function instead, which
    does the trick, especially since the Isolate already has a
    preallocated StackOverflow error for that.

BUG=

Review URL: https://codereview.chromium.org/1344793002

Cr-Commit-Position: refs/heads/master@{#30741}

9 years agoX87: [stubs] Simplify the non-function case of CallConstructStub.
chunyang.dai [Tue, 15 Sep 2015 11:26:51 +0000 (04:26 -0700)]
X87: [stubs] Simplify the non-function case of CallConstructStub.

port 622fa0ea21b3517b1feaed447c87e580bafac865 (r30691).

original commit message:

    Currently we do this dance between the CallConstructStub, the
    CALL_* builtins and the %GetConstructorDelegate, %GetProxyTrap,
    and %Apply runtime functions for every [[Construct]] operation on
    non-function callables. This is complexity is unnecessary, and can
    be simplified to work without any JS builtin. This will also make it
    a lot easier to implement ES6 compliant [[Construct]] for proxies.

    Also sanitize the invariant for CallConstructStub, which up until now
    always restored the context itself, but that force us to always create
    another copy of all arguments in case of proxies and other callables,
    so we can relax that constraint by making the caller restore the context
    (this only affects fullcodegen, since the optimizing compilers already
    properly restore the context anyway).

BUG=

Review URL: https://codereview.chromium.org/1341233002

Cr-Commit-Position: refs/heads/master@{#30740}

9 years agoX87: Vector ICs: The Oracle needs to report feedback for the object literals and...
chunyang.dai [Tue, 15 Sep 2015 11:20:36 +0000 (04:20 -0700)]
X87: Vector ICs: The Oracle needs to report feedback for the object literals and the count operation.

port 752b0308df72461bfeb644bf6dd8dd331fcdb722 (r30686).

original commit message:

    The refactoring is because it's awkward and error-prone to deterimine which IC slot an
    ObjectLiteralProperty uses for feedback. The fix is for each one to know it's own slot. In the
    numbering pass, we allocate slots for the ObjectLiteral, then hand out those slots into the
    properties.

    It adds one word to the ObjectLiteralProperty expression - I'm investigating if thats a
    problem.

    This changes makes compiling the object literal cleaner across the three compilers. Also, the
    slot allocation logic in ObjectLiteral::ComputeFeedbackRequirements() was refactoring to mimic
    the style in full-codegen. This is useful since it must remain in sync with
    FullCodegen::VisitObjectLiteral().

BUG=

Review URL: https://codereview.chromium.org/1341223002

Cr-Commit-Position: refs/heads/master@{#30739}

9 years ago[turbofan] Fix JSInliner to handle non-returning bodies.
mstarzinger [Tue, 15 Sep 2015 11:19:02 +0000 (04:19 -0700)]
[turbofan] Fix JSInliner to handle non-returning bodies.

The assumption that every function body produces a value does not hold
for functions that e.g. unconditionally throw or endlessly loop. This
fixes the inlining logic to handle such cases.

R=bmeurer@chromium.org
TEST=mjsunit/regress/regress-crbug-530598
BUG=chromium:530598
LOG=n

Review URL: https://codereview.chromium.org/1333193005

Cr-Commit-Position: refs/heads/master@{#30738}

9 years agoReland VectorICs: ia32 store ics need a virtual register.
mvstanton [Tue, 15 Sep 2015 10:14:11 +0000 (03:14 -0700)]
Reland VectorICs: ia32 store ics need a virtual register.

(reason for revert/reland: patch incorrectly left --vector-stores flag
 on, helpfully revealing some gcstress issues to look at, but they
 don't need to block this CL).

Some pretty hacky code was used to carry out the tail-call
handler dispatch on ia32 vector stores due to a lack
of free registers. It really tanks performance. A better
approach is to use a virtual register on the isolate.

BUG=
TBR=jkummerow@chromium.org, vogelheim@chromium.org

Review URL: https://codereview.chromium.org/1346573002

Cr-Commit-Position: refs/heads/master@{#30737}

9 years agobuiltins.cc return PackedElementsKind where applicable
cbruni [Tue, 15 Sep 2015 09:08:28 +0000 (02:08 -0700)]
builtins.cc return PackedElementsKind where applicable

Returning a result array with holey elements kind in where we actually have a packed kind causes performance regressions.

LOG=N
BUG=chromium:531357

Review URL: https://codereview.chromium.org/1340033002

Cr-Commit-Position: refs/heads/master@{#30736}

9 years ago[turbofan] Model arguments object materialization in graph.
mstarzinger [Tue, 15 Sep 2015 09:07:21 +0000 (02:07 -0700)]
[turbofan] Model arguments object materialization in graph.

This models the materialization of arguments objects in the prologue
within the IR graph. It will in turn allow us to optimize access to
these objects and also correctly handle them with inlining.

R=bmeurer@chromium.org,mvstanton@chromium.org
TEST=cctest/test-run-jsobjects/Arguments*

Review URL: https://codereview.chromium.org/1344553003

Cr-Commit-Position: refs/heads/master@{#30735}

9 years agoPort cfi blacklist from chromium.
machenbach [Tue, 15 Sep 2015 08:45:34 +0000 (01:45 -0700)]
Port cfi blacklist from chromium.

BUG=chromium:515782
LOG=n

Review URL: https://codereview.chromium.org/1333133003

Cr-Commit-Position: refs/heads/master@{#30734}

9 years agoRemove transitional GN code.
brettw [Tue, 15 Sep 2015 08:43:25 +0000 (01:43 -0700)]
Remove transitional GN code.

The conditionals were added to facilitate a two-sided build GN config update
where the default optimization config was renamed. This is complete so the
transitional code can be removed.

Review URL: https://codereview.chromium.org/1338163003

Cr-Commit-Position: refs/heads/master@{#30733}

9 years ago[Interpreter] Avoid shadowing variables in the bytecode graph builder.
oth [Tue, 15 Sep 2015 08:18:23 +0000 (01:18 -0700)]
[Interpreter] Avoid shadowing variables in the bytecode graph builder.

Reported by Bruce Dawson.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1346453002

Cr-Commit-Position: refs/heads/master@{#30732}

9 years ago[test] More robust perf runner with profiler option.
machenbach [Tue, 15 Sep 2015 08:15:54 +0000 (01:15 -0700)]
[test] More robust perf runner with profiler option.

NOTRY=true

Review URL: https://codereview.chromium.org/1341213002

Cr-Commit-Position: refs/heads/master@{#30731}

9 years ago[Docs] Add information on how to contribute to the README
hablich [Tue, 15 Sep 2015 07:52:58 +0000 (00:52 -0700)]
[Docs] Add information on how to contribute to the README

I noticed after reading a few GitHub comments that the information
about contributing to V8 is hard to find. I think it makes sense
to add this information to the README.

NOTRY=true
R=jochen@chromium.org, seththompson@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/1342803004

Cr-Commit-Position: refs/heads/master@{#30730}

9 years agoMIPS: Fix testcases r6_beqzc and mov.
Ilija.Pavlovic [Tue, 15 Sep 2015 07:36:59 +0000 (00:36 -0700)]
MIPS: Fix testcases r6_beqzc and mov.

Remove incorrect usage of callee-saved FPU regs (f20 and above).
Also remove unnecessary push/pop which were occasionally unpaired,
and caused crash.

TEST=cctest/test-assembler-mips[64]
BUG=

Review URL: https://codereview.chromium.org/1338713004

Cr-Commit-Position: refs/heads/master@{#30729}

9 years agoFix printing of types and do some cleanups.
neis [Tue, 15 Sep 2015 06:41:54 +0000 (23:41 -0700)]
Fix printing of types and do some cleanups.

R=jarin
BUG=

Review URL: https://codereview.chromium.org/1340023003

Cr-Commit-Position: refs/heads/master@{#30728}

9 years agoRevert of [crankshaft] Re-add fast-case for string add left/right. (patchset #1 id...
machenbach [Tue, 15 Sep 2015 06:40:36 +0000 (23:40 -0700)]
Revert of [crankshaft] Re-add fast-case for string add left/right. (patchset #1 id:1 of https://codereview.chromium.org/1339053002/ )

Reason for revert:
[Sheriff] Fails mozilla with deadcode:
http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20deadcode/builds/5357

Original issue's description:
> [crankshaft] Re-add fast-case for string add left/right.
>
> Now the StringAddStub can optionally convert it's parameters to strings
> (following the rules for the addition operator). This could be further
> optimized once we have a ToPrimitiveStub, but it should be sufficient
> for the moment.
>
> Also removed the unused Strength parameter to the HStringAdd operator,
> because string addition does not depend on language mode.
>
> CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_win_nosnap_shared_rel,v8_linux_nosnap_dbg
> R=mstarzinger@chromium.org
> BUG=v8:4307
> LOG=n
>
> Committed: https://crrev.com/d261849e53fbf8c36efae42d478271f87acff70f
> Cr-Commit-Position: refs/heads/master@{#30726}

TBR=mstarzinger@chromium.org,jarin@chromium.org,bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4307

Review URL: https://codereview.chromium.org/1347473003

Cr-Commit-Position: refs/heads/master@{#30727}

9 years ago[crankshaft] Re-add fast-case for string add left/right.
bmeurer [Tue, 15 Sep 2015 06:00:33 +0000 (23:00 -0700)]
[crankshaft] Re-add fast-case for string add left/right.

Now the StringAddStub can optionally convert it's parameters to strings
(following the rules for the addition operator). This could be further
optimized once we have a ToPrimitiveStub, but it should be sufficient
for the moment.

Also removed the unused Strength parameter to the HStringAdd operator,
because string addition does not depend on language mode.

CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_win_nosnap_shared_rel,v8_linux_nosnap_dbg
R=mstarzinger@chromium.org
BUG=v8:4307
LOG=n

Review URL: https://codereview.chromium.org/1339053002

Cr-Commit-Position: refs/heads/master@{#30726}

9 years ago[turbofan] Limit the load/store machine types to the ones we actually use.
jarin [Tue, 15 Sep 2015 05:45:20 +0000 (22:45 -0700)]
[turbofan] Limit the load/store machine types to the ones we actually use.

Review URL: https://codereview.chromium.org/1333353005

Cr-Commit-Position: refs/heads/master@{#30725}

9 years agoUpdate V8 DEPS.
v8-autoroll [Tue, 15 Sep 2015 03:25:54 +0000 (20:25 -0700)]
Update V8 DEPS.

Rolling v8/buildtools to f7310ee61725e68b1c8921e381830362cf4f0999

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review URL: https://codereview.chromium.org/1342063002

Cr-Commit-Position: refs/heads/master@{#30724}

9 years agoRemoving function filtering from the v8 sampling
alph [Tue, 15 Sep 2015 01:21:42 +0000 (18:21 -0700)]
Removing function filtering from the v8 sampling

Filtering out functions does not allow sample processor
to figure out if a sample hit a non-frame region of a function.

The filtering should be done in the frontend.

BUG=chromium:529931
LOG=N

Review URL: https://codereview.chromium.org/1337743002

Cr-Commit-Position: refs/heads/master@{#30723}

9 years agoPPC: [builtins] Simplify String constructor code.
mbrandy [Mon, 14 Sep 2015 23:16:35 +0000 (16:16 -0700)]
PPC: [builtins] Simplify String constructor code.

Port eadfd666318c1dd959d7fac7c27538ef478a8b72

Original commit message:
    The String constructor was somewhat complex with a lot of micro
    optimizations that are not relevant or even misguided. It would be
    really hard to port that code to ES6, which requires String to be
    subclassable. So as a first step we reduced the necessary complexity
    to the bare minimum (also removing the last user of the fairly complex
    MacroAssembler::LookupNumberStringCache method).

    This also removes the counters for the String constructor, which
    were not properly exposed anymore (and not kept in sync with inlined
    versions of the String constructor anyway).

R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1339143002

Cr-Commit-Position: refs/heads/master@{#30722}

9 years agoPPC: [Interpreter] Add support for JS calls.
mbrandy [Mon, 14 Sep 2015 23:15:28 +0000 (16:15 -0700)]
PPC: [Interpreter] Add support for JS calls.

Port e7fb233946b990ecbbbd76cc6529f62bd5da64e3

Original commit message:
    Adds support for JS calls to the interpreter. In order to support
    calls from the interpreter, the PushArgsAndCall builtin is added
    which pushes a sequence of arguments onto the stack and calls
    builtin::Call.

    Adds the Call bytecode.

R=rmcilroy@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1345543002

Cr-Commit-Position: refs/heads/master@{#30721}

9 years ago[test] Add an option to the perf runner to support running with the internal profiler.
gdeepti [Mon, 14 Sep 2015 23:14:20 +0000 (16:14 -0700)]
[test] Add an option to the perf runner to support running with the internal profiler.

Enhance the perf runner to run with the profiler and print the summary for each d8 run. This automates running the profiler with multiple benchmarks.

BUG=None
LOG=N
TBR=machenbach@chromium.org

Review URL: https://codereview.chromium.org/1327033003

Cr-Commit-Position: refs/heads/master@{#30720}

9 years agoRevert of VectorICs: ia32 store ics need a virtual register. (patchset #3 id:40001...
machenbach [Mon, 14 Sep 2015 18:58:49 +0000 (11:58 -0700)]
Revert of VectorICs: ia32 store ics need a virtual register. (patchset #3 id:40001 of https://codereview.chromium.org/1336313002/ )

Reason for revert:
[Sheriff] Breaks GC stress on mac:
http://build.chromium.org/p/client.v8/builders/V8%20Mac%20GC%20Stress/builds/2536

Original issue's description:
> VectorICs: ia32 store ics need a virtual register.
>
> Some pretty hacky code was used to carry out the tail-call
> handler dispatch on ia32 vector stores due to a lack
> of free registers. It really tanks performance. A better
> approach is to use a virtual register on the isolate.
>
> BUG=
>
> Committed: https://crrev.com/b26e98f19b5e77df50cb4a259f099ee6afa335e3
> Cr-Commit-Position: refs/heads/master@{#30718}

TBR=jkummerow@chromium.org,vogelheim@chromium.org,mvstanton@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1340123002

Cr-Commit-Position: refs/heads/master@{#30719}

9 years agoVectorICs: ia32 store ics need a virtual register.
mvstanton [Mon, 14 Sep 2015 14:49:22 +0000 (07:49 -0700)]
VectorICs: ia32 store ics need a virtual register.

Some pretty hacky code was used to carry out the tail-call
handler dispatch on ia32 vector stores due to a lack
of free registers. It really tanks performance. A better
approach is to use a virtual register on the isolate.

BUG=

Review URL: https://codereview.chromium.org/1336313002

Cr-Commit-Position: refs/heads/master@{#30718}

9 years agoelements.cc CopyDoubleToObjectElements: avoid excessive HandleScopes
cbruni [Mon, 14 Sep 2015 14:29:46 +0000 (07:29 -0700)]
elements.cc CopyDoubleToObjectElements: avoid excessive HandleScopes

BUG=

Review URL: https://codereview.chromium.org/1341763002

Cr-Commit-Position: refs/heads/master@{#30717}

9 years ago[heap] No leakage of objects-visiting.h outside of heap.
mstarzinger [Mon, 14 Sep 2015 12:28:34 +0000 (05:28 -0700)]
[heap] No leakage of objects-visiting.h outside of heap.

This prevents the internal objects-visiting.h to be usable outisde of
the "heap" directory. The static object visitation is only usefull
within the GC and is now properly encapsulated.

R=hpayer@chromium.org,mlippautz@chromium.org

Review URL: https://codereview.chromium.org/1328003002

Cr-Commit-Position: refs/heads/master@{#30716}

9 years agoUsing GetMoreGeneralElementsKind in more places
cbruni [Mon, 14 Sep 2015 12:16:54 +0000 (05:16 -0700)]
Using GetMoreGeneralElementsKind in more places

BUG=

Review URL: https://codereview.chromium.org/1338983003

Cr-Commit-Position: refs/heads/master@{#30715}

9 years ago[loggers] Guard object/code move events using mutexes.
mlippautz [Mon, 14 Sep 2015 12:06:43 +0000 (05:06 -0700)]
[loggers] Guard object/code move events using mutexes.

Parallel compaction, i.e., concurrently moving of objects (and code) requires
proper synchronization in the logger.

R=hpayer@chromium.org
BUG=chromium:524425
LOG=N

Review URL: https://codereview.chromium.org/1338253002

Cr-Commit-Position: refs/heads/master@{#30714}

9 years agoFix initialization order (setup) for JSArrayBuffer objects.
mlippautz [Mon, 14 Sep 2015 11:59:14 +0000 (04:59 -0700)]
Fix initialization order (setup) for JSArrayBuffer objects.

BUG=chromium:531322
LOG=N
R=jochen@chromium.org

Review URL: https://codereview.chromium.org/1337943005

Cr-Commit-Position: refs/heads/master@{#30713}

9 years ago[heap] Separate scavenger functionality into own file.
mstarzinger [Mon, 14 Sep 2015 11:44:20 +0000 (04:44 -0700)]
[heap] Separate scavenger functionality into own file.

This moves scavenging functionality into a separate component so that
neither the scavenger nor objects-visiting need to be exposed outside
the heap.

R=hpayer@chromium.org,mlippautz@chromium.org

Review URL: https://codereview.chromium.org/1323993004

Cr-Commit-Position: refs/heads/master@{#30712}

9 years agoPreserve the ElementsKind in builtin.cc Slice early return
cbruni [Mon, 14 Sep 2015 10:32:35 +0000 (03:32 -0700)]
Preserve the ElementsKind in builtin.cc Slice early return

LOG=N

BUG=chromium:531348

Review URL: https://codereview.chromium.org/1344493004

Cr-Commit-Position: refs/heads/master@{#30711}

9 years ago[Interpreter] Add support for JS calls.
rmcilroy [Mon, 14 Sep 2015 10:05:18 +0000 (03:05 -0700)]
[Interpreter] Add support for JS calls.

Adds support for JS calls to the interpreter. In order to support
calls from the interpreter, the PushArgsAndCall builtin is added
which pushes a sequence of arguments onto the stack and calls
builtin::Call.

Adds the Call bytecode.

MIPS port contributed by akos.palfi@imgtec.com in https://codereview.chromium.org/1334873002/

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1323463005

Cr-Commit-Position: refs/heads/master@{#30710}

9 years agoMake --turbo-stats output more self-explanatory.
neis [Mon, 14 Sep 2015 09:25:18 +0000 (02:25 -0700)]
Make --turbo-stats output more self-explanatory.

BUG=

Review URL: https://codereview.chromium.org/1331553002

Cr-Commit-Position: refs/heads/master@{#30709}

9 years agoConstruct Range rather than Constant when typing integers.
neis [Mon, 14 Sep 2015 09:23:19 +0000 (02:23 -0700)]
Construct Range rather than Constant when typing integers.

Also clarify some comments.

R=jarin@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1328193003

Cr-Commit-Position: refs/heads/master@{#30708}

9 years ago[builtins] Remove STRING_ADD_LEFT and STRING_ADD_RIGHT builtins.
bmeurer [Mon, 14 Sep 2015 08:40:44 +0000 (01:40 -0700)]
[builtins] Remove STRING_ADD_LEFT and STRING_ADD_RIGHT builtins.

These builtins present an optimization for the general addition case,
where one side is already known to be a string. Unfortunately this
optimization is wrong in the presence of @@toPrimitive (there are some
ideas how to implement a similar optimization using the prototype
backpointer mechanism that jkummerow@ introduced earlier). So this
also removes the broken %_IsStringWrapperSafeForDefaultValueOf, which is
the key part of the optimization mentioned above.

R=mstarzinger@chromium.org
BUG=v8:4307
LOG=n

Review URL: https://codereview.chromium.org/1336273002

Cr-Commit-Position: refs/heads/master@{#30707}

9 years ago[builtins] Simplify String constructor code.
bmeurer [Mon, 14 Sep 2015 07:51:07 +0000 (00:51 -0700)]
[builtins] Simplify String constructor code.

The String constructor was somewhat complex with a lot of micro
optimizations that are not relevant or even misguided. It would be
really hard to port that code to ES6, which requires String to be
subclassable. So as a first step we reduced the necessary complexity
to the bare minimum (also removing the last user of the fairly complex
MacroAssembler::LookupNumberStringCache method).

This also removes the counters for the String constructor, which
were not properly exposed anymore (and not kept in sync with inlined
versions of the String constructor anyway).

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1335193002

Cr-Commit-Position: refs/heads/master@{#30706}

9 years agoFixing Sloppy Symbol.iterator setter
cbruni [Mon, 14 Sep 2015 07:19:58 +0000 (00:19 -0700)]
Fixing Sloppy Symbol.iterator setter
In certiain cases the ArgumentsIteratorSetter would trigger an invalid
state in the LookupIterator when being overridden. This is now solved
by bypassing the SetDataProperty and directly using
DefinePropertyOrElementIgnoringAttributes since we know exactly which
property we're going to install

LOG=N
BUG=chromium:521484

Review URL: https://codereview.chromium.org/1332873002

Cr-Commit-Position: refs/heads/master@{#30705}

9 years agoWhitespace change to test gnumbd for master branch.
tandrii [Sun, 13 Sep 2015 19:35:29 +0000 (12:35 -0700)]
Whitespace change to test gnumbd for master branch.

R=machenbach@chromium.org
BUG=530941
NOTRY=true
NOPRESUBMIT=true

Review URL: https://codereview.chromium.org/1340773002

Cr-Commit-Position: refs/heads/master@{#30704}

9 years agoOptionally use new GN optimization config.
brettw [Fri, 11 Sep 2015 18:28:15 +0000 (11:28 -0700)]
Optionally use new GN optimization config.

The GN default optimization flag is changing from being specific to the
debug/release status of the build to always being "default_optimization" so
it's easier to override without being conditional on the exact setup in
BUILDCONFIG.gn. See https://codereview.chromium.org/1324623005/

Since V8 is DEPS-ed in, it will need to support both modes to allow a landing.
This patch uses a temporary transitional flag I added to BUILDCONFIG to
indicate which variant should be used. After the patch is landed, we can remove
the new conditions and just remove default_optimization.

Review URL: https://codereview.chromium.org/1333963002

Cr-Commit-Position: refs/heads/master@{#30703}

9 years agoProfiler code clean-up
yurys [Fri, 11 Sep 2015 16:29:55 +0000 (09:29 -0700)]
Profiler code clean-up

BUG=None
LOG=N

Review URL: https://codereview.chromium.org/1332683002

Cr-Commit-Position: refs/heads/master@{#30702}

9 years ago[MIPS] Remove obsolete MacroAssembler::FlushICache.
mstarzinger [Fri, 11 Sep 2015 16:00:44 +0000 (09:00 -0700)]
[MIPS] Remove obsolete MacroAssembler::FlushICache.

R=mlippautz@chromium.org

Review URL: https://codereview.chromium.org/1334273002

Cr-Commit-Position: refs/heads/master@{#30701}

9 years agoMIPS: Save and restore callee-saved FP registers in cctest/ConvertDToI.
akos.palfi [Fri, 11 Sep 2015 15:31:08 +0000 (08:31 -0700)]
MIPS: Save and restore callee-saved FP registers in cctest/ConvertDToI.

Correctly save and restore FP registers in cctest/ConvertDToI to
avoid accidental register overwriting by the generated code.

Note: This failure is manifested only in R6 mode.

TEST=test/cctest/interpreter/test-interpreter
BUG=

Review URL: https://codereview.chromium.org/1337023002

Cr-Commit-Position: refs/heads/master@{#30700}

9 years agoMIPS: Refine '[stubs] Simplify the non-function case of CallConstructStub.'
balazs.kilvady [Fri, 11 Sep 2015 15:12:37 +0000 (08:12 -0700)]
MIPS: Refine '[stubs] Simplify the non-function case of CallConstructStub.'

Port 622fa0ea21b3517b1feaed447c87e580bafac865

Original commit message:
Currently we do this dance between the CallConstructStub, the
CALL_* builtins and the %GetConstructorDelegate, %GetProxyTrap,
and %Apply runtime functions for every [[Construct]] operation on
non-function callables. This is complexity is unnecessary, and can
be simplified to work without any JS builtin. This will also make it
a lot easier to implement ES6 compliant [[Construct]] for proxies.

Also sanitize the invariant for CallConstructStub, which up until now
always restored the context itself, but that force us to always create
another copy of all arguments in case of proxies and other callables,
so we can relax that constraint by making the caller restore the context
(this only affects fullcodegen, since the optimizing compilers already
properly restore the context anyway).

BUG=

Review URL: https://codereview.chromium.org/1340553002

Cr-Commit-Position: refs/heads/master@{#30699}

9 years agoPPC: Make FlushICache part of Assembler(Base) and take Isolate as parameter.
mbrandy [Fri, 11 Sep 2015 15:09:56 +0000 (08:09 -0700)]
PPC: Make FlushICache part of Assembler(Base) and take Isolate as parameter.

Port 9fc4fc141fa1d1aa1a3ccb901518cdffa0d6d268

R=mlippautz@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=chromium:524425
LOG=N

Review URL: https://codereview.chromium.org/1339673002

Cr-Commit-Position: refs/heads/master@{#30698}

9 years agoPPC: [builtins] Remove the weird STACK_OVERFLOW builtin.
mbrandy [Fri, 11 Sep 2015 15:08:49 +0000 (08:08 -0700)]
PPC: [builtins] Remove the weird STACK_OVERFLOW builtin.

Port 39604dda567b9ba9f4dcfe42f95471f30ec7cb6b

Original commit message:
    Just use a %ThrowStackOverflow runtime function instead, which
    does the trick, especially since the Isolate already has a
    preallocated StackOverflow error for that.

R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1334303002

Cr-Commit-Position: refs/heads/master@{#30697}

9 years agoPPC: [stubs] Simplify the non-function case of CallConstructStub.
mbrandy [Fri, 11 Sep 2015 15:07:42 +0000 (08:07 -0700)]
PPC: [stubs] Simplify the non-function case of CallConstructStub.

Port 622fa0ea21b3517b1feaed447c87e580bafac865

Original commit message:
    Currently we do this dance between the CallConstructStub, the
    CALL_* builtins and the %GetConstructorDelegate, %GetProxyTrap,
    and %Apply runtime functions for every [[Construct]] operation on
    non-function callables. This is complexity is unnecessary, and can
    be simplified to work without any JS builtin. This will also make it
    a lot easier to implement ES6 compliant [[Construct]] for proxies.

    Also sanitize the invariant for CallConstructStub, which up until now
    always restored the context itself, but that force us to always create
    another copy of all arguments in case of proxies and other callables,
    so we can relax that constraint by making the caller restore the context
    (this only affects fullcodegen, since the optimizing compilers already
    properly restore the context anyway).

R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1338663003

Cr-Commit-Position: refs/heads/master@{#30696}

9 years agoMake FlushICache part of Assembler(Base) and take Isolate as parameter.
mlippautz [Fri, 11 Sep 2015 12:59:30 +0000 (05:59 -0700)]
Make FlushICache part of Assembler(Base) and take Isolate as parameter.

BUG=chromium:524425
LOG=N

Review URL: https://codereview.chromium.org/1332283002

Cr-Commit-Position: refs/heads/master@{#30695}

9 years agoWhitespace change to smoke-test auto-bisect.
Michael Achenbach [Fri, 11 Sep 2015 11:35:36 +0000 (13:35 +0200)]
Whitespace change to smoke-test auto-bisect.

Cr-Commit-Position: refs/heads/master@{#30694}

9 years ago[builtins] Remove the weird STACK_OVERFLOW builtin.
bmeurer [Fri, 11 Sep 2015 10:21:27 +0000 (03:21 -0700)]
[builtins] Remove the weird STACK_OVERFLOW builtin.

Just use a %ThrowStackOverflow runtime function instead, which
does the trick, especially since the Isolate already has a
preallocated StackOverflow error for that.

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1337883002

Cr-Commit-Position: refs/heads/master@{#30693}

9 years agoVector ICs: gyp flag to run with vector-stores on.
mvstanton [Fri, 11 Sep 2015 10:00:05 +0000 (03:00 -0700)]
Vector ICs: gyp flag to run with vector-stores on.

This is so we can build with the flag on in the snapshot.
D8 then needs to be run with --vector-stores.

BUG=
R=machenbach@chromium.org

Review URL: https://codereview.chromium.org/1339593002

Cr-Commit-Position: refs/heads/master@{#30692}

9 years ago[stubs] Simplify the non-function case of CallConstructStub.
bmeurer [Fri, 11 Sep 2015 09:45:04 +0000 (02:45 -0700)]
[stubs] Simplify the non-function case of CallConstructStub.

Currently we do this dance between the CallConstructStub, the
CALL_* builtins and the %GetConstructorDelegate, %GetProxyTrap,
and %Apply runtime functions for every [[Construct]] operation on
non-function callables. This is complexity is unnecessary, and can
be simplified to work without any JS builtin. This will also make it
a lot easier to implement ES6 compliant [[Construct]] for proxies.

Also sanitize the invariant for CallConstructStub, which up until now
always restored the context itself, but that force us to always create
another copy of all arguments in case of proxies and other callables,
so we can relax that constraint by making the caller restore the context
(this only affects fullcodegen, since the optimizing compilers already
properly restore the context anyway).

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1335723002

Cr-Commit-Position: refs/heads/master@{#30691}

9 years ago[turbofan] Greedy: live range grouping.
mtrofin [Fri, 11 Sep 2015 05:35:41 +0000 (22:35 -0700)]
[turbofan] Greedy: live range grouping.

Grouping of live ranges that would be beneficial if
allocated on the same register. Currently, that means phi
outputs and inputs.

Review URL: https://codereview.chromium.org/1312473018

Cr-Commit-Position: refs/heads/master@{#30690}

9 years agoPPC: Vector ICs: The Oracle needs to report feedback for the object literals and...
mbrandy [Thu, 10 Sep 2015 19:18:22 +0000 (12:18 -0700)]
PPC: Vector ICs: The Oracle needs to report feedback for the object literals and the count operation.

Port 752b0308df72461bfeb644bf6dd8dd331fcdb722

Original commit message:
    The refactoring is because it's awkward and error-prone to deterimine which IC slot an
    ObjectLiteralProperty uses for feedback. The fix is for each one to know it's own slot. In the
    numbering pass, we allocate slots for the ObjectLiteral, then hand out those slots into the
    properties.

    It adds one word to the ObjectLiteralProperty expression - I'm investigating if thats a
    problem.

    This changes makes compiling the object literal cleaner across the three compilers. Also, the
    slot allocation logic in ObjectLiteral::ComputeFeedbackRequirements() was refactoring to mimic
    the style in full-codegen. This is useful since it must remain in sync with
    FullCodegen::VisitObjectLiteral().

R=mvstanton@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1331893003

Cr-Commit-Position: refs/heads/master@{#30689}

9 years agoProfiler: resolve top of stack address to a function
yurys [Thu, 10 Sep 2015 17:45:39 +0000 (10:45 -0700)]
Profiler: resolve top of stack address to a function

When we cannot map top frame's pc to a code object and top frame is JS frame we now assume that it was a frameless invocation of a native function (e.g. __fmod) and try to resolve address on top of the stack into a JS function.

BUG=chromium:529931
LOG=Y

Review URL: https://codereview.chromium.org/1315683007

Cr-Commit-Position: refs/heads/master@{#30688}

9 years ago[Interpreter] Skeleton bytecode graph builder
oth [Thu, 10 Sep 2015 16:21:34 +0000 (09:21 -0700)]
[Interpreter] Skeleton bytecode graph builder

Add skeleton version bytecode-graph-builder.{h,cc} for existing
bytecodes.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1291693004

Cr-Commit-Position: refs/heads/master@{#30687}

9 years agoVector ICs: The Oracle needs to report feedback for the object literals and the count...
mvstanton [Thu, 10 Sep 2015 15:02:21 +0000 (08:02 -0700)]
Vector ICs: The Oracle needs to report feedback for the object literals and the count operation.

The refactoring is because it's awkward and error-prone to deterimine which IC slot an
ObjectLiteralProperty uses for feedback. The fix is for each one to know it's own slot. In the
numbering pass, we allocate slots for the ObjectLiteral, then hand out those slots into the
properties.

It adds one word to the ObjectLiteralProperty expression - I'm investigating if thats a
problem.

This changes makes compiling the object literal cleaner across the three compilers. Also, the
slot allocation logic in ObjectLiteral::ComputeFeedbackRequirements() was refactoring to mimic
the style in full-codegen. This is useful since it must remain in sync with
FullCodegen::VisitObjectLiteral().

Review URL: https://codereview.chromium.org/1321993004

Cr-Commit-Position: refs/heads/master@{#30686}

9 years agoParsing especially large nested functions takes up more memory than necessary.
conradw [Thu, 10 Sep 2015 14:40:57 +0000 (07:40 -0700)]
Parsing especially large nested functions takes up more memory than necessary.
Inner functions must be eagerly parsed for scope analysis, but the full AST is
also kept around even though it's not needed.

This CL mitigates this problem by allocating some AstNodes of the inner function
to a temporary Zone which is deallocated once the scope information has been
built. The remaining nodes (such as VariableProxy) must persist until scope
analysis actually happens, and have to be allocated to a parser-persistent Zone.

BUG=417697
LOG=N

Review URL: https://codereview.chromium.org/1304923004

Cr-Commit-Position: refs/heads/master@{#30685}

9 years agoEnable loads and stores to global vars through property cell shortcuts installed...
ishell [Thu, 10 Sep 2015 14:21:18 +0000 (07:21 -0700)]
Enable loads and stores to global vars through property cell shortcuts installed into parent script context.

Review URL: https://codereview.chromium.org/1330213003

Cr-Commit-Position: refs/heads/master@{#30684}