platform/upstream/v8.git
9 years ago[builtins] Add support for NewTarget to Execution::New.
bmeurer [Tue, 22 Sep 2015 04:27:14 +0000 (21:27 -0700)]
[builtins] Add support for NewTarget to Execution::New.

Introduce new builtins Construct and ConstructFunction (in line
with the Call and CallFunction builtins that we already have) as
proper bottleneck for Construct and [[Construct]] on JSFunctions.
Use these builtins to support passing NewTarget from C++ to
JavaScript land.

Long-term we want the CallConstructStub to be used for
gathering feedback on entry to construction chain (i.e. the
initial new Foo), and use the Construct builtins to do the
actual work inside the construction chain (i.e. calling into
super and stuff).

MIPS and MIPS64 ports contributed by akos.palfi@imgtec.com.

R=jarin@chromium.org
BUG=v8:4430
LOG=n

Review URL: https://codereview.chromium.org/1359583002

Cr-Commit-Position: refs/heads/master@{#30857}

9 years ago[crankshaft] Handle @@toStringTag accessor correctly for BuildCompareInstruction.
bmeurer [Tue, 22 Sep 2015 04:07:53 +0000 (21:07 -0700)]
[crankshaft] Handle @@toStringTag accessor correctly for BuildCompareInstruction.

If @@toStringTag is an accessor property, we cannot assume that the result
of calling Object.prototype.toString() for objects with the same map.

R=adamk@chromium.org
BUG=chromium:534200
LOG=n

Review URL: https://codereview.chromium.org/1360723002

Cr-Commit-Position: refs/heads/master@{#30856}

9 years agoUpdate V8 DEPS.
v8-autoroll [Tue, 22 Sep 2015 03:25:00 +0000 (20:25 -0700)]
Update V8 DEPS.

Rolling v8/build/gyp to 01528c7244837168a1c80f06ff60fa5a9793c824

Rolling v8/tools/clang to 3e04436a49a26f4bd2c6f352efcf4c7b10a6d07d

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review URL: https://codereview.chromium.org/1360563003

Cr-Commit-Position: refs/heads/master@{#30855}

9 years agoSplit the GN 'snapshot_toolchain' logic out into an include file.
dpranke [Tue, 22 Sep 2015 02:28:32 +0000 (19:28 -0700)]
Split the GN 'snapshot_toolchain' logic out into an include file.

We need to build parts of v8 with a toolchain that might be different
from both the default (target) toolchain and the regular host toolchain,
because we need the snapshot to have the same bit-width as the target.
V8's build defines a 'snapshot_toolchain' setting for this.

It turns out that we need the value of this toolchain to be exposed
to the Chromium build because some of the test targets (in browser_tests)
depend on d8 and need to be able to built using the same toolchain.

R=brett@chromium.org, jochen@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1350223004

Cr-Commit-Position: refs/heads/master@{#30854}

9 years agoStage sloppy block-scoped functions (Annex B 3.3)
littledan [Mon, 21 Sep 2015 16:30:25 +0000 (09:30 -0700)]
Stage sloppy block-scoped functions (Annex B 3.3)

Turn on some test262 tests that pass now.

R=adamk
LOG=Y
BUG=v8:4285

Review URL: https://codereview.chromium.org/1357233002

Cr-Commit-Position: refs/heads/master@{#30853}

9 years ago[ic] Also collect known map for relational comparison.
bmeurer [Mon, 21 Sep 2015 16:05:27 +0000 (09:05 -0700)]
[ic] Also collect known map for relational comparison.

Previously we only collected the known map for equality comparisons. But
if we also collect it for relational comparisons, we can inline a fast
path of ToPrimitive on the objects, which is especially interesting
since both sides have the same map.

For now we only inline a very limited subset of ToPrimitive in
Crankshaft, which is when the receiver map (and its prototype chain)
doesn't have @@toPrimitive, and both valueOf and toString are the
default versions on the %ObjectPrototype%. In this case the relational
comparison would reduce to a string comparison of "[object CLASS]" with
itself and so we can reduce that to a boolean constant plus map checks
on both left and right hand side, plus code dependencies on the
prototype chain. This repairs the regression on box2d.

R=jkummerow@chromium.org
BUG=chromium:534200
LOG=n

Review URL: https://codereview.chromium.org/1355113002

Cr-Commit-Position: refs/heads/master@{#30852}

9 years agoWhitespace change to test infra changes.
Michael Achenbach [Mon, 21 Sep 2015 14:33:03 +0000 (16:33 +0200)]
Whitespace change to test infra changes.

Cr-Commit-Position: refs/heads/master@{#30851}

9 years ago[heap] Sort declarations for MemoryChunk.
mlippautz [Mon, 21 Sep 2015 14:03:44 +0000 (07:03 -0700)]
[heap] Sort declarations for MemoryChunk.

R=hpayer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1360553003

Cr-Commit-Position: refs/heads/master@{#30850}

9 years ago[turbofan] Add support for reinterpreting integers as floating point and vice versa.
titzer [Mon, 21 Sep 2015 14:00:51 +0000 (07:00 -0700)]
[turbofan] Add support for reinterpreting integers as floating point and vice versa.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1356913002

Cr-Commit-Position: refs/heads/master@{#30849}

9 years ago[heap] Add timer scopes to process weak cells and clear non-live references.
hpayer [Mon, 21 Sep 2015 13:16:21 +0000 (06:16 -0700)]
[heap] Add timer scopes to process weak cells and clear non-live references.

BUG=

Review URL: https://codereview.chromium.org/1345273004

Cr-Commit-Position: refs/heads/master@{#30848}

9 years ago[crankshaft] Generalize PropertyAccessInfo to Name (so it can deal with symbols).
bmeurer [Mon, 21 Sep 2015 12:58:00 +0000 (05:58 -0700)]
[crankshaft] Generalize PropertyAccessInfo to Name (so it can deal with symbols).

This doesn't fix the performance regression mentioned by the bug yet,
but is necessary cleanup to land the fix, and should be separated from
the actual fix.

R=jkummerow@chromium.org
BUG=chromium:534200
LOG=n

Review URL: https://codereview.chromium.org/1345313005

Cr-Commit-Position: refs/heads/master@{#30847}

9 years agoContinuing removing deprecated function from cctest
mythria [Mon, 21 Sep 2015 10:34:44 +0000 (03:34 -0700)]
Continuing removing deprecated function from cctest

Removes deprecated functions from the following files:

test/cctest/compiler/function-tester.h
test/cctest/test-thread-termination.cc
test/cctest/test-threads.cc
test/cctest/test-transitions.cc
test/cctest/test-typedarrays.cc
test/cctest/test-types.cc
test/cctest/test-typing-reset.cc
test/cctest/test-unbound-queue.cc
test/cctest/test-unboxed-doubles.cc

BUG=v8:4134
LOG=n

Review URL: https://codereview.chromium.org/1344583002

Cr-Commit-Position: refs/heads/master@{#30846}

9 years agoX87: [stubs] Refactor StringCompareStub and use it for HStringCompareAndBranch.
chunyang.dai [Mon, 21 Sep 2015 09:18:11 +0000 (02:18 -0700)]
X87: [stubs] Refactor StringCompareStub and use it for HStringCompareAndBranch.

port 8016547c8e6fde00fff0a1791f3c83b444d8af25 (r30818).

original commit message:

    The StringCompareStub used to take its parameters on the (JavaScript)
    stack, which made it impossible to use in TurboFan. Actually
    StringCompareStub was currently completely unused. This changes the
    calling convention to something TurboFan compatible and introduces a
    CallInterfaceDescriptor for StringCompareStub. It also changes
    HStringCompareAndBranch to use the StringCompareStub instead of using
    the full blown CompareICStub for a stupid string comparison.

BUG=

Review URL: https://codereview.chromium.org/1355983003

Cr-Commit-Position: refs/heads/master@{#30845}

9 years agoX87: [runtime] Replace COMPARE/COMPARE_STRONG with proper Object::Compare.
chunyang.dai [Mon, 21 Sep 2015 09:13:01 +0000 (02:13 -0700)]
X87: [runtime] Replace COMPARE/COMPARE_STRONG with proper Object::Compare.

port 593c655a3c814277283f9fa1520d5ce59d6b019c (r30816).

original commit message:

    This removes the weird COMPARE and COMPARE_STRONG JavaScript builtins
    and replaces them with a proper C++ implementation in Object::Compare
    and appropriate wrappers Object::LessThan, Object::GreaterThan, and
    friends that are intended to be used by a true/false returning CompareIC
    in the future, as well as the interpreter.  As a short-term solution we
    provide %Compare and %Compare_Strong entry points for the current
    CompareIC that return the appropriate integer values expected by
    fullcodegen currently.

    Now the Abstract Relational Comparison is also using the correct
    ToPrimitive implementation, which properly supports @@toPrimitive.

BUG=

Review URL: https://codereview.chromium.org/1353343002

Cr-Commit-Position: refs/heads/master@{#30844}

9 years agoAdd ScopeInfo constants to post-mortem metadata
julien.gilli [Mon, 21 Sep 2015 05:45:20 +0000 (22:45 -0700)]
Add ScopeInfo constants to post-mortem metadata

mdb_v8, a post-mortem debugging tool for Node.js, allows users to
inspect ScopeInfo structures in order to get more information about
closures.

Currently, it hardcodes the metadata it uses to find this information.
This change allows it to get this metadata from the node binary itself,
and thus to adapt to future changes made to the layout of the ScopeInfo
data structure.

BUG=

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1350843003

Cr-Commit-Position: refs/heads/master@{#30843}

9 years agoImplement sloppy-mode block-defined functions (Annex B 3.3)
littledan [Mon, 21 Sep 2015 04:30:50 +0000 (21:30 -0700)]
Implement sloppy-mode block-defined functions (Annex B 3.3)

ES2015 specifies very particular semantics for functions defined in blocks.
In strict mode, it is simply a lexical binding scoped to that block. In sloppy
mode, in addition to that lexical binding, there is a var-style binding in
the outer scope, which is overwritten with the local binding when the function
declaration is evaluated, *as long as* introducing ths var binding would not
create a var/let conflict in the outer scope.

This patch implements the semantics by introducing a DelegateStatement, which
is initially filled in with the EmptyStatement and overwritten with the
assignment when the scope is closed out and it can be checked that there is
no conflict.

This patch is tested with a new mjsunit test, and I tried staging it and running
test262, finding that the tests that we have disabled due to lack of Annex B
support now pass.

R=adamk,rossberg
LOG=Y
BUG=v8:4285

Review URL: https://codereview.chromium.org/1332873003

Cr-Commit-Position: refs/heads/master@{#30842}

9 years agoReland of Make profiler no frame region detection code more robust [ia86/x64]
alph [Sun, 20 Sep 2015 16:40:19 +0000 (09:40 -0700)]
Reland of Make profiler no frame region detection code more robust [ia86/x64]

Upon collection of the stack trace if the current PC falls into
the frame building code, the top frame might be in a non-consistent
state. That leads to some of the frames could be missing from the
stack trace.

The patch makes it check instructions under current PC and if they
look like the frame setup/destroy code, it skips the entire sample.

Support for x86/x64

CG_INCLUDE_TRYBOTS=tryserver.v8:v8_linux64_msan_rel
BUG=chromium:529931
LOG=N

Review URL: https://codereview.chromium.org/1348533005

Cr-Commit-Position: refs/heads/master@{#30841}

9 years agoUpdate V8 DEPS.
v8-autoroll [Sat, 19 Sep 2015 03:25:56 +0000 (20:25 -0700)]
Update V8 DEPS.

Rolling v8/build/gyp to cf3170e30578d600b8ec8cd68553cc5e606d42eb

Rolling v8/tools/clang to 76e743dc622478312b66661ad48997b318628cbb

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review URL: https://codereview.chromium.org/1357793002

Cr-Commit-Position: refs/heads/master@{#30840}

9 years agoUpdate BitField3 type in gen-postmortem-metadata.py
julien.gilli [Fri, 18 Sep 2015 22:41:04 +0000 (15:41 -0700)]
Update BitField3 type in gen-postmortem-metadata.py

Since https://codereview.chromium.org/272163002, BitField3 is a raw
uint32 field, and not a SMI anymore.

Update tools/gen-postmortem-metadata.py so that post-mortem tools can
work with versions of V8 that shipped after that change.

This change was merged in github.com/joyent/node right before node
v0.12.0 was released.

R=danno@chromium.org

TEST=mdb_v8, a post-mortem debugging tool running on SmartOS,  has been
using this change since Node.js v0.12.0 was released

BUG=

Review URL: https://codereview.chromium.org/1296743003

Cr-Commit-Position: refs/heads/master@{#30839}

9 years agoPPC: Fix AssertFunction.
mbrandy [Fri, 18 Sep 2015 19:42:25 +0000 (12:42 -0700)]
PPC: Fix AssertFunction.

R=joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1345223005

Cr-Commit-Position: refs/heads/master@{#30838}

9 years agoPPC: [stubs] Refactor StringCompareStub and use it for HStringCompareAndBranch.
mbrandy [Fri, 18 Sep 2015 18:40:32 +0000 (11:40 -0700)]
PPC: [stubs] Refactor StringCompareStub and use it for HStringCompareAndBranch.

Port 8016547c8e6fde00fff0a1791f3c83b444d8af25

Original commit message:
    The StringCompareStub used to take its parameters on the (JavaScript)
    stack, which made it impossible to use in TurboFan. Actually
    StringCompareStub was currently completely unused. This changes the
    calling convention to something TurboFan compatible and introduces a
    CallInterfaceDescriptor for StringCompareStub. It also changes
    HStringCompareAndBranch to use the StringCompareStub instead of using
    the full blown CompareICStub for a stupid string comparison.

R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1358553002

Cr-Commit-Position: refs/heads/master@{#30837}

9 years agoPPC: [runtime] Replace COMPARE/COMPARE_STRONG with proper Object::Compare.
mbrandy [Fri, 18 Sep 2015 18:39:06 +0000 (11:39 -0700)]
PPC: [runtime] Replace COMPARE/COMPARE_STRONG with proper Object::Compare.

Port 593c655a3c814277283f9fa1520d5ce59d6b019c

Original commit message:
    This removes the weird COMPARE and COMPARE_STRONG JavaScript builtins
    and replaces them with a proper C++ implementation in Object::Compare
    and appropriate wrappers Object::LessThan, Object::GreaterThan, and
    friends that are intended to be used by a true/false returning CompareIC
    in the future, as well as the interpreter.  As a short-term solution we
    provide %Compare and %Compare_Strong entry points for the current
    CompareIC that return the appropriate integer values expected by
    fullcodegen currently.

    Now the Abstract Relational Comparison is also using the correct
    ToPrimitive implementation, which properly supports @@toPrimitive.

R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=v8:4307
LOG=n

Review URL: https://codereview.chromium.org/1356983002

Cr-Commit-Position: refs/heads/master@{#30836}

9 years agoRemove on-by-default flag --harmony-object
adamk [Fri, 18 Sep 2015 18:37:44 +0000 (11:37 -0700)]
Remove on-by-default flag --harmony-object

It's been enabled since M45, which is now well into its stable period,
with no problems reported.

Review URL: https://codereview.chromium.org/1356793002

Cr-Commit-Position: refs/heads/master@{#30835}

9 years agoStop emitting kSloppyLexical errors when --harmony-sloppy-let is enabled
adamk [Fri, 18 Sep 2015 18:19:53 +0000 (11:19 -0700)]
Stop emitting kSloppyLexical errors when --harmony-sloppy-let is enabled

This changes the error message for code like:

  if (false) let x;

from "Block-scoped declarations (let, const, function, class) not yet supported outside strict mode"
to "Unexpected identifier" (pointing at |x|).

Review URL: https://codereview.chromium.org/1356783002

Cr-Commit-Position: refs/heads/master@{#30834}

9 years ago[turbofan] Merge group spill ranges.
mtrofin [Fri, 18 Sep 2015 16:01:52 +0000 (09:01 -0700)]
[turbofan] Merge group spill ranges.

Akin to linear scan's TryReuseSpillForPhi, we attempt to merge the
spill ranges of grouped live ranges (which are phi inputs and output),
to avoid inefficient slot-to-slot moves.

BUG=

Review URL: https://codereview.chromium.org/1353023003

Cr-Commit-Position: refs/heads/master@{#30833}

9 years ago[es6] Use the correct ToPrimitive in the Date Constructor.
bmeurer [Fri, 18 Sep 2015 13:20:25 +0000 (06:20 -0700)]
[es6] Use the correct ToPrimitive in the Date Constructor.

This way we can finally remove the ES5 ToPrimitive builtin from
runtime.js, and the Date Constructor now properly supports
@@toPrimitive for the single argument case as well.

CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg,v8_linux_nosnap_dbg
R=rossberg@chromium.org
BUG=v8:4307
LOG=n

Review URL: https://codereview.chromium.org/1346893003

Cr-Commit-Position: refs/heads/master@{#30832}

9 years ago[base] Fix check that makes sure we commit in the virtual memory range.
mlippautz [Fri, 18 Sep 2015 12:41:19 +0000 (05:41 -0700)]
[base] Fix check that makes sure we commit in the virtual memory range.

R=jochen@chromium.org
BUG=chromium:533342
LOG=N

Review URL: https://codereview.chromium.org/1349723005

Cr-Commit-Position: refs/heads/master@{#30831}

9 years agoFix incorrect buffer length.
vogelheim [Fri, 18 Sep 2015 12:07:16 +0000 (05:07 -0700)]
Fix incorrect buffer length.

R=jochen@chromium.org
BUG=chromium:533243
LOG=N

Review URL: https://codereview.chromium.org/1356863002

Cr-Commit-Position: refs/heads/master@{#30830}

9 years agoX87: Remove --pretenure-call-new
chunyang.dai [Fri, 18 Sep 2015 12:00:48 +0000 (05:00 -0700)]
X87: Remove --pretenure-call-new

port b5588f48fd0b4e3ee43be1fe6c19d7ddd8b8b5f1 (r30767).

original commit message:

    There isn't a plan to turn it on soon, so we'll take it out in favor of cleaner code.

BUG=

Review URL: https://codereview.chromium.org/1346043005

Cr-Commit-Position: refs/heads/master@{#30829}

9 years agoX87: [runtime] Initial step towards switching Execution::Call to callable.
chunyang.dai [Fri, 18 Sep 2015 11:59:31 +0000 (04:59 -0700)]
X87: [runtime] Initial step towards switching Execution::Call to callable.

port d5bbd45f044ae6796c0d0f7bd8732069d74418de (r30808).

oringial commit message:

    Currently Execution::Call (and friends) still duplicate a lot of the
    Call sequence logic that should be encapsulated in the Call and
    CallFunction builtins. So the plan now is to switch Execution::Call
    to accept any Callable and just pass that through to the Call builtin.

BUG=

Review URL: https://codereview.chromium.org/1350183005

Cr-Commit-Position: refs/heads/master@{#30828}

9 years agoX87: Vector ICs: Hook up vectors in platform builtins to their SharedFunctionInfos.
chunyang.dai [Fri, 18 Sep 2015 11:47:23 +0000 (04:47 -0700)]
X87: Vector ICs: Hook up vectors in platform builtins to their SharedFunctionInfos.

port 905e008c52ba06120f4a523aab00a53bc50830f1 (r30758)

BUG=

Review URL: https://codereview.chromium.org/1352173002

Cr-Commit-Position: refs/heads/master@{#30827}

9 years agoX87: [builtins] Unify the String constructor.
chunyang.dai [Fri, 18 Sep 2015 11:46:12 +0000 (04:46 -0700)]
X87: [builtins] Unify the String constructor.

port a3d6f6cce317dbe1d31079eb81e15e49f3fb687a (r30759).

original commit message:

    Implement the String constructor completely as native builtin,
    avoiding the need to do gymnastics in JavaScript builtin to
    properly detect the no argument case (which is different from
    the undefined argument case) and also allowing to just
    tailcall through to ToString or SymbolDescriptiveString for
    the common case. Also the JavaScript builtin was misleading
    since the case for construct call was unused, but could be
    triggered in a wrong way once we support tail calls from
    constructor functions.

    This refactoring allows us to properly implement subclassing
    for String builtins, once we have the correct initial_map on
    derived classes (it's merely a matter of using NewTarget
    instead of the target register now).

    This introduces a new %SymbolDescriptiveString runtime
    entry, which is also used by Symbol.toString() now.

BUG=

Review URL: https://codereview.chromium.org/1349403002

Cr-Commit-Position: refs/heads/master@{#30826}

9 years agoelements.cc cleanup
cbruni [Fri, 18 Sep 2015 11:15:34 +0000 (04:15 -0700)]
elements.cc cleanup

Reuse code for copying arguments and pushing/shifting elements.

BUG=

Review URL: https://codereview.chromium.org/1346013005

Cr-Commit-Position: refs/heads/master@{#30825}

9 years agoMIPS64: Optimize simulator.
balazs.kilvady [Fri, 18 Sep 2015 11:08:17 +0000 (04:08 -0700)]
MIPS64: Optimize simulator.

Port 09f41681ef83fe9e9d79748e2a60f16b70d5934c

Original commit message:
The patch decreases the calls of huge switch instructions making the
DecodeType*() functions to work in one phase and optimizing
Instruction::InstructionType(). Speed gain in release full check is
about 33% (6:13 s -> 4:09 s) and in optdebug full test is about 50%
(12:29 -> 6:17)

BUG=

Review URL: https://codereview.chromium.org/1356693002

Cr-Commit-Position: refs/heads/master@{#30824}

9 years agoFix --hydrogen-stats crashing on null_ptr for shared_info
cbruni [Fri, 18 Sep 2015 11:03:30 +0000 (04:03 -0700)]
Fix --hydrogen-stats crashing on null_ptr for shared_info

BUG=

Review URL: https://codereview.chromium.org/1350293002

Cr-Commit-Position: refs/heads/master@{#30823}

9 years ago[heap] Cleanup: Align naming of parallel sweeping with parallel compaction.
mlippautz [Fri, 18 Sep 2015 10:49:11 +0000 (03:49 -0700)]
[heap] Cleanup: Align naming of parallel sweeping with parallel compaction.

Pure refactoring.

R=hpayer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1354613002

Cr-Commit-Position: refs/heads/master@{#30822}

9 years ago[turbofan] Use StringCompareStub for string comparisons.
bmeurer [Fri, 18 Sep 2015 10:18:41 +0000 (03:18 -0700)]
[turbofan] Use StringCompareStub for string comparisons.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1353103002

Cr-Commit-Position: refs/heads/master@{#30821}

9 years agoUse public_deps for v8_base in GN.
brettw [Fri, 18 Sep 2015 09:32:30 +0000 (02:32 -0700)]
Use public_deps for v8_base in GN.

The previous code took advantage of the fact that a group's deps are implicitly public, but I'm trying to fix that. This also cleans up some duplicated code between component and non-component builds.

Review URL: https://codereview.chromium.org/1356723002

Cr-Commit-Position: refs/heads/master@{#30820}

9 years ago[hydrogen] Add crash-hunting instrumentation to Hydrogen too
jkummerow [Fri, 18 Sep 2015 09:15:39 +0000 (02:15 -0700)]
[hydrogen] Add crash-hunting instrumentation to Hydrogen too

This extends instrumentation added in r30683 and r30768 to cover
the possibility that the root cause we're after is in optimized code.

This CL is intended to be reverted in a couple of days, but should
cause no harm while it's in the tree (we would crash anyway).

BUG=chromium:527994
LOG=n

Review URL: https://codereview.chromium.org/1348823003

Cr-Commit-Position: refs/heads/master@{#30819}

9 years ago[stubs] Refactor StringCompareStub and use it for HStringCompareAndBranch.
bmeurer [Fri, 18 Sep 2015 08:30:22 +0000 (01:30 -0700)]
[stubs] Refactor StringCompareStub and use it for HStringCompareAndBranch.

The StringCompareStub used to take its parameters on the (JavaScript)
stack, which made it impossible to use in TurboFan. Actually
StringCompareStub was currently completely unused. This changes the
calling convention to something TurboFan compatible and introduces a
CallInterfaceDescriptor for StringCompareStub. It also changes
HStringCompareAndBranch to use the StringCompareStub instead of using
the full blown CompareICStub for a stupid string comparison.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1347913003

Cr-Commit-Position: refs/heads/master@{#30818}

9 years ago[test] Allow passing extra flags to perf tryjobs.
machenbach [Fri, 18 Sep 2015 08:06:14 +0000 (01:06 -0700)]
[test] Allow passing extra flags to perf tryjobs.

NOTRY=true

Review URL: https://codereview.chromium.org/1342263003

Cr-Commit-Position: refs/heads/master@{#30817}

9 years ago[runtime] Replace COMPARE/COMPARE_STRONG with proper Object::Compare.
bmeurer [Fri, 18 Sep 2015 06:35:36 +0000 (23:35 -0700)]
[runtime] Replace COMPARE/COMPARE_STRONG with proper Object::Compare.

This removes the weird COMPARE and COMPARE_STRONG JavaScript builtins
and replaces them with a proper C++ implementation in Object::Compare
and appropriate wrappers Object::LessThan, Object::GreaterThan, and
friends that are intended to be used by a true/false returning CompareIC
in the future, as well as the interpreter.  As a short-term solution we
provide %Compare and %Compare_Strong entry points for the current
CompareIC that return the appropriate integer values expected by
fullcodegen currently.

Now the Abstract Relational Comparison is also using the correct
ToPrimitive implementation, which properly supports @@toPrimitive.

BUG=v8:4307
LOG=n

Review URL: https://codereview.chromium.org/1350113002

Cr-Commit-Position: refs/heads/master@{#30816}

9 years agoUpdate V8 DEPS.
v8-autoroll [Fri, 18 Sep 2015 03:26:40 +0000 (20:26 -0700)]
Update V8 DEPS.

Rolling v8/tools/clang to 0e7dbd100f91096de47919f394ac0b32dd7c21a2

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review URL: https://codereview.chromium.org/1355633003

Cr-Commit-Position: refs/heads/master@{#30815}

9 years agoUse a kMaxSafeInteger instead of Number.MAX_SAFE_INTEGER
aperez [Thu, 17 Sep 2015 23:59:47 +0000 (16:59 -0700)]
Use a kMaxSafeInteger instead of Number.MAX_SAFE_INTEGER

Defines and uses a kMaxSafeInteger macro (which expands to the constant
2^53-1) instead of accessing Number.MAX_SAFE_INTEGER. This saves loading
the attribute from the Number object, which is slightly faster. This also
makes it clearer from reading the code that tha value being compared is
constant.

BUG=
LOG=N

Review URL: https://codereview.chromium.org/1353953002

Cr-Commit-Position: refs/heads/master@{#30814}

9 years agoPPC: [runtime] Initial step towards switching Execution::Call to callable.
mbrandy [Thu, 17 Sep 2015 20:39:45 +0000 (13:39 -0700)]
PPC: [runtime] Initial step towards switching Execution::Call to callable.

Port d5bbd45f044ae6796c0d0f7bd8732069d74418de

Original commit message:
    Currently Execution::Call (and friends) still duplicate a lot of the
    Call sequence logic that should be encapsulated in the Call and
    CallFunction builtins. So the plan now is to switch Execution::Call
    to accept any Callable and just pass that through to the Call builtin.

R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=v8:4413
LOG=n

Review URL: https://codereview.chromium.org/1347213003

Cr-Commit-Position: refs/heads/master@{#30813}

9 years ago[simdjs] Update spec version to 0.8.4
gdeepti [Thu, 17 Sep 2015 17:54:48 +0000 (10:54 -0700)]
[simdjs] Update spec version to 0.8.4

Merge ShiftRightArithmetic and ShiftRightLogical Functions.

BUG=v8:4124
LOG=Y

Review URL: https://codereview.chromium.org/1351663002

Cr-Commit-Position: refs/heads/master@{#30812}

9 years ago[arm64]: Fix bug introduced accidentally in r30710
rmcilroy [Thu, 17 Sep 2015 17:24:13 +0000 (10:24 -0700)]
[arm64]: Fix bug introduced accidentally in r30710

Uncomment the if (!serializer_enabled()) check which I accidentially left
commented out after debugging during the CLs development.

BUG=chromium:532969
R=bmeurer@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1351943002

Cr-Commit-Position: refs/heads/master@{#30811}

9 years agoPPC: [runtime] Replace the EQUALS builtin with proper Object::Equals.
mbrandy [Thu, 17 Sep 2015 17:16:43 +0000 (10:16 -0700)]
PPC: [runtime] Replace the EQUALS builtin with proper Object::Equals.

Port 54bab695f5de5bf5948c5b50b217628a00d60f91

Original commit message:
    Move the implementation of the Abstract Equality Comparison to the
    runtime and thereby remove the EQUALS dispatcher builtin. Also remove
    the various runtime entry points that were only used to support the
    EQUALS builtin.

    Now the Abstract Equality Comparison is also using the correct
    ToPrimitive implementation, which properly supports @@toPrimitive.

R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=v8:4307
LOG=n

Review URL: https://codereview.chromium.org/1357493002

Cr-Commit-Position: refs/heads/master@{#30810}

9 years agoPPC: [builtins] Unify the String constructor.
mbrandy [Thu, 17 Sep 2015 17:14:06 +0000 (10:14 -0700)]
PPC: [builtins] Unify the String constructor.

Port a3d6f6cce317dbe1d31079eb81e15e49f3fb687a

Original commit message:
    Implement the String constructor completely as native builtin,
    avoiding the need to do gymnastics in JavaScript builtin to
    properly detect the no argument case (which is different from
    the undefined argument case) and also allowing to just
    tailcall through to ToString or SymbolDescriptiveString for
    the common case. Also the JavaScript builtin was misleading
    since the case for construct call was unused, but could be
    triggered in a wrong way once we support tail calls from
    constructor functions.

    This refactoring allows us to properly implement subclassing
    for String builtins, once we have the correct initial_map on
    derived classes (it's merely a matter of using NewTarget
    instead of the target register now).

    This introduces a new %SymbolDescriptiveString runtime
    entry, which is also used by Symbol.toString() now.

R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1354663002

Cr-Commit-Position: refs/heads/master@{#30809}

9 years ago[runtime] Initial step towards switching Execution::Call to callable.
bmeurer [Thu, 17 Sep 2015 17:11:38 +0000 (10:11 -0700)]
[runtime] Initial step towards switching Execution::Call to callable.

Currently Execution::Call (and friends) still duplicate a lot of the
Call sequence logic that should be encapsulated in the Call and
CallFunction builtins. So the plan now is to switch Execution::Call
to accept any Callable and just pass that through to the Call builtin.

CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_dbg
R=jarin@chromium.org
BUG=v8:4413
LOG=n

Committed: https://crrev.com/359645f48156e15f235e9a9ede7910e0bcd9ae45
Cr-Commit-Position: refs/heads/master@{#30791}

Review URL: https://codereview.chromium.org/1353723002

Cr-Commit-Position: refs/heads/master@{#30808}

9 years agoPPC: Remove --pretenure-call-new
mbrandy [Thu, 17 Sep 2015 17:03:57 +0000 (10:03 -0700)]
PPC: Remove --pretenure-call-new

Port b5588f48fd0b4e3ee43be1fe6c19d7ddd8b8b5f1

Original commit message:
    There isn't a plan to turn it on soon, so we'll take it out in favor of cleaner code.

R=mvstanton@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1347253003

Cr-Commit-Position: refs/heads/master@{#30807}

9 years agoPPC: Vector ICs: Hook up vectors in platform builtins to their SharedFunctionInfos.
mbrandy [Thu, 17 Sep 2015 17:02:45 +0000 (10:02 -0700)]
PPC: Vector ICs: Hook up vectors in platform builtins to their SharedFunctionInfos.

Port 905e008c52ba06120f4a523aab00a53bc50830f1

R=mvstanton@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=v8:4423
LOG=N

Review URL: https://codereview.chromium.org/1350923003

Cr-Commit-Position: refs/heads/master@{#30806}

9 years agoWhitespace change.
tandrii [Thu, 17 Sep 2015 14:59:24 +0000 (07:59 -0700)]
Whitespace change.

R=machenbach@chromium.org,jochen@chromium.org
NOTRY=True
BUG=

Review URL: https://codereview.chromium.org/1357453002

Cr-Commit-Position: refs/heads/master@{#30805}

9 years agoPretenure builtin typed arrays.
ben [Thu, 17 Sep 2015 14:47:37 +0000 (07:47 -0700)]
Pretenure builtin typed arrays.

Typed arrays from the snapshot start out in the young space but they
all seem to end up in the old space sooner or later anyway.  Let's
expedite that by allocating them in the old space right away.

Review URL: https://codereview.chromium.org/1347263003

Cr-Commit-Position: refs/heads/master@{#30804}

9 years ago[heap] Fix waiting for parallel tasks
mlippautz [Thu, 17 Sep 2015 14:43:15 +0000 (07:43 -0700)]
[heap] Fix waiting for parallel tasks

R=hpayer@chromium.org
BUG=chromium:524425
LOG=N

Review URL: https://codereview.chromium.org/1356663002

Cr-Commit-Position: refs/heads/master@{#30803}

9 years agoFix for deopt fuzzer which was broken by https://codereview.chromium.org/1352803002
ishell [Thu, 17 Sep 2015 14:05:30 +0000 (07:05 -0700)]
Fix for deopt fuzzer which was broken by https://codereview.chromium.org/1352803002

Review URL: https://codereview.chromium.org/1347073004

Cr-Commit-Position: refs/heads/master@{#30802}

9 years ago[test] Switch perf try wrapper to buildbucket.
machenbach [Thu, 17 Sep 2015 13:41:31 +0000 (06:41 -0700)]
[test] Switch perf try wrapper to buildbucket.

NOTRY=true

Review URL: https://codereview.chromium.org/1351093002

Cr-Commit-Position: refs/heads/master@{#30801}

9 years ago[heap] Scalable slots buffer for parallel compaction.
hpayer [Thu, 17 Sep 2015 13:38:14 +0000 (06:38 -0700)]
[heap] Scalable slots buffer for parallel compaction.

BUG=chromium:524425
LOG=N

Review URL: https://codereview.chromium.org/1341973003

Cr-Commit-Position: refs/heads/master@{#30800}

9 years agoDisable tests that are known to be non-deterministic in --verify-predictable mode.
ishell [Thu, 17 Sep 2015 13:02:01 +0000 (06:02 -0700)]
Disable tests that are known to be non-deterministic in --verify-predictable mode.

Review URL: https://codereview.chromium.org/1352803002

Cr-Commit-Position: refs/heads/master@{#30799}

9 years agoReland "[test] Fix cctest path separators on Windows"
jkummerow [Thu, 17 Sep 2015 13:00:57 +0000 (06:00 -0700)]
Reland "[test] Fix cctest path separators on Windows"

Now run-tests.py understands "suite/foo/bar" with forward slashes for
command-line test selection on all test suites on all platforms.

Previously, file-based suites like mjsunit also accepted "mjsunit/foo\bar";
that behavior is sacrificed here in favor of unification. For the cctest
suite, OTOH, it wasn't possible on Windows to select specific tests at all.

Original review: https://codereview.chromium.org/1348653003/

This reverts commit 5f44a9105980e7ca3a444c9c4293ee9442a8139f.

NOTRY=true

Review URL: https://codereview.chromium.org/1356613002

Cr-Commit-Position: refs/heads/master@{#30798}

9 years agoImprove JSReceiver::GetKeys Speed
cbruni [Thu, 17 Sep 2015 12:52:37 +0000 (05:52 -0700)]
Improve JSReceiver::GetKeys Speed
The core bottleneck lies in N-square cost of array union. Depending on the size
of the arrays involved it makes sense to rely on a hash-set/table for the lookup.

LOG=N
BUG=v8:2904

Review URL: https://codereview.chromium.org/1316213008

Cr-Commit-Position: refs/heads/master@{#30797}

9 years agoReland "[heap] Introduce parallel compaction algorithm."
mlippautz [Thu, 17 Sep 2015 12:23:46 +0000 (05:23 -0700)]
Reland "[heap] Introduce parallel compaction algorithm."

This reverts commit 7a0a0b8b85e4cdf06795ffea01855b345776b932.

- The number of parallel tasks is still 1, i.e., we only compact on the main
  thread.
- Remove emergency memory (PagedSpace, and CodeRange)
- Introduce partial compaction of pages.
- Logic for multiple tasks is in place.

BUG=chromium:524425
LOG=N

Review URL: https://codereview.chromium.org/1356533002

Cr-Commit-Position: refs/heads/master@{#30796}

9 years agoRevert of [test] Fix cctest path separators on Windows (patchset #2 id:20001 of https...
jkummerow [Thu, 17 Sep 2015 12:00:13 +0000 (05:00 -0700)]
Revert of [test] Fix cctest path separators on Windows (patchset #2 id:20001 of https://codereview.chromium.org/1348653003/ )

Reason for revert:
mozilla tests are failing on Windows

Original issue's description:
> [test] Fix cctest path separators on Windows
>
> Now run-tests.py understands "suite/foo/bar" with forward slashes for
> command-line test selection on all test suites on all platforms.
>
> Previously, file-based suites like mjsunit also accepted "mjsunit/foo\bar";
> that behavior is sacrificed here in favor of unification. For the cctest
> suite, OTOH, it wasn't possible on Windows to select specific tests at all.
>
> Committed: https://crrev.com/b36cfdb39ae648b49a1396c4f669df9b1f57996c
> Cr-Commit-Position: refs/heads/master@{#30794}

TBR=machenbach@google.com,machenbach@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1349163002

Cr-Commit-Position: refs/heads/master@{#30795}

9 years ago[test] Fix cctest path separators on Windows
jkummerow [Thu, 17 Sep 2015 11:23:56 +0000 (04:23 -0700)]
[test] Fix cctest path separators on Windows

Now run-tests.py understands "suite/foo/bar" with forward slashes for
command-line test selection on all test suites on all platforms.

Previously, file-based suites like mjsunit also accepted "mjsunit/foo\bar";
that behavior is sacrificed here in favor of unification. For the cctest
suite, OTOH, it wasn't possible on Windows to select specific tests at all.

Review URL: https://codereview.chromium.org/1348653003

Cr-Commit-Position: refs/heads/master@{#30794}

9 years agoRevert of [runtime] Initial step towards switching Execution::Call to callable. ...
machenbach [Thu, 17 Sep 2015 10:11:37 +0000 (03:11 -0700)]
Revert of [runtime] Initial step towards switching Execution::Call to callable. (patchset #1 id:1 of https://codereview.chromium.org/1353723002/ )

Reason for revert:
[Sheriff] Causes a dcheck failure in layout tests (and some test changes in release):
https://storage.googleapis.com/chromium-layout-test-archives/V8-Blink_Linux_64__dbg_/1442/layout-test-results/virtual/android/fullscreen/api/element-request-fullscreen-top-stderr.txt
from
http://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064%20%28dbg%29/builds/1442

Original issue's description:
> [runtime] Initial step towards switching Execution::Call to callable.
>
> Currently Execution::Call (and friends) still duplicate a lot of the
> Call sequence logic that should be encapsulated in the Call and
> CallFunction builtins. So the plan now is to switch Execution::Call
> to accept any Callable and just pass that through to the Call builtin.
>
> CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_dbg
> R=jarin@chromium.org
> BUG=v8:4413
> LOG=n
>
> Committed: https://crrev.com/359645f48156e15f235e9a9ede7910e0bcd9ae45
> Cr-Commit-Position: refs/heads/master@{#30791}

TBR=jarin@chromium.org,bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4413

Review URL: https://codereview.chromium.org/1346763005

Cr-Commit-Position: refs/heads/master@{#30793}

9 years agoFix temp_zone scoping when parsing inner function literals
conradw [Thu, 17 Sep 2015 09:38:22 +0000 (02:38 -0700)]
Fix temp_zone scoping when parsing inner function literals

BUG=v8:4392
LOG=Y

Review URL: https://codereview.chromium.org/1354523003

Cr-Commit-Position: refs/heads/master@{#30792}

9 years ago[runtime] Initial step towards switching Execution::Call to callable.
bmeurer [Thu, 17 Sep 2015 09:05:28 +0000 (02:05 -0700)]
[runtime] Initial step towards switching Execution::Call to callable.

Currently Execution::Call (and friends) still duplicate a lot of the
Call sequence logic that should be encapsulated in the Call and
CallFunction builtins. So the plan now is to switch Execution::Call
to accept any Callable and just pass that through to the Call builtin.

CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_dbg
R=jarin@chromium.org
BUG=v8:4413
LOG=n

Review URL: https://codereview.chromium.org/1353723002

Cr-Commit-Position: refs/heads/master@{#30791}

9 years agoIntersection of certain constants with bitsets was wrongly non-empty.
neis [Thu, 17 Sep 2015 08:51:58 +0000 (01:51 -0700)]
Intersection of certain constants with bitsets was wrongly non-empty.

R=jarin
BUG=

Review URL: https://codereview.chromium.org/1343933002

Cr-Commit-Position: refs/heads/master@{#30790}

9 years ago[heap] Inline record slot methods.
hpayer [Thu, 17 Sep 2015 08:44:06 +0000 (01:44 -0700)]
[heap] Inline record slot methods.

BUG=chromium:532784
LOG=n

Review URL: https://codereview.chromium.org/1347363002

Cr-Commit-Position: refs/heads/master@{#30789}

9 years agoRevert of [heap] Introduce parallel compaction algorithm. (patchset #9 id:160001...
mlippautz [Thu, 17 Sep 2015 07:58:18 +0000 (00:58 -0700)]
Revert of [heap] Introduce parallel compaction algorithm. (patchset #9 id:160001 of https://codereview.chromium.org/1343333002/ )

Reason for revert:
Check failed: https://chromegw.corp.google.com/i/client.v8/builders/V8%20Win64/builds/5535/steps/Check%20%28flakes%29/logs/IndependentWeakHandle

Original issue's description:
> [heap] Introduce parallel compaction algorithm.
>
> - The number of parallel tasks is still 1, i.e., we only compact on the main
>   thread.
> - Remove emergency memory (PagedSpace, and CodeRange)
> - Introduce partial compaction of pages.
> - Logic for multiple tasks is in place.
>
> BUG=chromium:524425
> LOG=N
>
> Committed: https://crrev.com/61ea4f55616d3f7bc2ce049a678f16f7475e03e0
> Cr-Commit-Position: refs/heads/master@{#30787}

TBR=hpayer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:524425

Review URL: https://codereview.chromium.org/1347873003

Cr-Commit-Position: refs/heads/master@{#30788}

9 years ago[heap] Introduce parallel compaction algorithm.
mlippautz [Thu, 17 Sep 2015 07:35:59 +0000 (00:35 -0700)]
[heap] Introduce parallel compaction algorithm.

- The number of parallel tasks is still 1, i.e., we only compact on the main
  thread.
- Remove emergency memory (PagedSpace, and CodeRange)
- Introduce partial compaction of pages.
- Logic for multiple tasks is in place.

BUG=chromium:524425
LOG=N

Review URL: https://codereview.chromium.org/1343333002

Cr-Commit-Position: refs/heads/master@{#30787}

9 years agoRevert "[profiler] Make no frame region detection code more robust", "Fix ASAN after...
bmeurer [Thu, 17 Sep 2015 06:31:12 +0000 (23:31 -0700)]
Revert "[profiler] Make no frame region detection code more robust", "Fix ASAN after r30777" and "Fix MSAN warning after r30777 (try 2)"

This reverts commits 12c7bc9a226859c3200609495689592a675a21af,
cb0b3592258173c4d20e1500cbd5731e15b9e8b1, and
a6e00c6a9f5a8abf2747293d7452dd0cf572c99e, because they introduced weird
flaky crashes in random places now at least in the arm simulator, where
it see that quite often now on different change sets, i.e. see

http://build.chromium.org/p/tryserver.v8/builders/v8_linux_arm_rel/builds/8138/steps/Check%20%28flakes%29/logs/LoadICFastApi_DirectC..

and

https://chromegw.corp.google.com/i/client.v8/builders/V8%20Linux%20-%20mipsel%20-%20sim/builds/2566/steps/Check%20%28flakes%29/logs/LoadICFastApi_DirectC..

for example.

TBR=alph@chromium.org
BUG=chromium:529931
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
LOG=N

Review URL: https://codereview.chromium.org/1354573002

Cr-Commit-Position: refs/heads/master@{#30786}

9 years agoFix MSAN warning after r30777 (try 2)
alph [Thu, 17 Sep 2015 05:41:01 +0000 (22:41 -0700)]
Fix MSAN warning after r30777 (try 2)

TBR=bmeurer,yurys
NOTRY=true

Review URL: https://codereview.chromium.org/1348493003

Cr-Commit-Position: refs/heads/master@{#30785}

9 years ago[tubofan] Greedy: groupper -> grouper.
mtrofin [Thu, 17 Sep 2015 03:54:57 +0000 (20:54 -0700)]
[tubofan] Greedy: groupper -> grouper.

Small spelling fix.

Review URL: https://codereview.chromium.org/1352673002

Cr-Commit-Position: refs/heads/master@{#30784}

9 years ago[turbofan] Greedy: faster compile time.
mtrofin [Thu, 17 Sep 2015 03:53:43 +0000 (20:53 -0700)]
[turbofan] Greedy: faster compile time.

Avoiding unnecessarily traversing conflicts when doing weight
comparisons. This reduced compile time regressions from a few
multiples to under 10% - at least for zlib.

Review URL: https://codereview.chromium.org/1346263004

Cr-Commit-Position: refs/heads/master@{#30783}

9 years agoUpdate V8 DEPS.
v8-autoroll [Thu, 17 Sep 2015 03:26:17 +0000 (20:26 -0700)]
Update V8 DEPS.

Rolling v8/tools/clang to eea56c7ed84778edadbcd43f06793b0311a56b28

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review URL: https://codereview.chromium.org/1350993003

Cr-Commit-Position: refs/heads/master@{#30782}

9 years agoX87: Reland VectorICs: ia32 store ics need a virtual register.
chunyang.dai [Thu, 17 Sep 2015 01:25:23 +0000 (18:25 -0700)]
X87: Reland VectorICs: ia32 store ics need a virtual register.

port 1e00bb57a2969e3e428a1d552116752a95c06022 (r30737).

original commit message:

    (reason for revert/reland: patch incorrectly left --vector-stores flag
     on, helpfully revealing some gcstress issues to look at, but they
     don't need to block this CL).

    Some pretty hacky code was used to carry out the tail-call
    handler dispatch on ia32 vector stores due to a lack
    of free registers. It really tanks performance. A better
    approach is to use a virtual register on the isolate.

BUG=

Review URL: https://codereview.chromium.org/1344383002

Cr-Commit-Position: refs/heads/master@{#30781}

9 years agoX87: [runtime] Replace the EQUALS builtin with proper Object::Equals.
chunyang.dai [Thu, 17 Sep 2015 01:21:46 +0000 (18:21 -0700)]
X87: [runtime] Replace the EQUALS builtin with proper Object::Equals.

port 54bab695f5de5bf5948c5b50b217628a00d60f91 (r30747).

original commit message:

    Move the implementation of the Abstract Equality Comparison to the
    runtime and thereby remove the EQUALS dispatcher builtin. Also remove
    the various runtime entry points that were only used to support the
    EQUALS builtin.

    Now the Abstract Equality Comparison is also using the correct
    ToPrimitive implementation, which properly supports @@toPrimitive.

BUG=

Review URL: https://codereview.chromium.org/1349623002

Cr-Commit-Position: refs/heads/master@{#30780}

9 years agoFix ASAN after r30777
alph [Thu, 17 Sep 2015 00:56:33 +0000 (17:56 -0700)]
Fix ASAN after r30777

TBR=bmeurer,yurys
NOTRY=true

Review URL: https://codereview.chromium.org/1349953002

Cr-Commit-Position: refs/heads/master@{#30779}

9 years agoimprove allocation accounting for incremental mark
ofrobots [Thu, 17 Sep 2015 00:55:24 +0000 (17:55 -0700)]
improve allocation accounting for incremental mark

Add an assertion that allocated_bytes >= 0 in IncrementalMark::Step and then
make it pass. We were not being diligent in maintaining top_on_previous_step_
and as a result inaccurate, and even negative values of allocated_bytes were
being reported to Step.

BUG=
R=hpayer@chromium.org

Review URL: https://codereview.chromium.org/1274453002

Cr-Commit-Position: refs/heads/master@{#30778}

9 years ago[profiler] Make no frame region detection code more robust
alph [Thu, 17 Sep 2015 00:12:08 +0000 (17:12 -0700)]
[profiler] Make no frame region detection code more robust

Upon collection of the stack trace if the current PC falls into
the frame building code, the top frame might be in a non-consistent
state. That leads to some of the frames could be missing from the
stack trace.

The patch makes it check instructions under current PC and if they
look like the frame setup/destroy code, it skips the entire sample.

Support for x86/x64

BUG=chromium:529931
LOG=N

Review URL: https://codereview.chromium.org/1341413002

Cr-Commit-Position: refs/heads/master@{#30777}

9 years ago[turbofan] Greedy: small fix in groupping algo.
mtrofin [Wed, 16 Sep 2015 21:43:19 +0000 (14:43 -0700)]
[turbofan] Greedy: small fix in groupping algo.

This is a performance bug, not a functional bug: we were
losing grouping opportunities.

BUG=

Review URL: https://codereview.chromium.org/1342243003

Cr-Commit-Position: refs/heads/master@{#30776}

9 years ago[cleanup] refactor ParsePropertyDefinition for clarity
caitpotter88 [Wed, 16 Sep 2015 21:27:19 +0000 (14:27 -0700)]
[cleanup] refactor ParsePropertyDefinition for clarity

Some cleanup of ParsePropertyDefinition --- Replaces certain hacks with
more structured, clean code, and adds additional comments to aid in
comprehension of this tricky area of the ambiguous recursive descent
parser.

BUG=v8:3583
LOG=N
R=adamk, aperez, wingo, rossberg

Review URL: https://codereview.chromium.org/1348773004

Cr-Commit-Position: refs/heads/master@{#30775}

9 years agoDisallow Object.observe calls on access-checked objects
adamk [Wed, 16 Sep 2015 21:19:21 +0000 (14:19 -0700)]
Disallow Object.observe calls on access-checked objects

We already disallowed observing the global proxy; now we also
disallow any observation of access-checked objects (regardless
of whether the access check would succeed or fail, since there's
not a good way to tell the embedder what kind of access is being
requested).

Also disallow Object.getNotifier for the same reasons.

BUG=chromium:531891
LOG=y

Review URL: https://codereview.chromium.org/1346813002

Cr-Commit-Position: refs/heads/master@{#30774}

9 years agoImplement V8 extras utils object
domenic [Wed, 16 Sep 2015 21:00:45 +0000 (14:00 -0700)]
Implement V8 extras utils object

This adds a utils object meant specifically for V8 extras, presenting a limited
API surface for doing things that would otherwise require %-functions.

BUG=v8:4276
LOG=Y
R=jochen@chromium.org,yangguo@chromium.org

Review URL: https://codereview.chromium.org/1343113003

Cr-Commit-Position: refs/heads/master@{#30773}

9 years agoES6: Array.prototype.slice and friends should use ToLength instead of ToUint32
aperez [Wed, 16 Sep 2015 18:01:38 +0000 (11:01 -0700)]
ES6: Array.prototype.slice and friends should use ToLength instead of ToUint32

Defines a new --harmony-tolength flag, and a ToLengthFlagged() runtime function,
that is used where ES6 requires ToLength(), but a pre-ES6 conversion existed
before. When the flag is disabled, the function uses TO_UINT32(), which is
the pre-ES6 behaviour. When the flag enabled, the ES6-compliant ToLength()
conversion is used.

Based on a patch initially from Diego Pino <dpino@igalia.com>

BUG=v8:3087
LOG=Y

Review URL: https://codereview.chromium.org/1309243003

Cr-Commit-Position: refs/heads/master@{#30772}

9 years ago[objects] do not visit ArrayBuffer's backing store
fedor [Wed, 16 Sep 2015 17:27:40 +0000 (10:27 -0700)]
[objects] do not visit ArrayBuffer's backing store

ArrayBuffer's backing store is a pointer to external heap, and can't be
treated as a heap object. Doing so will result in crashes, when the
backing store is unaligned.

See: https://github.com/nodejs/node/issues/2791

BUG=chromium:530531
R=mlippautz@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/1327403002

Cr-Commit-Position: refs/heads/master@{#30771}

9 years ago[es6] Optimize TypedArray.subarray()
karl [Wed, 16 Sep 2015 16:21:33 +0000 (09:21 -0700)]
[es6] Optimize TypedArray.subarray()

````
var array = new Uint8Array(65000);
var startDate = Date.now();
var counter = 0;
while (counter++ < 50000000) {
  array.subarray(start, end);
}
var endDate = Date.now();
print(endDate - startDate);
````

4200 ms -> 3500 ms (16.67%)

BUG=

Review URL: https://codereview.chromium.org/1331993004

Cr-Commit-Position: refs/heads/master@{#30770}

9 years ago[es6] support `get` and `set` in shorthand properties
caitpotter88 [Wed, 16 Sep 2015 16:01:47 +0000 (09:01 -0700)]
[es6] support `get` and `set` in shorthand properties

Add support for `get` and `set` as shorthand properties. Also
supports them for CoverInitializedName in BindingPatterns and (once implemented)
AssignmentPatterns.

BUG=v8:4412, v8:3584
LOG=N
R=adamk, aperez, wingo, rossberg

Review URL: https://codereview.chromium.org/1328083002

Cr-Commit-Position: refs/heads/master@{#30769}

9 years agoExtra code to diagnose a crash bug.
mvstanton [Wed, 16 Sep 2015 15:38:37 +0000 (08:38 -0700)]
Extra code to diagnose a crash bug.

This will catch an invalid receiver before being passed to a load ic miss
handler in the runtime.

BUG=
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1351493002

Cr-Commit-Position: refs/heads/master@{#30768}

9 years agoRemove --pretenure-call-new
mvstanton [Wed, 16 Sep 2015 15:12:24 +0000 (08:12 -0700)]
Remove --pretenure-call-new

There isn't a plan to turn it on soon, so we'll take it out in favor of cleaner code.

BUG=

Review URL: https://codereview.chromium.org/1202173002

Cr-Commit-Position: refs/heads/master@{#30767}

9 years ago[turbofan] Make arguments object materialization inlinable.
mstarzinger [Wed, 16 Sep 2015 13:04:25 +0000 (06:04 -0700)]
[turbofan] Make arguments object materialization inlinable.

This makes sure that the arguments object materialization in the method
prologue is composable with respect to inlining. The generic runtime
functions materializing those objects now respect the deoptimization
information when reconstructing the original arguments.

R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/1340313003

Cr-Commit-Position: refs/heads/master@{#30766}

9 years agoMIPS: Fixing floating point register clobbering
ivica.bogosavljevic [Wed, 16 Sep 2015 12:15:15 +0000 (05:15 -0700)]
MIPS: Fixing floating point register clobbering

Fixing floating point register clobbering for MIPSr6 (32 and 64)
due to using of f31 floating point register as double compare register,
without saving the value of the register before using it.

TEST=cctest/test-debug/*
BUG=

Review URL: https://codereview.chromium.org/1346623002

Cr-Commit-Position: refs/heads/master@{#30765}

9 years ago[turbofan] Get rid of type lower bounds.
jarin [Wed, 16 Sep 2015 11:55:27 +0000 (04:55 -0700)]
[turbofan] Get rid of type lower bounds.

Review URL: https://codereview.chromium.org/1348073002

Cr-Commit-Position: refs/heads/master@{#30764}

9 years agoAvoid excessive data copying for ExternalStreamingStream::SetBookmark.
vogelheim [Wed, 16 Sep 2015 11:37:04 +0000 (04:37 -0700)]
Avoid excessive data copying for ExternalStreamingStream::SetBookmark.

BUG=v8:4422
R=jochen@chromium.org
LOG=Y

Review URL: https://codereview.chromium.org/1346613002

Cr-Commit-Position: refs/heads/master@{#30763}

9 years ago[builtins] Also simplify the Symbol constructor.
bmeurer [Wed, 16 Sep 2015 11:35:15 +0000 (04:35 -0700)]
[builtins] Also simplify the Symbol constructor.

No need to rely on the %_IsConstructCall magic here, we can just
implement the Symbol constructor in C++ altogether (it was just a
stupid wrapper around %CreateSymbol anyway).

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1349643002

Cr-Commit-Position: refs/heads/master@{#30762}

9 years ago[turbofan] Add inlining guards to Runtime_NewArguments.
mstarzinger [Wed, 16 Sep 2015 11:32:54 +0000 (04:32 -0700)]
[turbofan] Add inlining guards to Runtime_NewArguments.

This adds debug code that makes sure that the runtime functions that
materialize arguments objects, {Runtime_New[Sloppy|Strict]Arguments},
are not being called from within an inlined scope. They would produce
wrong results and we should avoid producing code that does this.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1343763002

Cr-Commit-Position: refs/heads/master@{#30761}

9 years agoReland of "[heap] Concurrency support for heap book-keeping info"
mlippautz [Wed, 16 Sep 2015 11:18:07 +0000 (04:18 -0700)]
Reland of "[heap] Concurrency support for heap book-keeping info"

Adds concurrency support for:
- MemoryChunk: Fragmentation counters
- MemoryChunk: High-water mark
- MemoryAllocator: Lowest and highest ever allocated addresses, size, and
  capacity

R=hpayer@chromium.org
BUG=chromium:524425
LOG=N

This reverts commit 0db34dbe8111f8670c82bb4c42110400a9050d08.

BUG=

Review URL: https://codereview.chromium.org/1346973002

Cr-Commit-Position: refs/heads/master@{#30760}

9 years ago[builtins] Unify the String constructor.
bmeurer [Wed, 16 Sep 2015 10:44:36 +0000 (03:44 -0700)]
[builtins] Unify the String constructor.

Implement the String constructor completely as native builtin,
avoiding the need to do gymnastics in JavaScript builtin to
properly detect the no argument case (which is different from
the undefined argument case) and also allowing to just
tailcall through to ToString or SymbolDescriptiveString for
the common case. Also the JavaScript builtin was misleading
since the case for construct call was unused, but could be
triggered in a wrong way once we support tail calls from
constructor functions.

This refactoring allows us to properly implement subclassing
for String builtins, once we have the correct initial_map on
derived classes (it's merely a matter of using NewTarget
instead of the target register now).

This introduces a new %SymbolDescriptiveString runtime
entry, which is also used by Symbol.toString() now.

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1344893002

Cr-Commit-Position: refs/heads/master@{#30759}

9 years agoVector ICs: Hook up vectors in platform builtins to their SharedFunctionInfos.
mvstanton [Wed, 16 Sep 2015 10:08:50 +0000 (03:08 -0700)]
Vector ICs: Hook up vectors in platform builtins to their SharedFunctionInfos.

BUG=v8:4423
LOG=N

Review URL: https://codereview.chromium.org/1342013003

Cr-Commit-Position: refs/heads/master@{#30758}