dslomov [Wed, 25 Mar 2015 12:51:59 +0000 (05:51 -0700)]
Test for access checks on super assignments.
R=verwaest@chromium.org
BUG=chromium:470113
LOG=N
Review URL: https://codereview.chromium.org/
1034523002
Cr-Commit-Position: refs/heads/master@{#27438}
mstarzinger [Wed, 25 Mar 2015 12:43:38 +0000 (05:43 -0700)]
[turbofan] Remove obsolete JSDebugger operator.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/
1029583009
Cr-Commit-Position: refs/heads/master@{#27437}
dcarney [Wed, 25 Mar 2015 12:34:01 +0000 (05:34 -0700)]
fix nonmasking interceptor ic with interceptor on receiver
TBR=verwaest@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1036843002
Cr-Commit-Position: refs/heads/master@{#27436}
mvstanton [Wed, 25 Mar 2015 11:15:14 +0000 (04:15 -0700)]
VectorICs: Address test-heap TODOS
Tests for non-clearing of weak cells in LoadICs weren't running when
vector ICs are enabled.
R=ulan@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1032843002
Cr-Commit-Position: refs/heads/master@{#27435}
fedor [Wed, 25 Mar 2015 10:09:58 +0000 (03:09 -0700)]
postmortem: fixup after 33994b4
This commit has changed the enum names:
33994b4a22834efb26620ffa3053a5d15d48a6bd
`FIELD` is now called `DATA`.
BUG=
R=danno
Review URL: https://codereview.chromium.org/
1033733003
Cr-Commit-Position: refs/heads/master@{#27434}
ulan [Wed, 25 Mar 2015 08:52:51 +0000 (01:52 -0700)]
Reland "Filter invalid slots out from the SlotsBuffer after marking."
> There are two reasons that could cause invalid slots appearance in SlotsBuffer:
> 1) If GC trims "tail" of an array for which it has already recorded a slots and then migrate another object to the "tail".
> 2) Tagged slot could become a double slot after migrating of an object to another map with "shifted" fields (for example as a result of generalizing immutable data property to a data field).
> This CL also adds useful machinery that helps triggering incremental write barriers.
> BUG=chromium:454297
> LOG=Y
NOTRY=true
Review URL: https://codereview.chromium.org/
1032833002
Cr-Commit-Position: refs/heads/master@{#27433}
yangguo [Wed, 25 Mar 2015 07:40:05 +0000 (00:40 -0700)]
Revert of [turbofan] Enable --turbo-osr. (patchset #1 id:1 of https://codereview.chromium.org/
1035643002/)
Reason for revert:
Crash in pdfjs benchmark.
Original issue's description:
> [turbofan] Enable --turbo-osr.
>
> R=yangguo@chromium.org
> BUG=
>
> Committed: https://crrev.com/
50305aac39f90b6455305313db56ff3365ec96f5
> Cr-Commit-Position: refs/heads/master@{#27431}
TBR=titzer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/
1005163003
Cr-Commit-Position: refs/heads/master@{#27432}
Ben L. Titzer [Wed, 25 Mar 2015 07:29:09 +0000 (08:29 +0100)]
[turbofan] Enable --turbo-osr.
R=yangguo@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1035643002
Cr-Commit-Position: refs/heads/master@{#27431}
michael_dawson [Wed, 25 Mar 2015 06:42:17 +0000 (23:42 -0700)]
PPC: VectorICs: keyed element loads were kicking out non-smi keys unnecessarily
Port
6689cc27ebe60685c025de9ae1f09919093f8213
Original commit message:
Handlers should be in charge of this work. The change uncovered a bug in
vector-ics related to keyed loads into strings. It's important for
StringCharCodeAtGenerator, a helper used in full code and in
LoadIndexedStringStub (a handler) to protect the vector and slot registers
when it makes a runtime call to convert a HeapNumber to a Smi.
It's still possible for the handler to MISS after this call, perhaps due
to out of bounds access. In that case, the vector and slot registers need
to be delivered safely to the MISS handler.
R=mbrandy@us.ibm.com, svenpanne@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1029413002
Cr-Commit-Position: refs/heads/master@{#27430}
chunyang.dai [Wed, 25 Mar 2015 06:41:10 +0000 (23:41 -0700)]
X87: [turbofan] Turn Math.clz32 into an inlinable builtin.
port
3aa206b86560da94f895625186295bf07a0301d8 (r27329)
original commit message:
BUG=
Review URL: https://codereview.chromium.org/
1022523005
Cr-Commit-Position: refs/heads/master@{#27429}
michael_dawson [Wed, 25 Mar 2015 06:40:02 +0000 (23:40 -0700)]
PPC: Fix 'PPC: Serializer: serialize internal references via object visitor.'
Port
56d2ee0310972119ec47810ee03a4f7077f7117e
Original commit message:
R=mbrandy@us.ibm.com
BUG=
Review URL: https://codereview.chromium.org/
1036453002
Cr-Commit-Position: refs/heads/master@{#27428}
machenbach [Tue, 24 Mar 2015 22:02:28 +0000 (15:02 -0700)]
Revert of Track how many pages trigger fallback strategies in GC (patchset #2 id:20001 of https://codereview.chromium.org/
1029323003/)
Reason for revert:
This seems to cause lots of crashes in layout tests debug:
../../third_party/WebKit/Source/bindings/core/v8/V8PerIsolateData.cpp(67) : void blink::useCounterCallback(v8::Isolate *, v8::Isolate::UseCounte
http://build.chromium.org/p/client.v8/builders/V8-Blink%20Linux%2064%20%28dbg%29/builds/2332
Original issue's description:
> Track how many pages trigger fallback strategies in GC
>
> R=hpayer@chromium.org
> BUG=
>
> Committed: https://crrev.com/
bb880058f6499510cff12d98dc7d524d35d769cb
> Cr-Commit-Position: refs/heads/master@{#27421}
TBR=hpayer@chromium.org,erikcorry@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/
1000523003
Cr-Commit-Position: refs/heads/master@{#27427}
machenbach [Tue, 24 Mar 2015 22:01:20 +0000 (15:01 -0700)]
Revert of Filter invalid slots out from the SlotsBuffer after marking. (patchset #6 id:220001 of https://codereview.chromium.org/
1010363005/)
Reason for revert:
Need to revert in order to revert https://codereview.chromium.org/
1029323003/
Original issue's description:
> Filter invalid slots out from the SlotsBuffer after marking.
>
> There are two reasons that could cause invalid slots appearance in SlotsBuffer:
> 1) If GC trims "tail" of an array for which it has already recorded a slots and then migrate another object to the "tail".
> 2) Tagged slot could become a double slot after migrating of an object to another map with "shifted" fields (for example as a result of generalizing immutable data property to a data field).
>
> This CL also adds useful machinery that helps triggering incremental write barriers.
>
> BUG=chromium:454297
> LOG=Y
>
> Committed: https://crrev.com/
5c47c1c0d3e4a488f190c16a64ee02f5a14e6561
> Cr-Commit-Position: refs/heads/master@{#27423}
TBR=hpayer@chromium.org,erik.corry@gmail.com,ishell@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:454297
Review URL: https://codereview.chromium.org/
1033453005
Cr-Commit-Position: refs/heads/master@{#27426}
titzer [Tue, 24 Mar 2015 19:02:48 +0000 (12:02 -0700)]
Set test expectations prior to enabling --turbo-osr.
R=mstarzinger@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1018513003
Cr-Commit-Position: refs/heads/master@{#27425}
dslomov [Tue, 24 Mar 2015 17:16:45 +0000 (10:16 -0700)]
Do not assign positions to parser-generated desugarings.
The root cause for the bug is that the positions assigned to desugared
code was inconsistent with the source ranges of block scopes.
Since the fact that the position is assigned causes the debugger to
break at the parser-generated statement, the fix is to remove positions
from those nodes that we do not want to break on.
The CL also teaches Hydrogen to tolerate these cases.
R=adamk@chromium.org,rossberg@chromium.org
BUG=chromium:468661
LOG=Y
Review URL: https://codereview.chromium.org/
1032653002
Cr-Commit-Position: refs/heads/master@{#27424}
ishell [Tue, 24 Mar 2015 17:07:31 +0000 (10:07 -0700)]
Filter invalid slots out from the SlotsBuffer after marking.
There are two reasons that could cause invalid slots appearance in SlotsBuffer:
1) If GC trims "tail" of an array for which it has already recorded a slots and then migrate another object to the "tail".
2) Tagged slot could become a double slot after migrating of an object to another map with "shifted" fields (for example as a result of generalizing immutable data property to a data field).
This CL also adds useful machinery that helps triggering incremental write barriers.
BUG=chromium:454297
LOG=Y
Review URL: https://codereview.chromium.org/
1010363005
Cr-Commit-Position: refs/heads/master@{#27423}
marja [Tue, 24 Mar 2015 16:46:53 +0000 (09:46 -0700)]
[strong] Check strong mode free variables against the global object.
Gather references to unbound variables where the reference (VariableProxy) is
inside strong mode. Check them against the global object when a script is bound
to a context (during compilation).
This CL only checks unbound variables which are not inside lazy functions - TBD
how do we solve that; alternatives: add developer mode which disables laziness /
do the check whenever lazy functions are really compiled.
BUG=v8:3956
LOG=N
Review URL: https://codereview.chromium.org/
1005063002
Cr-Commit-Position: refs/heads/master@{#27422}
erikcorry [Tue, 24 Mar 2015 16:17:42 +0000 (09:17 -0700)]
Track how many pages trigger fallback strategies in GC
R=hpayer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1029323003
Cr-Commit-Position: refs/heads/master@{#27421}
dcarney [Tue, 24 Mar 2015 16:09:59 +0000 (09:09 -0700)]
fix attribute lookup for all can read indexed interceptors
R=verwaest@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1034513002
Cr-Commit-Position: refs/heads/master@{#27420}
aandrey [Tue, 24 Mar 2015 16:02:03 +0000 (09:02 -0700)]
Make debugger step into bound callbacks passed to Array.forEach.
BUG=chromium:450004
R=yangguo@chromium.org, kozyatinskiy@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/
1030673002
Cr-Commit-Position: refs/heads/master@{#27419}
titzer [Tue, 24 Mar 2015 15:38:20 +0000 (08:38 -0700)]
[turbofan] Macro-ify the tracing code in RegisterAllocator.
R=mstarzinger@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1014093008
Cr-Commit-Position: refs/heads/master@{#27418}
mvstanton [Tue, 24 Mar 2015 15:37:14 +0000 (08:37 -0700)]
Prevent leaks of cross context maps in the Oracle.
Some code in type-info.cc could allow a cross context map to be visible to
crankshaft. Tighten up this code to be certain that only a JSFunction, an
AllocationSite or a Symbol can be returned.
R=verwaest@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1026343004
Cr-Commit-Position: refs/heads/master@{#27417}
Michael Achenbach [Tue, 24 Mar 2015 15:33:56 +0000 (16:33 +0100)]
Move entire CQ config to the V8 repository
R=machenbach@chromium.org
BUG=408675
LOG=n
NOTRY=true
Review URL: https://codereview.chromium.org/
1025553007
Cr-Commit-Position: refs/heads/master@{#27416}
svenpanne [Tue, 24 Mar 2015 15:20:46 +0000 (08:20 -0700)]
Added %_HeapObjectGetMap and %_MapGetInstanceType intrinsics.
These are needed (among other things) for a TurboFan-generated
StringAddStub. Furthermore, they can be used to nuke the overly
complex %_IsInstanceType intrisic, it's completely expressible in
JavaScript now, but that will be done in a separate CL.
Alpha-sorted things a bit on the way to ease navigation.
Review URL: https://codereview.chromium.org/
1010973010
Cr-Commit-Position: refs/heads/master@{#27415}
erikcorry [Tue, 24 Mar 2015 15:02:21 +0000 (08:02 -0700)]
Fix OOM bug 3976.
Also introduce --trace-fragmentation-verbose, and fix --always-compact.
R=ulan@chromium.org
BUG=v8:3976
LOG=y
Review URL: https://codereview.chromium.org/
1024823002
Cr-Commit-Position: refs/heads/master@{#27414}
titzer [Tue, 24 Mar 2015 15:01:13 +0000 (08:01 -0700)]
[turbofan] Address minor TODOs in simplified lowering.
R=jarin@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1029843002
Cr-Commit-Position: refs/heads/master@{#27413}
ulan [Tue, 24 Mar 2015 14:35:55 +0000 (07:35 -0700)]
Reload length of retained_maps array after GC.
This fixes flaky GC stress failure:
> Fatal error in ../src/heap/mark-compact.cc, line 2127
> Check failed: retained_maps->Get(i)->IsWeakCell().
BUG=
TEST=test-heap/RegressArrayListGC
Review URL: https://codereview.chromium.org/
1026113004
Cr-Commit-Position: refs/heads/master@{#27412}
mstarzinger [Tue, 24 Mar 2015 14:17:05 +0000 (07:17 -0700)]
Remove CompilationInfoWithZone from public API.
This removes the CompilationInfoWithZone class from the header file
because it is more than a pure convenience class and shouldn't be used
outside of the compiler at all.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/
1000353004
Cr-Commit-Position: refs/heads/master@{#27411}
titzer [Tue, 24 Mar 2015 14:09:33 +0000 (07:09 -0700)]
[turbofan] Address minor TODOs in instruction selector.
R=dcarney@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1029383002
Cr-Commit-Position: refs/heads/master@{#27410}
titzer [Tue, 24 Mar 2015 14:05:21 +0000 (07:05 -0700)]
[turbofan] Remove Instruction::IsControl() and Instruction::MarkAsControl()
R=dcarney@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1031803004
Cr-Commit-Position: refs/heads/master@{#27409}
dcarney [Tue, 24 Mar 2015 13:36:44 +0000 (06:36 -0700)]
run phantom handle callbacks first
BUG=
Review URL: https://codereview.chromium.org/
1034473002
Cr-Commit-Position: refs/heads/master@{#27408}
dcarney [Tue, 24 Mar 2015 13:22:08 +0000 (06:22 -0700)]
fix disposal of phantom handles in GlobalValueMap
additionally, add a drive by fix to WeakCallbackInfo
R=jochen@chromium.org, erikcorry@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1026283004
Cr-Commit-Position: refs/heads/master@{#27407}
jarin [Tue, 24 Mar 2015 13:20:10 +0000 (06:20 -0700)]
Test for wrong arguments object materialization.
The test demonstrates a bad interaction between arguments object
materialization, escape analysis and exception handling.
We can return a wrong arguments object if we materialize arguments
object (using f.arguments) and then throw around f's frame so that f
does not clean up the materialized frame information (see the
MaterializedObjectStore in deoptimizer.h/.cc). If we enter another
function that has the same frame pointer and request an arguments object
of (or lazily deoptimize) that function, we can get the materialized
object of the original function.
We should clean up the materialized object store when we unwind the
stack.
BUG=v8:3985
LOG=n
Review URL: https://codereview.chromium.org/
1032623003
Cr-Commit-Position: refs/heads/master@{#27406}
titzer [Tue, 24 Mar 2015 13:17:24 +0000 (06:17 -0700)]
[turbofan] Add RegisterAllocator::NewLiveRange() utility method.
R=dcarney@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1036433002
Cr-Commit-Position: refs/heads/master@{#27405}
aperez [Tue, 24 Mar 2015 13:08:26 +0000 (06:08 -0700)]
Cleanups needed for this-scoping in arrow functions
Remove Variable::IsValidReference(), and the Variable::is_valid_ref_
member: This was "false" only for "this", and for internal variables.
For the first, VariableProxy::is_this() can be used for the check
instead; and for internal variables, it is guaranteed they they will
not be written to (because the V8 code does not do it, and they are
not accessible from JavaScript).
The "bool is_this" parameter of VariableProxy() constructor is
changed to use Variable::Kind. This will allow to later on adding
a parameter to create unresolved variables of any kind, which in
turn will be used to make references to "this" initially unresolved,
and use the existing variable resolution mechanics for "this".
BUG=v8:2700
LOG=N
Review URL: https://codereview.chromium.org/
1024703004
Cr-Commit-Position: refs/heads/master@{#27404}
loislo [Tue, 24 Mar 2015 12:46:13 +0000 (05:46 -0700)]
CpuProfiler: push the collected information about deopts to cpu profiler
it is the last patch of https://codereview.chromium.org/
1012633002
All that we need here is to push the collected info to the profiler
and convert it into actionable information about deopt.
On the Next: get the info accessible by embedder.
BUG=chromium:452067
LOG=n
TEST=DeoptAtFirstLevelInlinedSource, DeoptAtSecondLevelInlinedSource, DeoptUntrackedFunction
Review URL: https://codereview.chromium.org/
1013143003
Cr-Commit-Position: refs/heads/master@{#27403}
caitpotter88 [Tue, 24 Mar 2015 12:43:50 +0000 (05:43 -0700)]
[es6] call ToString() on template substitutions
BUG=v8:3980
R=arv@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/
1027183002
Cr-Commit-Position: refs/heads/master@{#27402}
titzer [Tue, 24 Mar 2015 12:40:01 +0000 (05:40 -0700)]
[turbofan] Rename Node::RemoveAllInputs() to Node::NullAllInputs().
R=mstarzinger@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1032553006
Cr-Commit-Position: refs/heads/master@{#27401}
erikcorry [Tue, 24 Mar 2015 12:16:11 +0000 (05:16 -0700)]
Fix out of date assert after PropertyCell enterbung
R=verwaest@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1028393002
Cr-Commit-Position: refs/heads/master@{#27400}
verwaest [Tue, 24 Mar 2015 12:05:45 +0000 (05:05 -0700)]
If CallNew targets a constant global, set its state to monomorphic
BUG=
Review URL: https://codereview.chromium.org/
1023103003
Cr-Commit-Position: refs/heads/master@{#27399}
machenbach [Tue, 24 Mar 2015 12:04:39 +0000 (05:04 -0700)]
Revert of [V8] Removed SourceLocationRestrict (patchset #3 id:40001 of https://codereview.chromium.org/
1022333004/)
Reason for revert:
[Sheriff] This seems to change layout test expectations of some tests, e.g.:
http://build.chromium.org/p/client.v8/builders/V8-Blink%20Linux%2064%20%28dbg%29/builds/2317
Expectation example:
https://storage.googleapis.com/chromium-layout-test-archives/V8-Blink_Linux_64__dbg_/2317/layout-test-results/fast/events/window-onerror-11-pretty-diff.html
Please add a needsmanualrebaseline expectation to the tests affected by this change on the blink side first before relanding.
Original issue's description:
> [V8] Removed SourceLocationRestrict
>
> This method uses in messages.js in GetSourceLine and GetPositionInLine. This methods uses in v8::Message API methods and there is no documentation about it.
> Method looks obsolete.
> One of the strange side effect is shown by attached issue.
>
> BUG=chromium:468781
> R=yangguo@chromium.org
> LOG=Y
>
> Committed: https://crrev.com/
b563ceac0f95551a128a1403cdbacc7aefcdabaf
> Cr-Commit-Position: refs/heads/master@{#27374}
TBR=yangguo@chromium.org,kozyatinskiy@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:468781
Review URL: https://codereview.chromium.org/
1028413002
Cr-Commit-Position: refs/heads/master@{#27398}
chunyang.dai [Tue, 24 Mar 2015 10:23:41 +0000 (03:23 -0700)]
X87: [stubs] Add missing interface descriptor for the CompareIC.
port
e18e3cd4d88f35f3690d2993ac1702b65edde54f (r27305)
original commit message:
[stubs] Add missing interface descriptor for the CompareIC.
BUG=
Review URL: https://codereview.chromium.org/
1024553007
Cr-Commit-Position: refs/heads/master@{#27397}
chunyang.dai [Tue, 24 Mar 2015 10:17:20 +0000 (03:17 -0700)]
X87: Serializer: serialize internal references via object visitor.
port
7c149afb6c875b1c53723384459dc14a0e961927 (r27275).
original commit message:
Serializer: serialize internal references via object visitor.
BUG=
Review URL: https://codereview.chromium.org/
1029793002
Cr-Commit-Position: refs/heads/master@{#27396}
chunyang.dai [Tue, 24 Mar 2015 10:10:49 +0000 (03:10 -0700)]
X87: Remove PropertyCell space
port
16c8485a35efc36cf6ccd15185282d65412e1502 (r27269).
original commit message:
Replaces StoreGlobalCell / LoadGlobalCell with NamedField variants that use write barriers.
BUG=
Review URL: https://codereview.chromium.org/
1013543004
Cr-Commit-Position: refs/heads/master@{#27395}
chunyang.dai [Tue, 24 Mar 2015 10:06:07 +0000 (03:06 -0700)]
X87: Use platform specific stubs for vector-based Load/KeyedLoad.
port
34a1a76ddf30109f7b6cb60aa2651493ab38660a (r27235)
original commit message:
A hydrogen code stub is not the best approach because it builds a frame
and doesn't have the technology to discard roots at tail call exits.
Platform-specific stubs provide much better performance at this point.
BUG=
Review URL: https://codereview.chromium.org/
1025073005
Cr-Commit-Position: refs/heads/master@{#27394}
jacob.bramley [Tue, 24 Mar 2015 09:51:30 +0000 (02:51 -0700)]
Revert "ARM64: use jssp for stack slots"
This reverts r21101. r21101 appears to be at fault for the ARM64
failures here: https://codereview.chromium.org/
1023103003
BUG=
Review URL: https://codereview.chromium.org/
1019393003
Cr-Commit-Position: refs/heads/master@{#27393}
michael_dawson [Tue, 24 Mar 2015 09:37:43 +0000 (02:37 -0700)]
PPC: [es6] implement Reflect.apply() & Reflect.construct()
Port
d21fd15467e16f185e511dbfbaeef7caddfe804a
Original commit message:
BUG=v8:3900
LOG=N
R=mbrandy@us.ibm.com, svenpanne@chromium.org, danno@chromium.org, jkummerow@chromium.org, dslomov@chromium.org
Review URL: https://codereview.chromium.org/
999613004
Cr-Commit-Position: refs/heads/master@{#27392}
michael_dawson [Tue, 24 Mar 2015 09:31:32 +0000 (02:31 -0700)]
PPC: [turbofan] Turn Math.clz32 into an inlinable builtin.
Port
3aa206b86560da94f895625186295bf07a0301d8
Original commit message:
R=dcarney@chromium.org, yangguo@chromium.org
BUG=v8:3952
LOG=n
R=mbrandy@us.ibm.com, svenpanne@chromium.org, danno@chromium.org, jkummerow@chromium.org
Review URL: https://codereview.chromium.org/
1028313003
Cr-Commit-Position: refs/heads/master@{#27391}
michael_dawson [Tue, 24 Mar 2015 09:27:21 +0000 (02:27 -0700)]
PPC: [es6] generate rest parameters correctly for subclass constructors
commit
bef80fcfd7e89cadc215f7d10a016a375e346490
Original commit message:
BUG=v8:3977
R=dslomov@chromium.org, arv@chromium.org
LOG=N
R=mbrandy@us.ibm.com, svenpanne@chromium.org, danno@chromium.org, jkummerow@chromium.org
Review URL: https://codereview.chromium.org/
1018043008
Cr-Commit-Position: refs/heads/master@{#27390}
yangguo [Tue, 24 Mar 2015 09:19:11 +0000 (02:19 -0700)]
Revert of [es6] Object.getPrototypeOf should work with values (patchset #3 id:40001 of https://codereview.chromium.org/
1014813003/)
Reason for revert:
Layout test failures. Please update layout test expectations before landing this, in order to not block the roll.
Original issue's description:
> [es6] Object.getPrototypeOf should work with values
>
> The final spec for Object.getPrototypeOf calls ToObject on the
> parameter, which means that it should only throw for null and
> undefined. For other non object values the prototype of the wrapper
> should be used.
>
> BUG=v8:3964
> LOG=N
> R=adamk, rossberg@chromium.org
>
> Committed: https://crrev.com/
ea463a916bbe5994b0d2d04e8075058b373b2e2c
> Cr-Commit-Position: refs/heads/master@{#27354}
TBR=adamk@chromium.org,rossberg@chromium.org,arv@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3964
Review URL: https://codereview.chromium.org/
1033623002
Cr-Commit-Position: refs/heads/master@{#27389}
michael_dawson [Tue, 24 Mar 2015 09:16:42 +0000 (02:16 -0700)]
PPC: Serializer: serialize internal references via object visitor.
Port
7c149afb6c875b1c53723384459dc14a0e961927
Original commit message:
R=mbrandy@us.ibm.com, svenpanne@chromium.org, danno@chromium.org, jkummerow@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1029723002
Cr-Commit-Position: refs/heads/master@{#27388}
michael_dawson [Tue, 24 Mar 2015 09:15:36 +0000 (02:15 -0700)]
PPC: Load from PropertyCells using PropertyCell::kValueOffset rather than Cell::kValueOffset
Port
dda2bd6f4f952c604ab836f04052684722480849
Original commit message:
R=mbrandy@us.ibm.com, svenpanne@chromium.org, danno@chromium.org, jkummerow@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1028323002
Cr-Commit-Position: refs/heads/master@{#27387}
jochen [Tue, 24 Mar 2015 08:29:52 +0000 (01:29 -0700)]
Remove calls to IdleNotification()
All users should use IdleNotificationDeadline() instead
BUG=none
R=hpayer@chromium.org
LOG=y
Review URL: https://codereview.chromium.org/
1028163003
Cr-Commit-Position: refs/heads/master@{#27386}
chunyang.dai [Tue, 24 Mar 2015 08:08:06 +0000 (01:08 -0700)]
X87: Remove kind field from StackHandler.
port
15f8213809a57c2a163b500a732c9ffe5160a41a (r27263)
original commit message:
This relands commit
96f79568a926966ebcf0685bf9adc947f4e1fbff.
This makes the Isolate::Throw logic not depend on a prediction of
whether an exception is caught or uncaught. Such a prediction is
inherently undecidable because a finally block can decide between
consuming or re-throwing an exception depending on arbitray control
flow.
There still is a conservative prediction mechanism in place that
components like the debugger or tracing can use for reporting.
With this change we can get rid of the StackHandler::kind field, a
pre-requisite to do table-based lookups of exception handlers.
BUG=
Review URL: https://codereview.chromium.org/
1027413002
Cr-Commit-Position: refs/heads/master@{#27385}
yurys [Tue, 24 Mar 2015 05:49:54 +0000 (22:49 -0700)]
Save heap object tracking data in heap snapshot
Every time embedder calls v8::HeapProfiler::GetHeapStats we store next unuassigned heap object id and timestamp of the request. This patch serializes all that data into heap snapshot so that embedder can restore allocation timeline.
BUG=chromium:467222
LOG=Y
Review URL: https://codereview.chromium.org/
1019813004
Cr-Commit-Position: refs/heads/master@{#27384}
akos.palfi [Mon, 23 Mar 2015 22:45:05 +0000 (15:45 -0700)]
MIPS64: VectorICs: keyed element loads were kicking out non-smi keys unnecessarily
Port
6689cc27ebe60685c025de9ae1f09919093f8213
Original commit message:
Handlers should be in charge of this work. The change uncovered a bug in
vector-ics related to keyed loads into strings. It's important for
StringCharCodeAtGenerator, a helper used in full code and in
LoadIndexedStringStub (a handler) to protect the vector and slot registers
when it makes a runtime call to convert a HeapNumber to a Smi.
It's still possible for the handler to MISS after this call, perhaps due
to out of bounds access. In that case, the vector and slot registers need
to be delivered safely to the MISS handler.
BUG=
Review URL: https://codereview.chromium.org/
1025303005
Cr-Commit-Position: refs/heads/master@{#27383}
michael_dawson [Mon, 23 Mar 2015 21:41:49 +0000 (14:41 -0700)]
PPC: Disinherit PropertyCell from Cell
Port
8c0d289772649217a55011133c0e481741618330
Original commit message:
R=mbrandy@us.ibm.com, svenpanne@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1019843003
Cr-Commit-Position: refs/heads/master@{#27382}
michael_dawson [Mon, 23 Mar 2015 21:32:43 +0000 (14:32 -0700)]
PPC: Remove kind field from StackHandler.
Port
15f8213809a57c2a163b500a732c9ffe5160a41a
Original commit message:
This relands commit
96f79568a926966ebcf0685bf9adc947f4e1fbff.
This makes the Isolate::Throw logic not depend on a prediction of
whether an exception is caught or uncaught. Such a prediction is
inherently undecidable because a finally block can decide between
consuming or re-throwing an exception depending on arbitray control
flow.
There still is a conservative prediction mechanism in place that
components like the debugger or tracing can use for reporting.
With this change we can get rid of the StackHandler::kind field, a
pre-requisite to do table-based lookups of exception handlers.
R=mbrandy@us.ibm.com, yangguo@chromium.org, svenpanne@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1016333002
Cr-Commit-Position: refs/heads/master@{#27381}
michael_dawson [Mon, 23 Mar 2015 21:31:34 +0000 (14:31 -0700)]
PPC: Remove PropertyCell space
Port
16c8485a35efc36cf6ccd15185282d65412e1502
Original commit message:
Replaces StoreGlobalCell / LoadGlobalCell with NamedField variants that use write barriers.
R=mbrandy@us.ibm.com, svenpanne@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1018333003
Cr-Commit-Position: refs/heads/master@{#27380}
verwaest [Mon, 23 Mar 2015 19:24:44 +0000 (12:24 -0700)]
Properly handle non-JSFunction constructors in CanRetainOtherContext
BUG=
Review URL: https://codereview.chromium.org/
1017263003
Cr-Commit-Position: refs/heads/master@{#27379}
mstarzinger [Mon, 23 Mar 2015 19:11:19 +0000 (12:11 -0700)]
Move CompilationInfo::this_has_uses to HGraph::this_has_uses.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/
1029643002
Cr-Commit-Position: refs/heads/master@{#27378}
mvstanton [Mon, 23 Mar 2015 18:50:12 +0000 (11:50 -0700)]
VectorICs: keyed element loads were kicking out non-smi keys unnecessarily
Handlers should be in charge of this work. The change uncovered a bug in
vector-ics related to keyed loads into strings. It's important for
StringCharCodeAtGenerator, a helper used in full code and in
LoadIndexedStringStub (a handler) to protect the vector and slot registers
when it makes a runtime call to convert a HeapNumber to a Smi.
It's still possible for the handler to MISS after this call, perhaps due
to out of bounds access. In that case, the vector and slot registers need
to be delivered safely to the MISS handler.
BUG=
Review URL: https://codereview.chromium.org/
1028093002
Cr-Commit-Position: refs/heads/master@{#27377}
mstarzinger [Mon, 23 Mar 2015 17:30:38 +0000 (10:30 -0700)]
Remove dangerous constructor from CompilationInfoWithZone.
This removes the stub-based constructor from CompilationInfoWithZone
as this class is more than a pure convenience class and only by chance
doesn't have an effect in the destructor.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/
1026513004
Cr-Commit-Position: refs/heads/master@{#27376}
ulan [Mon, 23 Mar 2015 17:16:05 +0000 (10:16 -0700)]
Acquire a lock before checking for GC interrupt in JSON parser.
BUG=
Review URL: https://codereview.chromium.org/
1025333002
Cr-Commit-Position: refs/heads/master@{#27375}
kozyatinskiy [Mon, 23 Mar 2015 16:33:02 +0000 (09:33 -0700)]
[V8] Removed SourceLocationRestrict
This method uses in messages.js in GetSourceLine and GetPositionInLine. This methods uses in v8::Message API methods and there is no documentation about it.
Method looks obsolete.
One of the strange side effect is shown by attached issue.
BUG=chromium:468781
R=yangguo@chromium.org
LOG=Y
Review URL: https://codereview.chromium.org/
1022333004
Cr-Commit-Position: refs/heads/master@{#27374}
dcarney [Mon, 23 Mar 2015 16:03:14 +0000 (09:03 -0700)]
[turbofan] add non fixed slot constraint to register allocator
R=jarin@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1018853003
Cr-Commit-Position: refs/heads/master@{#27373}
caitpotter88 [Mon, 23 Mar 2015 15:07:41 +0000 (08:07 -0700)]
[es5] call ToString() on argument in String.prototype.concat() fast case
15.5.4.6 5.b requires each part to be converted using ToString(). This also needs to occur in the single argument fast-case.
BUG=v8:3981
R=arv@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/
1029103002
Cr-Commit-Position: refs/heads/master@{#27372}
verwaest [Mon, 23 Mar 2015 14:58:58 +0000 (07:58 -0700)]
Remove reference to PropertyCellSpace from include/v8.h
BUG=
Review URL: https://codereview.chromium.org/
1009123003
Cr-Commit-Position: refs/heads/master@{#27371}
kozyatinskiy [Mon, 23 Mar 2015 14:50:57 +0000 (07:50 -0700)]
[V8] Added debug-sourceinfo.js with LF endings back
Readded after https://codereview.chromium.org/
1029063002/ with correct line endings.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/
1032443002
Cr-Commit-Position: refs/heads/master@{#27370}
titzer [Mon, 23 Mar 2015 14:48:16 +0000 (07:48 -0700)]
Move this_has_uses from ParseInfo back into CompilationInfo and renumber CompilationInfo flags.
R=svenpanne@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1028973002
Cr-Commit-Position: refs/heads/master@{#27369}
kozyatinskiy [Mon, 23 Mar 2015 14:31:33 +0000 (07:31 -0700)]
[V8] Removed debug-sourceinfo.js with CRLF line endings
We can't simple delete and add one file in one CL. This is necessary for replacing this test with version with LF line endings.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/
1029063002
Cr-Commit-Position: refs/heads/master@{#27368}
mstarzinger [Mon, 23 Mar 2015 14:25:45 +0000 (07:25 -0700)]
Make compiler more acceptive wrt Isolate::use_crankshaft.
This allows using %OptimizeFunctionOnNextCall and friends even when
Crankshaft is disabled. Note that this should only affect code paths
that are not relevant to performance. By now we have a single bailout
point in place within OptimizedCompileJob::CreateGraph that ensures
Crankshaft is only used when enabled and supported.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/
999173007
Cr-Commit-Position: refs/heads/master@{#27367}
titzer [Mon, 23 Mar 2015 14:08:19 +0000 (07:08 -0700)]
[turbofan] Fix control reducer bug with walking non-control edges during ConnectNTL phase.
R=jarin@chromium.org
BUG=chromium:469605
LOG=Y
Review URL: https://codereview.chromium.org/
1030623003
Cr-Commit-Position: refs/heads/master@{#27366}
michael_dawson [Mon, 23 Mar 2015 13:25:15 +0000 (06:25 -0700)]
PPC: Use platform specific stubs for vector-based Load/KeyedLoad.
Port
34a1a76ddf30109f7b6cb60aa2651493ab38660a
Original commit message:
A hydrogen code stub is not the best approach because it builds a frame
and doesn't have the technology to discard roots at tail call exits.
Platform-specific stubs provide much better performance at this point.
R=verwaest@chromium.org, mbrandy@us.ibm.com
BUG=
Review URL: https://codereview.chromium.org/
1019003002
Cr-Commit-Position: refs/heads/master@{#27365}
ulan [Mon, 23 Mar 2015 13:24:07 +0000 (06:24 -0700)]
Respect old space allocation limit in PagedSpace::AllocateRaw.
BUG=v8:3976
LOG=NO
Review URL: https://codereview.chromium.org/
1025643002
Cr-Commit-Position: refs/heads/master@{#27364}
aperez [Mon, 23 Mar 2015 11:38:02 +0000 (04:38 -0700)]
Fix unintentional typo in Parser::ParseLazy() comments
BUG=
LOG=N
NOTRY=true
Review URL: https://codereview.chromium.org/
1022413003
Cr-Commit-Position: refs/heads/master@{#27363}
ulan [Mon, 23 Mar 2015 11:20:38 +0000 (04:20 -0700)]
Reland "Fix memory leak caused by field type in descriptor array."
BUG=v8:3877
LOG=NO
Review URL: https://codereview.chromium.org/
1018283002
Cr-Commit-Position: refs/heads/master@{#27362}
jacob.bramley [Mon, 23 Mar 2015 10:25:11 +0000 (03:25 -0700)]
[ARM64] [turbofan] Support Float64Min and Float64Max.
ARM64 support for Float64Min and Float64Max machine operators
(https://codereview.chromium.org/
998283002/) using fmin and fmax.
BUG=
Review URL: https://codereview.chromium.org/
1024093002
Cr-Commit-Position: refs/heads/master@{#27361}
chunyang.dai [Mon, 23 Mar 2015 10:21:04 +0000 (03:21 -0700)]
X87: Simplify pending message object handling.
port
d4696c484142c601cbd691ae80164043785a3af7 (r27150)
original commit message:
This moves the decision whether to report a message or not to when
the pending exception is propagated instead of trying to preserve the
decision in a ThreadLocalTop field.
BUG=
Review URL: https://codereview.chromium.org/
1028073002
Cr-Commit-Position: refs/heads/master@{#27360}
chunyang.dai [Mon, 23 Mar 2015 10:06:12 +0000 (03:06 -0700)]
Remove the check for turbofan unsupported platform.
BUG=
Review URL: https://codereview.chromium.org/
1025073004
Cr-Commit-Position: refs/heads/master@{#27359}
cdai2 [Mon, 23 Mar 2015 09:28:08 +0000 (17:28 +0800)]
X87: Simplify pending message script handling.
port
f71e26268338d2840133264329bf35a63011bb5a (r27127)
original commit message:
Simplify pending message script handling.
This removes the separate tracking of the pending message script,
because that script is already stored in the message object and
duplicating it in the ThreadLocalTop makes it more brittle.
BUG=
R=weiliang.lin@intel.com
Review URL: https://codereview.chromium.org/
1028993003
Cr-Commit-Position: refs/heads/master@{#27358}
chunyang.dai [Mon, 23 Mar 2015 09:23:04 +0000 (02:23 -0700)]
X87: Remove frame pointer from StackHandler.
port
36e69a916f2a88664887d2b62f0eaf8400edb182 (r27115)
original commit message:
This reduces the size of the StackHandler by yet another word. We no
longer need to keep track of the frame pointer, as the stack walk will
be able to recalculate it.
BUG=
Review URL: https://codereview.chromium.org/
1030563002
Cr-Commit-Position: refs/heads/master@{#27357}
chunyang.dai [Mon, 23 Mar 2015 08:50:16 +0000 (01:50 -0700)]
X87: [es6] Throw TypeError for computed static prototype property name
port
8d946b9c3f6ea42dd5232c0529be4d47798b06aa (r27106).
original commit message:
[es6] Throw TypeError for computed static prototype property name
The prototype of a class constructor function is read only. When we set
computed property names we were ignoring this and we were overriding the
property.
Since the prototype is the only possible own read only property on the
constructor function object we special case this so we do not have to
check this for every property in the class literal.
BUG=
Review URL: https://codereview.chromium.org/
1028983002
Cr-Commit-Position: refs/heads/master@{#27356}
arv [Mon, 23 Mar 2015 08:41:46 +0000 (01:41 -0700)]
Use TO_OBJECT_INLINE a bit more
We were using ToObject in a lot of places where the common case is that
we already have an object. By changing to TO_OBJECT_INLINE we don't
have to go through 5 different if statements before falling through.
We were also calling ToObject too many times in DefineObjectProperty
where we already know that obj is an object.
BUG=None
LOG=N
Review URL: https://codereview.chromium.org/
1019413002
Cr-Commit-Position: refs/heads/master@{#27355}
arv [Mon, 23 Mar 2015 08:40:36 +0000 (01:40 -0700)]
[es6] Object.getPrototypeOf should work with values
The final spec for Object.getPrototypeOf calls ToObject on the
parameter, which means that it should only throw for null and
undefined. For other non object values the prototype of the wrapper
should be used.
BUG=v8:3964
LOG=N
R=adamk, rossberg@chromium.org
Review URL: https://codereview.chromium.org/
1014813003
Cr-Commit-Position: refs/heads/master@{#27354}
cdai2 [Mon, 23 Mar 2015 08:27:36 +0000 (16:27 +0800)]
X87: Remove code object from StackHandler.
port
e0aa8ebf933b4c659e1c4a01ba244c5de452ff1c (r27103).
original commit message:
This reduces the size of the StackHandler by one word. We no longer
need to keep track of the code object, as the stack walk finds it.
BUG=
R=weiliang.lin@intel.com
Review URL: https://codereview.chromium.org/
1022403002
Cr-Commit-Position: refs/heads/master@{#27353}
caitpotter88 [Mon, 23 Mar 2015 07:01:37 +0000 (00:01 -0700)]
[es6] remove --harmony-templates flag
BUG=v8:3230
R=dslomov@chromium.org, arv@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/
1027593005
Cr-Commit-Position: refs/heads/master@{#27352}
balazs.kilvady [Mon, 23 Mar 2015 07:00:17 +0000 (00:00 -0700)]
MIPS: Fix 'MIPS: Serializer: serialize internal references via object visitor.'
BUG=
Review URL: https://codereview.chromium.org/
1025453003
Cr-Commit-Position: refs/heads/master@{#27351}
v8-autoroll [Mon, 23 Mar 2015 06:59:07 +0000 (23:59 -0700)]
Update V8 DEPS.
Rolling v8/third_party/icu to
7c81740601355556e630da515b74d889ba2f8d08
TBR=machenbach@chromium.org
Review URL: https://codereview.chromium.org/
1030513002
Cr-Commit-Position: refs/heads/master@{#27350}
balazs.kilvady [Mon, 23 Mar 2015 06:57:59 +0000 (23:57 -0700)]
MIPS: [es6] generate rest parameters correctly for subclass constructors
Port
bef80fcfd7e89cadc215f7d10a016a375e346490
BUG=v8:3977
LOG=N
Review URL: https://codereview.chromium.org/
1028703002
Cr-Commit-Position: refs/heads/master@{#27349}
johan [Mon, 23 Mar 2015 06:56:53 +0000 (23:56 -0700)]
MAP_NORESERVE was never implemented in FreeBSD as has been retired
as of https://reviews.freebsd.org/D848. This makes V8 build on
FreeBSD-current (and the forthcoming 11).
BUG=none
LOG=n
Review URL: https://codereview.chromium.org/
1025823003
Cr-Commit-Position: refs/heads/master@{#27348}
akos.palfi [Fri, 20 Mar 2015 17:07:29 +0000 (10:07 -0700)]
MIPS: Fix 'MIPS: [es6] implement Reflect.apply() & Reflect.construct()'
Port
d21fd15467e16f185e511dbfbaeef7caddfe804a
TEST=mjsunit/harmony/reflect-construct
BUG=
Review URL: https://codereview.chromium.org/
1022053002
Cr-Commit-Position: refs/heads/master@{#27347}
Toon Verwaest [Fri, 20 Mar 2015 16:42:51 +0000 (17:42 +0100)]
Ensure we don't overflow in BCE
BUG=chromium:469148
LOG=y
R=dcarney@chromium.org
Review URL: https://codereview.chromium.org/
1023123003
Cr-Commit-Position: refs/heads/master@{#27346}
ishell [Fri, 20 Mar 2015 16:07:02 +0000 (09:07 -0700)]
Revert of Allow compaction when incremental marking is on. (patchset #1 id:1 of https://codereview.chromium.org/
1014263002/)
Reason for revert:
It seems to cause crbug/469146.
Original issue's description:
> Allow compaction when incremental marking is on.
>
> BUG=chromium:450824
> LOG=NO
>
> Committed: https://crrev.com/
92f96e4e9a527fcb085b68f81ee14b26acdd4719
> Cr-Commit-Position: refs/heads/master@{#27267}
TBR=hpayer@chromium.org,ulan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:450824
Review URL: https://codereview.chromium.org/
1026813002
Cr-Commit-Position: refs/heads/master@{#27345}
caitpotter88 [Fri, 20 Mar 2015 14:07:07 +0000 (07:07 -0700)]
[es6] generate rest parameters correctly for subclass constructors
BUG=v8:3977
R=dslomov@chromium.org, arv@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/
1018043003
Cr-Commit-Position: refs/heads/master@{#27344}
balazs.kilvady [Fri, 20 Mar 2015 14:05:26 +0000 (07:05 -0700)]
MIPS: [turbofan] Turn Math.clz32 into an inlinable builtin.
Port
3aa206b86560da94f895625186295bf07a0301d8
BUG=v8:3952
LOG=n
Review URL: https://codereview.chromium.org/
1020223002
Cr-Commit-Position: refs/heads/master@{#27343}
chunyang.dai [Fri, 20 Mar 2015 13:45:00 +0000 (06:45 -0700)]
X87: [turbofan] Implement throwing exceptions into TurboFan code.
port
1382879f29bd71c36aeda2421e867c4cdd232a0d (r27016).
oringinal commit message:
[turbofan] Implement throwing exceptions into TurboFan code.
This extends the stack unwinding logic to respect optimized frames
and perform a lookup in the handler table to find handlers. It also
contains fixes to the API call stubs to allow a stack walk while
promoting scheduled exceptions.
BUG=
Review URL: https://codereview.chromium.org/
1023943002
Cr-Commit-Position: refs/heads/master@{#27342}
bmeurer [Fri, 20 Mar 2015 12:05:06 +0000 (05:05 -0700)]
[turbofan] Fix lowering of Math.max for integral inputs.
R=jarin@chromium.org
BUG=chromium:468162
LOG=y
Review URL: https://codereview.chromium.org/
1027753002
Cr-Commit-Position: refs/heads/master@{#27341}
yangguo [Fri, 20 Mar 2015 11:17:09 +0000 (04:17 -0700)]
Serializer: cache hashmaps on the isolate.
This speeds up multiple uses of the serializer quite a bit.
R=mvstanton@chromium.org
Review URL: https://codereview.chromium.org/
1003363003
Cr-Commit-Position: refs/heads/master@{#27340}
rossberg [Fri, 20 Mar 2015 11:03:05 +0000 (04:03 -0700)]
[harmony] Move some regression tests to the right place
TBR=dslomov@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1027693003
Cr-Commit-Position: refs/heads/master@{#27339}
projects / platform / upstream / v8.git / log