bmeurer [Fri, 26 Jun 2015 09:34:32 +0000 (02:34 -0700)]
[turbofan] Canonicalize return sequence for JSFunctions.
This optimization is already implemented in fullcodegen, and
basically makes sure that we do not unecessarily blow up the
code with duplicated return sequences everywhere.
R=danno@chromium.org
Review URL: https://codereview.chromium.org/
1211373002
Cr-Commit-Position: refs/heads/master@{#29315}
machenbach [Fri, 26 Jun 2015 09:19:11 +0000 (02:19 -0700)]
[android] Migrate more configs to gyp.
BUG=chromium:502176
LOG=n
Review URL: https://codereview.chromium.org/
1207693004
Cr-Commit-Position: refs/heads/master@{#29314}
mstarzinger [Fri, 26 Jun 2015 09:07:30 +0000 (02:07 -0700)]
[turbofan] Implement sharing of context-independent code.
This allows context-independent code generated by TurboFan to be cached
in the optimized code map and reused across native contexts. Note that
currently this cache is still flushed at GC time.
R=bmeurer@chromium.org,mvstanton@chromium.org
TEST=cctest/test-compiler/OptimizedCodeSharing
Review URL: https://codereview.chromium.org/
1208013002
Cr-Commit-Position: refs/heads/master@{#29313}
machenbach [Fri, 26 Jun 2015 08:22:00 +0000 (01:22 -0700)]
Revert of Debugger: use list to find shared function info in a script. (patchset #2 id:20001 of https://codereview.chromium.org/
1206573004/)
Reason for revert:
[Sheriff] Breaks layout tests:
http://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/682
Original issue's description:
> Debugger: use list to find shared function info in a script.
>
> Now that we keep tabs on shared function infos from a script, we can speed up finding shared function infos for debugging. However, in case we have to compile a function that cannot be lazily compiled without context, we fall back to the slow heap iteration.
>
> R=mstarzinger@chromium.org
> BUG=v8:4132,v8:4052
> LOG=N
>
> Committed: https://crrev.com/
cfe89a71a332ef9ed481c8210bc3ad6d2822034b
> Cr-Commit-Position: refs/heads/master@{#29296}
TBR=mstarzinger@chromium.org,yangguo@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4132,v8:4052
Review URL: https://codereview.chromium.org/
1210393002
Cr-Commit-Position: refs/heads/master@{#29312}
bmeurer [Fri, 26 Jun 2015 08:20:53 +0000 (01:20 -0700)]
[turbofan] Add support for pushing returns into merges.
This will enable tail call optimization even across inlining. Plus it
might enable some other interesting optimizations as well. In order to
avoid blowing up the generated code, we can still canonicalize the
epilogue in the CodeGenerator, similar to what fullcodegen does.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/
1215623002
Cr-Commit-Position: refs/heads/master@{#29311}
mvstanton [Fri, 26 Jun 2015 07:53:21 +0000 (00:53 -0700)]
VectorICs: Lithium support for vector-based stores.
BUG=
Review URL: https://codereview.chromium.org/
1209903003
Cr-Commit-Position: refs/heads/master@{#29310}
bmeurer [Fri, 26 Jun 2015 05:56:00 +0000 (22:56 -0700)]
[turbofan] Use proper eager deopts for %_ThrowNotDateError().
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/
1210863002
Cr-Commit-Position: refs/heads/master@{#29309}
yangguo [Thu, 25 Jun 2015 19:04:21 +0000 (12:04 -0700)]
Serializer: commit new internalized strings after deserialization.
Reserving space for deserialization can cause GC, which
can evict entries from the string table. Having more deleted
entries now, StringTable::EnsureCapacity could cause a GC
later during deserialization even when we actually still
have enough capacity.
Instead, we now keep new internalized strings in a separate list
and commit them to the string table at the end.
R=ulan@chromium.org
BUG=chromium:502085
LOG=N
Review URL: https://codereview.chromium.org/
1204863006
Cr-Commit-Position: refs/heads/master@{#29308}
mbrandy [Thu, 25 Jun 2015 19:03:11 +0000 (12:03 -0700)]
PPC64: Fix "[ic] Record call counts for monomorphic calls made with an IC."
StoreP to a tagged object pointer requires a scratch register.
R=dstence@us.ibm.com, michael_dawson@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/
1207323002
Cr-Commit-Position: refs/heads/master@{#29307}
binji [Thu, 25 Jun 2015 18:01:11 +0000 (11:01 -0700)]
Fix cluster-fuzz regression when getting message from Worker
The issue is that Worker.prototype.terminate was deleting the C++ Worker
object, and then Worker.prototype.getMessage was trying to read messages from
the queue.
The simplest solution is to keep workers in a zombie state when they have been
terminated. They won't be reaped until Shell::CleanupWorkers is called.
I've also fixed some threading issues with Workers:
* Workers can be created by another Worker, so the Shell::workers_ variable
must be protected by a mutex.
* An individual Worker can typically only be accessed by the isolate that
created it, but the main thread can always terminate it, so the Worker::state_
must be accessed in a thread-safe way.
BUG=chromium:504136
R=jochen@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/
1208733002
Cr-Commit-Position: refs/heads/master@{#29306}
balazs.kilvady [Thu, 25 Jun 2015 17:59:43 +0000 (10:59 -0700)]
MIPS: [turbofan] Fix implementation of Float64Min.
Port
d783b763629526a1ec57a9f14caa61d0166efac7
Original commit message:
ARM64's `fmin` and `fmax` instructions don't have the same behaviour as
TurboFan's Float(32|64)(Min|Max) functions.
BUG=4206
LOG=N
Review URL: https://codereview.chromium.org/
1204903004
Cr-Commit-Position: refs/heads/master@{#29305}
mbrandy [Thu, 25 Jun 2015 17:35:15 +0000 (10:35 -0700)]
PPC: [turbofan] Add basic support for calling to (a subset of) C functions.
Port
a58ba8d80179bf5b6b7245590c82e47fda8c8a5e
Original commit message:
This introduces some initial building blocks for calling out to
C/C++ functions directly from TurboFan generated code objects.
R=bmeurer@chromium.org, dstence@us.ibm.com, michael_dawson@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/
1206343002
Cr-Commit-Position: refs/heads/master@{#29304}
mbrandy [Thu, 25 Jun 2015 17:32:46 +0000 (10:32 -0700)]
PPC: [ic] Record call counts for monomorphic calls made with an IC.
Port
c1a4f7477f03ebb0c6889bbf8ea6a4c928e0d413
Original commit message:
The idea is that TurboFan can use this information for more intelligent
inlining.
R=mvstanton@chromium.org, dstence@us.ibm.com, michael_dawson@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/
1208093002
Cr-Commit-Position: refs/heads/master@{#29303}
mbrandy [Thu, 25 Jun 2015 17:31:37 +0000 (10:31 -0700)]
PPC: Vector ICs: Like megamorphic keyed koads, use a dummy vector for stores
Port
9e7af9efc5857b3c7e23a77d257f3dfbea597753
Original commit message:
It's useful for the megamorphic keyed store case to not require a
vector and slot as input. Analogous to the load case, we have a dummy
one-ic-slot vector to aid. Since the only kind of MISS is for
megamorphic cache stub failures, we don't need the real vector.
The reason is that megamorphic cache stub failures don't result in any
change to the type feedback vector state.
R=mvstanton@chromium.org, dstence@us.ibm.com, michael_dawson@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/
1212493002
Cr-Commit-Position: refs/heads/master@{#29302}
mbrandy [Thu, 25 Jun 2015 17:03:02 +0000 (10:03 -0700)]
PPC: Fix "Unify the stack layout for construct frames"
R=dstence@us.ibm.com, michael_dawson@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/
1210083002
Cr-Commit-Position: refs/heads/master@{#29301}
mbrandy [Thu, 25 Jun 2015 16:44:20 +0000 (09:44 -0700)]
PPC: Fix "Fix receiver when calling eval() bound by with scope"
R=wingo@igalia.com, dstence@us.ibm.com, michael_dawson@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/
1209703002
Cr-Commit-Position: refs/heads/master@{#29300}
wingo [Thu, 25 Jun 2015 16:17:06 +0000 (09:17 -0700)]
Better error message for eval=>42 in strict mode
BUG=v8:4213
R=arv@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/
1210003003
Cr-Commit-Position: refs/heads/master@{#29299}
verwaest [Thu, 25 Jun 2015 15:04:46 +0000 (08:04 -0700)]
Back off normalizing on set length in sync with adding a property
BUG=
Review URL: https://codereview.chromium.org/
1211833002
Cr-Commit-Position: refs/heads/master@{#29298}
verwaest [Thu, 25 Jun 2015 14:43:28 +0000 (07:43 -0700)]
Only try to delete dictionary elements if the length is actually reduced
BUG=v8:4137
LOG=n
Review URL: https://codereview.chromium.org/
1209983002
Cr-Commit-Position: refs/heads/master@{#29297}
yangguo [Thu, 25 Jun 2015 14:27:36 +0000 (07:27 -0700)]
Debugger: use list to find shared function info in a script.
Now that we keep tabs on shared function infos from a script, we can speed up finding shared function infos for debugging. However, in case we have to compile a function that cannot be lazily compiled without context, we fall back to the slow heap iteration.
R=mstarzinger@chromium.org
BUG=v8:4132,v8:4052
LOG=N
Review URL: https://codereview.chromium.org/
1206573004
Cr-Commit-Position: refs/heads/master@{#29296}
verwaest [Thu, 25 Jun 2015 14:17:10 +0000 (07:17 -0700)]
Move Add to the elements accessor for everything but dictionary-arguments
BUG=v8:4137
LOG=n
Review URL: https://codereview.chromium.org/
1205913002
Cr-Commit-Position: refs/heads/master@{#29295}
vogelheim [Thu, 25 Jun 2015 14:03:41 +0000 (07:03 -0700)]
Remove obsolete options in ScriptCompiler::CompileOptions.
This is a follow-on to https://code.google.com/p/v8/source/detail?r=22431
This will remove the compatibility logic, so that the API as described
in r22431 is the only API.
I'll let this CL will sit around for a while to give embedders a chance
to update their code.
R=yangguo@chromium.org, ulan@chromium.org
BUG=chromium:399580
LOG=Y
Review URL: https://codereview.chromium.org/
392263002
Cr-Commit-Position: refs/heads/master@{#29294}
wingo [Thu, 25 Jun 2015 13:46:31 +0000 (06:46 -0700)]
Reapply "Fix receiver when calling eval() bound by with scope"
Originally applied in https://codereview.chromium.org/
1202963005
BUG=v8:4214
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
LOG=N
R=arv@chromium.org, mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/
1208873002
Cr-Commit-Position: refs/heads/master@{#29293}
arv [Thu, 25 Jun 2015 12:52:23 +0000 (05:52 -0700)]
Unify the stack layout for construct frames
The stack layout was different for different ports.
BUG=v8:3887
LOG=N
R=dslomov@chromium.org, adamk@chromium.org
Review URL: https://codereview.chromium.org/
1203103003
Cr-Commit-Position: refs/heads/master@{#29292}
yangguo [Thu, 25 Jun 2015 12:19:55 +0000 (05:19 -0700)]
Reland 2 "Keep a canonical list of shared function infos."
BUG=v8:4132
LOG=N
Review URL: https://codereview.chromium.org/
1211803002
Cr-Commit-Position: refs/heads/master@{#29291}
erikcorry [Thu, 25 Jun 2015 11:42:03 +0000 (04:42 -0700)]
Reland Extend big-disjunction optimization to case-independent regexps
Previous code review https://codereview.chromium.org/
1182783009/
R=yangguo@chromium.org
BUG=chromium:482998
LOG=n
Review URL: https://codereview.chromium.org/
1204123003
Cr-Commit-Position: refs/heads/master@{#29290}
verwaest [Thu, 25 Jun 2015 11:25:59 +0000 (04:25 -0700)]
Move reconfiguration into the elements accessor
BUG=v8:4137
LOG=n
Review URL: https://codereview.chromium.org/
1207613005
Cr-Commit-Position: refs/heads/master@{#29289}
bmeurer [Thu, 25 Jun 2015 11:06:58 +0000 (04:06 -0700)]
[turbofan] Optimize BooleanNot conditions to Branch nodes.
Also remove the weird work-around for this missing optimization in
CHECK_DATE in macros.py.
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/
1205353002
Cr-Commit-Position: refs/heads/master@{#29288}
verwaest [Thu, 25 Jun 2015 10:48:51 +0000 (03:48 -0700)]
Let AddDictionaryElement / AddFastElement purely add, move transition heuristics to AddDataElement
BUG=v8:4137
LOG=n
Review URL: https://codereview.chromium.org/
1194023004
Cr-Commit-Position: refs/heads/master@{#29287}
yangguo [Thu, 25 Jun 2015 10:43:32 +0000 (03:43 -0700)]
Debugger: remove bogus assertion in BreakLocation constructor.
Currently DebugInfo objects can be created independently from whether
the debugger is active. When tearing down the isolate, we would go
through DebugInfo objects and iterate through break locations,
causing this assertion to fail.
R=ulan@chromium.org
BUG=v8:4241
LOG=N
Review URL: https://codereview.chromium.org/
1210813002
Cr-Commit-Position: refs/heads/master@{#29286}
yangguo [Thu, 25 Jun 2015 10:34:54 +0000 (03:34 -0700)]
Revert of Reland "Keep a canonical list of shared function infos." (patchset #3 id:40001 of https://codereview.chromium.org/
1211453002/)
Reason for revert:
proxies test failing https://chromegw.corp.google.com/i/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/903/steps/Mjsunit/logs/proxies
Original issue's description:
> Reland "Keep a canonical list of shared function infos."
>
> This reverts commit
3164aa7483cb476da84895a3c9810015758fccf9.
>
> Committed: https://crrev.com/
cacb646d80daa429f6915824a741f595db7d5044
> Cr-Commit-Position: refs/heads/master@{#29282}
TBR=adamk@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/
1206263002
Cr-Commit-Position: refs/heads/master@{#29285}
mstarzinger [Thu, 25 Jun 2015 09:44:58 +0000 (02:44 -0700)]
Remove overzealous checking of --cache-optimized-code flag.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/
1206803003
Cr-Commit-Position: refs/heads/master@{#29284}
Benedikt Meurer [Thu, 25 Jun 2015 09:22:08 +0000 (11:22 +0200)]
[turbofan] Properly type %_IsDate intrinsic.
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/
1208003002.
Cr-Commit-Position: refs/heads/master@{#29283}
yangguo [Thu, 25 Jun 2015 09:09:28 +0000 (02:09 -0700)]
Reland "Keep a canonical list of shared function infos."
This reverts commit
3164aa7483cb476da84895a3c9810015758fccf9.
Review URL: https://codereview.chromium.org/
1211453002
Cr-Commit-Position: refs/heads/master@{#29282}
Michael Stanton [Thu, 25 Jun 2015 08:43:28 +0000 (10:43 +0200)]
[ic] Record call counts for monomorphic calls made with an IC.
The idea is that TurboFan can use this information for more intelligent
inlining.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/
1201193003
Cr-Commit-Position: refs/heads/master@{#29281}
Michael Stanton [Thu, 25 Jun 2015 08:35:56 +0000 (10:35 +0200)]
Vector ICs: Like megamorphic keyed koads, use a dummy vector for stores
It's useful for the megamorphic keyed store case to not require a
vector and slot as input. Analogous to the load case, we have a dummy
one-ic-slot vector to aid. Since the only kind of MISS is for
megamorphic cache stub failures, we don't need the real vector.
The reason is that megamorphic cache stub failures don't result in any
change to the type feedback vector state.
BUG=
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/
1210583002
Cr-Commit-Position: refs/heads/master@{#29280}
Benedikt Meurer [Thu, 25 Jun 2015 08:32:06 +0000 (10:32 +0200)]
[turbofan] Add basic support for calling to (a subset of) C functions.
This introduces some initial building blocks for calling out to
C/C++ functions directly from TurboFan generated code objects.
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/
1205023002.
Cr-Commit-Position: refs/heads/master@{#29279}
Michael Starzinger [Thu, 25 Jun 2015 08:28:19 +0000 (10:28 +0200)]
Simplify interface to optimized code map lookup.
This is one step torwards extracting an OptimizedCodeMap out from the
SharedFunctionInfo in order to have a more flexible implementation.
R=bmeurer@chromium.org, jarin@chromium.org
Review URL: https://codereview.chromium.org/
1205783003.
Cr-Commit-Position: refs/heads/master@{#29278}
bmeurer [Thu, 25 Jun 2015 04:47:06 +0000 (21:47 -0700)]
[turbofan] Revive the useful parts of the SimplifiedOperatorReducer.
This partially reverts https://codereview.chromium.org/
1162563002
because we might actually be able to optimize certain combinations
now due to dead code elimination.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/
1202263006
Cr-Commit-Position: refs/heads/master@{#29277}
bbudge [Thu, 25 Jun 2015 04:32:07 +0000 (21:32 -0700)]
Make helper functions compatible with larger ToBooleanStub types.
I missed some functions that need to change.
LOG=N
BUG=v8:4124
Review URL: https://codereview.chromium.org/
1199413009
Cr-Commit-Position: refs/heads/master@{#29276}
mstarzinger [Thu, 25 Jun 2015 04:11:54 +0000 (21:11 -0700)]
Make sure bound functions never make it into optimized code map.
This is one step torwards extracting an OptimizedCodeMap out from the
SharedFunctionInfo in order to have a more flexible implementation.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/
1210523002
Cr-Commit-Position: refs/heads/master@{#29275}
v8-autoroll [Thu, 25 Jun 2015 03:28:25 +0000 (20:28 -0700)]
Update V8 DEPS.
Rolling v8/third_party/icu to
c3f79166089e5360c09e3053fce50e6e296c3204
TBR=machenbach@chromium.org
Review URL: https://codereview.chromium.org/
1206173002
Cr-Commit-Position: refs/heads/master@{#29274}
arv [Thu, 25 Jun 2015 00:04:25 +0000 (17:04 -0700)]
JSON.stringify should handle the replacer before the space
BUG=v8:4227
LOG=N
R=adamk
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/
1200373003
Cr-Commit-Position: refs/heads/master@{#29273}
arv [Wed, 24 Jun 2015 22:30:37 +0000 (15:30 -0700)]
Fix evaluation order of Object.prototype.hasOwnProperty
We need to do the ToName before the ToObject.
BUG=v8:4229
LOG=N
R=adamk
Review URL: https://codereview.chromium.org/
1211663002
Cr-Commit-Position: refs/heads/master@{#29272}
arv [Wed, 24 Jun 2015 22:29:30 +0000 (15:29 -0700)]
jsmin.py: Fix issue with escaping of back ticks
The escaping of back ticks in template strings was incorrect
BUG=v8:4240
LOG=N
TBR=yangguo@chromium.org
Review URL: https://codereview.chromium.org/
1209713003
Cr-Commit-Position: refs/heads/master@{#29271}
arv [Wed, 24 Jun 2015 22:17:52 +0000 (15:17 -0700)]
JSON.stringify should use toString of replacer and not valueOf
If the replacer array contains a number wrapper we should use the
toString result and not valueOf.
BUG=v8:4228
LOG=N
R=adamk
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/
1207013002
Cr-Commit-Position: refs/heads/master@{#29270}
dstence [Wed, 24 Jun 2015 21:21:44 +0000 (14:21 -0700)]
PPC: Debug check fix for test SMI optimization.
R=mbrandy@us.ibm.com, michael_dawson@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/
1202383005
Cr-Commit-Position: refs/heads/master@{#29269}
arv [Wed, 24 Jun 2015 20:54:08 +0000 (13:54 -0700)]
i18n.js was not using original functions
The i18n.js code was calling a lot of methods, which might have been
removed or replaced by user code.
Make sure we use the original functions.
BUG=v8:4220
LOG=N
R=adamk, littledan
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/
1199813004
Cr-Commit-Position: refs/heads/master@{#29268}
machenbach [Wed, 24 Jun 2015 19:08:28 +0000 (12:08 -0700)]
Revert of Fix receiver when calling eval() bound by with scope (patchset #3 id:40001 of https://codereview.chromium.org/
1202963005/)
Reason for revert:
[Sheriff] Breaks layout tests. Please fix upstream blink first.
http://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Mac/builds/574
Please consider extra blink trybots on a reland.
Original issue's description:
> Fix receiver when calling eval() bound by with scope
>
> Thanks to André Bargull for the report.
>
> BUG=v8:4214
> LOG=N
> R=arv@chromium.org, mstarzinger@chromium.org
>
> Committed: https://crrev.com/
3c5f0db3a1768ade68108bf003676ce378d1cbdc
> Cr-Commit-Position: refs/heads/master@{#29259}
TBR=arv@chromium.org,mstarzinger@chromium.org,verwaest@chromium.org,wingo@igalia.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4214
Review URL: https://codereview.chromium.org/
1201273004
Cr-Commit-Position: refs/heads/master@{#29267}
machenbach [Wed, 24 Jun 2015 19:04:04 +0000 (12:04 -0700)]
Revert of Extend big-disjunction optimization to case-independent regexps (patchset #5 id:80001 of https://codereview.chromium.org/
1182783009/)
Reason for revert:
[Sheriff] Test times out now on msan:
http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/builds/2947
Original issue's description:
> Extend big-disjunction optimization to case-independent regexps
>
> R=yangguo@chromium.org
> BUG=chromium:482998
> LOG=n
>
> Committed: https://crrev.com/
d2135603bcf462e15a1284d8ed969f6692610dda
> Cr-Commit-Position: refs/heads/master@{#29264}
TBR=yangguo@chromium.org,erikcorry@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:482998
Review URL: https://codereview.chromium.org/
1204013003
Cr-Commit-Position: refs/heads/master@{#29266}
binji [Wed, 24 Jun 2015 18:31:39 +0000 (11:31 -0700)]
Fix cluster-fuzz regression with Workers and recursive serialization
Shell::SerializeValue was using a HandleScope, but was also storing Handles in
an ObjectList. The ObjectList handles would persist after the function had
returned, but will have already been destroyed by the HandleScope, so there is
a use-after-free.
This change removes the HandleScope in Shell::SerializeValue and relies on the
caller's HandleScope.
BUG=chromium:503968
R=jochen@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/
1211433003
Cr-Commit-Position: refs/heads/master@{#29265}
erikcorry [Wed, 24 Jun 2015 18:17:33 +0000 (11:17 -0700)]
Extend big-disjunction optimization to case-independent regexps
R=yangguo@chromium.org
BUG=chromium:482998
LOG=n
Review URL: https://codereview.chromium.org/
1182783009
Cr-Commit-Position: refs/heads/master@{#29264}
binji [Wed, 24 Jun 2015 17:47:10 +0000 (10:47 -0700)]
Fix cluster-fuzz regression with Workers when serializing empty string
BUG=chromium:503991
R=jochen@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/
1210623002
Cr-Commit-Position: refs/heads/master@{#29263}
wingo [Wed, 24 Jun 2015 17:25:08 +0000 (10:25 -0700)]
Fix unexpected token messages in expression classifier
Some tokens need special messages because their token corresponds to
many names.
R=arv@chromium.org
BUG=v8:4213
LOG=N
Review URL: https://codereview.chromium.org/
1207743004
Cr-Commit-Position: refs/heads/master@{#29262}
binji [Wed, 24 Jun 2015 17:09:48 +0000 (10:09 -0700)]
Fix cluster-fuzz regression with Workers on mips.debug
BUG=chromium:503698
R=jochen@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/
1208573003
Cr-Commit-Position: refs/heads/master@{#29261}
dslomov [Wed, 24 Jun 2015 16:54:47 +0000 (09:54 -0700)]
Use C runtime functions for ThrowNewXXError desugarings.
JS runtime function calls cause Hydrogen to bail out.
R=adamk@chromiunm.org,arv@chromium.org
Review URL: https://codereview.chromium.org/
1210533003
Cr-Commit-Position: refs/heads/master@{#29260}
wingo [Wed, 24 Jun 2015 16:47:50 +0000 (09:47 -0700)]
Fix receiver when calling eval() bound by with scope
Thanks to André Bargull for the report.
BUG=v8:4214
LOG=N
R=arv@chromium.org, mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/
1202963005
Cr-Commit-Position: refs/heads/master@{#29259}
hpayer [Wed, 24 Jun 2015 16:40:39 +0000 (09:40 -0700)]
Re-land new insertion write barrier.
BUG=
Review URL: https://codereview.chromium.org/
1211513002
Cr-Commit-Position: refs/heads/master@{#29258}
mbrandy [Wed, 24 Jun 2015 16:09:53 +0000 (09:09 -0700)]
PPC: Use big-boy Types to annotate interface descriptor parameters
Port
c019d7f498ce6fbac6659924e20ddb6c59aebeb8
Original commit message:
- Thread Type::FunctionType through stubs and the TF pipeline.
- Augment Typer to decorate parameter nodes with types from
a Type::FunctionType associated with interface descriptors.
- Factor interface descriptors into platform-specific and
platform-independent components so that all descriptors share
a common Type::FunctionType for all platforms.
R=danno@chromium.org, dstence@us.ibm.com, michael_dawson@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/
1206893002
Cr-Commit-Position: refs/heads/master@{#29257}
ishell [Wed, 24 Jun 2015 14:57:39 +0000 (07:57 -0700)]
Ensure there is some space on JS stack available for bootstrapping.
Review URL: https://codereview.chromium.org/
1203873005
Cr-Commit-Position: refs/heads/master@{#29256}
yangguo [Wed, 24 Jun 2015 14:26:31 +0000 (07:26 -0700)]
Serializer: clear next link in weak cells.
If we do not clear next links during serialization, the
serializer would simply follow those links and serialize
arbitrary objects held by weak cells. This breaks the
invariant in the code serializer, which crashes if it
sees context-dependent objects.
R=ulan@chromium.org
BUG=chromium:503552
LOG=Y
Review URL: https://codereview.chromium.org/
1203973002
Cr-Commit-Position: refs/heads/master@{#29255}
mbrandy [Wed, 24 Jun 2015 13:29:08 +0000 (06:29 -0700)]
PPC: Do not add extra argument for new.target
Port
8196c28a94f62dec026f2b564ba81d690a4ed593
Original commit message:
JSConstructStub for subclass constructors instead locates new.target in
a known location on the stack.
R=dslomov@chromium.org, dstence@us.ibm.com, michael_dawson@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/
1208443002
Cr-Commit-Position: refs/heads/master@{#29254}
wingo [Wed, 24 Jun 2015 12:23:27 +0000 (05:23 -0700)]
Fix -Werror=sign-compare error with GCC
R=jkummerow@chromium.org
LOG=N
BUG=
Review URL: https://codereview.chromium.org/
1202843006
Cr-Commit-Position: refs/heads/master@{#29253}
machenbach [Wed, 24 Jun 2015 10:20:19 +0000 (03:20 -0700)]
[android] Set platform to 16 for 32 bit builds.
TBR=ulan, jochen
NOTRY=true
Review URL: https://codereview.chromium.org/
1209453003
Cr-Commit-Position: refs/heads/master@{#29252}
bmeurer [Wed, 24 Jun 2015 09:16:27 +0000 (02:16 -0700)]
[turbofan] Make TyperCache global and thread safe.
This way we need the common types only once per process and we don't
need to recreate them for every compilation. It uses the same pattern
that we already apply to caching operators. This simplifies the type
cache a lot.
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/
1209513002
Cr-Commit-Position: refs/heads/master@{#29251}
bmeurer [Wed, 24 Jun 2015 09:15:19 +0000 (02:15 -0700)]
[x64] Fix instruction selection for Word64Equal(Word64And, 0).
This fixes a slight inconsistency in the InstructionSelector that
basically disabled the optimization for things like ObjectIsSmi.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/
1206773002
Cr-Commit-Position: refs/heads/master@{#29250}
jacob.bramley [Wed, 24 Jun 2015 06:47:27 +0000 (23:47 -0700)]
Reland r21101: "ARM64: use jssp for stack slots"
The original implementation assumed that LPushArguments and
LInvoke/Call* could be assumed to be exclusively sequential. However,
this isn't always the case. For example, GenerateCallFunction pushes
some arguments and then selects between HInvokeFunction and
HCallFunction.
This fixed implementation resets a pushed_arguments_ counter based on
the argument_count() of the preceeding basic block, then tracks it
per-instruction as before (except that now we maintain a count rather
than a boolean flag).
At the same time, since we now track exactly how many arguments have
been pushed onto the stack, I was able to adjust the offset accordingly
and use jssp for stack slots even when arguments have been pushed.
BUG=
Review URL: https://codereview.chromium.org/
1038363002
Cr-Commit-Position: refs/heads/master@{#29249}
danno [Wed, 24 Jun 2015 06:21:47 +0000 (23:21 -0700)]
Use big-boy Types to annotate interface descriptor parameters
- Thread Type::FunctionType through stubs and the TF pipeline.
- Augment Typer to decorate parameter nodes with types from
a Type::FunctionType associated with interface descriptors.
- Factor interface descriptors into platform-specific and
platform-independent components so that all descriptors share
a common Type::FunctionType for all platforms.
Review URL: https://codereview.chromium.org/
1197703002
Cr-Commit-Position: refs/heads/master@{#29248}
bbudge [Wed, 24 Jun 2015 06:10:45 +0000 (23:10 -0700)]
Expand ToBoolean stub so it can handle more types.
SIMD values will require their own type code for conversion to boolean.
LOG=N
BUG=v8:4124
Review URL: https://codereview.chromium.org/
1202973003
Cr-Commit-Position: refs/heads/master@{#29247}
binji [Wed, 24 Jun 2015 05:36:13 +0000 (22:36 -0700)]
Fix ReferenceError of Worker in regress-crbug-503578
Worker is not defined on the V8 Shared bots.
BUG=chromium:503578
R=jarin@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/
1202763004
Cr-Commit-Position: refs/heads/master@{#29246}
machenbach [Wed, 24 Jun 2015 05:35:07 +0000 (22:35 -0700)]
[android] Completly move path logic to gyp config.
BUG=chromium:502176
LOG=n
Review URL: https://codereview.chromium.org/
1203653002
Cr-Commit-Position: refs/heads/master@{#29245}
binji [Wed, 24 Jun 2015 04:23:37 +0000 (21:23 -0700)]
Fix cluster-fuzz found regression in d8 when deserializing ArrayBuffer
BUG=503578
R=jarin@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/
1204753002
Cr-Commit-Position: refs/heads/master@{#29244}
mstarzinger [Wed, 24 Jun 2015 03:50:19 +0000 (20:50 -0700)]
[turbofan] Remove stale control-reducer.cc file.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/
1197793005
Cr-Commit-Position: refs/heads/master@{#29243}
arv [Tue, 23 Jun 2015 23:18:23 +0000 (16:18 -0700)]
Date() should not depend on Date.prototype.toString
We used to call toString as a method which is not safe.
BUG=v8:4225
LOG=Y
R=adamk, littledan
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/
1200033003
Cr-Commit-Position: refs/heads/master@{#29242}
adamk [Tue, 23 Jun 2015 22:59:19 +0000 (15:59 -0700)]
Revert "Keep a canonical list of shared function infos."
Speculative revert in the hopes of fixing serializer crashes seen in canary.
This reverts commit
c1669450834436508e0007885eb7ac266cbcf083, as well as
followup change "Do not look for existing shared function info when compiling a new script."
(commit
7c43967bb73783b46c2ccf9cdd0fa716b74ce278).
BUG=chromium:503552,v8:4132
TBR=yangguo@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/
1207583002
Cr-Commit-Position: refs/heads/master@{#29241}
mathias [Tue, 23 Jun 2015 18:42:52 +0000 (11:42 -0700)]
Avoid built-ins in `Date.prototype.toISOString`
TEST=mjsunit/date
BUG=v8:4226
LOG=N
Review URL: https://codereview.chromium.org/
1203733002
Cr-Commit-Position: refs/heads/master@{#29240}
titzer [Tue, 23 Jun 2015 17:26:18 +0000 (10:26 -0700)]
Add mjsunit tests for optimization of float min/max.
R=mstarzinger@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1199053011
Cr-Commit-Position: refs/heads/master@{#29239}
dslomov [Tue, 23 Jun 2015 16:50:40 +0000 (09:50 -0700)]
Do not add extra argument for new.target
JSConstructStub for subclass constructors instead locates new.target in
a known location on the stack.
R=arv@chromium.org,adamk@chromium.org
BUG=v8:3886
LOG=N
Review URL: https://codereview.chromium.org/
1196193014
Cr-Commit-Position: refs/heads/master@{#29238}
adamk [Tue, 23 Jun 2015 15:14:06 +0000 (08:14 -0700)]
Expose Map/Set methods through the API
Map: get, set, has, delete, clear
Set: add, has, delete, clear
All except clear are implemented as calls into collection.js.
Note that some of these shadow methods of v8::Object. It's unclear
how confusing that's going to be: on the one hand, it seems likely
that most operations you would want to do on a Map or Set are these.
On the other, generic code could get confused if it somehow gets
ahold of a variable that happens to be C++-typed as a v8::Map or v8::Set.
BUG=v8:3340
LOG=y
Review URL: https://codereview.chromium.org/
1204623002
Cr-Commit-Position: refs/heads/master@{#29237}
ishell [Tue, 23 Jun 2015 15:08:42 +0000 (08:08 -0700)]
Fixed exception handling in Realm.create().
BUG=chromium:501711
LOG=N
Review URL: https://codereview.chromium.org/
1207453002
Cr-Commit-Position: refs/heads/master@{#29236}
jochen [Tue, 23 Jun 2015 15:02:06 +0000 (08:02 -0700)]
Let GC select the collector when the external memory allocation limit is reached
BUG=none
R=hpayer@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/
1201993002
Cr-Commit-Position: refs/heads/master@{#29235}
mbrandy [Tue, 23 Jun 2015 14:56:50 +0000 (07:56 -0700)]
PPC: [turbofan] Fix implementation of Float64Min.
The optimized instruction sequences for floating-point min/max do not
have the same behaviour as TurboFan's Float(32|64)(Min|Max) functions
(incorrect handling for NaN operands).
R=dstence@us.ibm.com, michael_dawson@ca.ibm.com
BUG=
Review URL: https://codereview.chromium.org/
1193843015
Cr-Commit-Position: refs/heads/master@{#29234}
verwaest [Tue, 23 Jun 2015 14:33:04 +0000 (07:33 -0700)]
Don't insert elements transitions into normalized maps
BUG=chromium:499790
LOG=n
Review URL: https://codereview.chromium.org/
1203653003
Cr-Commit-Position: refs/heads/master@{#29233}
verwaest [Tue, 23 Jun 2015 13:35:07 +0000 (06:35 -0700)]
Cleanup adding elements and in particular dictionary elements
BUG=v8:4137
LOG=n
Review URL: https://codereview.chromium.org/
1196163005
Cr-Commit-Position: refs/heads/master@{#29232}
mstarzinger [Tue, 23 Jun 2015 13:33:59 +0000 (06:33 -0700)]
[turbofan] Make global variable loads and stores explicit.
This is a precursor to using specialized LoadIC and StoreIC stubs for
global variable access. It also removes the need to keep track of the
global object in the type system, hence freeing up one bit.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/
1205473004
Cr-Commit-Position: refs/heads/master@{#29231}
bmeurer [Tue, 23 Jun 2015 12:24:47 +0000 (05:24 -0700)]
[turbofan] NaN is never truish.
BUG=v8:4207
LOG=y
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/
1198993009
Cr-Commit-Position: refs/heads/master@{#29230}
jacob.bramley [Tue, 23 Jun 2015 11:58:50 +0000 (04:58 -0700)]
[arm64][turbofan] Fix implementation of Float64Min.
ARM64's `fmin` and `fmax` instructions don't have the same behaviour as
TurboFan's Float(32|64)(Min|Max) functions.
BUG=4206
LOG=N
Review URL: https://codereview.chromium.org/
1200123004
Cr-Commit-Position: refs/heads/master@{#29229}
verwaest [Tue, 23 Jun 2015 11:41:27 +0000 (04:41 -0700)]
Fix regexp perf: Only increase array size if needed
BUG=chromium:503457
LOG=n
Review URL: https://codereview.chromium.org/
1198993008
Cr-Commit-Position: refs/heads/master@{#29228}
verwaest [Tue, 23 Jun 2015 11:35:43 +0000 (04:35 -0700)]
Merge AddFastElement and AddFastDoubleElement
BUG=v8:4137
LOG=n
Review URL: https://codereview.chromium.org/
1198343004
Cr-Commit-Position: refs/heads/master@{#29227}
ishell [Tue, 23 Jun 2015 11:30:42 +0000 (04:30 -0700)]
Map::ReconfigureProperty() should mark map as unstable when it returns a different map.
BUG=chromium:502930
LOG=N
Review URL: https://codereview.chromium.org/
1200003002
Cr-Commit-Position: refs/heads/master@{#29226}
Benedikt Meurer [Tue, 23 Jun 2015 11:21:51 +0000 (13:21 +0200)]
[turbofan] Run DeadCodeElimination together with the advanced reducers.
This will immediately remove dead code from the graph once any of
the advanced reducers inserts it. Also changes the GraphReducer to
use the canonical Dead node for ReplaceWithValue.
R=jarin@chromium.org
Committed: https://crrev.com/
88a40c5fb381924b1c0b2403dc582bceb2abe5da
Cr-Commit-Position: refs/heads/master@{#29217}
Review URL: https://codereview.chromium.org/
1206533002.
Cr-Commit-Position: refs/heads/master@{#29225}
ishell [Tue, 23 Jun 2015 11:04:12 +0000 (04:04 -0700)]
Global handle leak in Realm.create() fixed.
BUG=chromium:501808
LOG=N
Review URL: https://codereview.chromium.org/
1197403002
Cr-Commit-Position: refs/heads/master@{#29224}
titzer [Tue, 23 Jun 2015 10:35:33 +0000 (03:35 -0700)]
[turbofan] Make an OptionalOperator for MachineOperatorBuilder.
This makes usage of the MachineOperatorBuilder more robust, as it will be
an error to request an unsupported operator.
Along the way, I noticed that all 7 platforms support Float32Abs and
Float64Abs. Should make them non-optional in another CL?
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/
1128133003
Cr-Commit-Position: refs/heads/master@{#29223}
verwaest [Tue, 23 Jun 2015 09:44:15 +0000 (02:44 -0700)]
Move SetFastElementsCapacity into GrowCapacityAndConvert
BUG=v8:4137
LOG=n
Review URL: https://codereview.chromium.org/
1197133003
Cr-Commit-Position: refs/heads/master@{#29222}
jochen [Tue, 23 Jun 2015 09:43:09 +0000 (02:43 -0700)]
[test] Teach test runner about whether novfp3 is on or off
BUG=none
R=machenbach@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/
1204643003
Cr-Commit-Position: refs/heads/master@{#29221}
bmeurer [Tue, 23 Jun 2015 09:39:11 +0000 (02:39 -0700)]
Revert of [turbofan] Run DeadCodeElimination together with the advanced reducers. (patchset #1 id:1 of https://codereview.chromium.org/
1206533002/)
Reason for revert:
Looks like this breaks Tests262.
Original issue's description:
> [turbofan] Run DeadCodeElimination together with the advanced reducers.
>
> This will immediately remove dead code from the graph once any of
> the advanced reducers inserts it. Also changes the GraphReducer to
> use the canonical Dead node for ReplaceWithValue.
>
> R=jarin@chromium.org
>
> Committed: https://crrev.com/
88a40c5fb381924b1c0b2403dc582bceb2abe5da
> Cr-Commit-Position: refs/heads/master@{#29217}
TBR=jarin@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/
1200983004
Cr-Commit-Position: refs/heads/master@{#29220}
mvstanton [Tue, 23 Jun 2015 09:09:04 +0000 (02:09 -0700)]
Vector ICs: Additional Turbofan support
Lowering of stores need the vector and slot if --vector-stores is true.
BUG=
Review URL: https://codereview.chromium.org/
1193313002
Cr-Commit-Position: refs/heads/master@{#29219}
hpayer [Tue, 23 Jun 2015 09:07:14 +0000 (02:07 -0700)]
Fix wrong DCHECK in Heap::FindAllocationMemento where bump pointer overflow points to the currently used new space page.
BUG=chromium:501693
LOG=n
Review URL: https://codereview.chromium.org/
1200833003
Cr-Commit-Position: refs/heads/master@{#29218}
bmeurer [Tue, 23 Jun 2015 08:48:15 +0000 (01:48 -0700)]
[turbofan] Run DeadCodeElimination together with the advanced reducers.
This will immediately remove dead code from the graph once any of
the advanced reducers inserts it. Also changes the GraphReducer to
use the canonical Dead node for ReplaceWithValue.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/
1206533002
Cr-Commit-Position: refs/heads/master@{#29217}
mstarzinger [Tue, 23 Jun 2015 08:27:16 +0000 (01:27 -0700)]
[turbofan] Avoid embedding type feedback vector into code.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/
1198263004
Cr-Commit-Position: refs/heads/master@{#29216}