platform/upstream/v8.git
9 years ago[runtime] Remove useless IN builtin.
bmeurer [Fri, 4 Sep 2015 08:44:27 +0000 (01:44 -0700)]
[runtime] Remove useless IN builtin.

Similar to DELETE, the IN builtin is just a thin wrapper for %HasElement
and %HasProperty anyway, and cannot be optimized, plus it had a weird
special fast case (which also involved at least one LOAD_IC plus some
intrinsic magic).

R=yangguo@chromium.org,jarin@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_win_nosnap_shared_rel

Committed: https://crrev.com/72d60a1e80e81e2e68ca402665e2acbc46c5e471
Cr-Commit-Position: refs/heads/master@{#30154}

Review URL: https://codereview.chromium.org/1295433002

Cr-Commit-Position: refs/heads/master@{#30582}

9 years agoReland Vector ICs: platform support for vector-based stores.
mvstanton [Fri, 4 Sep 2015 08:36:29 +0000 (01:36 -0700)]
Reland Vector ICs: platform support for vector-based stores.

The last changes for vector store functionality, they are in 3 areas:

1) The new vector [keyed] store code stubs - implementation.
2) IC and handler compiler adjustments
3) Odds and ends. A change in ast.cc, a test update, a small Oracle fix.

TBR=bmeurer@chromium.org, jkummerow@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1319123004

Cr-Commit-Position: refs/heads/master@{#30581}

9 years ago[turbofan] Split before loops.
mtrofin [Fri, 4 Sep 2015 08:28:00 +0000 (01:28 -0700)]
[turbofan] Split before loops.

If the range doesn't have calls, but still fails to allocate, try and find a split
position outside a loop.

BUG=

Review URL: https://codereview.chromium.org/1301393012

Cr-Commit-Position: refs/heads/master@{#30580}

9 years ago[turbofan] Greedy: split around calls heuristic.
mtrofin [Fri, 4 Sep 2015 06:50:16 +0000 (23:50 -0700)]
[turbofan] Greedy: split around calls heuristic.

Once  a range is found to have a conflict, split around all the calls it
crosses over, since it will anyway have conflicts there, too.

Incrementally, from the last change to greedy, this change brings
overall improvement in benchmarks. In fact, except for 2 regressions
in Jetstream (splay-latency and date-format-xparb, at 6 and 7%
respectivelly), everything else is in the green or noise. Quite a few
benchmarks are over 3%, with a few (zlib, for example) in the double
digits.

Review URL: https://codereview.chromium.org/1328783002

Cr-Commit-Position: refs/heads/master@{#30579}

9 years agoUpdate V8 DEPS.
v8-autoroll [Fri, 4 Sep 2015 03:28:09 +0000 (20:28 -0700)]
Update V8 DEPS.

Rolling v8/build/gyp to 2b17e0b26a93e8c9758c23aec6c554da4ca8f0a9

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review URL: https://codereview.chromium.org/1305273008

Cr-Commit-Position: refs/heads/master@{#30578}

9 years agoRemove obsolete functionality from the MacroAssemblers.
bmeurer [Thu, 3 Sep 2015 20:11:16 +0000 (13:11 -0700)]
Remove obsolete functionality from the MacroAssemblers.

This is uncontroversial the dead code removal part of
https://codereview.chromium.org/1307943013, which was
previously landed, but got reverted because of DOM
breakage that requires more investigation.

TBR=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1322843005

Cr-Commit-Position: refs/heads/master@{#30577}

9 years agoPPC: [es6] Initial steps towards a correct implementation of IsCallable.
mbrandy [Thu, 3 Sep 2015 18:44:40 +0000 (11:44 -0700)]
PPC: [es6] Initial steps towards a correct implementation of IsCallable.

Port 8a378f46d52ce64578c71313ed76a67592fbf63c

Original commit message:
    This turns the has_instance_call_handler bit on Map into an is_callable
    bit, that matches the spec definition of IsCallable (i.e. instances have
    [[Call]] internal methods).

    Also fix the typeof operator to properly say "function" for everything
    that is callable.

    Also remove the (unused) premature %_GetPrototype optimization from
    Crankshaft, which just complicated the Map bit swap.

R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1330613005

Cr-Commit-Position: refs/heads/master@{#30576}

9 years agoPPC: [es6] Introduce a dedicated JSIteratorResult type.
mbrandy [Thu, 3 Sep 2015 18:41:22 +0000 (11:41 -0700)]
PPC: [es6] Introduce a dedicated JSIteratorResult type.

Port 72bc4b5c8a5c4279bcb8b340edbc8aa1c46d75a1

Original commit message:
    Use a single JSIteratorResult type for all implementation provided
    iterator results (i.e. the String, Array and collection iterators,
    and also for generators).  This removes one source of unnecessary
    polymorphism in for-of loops.  It is accomplished by a new intrinsic
    %_CreateIterResultObject() that should be used to create iterator
    result objects from JavaScript builtins (there's a matching factory
    method for C++ code).

    Also restructure the %StringIteratorPrototype%.next() and
    %ArrayIteratorPrototype%.next() functions to be a bit more friendly
    to optimizing compilers.

R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1325203004

Cr-Commit-Position: refs/heads/master@{#30575}

9 years agoPPC: [es6] Re-implement rest parameters via desugaring.
mbrandy [Thu, 3 Sep 2015 18:40:09 +0000 (11:40 -0700)]
PPC: [es6] Re-implement rest parameters via desugaring.

Port 510baeacbab311798d5e8795800ff773d00d062c

Original commit message:
    Kills the kRestParameter bailout/disabled optimization, and fixes
    lazily parsed arrow functions with rest parameters.

    Supercedes https://crrev.com/1235153006/

R=caitpotter88@gmail.com, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=chromium:508074, v8:2160, v8:2700
LOG=N

Review URL: https://codereview.chromium.org/1318523006

Cr-Commit-Position: refs/heads/master@{#30574}

9 years ago[Tick processor] Add an option to the tick-processor to print the summary.
gdeepti [Thu, 3 Sep 2015 18:01:40 +0000 (11:01 -0700)]
[Tick processor] Add an option to the tick-processor to print the summary.
 - Print the summary excluding other tick information
 - Add test to verify that summary is printed correctly.

BUG=None
LOG=N

R=machenbach@chromium.org

Review URL: https://codereview.chromium.org/1318933004

Cr-Commit-Position: refs/heads/master@{#30573}

9 years agoMIPS: Refine '[es6] Introduce a dedicated JSIteratorResult type.'
balazs.kilvady [Thu, 3 Sep 2015 17:51:15 +0000 (10:51 -0700)]
MIPS: Refine '[es6] Introduce a dedicated JSIteratorResult type.'

Port 72bc4b5c8a5c4279bcb8b340edbc8aa1c46d75a1

Original commit message:
Use a single JSIteratorResult type for all implementation provided
iterator results (i.e. the String, Array and collection iterators,
and also for generators).  This removes one source of unnecessary
polymorphism in for-of loops.  It is accomplished by a new intrinsic
%_CreateIterResultObject() that should be used to create iterator
result objects from JavaScript builtins (there's a matching factory
method for C++ code).

Also restructure the %StringIteratorPrototype%.next() and
%ArrayIteratorPrototype%.next() functions to be a bit more friendly
to optimizing compilers.

BUG=

Review URL: https://codereview.chromium.org/1315903005

Cr-Commit-Position: refs/heads/master@{#30572}

9 years agoRevert of Vector ICs: platform support for vector-based stores. (patchset #7 id:12000...
machenbach [Thu, 3 Sep 2015 17:44:17 +0000 (10:44 -0700)]
Revert of Vector ICs: platform support for vector-based stores. (patchset #7 id:120001 of https://codereview.chromium.org/1328603003/ )

Reason for revert:
[Sheriff] Breaks compile on arm:
http://build.chromium.org/p/client.v8/builders/V8%20Arm%20-%20builder/builds/6590

Original issue's description:
> Vector ICs: platform support for vector-based stores.
>
> The last changes for vector store functionality, they are in 3 areas:
>
> 1) The new vector [keyed] store code stubs - implementation.
> 2) IC and handler compiler adjustments
> 3) Odds and ends. A change in ast.cc, a test update, a small Oracle fix.
>
> BUG=
>
> Committed: https://crrev.com/63af1b3aec6547e7cdf502666ff79c562de8b679
> Cr-Commit-Position: refs/heads/master@{#30570}

TBR=bmeurer@chromium.org,jkummerow@chromium.org,mvstanton@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1303053004

Cr-Commit-Position: refs/heads/master@{#30571}

9 years agoVector ICs: platform support for vector-based stores.
mvstanton [Thu, 3 Sep 2015 17:18:06 +0000 (10:18 -0700)]
Vector ICs: platform support for vector-based stores.

The last changes for vector store functionality, they are in 3 areas:

1) The new vector [keyed] store code stubs - implementation.
2) IC and handler compiler adjustments
3) Odds and ends. A change in ast.cc, a test update, a small Oracle fix.

BUG=

Review URL: https://codereview.chromium.org/1328603003

Cr-Commit-Position: refs/heads/master@{#30570}

9 years agoReland "Make sure that memory reducer makes progress in incremental marking""
ulan [Thu, 3 Sep 2015 15:34:37 +0000 (08:34 -0700)]
Reland "Make sure that memory reducer makes progress in incremental marking""

This reverts commit b06a6a891cc762835577bb856f8c5e8f0bf8ab31.

BUG=chromium:519319,chromium:515873
LOG=NO

Review URL: https://codereview.chromium.org/1311993003

Cr-Commit-Position: refs/heads/master@{#30569}

9 years agoRevert of [es5] Class of object is "Function" if object has [[Call]]. (patchset ...
machenbach [Thu, 3 Sep 2015 15:02:34 +0000 (08:02 -0700)]
Revert of [es5] Class of object is "Function" if object has [[Call]]. (patchset #3 id:40001 of https://codereview.chromium.org/1307943013/ )

Reason for revert:
[Sheriff] Changes several layout test expectations. Please fix upstream first if intended. E.g.:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/1729

Several lines change from PASS to FAIL.

Original issue's description:
> [es5] Class of object is "Function" if object has [[Call]].
>
> The concept of class was mostly removed from ES6, but we still use the
> class of objects to distinguish object kinds in our builtins.  So update
> this to be in sync with IsCallable (thereby getting rid of the previous
> instance type based tests for callable things completely).
>
> R=jarin@chromium.org, jkummerow@chromium.org
>
> Committed: https://crrev.com/af778389947f1b01fb036756ea3cb8ed8ab98452
> Cr-Commit-Position: refs/heads/master@{#30566}

TBR=jarin@chromium.org,jkummerow@chromium.org,bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1306303005

Cr-Commit-Position: refs/heads/master@{#30568}

9 years agoReland Automatically download gold plugin for cfi builds.
machenbach [Thu, 3 Sep 2015 14:18:10 +0000 (07:18 -0700)]
Reland Automatically download gold plugin for cfi builds.

This relands https://codereview.chromium.org/1303183005

BUG=chromium:515782
LOG=n
TBR=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1330623002

Cr-Commit-Position: refs/heads/master@{#30567}

9 years ago[es5] Class of object is "Function" if object has [[Call]].
bmeurer [Thu, 3 Sep 2015 14:09:55 +0000 (07:09 -0700)]
[es5] Class of object is "Function" if object has [[Call]].

The concept of class was mostly removed from ES6, but we still use the
class of objects to distinguish object kinds in our builtins.  So update
this to be in sync with IsCallable (thereby getting rid of the previous
instance type based tests for callable things completely).

R=jarin@chromium.org, jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1307943013

Cr-Commit-Position: refs/heads/master@{#30566}

9 years ago[turbofan] Do not force stack slot for eager deopt inputs.
jarin [Thu, 3 Sep 2015 14:06:24 +0000 (07:06 -0700)]
[turbofan] Do not force stack slot for eager deopt inputs.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1307203005

Cr-Commit-Position: refs/heads/master@{#30565}

9 years ago[turbofan] Include individual deferred block ranges in splintering.
mtrofin [Thu, 3 Sep 2015 14:00:39 +0000 (07:00 -0700)]
[turbofan] Include individual deferred block ranges in splintering.

While we may have consecutive deferred blocks, they may be entered
from other blocks that are not predecessors of the first block. Same
for the last block and exiting. So the total set of live ranges within
the given set of blocks is the union of the individual in and out live
sets.

This is a performance bug, not a functional bug.

BUG=

Review URL: https://codereview.chromium.org/1322703003

Cr-Commit-Position: refs/heads/master@{#30564}

9 years ago[heap] Make AlwaysAlloceScope thread-safe.
mlippautz [Thu, 3 Sep 2015 13:56:36 +0000 (06:56 -0700)]
[heap] Make AlwaysAlloceScope thread-safe.

BUG=chromium:524425
LOG=N
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1325173003

Cr-Commit-Position: refs/heads/master@{#30563}

9 years agoRemove GC metadata of code object before serializing.
oth [Thu, 3 Sep 2015 13:48:00 +0000 (06:48 -0700)]
Remove GC metadata of code object before serializing.

Follow up on discussion of https://codereview.chromium.org/1310503006/

BUG=
LOG=N

Review URL: https://codereview.chromium.org/1313953008

Cr-Commit-Position: refs/heads/master@{#30562}

9 years ago[turbofan] Small fix in live range printer.
mtrofin [Thu, 3 Sep 2015 13:23:55 +0000 (06:23 -0700)]
[turbofan] Small fix in live range printer.

Fixed ranges don't have operands assigned, for example.

BUG=

Review URL: https://codereview.chromium.org/1326643006

Cr-Commit-Position: refs/heads/master@{#30561}

9 years agoAdds atomic utilities (based on raw atomic operations) for your convenience:
mlippautz [Thu, 3 Sep 2015 12:54:27 +0000 (05:54 -0700)]
Adds atomic utilities (based on raw atomic operations) for your convenience:

{AtomicValue}: A simple integer value that can be atomically
read/set/incremented.

{AtomicEnumSet}: Similar to EnumSet this set basically represents an atomic
bitfield based on enums. Atomic operations guarantee that setting one bit does
not race with setting other bits.

{AtomicEnumFlag}: A flag that is based on an enum that can be read and
(attempted to be) changed atomically.

BUG=chromium:524425
LOG=N

Review URL: https://codereview.chromium.org/1310993004

Cr-Commit-Position: refs/heads/master@{#30560}

9 years agoRemove no-zone versions of intersection and union.
neis [Thu, 3 Sep 2015 12:53:19 +0000 (05:53 -0700)]
Remove no-zone versions of intersection and union.
BUG=

Review URL: https://codereview.chromium.org/1312893010

Cr-Commit-Position: refs/heads/master@{#30559}

9 years agoRevert of Automatically download gold plugin for cfi builds. (patchset #1 id:1 of...
machenbach [Thu, 3 Sep 2015 12:50:31 +0000 (05:50 -0700)]
Revert of Automatically download gold plugin for cfi builds. (patchset #1 id:1 of https://codereview.chromium.org/1303183005/ )

Reason for revert:
Breaks windows.

Original issue's description:
> Automatically download gold plugin for cfi builds.
>
> BUG=chromium:515782
> LOG=n
> NOTRY=true
>
> Committed: https://crrev.com/c8dbd2c477c47a34593a0e7deee55915425b4ac2
> Cr-Commit-Position: refs/heads/master@{#30556}

TBR=bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:515782

Review URL: https://codereview.chromium.org/1329653004

Cr-Commit-Position: refs/heads/master@{#30558}

9 years ago[es6] Introduce a dedicated JSIteratorResult type.
bmeurer [Thu, 3 Sep 2015 12:16:15 +0000 (05:16 -0700)]
[es6] Introduce a dedicated JSIteratorResult type.

Use a single JSIteratorResult type for all implementation provided
iterator results (i.e. the String, Array and collection iterators,
and also for generators).  This removes one source of unnecessary
polymorphism in for-of loops.  It is accomplished by a new intrinsic
%_CreateIterResultObject() that should be used to create iterator
result objects from JavaScript builtins (there's a matching factory
method for C++ code).

Also restructure the %StringIteratorPrototype%.next() and
%ArrayIteratorPrototype%.next() functions to be a bit more friendly
to optimizing compilers.

R=ishell@chromium.org

Review URL: https://codereview.chromium.org/1302173007

Cr-Commit-Position: refs/heads/master@{#30557}

9 years agoAutomatically download gold plugin for cfi builds.
machenbach [Thu, 3 Sep 2015 12:15:00 +0000 (05:15 -0700)]
Automatically download gold plugin for cfi builds.

BUG=chromium:515782
LOG=n
NOTRY=true

Review URL: https://codereview.chromium.org/1303183005

Cr-Commit-Position: refs/heads/master@{#30556}

9 years ago[turbofan] support for Int64 in CheckedLoad/CheckedStore on 64-bit platforms.
titzer [Thu, 3 Sep 2015 10:45:35 +0000 (03:45 -0700)]
[turbofan] support for Int64 in CheckedLoad/CheckedStore on 64-bit platforms.

This is to support WebAssembly 64-bit ints in the short term, since it
currently uses CheckedLoad/CheckedStore for accesses to the memory. In the
long run, we'll change this to be explicit bounds checks that throw on out
of bounds.

R=bmeurer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1310323006

Cr-Commit-Position: refs/heads/master@{#30555}

9 years ago[presubmit] Fix build/include linter violations.
mstarzinger [Thu, 3 Sep 2015 07:55:53 +0000 (00:55 -0700)]
[presubmit] Fix build/include linter violations.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1318863004

Cr-Commit-Position: refs/heads/master@{#30554}

9 years ago[presubmit] Fix whitespace/empty_loop_body linter violations.
mstarzinger [Thu, 3 Sep 2015 07:14:56 +0000 (00:14 -0700)]
[presubmit] Fix whitespace/empty_loop_body linter violations.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1327523003

Cr-Commit-Position: refs/heads/master@{#30553}

9 years ago[es6] Initial steps towards a correct implementation of IsCallable.
bmeurer [Thu, 3 Sep 2015 06:01:12 +0000 (23:01 -0700)]
[es6] Initial steps towards a correct implementation of IsCallable.

This turns the has_instance_call_handler bit on Map into an is_callable
bit, that matches the spec definition of IsCallable (i.e. instances have
[[Call]] internal methods).

Also fix the typeof operator to properly say "function" for everything
that is callable.

Also remove the (unused) premature %_GetPrototype optimization from
Crankshaft, which just complicated the Map bit swap.

R=mstarzinger@chromium.org, rossberg@chromium.org, yangguo@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg

Review URL: https://codereview.chromium.org/1316933002

Cr-Commit-Position: refs/heads/master@{#30552}

9 years agoUpdate V8 DEPS.
v8-autoroll [Thu, 3 Sep 2015 03:27:13 +0000 (20:27 -0700)]
Update V8 DEPS.

Rolling v8/tools/clang to 91e7a78800b5849e27e098daa42e6ae8650ad322

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review URL: https://codereview.chromium.org/1316403006

Cr-Commit-Position: refs/heads/master@{#30551}

9 years ago[es6] Re-implement rest parameters via desugaring.
caitpotter88 [Wed, 2 Sep 2015 21:10:51 +0000 (14:10 -0700)]
[es6] Re-implement rest parameters via desugaring.

Kills the kRestParameter bailout/disabled optimization, and fixes
lazily parsed arrow functions with rest parameters.

Supercedes https://crrev.com/1235153006/

BUG=chromium:508074, v8:2160, v8:2700
LOG=N
R=rossberg@chromium.org, adamk@chromium.org, wingo@igalia.com

Review URL: https://codereview.chromium.org/1272673003

Cr-Commit-Position: refs/heads/master@{#30550}

9 years ago[Intepreter] Extend and move Register class.
oth [Wed, 2 Sep 2015 17:48:10 +0000 (10:48 -0700)]
[Intepreter] Extend and move Register class.

Add methods for converting parameter index to a register and vice-versa.

Move Register class into bytecodes.h.

Update Bytecodes::Decode to pretty print parameters.

BUG=v8:4280
LOG=NO

Review URL: https://codereview.chromium.org/1325983002

Cr-Commit-Position: refs/heads/master@{#30549}

9 years ago[heap] Move ObjectStatsVisitor into the proper component.
mstarzinger [Wed, 2 Sep 2015 17:09:43 +0000 (10:09 -0700)]
[heap] Move ObjectStatsVisitor into the proper component.

This is a follow-up to a previous change and moved object statistics
tracking into its own component. It is no longer intertwinded with the
normal marking logic, but separated out into ObjectStatsVisitor.

R=mlippautz@chromium.org

Review URL: https://codereview.chromium.org/1310953008

Cr-Commit-Position: refs/heads/master@{#30548}

9 years ago[heap] Separate ObjectStats out into its own class.
mstarzinger [Wed, 2 Sep 2015 16:43:21 +0000 (09:43 -0700)]
[heap] Separate ObjectStats out into its own class.

Note that this is only pulling out the bookkeeping side of things, the
marking visitor that actually records the statistics should also move
into the ObjectStats class. That will be done as a follow-up.

R=mlippautz@chromium.org

Review URL: https://codereview.chromium.org/1326793002

Cr-Commit-Position: refs/heads/master@{#30547}

9 years agoAdding ElementsAccessor::Shift
cbruni [Wed, 2 Sep 2015 15:29:21 +0000 (08:29 -0700)]
Adding ElementsAccessor::Shift
- Use the new ElementsAccessor methods
- improve test coverage

BUG=

Review URL: https://codereview.chromium.org/1317053006

Cr-Commit-Position: refs/heads/master@{#30546}

9 years agoPPC: VectorICs: Cleanup, remove unnecessary arguments from HandleArrayCases()
mbrandy [Wed, 2 Sep 2015 15:22:36 +0000 (08:22 -0700)]
PPC: VectorICs: Cleanup, remove unnecessary arguments from HandleArrayCases()

Port c29a4061c9a44a90487c411a4b5d2b9aabba9536

R=mvstanton@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1325103003

Cr-Commit-Position: refs/heads/master@{#30545}

9 years agoRemove code link from serialization state.
oth [Wed, 2 Sep 2015 14:44:00 +0000 (07:44 -0700)]
Remove code link from serialization state.

Code::WipeOutHeader now nulls out the next code link to avoid
embedding that address in snapshot.

BUG=
LOG=NO

Review URL: https://codereview.chromium.org/1310503006

Cr-Commit-Position: refs/heads/master@{#30544}

9 years ago[Interpreter] Add support for property load operations.
rmcilroy [Wed, 2 Sep 2015 13:03:06 +0000 (06:03 -0700)]
[Interpreter] Add support for property load operations.

Adds support for property load operations via Load/KeyedLoad ICs. Adds the
following bytecodes:
 - LoadIC
 - KeyedLoadIC
Also adds support to the interpreter assembler for loading the type feedback
vector from the function on the stack, and calling ICs.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1309843007

Cr-Commit-Position: refs/heads/master@{#30543}

9 years agoVectorICs: Cleanup, remove unnecessary arguments from HandleArrayCases()
mvstanton [Wed, 2 Sep 2015 12:28:43 +0000 (05:28 -0700)]
VectorICs: Cleanup, remove unnecessary arguments from HandleArrayCases()

BUG=

Review URL: https://codereview.chromium.org/1314503003

Cr-Commit-Position: refs/heads/master@{#30542}

9 years ago[strong] weak classes can't inherit from strong ones
conradw [Wed, 2 Sep 2015 11:36:02 +0000 (04:36 -0700)]
[strong] weak classes can't inherit from strong ones

Prerequisite for sealing strong class instances.

Depends on https://codereview.chromium.org/1314203002/

BUG=v8:3956
LOG=N

Review URL: https://codereview.chromium.org/1316333002

Cr-Commit-Position: refs/heads/master@{#30541}

9 years ago[turbofan] Greedy: Unset hints at eviction.
mtrofin [Wed, 2 Sep 2015 10:52:19 +0000 (03:52 -0700)]
[turbofan] Greedy: Unset hints at eviction.

BUG=

Review URL: https://codereview.chromium.org/1313023003

Cr-Commit-Position: refs/heads/master@{#30540}

9 years agoheap: make array buffer maps disjoint
fedor [Wed, 2 Sep 2015 10:04:56 +0000 (03:04 -0700)]
heap: make array buffer maps disjoint

Remove intersection from the `std::map`s representing current live
ArrayBuffers. While being simpler to understand, it poses significant
performance issue for the active ArrayBuffer users (like node.js).

Store buffers separately, and process them together during mark-sweep
phase.

BUG=
R=mlippautz@chromium.org

Review URL: https://codereview.chromium.org/1326613002

Cr-Commit-Position: refs/heads/master@{#30539}

9 years ago[arm64] Don't try convert binary operation to shifted form when both operands are...
ishell [Wed, 2 Sep 2015 09:32:31 +0000 (02:32 -0700)]
[arm64] Don't try convert binary operation to shifted form when both operands are the same.

BUG=chromium:523307
LOG=N

Review URL: https://codereview.chromium.org/1304923003

Cr-Commit-Position: refs/heads/master@{#30538}

9 years agoRevert of [turbofan] Greedy: using hints (patchset #2 id:60001 of https://codereview...
hablich [Wed, 2 Sep 2015 08:35:02 +0000 (01:35 -0700)]
Revert of [turbofan] Greedy: using hints (patchset #2 id:60001 of https://codereview.chromium.org/1329493004/ )

Reason for revert:
http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20debug%20-%20greedy%20allocator/builds/1338

Original issue's description:
> [turbofan] Greedy: using hints
>
> This is a rudimentary introduction of hints. Primarily this helps with
> allocating on the same register variables are defined (from instructions)
> For dealing with phis, we need to introduce groups, in a subsequent
> CL.
>
> From the last CL (memory ops heuristics), this CL improves some
> benchmarks - notably Life (11.94%) in Emscripten x64, and Memops
> (Emscripten), 24% on x86; notable regressions: Memops in
> AreWeFastYet (-14%, x64) and Corrections -25% on x86.
>
> BUG=
>
> Committed: https://crrev.com/038f5eaf3bd6796ed6b7519de83c21d4e1f54850
> Cr-Commit-Position: refs/heads/master@{#30534}

TBR=jarin@chromium.org,bmeurer@chromium.org,mtrofin@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1324763005

Cr-Commit-Position: refs/heads/master@{#30537}

9 years agofix gen-postmortem-metadata.py for kInObjectPropertiesOffset
ofrobots [Wed, 2 Sep 2015 07:45:24 +0000 (00:45 -0700)]
fix gen-postmortem-metadata.py for kInObjectPropertiesOffset

This is causing build breaks for Node.js w/ V8 4.6.

Map::kInObjectPropertiesOffset was been replaced by
kInObjectPropertiesOrConstructorFunctionIndexOffset in
https://codereview.chromium.org/1276533003. This is causing the post-mortem
debug information generation to fail.

R=bmeurer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1308113007

Cr-Commit-Position: refs/heads/master@{#30536}

9 years ago[heap] Throw OOM upon failing to expand a PagedSpace above old gen limits.
mlippautz [Wed, 2 Sep 2015 07:20:04 +0000 (00:20 -0700)]
[heap] Throw OOM upon failing to expand a PagedSpace above old gen limits.

The AlwaysAllocate scope make it impossible to enforce a DCHECK on the maximum
old generation sizes as e.g. large objects can still be allocated using this
scope. Returning false here results in OOM.

R=mstarzinger@chromium.org
BUG=chromium:525448
LOG=N

Review URL: https://codereview.chromium.org/1316183004

Cr-Commit-Position: refs/heads/master@{#30535}

9 years ago[turbofan] Greedy: using hints
mtrofin [Wed, 2 Sep 2015 07:12:45 +0000 (00:12 -0700)]
[turbofan] Greedy: using hints

This is a rudimentary introduction of hints. Primarily this helps with
allocating on the same register variables are defined (from instructions)
For dealing with phis, we need to introduce groups, in a subsequent
CL.

From the last CL (memory ops heuristics), this CL improves some
benchmarks - notably Life (11.94%) in Emscripten x64, and Memops
(Emscripten), 24% on x86; notable regressions: Memops in
AreWeFastYet (-14%, x64) and Corrections -25% on x86.

BUG=

Review URL: https://codereview.chromium.org/1329493004

Cr-Commit-Position: refs/heads/master@{#30534}

9 years ago[es6] Fix invalid ToObject in String/Array iterator next.
bmeurer [Wed, 2 Sep 2015 06:58:52 +0000 (23:58 -0700)]
[es6] Fix invalid ToObject in String/Array iterator next.

The spec says that the "this value" has to be an Object.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1325023003

Cr-Commit-Position: refs/heads/master@{#30533}

9 years agoElementsAccessor Array Builtins Cleanup
cbruni [Wed, 2 Sep 2015 06:41:56 +0000 (23:41 -0700)]
ElementsAccessor Array Builtins Cleanup
Repeat the same signatures for future refactoring

BUG=

Review URL: https://codereview.chromium.org/1302413006

Cr-Commit-Position: refs/heads/master@{#30532}

9 years agoFix type errors in unit test utilities.
pcc [Wed, 2 Sep 2015 04:55:07 +0000 (21:55 -0700)]
Fix type errors in unit test utilities.

Fixes all bad casts associated with operands of call and select operators
in the test suite.

Cleanup for cfi_vptr=1; see https://www.chromium.org/developers/testing/control-flow-integrity

BUG=chromium:457523
R=bmeurer@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/1329643002

Cr-Commit-Position: refs/heads/master@{#30531}

9 years agoUpdate V8 DEPS.
v8-autoroll [Wed, 2 Sep 2015 03:27:43 +0000 (20:27 -0700)]
Update V8 DEPS.

Rolling v8/build/gyp to 121d89dfcd4f6ebe1c89524b3f9ca11ddd437e77

Rolling v8/tools/clang to a09a5fee59be457e0d7213d86f8bac72d232860d

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review URL: https://codereview.chromium.org/1322933004

Cr-Commit-Position: refs/heads/master@{#30530}

9 years agoEliminate use of CompilationInfo in several AstVisitor descendants.
bradnelson [Tue, 1 Sep 2015 23:06:29 +0000 (16:06 -0700)]
Eliminate use of CompilationInfo in several AstVisitor descendants.

We're moving away from using CompilationInfo as a big bag o' stuff.
Passing in just what we need to several AstVisitors to avoid
increasing the problem.

BUG=None
TEST=trybots
R=titzer@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/1318823010

Cr-Commit-Position: refs/heads/master@{#30529}

9 years agoFix GN arm64 build, add msan support.
brettw [Tue, 1 Sep 2015 23:05:20 +0000 (16:05 -0700)]
Fix GN arm64 build, add msan support.

The arm64 build is missing a few recently-added files.

Compiling with msan requires that v8 be compiled in arm64 mode. Hook this up.

Review URL: https://codereview.chromium.org/1316233005

Cr-Commit-Position: refs/heads/master@{#30528}

9 years ago[simd.js] Disable SIMD polyfill.
gdeepti [Tue, 1 Sep 2015 22:24:49 +0000 (15:24 -0700)]
[simd.js] Disable SIMD polyfill.

Disable the polyfill in simd.js tests as the functions for Phase 1 have been implemented.

BUG=v8:4124
LOG=N

R=bbudge@chromium.org, bmeurer@chromium.org, littledan@chromium.org

Committed: https://crrev.com/749ba3a13558cb018a2ec783e5dfb56d2f8528d8
Cr-Commit-Position: refs/heads/master@{#30452}

Review URL: https://codereview.chromium.org/1305923005

Cr-Commit-Position: refs/heads/master@{#30527}

9 years agoAdding ElementsAccessor::Unshift
cbruni [Tue, 1 Sep 2015 21:19:44 +0000 (14:19 -0700)]
Adding ElementsAccessor::Unshift
Move BackingStore specific implementation from builtins.cc tp ElementsAccessor

BUG=

Review URL: https://codereview.chromium.org/1322803002

Cr-Commit-Position: refs/heads/master@{#30526}

9 years agoStage sloppy let
littledan [Tue, 1 Sep 2015 20:03:14 +0000 (13:03 -0700)]
Stage sloppy let

Move the --harmony-sloppy-let flag to staging for further testing, and
update test262 for the new passing tests. Also increase the strictness
of the parser, even in sloppy mode, to disallow "new legacy compat" for

  for (let x = 5 in {}) {}

which is now a SyntaxError.

BUG=v8:3305
LOG=Y
R=adamk

Review URL: https://codereview.chromium.org/1321013005

Cr-Commit-Position: refs/heads/master@{#30525}

9 years ago[heap,cctest] Fix CodeRange tests that use AllocateRawMemory directly.
mlippautz [Tue, 1 Sep 2015 18:39:13 +0000 (11:39 -0700)]
[heap,cctest] Fix CodeRange tests that use AllocateRawMemory directly.

* Enforce invariants on the way.
* Unmark flaky CodeRange test.

BUG=v8:4141
BUG=v8:3005
LOG=N

Review URL: https://codereview.chromium.org/1325853003

Cr-Commit-Position: refs/heads/master@{#30524}

9 years agoRemove harmony-atomics flag and collapse it into sharedarraybuffer flag
binji [Tue, 1 Sep 2015 18:33:51 +0000 (11:33 -0700)]
Remove harmony-atomics flag and collapse it into sharedarraybuffer flag

Having both flags is tedious, and it is unlikely you'd ever want them
separately.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1304163010

Cr-Commit-Position: refs/heads/master@{#30523}

9 years agoFix CPU profiler deadlock on Windows + AMD CPU.
alph [Tue, 1 Sep 2015 18:32:39 +0000 (11:32 -0700)]
Fix CPU profiler deadlock on Windows + AMD CPU.

Implement a lock free version of RolloverProtectedTickClock::Now
to eliminate a deadlock.

BUG=chromium:521420
LOG=Y

Committed: https://crrev.com/d6db8e5902af1f067f0f149844f4e92824ee93f3
Cr-Commit-Position: refs/heads/master@{#30489}

Review URL: https://codereview.chromium.org/1304873011

Cr-Commit-Position: refs/heads/master@{#30522}

9 years ago[Release] Stop prepending "r" to commit hashes
hablich [Tue, 1 Sep 2015 18:31:41 +0000 (11:31 -0700)]
[Release] Stop prepending "r" to commit hashes

Follow-up of https://codereview.chromium.org/1298973007/

Fix syntax

R=adamk@chromium.org, machenbach@chromium.org

Review URL: https://codereview.chromium.org/1324813003

Cr-Commit-Position: refs/heads/master@{#30521}

9 years agoAdd asm.js typer / validator.
bradnelson [Tue, 1 Sep 2015 18:30:34 +0000 (11:30 -0700)]
Add asm.js typer / validator.

Walk asm.js module ASTs, attach concrete type information
in preparation for generating a WASM module.

cctest test coverage (mjsunit coming in later CL).
Expressions, function tables, and foreign functions have coverage.
Statement coverage to be expanded in a later CL.

BUG= https://code.google.com/p/v8/issues/detail?id=4203
TEST=test-asm-validator
R=rossberg@chromium.org,titzer@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/1322773002

Cr-Commit-Position: refs/heads/master@{#30520}

9 years ago[strong] Class constructor bodies cannot contain "use strong" directive
conradw [Tue, 1 Sep 2015 18:29:23 +0000 (11:29 -0700)]
[strong] Class constructor bodies cannot contain "use strong" directive

Since the constructor is also the class object itself, allowing it to
retroactively become a strong object would have unintuitive consequences
wrt the strength of the other functions of the class, and whether instances
would be considered instances of a strong class.

BUG=v8:3956
LOG=N

Review URL: https://codereview.chromium.org/1314203002

Cr-Commit-Position: refs/heads/master@{#30519}

9 years agoRevert of Stage sloppy let (patchset #7 id:120001 of https://codereview.chromium...
littledan [Tue, 1 Sep 2015 17:36:49 +0000 (10:36 -0700)]
Revert of Stage sloppy let (patchset #7 id:120001 of https://codereview.chromium.org/1327483002/ )

Reason for revert:
Fails a test262 test with --always-opt.

Original issue's description:
> Stage sloppy let
>
> Move the --harmony-sloppy-let flag to staging for further testing, and
> update test262 for the new passing tests. Also increase the strictness
> of the parser, even in sloppy mode, to disallow "new legacy compat" for
>
>   for (let x = 5 in {}) {}
>
> which is now a SyntaxError.
>
> BUG=v8:3305
> LOG=Y
> R=adamk
>
> Committed: https://crrev.com/07bc0117be8dc9e63ec14d5f9645c483d60a1bec
> Cr-Commit-Position: refs/heads/master@{#30515}

TBR=adamk@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3305

Review URL: https://codereview.chromium.org/1324033002

Cr-Commit-Position: refs/heads/master@{#30518}

9 years agoExtract common debugger code for processing compile events
yurys [Tue, 1 Sep 2015 16:36:14 +0000 (09:36 -0700)]
Extract common debugger code for processing compile events

BUG=chromium:520702
LOG=N

Review URL: https://codereview.chromium.org/1316213005

Cr-Commit-Position: refs/heads/master@{#30517}

9 years agoPPC: Crankshaft is now able to compile top level code even if there is a ScriptContext.
mbrandy [Tue, 1 Sep 2015 16:18:09 +0000 (09:18 -0700)]
PPC: Crankshaft is now able to compile top level code even if there is a ScriptContext.

Port 29ebcc32052d486cbc1933ac4738aa5cb68aa851

Original commit message:
    This CL introduces HPrologue instruction which does the context allocation work and supports deoptimization.

R=ishell@chromium.org, jyan@ca.ibm.com, dstence@us.ibm.com, joransiu@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1324023002

Cr-Commit-Position: refs/heads/master@{#30516}

9 years agoStage sloppy let
littledan [Tue, 1 Sep 2015 15:57:33 +0000 (08:57 -0700)]
Stage sloppy let

Move the --harmony-sloppy-let flag to staging for further testing, and
update test262 for the new passing tests. Also increase the strictness
of the parser, even in sloppy mode, to disallow "new legacy compat" for

  for (let x = 5 in {}) {}

which is now a SyntaxError.

BUG=v8:3305
LOG=Y
R=adamk

Review URL: https://codereview.chromium.org/1327483002

Cr-Commit-Position: refs/heads/master@{#30515}

9 years ago[presubmit] Fix runtime/indentation_namespace linter violations.
mstarzinger [Tue, 1 Sep 2015 15:19:57 +0000 (08:19 -0700)]
[presubmit] Fix runtime/indentation_namespace linter violations.

R=machenbach@chromium.org

Review URL: https://codereview.chromium.org/1302413007

Cr-Commit-Position: refs/heads/master@{#30514}

9 years agoMake presubmit.py rules differential.
mstarzinger [Tue, 1 Sep 2015 14:28:21 +0000 (07:28 -0700)]
Make presubmit.py rules differential.

This turns the absolute list of linter rules within the presubmit.py
wrapper into a list relative to the default of the cpplint.py script.
This has the advantage that new rules are picked up when the script is
updated and that allowed violations are visible from the list.

R=machenbach@chromium.org

Review URL: https://codereview.chromium.org/1325833005

Cr-Commit-Position: refs/heads/master@{#30513}

9 years agoVector ICs: Adapting store ic classes for vectors.
mvstanton [Tue, 1 Sep 2015 14:09:07 +0000 (07:09 -0700)]
Vector ICs: Adapting store ic classes for vectors.

BUG=

Review URL: https://codereview.chromium.org/1326483002

Cr-Commit-Position: refs/heads/master@{#30512}

9 years ago[test] Fix skipping slow tests.
machenbach [Tue, 1 Sep 2015 12:56:25 +0000 (05:56 -0700)]
[test] Fix skipping slow tests.

TBR=hablich@chromium.org
NOTRY=true

Review URL: https://codereview.chromium.org/1320443008

Cr-Commit-Position: refs/heads/master@{#30511}

9 years agoMIPS: Fix QuietSignalingNaNs on mips32r6.
akos.palfi [Tue, 1 Sep 2015 12:44:13 +0000 (05:44 -0700)]
MIPS: Fix QuietSignalingNaNs on mips32r6.

Use the correct sNaN value on mips32r6 also.

TEST=test-api/QuietSignalingNaNs,test-api/Threading1
BUG=

Review URL: https://codereview.chromium.org/1311473007

Cr-Commit-Position: refs/heads/master@{#30510}

9 years agoRevert "Revert of [turbofan] greedy: heuristic for memory operands
mtrofin [Tue, 1 Sep 2015 12:33:03 +0000 (05:33 -0700)]
Revert "Revert of [turbofan] greedy: heuristic for memory operands
(patchset #2 id:40001 of https://codereview.chromium.org/1306823005/ )"

This reverts commit f68cd33bdd342819abd5b091591ac78383c2e79d.

BUG=

Review URL: https://codereview.chromium.org/1314423006

Cr-Commit-Position: refs/heads/master@{#30509}

9 years agoMake type-feedback-vector.h usable without objects-inl.h header (and others).
mvstanton [Tue, 1 Sep 2015 12:28:09 +0000 (05:28 -0700)]
Make type-feedback-vector.h usable without objects-inl.h header (and others).

Pure refactoring to further reduce the header dependency tangle.

BUG=
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1309303008

Cr-Commit-Position: refs/heads/master@{#30508}

9 years ago[runtime] Remove unused TO_NUMBER and TO_STRING functions.
bmeurer [Tue, 1 Sep 2015 11:27:49 +0000 (04:27 -0700)]
[runtime] Remove unused TO_NUMBER and TO_STRING functions.

R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/1304363012

Cr-Commit-Position: refs/heads/master@{#30507}

9 years ago[crankshaft] Cleanup representation calculation for Phis.
jarin [Tue, 1 Sep 2015 11:15:59 +0000 (04:15 -0700)]
[crankshaft] Cleanup representation calculation for Phis.

This replaces the counters for use representations with
simple tracking of most-general representation seen so far.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1315193010

Cr-Commit-Position: refs/heads/master@{#30506}

9 years agoRevert of Stop prepending "r" to commit hashes in merge_to_branch.py (patchset #1...
hablich [Tue, 1 Sep 2015 11:11:03 +0000 (04:11 -0700)]
Revert of Stop prepending "r" to commit hashes in merge_to_branch.py (patchset #1 id:1 of https://codereview.chromium.org/1298973007/ )

Reason for revert:
Result when using the script:

tools/release/merge_to_branch.py
  File "tools/release/merge_to_branch.py", line 108
    self["revision_list"] = ", ".join(self["full_revision_list"]))
                                                                 ^
SyntaxError: invalid syntax

Original issue's description:
> Stop prepending "r" to commit hashes in merge_to_branch.py
>
> R=machenbach@chromium.org
>
> Committed: https://crrev.com/e5dbfd06c3dab5934e846c40af2a8b7fb5cdf0d6
> Cr-Commit-Position: refs/heads/master@{#30483}

TBR=machenbach@chromium.org,adamk@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1321343002

Cr-Commit-Position: refs/heads/master@{#30505}

9 years ago[test] Increase simdjs test timeout on arm.
machenbach [Tue, 1 Sep 2015 11:02:30 +0000 (04:02 -0700)]
[test] Increase simdjs test timeout on arm.

TBR=bmeurer@chromium.org
NOTRY=true

Review URL: https://codereview.chromium.org/1308563010

Cr-Commit-Position: refs/heads/master@{#30504}

9 years ago[turbofan] Remove obsolete unique.h includes in TurboFan.
mstarzinger [Tue, 1 Sep 2015 10:30:40 +0000 (03:30 -0700)]
[turbofan] Remove obsolete unique.h includes in TurboFan.

Now that it is no longer needed, this also removes the invalid inclusion
of "object-inl.h" within the "unique.h" header file.

Note that this change still leaves 2 violations of that rule in the
code, checked with the "tools/check-inline-includes.sh" tool.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1321223002

Cr-Commit-Position: refs/heads/master@{#30503}

9 years agoRevert of heap: make array buffer maps disjoint (patchset #8 id:140001 of https:...
mlippautz [Tue, 1 Sep 2015 09:58:27 +0000 (02:58 -0700)]
Revert of heap: make array buffer maps disjoint (patchset #8 id:140001 of https://codereview.chromium.org/1316873004/ )

Reason for revert:
Precautionary revert. The change is incomplete.

Original issue's description:
> heap: make array buffer maps disjoint
>
> Remove intersection from the `std::map`s representing current live
> ArrayBuffers. While being simpler to understand, it poses significant
> performance issue for the active ArrayBuffer users (like node.js).
>
> Store buffers separately, and process them together during mark-sweep phase.
>
> The results of benchmarks are:
>
> $ ./node-slow bench && ./node-fast bench
> 4997.4 ns/op
> 4685.7 ns/op
>
> NOTE: `fast` - was a patched node.js, `slow` - unpatched node.js with vanilla v8.
>
> BUG=
>
> Committed: https://crrev.com/9e3676da9ab1aaf7de3e8582cb3fdefcc3dbaf33
> Cr-Commit-Position: refs/heads/master@{#30495}

TBR=hpayer@chromium.org,fedor@indutny.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1302233007

Cr-Commit-Position: refs/heads/master@{#30502}

9 years agoRevert of [turbofan] greedy: heuristic for memory operands (patchset #2 id:40001...
machenbach [Tue, 1 Sep 2015 09:37:23 +0000 (02:37 -0700)]
Revert of [turbofan] greedy: heuristic for memory operands (patchset #2 id:40001 of https://codereview.chromium.org/1306823005/ )

Reason for revert:
[Sheriff] Breaks test with greedy allocator:
http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20debug%20-%20greedy%20allocator/builds/1318

Original issue's description:
> [turbofan] greedy: heuristic for memory operands
>
> When we have a memory operand (HasSpillOperand() == true), and it
> doesn't need a register immediately, split in an optimal position, which
> is outside the outermost possible loop - just like Linear does.
>
> This results in some modest improvements in perf, when compared
> to baseline greedy. In particular Jetstream zlib x64: 4.66%, Life
> (Emscripten x64) 11%; largest regression is in AreWeFastYet x64: 8%
> and Corrections (Emsccripten x32) 10%
>
> BUG=
>
> Committed: https://crrev.com/8937bfc1d165ff6d72dede1b0ce6f7c1ab9fb260
> Cr-Commit-Position: refs/heads/master@{#30498}

TBR=jarin@chromium.org,bmeurer@chromium.org,mtrofin@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1311813005

Cr-Commit-Position: refs/heads/master@{#30501}

9 years agoMake isolate.h usable without objects-inl.h header.
mstarzinger [Tue, 1 Sep 2015 09:25:19 +0000 (02:25 -0700)]
Make isolate.h usable without objects-inl.h header.

This CL us a pure refactoring that makes an empty compilation unit
including just "isolate.h" or "contexts.h" but not "objects-inl.h"
compile without warnings or errors. This is needed to further reduce
the header dependency tangle.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1322883002

Cr-Commit-Position: refs/heads/master@{#30500}

9 years agoRead all integer op parameters using a signed integer type.
pcc [Tue, 1 Sep 2015 09:10:54 +0000 (02:10 -0700)]
Read all integer op parameters using a signed integer type.

The code was previously reading unsigned integers by performing an invalid cast
of Operator1<intNN_t> objects to Operator1<uintNN_t> and reading the integer
directly. To fix the invalid cast, we cast to the correct type and static_cast
the integer to uintNN_t, which is a no-op on every reasonable target.

Cleanup for cfi_vptr=1; see https://www.chromium.org/developers/testing/control-flow-integrity

BUG=chromium:457523
R=bmeurer@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/1310633004

Cr-Commit-Position: refs/heads/master@{#30499}

9 years ago[turbofan] greedy: heuristic for memory operands
mtrofin [Tue, 1 Sep 2015 08:54:34 +0000 (01:54 -0700)]
[turbofan] greedy: heuristic for memory operands

When we have a memory operand (HasSpillOperand() == true), and it
doesn't need a register immediately, split in an optimal position, which
is outside the outermost possible loop - just like Linear does.

This results in some modest improvements in perf, when compared
to baseline greedy. In particular Jetstream zlib x64: 4.66%, Life
(Emscripten x64) 11%; largest regression is in AreWeFastYet x64: 8%
and Corrections (Emsccripten x32) 10%

BUG=

Review URL: https://codereview.chromium.org/1306823005

Cr-Commit-Position: refs/heads/master@{#30498}

9 years agoPort enabling rtti for cfi.
machenbach [Tue, 1 Sep 2015 08:02:56 +0000 (01:02 -0700)]
Port enabling rtti for cfi.

Partially port https://codereview.chromium.org/1243373003/

BUG=chromium:515782
LOG=n
NOTRY=true

Review URL: https://codereview.chromium.org/1329553002

Cr-Commit-Position: refs/heads/master@{#30497}

9 years agoCrankshaft is now able to compile top level code even if there is a ScriptContext.
ishell [Tue, 1 Sep 2015 07:06:49 +0000 (00:06 -0700)]
Crankshaft is now able to compile top level code even if there is a ScriptContext.

This CL introduces HPrologue instruction which does the context allocation work and supports deoptimization.

Review URL: https://codereview.chromium.org/1317383002

Cr-Commit-Position: refs/heads/master@{#30496}

9 years agoheap: make array buffer maps disjoint
fedor [Tue, 1 Sep 2015 06:51:51 +0000 (23:51 -0700)]
heap: make array buffer maps disjoint

Remove intersection from the `std::map`s representing current live
ArrayBuffers. While being simpler to understand, it poses significant
performance issue for the active ArrayBuffer users (like node.js).

Store buffers separately, and process them together during mark-sweep phase.

The results of benchmarks are:

$ ./node-slow bench && ./node-fast bench
4997.4 ns/op
4685.7 ns/op

NOTE: `fast` - was a patched node.js, `slow` - unpatched node.js with vanilla v8.

BUG=

Review URL: https://codereview.chromium.org/1316873004

Cr-Commit-Position: refs/heads/master@{#30495}

9 years ago[test] Skip slow tests.
machenbach [Tue, 1 Sep 2015 06:23:09 +0000 (23:23 -0700)]
[test] Skip slow tests.

TBR=hablich@chromium.org
NOTRY=true

Review URL: https://codereview.chromium.org/1307123003

Cr-Commit-Position: refs/heads/master@{#30494}

9 years agoFix invalid read of language mode from StorePropertyParameters.
pcc [Tue, 1 Sep 2015 05:04:59 +0000 (22:04 -0700)]
Fix invalid read of language mode from StorePropertyParameters.

Fixes an invalid cast of an Operator1<StorePropertyParameters> object
to Operator1<LanguageMode> by reading the language mode from
StorePropertyParameters. This code happened to work before because
StorePropertyParameters's first field has type LanguageMode.

Cleanup for cfi_vptr=1; see https://www.chromium.org/developers/testing/control-flow-integrity

BUG=chromium:457523
R=bmeurer@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/1311393008

Cr-Commit-Position: refs/heads/master@{#30493}

9 years ago[turbofan] Re-wire greedy.
mtrofin [Tue, 1 Sep 2015 04:42:35 +0000 (21:42 -0700)]
[turbofan] Re-wire greedy.

We completely un-wired the greedy allocator to focus on the
stackchecks in loops (splintering) work. This change re-wires greedy,
still behind its flag. For now, enabling the greedy allocator disables
the stackchecks in loops feature (and range splintering), so that we are
at the baseline we left it at.

The main contribution in this change is adapting the codebase after
the live range model refactoring, whereby RegisterAllocationData's
live_ranges() contains just top-level ranges, and children are accessed
via their parents.

BUG=

Review URL: https://codereview.chromium.org/1320363002

Cr-Commit-Position: refs/heads/master@{#30492}

9 years agoDo not attempt to read language mode from {,Strict}{,Not}Equal nodes.
pcc [Tue, 1 Sep 2015 04:41:25 +0000 (21:41 -0700)]
Do not attempt to read language mode from {,Strict}{,Not}Equal nodes.

We were previously reading a language mode from all comparison nodes
in JSGenericLowering::ReplaceWithCompareIC. This read was invalid for
{,Strict}{,Not}Equal nodes, as these nodes do not have a language mode, as they
derive from Operator rather than from Operator1<LanguageMode>. Because these
nodes are not language mode dependent, we arbitrarily pass Strength::WEAK
to CodeFactory::CompareIC.

Cleanup for cfi_vptr=1; see https://www.chromium.org/developers/testing/control-flow-integrity

BUG=chromium:457523
R=bmeurer@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/1319463003

Cr-Commit-Position: refs/heads/master@{#30491}

9 years agoRevert of Fix CPU profiler deadlock on Windows + AMD CPU. (patchset #1 id:1 of https...
alph [Tue, 1 Sep 2015 04:10:58 +0000 (21:10 -0700)]
Revert of Fix CPU profiler deadlock on Windows + AMD CPU. (patchset #1 id:1 of https://codereview.chromium.org/1304873011/ )

Reason for revert:
Broke a test

Original issue's description:
> Fix CPU profiler deadlock on Windows + AMD CPU.
>
> Implement a lock free version of RolloverProtectedTickClock::Now
> to eliminate a deadlock.
>
> BUG=chromium:521420
> LOG=Y
>
> Committed: https://crrev.com/d6db8e5902af1f067f0f149844f4e92824ee93f3
> Cr-Commit-Position: refs/heads/master@{#30489}

TBR=yurys@chromium.org,caseq@chromium.org,bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:521420

Review URL: https://codereview.chromium.org/1303423006

Cr-Commit-Position: refs/heads/master@{#30490}

9 years agoFix CPU profiler deadlock on Windows + AMD CPU.
alph [Tue, 1 Sep 2015 04:02:31 +0000 (21:02 -0700)]
Fix CPU profiler deadlock on Windows + AMD CPU.

Implement a lock free version of RolloverProtectedTickClock::Now
to eliminate a deadlock.

BUG=chromium:521420
LOG=Y

Review URL: https://codereview.chromium.org/1304873011

Cr-Commit-Position: refs/heads/master@{#30489}

9 years agoPostpone interrupts while dipatching debugger events to listeners
yurys [Mon, 31 Aug 2015 22:32:46 +0000 (15:32 -0700)]
Postpone interrupts while dipatching debugger events to listeners

The interrupts are already postponed in message handlers [1]. This CL aligns debug event listener (the mechanism that is actually used in Chrome DevTools) implementation with that. Handling interrupts on events like v8::AfterCompile leads to crashes like the one in the lined bug. This happens because in the interrupt handler we may change debugger state.

[1] https://codereview.chromium.org/309533009/diff/40001/src/debug.cc

BUG=chromium:520702
LOG=Y

Review URL: https://codereview.chromium.org/1321263002

Cr-Commit-Position: refs/heads/master@{#30488}

9 years ago[heap] Properly decrement amount of externally allocated memory
Michael Lippautz [Mon, 31 Aug 2015 21:11:15 +0000 (23:11 +0200)]
[heap] Properly decrement amount of externally allocated memory

TBR=mstarzinger@chromium.org
BUG=chromium:526244
LOG=N

Review URL: https://codereview.chromium.org/1329493002 .

Cr-Commit-Position: refs/heads/master@{#30487}

9 years agoMake Date.prototype an ordinary object
littledan [Mon, 31 Aug 2015 20:45:35 +0000 (13:45 -0700)]
Make Date.prototype an ordinary object

This is a change for ES2015. Date objects have mutable state, so having
a mutable prototype is bad for SES requirements, and it is an
inconsistency from the typical ES2015 class style of objects

BUG=v8:4004
LOG=Y
R=adamk

Review URL: https://codereview.chromium.org/1317403002

Cr-Commit-Position: refs/heads/master@{#30486}

9 years agoMIPS: [builtins] Pass correct number of arguments after adapting arguments.
akos.palfi [Mon, 31 Aug 2015 20:11:12 +0000 (13:11 -0700)]
MIPS: [builtins] Pass correct number of arguments after adapting arguments.

Port fbad63669e309e8c5c3f2ecf503df2fefaac79bb

Original commit message:
The call protocol requires that the register dedicated to the number of
actual arguments (i.e. rax on x64) always contains the actual arguments.
That means after adapting arguments it should match the number of
expected arguments.  But currently we pass some semi-random value
(usually some stack address) after adapting arguments.

It looks like this is currently not observable anywhere, because our
builtins and functions either don't look at the number of arguments and
just make hard coded (unchecked) assumptions, or are marked as "don't
adapt arguments", which bypasses the broken code in the trampoline for
arguments adaption.  Nevertheless this should be fixed.

BUG=

Review URL: https://codereview.chromium.org/1322953002

Cr-Commit-Position: refs/heads/master@{#30485}

9 years agoRefactor type collector testing macros.
bradnelson [Mon, 31 Aug 2015 19:16:51 +0000 (12:16 -0700)]
Refactor type collector testing macros.

Assume a zone is in scope instead of a handles object.
Move INT32_TYPE into test-typing-reset.
Provide a CHECK_SKIP() macro to allow skipping
sections of an ast expression walk.

BUG= https://code.google.com/p/v8/issues/detail?id=4203
TEST=test-typing-reset, test-ast-expression-visitor
R=rossberg@chromium.org,titzer@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/1319983004

Cr-Commit-Position: refs/heads/master@{#30484}

9 years agoStop prepending "r" to commit hashes in merge_to_branch.py
adamk [Mon, 31 Aug 2015 17:46:11 +0000 (10:46 -0700)]
Stop prepending "r" to commit hashes in merge_to_branch.py

R=machenbach@chromium.org

Review URL: https://codereview.chromium.org/1298973007

Cr-Commit-Position: refs/heads/master@{#30483}