platform/upstream/v8.git
9 years agoUpdated version to 4.6
hablich [Fri, 10 Jul 2015 12:48:23 +0000 (05:48 -0700)]
Updated version to 4.6

BUG=
TBR=machenbach@chromium.org,vogelheim@chromium.org
NOTRY=true

Review URL: https://codereview.chromium.org/1235573002

Cr-Commit-Position: refs/heads/master@{#29569}

9 years agoDebugger: record reloc info for debug break slot immediate before the slot.
yangguo [Fri, 10 Jul 2015 12:47:18 +0000 (05:47 -0700)]
Debugger: record reloc info for debug break slot immediate before the slot.

If we do it too early, we might get a constant pool between the reloc info
and the actual slot.

R=ulan@chromium.org

Review URL: https://codereview.chromium.org/1229673005

Cr-Commit-Position: refs/heads/master@{#29568}

9 years ago[arm64] Fixed unnecessary environment assignment to LSmiTag instruction.
ishell [Fri, 10 Jul 2015 11:36:03 +0000 (04:36 -0700)]
[arm64] Fixed unnecessary environment assignment to LSmiTag instruction.

BUG=chromium:490021
LOG=N

Review URL: https://codereview.chromium.org/1235563002

Cr-Commit-Position: refs/heads/master@{#29567}

9 years agoFixes the parser-shell by adding a dependency to StartupDataUtil.
epertoso [Fri, 10 Jul 2015 10:26:52 +0000 (03:26 -0700)]
Fixes the parser-shell by adding a dependency to StartupDataUtil.

Review URL: https://codereview.chromium.org/1230173002

Cr-Commit-Position: refs/heads/master@{#29566}

9 years agoDisable the pending task if the memory reducer is torn down.
ulan [Fri, 10 Jul 2015 10:07:35 +0000 (03:07 -0700)]
Disable the pending task if the memory reducer is torn down.

BUG=chromium:508584
LOG=NO

Review URL: https://codereview.chromium.org/1230163002

Cr-Commit-Position: refs/heads/master@{#29565}

9 years agoRemove more uses of the deprecated EnumSet template class.
bmeurer [Fri, 10 Jul 2015 09:34:56 +0000 (02:34 -0700)]
Remove more uses of the deprecated EnumSet template class.

EnumtSet has been deprecated for quite some time, and replaced with the
more general and type safe base::Flags template class.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1229233002

Cr-Commit-Position: refs/heads/master@{#29564}

9 years ago[Sheriff] Skip worker test.
machenbach [Fri, 10 Jul 2015 09:30:51 +0000 (02:30 -0700)]
[Sheriff] Skip worker test.

BUG=v8:4279
LOG=n
NOTRY=true
TBR=jarin@chromium.org

Review URL: https://codereview.chromium.org/1235493005

Cr-Commit-Position: refs/heads/master@{#29563}

9 years agoRemove separate construct stub for new.target users.
mstarzinger [Fri, 10 Jul 2015 08:50:24 +0000 (01:50 -0700)]
Remove separate construct stub for new.target users.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1213623020

Cr-Commit-Position: refs/heads/master@{#29562}

9 years agoDebugger: use debug break slot to break on call.
yangguo [Fri, 10 Jul 2015 08:49:14 +0000 (01:49 -0700)]
Debugger: use debug break slot to break on call.

Break point at calls are currently set via IC. To change this, we
need to set debug break slots instead. We also need to distinguish
those debug break slots as calls to support step-in.

To implement this, we add a data field to debug break reloc info to
indicate non-call debug breaks or in case of call debug breaks, the
number of arguments. We can later use this to find the callee on the
evaluation stack in Debug::PrepareStep.

BUG=v8:4269
R=ulan@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/1222093007

Cr-Commit-Position: refs/heads/master@{#29561}

9 years ago[Sheriff] Mark test as flaky.
machenbach [Fri, 10 Jul 2015 08:32:46 +0000 (01:32 -0700)]
[Sheriff] Mark test as flaky.

BUG=v8:4279
LOG=n
NOTRY=true
TBR=jarin@chromium.org

Review URL: https://codereview.chromium.org/1233603002

Cr-Commit-Position: refs/heads/master@{#29560}

9 years agoFix lazy compilation of eval() under nosnap/--use-strict
adamk [Thu, 9 Jul 2015 21:31:11 +0000 (14:31 -0700)]
Fix lazy compilation of eval() under nosnap/--use-strict

When running without a snapshot, the GlobalEval function gets lazy compiled.
By the time we compile it, its name is "eval", which causes the parser to
choke (functions named "eval" aren't allowed in strict mode!).

Instead, we now always skip checking the function name when lazy-parsing,
as the name has already been checked appropriately by the preparser.

Also cleaned up other cases that don't require name checking by introducing
FunctionNameValidity enum and passing appropriate values throughout the
parser and preparser.

This lets us pass an additional 18 test262 tests.

BUG=v8:4198
LOG=n

Review URL: https://codereview.chromium.org/1227093005

Cr-Commit-Position: refs/heads/master@{#29559}

9 years ago[es6] Bound function name
arv [Thu, 9 Jul 2015 20:36:03 +0000 (13:36 -0700)]
[es6] Bound function name

Instead of updating the SharedFuntionInfo set the name property on
the function directly.

BUG=v8:4278
LOG=N
R=verwaest@chromium.org, littledan@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1227523003

Cr-Commit-Position: refs/heads/master@{#29558}

9 years agod8 workers: fix race on quit() with context_mutex_
binji [Thu, 9 Jul 2015 19:30:18 +0000 (12:30 -0700)]
d8 workers: fix race on quit() with context_mutex_

When quit() is called, d8 shell exits without cleanup. If a worker is running,
it might be holding the context_mutex_, which if destroyed will DCHECK.

BUG=4279
R=jarin@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1231473002

Cr-Commit-Position: refs/heads/master@{#29557}

9 years ago[es6] Function bind should preserve [[Prototype]]
arv [Thu, 9 Jul 2015 15:48:50 +0000 (08:48 -0700)]
[es6] Function bind should preserve [[Prototype]]

The function returned from Function.prototype.bind should have the same
[[Prototype]] as the receiver.

BUG=v8:3889
LOG=N
R=adamk@chromium.org, verwaest@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1217603005

Cr-Commit-Position: refs/heads/master@{#29556}

9 years agoLandmine to cleanup windows.
Michael Achenbach [Thu, 9 Jul 2015 14:03:25 +0000 (16:03 +0200)]
Landmine to cleanup windows.

Cr-Commit-Position: refs/heads/master@{#29555}

9 years ago[test] Raise timeout for testing without vfp3.
machenbach [Thu, 9 Jul 2015 13:56:00 +0000 (06:56 -0700)]
[test] Raise timeout for testing without vfp3.

TBR=bmeurer@chromium.org
NOTRY=true

Review URL: https://codereview.chromium.org/1228073002

Cr-Commit-Position: refs/heads/master@{#29554}

9 years agoWhitespace change to test ninja on windows.
Michael Achenbach [Thu, 9 Jul 2015 11:23:20 +0000 (13:23 +0200)]
Whitespace change to test ninja on windows.

Cr-Commit-Position: refs/heads/master@{#29553}

9 years ago[arm] Don't call branch_offset within CheckConstPool.
bmeurer [Thu, 9 Jul 2015 10:32:23 +0000 (03:32 -0700)]
[arm] Don't call branch_offset within CheckConstPool.

This basically means that we must not use the b(Label*) version here,
but the b(int) version instead to jump over the constant pool.

BUG=v8:4292
LOG=y

Review URL: https://codereview.chromium.org/1224243002

Cr-Commit-Position: refs/heads/master@{#29552}

9 years agoAdd goma=on option to Makefile build.
rmcilroy [Thu, 9 Jul 2015 09:50:48 +0000 (02:50 -0700)]
Add goma=on option to Makefile build.

Review URL: https://codereview.chromium.org/1225683010

Cr-Commit-Position: refs/heads/master@{#29551}

9 years ago[arm] Fix missing CheckBuffer for branches.
bmeurer [Thu, 9 Jul 2015 09:33:17 +0000 (02:33 -0700)]
[arm] Fix missing CheckBuffer for branches.

The b, bl and blx methods that take labels basically ignore the constant
pool check and just block the constant pool for the next instruction.
This way a long enough sequence of those instructions will block can
potentially block the constant pool emission for too long.

BUG=v8:4292
LOG=y
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/1223093004

Cr-Commit-Position: refs/heads/master@{#29550}

9 years agoAllow deferred handle dereference in EmitLoadRegister to retrieve number.
yangguo [Thu, 9 Jul 2015 09:26:49 +0000 (02:26 -0700)]
Allow deferred handle dereference in EmitLoadRegister to retrieve number.

R=mstarzinger@chromium.org
BUG=chromium:507977
LOG=N

Review URL: https://codereview.chromium.org/1230653004

Cr-Commit-Position: refs/heads/master@{#29549}

9 years ago[turbofan] Use NumAllocatableRegisters() instead of kMaxNumAllocatableRegisters.
rmcilroy [Thu, 9 Jul 2015 09:14:32 +0000 (02:14 -0700)]
[turbofan] Use NumAllocatableRegisters() instead of kMaxNumAllocatableRegisters.

Use NumAllocatableRegisters() instead of kMaxNumAllocatableRegisters in
ArchDefaultRegisterConfiguration::ArchDefaultRegisterConfiguration()
otherwise the compiler DCHECKS if triggered during snapshot builds on
Arm where only 16 DoubleRegisters are avaiable instead of 32.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1230473006

Cr-Commit-Position: refs/heads/master@{#29548}

9 years ago[arm] Remove unused jump_elimination_allowed parameter to Assembler::branch_offset().
bmeurer [Thu, 9 Jul 2015 09:00:06 +0000 (02:00 -0700)]
[arm] Remove unused jump_elimination_allowed parameter to Assembler::branch_offset().

That parameter is just confusing and completely unused.

Review URL: https://codereview.chromium.org/1228763003

Cr-Commit-Position: refs/heads/master@{#29547}

9 years agoDebugger: do not compile IC for accessors when debugging.
yangguo [Thu, 9 Jul 2015 07:05:28 +0000 (00:05 -0700)]
Debugger: do not compile IC for accessors when debugging.

The invariant is that as long as there is a debug info on
the shared function info, no accessor IC is compiled for
its code. That way we can guarantee that stepping into
accessors, which requires a debug info, works for accessors.

Review URL: https://codereview.chromium.org/1220283009

Cr-Commit-Position: refs/heads/master@{#29546}

9 years agoGuard @@isConcatSpreadable behind a flag
littledan [Wed, 8 Jul 2015 21:49:44 +0000 (14:49 -0700)]
Guard @@isConcatSpreadable behind a flag

The breakage to Chrome seems to be based on @@isConcatSpreadable
and turning that part off with this patch fixes the Maps Tips & Tricks
test case.

BUG=chromium:507553
LOG=Y
R=adamk

Review URL: https://codereview.chromium.org/1226063002

Cr-Commit-Position: refs/heads/master@{#29545}

9 years agoRevert of [turbofan] Optimize string "length" property access based on types. (patchs...
adamk [Wed, 8 Jul 2015 21:29:54 +0000 (14:29 -0700)]
Revert of [turbofan] Optimize string "length" property access based on types. (patchset #2 id:20001 of https://codereview.chromium.org/1216593003/)

Reason for revert:
Causes crash when running benchmarks/octane/regexp.js on ARM:
http://build.chromium.org/p/client.v8/builders/V8%20Arm/builds/2492/steps/Benchmarks/logs/regexp

Original issue's description:
> [turbofan] Optimize string "length" property access based on types.
>
> Optimize string "length" property access based on static type
> information if possible, but also optimistically optimize the access
> based on type feedback from the LoadIC.
>
> R=jarin@chromium.org
>
> Committed: https://crrev.com/17add22ff4b9c5ca638502e7708f0d9d99baca40
> Cr-Commit-Position: refs/heads/master@{#29543}

TBR=mstarzinger@chromium.org,jarin@chromium.org,bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1224083002

Cr-Commit-Position: refs/heads/master@{#29544}

9 years ago[turbofan] Optimize string "length" property access based on types.
bmeurer [Wed, 8 Jul 2015 19:12:41 +0000 (12:12 -0700)]
[turbofan] Optimize string "length" property access based on types.

Optimize string "length" property access based on static type
information if possible, but also optimistically optimize the access
based on type feedback from the LoadIC.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1216593003

Cr-Commit-Position: refs/heads/master@{#29543}

9 years agoPPC: Add unoptimized/optimized variants of MathFloor TF code stub
mbrandy [Wed, 8 Jul 2015 19:11:29 +0000 (12:11 -0700)]
PPC: Add unoptimized/optimized variants of MathFloor TF code stub

Port 8f13b655b8a10dae2116dd18b32f09337bb2d410

Original commit message:
    - Add a TurboFanIC class, derived from TurboFanCodeStub, that
      automatically distinguishes between versions of the IC called from
      optimized and unoptimized code.
    - Add appropriate InterfaceDescriptors for both the versions of the
      stub called from unoptimized and optimized code
    - Change the MathFloor TF stub generator to output either the
      for-optimized or for-unoptimized version based on the minor_key
      parameter.

R=danno@chromium.org, dstence@us.ibm.com, michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1207253003

Cr-Commit-Position: refs/heads/master@{#29542}

9 years agoFix cluster-fuzz found regression with d8 Workers
binji [Wed, 8 Jul 2015 17:57:49 +0000 (10:57 -0700)]
Fix cluster-fuzz found regression with d8 Workers

This one occurred when serializing an object. When the property getter threw an
exception, that value was skipped, but the property count wasn't updated. The
deserializer then tried to deserialize the wrong value.

BUG=chromium:506549
R=jarin@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1220193004

Cr-Commit-Position: refs/heads/master@{#29541}

9 years ago[es6] unship harmony_rest_parameters
caitpotter88 [Wed, 8 Jul 2015 17:02:35 +0000 (10:02 -0700)]
[es6] unship harmony_rest_parameters

BUG=508074
LOG=N
R=arv@chromium.org, rossberg@chromium.org

Review URL: https://codereview.chromium.org/1222713013

Cr-Commit-Position: refs/heads/master@{#29540}

9 years agoReland: Add unoptimized/optimized variants of MathFloor TF code stub
danno [Wed, 8 Jul 2015 16:53:32 +0000 (09:53 -0700)]
Reland: Add unoptimized/optimized variants of MathFloor TF code stub

- Add a TurboFanIC class, derived from TurboFanCodeStub, that
  automatically distinguishes between versions of the IC called from
  optimized and unoptimized code.
- Add appropriate InterfaceDescriptors for both the versions of the
  stub called from unoptimized and optimized code
- Change the MathFloor TF stub generator to output either the
  for-optimized or for-unoptimized version based on the minor_key
  parameter.

Committed: https://crrev.com/8f13b655b8a10dae2116dd18b32f09337bb2d410
Cr-Commit-Position: refs/heads/master@{#29534}

Review URL: https://codereview.chromium.org/1225943002

Cr-Commit-Position: refs/heads/master@{#29539}

9 years agoVerify that double unboxing is never performed on large objects.
hpayer [Wed, 8 Jul 2015 16:08:31 +0000 (09:08 -0700)]
Verify that double unboxing is never performed on large objects.

BUG=

Review URL: https://codereview.chromium.org/1214673007

Cr-Commit-Position: refs/heads/master@{#29538}

9 years ago[test] Skip rest-params test.
machenbach [Wed, 8 Jul 2015 15:21:41 +0000 (08:21 -0700)]
[test] Skip rest-params test.

BUG=chromium:508074
LOG=n
NOTREECHECKS=true
NOTRY=true
TBR=ishell@chromium.org

Review URL: https://codereview.chromium.org/1215023016

Cr-Commit-Position: refs/heads/master@{#29537}

9 years ago[es6] Initial support for let/const bindings in sloppy mode
arv [Wed, 8 Jul 2015 15:04:04 +0000 (08:04 -0700)]
[es6] Initial support for let/const bindings in sloppy mode

Allow let in sloppy mode with --harmony-sloppy

Allow ES'15 const in sloppy mode with --harmony-sloppy --no-legacy-const

Functions in block are not done yet. They are only let bound in the block
at this point.

BUG=v8:3305, v8:2198
LOG=N
R=littledan@chromium.org, rossberg@chromium.org, adamk@chromium.org

Review URL: https://codereview.chromium.org/1219853004

Cr-Commit-Position: refs/heads/master@{#29536}

9 years agoRevert of Add unoptimized/optimized variants of MathFloor TF code stub (patchset...
danno [Wed, 8 Jul 2015 15:00:29 +0000 (08:00 -0700)]
Revert of Add unoptimized/optimized variants of MathFloor TF code stub (patchset #4 id:60001 of https://codereview.chromium.org/1225943002/)

Reason for revert:
Failure on compiling runtime.js on windows

Original issue's description:
> Add unoptimized/optimized variants of MathFloor TF code stub
>
> - Add a TurboFanIC class, derived from TurboFanCodeStub, that
>   automatically distinguishes between versions of the IC called from
>   optimized and unoptimized code.
> - Add appropriate InterfaceDescriptors for both the versions of the
>   stub called from unoptimized and optimized code
> - Change the MathFloor TF stub generator to output either the
>   for-optimized or for-unoptimized version based on the minor_key
>   parameter.
>
> Committed: https://crrev.com/8f13b655b8a10dae2116dd18b32f09337bb2d410
> Cr-Commit-Position: refs/heads/master@{#29534}

TBR=mvstanton@chromium.org,bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1220783006

Cr-Commit-Position: refs/heads/master@{#29535}

9 years agoAdd unoptimized/optimized variants of MathFloor TF code stub
danno [Wed, 8 Jul 2015 14:43:07 +0000 (07:43 -0700)]
Add unoptimized/optimized variants of MathFloor TF code stub

- Add a TurboFanIC class, derived from TurboFanCodeStub, that
  automatically distinguishes between versions of the IC called from
  optimized and unoptimized code.
- Add appropriate InterfaceDescriptors for both the versions of the
  stub called from unoptimized and optimized code
- Change the MathFloor TF stub generator to output either the
  for-optimized or for-unoptimized version based on the minor_key
  parameter.

Review URL: https://codereview.chromium.org/1225943002

Cr-Commit-Position: refs/heads/master@{#29534}

9 years agoPPC: [turbofan] Add TruncationMode for TruncateFloat64ToInt32.
mbrandy [Wed, 8 Jul 2015 13:54:57 +0000 (06:54 -0700)]
PPC: [turbofan] Add TruncationMode for TruncateFloat64ToInt32.

Port 4b38c15817033ccd9a65efbb3d038ae2423293c2

Original commit message:
    We actually need round to zero truncation to implement the counterpart
    of LDoubleToI in TurboFan, which tries to convert a double to an integer
    as required for keyed load/store optimizations.

    Drive-by-cleanup: Reduce some code duplication in the InstructionSelector
    implementations.

R=bmeurer@chromium.org, dstence@us.ibm.com, michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1220373003

Cr-Commit-Position: refs/heads/master@{#29533}

9 years agoDisable harmony/arrow-rest-params test to unblock landing of another CL.
ishell [Wed, 8 Jul 2015 13:49:13 +0000 (06:49 -0700)]
Disable harmony/arrow-rest-params test to unblock landing of another CL.

BUG=chromium:508074
LOG=N

Review URL: https://codereview.chromium.org/1217493005

Cr-Commit-Position: refs/heads/master@{#29532}

9 years ago[test] Refactoring - Make perf suite definitions stateless regarding measurements.
machenbach [Wed, 8 Jul 2015 12:31:29 +0000 (05:31 -0700)]
[test] Refactoring - Make perf suite definitions stateless regarding measurements.

This prepares for making multiple measurements of one trace.
For this, the suite/trace configurations need to be
independent of the measurement instances.

BUG=chromium:507213
LOG=n
NOTRY=true

Review URL: https://codereview.chromium.org/1227033002

Cr-Commit-Position: refs/heads/master@{#29531}

9 years agoFixed a couple of proxies-related unhandled exceptions.
ishell [Wed, 8 Jul 2015 11:46:05 +0000 (04:46 -0700)]
Fixed a couple of proxies-related unhandled exceptions.

BUG=chromium:506956, chromium:505907
LOG=N

Review URL: https://codereview.chromium.org/1215463012

Cr-Commit-Position: refs/heads/master@{#29530}

9 years ago[x64] Fix handling of Smi constants in LSubI and LBitI
jkummerow [Wed, 8 Jul 2015 10:20:23 +0000 (03:20 -0700)]
[x64] Fix handling of Smi constants in LSubI and LBitI

Smi immediates are not supported, so instructions with Smi representations need their constants in a register. LAddI has already been doing this. The manifestation of the bug was that an operation would compute 0 instead of the correct result.

BUG=chromium:478612
LOG=y
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/1224623017

Cr-Commit-Position: refs/heads/master@{#29529}

9 years agoPartially revert r29468
verwaest [Wed, 8 Jul 2015 10:01:47 +0000 (03:01 -0700)]
Partially revert r29468

BUG=chromium:507767
LOG=n

Review URL: https://codereview.chromium.org/1224853003

Cr-Commit-Position: refs/heads/master@{#29528}

9 years ago[turbofan] Add TruncationMode for TruncateFloat64ToInt32.
bmeurer [Wed, 8 Jul 2015 06:48:52 +0000 (23:48 -0700)]
[turbofan] Add TruncationMode for TruncateFloat64ToInt32.

We actually need round to zero truncation to implement the counterpart
of LDoubleToI in TurboFan, which tries to convert a double to an integer
as required for keyed load/store optimizations.

Drive-by-cleanup: Reduce some code duplication in the InstructionSelector
implementations.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1225993002

Cr-Commit-Position: refs/heads/master@{#29527}

9 years agoAdd a flag for legacy const semantics
arv [Tue, 7 Jul 2015 21:57:09 +0000 (14:57 -0700)]
Add a flag for legacy const semantics

This flag is on by default but it will allow us to turn that off in
favor of harmony-sloppy in the future.

BUG=v8:3305, v8:2198
LOG=N
R=littledan@chromium.org, rossberg@chromium.org

Review URL: https://codereview.chromium.org/1218803006

Cr-Commit-Position: refs/heads/master@{#29526}

9 years agoRevert of [d8] bounds-check before getting Shell::Worker internal field (patchset...
machenbach [Tue, 7 Jul 2015 21:16:48 +0000 (14:16 -0700)]
Revert of [d8] bounds-check before getting Shell::Worker internal field (patchset #4 id:80001 of https://codereview.chromium.org/1214053004/)

Reason for revert:
[Sheriff] Fails here:
http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20shared/builds/4737

Original issue's description:
> [d8] bounds-check before getting Shell::Worker internal field
>
> Prevents fatal error in debug builds
>
> BUG=v8:4271
> R=binji@chromium.org
> LOG=N
>
> Committed: https://crrev.com/43ce9c6f101c4224addd9a54e0c39963188dc7fa
> Cr-Commit-Position: refs/heads/master@{#29524}

TBR=binji@chromium.org,jochen@chromium.org,adamk@chromium.org,caitpotter88@gmail.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4271

Review URL: https://codereview.chromium.org/1215333012

Cr-Commit-Position: refs/heads/master@{#29525}

9 years ago[d8] bounds-check before getting Shell::Worker internal field
caitpotter88 [Tue, 7 Jul 2015 21:06:10 +0000 (14:06 -0700)]
[d8] bounds-check before getting Shell::Worker internal field

Prevents fatal error in debug builds

BUG=v8:4271
R=binji@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/1214053004

Cr-Commit-Position: refs/heads/master@{#29524}

9 years agoAdd debug-stepnext test for for-let loops
adamk [Tue, 7 Jul 2015 19:11:24 +0000 (12:11 -0700)]
Add debug-stepnext test for for-let loops

Review URL: https://codereview.chromium.org/1215383002

Cr-Commit-Position: refs/heads/master@{#29523}

9 years ago[turbofan] VisitSuperCallReference is not reachable
arv [Tue, 7 Jul 2015 18:30:43 +0000 (11:30 -0700)]
[turbofan] VisitSuperCallReference is not reachable

BUG=N
LOG=N
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1226443004

Cr-Commit-Position: refs/heads/master@{#29522}

9 years agoDelete from non-array end by trimming the backing store
verwaest [Tue, 7 Jul 2015 16:02:30 +0000 (09:02 -0700)]
Delete from non-array end by trimming the backing store

Review URL: https://codereview.chromium.org/1218663009

Cr-Commit-Position: refs/heads/master@{#29521}

9 years agoUse FullCodeGenerator::EmitGlobalVariableLoad() where possible to avoid code duplication.
ishell [Tue, 7 Jul 2015 15:04:45 +0000 (08:04 -0700)]
Use FullCodeGenerator::EmitGlobalVariableLoad() where possible to avoid code duplication.

Review URL: https://codereview.chromium.org/1222203007

Cr-Commit-Position: refs/heads/master@{#29520}

9 years ago[turbofan] Move RawMachineAssembler back to src/compiler.
rmcilroy [Tue, 7 Jul 2015 15:02:39 +0000 (08:02 -0700)]
[turbofan] Move RawMachineAssembler back to src/compiler.

The RawMachineAssembler will be used to build the interpreter, so it needs
to move back to src/compiler.

This reverts commit b5b00cc031c15263bbc4e8e8b2bef01b6fdfd284.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1221303014

Cr-Commit-Position: refs/heads/master@{#29519}

9 years agoDebugger: clear ICs on activating step-in to correctly flood accessor pairs.
yangguo [Tue, 7 Jul 2015 13:56:17 +0000 (06:56 -0700)]
Debugger: clear ICs on activating step-in to correctly flood accessor pairs.

If we compile handlers to call accessors, Debug::HandleStepIn won't get
called. Therefore we need to clear ICs each time. This has not been
necessary before because we used to patch ICs for breaking, and restored
them with cleared ICs. This is no longer the case. We do not use ICs
for breaking anymore, so they are not implicitly cleared any longer.

R=mvstanton@chromium.org
BUG=v8:4269
LOG=N

Review URL: https://codereview.chromium.org/1212253009

Cr-Commit-Position: refs/heads/master@{#29518}

9 years ago[test262-es6] Update to 2015-07-06 which includes the yaml harness fix
arv [Tue, 7 Jul 2015 13:50:59 +0000 (06:50 -0700)]
[test262-es6] Update to 2015-07-06 which includes the yaml harness fix

Revert "Revert of [test262-es6] Update to 2011-06-29 (patchset #1 id:1 of https://codereview.chromium.org/1220793005/)"

This reverts commit f50fff57b0b86c12b832c43d31458890617ebd88.

BUG=N
LOG=N
R=littledan@chromium.org, machenbach@chromium.org

Review URL: https://codereview.chromium.org/1212723004

Cr-Commit-Position: refs/heads/master@{#29517}

9 years ago[turbofan] Unify various bailout hacks for super call.
mstarzinger [Tue, 7 Jul 2015 13:25:53 +0000 (06:25 -0700)]
[turbofan] Unify various bailout hacks for super call.

This removes various boilouts for super constructor calls from the
TurboFan pipeline and unifies them. It also disables and optimization
which breaks references to uninitialized const this variables.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1222843004

Cr-Commit-Position: refs/heads/master@{#29516}

9 years agoStart incremental marking in long idle notification for background tab
ulan [Tue, 7 Jul 2015 12:30:52 +0000 (05:30 -0700)]
Start incremental marking in long idle notification for background tab
disregarding the allocation throughput.

BUG=chromium:506132
LOG=NO

Review URL: https://codereview.chromium.org/1213313004

Cr-Commit-Position: refs/heads/master@{#29515}

9 years agoIndex -> Entry and Key -> Index in elements.[cc|h]
verwaest [Tue, 7 Jul 2015 11:52:51 +0000 (04:52 -0700)]
Index -> Entry and Key -> Index in elements.[cc|h]

BUG=v8:4137
LOG=n

Review URL: https://codereview.chromium.org/1224643004

Cr-Commit-Position: refs/heads/master@{#29514}

9 years ago[test] Turn off certificate verification when downloading test data on windows.
machenbach [Tue, 7 Jul 2015 11:42:12 +0000 (04:42 -0700)]
[test] Turn off certificate verification when downloading test data on windows.

BUG=v8:4254
LOG=n
NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true
TBR=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1220333004

Cr-Commit-Position: refs/heads/master@{#29513}

9 years agoReland "Replace reduce-memory mode in idle notification with delayed clean-up GC."
ulan [Tue, 7 Jul 2015 11:37:44 +0000 (04:37 -0700)]
Reland "Replace reduce-memory mode in idle notification with delayed clean-up GC."

This reverts commit 269918927a54cd1533ef4e3318dd76b3747762b5.
This reverts commit 435b3c873ac3b58fb56a1b7292951810c93ceda5.

The failing test is fixing in chromium.

BUG=chromium:490559
LOG=NO
TBR=hpayer@chromium.org

Review URL: https://codereview.chromium.org/1208993009

Cr-Commit-Position: refs/heads/master@{#29512}

9 years agoMove compatible receiver check from CompileHandler to UpdateCaches
jochen [Tue, 7 Jul 2015 11:02:15 +0000 (04:02 -0700)]
Move compatible receiver check from CompileHandler to UpdateCaches

We also need to do the check before using an existing handler from the
cache

BUG=chromium:505374
R=verwaest@chromium.org
LOG=y

Review URL: https://codereview.chromium.org/1221433010

Cr-Commit-Position: refs/heads/master@{#29511}

9 years ago[test] Fix redirect problem for downloading test data on windows.
machenbach [Tue, 7 Jul 2015 10:35:27 +0000 (03:35 -0700)]
[test] Fix redirect problem for downloading test data on windows.

BUG=v8:4254
LOG=n
NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true
TBR=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1219013007

Cr-Commit-Position: refs/heads/master@{#29510}

9 years agoCleanup frame description constant.
mstarzinger [Tue, 7 Jul 2015 08:14:20 +0000 (01:14 -0700)]
Cleanup frame description constant.

This unifies the existing frame constants that are the same accross all
architectures. It also adds a new kOriginalConstructorOffset constant
for construct frames and uses is in full-codegen.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1220223005

Cr-Commit-Position: refs/heads/master@{#29509}

9 years agoX87: Debugger: use debug break slots instead of ICs (except for calls).
chunyang.dai [Tue, 7 Jul 2015 08:04:09 +0000 (01:04 -0700)]
X87: Debugger: use debug break slots instead of ICs (except for calls).

port a8a4c364c2ad4c1e5f4c6e1f1580d75ff1a35a4f (r29487).

original commit message:

BUG=

Review URL: https://codereview.chromium.org/1227603002

Cr-Commit-Position: refs/heads/master@{#29508}

9 years ago[deoptimizer] Properly evict TurboFan OSR code objects on eager deopts.
bmeurer [Tue, 7 Jul 2015 07:28:02 +0000 (00:28 -0700)]
[deoptimizer] Properly evict TurboFan OSR code objects on eager deopts.

TurboFan OSR installs the CompileOptimized builtin on JSFunctions, which
means that we never evict the OSR code objects for such functions from
eager deopts.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1220813018

Cr-Commit-Position: refs/heads/master@{#29507}

9 years agoRevert of Fix bug when transferring SharedArrayBuffer to multiple Workers. (patchset...
machenbach [Tue, 7 Jul 2015 06:41:18 +0000 (23:41 -0700)]
Revert of Fix bug when transferring SharedArrayBuffer to multiple Workers. (patchset #3 id:40001 of https://codereview.chromium.org/1215233004/)

Reason for revert:
[Sheriff] Test hangs sometimes and times out flakily. E.g.: http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosse3/builds/4551/steps/Check%20%28flakes%29/logs/d8-worker-sharedarray..

Original issue's description:
> Fix bug when transferring SharedArrayBuffer to multiple Workers.
>
> Previously, the serialization code would call Externalize for every transferred
> ArrayBuffer or SharedArrayBuffer, but that function can only be called once. If
> the buffer is already externalized, we should call GetContents instead.
>
> Also fix use-after-free bug when transferring ArrayBuffers. The transferred
> ArrayBuffer must be internalized in the new isolate, or be managed by the
> Shell. The current code gives it to the isolate externalized and frees it
> immediately afterward when the SerializationData object is destroyed.
>
> BUG=chromium:497295
> R=jarin@chromium.org
> LOG=n
>
> Committed: https://crrev.com/dd7962bf7838f8379ba776ee6b7b0e4d3bec2140
> Cr-Commit-Position: refs/heads/master@{#29499}

TBR=jarin@chromium.org,jochen@chromium.org,binji@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:497295

Review URL: https://codereview.chromium.org/1224843008

Cr-Commit-Position: refs/heads/master@{#29506}

9 years agoUpdate V8 DEPS.
v8-autoroll [Tue, 7 Jul 2015 03:42:17 +0000 (20:42 -0700)]
Update V8 DEPS.

Rolling v8/third_party/icu to c81a1a3989c3b66fa323e9a6ee7418d7c08297af

TBR=machenbach@chromium.org

Review URL: https://codereview.chromium.org/1213043007

Cr-Commit-Position: refs/heads/master@{#29505}

9 years agoX87: [turbofan] Enable tail calls for %_CallRuntime.
cdai2 [Tue, 7 Jul 2015 01:05:28 +0000 (09:05 +0800)]
X87: [turbofan] Enable tail calls for %_CallRuntime.

port 1fa4285e1ce16cfadf8c40a0993491ec4e2bbbe0 (r29436).

original commit message:

    This involves:
    - Enabling the tail call optimization reducer in all cases.
    - Adding an addition flag to CallFunctionParameters to mark call sites
      that can be tail-called enabled.
    - Only set the tail-call flag for %_CallFunction.

BUG=
R=weiliang.lin@intel.com

Review URL: https://codereview.chromium.org/1228463003

Cr-Commit-Position: refs/heads/master@{#29504}

9 years agoPPC: Debugger: use debug break slots instead of ICs (except for calls).
mbrandy [Mon, 6 Jul 2015 19:26:45 +0000 (12:26 -0700)]
PPC: Debugger: use debug break slots instead of ICs (except for calls).

Port a8a4c364c2ad4c1e5f4c6e1f1580d75ff1a35a4f

R=yangguo@chromium.org, dstence@us.ibm.com, michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1216863005

Cr-Commit-Position: refs/heads/master@{#29503}

9 years agoPPC: Fix "Support for global var shortcuts in script contexts."
mbrandy [Mon, 6 Jul 2015 19:22:23 +0000 (12:22 -0700)]
PPC: Fix "Support for global var shortcuts in script contexts."

R=ishell@chromium.org, dstence@us.ibm.com, michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1212343007

Cr-Commit-Position: refs/heads/master@{#29502}

9 years agoPPC: Fix "[turbofan] Add Uint64LessThanOrEqual to 64-bit TurboFan backends."
mbrandy [Mon, 6 Jul 2015 19:21:16 +0000 (12:21 -0700)]
PPC: Fix "[turbofan] Add Uint64LessThanOrEqual to 64-bit TurboFan backends."

R=titzer@chromium.org, dstence@us.ibm.com, michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1218073008

Cr-Commit-Position: refs/heads/master@{#29501}

9 years ago[turbofan] Port initialization of new.target variable.
mstarzinger [Mon, 6 Jul 2015 18:02:41 +0000 (11:02 -0700)]
[turbofan] Port initialization of new.target variable.

This implements the proper initialization of the new.target internal
variable in the AstGraphBuilder. For now this uses a runtime call that
cannot handle inlined frames correctly.

R=arv@chromium.org

Review URL: https://codereview.chromium.org/1212813008

Cr-Commit-Position: refs/heads/master@{#29500}

9 years agoFix bug when transferring SharedArrayBuffer to multiple Workers.
binji [Mon, 6 Jul 2015 17:17:59 +0000 (10:17 -0700)]
Fix bug when transferring SharedArrayBuffer to multiple Workers.

Previously, the serialization code would call Externalize for every transferred
ArrayBuffer or SharedArrayBuffer, but that function can only be called once. If
the buffer is already externalized, we should call GetContents instead.

Also fix use-after-free bug when transferring ArrayBuffers. The transferred
ArrayBuffer must be internalized in the new isolate, or be managed by the
Shell. The current code gives it to the isolate externalized and frees it
immediately afterward when the SerializationData object is destroyed.

BUG=chromium:497295
R=jarin@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1215233004

Cr-Commit-Position: refs/heads/master@{#29499}

9 years agoSupport for global var shortcuts in script contexts.
ishell [Mon, 6 Jul 2015 16:36:28 +0000 (09:36 -0700)]
Support for global var shortcuts in script contexts.

Review URL: https://codereview.chromium.org/1218783005

Cr-Commit-Position: refs/heads/master@{#29498}

9 years agoRevert of Revert of [es6] Bound function names (patchset #1 id:1 of https://coderevie...
arv [Mon, 6 Jul 2015 16:20:35 +0000 (09:20 -0700)]
Revert of Revert of [es6] Bound function names (patchset #1 id:1 of https://codereview.chromium.org/1225793002/)

Reason for revert:
This will prevent rolls. Fixing the root issue instead.

Original issue's description:
> Revert of [es6] Bound function names (patchset #1 id:1 of https://codereview.chromium.org/1195983002/)
>
> Reason for revert:
> Incorrect behavior
>
> Original issue's description:
> > [es6] Bound function names
> >
> > https://people.mozilla.org/~jorendorff/es6-draft.html#sec-function.prototype.bind
> >
> > Bound functions should have a name based on the function that was
> > bound.
> >
> > This reverts the revert f2747ed9b48d0e62c7a30da69825ff926aeedbd2. The original
> > CL was reverted because the Blink layout test broke. I have a CL that disables
> > these tests at: https://codereview.chromium.org/1196753003/
> >
> > BUG=N
> > LOG=N
> > R=adamk
> > CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
> >
> > Committed: https://crrev.com/b6d950c979f4348138de0ec54e40dcc48d833926
> > Cr-Commit-Position: refs/heads/master@{#29193}
>
> TBR=adamk@chromium.org,verwaest@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=N
>
> Committed: https://crrev.com/744e4d4fd9316674682bc6ca30ded5866494cc1c
> Cr-Commit-Position: refs/heads/master@{#29495}

TBR=adamk@chromium.org,verwaest@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=N

Review URL: https://codereview.chromium.org/1222363002

Cr-Commit-Position: refs/heads/master@{#29497}

9 years agoFix performance regression introduced in r28961
jkummerow [Mon, 6 Jul 2015 15:29:23 +0000 (08:29 -0700)]
Fix performance regression introduced in r28961

where bound functions' length was made configurable. The bootstrapper must be kept in sync to avoid polymorphism.

BUG=chromium:500686
LOG=n
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/1221383003

Cr-Commit-Position: refs/heads/master@{#29496}

9 years agoRevert of [es6] Bound function names (patchset #1 id:1 of https://codereview.chromium...
arv [Mon, 6 Jul 2015 15:25:30 +0000 (08:25 -0700)]
Revert of [es6] Bound function names (patchset #1 id:1 of https://codereview.chromium.org/1195983002/)

Reason for revert:
Incorrect behavior

Original issue's description:
> [es6] Bound function names
>
> https://people.mozilla.org/~jorendorff/es6-draft.html#sec-function.prototype.bind
>
> Bound functions should have a name based on the function that was
> bound.
>
> This reverts the revert f2747ed9b48d0e62c7a30da69825ff926aeedbd2. The original
> CL was reverted because the Blink layout test broke. I have a CL that disables
> these tests at: https://codereview.chromium.org/1196753003/
>
> BUG=N
> LOG=N
> R=adamk
> CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
>
> Committed: https://crrev.com/b6d950c979f4348138de0ec54e40dcc48d833926
> Cr-Commit-Position: refs/heads/master@{#29193}

TBR=adamk@chromium.org,verwaest@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=N

Review URL: https://codereview.chromium.org/1225793002

Cr-Commit-Position: refs/heads/master@{#29495}

9 years agoRevert of Reland: Fix logic for incremental marking steps on tenured allocation ...
machenbach [Mon, 6 Jul 2015 13:59:30 +0000 (06:59 -0700)]
Revert of Reland: Fix logic for incremental marking steps on tenured allocation (patchset #4 id:60001 of https://codereview.chromium.org/1077153004/)

Reason for revert:
[Sheriff] Speculative revert, see:
https://code.google.com/p/chromium/issues/detail?id=506875

Original issue's description:
> Reland: Fix logic for incremental marking steps on tenured allocation
>
> BUG=
>
> Committed: https://crrev.com/5000650bde2ec0bc90d959b529c97aea20385043
> Cr-Commit-Position: refs/heads/master@{#29442}

TBR=hpayer@chromium.org,erikcorry@chromium.org
BUG=chromium:506875
LOG=n
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1212063005

Cr-Commit-Position: refs/heads/master@{#29494}

9 years ago[turbofan] Context specialization is the job of the JSContextSpecialization.
bmeurer [Mon, 6 Jul 2015 12:56:05 +0000 (05:56 -0700)]
[turbofan] Context specialization is the job of the JSContextSpecialization.

Remove the context specialization hack from the AstGraphBuilder, and
properly specialize to the function context in the context specialization.
And replace the correct context in the JSInliner.

R=mstarzinger@chromium.org
BUG=v8:4273
LOG=n

Review URL: https://codereview.chromium.org/1218873005

Cr-Commit-Position: refs/heads/master@{#29493}

9 years ago[test] Push binaries to separate folders on Android devices.
machenbach [Mon, 6 Jul 2015 12:37:31 +0000 (05:37 -0700)]
[test] Push binaries to separate folders on Android devices.

BUG=chromium:507213
LOG=n
NOTRY=true
TBR=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1213613005

Cr-Commit-Position: refs/heads/master@{#29492}

9 years ago[test] Add android perf trybots.
machenbach [Mon, 6 Jul 2015 12:17:15 +0000 (05:17 -0700)]
[test] Add android perf trybots.

BUG=chromium:502176
LOG=n
NOTRY=true

Review URL: https://codereview.chromium.org/1217503008

Cr-Commit-Position: refs/heads/master@{#29491}

9 years ago[turbofan] Fix value output count for the Start node.
bmeurer [Mon, 6 Jul 2015 12:11:50 +0000 (05:11 -0700)]
[turbofan] Fix value output count for the Start node.

The value output count for Start is currently off by 1 for code stubs,
because the CommonOperatorBuilder hardcodes the receiver parameter.

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1217553005

Cr-Commit-Position: refs/heads/master@{#29490}

9 years ago[test] Port clobber of old test262 archive files.
machenbach [Mon, 6 Jul 2015 12:09:36 +0000 (05:09 -0700)]
[test] Port clobber of old test262 archive files.

BUG=v8:4254
LOG=n
NOTRY=true
TBR=jkummerow@chromium.org
NOTREECHECKS=true

Review URL: https://codereview.chromium.org/1226803002

Cr-Commit-Position: refs/heads/master@{#29489}

9 years ago[turbofan] Cleanup Parameter creation in AstGraphBuilder.
mstarzinger [Mon, 6 Jul 2015 11:50:00 +0000 (04:50 -0700)]
[turbofan] Cleanup Parameter creation in AstGraphBuilder.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1222833002

Cr-Commit-Position: refs/heads/master@{#29488}

9 years agoDebugger: use debug break slots instead of ICs (except for calls).
yangguo [Mon, 6 Jul 2015 11:15:52 +0000 (04:15 -0700)]
Debugger: use debug break slots instead of ICs (except for calls).

BUG=v8:3147,v8:4269
LOG=N

Review URL: https://codereview.chromium.org/1218493005

Cr-Commit-Position: refs/heads/master@{#29487}

9 years ago[turbofan] Reland "Add new JSFrameSpecialization reducer." and "Perform OSR deconstru...
bmeurer [Mon, 6 Jul 2015 11:11:15 +0000 (04:11 -0700)]
[turbofan] Reland "Add new JSFrameSpecialization reducer." and "Perform OSR deconstruction early and remove type propagation.".

We have to reland these two commits at once, because the first breaks
some asm.js benchmarks without the second. The change was reverted
because of bogus checks in the verifier, which will not work in the
presence of OSR (and where hidden because of the type back propagation
hack in OSR so far). Original messages are below:

[turbofan] Add new JSFrameSpecialization reducer.

The JSFrameSpecialization specializes an OSR graph to the current
unoptimized frame on which we will perform the on-stack replacement.
This is used for asm.js functions, where we cannot reuse the OSR
code object anyway because of context specialization, and so we could as
well specialize to the max instead.

It works by replacing all OsrValues in the graph with their values
in the JavaScriptFrame.

The idea is that using this trick we get better performance without
doing the unsound backpropagation of types to OsrValues later. This
is the first step towards fixing OSR for TurboFan.

[turbofan] Perform OSR deconstruction early and remove type propagation.

This way we don't have to deal with dead pre-OSR code in the graph
and risk optimizing the wrong code, especially we don't make
optimistic assumptions in the dead code that leaks into the OSR code
(i.e. deopt guards are in dead code, but the types propagate to OSR
code via the OsrValue type back propagation).

BUG=v8:4273
LOG=n
R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1226673005

Cr-Commit-Position: refs/heads/master@{#29486}

9 years agounicode-decoder: fix out-of-band write in utf16
fedor [Mon, 6 Jul 2015 11:00:05 +0000 (04:00 -0700)]
unicode-decoder: fix out-of-band write in utf16

`WriteUtf16Slow` should not assume that the output buffer has enough
bytes to hold both words of surrogate pair. It should pass the number of
remaining bytes to the `Utf8::ValueOf` instead, just as we already do in
`Utf8DecoderBase::Reset`. Otherwise it will attempt to write the trail
uint16_t past the buffer boundary, leading to memory corruption and
possible crash.

Originally reported by: Kris Reeves <kris.re@bbhmedia.com>

BUG=v8:4274
R=danno
R=svenpanne
LOG=y

Review URL: https://codereview.chromium.org/1226493003

Cr-Commit-Position: refs/heads/master@{#29485}

9 years agoWrap elements.cc in an anonymous namespace
verwaest [Mon, 6 Jul 2015 10:40:24 +0000 (03:40 -0700)]
Wrap elements.cc in an anonymous namespace

BUG=

Review URL: https://codereview.chromium.org/1221363002

Cr-Commit-Position: refs/heads/master@{#29484}

9 years agoRevert of [test] Move test262-es6 into test262. (patchset #2 id:20001 of https:/...
machenbach [Mon, 6 Jul 2015 10:35:28 +0000 (03:35 -0700)]
Revert of [test] Move test262-es6 into test262. (patchset #2 id:20001 of https://codereview.chromium.org/1215303008/)

Reason for revert:
[Sheriff] Breaks test262 on mac

Original issue's description:
> [test] Move test262-es6 into test262.
>
> BUG=v8:4254
> LOG=n
>
> Committed: https://crrev.com/aaa457b26f6c0f624cf5887e60dc497f6dccabae
> Cr-Commit-Position: refs/heads/master@{#29479}

TBR=rossberg@chromium.org,arv@chromium.org,littledan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4254

Review URL: https://codereview.chromium.org/1227503002

Cr-Commit-Position: refs/heads/master@{#29483}

9 years agoAlways mark entire prototype descriptor arrays.
verwaest [Mon, 6 Jul 2015 10:33:12 +0000 (03:33 -0700)]
Always mark entire prototype descriptor arrays.

BUG=chromium:506952
LOG=n

Review URL: https://codereview.chromium.org/1226783002

Cr-Commit-Position: refs/heads/master@{#29482}

9 years agoDo not truncate message strings.
yangguo [Mon, 6 Jul 2015 10:25:50 +0000 (03:25 -0700)]
Do not truncate message strings.

R=ishell@chromium.org
BUG=chromium:505539
LOG=N

Review URL: https://codereview.chromium.org/1214373005

Cr-Commit-Position: refs/heads/master@{#29481}

9 years agoRevert "[turbofan] Add new JSFrameSpecialization reducer."
machenbach [Mon, 6 Jul 2015 10:01:27 +0000 (03:01 -0700)]
Revert "[turbofan] Add new JSFrameSpecialization reducer."

Also revert "[turbofan] Perform OSR deconstruction early and remove type propagation."

This reverts commit b0a852e8c2ce2add1ba8a26d572aff39af0968a3.

This reverts commit cdbb6c485b8d07fd4ad1cb000d54a937507e3b3e.

NOTRY=true
NOTREECHECKS=true
BUG=v8:4273
LOG=n
TBR=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1225743002

Cr-Commit-Position: refs/heads/master@{#29480}

9 years ago[test] Move test262-es6 into test262.
machenbach [Mon, 6 Jul 2015 09:24:32 +0000 (02:24 -0700)]
[test] Move test262-es6 into test262.

BUG=v8:4254
LOG=n

Review URL: https://codereview.chromium.org/1215303008

Cr-Commit-Position: refs/heads/master@{#29479}

9 years ago[turbofan] Perform OSR deconstruction early and remove type propagation.
bmeurer [Mon, 6 Jul 2015 09:15:14 +0000 (02:15 -0700)]
[turbofan] Perform OSR deconstruction early and remove type propagation.

This way we don't have to deal with dead pre-OSR code in the graph and
risk optimizing the wrong code, especially we don't make optimistic
assumptions in the dead code that leaks into the OSR code (i.e. deopt
guards are in dead code, but the types propagate to OSR code via the
OsrValue type back propagation).

BUG=v8:4273
LOG=n
R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1215333005

Cr-Commit-Position: refs/heads/master@{#29478}

9 years agoCleanup Delete backend implementation.
verwaest [Mon, 6 Jul 2015 08:53:41 +0000 (01:53 -0700)]
Cleanup Delete backend implementation.

BUG=v8:4137
LOG=n

Review URL: https://codereview.chromium.org/1218813012

Cr-Commit-Position: refs/heads/master@{#29477}

9 years ago[turbofan] Add new JSFrameSpecialization reducer.
bmeurer [Mon, 6 Jul 2015 08:27:03 +0000 (01:27 -0700)]
[turbofan] Add new JSFrameSpecialization reducer.

The JSFrameSpecialization specializes an OSR graph to the current
unoptimized frame on which we will perform the on-stack replacement.
This is used for asm.js functions, where we cannot reuse the OSR code
object anyway because of context specialization, and so we could as well
specialize to the max instead.

It works by replacing all OsrValues in the graph with their values in
the JavaScriptFrame.

The idea is that using this trick we get better performance without
doing the unsound backpropagation of types to OsrValues later. This is
the first step towards fixing OSR for TurboFan.

R=jarin@chromium.org
BUG=v8:4273
LOG=n

Review URL: https://codereview.chromium.org/1225683004

Cr-Commit-Position: refs/heads/master@{#29476}

9 years agoRevert of Concurrent sweeping of code space. (patchset #4 id:60001 of https://coderev...
machenbach [Mon, 6 Jul 2015 08:25:55 +0000 (01:25 -0700)]
Revert of Concurrent sweeping of code space. (patchset #4 id:60001 of https://codereview.chromium.org/1222013002/)

Reason for revert:
[Sheriff] Increased flaky crashes. See:
https://code.google.com/p/v8/issues/detail?id=4275

Original issue's description:
> Concurrent sweeping of code space.
>
> BUG=
>
> Committed: https://crrev.com/3050b52f57d652dc45c8baf416e174f22dc2c159
> Cr-Commit-Position: refs/heads/master@{#29456}

TBR=jochen@chromium.org,hpayer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1223763003

Cr-Commit-Position: refs/heads/master@{#29475}

9 years agoRemove usage of to-be-deprecated APIs from tools
jochen [Mon, 6 Jul 2015 07:11:40 +0000 (00:11 -0700)]
Remove usage of to-be-deprecated APIs from tools

BUG=v8:4134
R=bmeurer@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1217123004

Cr-Commit-Position: refs/heads/master@{#29474}

9 years agoMake v8::Handle as "deprecated soon"
jochen [Mon, 6 Jul 2015 07:09:07 +0000 (00:09 -0700)]
Make v8::Handle as "deprecated soon"

BUG=v8:4131
R=bmeurer@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1224623004

Cr-Commit-Position: refs/heads/master@{#29473}

9 years ago[turbofan] Fix bogus materialization from frame with OSR.
mstarzinger [Mon, 6 Jul 2015 03:40:22 +0000 (20:40 -0700)]
[turbofan] Fix bogus materialization from frame with OSR.

The context constant cannot be materialized from the frame when we are
compiling for OSR, because the context spill slot contains the current
instead of the outermost context in full-codegen.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1220013003

Cr-Commit-Position: refs/heads/master@{#29472}

9 years ago[turbofan] Use OSR value for innermost context value.
mstarzinger [Mon, 6 Jul 2015 03:39:15 +0000 (20:39 -0700)]
[turbofan] Use OSR value for innermost context value.

This changes the OsrValue insertion in the AstGraphBuilder to emit a
proper OsrValue instead of a special Parameter for the inner context
value at the OSR entry point.

R=titzer@chromium.org

Review URL: https://codereview.chromium.org/1213043005

Cr-Commit-Position: refs/heads/master@{#29471}

9 years agoRevert of Replace reduce-memory mode in idle notification with delayed clean-up GC...
machenbach [Sun, 5 Jul 2015 18:18:45 +0000 (11:18 -0700)]
Revert of Replace reduce-memory mode in idle notification with delayed clean-up GC. (patchset #17 id:320001 of https://codereview.chromium.org/1218863002/)

Reason for revert:
[Sheriff] Looks like it blocks the roll (bisected). Speculative revert.
https://codereview.chromium.org/1210293003/

Original issue's description:
> Replace reduce-memory mode in idle notification with delayed clean-up GC.
>
> BUG=490559
> LOG=NO
>
> Committed: https://crrev.com/0ecd9e1bd2c6b519d4e7285f46cb7e844bc2235c
> Cr-Commit-Position: refs/heads/master@{#29451}

TBR=hpayer@chromium.org,ulan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=490559

Review URL: https://codereview.chromium.org/1226703002

Cr-Commit-Position: refs/heads/master@{#29470}