review.tizen.org Git - platform/upstream/v8.git/log

X87:  [Interpreter] Add support for parameter variables.

port 5d975694e4d3ecf66716cc5395d4d10c9730f9dd (r30403)

original commit message:

    Adds support for parameters to the BytecodeArrayBuilder and BytecodeGenerator.
    Parameters are accessed as negative interpreter registers.

R=weiliang.lin@intel.com
BUG=

Review URL: https://codereview.chromium.org/1324453003

Cr-Commit-Position: refs/heads/master@{#30440}

Use ShouldEnsureSpaceForLazyDeopt more.

R=mcilroy@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1310283005

Cr-Commit-Position: refs/heads/master@{#30439}

Native context: do not put public symbols and flags on the js builtins object.

R=cbruni@chromium.org,mlippautz@chromium.org

Review URL: https://codereview.chromium.org/1318043002

Cr-Commit-Position: refs/heads/master@{#30438}

[test] Fix wrong mjsunit.status line.

TBR=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1325453002 .

Cr-Commit-Position: refs/heads/master@{#30437}

[test] Properly disable test that doesn't work in GC stress.

The magic "print(i)" work-around was no longer work-arounding correctly,
so we do the right thing instead now.

TBR=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1306843004 .

Cr-Commit-Position: refs/heads/master@{#30436}

[es6] Implement spec compliant ToName (actually ToPropertyKey).

This adds a %ToName runtime entry that uses the previously introduced
Object::ToName, which is based on the new Object::ToPrimitive method.
Also removes the need to expose ToName in various way via the builtins
and/or context.

Drive-by-fix: Let %HasProperty do the ToName conversion implicitly as
required.

BUG=v8:4307
LOG=n

Review URL: https://codereview.chromium.org/1319133002

Cr-Commit-Position: refs/heads/master@{#30435}

[es6] Implement spec compliant ToPrimitive in the runtime.

This is the first step towards a spec compliant ToPrimitive
implementation (and therefore spec compliant ToNumber, ToString,
ToName, and friends).  It adds support for the @@toPrimitive
symbol that was introduced with ES2015, and also adds the new
Symbol.prototype[@@toPrimitive] and Date.prototype[@@toPrimitive]
initial properties.

There are now runtime functions for %ToPrimitive, %ToNumber and
%ToString, which do the right thing and should be used as fallbacks
instead of the hairy runtime.js implementations.  I will do the
same for the other conversion operations mentioned by the spec in
follow up CLs.  Once everything is in place we can look into
optimizing things further, so that we don't always call into the
runtime.

Also fixed Date.prototype.toJSON to be spec compliant.

R=mstarzinger@chromium.org, yangguo@chromium.org
BUG=v8:4307
LOG=y

Review URL: https://codereview.chromium.org/1306303003

Cr-Commit-Position: refs/heads/master@{#30434}

Reduce the number of entrypoints to the compiler pipeline by one. Always require caller to provide a CompilationInfo.

R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1317113004

Cr-Commit-Position: refs/heads/master@{#30433}

Vector ICs: Make the Oracle gather feedback for vector stores.

Also, polymorphic element stores have a slightly different shape for the array
attached to a vector slot. It's of the form [map, map, handler], where the 2nd
map is either a transition map or undefined (the maps are actually in
WeakCells).

Review URL: https://codereview.chromium.org/1316953003

Cr-Commit-Position: refs/heads/master@{#30432}

Disallow yield in default parameter initializers

R=adamk@chromium.org
LOG=N
BUG=v8:4397

Review URL: https://codereview.chromium.org/1320673007

Cr-Commit-Position: refs/heads/master@{#30431}

[turbofan] Fix unified stack slots for embedded constant pools.

Account for the constant pool pointer slot during register allocation
data initialization.

R=danno@chromium.org, titzer@chromium.org, bmeurer@chromium.org, mcilroy@chromium.org,
TEST=cctest/test-run-machops/RunSpillConstantsAndParameters
BUG=

Review URL: https://codereview.chromium.org/1317123003

Cr-Commit-Position: refs/heads/master@{#30430}

[simd.js] Add SIMD store functions for Phase 1.

Float32x4, Int32x4, Uint32x4:
store, store1, store2, store3

Int16x8, Int8x16, Uint16x8, Uint8x16:
store

BUG=v8:4124
LOG=N

R=bbudge@chromium.org, littledan@chromium.org, jarin@chromium.org

Review URL: https://codereview.chromium.org/1304183004

Cr-Commit-Position: refs/heads/master@{#30429}

[heap] Make compaction space accept external memory.

BUG=chromium:524425
LOG=N

Review URL: https://codereview.chromium.org/1322523004

Cr-Commit-Position: refs/heads/master@{#30428}

Remove CompilationInfo::MayUseThis() and replace it with what we really want to know: MustReplaceUndefinedReceiverWithGlobalProxy.

R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1312713004

Cr-Commit-Position: refs/heads/master@{#30427}

[V8] Report JSON parser script to DevTools

If JSON contains SyntaxError then V8 will report exception and won't report compile error.

LOG=Y
BUG=chromium:515382
R=yangguo@chromium.org,yurys@chromium.org

Review URL: https://codereview.chromium.org/1308123006

Cr-Commit-Position: refs/heads/master@{#30426}

[turbofan] LiveRange splintering optimizations.

Related to 1318893002 - another source of regressions in
benchmarks sensitive to compile time is the splintering
logic. This change addresses some, but not all, of that. In
particular, there are still some places (figuring out if a
range has a hole right where a deferred set of blocks is)
that need another look.

BUG=chromium:1318893002
LOG=n

Review URL: https://codereview.chromium.org/1319843002

Cr-Commit-Position: refs/heads/master@{#30425}

PPC: [Interpreter] Add support for parameter variables.

Port 5d975694e4d3ecf66716cc5395d4d10c9730f9dd

Original commit message:
Adds support for parameters to the BytecodeArrayBuilder and BytecodeGenerator.
Parameters are accessed as negative interpreter registers.

R=rmcilroy@chromium.org, jyan@ca.ibm.com, dstence@us.ibm.com, joransiu@ca.ibm.com
BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1308373003

Cr-Commit-Position: refs/heads/master@{#30424}

Synchronize on concurrent slot buffer entries during migration.

BUG=chromium:524425
LOG=n

Review URL: https://codereview.chromium.org/1314133004

Cr-Commit-Position: refs/heads/master@{#30423}

[simd.js] Add SIMD load functions for Phase 1.

Float32x4, Int32x4, Uint32x4:
load, load1, load2, load3

Int16x8, Int8x16, Uint16x8, Uint8x16:
load

BUG=v8:4124
LOG=N

Review URL: https://codereview.chromium.org/1302133002

Cr-Commit-Position: refs/heads/master@{#30422}

Use committer list from chrome-infra-auth group project-v8-committers

R=machenbach@chromium.org
BUG=chromium:511311
LOG=N

Review URL: https://codereview.chromium.org/1312953002

Cr-Commit-Position: refs/heads/master@{#30421}

PPC: Fix "Correctify instanceof and make it optimizable."

R=jyan@ca.ibm.com, dstence@us.ibm.com, joransiu@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1318823006

Cr-Commit-Position: refs/heads/master@{#30420}

PPC: Correctify instanceof and make it optimizable.

Port 5d875a57fa2e65c1a4a6b50aeb23c38299c3cfbc

Original commit message:
    The previous hack with HInstanceOfKnownGlobal was not only slower,
    but also very brittle and required a lot of weird hacks to support it. And
    what's even more important it wasn't even correct (because a map check
    on the lhs is never enough for instanceof).

    The new implementation provides a sane runtime implementation
    for InstanceOf plus a fast case in the InstanceOfStub, combined with
    a proper specialization in the case of a known global in CrankShaft,
    which does only the prototype chain walk (coupled with a code
    dependency on the known global).

    As a drive-by-fix: Also fix the incorrect Object.prototype.isPrototypeOf
    implementation.

R=bmeurer@chromium.org, jyan@ca.ibm.com, dstence@us.ibm.com, joransiu@ca.ibm.com
BUG=v8:4376
LOG=n

Review URL: https://codereview.chromium.org/1314263002

Cr-Commit-Position: refs/heads/master@{#30419}

[heap] Get rid of dead code in HeapIterator.

BUG=

Review URL: https://codereview.chromium.org/1319953003

Cr-Commit-Position: refs/heads/master@{#30418}

[turbofan] Remove obsolete BuildLoadBuiltinsObject.

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1305163008

Cr-Commit-Position: refs/heads/master@{#30417}

[wasm] Move the (conditional) installation of the WASM api into bootstrapper.cc.

R=mstarzinger@chromium.org,yangguo@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1319003002

Cr-Commit-Position: refs/heads/master@{#30416}

Clear SMI and non-evacuation candidate entries when filtering the slots buffer.

BUG=

Review URL: https://codereview.chromium.org/1313383005

Cr-Commit-Position: refs/heads/master@{#30415}

PPC: [interpreter]: Changes to interpreter builtins for accumulator and register file registers.

Port 00df60d1c6943a10fb5ca84fce2c017dcd2001f5

Original commit message:
    Makes the following modifications to the interpreter builtins and
    InterpreterAssembler:
     - Adds an accumulator register and initializes it to undefined()
     - Adds a register file pointer register and use it instead of FramePointer to
       access registers
     - Modifies builtin to support functions with 0 regiters in the register file
     - Modifies builtin to Call rather than TailCall to first bytecode handler.

R=rmcilroy@chromium.org, jyan@ca.ibm.com, dstence@us.ibm.com, joransiu@ca.ibm.com
BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1309113003

Cr-Commit-Position: refs/heads/master@{#30414}

PPC: Make Simulator respect C stack limits as well.

Port 7fb31bdba4f2a0320507956a085f083d76bce48c

Original commit message:
    The simulator uses a separate JS stack, exhaustion of the C stack
    however is not caught by JS limit checks. This change now lowers the
    limit of the JS stack accordingly on function calls.

R=mstarzinger@chromium.org, jyan@ca.ibm.com, dstence@us.ibm.com, joransiu@ca.ibm.com
BUG=chromium:522380
LOG=n

Review URL: https://codereview.chromium.org/1309303005

Cr-Commit-Position: refs/heads/master@{#30413}

[heap] Remove raw unchecked root set accessors.

R=hpayer@chromium.org
BUG=v8:1490
LOG=n

Review URL: https://codereview.chromium.org/1305163007

Cr-Commit-Position: refs/heads/master@{#30412}

Wait for concurrent unmapping tasks in GC prologue.

BUG=chromium:525372
LOG=n

Review URL: https://codereview.chromium.org/1320893002

Cr-Commit-Position: refs/heads/master@{#30411}

Adding ElementsAccessor Splice
- remove the Backing-Store specific code from builtins.cc and put it in elements.cc.
- adding tests to improve coverage of the splice method

BUG=

Review URL: https://codereview.chromium.org/1312033003

Cr-Commit-Position: refs/heads/master@{#30410}

Move runtime helper for ToName conversion onto Object.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1306043003

Cr-Commit-Position: refs/heads/master@{#30409}

[heap] Limit friendship of the Heap class to essentials.

This makes it clear that only components within the "heap" directory
should be friends with the Heap class. The two notable exceptions are
Factory and Isolate which represent external interfaces into the heap.

R=mlippautz@chromium.org

Review URL: https://codereview.chromium.org/1320843002

Cr-Commit-Position: refs/heads/master@{#30408}

[heap] Add compaction space.

The CompactionSpace is temporarily used during compaction to hold migrated
objects. The payload is merged back into the corresponding space after
compaction.

Note the this is not the complete implementation and it is currently only used in a test.

BUG=chromium:524425
LOG=N

Review URL: https://codereview.chromium.org/1314493007

Cr-Commit-Position: refs/heads/master@{#30407}

[interpreter] Fix gcmole error after r30404.

BUG=v8:4280
LOG=N
TBR=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1319943002

Cr-Commit-Position: refs/heads/master@{#30406}

Remove builtin/runtime name clash presubmit check.

It has become obsolete since we do the name lookup at compile time.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1319893004

Cr-Commit-Position: refs/heads/master@{#30405}

[interpreter] Add constant_pool() to BytecodeArray.

Adds a (currently unused) constant_pool() field to BytecodeArray objects.
This field points to a FixedArray object which will be used to hold constants.

The BytecodeArray is now a mixed values object type, with the
kConstantPoolOffset object holding a tagged pointer, but the remainder of the
object holding raw bytes (which could look like tagged pointers but are not).
Modify the BytecodeArray GC visitors to deal with this and test that the
field is migrated properly when evacuated.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1314953004

Cr-Commit-Position: refs/heads/master@{#30404}

[Interpreter] Add support for parameter variables.

Adds support for parameters to the BytecodeArrayBuilder and BytecodeGenerator.
Parameters are accessed as negative interpreter registers.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1303403004

Cr-Commit-Position: refs/heads/master@{#30403}

Move (uppercase) JS builtins from js builtins object to native context.

R=bmeurer@chromium.org, mstarzinger@chromium.org, rmcilroy@chromium.org

Review URL: https://codereview.chromium.org/1316943002

Cr-Commit-Position: refs/heads/master@{#30402}

Vector ICs: Stop iterating the heap to clear keyed store ics.

When vector based stores are on, we don't need to do this anymore.

BUG=

Review URL: https://codereview.chromium.org/1314433004

Cr-Commit-Position: refs/heads/master@{#30401}

[turbofan] LiveRange splinter merging optimizations.

A few benchmarks, e.g. Massive/SQLite, turn out to be
sensitive to compile time. Upon analysis, splinter merging
and then splinter creation (splitting) appear to be the main
contributors to such regressions. This change tackles main
sources of regression in Merging. Profiling SQLite shows,
after this change, Merging as noise (down from main C++
contributor of samples)

BUG=chromium:1318893002
LOG=n

Review URL: https://codereview.chromium.org/1318893002

Cr-Commit-Position: refs/heads/master@{#30400}

[turbofan] Ensure stackcheck flags do something.

While the intention is to eventually do away with
FLAG_turbo_loop_stackcheck and FLAG_turbo_preprocess_range,
they are useful for the interim we are still testing and
benchmarking the feature.

Review URL: https://codereview.chromium.org/1314163003

Cr-Commit-Position: refs/heads/master@{#30399}

Spliting out TyperCache into ZoneTypeCache to share with AsmTyper.

The zone type cache would be handy inside the asm.js typer.
Pulling it out into a seperate inlinable header to allow sharing.

BUG=https://code.google.com/p/v8/issues/detail?id=4203
TEST=None
R=andreas@chromium.org,titzer@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/1307093006

Cr-Commit-Position: refs/heads/master@{#30398}

PPC: Fix InterpreterEntryTrampoline().

R=jyan@ca.ibm.com, dstence@us.ibm.com, joransiu@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1315173004

Cr-Commit-Position: refs/heads/master@{#30397}

PPC: [turbofan] Unify referencing of stack slots

Port cbbaf9ea6abbc0417ee5765a4c58f1dda939ead0

Note that the above commit breaks embedded constant pools and will need to
be revised in a future CL.

Original commit message:
    Previously, it was not possible to specify StackSlotOperands for all
    slots in both the caller and callee stacks. Specifically, the region
    of the callee's stack including the saved return address, frame
    pointer, function pointer and context pointer could not be addressed
    by the register allocator/gap resolver.

    In preparation for better tail call support, which will use the gap
    resolver to reconcile outgoing parameters, this change makes it
    possible to address all slots on the stack, because slots in the
    previously inaccessible dead zone may become parameter slots for
    outgoing tail calls. All caller stack slots are accessible as they
    were before, with slot -1 corresponding to the last stack
    parameter. Stack slot indices >= 0 access the callee stack, with slot
    0 corresponding to the callee's saved return address, 1 corresponding
    to the saved frame pointer, 2 corresponding to the current function
    context, 3 corresponding to the frame marker/JSFunction, and slots 4
    and above corresponding to spill slots.

    The following changes were specifically     needed:

    * Frame     has been changed to explicitly manage three areas of the
      callee frame, the fixed header, the spill slot area, and the
      callee-saved register area.
    * Conversions from stack slot indices to fp offsets all now go through
      a common bottleneck: OptimizedFrame::StackSlotOffsetRelativeToFp
    * The generation of deoptimization translation tables has been changed
      to support the new stack slot indexing scheme. Crankshaft, which
      doesn't support the new slot numbering in its register allocator,
      must adapt the indexes when creating translation tables.
    * Callee-saved parameters are now kept below spill slots, not above,
      to support saving only the optimal set of used registers, which is
      only known after register allocation is finished and spill slots
      have been allocated.

R=danno@chromium.org, titzer@chromium.org, jyan@ca.ibm.com, dstence@us.ibm.com, joransiu@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1321553002

Cr-Commit-Position: refs/heads/master@{#30396}

PPC: Fix "[turbofan] Support unboxed float and double stack parameters."

R=titzer@chromium.org, jyan@ca.ibm.com, dstence@us.ibm.com, joransiu@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1315183002

Cr-Commit-Position: refs/heads/master@{#30395}

PPC: Cleanup: Remove unncessary leave_frame parameter from stub cache.

Port fe432e1ace48c345c659c0bcb6a84798bca0b15e

R=mvstanton@chromium.org, jyan@ca.ibm.com, dstence@us.ibm.com, joransiu@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1321483003

Cr-Commit-Position: refs/heads/master@{#30394}

PPC: VectorICs: New interface descriptor for vector transitioning stores.

Port cd35155918f8f1a081a208721a878deba00a252b

R=mvstanton@chromium.org, jyan@ca.ibm.com, dstence@us.ibm.com, joransiu@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1319763004

Cr-Commit-Position: refs/heads/master@{#30393}

PPC: [simd.js] Single SIMD128_VALUE_TYPE for all Simd128Values.

Port f4c079d450a5990639b295d40a3d1663d70412d6

Original commit message:
    There's no need to have one InstanceType per SIMD primitive type (this
    will not scale long-term).  Also reduce the amount of code duplication
    and make it more robust wrt adding new SIMD types.

R=bmeurer@chromium.org, jyan@ca.ibm.com, dstence@us.ibm.com, joransiu@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1312513004

Cr-Commit-Position: refs/heads/master@{#30392}

PPC: Fix "Move regexp implementation into its own folder."

R=yangguo@chromium.org, jyan@ca.ibm.com, dstence@us.ibm.com, joransiu@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1319783002

Cr-Commit-Position: refs/heads/master@{#30391}

PPC: [compiler] Remove broken support for undetectable strings.

Port b62dbf1efdec68ae709b0e91d3b7c13171b720c9

Original commit message:
    Support for undetectable strings was officially dropped in
    https://codereview.chromium.org/916753002, but the compilers
    weren't fixed properly.

R=bmeurer@chromium.org, jyan@ca.ibm.com, dstence@us.ibm.com, joransiu@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1312473012

Cr-Commit-Position: refs/heads/master@{#30390}

Remove named load from builtin in default super call.

R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/1314493006

Cr-Commit-Position: refs/heads/master@{#30389}

[parser] disallow language mode directive in body of function with non-simple parameters

TC39 agreed to disallow "use strict" directives in function body when
non-simple parameter lists are used.

This is a continuation of caitp's CL https://codereview.chromium.org/1281163002/
with some refactorings removed for now.

Still TODO: there is a lot of duplication between the is_simple field of
FormalParametersBase and the NonSimpleParameter property ExpressionClassifier
keeps track of. It should be possible to remove the former with a minor
refactoring of arrow function parsing. This will be attempted in a follow-up CL.

BUG=
LOG=N

Review URL: https://codereview.chromium.org/1300103005

Cr-Commit-Position: refs/heads/master@{#30388}

Move runtime helper for JSArrayBuffer onto objects.

R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/1305383003

Cr-Commit-Position: refs/heads/master@{#30387}

[es6] Make harmony_destructuring imply harmony_default_parameters

When encountering a "=" token in ParseAssignmentExpression, the default
parameter case is not locally distinguishable from the destructuring case.

BUG=

Review URL: https://codereview.chromium.org/1317843002

Cr-Commit-Position: refs/heads/master@{#30386}

Move runtime helper for JSWeakCollection onto objects.

R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/1314053003

Cr-Commit-Position: refs/heads/master@{#30385}

Move runtime helper for JSSet and JSMap onto objects.

R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/1312413002

Cr-Commit-Position: refs/heads/master@{#30384}

Synchronize on concurrent store buffer entries.

BUG=chromium:524425
LOG=n

Review URL: https://codereview.chromium.org/1313313002

Cr-Commit-Position: refs/heads/master@{#30383}

Install js intrinsic fallbacks for array functions on the native context.

R=cbruni@chromium.org

Review URL: https://codereview.chromium.org/1309503003

Cr-Commit-Position: refs/heads/master@{#30382}

In generators, "yield" cannot be an arrow formal parameter name

Thanks to André Bargull for the report.

BUG=v8:4212
LOG=N
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/1309523005

Cr-Commit-Position: refs/heads/master@{#30381}

[runtime] Remove the redundant %_IsObject intrinsic.

%_IsObject(foo) is equivalent to typeof foo === 'object' and has
exactly the same optimizations, so there's zero need for %_IsObject
in our code base.

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1313903003

Cr-Commit-Position: refs/heads/master@{#30380}

Call JS functions via native context instead of js builtins object.

We look up %-functions in the context if not found in the runtime.

R=bmeurer@chromium.org, mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1306993003

Cr-Commit-Position: refs/heads/master@{#30379}

Vector ICs: Ensure KeyedAccessStore mode is encoded in all handlers.

For vector-based keyed store ics, we need to know the current
KeyedAccessStore mode on ic MISS, and to produce optimized code.

We can't store this mode, which can change on any MISS in the IC
without patching. Therefore, this CL makes sure that the information is
redundantly available in the handlers embedded in the IC. This way,
when --vector-stores is turned on, we'll be able to extract that
information from the vector which maintains a list of these handlers.

BUG=

Review URL: https://codereview.chromium.org/1312693004

Cr-Commit-Position: refs/heads/master@{#30378}

[heap] User safer root set accessor when possible.

R=mlippautz@chromium.org

Review URL: https://codereview.chromium.org/1312763006

Cr-Commit-Position: refs/heads/master@{#30377}

X87: Correctify instanceof and make it optimizable.

port 5d875a57fa2e65c1a4a6b50aeb23c38299c3cfbc (r30342).

original commit message:

    The previous hack with HInstanceOfKnownGlobal was not only slower,
    but also very brittle and required a lot of weird hacks to support it. And
    what's even more important it wasn't even correct (because a map check
    on the lhs is never enough for instanceof).

    The new implementation provides a sane runtime implementation
    for InstanceOf plus a fast case in the InstanceOfStub, combined with
    a proper specialization in the case of a known global in CrankShaft,
    which does only the prototype chain walk (coupled with a code
    dependency on the known global).

    As a drive-by-fix: Also fix the incorrect Object.prototype.isPrototypeOf
    implementation.

R=weiliang.lin@intel.com
BUG=

Review URL: https://codereview.chromium.org/1318663003

Cr-Commit-Position: refs/heads/master@{#30376}

[turbofan] Fix broken dynamic TDZ check for let and const.

This fixes broken dynamic hole-checks for the temporal dead zone of
non-initializing assignments to {let} and {const} declared variables.
Also note that this exemplifies a case where the dynamic check for such
assignments to {let} declared variables can no longer be elided as the
comment suggested.

R=rossberg@chromium.org
TEST=mjsunit/regress/regress-4388
BUG=v8:4388
LOG=n

Review URL: https://codereview.chromium.org/1318693002

Cr-Commit-Position: refs/heads/master@{#30375}

Do not inline array resize operations for outdated prototype maps.

BUG=chromium:523213
LOG=N

Review URL: https://codereview.chromium.org/1313303002

Cr-Commit-Position: refs/heads/master@{#30374}

Parse arrow functions at proper precedence level

BUG=v8:4211
LOG=Y
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/1315823002

Cr-Commit-Position: refs/heads/master@{#30373}

[heap] Prevent direct access to ExternalStringTable.

R=mlippautz@chromium.org

Review URL: https://codereview.chromium.org/1312553003

Cr-Commit-Position: refs/heads/master@{#30372}

Don't explicitly tear down code range in cctest/test-alloc/CodeRange to avoid double-free.

BUG=v8:4141
LOG=n
R=mlippautz@chromium.org

Review URL: https://codereview.chromium.org/1312213007 .

Cr-Commit-Position: refs/heads/master@{#30371}

[turbofan] Separate LiveRange and TopLevelLiveRange concepts

A TopLevelLiveRange is the live range of a virtual register. Through
register allocation, it may end up being split in a succession of child
live ranges, where data flow is handled through moves from
predecessor to successor child.

Today, the concepts of "top level" and "child" live ranges are conflated
under the LiveRange class. However, a good few APIs pertain solely
to TopLevelLiveRanges. This was communicated through comments or
DCHECKs - but this makes for poor code comprehensibility and maintainability.

For example, the worklist of the register allocator (live_ranges()) needs
to only contain TopLevelLiveRanges; spill range concerns are associated
only with the top range; phi-ness; certain phases in the allocation pipeline;
APIs on LiveRange used for initial construction - before splitting;
splintering - these are all responsibilities associated to TopLevelLiveRanges,
and not child live ranges.

This change separates the concepts.

An effect of this change is that child live range allocation need not involve
RegisterAllocationData. That's "a good thing" (lower coupling), but it has
the side-effect of not having a good way to construct unique identifiers for
child live ranges, relative to a given InstructionSequence.

LiveRange Id are used primarily for tracing/output-ing, and debugging.

I propose a 2-component identifier: a virtual register (vreg) number,
uniquely identifying TopLevelLiveRanges; and a relative identifier, which
uniquely identifies children of a given TopLevelLiveRange. "0" is reserved
for the TopLevel range. The relative identifier does not necessarily
indicate order in the child chain, which is no worse than the current state
of affairs.

I believe this change should make it easier to understand a trace output
(because the virtual register number is readily available). I plan to formalize
with a small structure the notion of live range id, and consolidate tracing
around that, as part of a separate CL. (there are seemingly disparate ways
to trace - printf or stream-based APIs - so this seems like an opportune
change to consolidate that)

Review URL: https://codereview.chromium.org/1311983002

Cr-Commit-Position: refs/heads/master@{#30370}

Update V8 DEPS.

Rolling v8/third_party/icu to 6b3ce817f8e828c3b7a577d2395f0882eb56ef18

TBR=machenbach@chromium.org

Review URL: https://codereview.chromium.org/1311613003

Cr-Commit-Position: refs/heads/master@{#30369}

X87: [Interpreter] Pass context to interpreter bytecode handlers and add LoadConstextSlot

   For X87 platform, it has the same general register as ia32 and it will spill the
   context to the stack too.

port bfdc22d7fc1bc046a38770a676619eee613222f3 (r29325).

original commit message:

    Passes the current context to bytecode interpreter handlers. This is held in the
    context register on all architectures except for ia32 where there are too few
    registers and it is instead spilled to the stack.

    Also changes Load/StoreRegister to use kMachAnyTagged representation since they
    should only ever hold tagged values.

BUG=

Review URL: https://codereview.chromium.org/1316583003

Cr-Commit-Position: refs/heads/master@{#30368}

Visit additional AST nodes as expressions in AstExpressionVisitor .

Visit AST Property nodes as expressions in AstExpressionVisitor.
Visit Yield and Throw as they are expressions too.

BUG= https://code.google.com/p/v8/issues/detail?id=4203
TEST=test-ast-expression-visitor, test-typing-reset
R=rossberg@chromium.org,titzer@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/1314843002

Cr-Commit-Position: refs/heads/master@{#30367}

[simd.js] Clean up bad merge in messages.js
Eliminates duplicate var's and assignments.

LOG=N
BUG=v8:4124

Review URL: https://codereview.chromium.org/1315993002

Cr-Commit-Position: refs/heads/master@{#30366}

Test262 roll to the 2015-8-25 version

Review URL: https://codereview.chromium.org/1317723003

Cr-Commit-Position: refs/heads/master@{#30365}

--harmony-sloppy-function depends on --harmony-sloppy

The lack of marking this dependency led to a ClusterFuzz crash when
sloppy-function was on but not sloppy. This case does not make sense.

R=adamk
LOG=N
BUG=chromium:520891

Review URL: https://codereview.chromium.org/1316773004

Cr-Commit-Position: refs/heads/master@{#30364}

[es6] Remaining cases of parameter scopes for sloppy eval

R=littledan@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1303013007

Cr-Commit-Position: refs/heads/master@{#30363}

[es6] Fix computed property names in nested literals

Make ObjectLiteral::is_simple() false for literals containing computed
property names, which causes IsCompileTimeValue() to return false and
thus force code to be generated for setting up such properties. This
mirrors the handling of '__proto__' in literals.

BUG=v8:4387
LOG=y

Review URL: https://codereview.chromium.org/1307943007

Cr-Commit-Position: refs/heads/master@{#30362}

[es6] Correct length for functions with default parameters

R=adamk@chromium.org
BUG=v8:2160
LOG=N

Review URL: https://codereview.chromium.org/1311163002

Cr-Commit-Position: refs/heads/master@{#30361}

Fix AstExpressionVisitor to correctly handle switch + for.

These were missed by the previous tests,
uncovered in another context.

BUG= https://code.google.com/p/v8/issues/detail?id=4203
TEST=test-ast-expression-visitor
R=rossberg@chromium.org,titzer@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/1316633002

Cr-Commit-Position: refs/heads/master@{#30360}

Add basic support for parallel compaction and flag.

BUG=524425
LOG=n

Review URL: https://codereview.chromium.org/1314903002

Cr-Commit-Position: refs/heads/master@{#30359}

[heap] Enforce coding style decl order in {Heap} round #3.

R=mlippautz@chromium.org

Review URL: https://codereview.chromium.org/1304873006

Cr-Commit-Position: refs/heads/master@{#30358}

[turbofan] Deferred blocks splintering.

This change encompasses what is necessary to enable stack checks in loops without suffering large regressions.

Primarily, it consists of a new mechanism for dealing with deferred blocks by "splintering", rather than splitting, inside deferred blocks.

My initial change was splitting along deferred block boundaries, but the regression introduced by stackchecks wasn't resolved conclusively. After investigation, it appears that just splitting ranges along cold block boundaries leads to a greater opportunity for moves on the hot path, hence the suboptimal outcome.

The alternative "splinters" ranges rather than splitting them. While splitting creates 2 ranges and links them (parent-child), in contrast, splintering creates a new independent range with no parent-child relation to the original. The original range appears as if it has a liveness hole in the place of the splintered one. All thus obtained ranges are then register allocated with no change to the register allocator.

The splinters (cold blocks) do not conflict with the hot path ranges, by construction. The hot path ones have less pressure to split, because we remove a source of conflicts. After allocation, we merge the splinters back to their original ranges and continue the pipeline. We leverage the previous changes made for deferred blocks (determining where to spill, for example).

Review URL: https://codereview.chromium.org/1305393003

Cr-Commit-Position: refs/heads/master@{#30357}

Allow more scavenges during idle times by pushing down the idle new space limit.

BUG=

Review URL: https://codereview.chromium.org/1313083002

Cr-Commit-Position: refs/heads/master@{#30356}

[heap] Prevent direct access to StoreBuffer.

R=mlippautz@chromium.org

Review URL: https://codereview.chromium.org/1317553002

Cr-Commit-Position: refs/heads/master@{#30355}

[interpreter] Allow verification and trace-turbo for bytecode handlers.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1308863004

Cr-Commit-Position: refs/heads/master@{#30354}

[simd.js] Update to spec version 0.8.2.

Adds Uint32x4, Uint16x8, and Uint8x16 types.
Adds all functions in the current spec, except for loads and stores.

LOG=Y
BUG=v8:4124

Committed: https://crrev.com/4be6d37fd1ad0a6e0ea37da8863ae5169c2b89ba
Cr-Commit-Position: refs/heads/master@{#30322}

Review URL: https://codereview.chromium.org/1294513004

Cr-Commit-Position: refs/heads/master@{#30353}

[Interpreter] Add implementations of arithmetic binary op bytecodes.

Adds implementations and tests for the following bytecodes:
  - Add
  - Sub
  - Mul
  - Div
  - Mod

Also adds the Mod bytecode and adds support to BytecodeGenerator and
BytecodeArrayBuilder to enable it's use.

The current bytecodes always call through to the JS builtins. This also adds
LoadObjectField and CallJSBuiltin operators to the InterpreterAssembler.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1300813005

Cr-Commit-Position: refs/heads/master@{#30352}

Revert of Moving ArraySplice Builtin to ElementsAccessor (patchset #8 id:140001 of https://codereview.chromium.org/1293683005/ )

Reason for revert:
Fails layout tests: http://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2032/builds/1450

Original issue's description:
> - remove the Backing-Store specific code from builtins.cc and put it in elements.cc.
> - adding tests to improve coverage of the splice method
>
> BUG=
>
> Committed: https://crrev.com/8533d4b5433d3a9e9fb1015f206997bd6d869fe3
> Cr-Commit-Position: refs/heads/master@{#30269}
>
> Committed: https://crrev.com/07a4a6cb8e2ab940b28a7151a925c796da023524
> Cr-Commit-Position: refs/heads/master@{#30326}

TBR=mvstanton@chromium.org,cbruni@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1315823004

Cr-Commit-Position: refs/heads/master@{#30351}

Revert of Array.prototype.unshift builtin improvements (patchset #3 id:40001 of https://codereview.chromium.org/1311343002/ )

Reason for revert:
https://codereview.chromium.org/1315823004/

Original issue's description:
> Array.prototype.unshift builtin improvements
>
> Moving unshift to ElementAccessor and increasing the range of arguments
> handled directly in C++, namely directly supporting FastDoubleElementsKind.
> This should yield a factor 19 speedup for unshift on fast double arrays.
>
> BUG=
>
> Committed: https://crrev.com/bf6764e6c1197e50ae148755488307a423b1d9b4
> Cr-Commit-Position: refs/heads/master@{#30347}

TBR=yangguo@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1311363003

Cr-Commit-Position: refs/heads/master@{#30350}

[heap] Make the current GCCallbackFlags are part of {Heap}.

Moves the GCCallbackflags where they belong, i.e., {Heap}, and gets rid of
IncrementalMarking::Start() callsites.

BUG=

Review URL: https://codereview.chromium.org/1314853002

Cr-Commit-Position: refs/heads/master@{#30349}

Add a PLACEHOLDER code kind.

The PLACEHOLDER code kind is used when compiling a code object that has
direct calls to other code objects, but those other code objects do not
yet exist because they have not yet been compiled. It serves as a
placeholder to break the cycle, e.g. in WASM.

R=yangguo@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1308393003

Cr-Commit-Position: refs/heads/master@{#30348}

Array.prototype.unshift builtin improvements

Moving unshift to ElementAccessor and increasing the range of arguments
handled directly in C++, namely directly supporting FastDoubleElementsKind.
This should yield a factor 19 speedup for unshift on fast double arrays.

BUG=

Review URL: https://codereview.chromium.org/1311343002

Cr-Commit-Position: refs/heads/master@{#30347}

Reship arrow functions

...in canary.

This reverts commit c75af23299ec948cf2d809e8aa86b2c43184cde3.

R=hablich@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1319443002

Cr-Commit-Position: refs/heads/master@{#30346}

[heap] Report proper GC type in prologue/eplilogue callbacks.

Followup to https://codereview.chromium.org/1288683005

BUG=chromium:521946
LOG=N

Review URL: https://codereview.chromium.org/1313023002

Cr-Commit-Position: refs/heads/master@{#30345}

[heap] Enforce coding style decl order in {Heap} round #2.

BUG=

Review URL: https://codereview.chromium.org/1313513003

Cr-Commit-Position: refs/heads/master@{#30344}

[crankshaft] DCE must not eliminate (observable) math operations.

The HUnaryMathOperation cannot be eliminated in general, because the
spec requires a ToNumber conversion on the input, which is observable
of course.

BUG=v8:4389
LOG=y

Review URL: https://codereview.chromium.org/1307413003

Cr-Commit-Position: refs/heads/master@{#30343}

Correctify instanceof and make it optimizable.

The previous hack with HInstanceOfKnownGlobal was not only slower,
but also very brittle and required a lot of weird hacks to support it. And
what's even more important it wasn't even correct (because a map check
on the lhs is never enough for instanceof).

The new implementation provides a sane runtime implementation
for InstanceOf plus a fast case in the InstanceOfStub, combined with
a proper specialization in the case of a known global in CrankShaft,
which does only the prototype chain walk (coupled with a code
dependency on the known global).

As a drive-by-fix: Also fix the incorrect Object.prototype.isPrototypeOf
implementation.

BUG=v8:4376
LOG=y

Review URL: https://codereview.chromium.org/1304633002

Cr-Commit-Position: refs/heads/master@{#30342}

[simd.js] Set --harmony-simd flag in test config.
Adds the flag to the test configuration so we aren't just testing the
polyfill.
Fixes some number conversion in native fromFloat32x4 function that now
fails.

LOG=N
BUG=v8:4124

Review URL: https://codereview.chromium.org/1312703003

Cr-Commit-Position: refs/heads/master@{#30341}