review.tizen.org Git - platform/upstream/v8.git/log

[test] Fix gc-stress failures of regress-crbug-500497.js

R=machenbach@chromium.org
NOTRY=y

Review URL: https://codereview.chromium.org/1175123003

Cr-Commit-Position: refs/heads/master@{#29091}

Use output parameter to distinguish error from absent result
Otherwise we'd have to probe for pending exceptions.

I'll do the same to other interceptors in follow-up CLs

BUG=chromium:495949,v8:4137
LOG=n

Review URL: https://codereview.chromium.org/1190023002

Cr-Commit-Position: refs/heads/master@{#29090}

[turbofan] Remove another ineffective optimization from the ControlReducer.

The condition of a Branch or Select can never be a NumberConstant,
because the resulting graph would be invalid, so we don't need to
optimize this case. It can only ever be a tagged boolean or an untagged
bit.

Drive-by-fix: Test the interesting cases in the unit tests instead.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1195443004

Cr-Commit-Position: refs/heads/master@{#29089}

[turbofan] Remove obsolete 'incomplete' flag from GraphDecorator.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1187263003

Cr-Commit-Position: refs/heads/master@{#29088}

Fix --trace-gc output after 084d1f.

BUG=
TBR=hpayer@chromium.org

Review URL: https://codereview.chromium.org/1188093003

Cr-Commit-Position: refs/heads/master@{#29087}

[turbofan] Fix life time and use of the Typer.

Currently the Typer is installed on the Graph, no matter if we actually
use the types or not (read: even in the generic pipeline). Also the
Typer tries hard to eagerly type nodes during graph building, which
takes time, just to remove those types later again, and retype
everything from scratch. Plus this is inconsistent, since it only
applies to the outermost graph, not the inlined graphs (which are
eagerly typed once the nodes are copied). So in summary, what's
currently implemented is neither useful nor well defined, so for now we
stick to the full typing approach until a proper design for eager typing
is available that will actually benefit us.

R=rossberg@chromium.org,mstarzinger@chromium.org,jarin@chromium.org

Review URL: https://codereview.chromium.org/1192553002

Cr-Commit-Position: refs/heads/master@{#29086}

Revert of Added constructor call on object in InstantiateObject method (patchset #5 id:80001 of https://codereview.chromium.org/1137693003/)

Reason for revert:
[Sheriff] This breaks layout test expectations:
http://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2032/builds/437

See:
https://storage.googleapis.com/chromium-layout-test-archives/V8-Blink_Linux_32/437/layout-test-results/fast/dom/create-element-after-stack-overflow-pretty-diff.html

Please land a needsmanualrebaseline change on the blink-side before relanding this, if the change was intended.

Please include a blink trybot on relanding this.

Original issue's description:
> Added constructor call on object in InstantiateObject method
>
> I found after upgrading from 4.2.2 where apinatives.js still
> existed to 4.4.56 where everything had been converted to C++ in
> api-natives.cc, my constructors for ObjectTemplate instantiated objects
> were no longer being called. After investigation, I noticed in
> apinatives.js that a new call would handle that, but there was no
> corresponding constructor call in api-natives.cc (or anywhere else
> along the chain of InstantiateObject), so I added a call to
> Execution::Call to actually construct the object. Forgive me if that
> isn't the right place to add it (InitializeBody in objects-inl.h also
> looked like a good place), or if there's a reason constructors are
> not being called.
>
> I also added myself to the AUTHORS file in this CL.
>
> Committed: https://crrev.com/e61a957b2a9726294cdd2802a6a2b6e3a9ef657d
> Cr-Commit-Position: refs/heads/master@{#29076}

TBR=verwaest@chromium.org,svenpanne@chromium.org,dtalley@gmail.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1188233002

Cr-Commit-Position: refs/heads/master@{#29085}

Add V8 platform API to call delayed task.

Delayed tasks can be used to perform non-urgent clean up work.

BUG=chromium:490559
LOG=NO

Review URL: https://codereview.chromium.org/1179153002

Cr-Commit-Position: refs/heads/master@{#29084}

Replace ad-hoc weakness in transition array with WeakCell.

BUG=

Review URL: https://codereview.chromium.org/1157943003

Cr-Commit-Position: refs/heads/master@{#29083}

Clean up JSConstructStub

- fix truthfulness of comments
- use InitializeFieldsWithFiller more consistently
- use unsigned comparisons for pointers

No change in functionality intended.

Bonus: improve JavaScriptFrame::Print() for an enhanced debugging experience:

- print PC of each frame
- print the function's source also for optimized frames

Review URL: https://codereview.chromium.org/1186823003

Cr-Commit-Position: refs/heads/master@{#29082}

[turbofan] Remove hack for dead nodes from JSGenericLowering.

Now that the graph is being trimmed after generic lowering, we can drop
this workaround. The diamond will no longer confuse the scheduler.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1191913002

Cr-Commit-Position: refs/heads/master@{#29081}

Support CreateDataProperty on JSObject in the runtime

BUG=v8:4137
LOG=n

Review URL: https://codereview.chromium.org/1181013011

Cr-Commit-Position: refs/heads/master@{#29080}

Hydrogen object literals: always initialize in-object properties

This fixes a bug where new-space GC could be triggered by non-folded allocations for some of the in-object properties, while the object was only partially initialized.

BUG=chromium:500497
LOG=y
R=ishell@chromium.org

Review URL: https://codereview.chromium.org/1182113007

Cr-Commit-Position: refs/heads/master@{#29079}

Reland "MIPS64: Fix lithium arithmetic operations for integers to sign-extend result."

TEST==mjsunit/asm/double-lo
BUG=

Review URL: https://codereview.chromium.org/1170923004

Cr-Commit-Position: refs/heads/master@{#29078}

[turbofan] Move graph trimming functionality to dedicated GraphTrimmer.

Up until now that was still mixed with control reduction in the
ControlReducer. This separation allows us to remove the horrible
Reducer::Finish hack and also do graph trimming at more appropriate
places in the pipeline (i.e. trim dead nodes after generic lowering,
which can also make nodes dead).

R=jarin@chromium.org,mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1188433010

Cr-Commit-Position: refs/heads/master@{#29077}

Added constructor call on object in InstantiateObject method

I found after upgrading from 4.2.2 where apinatives.js still
existed to 4.4.56 where everything had been converted to C++ in
api-natives.cc, my constructors for ObjectTemplate instantiated objects
were no longer being called. After investigation, I noticed in
apinatives.js that a new call would handle that, but there was no
corresponding constructor call in api-natives.cc (or anywhere else
along the chain of InstantiateObject), so I added a call to
Execution::Call to actually construct the object. Forgive me if that
isn't the right place to add it (InitializeBody in objects-inl.h also
looked like a good place), or if there's a reason constructors are
not being called.

I also added myself to the AUTHORS file in this CL.

Review URL: https://codereview.chromium.org/1137693003

Cr-Commit-Position: refs/heads/master@{#29076}

Only walk the hidden prototype chain for private nonexistent symbols

BUG=chromium:479528
LOG=n

Review URL: https://codereview.chromium.org/1185373004

Cr-Commit-Position: refs/heads/master@{#29075}

Rely on the map being a dictionary map rather than not having a backpointer

BUG=chromium:500173
LOG=n

Review URL: https://codereview.chromium.org/1194513003

Cr-Commit-Position: refs/heads/master@{#29074}

Whitespace change to test infra.

Cr-Commit-Position: refs/heads/master@{#29073}

Dampen old generation allocation limit after scavenge if allocation rate is low.

BUG=chromium:491907,chromium:499815
LOG=NO

Review URL: https://codereview.chromium.org/1180203003

Cr-Commit-Position: refs/heads/master@{#29072}

Replace OFFSET_OF with offsetof as far as possible.

The remaining uses need some non-mechanical work:

* non-standard-layout type, probably due to mixed access control

* extended field designators

Review URL: https://codereview.chromium.org/1173343006

Cr-Commit-Position: refs/heads/master@{#29071}

Revert of Add %TypedArray% to proto chain (patchset #6 id:100001 of https://codereview.chromium.org/1186733002/)

Reason for revert:
[Sheriff] Changes layout tests:
http://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2032/builds/429

See e.g.:
https://storage.googleapis.com/chromium-layout-test-archives/V8-Blink_Linux_32/429/layout-test-results/inspector/console/console-big-array-pretty-diff.html

Please upload a blink side needsmanualrebaseline change first for these tests if the change is intended. Please also add a blink trybot on a reland of this CL.

Original issue's description:
> Add %TypedArray% to proto chain
>
> According to the ES6 spec, the main methods and getters shouldn't
> be properties of the individual TypedArray objects and prototypes
> but instead on %TypedArray% and %TypedArray%.prototype. This
> difference is observable through introspection. This patch moves
> some methods and getters to the proper place, with the exception
> of %TypedArray%.prototype.subarray and harmony methods. These will
> be moved in follow-on patches.
>
> BUG=v8:4085
> LOG=Y
> R=adamk
>
> Committed: https://crrev.com/a10590158260737b256fac3254b4939f48f90095
> Cr-Commit-Position: refs/heads/master@{#29057}

TBR=adamk@chromium.org,arv@chromium.org,littledan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4085

Review URL: https://codereview.chromium.org/1192433003

Cr-Commit-Position: refs/heads/master@{#29070}

[turbofan] Fix overzealous reserving of lazy deopt space.

This fixes CodeGenerator::EnsureSpaceForLazyDeopt to no longer be
treated as a lazy deopt site in itself. Calls mark themselves as lazy
bailout sites in CodeGenerator::RecordCallPosition, which suffices.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1186353003

Cr-Commit-Position: refs/heads/master@{#29069}

RegExp: Remove bogus assumptions about case independence and Latin1

Tests are already there in mjsuint/regress/regress-latin-1.js
R=yangguo@chromium.org
BUG=v8:3550
LOG=n

Review URL: https://codereview.chromium.org/1188793004

Cr-Commit-Position: refs/heads/master@{#29068}

Revert of Update test262-es6 to 6/11 (patchset #2 id:40001 of https://codereview.chromium.org/1175313003/)

Reason for revert:
[Sheriff] Please fix test expectations for nosnap before reland. There are 54 tests failing:
http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap/builds/3422

Original issue's description:
> Update test262-es6 to 6/11
>
> This reverts commit 67b169199e06a486e7b663c7758f81995ddc6593 and picks
> up the fixes to the yaml parser upstream.
>
> BUG=N
> LOG=N
> R=adamk@chromium.org, machenbach@chromium.org
>
> Committed: https://crrev.com/bc847230610d0518a700a69546d23784e6ce3479
> Cr-Commit-Position: refs/heads/master@{#29056}

TBR=adamk@chromium.org,arv@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=N

Review URL: https://codereview.chromium.org/1186093005

Cr-Commit-Position: refs/heads/master@{#29067}

Revert of Skip slow tests in non debug too (patchset #1 id:1 of https://codereview.chromium.org/1184923003/)

Reason for revert:
[Sheriff] Needed for reverting:
https://codereview.chromium.org/1175313003

Original issue's description:
> Skip slow tests in non debug too
>
> BUG=N
> LOG=N
> TBR=adamk
>
> Committed: https://crrev.com/17b0f16c760e5b0d51ae87742a864de93b6f4c0b
> Cr-Commit-Position: refs/heads/master@{#29058}

TBR=adamk@chromium.org,arv@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=N

Review URL: https://codereview.chromium.org/1177223004

Cr-Commit-Position: refs/heads/master@{#29066}

Revert of Serializer: clear string hash for code serializer. (patchset #1 id:1 of https://codereview.chromium.org/1183483006/)

Reason for revert:
This led to the roll being stuck: https://codereview.chromium.org/1189863003/

Original issue's description:
> Serializer: clear string hash for code serializer.
>
> R=jochen@chromium.org
> BUG=v8:4179
> LOG=N
>
> Committed: https://crrev.com/a0342678e865337215f9195f983c6013b60e7641
> Cr-Commit-Position: refs/heads/master@{#29016}

TBR=jochen@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4179

Review URL: https://codereview.chromium.org/1186173004

Cr-Commit-Position: refs/heads/master@{#29065}

[turbofan] Remove ineffective optimization from ControlReducer.

This optimization just duplicates part of the ToBoolean rule in the
Typer, and it doesn't make sense to have adhoc partial typing rules in
the ControlReducer anyway.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1189963002

Cr-Commit-Position: refs/heads/master@{#29064}

Block pretty printing (partial re-revert of 1177123002).

Revert "Revert of Decompiler improvements. (patchset #2 id:20001 of https://codereview.chromium.org/1177123002/)"

This reverts commit e2ce4681655a610631e6a6e17dec62e6c4bdef43, avoiding the hex->dec changes, and re-introducing the block pretty printing of the original CL.

The hex-dec issue would be handled separately.
BUG=

Review URL: https://codereview.chromium.org/1186273005

Cr-Commit-Position: refs/heads/master@{#29063}

[turbofan] The AstGraphBuilder does not need to care about types.

AstGraphBuilder::BuildToBoolean() can be optimized easily without types,
especially since the types are only present on some nodes during graph
building. So this optimization is both more efficient and more effective
at the same time. We will probably refactor this code into a separate
optimization method/class later.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1188503003

Cr-Commit-Position: refs/heads/master@{#29062}

[turbofan] Ensure lazy bailout point in exception handler.

This ensures there is a lazy bailout point at the entry of every
exception handler so that deoptimized code is not re-entered through
caught exceptions.

R=jarin@chromium.org
TEST=cctest/test-run-deopt/DeoptExceptionHandler

Review URL: https://codereview.chromium.org/1173253004

Cr-Commit-Position: refs/heads/master@{#29061}

Revert of Update V8 DEPS. (patchset #1 id:1 of https://codereview.chromium.org/1179703005/)

Reason for revert:
[Sheriff] gyp change breaks calling gyp on XP:
http://build.chromium.org/p/client.v8/builders/V8%20Win32%20-%201/builds/2849

Original issue's description:
> Update V8 DEPS.
>
> Rolling v8/build/gyp to fdcd8bc10c935eff13b391644b01460593c46861
>
> Rolling v8/tools/clang to 4cc9c6714533a07ba02ca01ed04557f055820532
>
> TBR=machenbach@chromium.org
>
> Committed: https://crrev.com/6e7e5e833c8bddf7d6a97cd3c01f0afe5a882bd6
> Cr-Commit-Position: refs/heads/master@{#29059}

TBR=v8-autoroll@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1180193003

Cr-Commit-Position: refs/heads/master@{#29060}

Update V8 DEPS.

Rolling v8/build/gyp to fdcd8bc10c935eff13b391644b01460593c46861

Rolling v8/tools/clang to 4cc9c6714533a07ba02ca01ed04557f055820532

TBR=machenbach@chromium.org

Review URL: https://codereview.chromium.org/1179703005

Cr-Commit-Position: refs/heads/master@{#29059}

Skip slow tests in non debug too

BUG=N
LOG=N
TBR=adamk

Review URL: https://codereview.chromium.org/1184923003

Cr-Commit-Position: refs/heads/master@{#29058}

Add %TypedArray% to proto chain

According to the ES6 spec, the main methods and getters shouldn't
be properties of the individual TypedArray objects and prototypes
but instead on %TypedArray% and %TypedArray%.prototype. This
difference is observable through introspection. This patch moves
some methods and getters to the proper place, with the exception
of %TypedArray%.prototype.subarray and harmony methods. These will
be moved in follow-on patches.

BUG=v8:4085
LOG=Y
R=adamk

Review URL: https://codereview.chromium.org/1186733002

Cr-Commit-Position: refs/heads/master@{#29057}

Update test262-es6 to 6/11

This reverts commit 67b169199e06a486e7b663c7758f81995ddc6593 and picks
up the fixes to the yaml parser upstream.

BUG=N
LOG=N
R=adamk@chromium.org, machenbach@chromium.org

Review URL: https://codereview.chromium.org/1175313003

Cr-Commit-Position: refs/heads/master@{#29056}

[parser] parse `CalllExpression TemplateLiteral` production

BUG=v8:4183
R=arv@chromium.org, rossberg@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/1184373002

Cr-Commit-Position: refs/heads/master@{#29055}

Separated the new register allocator in its own files.

Opportunistically removed GreedyAllocator::TryReuseSpillForPhi because it is actually unsuitable for Greedy. It was copied from Linear and it relies on hints, however, the current implementation of hints assumes linear scan.

This change doesn't aim to address performance nor correctness for Greedy.

BUG=

Review URL: https://codereview.chromium.org/1184183002

Cr-Commit-Position: refs/heads/master@{#29054}

Only shrink new space when we are not in the process of obtaining pretenuring feedback.

BUG=

Review URL: https://codereview.chromium.org/1180263006

Cr-Commit-Position: refs/heads/master@{#29053}

Re-land new insertion write barrier.

BUG=

Review URL: https://codereview.chromium.org/1153233003

Cr-Commit-Position: refs/heads/master@{#29052}

Updates to the license information of third party components.

LOG=n

Review URL: https://codereview.chromium.org/1183743003

Cr-Commit-Position: refs/heads/master@{#29051}

Re-Re-land: Enable external startup by default on Linux.

crrev.com/1177163002 should have fixed the issues that broke this last time.

Notes:
- The current functionality is meant to stay. If you prefer the old way,
  just set v8_use_external_startup_data=0.
- You might notice this if you call d8 via PATH. Either explicitly tell d8
  where your external snapshot/built-ins are, or change the build options
  as above.
- This follows Chromium practice, that mostly uses this feature these days.
- Other platforms to follow later.

BUG=

Review URL: https://codereview.chromium.org/1189563004

Cr-Commit-Position: refs/heads/master@{#29050}

X87: enable the X87 turbofan support.

    This patch includes the following changes.
     1, Enable the turbofan backend support for X87 platform. It depends on previous CL: 3fdfebd26.
     2, Enable the test cases which are disabled because turbofan for X87 was not enabled.

BUG=v8:4135
LOG=N

Review URL: https://codereview.chromium.org/1179763004

Cr-Commit-Position: refs/heads/master@{#29049}

[V8] Fixed infinite loop in Debug::PrepareStep

frame->GetExpression always returns the same function. We should iterate through expression stack when we use Function.call.apply for finding actual target.

LOG=N
BUG=chromium:499479
R=yurys@chromium.org,yangguo@chromium.org

Review URL: https://codereview.chromium.org/1182703003

Cr-Commit-Position: refs/heads/master@{#29048}

Serializer: support all alignment kinds.

We use an alignment prefix for unusual alignment kinds (not kWordAligned).
This will cause new objects to be aligned in ReadObject, and back references
to be aligned to skip padding.

The motivation to change the undefined next sentinel in WeakCell is this:
When the deserializer aligns an object, it requires filler maps to already
exist to create filler objects as padding. However, deserializing the
filler map leads to deserializing NaN, which as heap number is aligned:
filler map > meta map > weak cell cache > undefined > NaN
If we use the-hole instead of undefined as sentinel, it works.

R=jochen@chromium.org,bbudge@chromium.org
BUG=v8:4178
LOG=N

Committed: https://crrev.com/2146ab75387d47eef6582bd8c2d0cfc6c42b68b6
Cr-Commit-Position: refs/heads/master@{#29044}

Review URL: https://codereview.chromium.org/1179873003

Cr-Commit-Position: refs/heads/master@{#29047}

Revert of Decompiler improvements. (patchset #2 id:20001 of https://codereview.chromium.org/1177123002/)

Reason for revert:
Code printout has become unreadable. Offsets are printed in decimal numbers everywhere else. This is inconsistent with the rest of the code-base. Some examples are tables for deoptimization data, safepoints and exception handlers. I would be fine with this change if _all_ tracing would be adapted. But there are _many_ places to touch.

Original issue's description:
> Decompiler improvements.
>
> The main motivation is simplifying profiling activities:
>
> 1) Use hex instead of decimal for offsets, just like perf does. This
> affects --print-opt-code
>
> 2) When printing block information, indicate loop information: if
> block is header, where the end is; if block is in a loop, where the
> loop starts. This affects --code-comments.
>
> Using --print-opt-code --code-comments, and cross-referencing with data
> obtained from perf, one may now find the block a hotspot belongs to
> without needing to do hex2dec/dec2hex conversions. Once found, loop info
> is available locally, on the block.
>
> BUG=
>
> Committed: https://crrev.com/32f4bd659d38eb5485eedb1d0dd236ff1bdc01d5
> Cr-Commit-Position: refs/heads/master@{#28964}

TBR=jarin@chromium.org,stichnot@chromium.org,jvoung@chromium.org,mtrofin@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1188093002

Cr-Commit-Position: refs/heads/master@{#29046}

Revert of Serializer: support all alignment kinds. (patchset #3 id:40001 of https://codereview.chromium.org/1179873003/)

Reason for revert:
[Sheriff] Breaks arm debug compile:
http://build.chromium.org/p/client.v8/builders/V8%20Arm%20-%20debug%20builder/builds/4308

Original issue's description:
> Serializer: support all alignment kinds.
>
> We use an alignment prefix for unusual alignment kinds (not kWordAligned).
> This will cause new objects to be aligned in ReadObject, and back references
> to be aligned to skip padding.
>
> The motivation to change the undefined next sentinel in WeakCell is this:
> When the deserializer aligns an object, it requires filler maps to already
> exist to create filler objects as padding. However, deserializing the
> filler map leads to deserializing NaN, which as heap number is aligned:
> filler map > meta map > weak cell cache > undefined > NaN
> If we use the-hole instead of undefined as sentinel, it works.
>
> R=jochen@chromium.org,bbudge@chromium.org
> BUG=v8:4178
> LOG=N
>
> Committed: https://crrev.com/2146ab75387d47eef6582bd8c2d0cfc6c42b68b6
> Cr-Commit-Position: refs/heads/master@{#29044}

TBR=jochen@chromium.org,bbudge@chromium.org,yangguo@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4178

Review URL: https://codereview.chromium.org/1173253006

Cr-Commit-Position: refs/heads/master@{#29045}

Serializer: support all alignment kinds.

We use an alignment prefix for unusual alignment kinds (not kWordAligned).
This will cause new objects to be aligned in ReadObject, and back references
to be aligned to skip padding.

The motivation to change the undefined next sentinel in WeakCell is this:
When the deserializer aligns an object, it requires filler maps to already
exist to create filler objects as padding. However, deserializing the
filler map leads to deserializing NaN, which as heap number is aligned:
filler map > meta map > weak cell cache > undefined > NaN
If we use the-hole instead of undefined as sentinel, it works.

R=jochen@chromium.org,bbudge@chromium.org
BUG=v8:4178
LOG=N

Review URL: https://codereview.chromium.org/1179873003

Cr-Commit-Position: refs/heads/master@{#29044}

[turbofan] Work around negative parameter count.

BUG=chromium:500824
LOG=n
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1186333002

Cr-Commit-Position: refs/heads/master@{#29043}

Fix compile warning [-Wtype-limits]

This fixes warning on android_arm build.
Previously the compiler complained about a check that can never be true.
See second check below(index is size_t type, FIRST_SPACE=0):
if (index > i::LAST_SPACE || index < i::FIRST_SPACE)
And make the code easy to understand.

BUG=

Review URL: https://codereview.chromium.org/1155043005

Cr-Commit-Position: refs/heads/master@{#29042}

All private symbols are own symbols

R=rossberg@chromium.org
LOG=N
BUG=

Review URL: https://codereview.chromium.org/1182303004

Cr-Commit-Position: refs/heads/master@{#29041}

[crankshaft] Fix wrong bailout points in for-in loop body.

R=jochen@chromium.org
BUG=chromium:500435
LOG=y

Review URL: https://codereview.chromium.org/1183683004

Cr-Commit-Position: refs/heads/master@{#29040}

Introduce a base pointer field in FixedTypedArrayBase and teach GC about it

This is the first step towards unifying external and on-heap typed arrays.

The end-state will be that this base pointer either points to the on-heap values
or to the externally allocated array buffer.

BUG=v8:3996
R=hpayer@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1176263004

Cr-Commit-Position: refs/heads/master@{#29039}

Debugger: require debugger to be active when dealing with breaks.

This invariant will save us some head ache.
The changes to test-debug/DebugStub is due to the fact that it abuses
the ability to set break points in code that has no debug break slots.
This is now no longer possible.

R=ulan@chromium.org
BUG=v8:4132
LOG=N

Review URL: https://codereview.chromium.org/1181013007

Cr-Commit-Position: refs/heads/master@{#29038}

[deoptimizer] Use TranslationIterator for OptimizedFrame again.

Using TranslatedState and friends is too expensive compared to the low
level TranslationIterator, because some code (i.e. in Speedometer)
depends on the OptimizedFrame summary/function listing to be very fast.

BUG=chromium:499338
LOG=n
R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1181373003

Cr-Commit-Position: refs/heads/master@{#29037}

[turbofan] Remove dead code from JSGenericLowering.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1186573004

Cr-Commit-Position: refs/heads/master@{#29036}

Update V8 DEPS.

Rolling v8/build/gyp to 79de4031069f37870f04e8b6bbf42f0c7fec37aa

Rolling v8/tools/clang to 66ba82eea5b4e2309c220cc3e0f2d67ebc3fff4c

TBR=machenbach@chromium.org

Review URL: https://codereview.chromium.org/1187073008

Cr-Commit-Position: refs/heads/master@{#29035}

MIPS: Fix for Remove unsafe EmitLoadRegister usage in AddI/SubI for constant right operand.

Fix a missed addiu->Addu, and a bad default use of 'at' register in https://codereview.chromium.org/1185143002/

TEST=test/mjsunit/regress/regress-500176
BUG=chromium:500176
LOG=N

Review URL: https://codereview.chromium.org/1187063002

Cr-Commit-Position: refs/heads/master@{#29034}

Inline code generation for %_IsTypedArray

This patch implements %_IsTypedArray in fullcodegen, Hydrogen and
Turbofan in order to implement fast type checks to enable ES6
TypedArray features and semantics efficiently.

R=adamk,titzer
LOG=Y
BUG=v8:4085

Review URL: https://codereview.chromium.org/1183213002

Cr-Commit-Position: refs/heads/master@{#29033}

Avoid using computed property literals in TypedArrays code

Computed property literals don't seem to work in nosnap yet,
leading to a syntax error.

R=adamk,arv

Review URL: https://codereview.chromium.org/1189643002

Cr-Commit-Position: refs/heads/master@{#29032}

Allow TypedArrays to be initialized with iterables

In ES6, the TypedArray constructor can be called either with an
array-like object or an iterable. The code previously handled
only array-like objects. This patch switches to supporting
iterables while throwing in an optimization to make Arrays
get allocated the old way, without an extra copy.

BUG=v8:4090
LOG=Y
R=adamk

Review URL: https://codereview.chromium.org/1181903003

Cr-Commit-Position: refs/heads/master@{#29031}

MIPS: Remove unsafe EmitLoadRegister usage in AddI/SubI for constant right operand.

TEST=test/mjsunit/regress/regress-500176
BUG=chromium:500176
LOG=N

Review URL: https://codereview.chromium.org/1185143002

Cr-Commit-Position: refs/heads/master@{#29030}

[destructuring] Parse binding patterns in formal parameters.

R=arv@chromium.org,wingo@igalia.com,caitpotter88@gmail.com
LOG=N
BUG=v8:811

Review URL: https://codereview.chromium.org/1167393005

Cr-Commit-Position: refs/heads/master@{#29029}

[turbofan] Remove the TryLowerDirectJSCall hack from generic lowering.

The TryLowerDirectJSCall method tried to lower to a direct JavaScript
function call depending on the type of the receiver, but only if the
target is a cosntant JSFunction. Since this depends on types and is not
required for correctness, it shouldn't be part of generic lowering
anyway. So this functionality was moved to typed lowering instead, and
we use proper types for the target instead.

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1182193005

Cr-Commit-Position: refs/heads/master@{#29028}

Remove the --collect-maps flag. Maps should be always collected.

Reasons:
- It is not used.
- It complicates code in GC.

BUG=chromium:499713
LOG=NO

Review URL: https://codereview.chromium.org/1184723002

Cr-Commit-Position: refs/heads/master@{#29027}

[strong] Make strong 'this' optional for experimentation

R=arv@chromium.org, conradw@chromium.org
BUG=v8:3956
LOG=N

Review URL: https://codereview.chromium.org/1180943007

Cr-Commit-Position: refs/heads/master@{#29026}

[turbofan] Remove context canonicalization hack from generic lowering.

This hack doesn't help currently, since it only applies to asm.js where
we do function context specialization and there we already have a
canonicalized context (and the CodeGenerator materializes that from the
frame).

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1177033006

Cr-Commit-Position: refs/heads/master@{#29025}

MIPS64: Reland 'Enable shorten-64-to-32 warning.'

Port cdc43bc5fd02fff2905e2e28a79054d0d1eee3ea

Original review: https://codereview.chromium.org/1133163005/

Original commit message:
Enable clang's shorten-64-to-32 warning flag on ARM64, and fix the warnings
that arise.

BUG=

Review URL: https://codereview.chromium.org/1182193004

Cr-Commit-Position: refs/heads/master@{#29024}

Fix -Wsign-compare errors in TF tests under GCC 4.9.2

R=jkummerow@chromium.org
LOG=N
BUG=

Review URL: https://codereview.chromium.org/1191433003

Cr-Commit-Position: refs/heads/master@{#29023}

Revert of Fix clobbered register when setting this_function variable. (patchset #2 id:20001 of https://codereview.chromium.org/1185703002/)

Reason for revert:
[Sheriff] Makes mjsunit/es6/block-const-assign flaky, e.g.:
http://build.chromium.org/p/client.v8/builders/V8%20Linux/builds/4082

Original issue's description:
> Fix clobbered register when setting this_function variable.
>
> R=arv@chromium.org
> TEST=mjsunit/regress/regress-crbug-498022
> BUG=chromium:498022
> LOG=N
>
> Committed: https://crrev.com/bf2bbc8ba508ccd21edf3c08d2e4192c4764ae91
> Cr-Commit-Position: refs/heads/master@{#29020}

TBR=arv@chromium.org,rossberg@chromium.org,mstarzinger@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:498022

Review URL: https://codereview.chromium.org/1184093003

Cr-Commit-Position: refs/heads/master@{#29022}

[mjsunit] regress/regress-crbug-491062 takes too long with --always-opt.

R=ishell@chromium.org

Review URL: https://codereview.chromium.org/1183133002

Cr-Commit-Position: refs/heads/master@{#29021}

Fix clobbered register when setting this_function variable.

R=arv@chromium.org
TEST=mjsunit/regress/regress-crbug-498022
BUG=chromium:498022
LOG=N

Review URL: https://codereview.chromium.org/1185703002

Cr-Commit-Position: refs/heads/master@{#29020}

Fix debug printing of inputs in the deoptimizer, pull out printing into separate methods.

Also fixed the duplicated output of context deopt.

BUG=

Review URL: https://codereview.chromium.org/1187533002

Cr-Commit-Position: refs/heads/master@{#29019}

[mjsunit] Remove unsupported flag --turbo-deoptimization from tests.

R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/1183123002

Cr-Commit-Position: refs/heads/master@{#29018}

[mjsunit] Remove obsolete nosse2 tests.

R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/1186713003

Cr-Commit-Position: refs/heads/master@{#29017}

Serializer: clear string hash for code serializer.

R=jochen@chromium.org
BUG=v8:4179
LOG=N

Review URL: https://codereview.chromium.org/1183483006

Cr-Commit-Position: refs/heads/master@{#29016}

Compute the heap growing factor based on mutator utilization and allocation throughput.

Doc: https://goo.gl/LLGvBs

BUG=

Review URL: https://codereview.chromium.org/1163143009

Cr-Commit-Position: refs/heads/master@{#29015}

Reland "Keep track of array buffers in new space separately"

Original review https://codereview.chromium.org/1133773002/

BUG=v8:3996
TBR=hpayer@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1177293003

Cr-Commit-Position: refs/heads/master@{#29014}

Update V8 DEPS.

Rolling v8/third_party/android_tools to ed3dde6470c39b196c70f0c20374894d169754ec

Resubmission of https://codereview.chromium.org/1183753006/

TBR=ulan@chromium.org

Review URL: https://codereview.chromium.org/1181413003

Cr-Commit-Position: refs/heads/master@{#29013}

Add test for code caching API.

R=vogelheim@chromium.org

Review URL: https://codereview.chromium.org/1180113002

Cr-Commit-Position: refs/heads/master@{#29012}

[turbofan] Mark MachineType as uint16_t.

This fixes a few funky implicit conversions for the enum (that are
inconsistent across compilers) and also helps to save space, i.e. for
the representations_ vector in the InstructionSequence.

R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/1182303003

Cr-Commit-Position: refs/heads/master@{#29011}

[turbofan] Remove unused typedef VirtualRegisterSet.

TBR=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/1179913003

Cr-Commit-Position: refs/heads/master@{#29010}

Revert of Reland "Keep track of array buffers in new space separately" (patchset #2 id:20001 of https://codereview.chromium.org/1177083003/)

Reason for revert:
Still broken

Original issue's description:
> Reland "Keep track of array buffers in new space separately"
>
> Original review https://codereview.chromium.org/1133773002/
>
> BUG=v8:3996
> TBR=hpayer@chromium.org
> LOG=n
>
> Committed: https://crrev.com/89b9a2cfb317e52186f682c91502b22932d52db3
> Cr-Commit-Position: refs/heads/master@{#28987}

TBR=hpayer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3996

Review URL: https://codereview.chromium.org/1186613007

Cr-Commit-Position: refs/heads/master@{#29009}

Also handle elements in *RealNamed* api methods

Apparently the *RealNamed* API methods only have named variants, but were always used by the embedder to find elements as well. We'd never find them though, since we wouldn't even look
there.

This CL ensures we check whether the name is actually an array index.

I guess for all named API functions we should assume they are used similar to o["name"] where name could also be a number... At least we should make it uniform between embedder and V8. This matches us up with their expectations for now...

BUG=v8:4137
LOG=n

Review URL: https://codereview.chromium.org/1177383004

Cr-Commit-Position: refs/heads/master@{#29008}

Update V8 DEPS.

Rolling v8/tools/clang to bb23ac0328fd3d051fc2f5ff027c8e0f87cc6fb5

TBR=machenbach@chromium.org

Review URL: https://codereview.chromium.org/1186753003

Cr-Commit-Position: refs/heads/master@{#29007}

Remove some unused definitions from d8.h

BUG=none
LOG=n

Review URL: https://codereview.chromium.org/1184853003

Cr-Commit-Position: refs/heads/master@{#29006}

Currently on X87 platform we use only Double register (stack register) for Turbofan. So we directly
use 1 as allocatable Double register number when setting up the default register configuration..

It does not change the double register configuration of other platforms.

BUG=v8:4135
LOG=N

Review URL: https://codereview.chromium.org/1164813007

Cr-Commit-Position: refs/heads/master@{#29005}

Introduce LookupIterator::PropertyOrElement which converts name to index if possible.

BUG=v8:4137
LOG=n

Review URL: https://codereview.chromium.org/1178893002

Cr-Commit-Position: refs/heads/master@{#29004}

X87: Disable the test case for X87 since ea2cb139d.

      The strong-object-set-proto test cases will throw one expected exception
      and the exception message should include the source position in the JS
      file. But crankshaft compiler does not generate the source position for
      it when creating the flow graph by default. The source position information
      is always zero. So it failed when comparing with the reference file.

      If we use crankshaft compiler on IA32 platform to run this test case, it
      has the same failure.

      we will open these test case for x87 once turbofan for X87 is enabled.

BUG=

Review URL: https://codereview.chromium.org/1179763003

Cr-Commit-Position: refs/heads/master@{#29003}

Introduce DefineOwnPropertyIgnoreAttributes and make it call SetPropertyWithInterceptor.

Otherwise using Object.defineProperty with window.localStorage will not actually store the value into the database but on the object itself.

BUG=v8:4137
LOG=n

Review URL: https://codereview.chromium.org/1180073002

Cr-Commit-Position: refs/heads/master@{#29002}

[test] More debugging output in test runner.

Also use again the taskkill method, recently removed in
https://codereview.chromium.org/1156133006/

BUG=chromium:485932
LOG=n
TBR=jkummerow@chromium.org
NOTREECHECKS=true

Review URL: https://codereview.chromium.org/1177903005

Cr-Commit-Position: refs/heads/master@{#29001}

Reland of Replace SetObjectProperty / DefineObjectProperty with less powerful alternatives where relevant. (patchset #3 id:40001 of https://codereview.chromium.org/1178503004/)

BUG=v8:4137
LOG=n

Review URL: https://codereview.chromium.org/1180943002

Cr-Commit-Position: refs/heads/master@{#29000}

Map::TryUpdate() must be in sync with Map::Update().

This CL fixes elements kind transitions handling in Map::TryUpdate().

BUG=v8:4121
LOG=Y

Review URL: https://codereview.chromium.org/1181163002

Cr-Commit-Position: refs/heads/master@{#28999}

Add script context with context-allocated "const this"

This is a reapplication of https://codereview.chromium.org/1173333004.

R=rossberg@chromium.org
LOG=N
BUG=498811

Review URL: https://codereview.chromium.org/1178903003

Cr-Commit-Position: refs/heads/master@{#28998}

[turbofan] Use appropriate type for NodeId.

Up until now we used int32_t for NodeId, but that was not ideal because
negative values are invalid for NodeId and we use it as an array index
for example in the NodeMarker class, where C++ compilers on x64 have to
generate code that does proper sign extension for the indices, which is
completely unnecessary.

R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/1178403004

Cr-Commit-Position: refs/heads/master@{#28997}

Revert of Add script context with context-allocated "const this" (patchset #2 id:20001 of https://codereview.chromium.org/1173333004/)

Reason for revert:
nosnap failure

Original issue's description:
> Add script context with context-allocated "const this"
>
> This is a reapplication of https://codereview.chromium.org/1179893002/.
>
> R=rossberg@chromium.org,mstarzinger@chromium.org
> LOG=N
> BUG=498811
>
> Committed: https://crrev.com/cfc764f4050edc74aef92daa4c39ccc113893968
> Cr-Commit-Position: refs/heads/master@{#28994}

TBR=mstarzinger@chromium.org,rossberg@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=498811

Review URL: https://codereview.chromium.org/1177903004

Cr-Commit-Position: refs/heads/master@{#28996}

MIPS64: Fix memory allocation when code range is used for LO space only.

Allocation must respect requested reserve size, not requested commit area size.

Additionally fix check failures in debug mode for mips64.
After CL: https://codereview.chromium.org/1147503002/
memory for large code objects is allocated from code range,
memory for regular code objects is allocated normally.

TEST=cctest/test-spaces/MemoryChunk
BUG=

Review URL: https://codereview.chromium.org/1172333002

Cr-Commit-Position: refs/heads/master@{#28995}

Add script context with context-allocated "const this"

This is a reapplication of https://codereview.chromium.org/1179893002/.

R=rossberg@chromium.org,mstarzinger@chromium.org
LOG=N
BUG=498811

Review URL: https://codereview.chromium.org/1173333004

Cr-Commit-Position: refs/heads/master@{#28994}

[turbofan] Move RawMachineAssembler to unittests.

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1177353003

Cr-Commit-Position: refs/heads/master@{#28993}

Revert of Add script context with context-allocated "const this" (patchset #7 id:120001 of https://codereview.chromium.org/1179893002/)

Reason for revert:
[Sheriff] Breaks gc mole:
http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20gcmole/builds/2435

Original issue's description:
> Add script context with context-allocated "const this"
>
> R=rossberg@chromium.org
> LOG=N
> BUG=498811
>
> Committed: https://crrev.com/fa32d461c16a053cc6d48d3fb326016bc2765765
> Cr-Commit-Position: refs/heads/master@{#28988}

TBR=rossberg@chromium.org,mstarzinger@chromium.org,wingo@igalia.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=498811

Review URL: https://codereview.chromium.org/1180043004

Cr-Commit-Position: refs/heads/master@{#28992}