platform/upstream/v8.git
9 years agoReland concurrent sweeping of code space.
hpayer [Mon, 20 Jul 2015 10:36:35 +0000 (03:36 -0700)]
Reland concurrent sweeping of code space.

BUG=chromium:506778,chromium:506957,chromium:507211
LOG=n

Review URL: https://codereview.chromium.org/1225733002

Cr-Commit-Position: refs/heads/master@{#29748}

9 years agoSpeedup some slow running stack-overflow tests.
ishell [Mon, 20 Jul 2015 09:50:47 +0000 (02:50 -0700)]
Speedup some slow running stack-overflow tests.

BUG=chromium:505007
LOG=N

Review URL: https://codereview.chromium.org/1238273003

Cr-Commit-Position: refs/heads/master@{#29747}

9 years agoUse a label-branch in CheckConstPool.
jacob.bramley [Mon, 20 Jul 2015 09:03:12 +0000 (02:03 -0700)]
Use a label-branch in CheckConstPool.

This removes a dependency on the size of the pool. Whilst the size is
checked in debug mode, it is still more robust to use a label.

This should also be cherry-picked to fix 4.4.63.20. (At that time, the
size of the pool was _not_ checked, and was sometimes wrong.)

This partially reverts 879550c, "[arm] Don't call branch_offset within
CheckConstPool." However, branch_offset now only blocks the constant
pool if it is not already blocked.

BUG=

Review URL: https://codereview.chromium.org/1227403006

Cr-Commit-Position: refs/heads/master@{#29746}

9 years agoFix element enumeration on String wrappers with dictionary elements
adamk [Mon, 20 Jul 2015 09:00:51 +0000 (02:00 -0700)]
Fix element enumeration on String wrappers with dictionary elements

BUG=chromium:510426
LOG=n

Review URL: https://codereview.chromium.org/1246513002

Cr-Commit-Position: refs/heads/master@{#29745}

9 years agoDebugger: use FrameInspector in ScopeIterator to find context.
yangguo [Mon, 20 Jul 2015 08:53:22 +0000 (01:53 -0700)]
Debugger: use FrameInspector in ScopeIterator to find context.

In optimized code, it's not guaranteed that the current context
is stored in its frame slot.

R=bmeurer@chromium.org
BUG=v8:4309
LOG=N

Committed: https://crrev.com/3a0ee39cbde6a9778cfc4e2a6a0a8ff68933ff38
Cr-Commit-Position: refs/heads/master@{#29697}

Review URL: https://codereview.chromium.org/1239033002

Cr-Commit-Position: refs/heads/master@{#29744}

9 years agoCrankshaft part of the 'loads and stores to global vars through property cell shortcu...
ishell [Mon, 20 Jul 2015 08:49:09 +0000 (01:49 -0700)]
Crankshaft part of the 'loads and stores to global vars through property cell shortcuts' feature.

BUG=chromium:510738
LOG=N

Review URL: https://codereview.chromium.org/1228113008

Cr-Commit-Position: refs/heads/master@{#29743}

9 years agoReland of "Make d8 stop using to-be-deprecated APIs"
jochen [Mon, 20 Jul 2015 07:05:42 +0000 (00:05 -0700)]
Reland of "Make d8 stop using to-be-deprecated APIs"

Original issue's description:
> BUG=v8:4134
> LOG=n
> R=yangguo@chromium.org
>
> Review URL: https://codereview.chromium.org/1239053004

BUG=v8:4134
LOG=n
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/1235603004

Cr-Commit-Position: refs/heads/master@{#29742}

9 years agoUnittests don't use deprecated APIs. Yay!
jochen [Mon, 20 Jul 2015 06:54:54 +0000 (23:54 -0700)]
Unittests don't use deprecated APIs. Yay!

Make sure it stays that way

BUG=v8:4134
R=yangguo@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1242563003

Cr-Commit-Position: refs/heads/master@{#29741}

9 years agoMake vtune-jit stop using deprecated APIs
jochen [Mon, 20 Jul 2015 06:53:46 +0000 (23:53 -0700)]
Make vtune-jit stop using deprecated APIs

BUG=v8:4134
R=yangguo@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1244433003

Cr-Commit-Position: refs/heads/master@{#29740}

9 years agoUpdate V8 DEPS.
v8-autoroll [Sun, 19 Jul 2015 03:26:34 +0000 (20:26 -0700)]
Update V8 DEPS.

Rolling v8/testing/gtest to 00a70a9667d92a4695d84e4fa36b64f611f147da

Rolling v8/tools/clang to 6ea730d39bf31911ccef92397dbc8d71136d3899

TBR=machenbach@chromium.org

Review URL: https://codereview.chromium.org/1228063006

Cr-Commit-Position: refs/heads/master@{#29739}

9 years agoUpdate V8 DEPS.
v8-autoroll [Sat, 18 Jul 2015 03:29:17 +0000 (20:29 -0700)]
Update V8 DEPS.

Rolling v8/third_party/icu to 508e9274baaa5caa8de9cf4c26a24e926a15ccf0

TBR=machenbach@chromium.org

Review URL: https://codereview.chromium.org/1236133007

Cr-Commit-Position: refs/heads/master@{#29738}

9 years ago[d8] bounds-check before getting Shell::Worker internal field
caitpotter88 [Fri, 17 Jul 2015 21:44:26 +0000 (14:44 -0700)]
[d8] bounds-check before getting Shell::Worker internal field

Prevents fatal error in debug builds

BUG=v8:4271, 506954
R=binji@chromium.org
LOG=N

Committed: https://crrev.com/43ce9c6f101c4224addd9a54e0c39963188dc7fa
Cr-Commit-Position: refs/heads/master@{#29524}

Review URL: https://codereview.chromium.org/1214053004

Cr-Commit-Position: refs/heads/master@{#29737}

9 years agoAtomics Futex API
binji [Fri, 17 Jul 2015 17:11:32 +0000 (10:11 -0700)]
Atomics Futex API

BUG=chromium:497295
R=jarin@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1208933006

Cr-Commit-Position: refs/heads/master@{#29736}

9 years agoMIPS: Fix missing falthru handling for some branch cases in TF.
dusan.milosavljevic [Fri, 17 Jul 2015 15:59:31 +0000 (08:59 -0700)]
MIPS: Fix missing falthru handling for some branch cases in TF.

TEST=mjsunit/asm/embenchen/zlib
BUG=

Review URL: https://codereview.chromium.org/1232313007

Cr-Commit-Position: refs/heads/master@{#29735}

9 years agoMake NumberFormat use the ICU currency data, fix bug in NumberFormat
hichris123 [Fri, 17 Jul 2015 15:07:55 +0000 (08:07 -0700)]
Make NumberFormat use the ICU currency data, fix bug in NumberFormat

NumberFormat previously just used a min of 0 digits after the decimal and a max of 3. This CL changes it so that we use the ICU currency data, and set the min and max to the number of numbers after the decimal point for each currency.

This CL also fixes a small bug where if the minimum fraction digits is above 3 but the maximum fraction digits isn't set, then it returns with only three numbers after the decimal point.

BUG=435465,473104,304722
LOG=Y

Review URL: https://codereview.chromium.org/1231613006

Cr-Commit-Position: refs/heads/master@{#29734}

9 years agoProperly fix enumerate / Object.keys wrt access checked objects
verwaest [Fri, 17 Jul 2015 14:11:43 +0000 (07:11 -0700)]
Properly fix enumerate / Object.keys wrt access checked objects

BUG=chromium:509936
LOG=y

Review URL: https://codereview.chromium.org/1241953010

Cr-Commit-Position: refs/heads/master@{#29733}

9 years agoPPC: Fix memento initialization when constructing from new call
mbrandy [Fri, 17 Jul 2015 14:06:19 +0000 (07:06 -0700)]
PPC: Fix memento initialization when constructing from new call

Port 3285e3bf071a2575a827c5b29fe389a72dbf8966

Original commit message
    Additionally, push the allocation site or undefined independently
    of creating a memento to preserve a fixed size for the construct
    frames.

R=mlippautz@chromium.org, dstence@us.ibm.com, michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1229163005

Cr-Commit-Position: refs/heads/master@{#29732}

9 years agoMIPS64: Fix string stubs.
paul.lind [Fri, 17 Jul 2015 13:56:44 +0000 (06:56 -0700)]
MIPS64: Fix string stubs.

An innocent-looking change in 'c63e50ed Reland Update V8 DEPS.' exposed
latent bugs in SubStringStub and StringCharFromCodeGenerator.

TEST=mjsunit/string-replace, msjunit/string-split, others....
BUG=

Review URL: https://codereview.chromium.org/1233903003

Cr-Commit-Position: refs/heads/master@{#29731}

9 years agoRevert of Make d8 stop using to-be-deprecated APIs (patchset #3 id:40001 of https...
machenbach [Fri, 17 Jul 2015 13:53:40 +0000 (06:53 -0700)]
Revert of Make d8 stop using to-be-deprecated APIs (patchset #3 id:40001 of https://codereview.chromium.org/1239053004/)

Reason for revert:
[Sheriff] Breaks:
http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20debug%20-%20code%20serializer/builds/3400

Original issue's description:
> Make d8 stop using to-be-deprecated APIs
>
> BUG=v8:4134
> LOG=n
> R=yangguo@chromium.org
>
> Committed: https://crrev.com/af82ef84b4f851411f00e69167ab29382c7499b8
> Cr-Commit-Position: refs/heads/master@{#29726}

TBR=yangguo@chromium.org,jochen@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4134

Review URL: https://codereview.chromium.org/1240993003

Cr-Commit-Position: refs/heads/master@{#29730}

9 years agoRevert of Reland "Enable loads and stores to global vars through property cell shortc...
ishell [Fri, 17 Jul 2015 13:30:53 +0000 (06:30 -0700)]
Revert of Reland "Enable loads and stores to global vars through property cell shortcuts installed into paren… (patchset #1 id:1 of https://codereview.chromium.org/1237043006/)

Reason for revert:
chromium:510738, chromium:510911

Original issue's description:
> Reland "Enable loads and stores to global vars through property cell shortcuts installed into parent script context."
>
> Committed: https://crrev.com/48584df5ed97e2cdec1b4900f783c47adc3a3d32
> Cr-Commit-Position: refs/heads/master@{#29670}

TBR=verwaest@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1238163002

Cr-Commit-Position: refs/heads/master@{#29729}

9 years agoFix object enumeration wrt access checked objects
verwaest [Fri, 17 Jul 2015 12:57:23 +0000 (05:57 -0700)]
Fix object enumeration wrt access checked objects

BUG=chromium:509936
LOG=y

Review URL: https://codereview.chromium.org/1228113007

Cr-Commit-Position: refs/heads/master@{#29728}

9 years agoFix DefineOwnProperty for data properties wrt failed access checks
verwaest [Fri, 17 Jul 2015 12:55:16 +0000 (05:55 -0700)]
Fix DefineOwnProperty for data properties wrt failed access checks

BUG=chromium:509936
LOG=y

Review URL: https://codereview.chromium.org/1241973003

Cr-Commit-Position: refs/heads/master@{#29727}

9 years agoMake d8 stop using to-be-deprecated APIs
jochen [Fri, 17 Jul 2015 12:44:50 +0000 (05:44 -0700)]
Make d8 stop using to-be-deprecated APIs

BUG=v8:4134
LOG=n
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/1239053004

Cr-Commit-Position: refs/heads/master@{#29726}

9 years agoFix GetOwnPropertyNames on access-checked objects
verwaest [Fri, 17 Jul 2015 12:30:05 +0000 (05:30 -0700)]
Fix GetOwnPropertyNames on access-checked objects

BUG=chromium:509936
LOG=y

Review URL: https://codereview.chromium.org/1242123002

Cr-Commit-Position: refs/heads/master@{#29725}

9 years agoImprove presubmit check for BUG line
jochen [Fri, 17 Jul 2015 12:21:39 +0000 (05:21 -0700)]
Improve presubmit check for BUG line

Don't chicken out on upload already, and ignore 'none' value

BUG=none
R=machenbach@chromium.org

Review URL: https://codereview.chromium.org/1237353003

Cr-Commit-Position: refs/heads/master@{#29724}

9 years agoX87: Fix memento initialization when constructing from new call
chunyang.dai [Fri, 17 Jul 2015 10:07:03 +0000 (03:07 -0700)]
X87: Fix memento initialization when constructing from new call

port 3285e3bf071a2575a827c5b29fe389a72dbf8966 (r29719).

original commit message:

  Additionally, push the allocation site or undefined independently of creatin

BUG=

Review URL: https://codereview.chromium.org/1229023003

Cr-Commit-Position: refs/heads/master@{#29723}

9 years agoRevert of Debugger: use FrameInspector in ScopeIterator to find context. (patchset...
yangguo [Fri, 17 Jul 2015 09:53:41 +0000 (02:53 -0700)]
Revert of Debugger: use FrameInspector in ScopeIterator to find context. (patchset #3 id:40001 of https://codereview.chromium.org/1239033002/)

Reason for revert:
breaks roll: http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_rel_ng/builds/87292/steps/browser_tests%20%28with%20patch%29/logs/DevToolsSanityTest.TestPauseWhenScriptIsRunning

Original issue's description:
> Debugger: use FrameInspector in ScopeIterator to find context.
>
> In optimized code, it's not guaranteed that the current context
> is stored in its frame slot.
>
> R=bmeurer@chromium.org
> BUG=v8:4309
> LOG=N
>
> Committed: https://crrev.com/3a0ee39cbde6a9778cfc4e2a6a0a8ff68933ff38
> Cr-Commit-Position: refs/heads/master@{#29697}

TBR=bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4309

Review URL: https://codereview.chromium.org/1243553002

Cr-Commit-Position: refs/heads/master@{#29722}

9 years agoFix getPrototypeOf for access checked objects
verwaest [Fri, 17 Jul 2015 09:37:27 +0000 (02:37 -0700)]
Fix getPrototypeOf for access checked objects

BUG=chromium:509936
LOG=y

Review URL: https://codereview.chromium.org/1242093002

Cr-Commit-Position: refs/heads/master@{#29721}

9 years agoDelete APIs deprecated since last release
jochen [Fri, 17 Jul 2015 09:26:42 +0000 (02:26 -0700)]
Delete APIs deprecated since last release

BUG=none
R=verwaest@chromium.org
LOG=y

Review URL: https://codereview.chromium.org/1114873002

Cr-Commit-Position: refs/heads/master@{#29720}

9 years agoFix memento initialization when constructing from new call
mlippautz [Fri, 17 Jul 2015 08:51:24 +0000 (01:51 -0700)]
Fix memento initialization when constructing from new call

Additionally, push the allocation site or undefined independently of creating a memento to preserve a fixed size for the construct frames.

BUG=

Review URL: https://codereview.chromium.org/1239593003

Cr-Commit-Position: refs/heads/master@{#29719}

9 years agoUpdate V8 DEPS.
v8-autoroll [Fri, 17 Jul 2015 03:28:12 +0000 (20:28 -0700)]
Update V8 DEPS.

Rolling v8/buildtools to 125d157607de4d7c95bf8b02dd580aae17962f19

Rolling v8/third_party/android_tools to 2abd22b08cd757f88362f44b02484de43e4b9611

Rolling v8/third_party/icu to ffeeae138703e692f07d2c438203f32b84e7a094

Rolling v8/tools/clang to f729011d84762dfae62bbf4218580367dbfc7451

TBR=machenbach@chromium.org

Review URL: https://codereview.chromium.org/1238783004

Cr-Commit-Position: refs/heads/master@{#29718}

9 years agoAdditional TypedArray tests
littledan [Fri, 17 Jul 2015 00:21:11 +0000 (17:21 -0700)]
Additional TypedArray tests

- Test that TypedArray properties cannot be set in strict mode
  Properties like %TypedArray%.prototype.length have a getter and no
  setter. This test verifies that property, which was apparently not
  true in the past or had no test ensuring throwing in this case.
- Test that TypedArray integer indexed properties (array elements)
  are not configurable

Both of these have passed for some time, but there are open bugs against
them and apparently no tests verifying that they are fixed.

BUG=v8:3048, v8:3799
LOG=N
R=adamk

Review URL: https://codereview.chromium.org/1232843005

Cr-Commit-Position: refs/heads/master@{#29717}

9 years agoArray.prototype.reverse should call [[HasProperty]] on elements before [[Get]]
littledan [Thu, 16 Jul 2015 23:12:06 +0000 (16:12 -0700)]
Array.prototype.reverse should call [[HasProperty]] on elements before [[Get]]

This is a change from ES5 to ES6: When reversing an array, first it is checked
whether the element exists, before the element is looked up. The order in ES6
is

[[HasElement]] lower
[[Get]] lower (if present)
[[HasElement]] upper
[[Get]] upper (if present)

In ES5, on the other hand, the order was

[[Get]] lower
[[Get]] upper
[[HasElement]] lower
[[HasElement]] upper

To mitigate the performance impact, this patch implements a new, third copy
of reversing arrays if %_HasPackedElements. This allows us to skip all
membership tests, and a quick and dirty benchmark shows that the new version
is faster:

Over 4 runs, the slowest for the new version:
d8> var start = Date.now(); for (var i = 0; i < 100000000; i++) [1, 2, 3, 4, 5].reverse(); Date.now() - start
4658

Over 3 runs, the fastest for the old version:
d8> var start = Date.now(); for (var i = 0; i < 100000000; i++) [1, 2, 3, 4, 5].reverse(); Date.now() - start
5176

BUG=v8:4223
R=adamk
LOG=Y

Review URL: https://codereview.chromium.org/1238593003

Cr-Commit-Position: refs/heads/master@{#29716}

9 years agoIn RegExp, lastIndex is read with ToLength, not ToInteger
littledan [Thu, 16 Jul 2015 21:55:31 +0000 (14:55 -0700)]
In RegExp, lastIndex is read with ToLength, not ToInteger

ES2015 made a change vs ES5, where the "lastIndex" property of a
RegExp (which can be modified by a user to start the next search at
a different location) is cast to an integer with ToLength rather
than ToInteger. The main difference is on negative numbers, and
this is tested by test262. This patch implements that change on
RegExps and enables the test262 test now that it passes.

R=adamk
LOG=Y
BUG=v8:4244

Review URL: https://codereview.chromium.org/1241713004

Cr-Commit-Position: refs/heads/master@{#29715}

9 years agoStage --harmony-new-target
adamk [Thu, 16 Jul 2015 20:48:17 +0000 (13:48 -0700)]
Stage --harmony-new-target

BUG=v8:3887
LOG=y

Review URL: https://codereview.chromium.org/1238693004

Cr-Commit-Position: refs/heads/master@{#29714}

9 years agoRe-ship harmony spread calls and spread arrays
adamk [Thu, 16 Jul 2015 19:44:31 +0000 (12:44 -0700)]
Re-ship harmony spread calls and spread arrays

The issue with spread arrays which caused us to turn it off was fixed in
https://chromium.googlesource.com/v8/v8/+/24e98281

BUG=v8:3018
LOG=y

Review URL: https://codereview.chromium.org/1239873002

Cr-Commit-Position: refs/heads/master@{#29713}

9 years agoExpose SIMD.Float32x4 type to Javascript.
bbudge [Thu, 16 Jul 2015 19:43:21 +0000 (12:43 -0700)]
Expose SIMD.Float32x4 type to Javascript.
This CL exposes the constructor function, defines type related
information, and implements value type semantics.
It also refactors test/mjsunit/samevalue.js to test SameValue and SameValueZero.

TEST=test/mjsunit/harmony/simd.js, test/cctest/test-simd.cc

LOG=Y
BUG=v8:4124

Committed: https://crrev.com/e5ed3bee99807c502fa7d7a367ec401e16d3f773
Cr-Commit-Position: refs/heads/master@{#29689}

Review URL: https://codereview.chromium.org/1219943002

Cr-Commit-Position: refs/heads/master@{#29712}

9 years agoRevert of [turbofan] Ship TF for try-catch statements. (patchset #1 id:1 of https...
adamk [Thu, 16 Jul 2015 19:42:00 +0000 (12:42 -0700)]
Revert of [turbofan] Ship TF for try-catch statements. (patchset #1 id:1 of https://codereview.chromium.org/1216373002/)

Reason for revert:
Causes gbemu-part1 to time out on Linux dbg builders

http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20debug/builds/3867/
http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20debug%20-%20code%20serializer/builds/3386/
http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20debug%20-%20greedy%20allocator/builds/828/

Original issue's description:
> [turbofan] Ship TF for try-catch statements.
>
> R=hablich@chromium.org
> BUG=v8:4131
> LOG=N
>
> Committed: https://crrev.com/1251d02e7bb2a13ae5cf6fda5d3403730d2ae12f
> Cr-Commit-Position: refs/heads/master@{#29708}

TBR=hablich@chromium.org,mstarzinger@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4131

Review URL: https://codereview.chromium.org/1234363003

Cr-Commit-Position: refs/heads/master@{#29711}

9 years ago[parser] use-strict directives in function body affect init block
caitpotter88 [Thu, 16 Jul 2015 16:44:58 +0000 (09:44 -0700)]
[parser] use-strict directives in function body affect init block

BUG=
LOG=N
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/1234213004

Cr-Commit-Position: refs/heads/master@{#29710}

9 years agod8: Leak context_mutex_ so it will never be destroyed while locked
binji [Thu, 16 Jul 2015 16:40:37 +0000 (09:40 -0700)]
d8: Leak context_mutex_ so it will never be destroyed while locked

Calling quit() from d8 will call exit(), which will run static destructors. If
context_mutex_ is statically allocated, pthread_mutex_destroy will be called.

When running d8 in "isolates" mode, another thread may be running. If it calls
CreateEvaluationContext, it will lock the context_mutex_. If the mutex is
destroyed while it is locked, it will return an error.

This CL changes the Mutex to a LazyMutex, which will leak instead of being
destroyed.

BUG=v8:4279
R=jarin@chromium.org
R=machenbach@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1240553003

Cr-Commit-Position: refs/heads/master@{#29709}

9 years ago[turbofan] Ship TF for try-catch statements.
mstarzinger [Thu, 16 Jul 2015 15:39:29 +0000 (08:39 -0700)]
[turbofan] Ship TF for try-catch statements.

R=hablich@chromium.org
BUG=v8:4131
LOG=N

Review URL: https://codereview.chromium.org/1216373002

Cr-Commit-Position: refs/heads/master@{#29708}

9 years ago[turbofan] Disable one failing debugger test.
mstarzinger [Thu, 16 Jul 2015 15:12:31 +0000 (08:12 -0700)]
[turbofan] Disable one failing debugger test.

TBR=yangguo@chromium.org

Review URL: https://codereview.chromium.org/1242023003

Cr-Commit-Position: refs/heads/master@{#29707}

9 years agoRemove obsolete %CallSuperWithSpread intrinsic.
mstarzinger [Thu, 16 Jul 2015 15:07:47 +0000 (08:07 -0700)]
Remove obsolete %CallSuperWithSpread intrinsic.

The aforementioned intrinsic is no longer needed and can be fully
desugared now that binding assignments to 'this' are explicit.

R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/1234383002

Cr-Commit-Position: refs/heads/master@{#29706}

9 years agoRepresent implicit 'this' binding by 'super' in AST.
mstarzinger [Thu, 16 Jul 2015 14:26:20 +0000 (07:26 -0700)]
Represent implicit 'this' binding by 'super' in AST.

This makes the implicit initializing assignment to 'this' performed
after a super constructor call explicit in the AST. It removes the
need to handle the special case where a CallExpression behaves like a
AssignmentExpression from various AstVisitor implementations.

R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/1226123010

Cr-Commit-Position: refs/heads/master@{#29705}

9 years agoPPC: Reland Update V8 DEPS.
mbrandy [Thu, 16 Jul 2015 14:20:06 +0000 (07:20 -0700)]
PPC: Reland Update V8 DEPS.

Port c63e50edc93f0f37b98008fe4012ec3c9479352b

Original commit message:
    Rolling v8/tools/clang to 58128abd44c22255def1163d30bc9bb2cc85e15c

    Reland after https://codereview.chromium.org/1241643002/

R=machenbach@chromium.org, dstence@us.ibm.com, michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1240833002

Cr-Commit-Position: refs/heads/master@{#29704}

9 years agoPPC: Debugger: use debug break slots to break at function exit.
mbrandy [Thu, 16 Jul 2015 14:11:50 +0000 (07:11 -0700)]
PPC: Debugger: use debug break slots to break at function exit.

Port fc9c5275c3a747caca709b7d5745579f70e61301

Original commit message:
    By not having to patch the return sequence (we patch the debug
    break slot right before it), we don't overwrite it and therefore
    don't have to keep the original copy of the code around.

R=yangguo@chromium.org, dstence@us.ibm.com, michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1238503003

Cr-Commit-Position: refs/heads/master@{#29703}

9 years agoPPC: Switch CallConstructStub to take new.target in register.
mbrandy [Thu, 16 Jul 2015 12:59:42 +0000 (05:59 -0700)]
PPC: Switch CallConstructStub to take new.target in register.

Port 1d9d895754e1d1cf824c11a9cce5e495fa47d5e2

Original commit message:
    This changes the calling convention of the CallConstructStub to take
    the original constructor (i.e. new.target in JS-speak) in a register
    instead of magically via the operand stack. For optimizing compilers
    the operand stack doesn't exist, hence cannot be peeked into.

R=mstarzinger@chromium.org, dstence@us.ibm.com, michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1230103004

Cr-Commit-Position: refs/heads/master@{#29702}

9 years agoRevert of Expose SIMD.Float32x4 type to Javascript. (patchset #14 id:450001 of https...
hablich [Thu, 16 Jul 2015 12:35:54 +0000 (05:35 -0700)]
Revert of Expose SIMD.Float32x4 type to Javascript. (patchset #14 id:450001 of https://codereview.chromium.org/1219943002/)

Reason for revert:
Seems to brake the latest roll into Chromium: http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_compile_dbg_ng/builds/59796/steps/compile%20%28with%20patch%29/logs/stdio

Original issue's description:
> Expose SIMD.Float32x4 type to Javascript.
> This CL exposes the constructor function, defines type related
> information, and implements value type semantics.
> It also refactors test/mjsunit/samevalue.js to test SameValue and SameValueZero.
>
> TEST=test/mjsunit/harmony/simd.js, test/cctest/test-simd.cc
>
> LOG=Y
> BUG=v8:4124
>
> Committed: https://crrev.com/e5ed3bee99807c502fa7d7a367ec401e16d3f773
> Cr-Commit-Position: refs/heads/master@{#29689}

TBR=rossberg@chromium.org,littledan@chromium.org,martyn.capewell@arm.com,bbudge@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4124

Review URL: https://codereview.chromium.org/1241533004

Cr-Commit-Position: refs/heads/master@{#29701}

9 years agoTake the ScriptOrigin into account for CompileFunctionInContext
epertoso [Thu, 16 Jul 2015 12:08:01 +0000 (05:08 -0700)]
Take the ScriptOrigin into account for CompileFunctionInContext

R=jochen@chromium.org,yangguo@chromium.org
LOG=n
BUG=

Review URL: https://codereview.chromium.org/1233563005

Cr-Commit-Position: refs/heads/master@{#29700}

9 years agoUpdate OWNERS file.
yangguo [Thu, 16 Jul 2015 11:37:35 +0000 (04:37 -0700)]
Update OWNERS file.

R=jochen@chromium.org

Review URL: https://codereview.chromium.org/1230813004

Cr-Commit-Position: refs/heads/master@{#29699}

9 years agoDebugger: ensure that functions with debug info have code with break slots.
yangguo [Thu, 16 Jul 2015 09:38:21 +0000 (02:38 -0700)]
Debugger: ensure that functions with debug info have code with break slots.

This helps reasoning about setting break points. Functions that
have debug info is also guaranteed to be able to set break points.

R=ulan@chromium.org
BUG=v8:4132
LOG=N

Review URL: https://codereview.chromium.org/1227213003

Cr-Commit-Position: refs/heads/master@{#29698}

9 years agoDebugger: use FrameInspector in ScopeIterator to find context.
yangguo [Thu, 16 Jul 2015 09:28:12 +0000 (02:28 -0700)]
Debugger: use FrameInspector in ScopeIterator to find context.

In optimized code, it's not guaranteed that the current context
is stored in its frame slot.

R=bmeurer@chromium.org
BUG=v8:4309
LOG=N

Review URL: https://codereview.chromium.org/1239033002

Cr-Commit-Position: refs/heads/master@{#29697}

9 years ago[turbofan] Implement super call support in TurboFan.
mstarzinger [Thu, 16 Jul 2015 08:53:56 +0000 (01:53 -0700)]
[turbofan] Implement super call support in TurboFan.

R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/1238743002

Cr-Commit-Position: refs/heads/master@{#29696}

9 years agoX87: Switch CallConstructStub to take new.target in register.
chunyang.dai [Thu, 16 Jul 2015 08:52:51 +0000 (01:52 -0700)]
X87: Switch CallConstructStub to take new.target in register.

original commit message:

    This changes the calling convention of the CallConstructStub to take
    the original constructor (i.e. new.target in JS-speak) in a register
    instead of magically via the operand stack. For optimizing compilers
    the operand stack doesn't exist, hence cannot be peeked into.

BUG=

Review URL: https://codereview.chromium.org/1235273003

Cr-Commit-Position: refs/heads/master@{#29695}

9 years agoX87: Debugger: use debug break slots to break at function exit.
chunyang.dai [Thu, 16 Jul 2015 08:49:34 +0000 (01:49 -0700)]
X87: Debugger: use debug break slots to break at function exit.

port fc9c5275c3a747caca709b7d5745579f70e61301 (r29672).

original commit message:

    Debugger: use debug break slots to break at function exit.

    By not having to patch the return sequence (we patch the debug
    break slot right before it), we don't overwrite it and therefore
    don't have to keep the original copy of the code around.

BUG=

Review URL: https://codereview.chromium.org/1236023007

Cr-Commit-Position: refs/heads/master@{#29694}

9 years agoMIPS:
Ilija.Pavlovic [Thu, 16 Jul 2015 08:13:52 +0000 (01:13 -0700)]
MIPS:
Improved checking target ranges for J and JAL instructions.
Adapted disassembler test for J and JAL instructions.

TEST=cctest/test-disasm-mips[64]
BUG=

Review URL: https://codereview.chromium.org/1237083003

Cr-Commit-Position: refs/heads/master@{#29693}

9 years agoUpdate V8 DEPS.
v8-autoroll [Thu, 16 Jul 2015 03:28:17 +0000 (20:28 -0700)]
Update V8 DEPS.

Rolling v8/buildtools to 5215ee866bc3e8eb4a7f124212845abf4029e60b

Rolling v8/tools/clang to 4e7f85d6bc00cb296e34126c822cf57e5e6cf814

TBR=machenbach@chromium.org

Review URL: https://codereview.chromium.org/1237553004

Cr-Commit-Position: refs/heads/master@{#29692}

9 years ago[cleanup] remove --harmony-classes flag from mjsunit/harmony/new-target
caitpotter88 [Wed, 15 Jul 2015 22:16:32 +0000 (15:16 -0700)]
[cleanup] remove --harmony-classes flag from mjsunit/harmony/new-target

Unknown flag warning is adding unnecessary noise to terminal during
test runs

BUG=
LOG=N
R=adamk@chromium.org

Review URL: https://codereview.chromium.org/1236993003

Cr-Commit-Position: refs/heads/master@{#29691}

9 years ago[api] Deprecate unused Map/Set FromArray factory methods
adamk [Wed, 15 Jul 2015 20:17:51 +0000 (13:17 -0700)]
[api] Deprecate unused Map/Set FromArray factory methods

These were added when I thought they would be useful in Blink, but as
it turned out they were not. They could likely be deleted immediately,
but to play it safe I'll go through the usual deprecation process.

Review URL: https://codereview.chromium.org/1236263004

Cr-Commit-Position: refs/heads/master@{#29690}

9 years agoExpose SIMD.Float32x4 type to Javascript.
bbudge [Wed, 15 Jul 2015 19:16:52 +0000 (12:16 -0700)]
Expose SIMD.Float32x4 type to Javascript.
This CL exposes the constructor function, defines type related
information, and implements value type semantics.
It also refactors test/mjsunit/samevalue.js to test SameValue and SameValueZero.

TEST=test/mjsunit/harmony/simd.js, test/cctest/test-simd.cc

LOG=Y
BUG=v8:4124

Review URL: https://codereview.chromium.org/1219943002

Cr-Commit-Position: refs/heads/master@{#29689}

9 years agoMIPS: Fix 'Reland Update V8 DEPS.'
balazs.kilvady [Wed, 15 Jul 2015 18:59:05 +0000 (11:59 -0700)]
MIPS: Fix 'Reland Update V8 DEPS.'

Port c63e50edc93f0f37b98008fe4012ec3c9479352b

BUG=
TEST=test-disasm-mips/Type

Review URL: https://codereview.chromium.org/1233323002

Cr-Commit-Position: refs/heads/master@{#29688}

9 years agoFix runtime-atomics for Win 10 SDK and remove volatile
brucedawson [Wed, 15 Jul 2015 16:47:37 +0000 (09:47 -0700)]
Fix runtime-atomics for Win 10 SDK and remove volatile

For unclear and probably accidental reasons the Windows 10 SDK
renamed some _Interlocked* functions to _InlineInterlocked. This
leads to these errors:

runtime-atomics.cc(159): error C3861: '_InterlockedExchange64': identifier not found
runtime-atomics.cc(159): error C3861: '_InterlockedExchangeAdd64': identifier not found
runtime-atomics.cc(159): error C3861: '_InterlockedAnd64': identifier not found
runtime-atomics.cc(159): error C3861: '_InterlockedOr64': identifier not found
runtime-atomics.cc(159): error C3861: '_InterlockedXor64': identifier not found

Fixing this requires either adding defines to map these five _Interlocked*
functions to _InlineInterlocked*, or else changing to using the
non-underscore versions. It appears that using the non-underscore versions
is preferable so I went that way. This also requires adding three  new
defines because there is a huge lack of consistency, probably due to these
macros being defined sometimes in <intrin.h> and sometimes in <winnt.h>

All five of the renamed 64-bit functions were manually checked to ensure
that the change to the non-underscore versions would make no differences -
the inline functions that they map to were identical. Other functions were
spot-checked.

Also, the 'volatile' qualifiers were removed. Volatile has no no useful
meaning for multi-threaded programming. It only exists in the Interlocked*
prototypes to *allow* volatile variables to be passed. Since this is a bad
habit to encourage there is no reason for us to permit it, and we can
still call the Microsoft functions (T* converts to volatile T*, just not
vice-versa).

The updated code builds with the Windows 8.1 SDK and with the Windows 10 SDK.

R=jarin@chromium.org
LOG=Y
BUG=440500,491424

Review URL: https://codereview.chromium.org/1228063005

Cr-Commit-Position: refs/heads/master@{#29687}

9 years agoCleanup element normalization logic
verwaest [Wed, 15 Jul 2015 15:57:27 +0000 (08:57 -0700)]
Cleanup element normalization logic

BUG=

Review URL: https://codereview.chromium.org/1241883002

Cr-Commit-Position: refs/heads/master@{#29686}

9 years agoFix performance regression introduced in r29558
jkummerow [Wed, 15 Jul 2015 15:56:19 +0000 (08:56 -0700)]
Fix performance regression introduced in r29558

where bound functions started overriding the "name" accessor property with a data property. The bootstrapper must be kept in sync to avoid polymorphism.

BUG=chromium:509983
LOG=n
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/1238903002

Cr-Commit-Position: refs/heads/master@{#29685}

9 years agoFix spread array inside array literal
adamk [Wed, 15 Jul 2015 15:16:09 +0000 (08:16 -0700)]
Fix spread array inside array literal

During parsing, we now keep track of the first spread seen in an array
literal (if any), and make use of that information when creating the
FixedArray backing store representing the constant elements for array
literal materialization.

The old code tried to do this by setting the generated JSArray's length
in ArrayLiteral::BuildConstantElements(), but that Array length is never
read by the rest of the literal materialization code (it always uses
the length of the FixedArray backing store).

BUG=v8:4298
LOG=n

Review URL: https://codereview.chromium.org/1225223004

Cr-Commit-Position: refs/heads/master@{#29684}

9 years ago[es6] Fix String.prototype.normalize to properly validate argument
adamk [Wed, 15 Jul 2015 15:15:01 +0000 (08:15 -0700)]
[es6] Fix String.prototype.normalize to properly validate argument

BUG=v8:4302
LOG=n

Review URL: https://codereview.chromium.org/1237873003

Cr-Commit-Position: refs/heads/master@{#29683}

9 years agoFix broken Variable::IsGlobalObjectProperty() after https://codereview.chromium.org...
ishell [Wed, 15 Jul 2015 14:42:24 +0000 (07:42 -0700)]
Fix broken Variable::IsGlobalObjectProperty() after https://codereview.chromium.org/1218783005

Review URL: https://codereview.chromium.org/1228373011

Cr-Commit-Position: refs/heads/master@{#29682}

9 years agoSwitch CallConstructStub to take new.target in register.
mstarzinger [Wed, 15 Jul 2015 14:36:56 +0000 (07:36 -0700)]
Switch CallConstructStub to take new.target in register.

This changes the calling convention of the CallConstructStub to take
the original constructor (i.e. new.target in JS-speak) in a register
instead of magically via the operand stack. For optimizing compilers
the operand stack doesn't exist, hence cannot be peeked into.

R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/1237813002

Cr-Commit-Position: refs/heads/master@{#29681}

9 years agoLet the second pass phantom callbacks run in a separate task on the foreground thread.
epertoso [Wed, 15 Jul 2015 12:26:06 +0000 (05:26 -0700)]
Let the second pass phantom callbacks run in a separate task on the foreground thread.

R=jochen@chromium.org
LOG=y
BUG=

Review URL: https://codereview.chromium.org/1209403005

Cr-Commit-Position: refs/heads/master@{#29680}

9 years agoSpecial printing for type feedback vectors.
mvstanton [Wed, 15 Jul 2015 12:21:57 +0000 (05:21 -0700)]
Special printing for type feedback vectors.

Gdb macro jfv on an object will print it as a feedback vector.
Printouts look like this:

DebugPrint: 0x5dc0d2ad: [TypeFeedbackVector]
 - length: 12
 - ics with type info: 3
 - generic ics: 0
 ICSlot 0 CALL_IC MONOMORPHIC
  [4]: 0x5dc0d365 WeakCell for 0x5dc0cd69 <JS Function foo (SharedFunctionInfo 0x5dc0cb0d)>
  [5]: 0x4203c4c1 <Code: HANDLER>
 ICSlot 1 LOAD_IC MONOMORPHIC
  [6]: 0x5dc0d1f5 WeakCell for 0x3a710481 <Map(FAST_HOLEY_SMI_ELEMENTS)>
  [7]: 0x4203a1c1 <Code: HANDLER>
 ICSlot 2 LOAD_IC UNINITIALIZED
  [8]: 0x3060d045 <Symbol: 711234650 <String[20]: uninitialized_symbol>>
  [9]: 0x3060d045 <Symbol: 711234650 <String[20]: uninitialized_symbol>>
 ICSlot 3 LOAD_IC MONOMORPHIC
  [10]: 0x5dc0d3b5 WeakCell for 0x3a710d71 <Map(FAST_HOLEY_ELEMENTS)>
  [11]: 0x4202af01 <Code: HANDLER>

BUG=

Review URL: https://codereview.chromium.org/1225403005

Cr-Commit-Position: refs/heads/master@{#29679}

9 years agoSimplify PrepareForDataProperty in the IsElement case
verwaest [Wed, 15 Jul 2015 12:13:04 +0000 (05:13 -0700)]
Simplify PrepareForDataProperty in the IsElement case

BUG=v8:4137
LOG=n

Review URL: https://codereview.chromium.org/1237953002

Cr-Commit-Position: refs/heads/master@{#29678}

9 years agoFix non-standard element handling
verwaest [Wed, 15 Jul 2015 12:06:20 +0000 (05:06 -0700)]
Fix non-standard element handling

BUG=

Review URL: https://codereview.chromium.org/1228113003

Cr-Commit-Position: refs/heads/master@{#29677}

9 years agoAdd IdleTask API to v8::Platform.
ulan [Wed, 15 Jul 2015 11:50:48 +0000 (04:50 -0700)]
Add IdleTask API to v8::Platform.

BUG=chromium:490559
LOG=NO

Review URL: https://codereview.chromium.org/1225713003

Cr-Commit-Position: refs/heads/master@{#29676}

9 years ago[handles] Sanitize Handle and friends.
bmeurer [Wed, 15 Jul 2015 11:05:00 +0000 (04:05 -0700)]
[handles] Sanitize Handle and friends.

Bunch of cleanups to allow us to get rid of handles-inl.h at some
point (in the not so far future); but more importantly to sanitize uses
of handles and prepare for handle canonicalization support.

R=yangguo@chromium.org

Committed: https://crrev.com/3283195d0408333cce552cf4087577e6f41054e5
Cr-Commit-Position: refs/heads/master@{#28222}

Committed: https://crrev.com/d940c6d3bcc227b459cb4123d9a8332d9ed0d5f8
Cr-Commit-Position: refs/heads/master@{#29666}

Review URL: https://codereview.chromium.org/1128533002

Cr-Commit-Position: refs/heads/master@{#29675}

9 years ago[es6] Implement inner scope for functions with destructuring
rossberg [Wed, 15 Jul 2015 10:59:52 +0000 (03:59 -0700)]
[es6] Implement inner scope for functions with destructuring

R=adamk@chromium.org, littledan@chromium.org
BUG=v8:811
LOG=N

Review URL: https://codereview.chromium.org/1240463002

Cr-Commit-Position: refs/heads/master@{#29674}

9 years agoReland Update V8 DEPS.
machenbach [Wed, 15 Jul 2015 10:31:53 +0000 (03:31 -0700)]
Reland Update V8 DEPS.

Rolling v8/tools/clang to 58128abd44c22255def1163d30bc9bb2cc85e15c

Reland after https://codereview.chromium.org/1241643002/

TBR=jochen@chromium.org, thakis@chromium.org

Review URL: https://codereview.chromium.org/1237793003

Cr-Commit-Position: refs/heads/master@{#29673}

9 years agoDebugger: use debug break slots to break at function exit.
yangguo [Wed, 15 Jul 2015 09:22:33 +0000 (02:22 -0700)]
Debugger: use debug break slots to break at function exit.

By not having to patch the return sequence (we patch the debug
break slot right before it), we don't overwrite it and therefore
don't have to keep the original copy of the code around.

R=ulan@chromium.org
BUG=v8:4269
LOG=N

Review URL: https://codereview.chromium.org/1234833003

Cr-Commit-Position: refs/heads/master@{#29672}

9 years agoScoping error caused crash in CallICNexus::StateFromFeedback
mvstanton [Wed, 15 Jul 2015 09:14:49 +0000 (02:14 -0700)]
Scoping error caused crash in CallICNexus::StateFromFeedback

A sloppy mode eval call that establishes strict mode will leak that strictness
into the sloppy surrounding scope on recompile. This changes the structure
of the type feedback vector for the function and crashes follow.

The fix is straightforward.

BUG=491536, 503565
LOG=N

Review URL: https://codereview.chromium.org/1231343003

Cr-Commit-Position: refs/heads/master@{#29671}

9 years agoReland "Enable loads and stores to global vars through property cell shortcuts instal...
ishell [Wed, 15 Jul 2015 08:53:14 +0000 (01:53 -0700)]
Reland "Enable loads and stores to global vars through property cell shortcuts installed into parent script context."

Review URL: https://codereview.chromium.org/1237043006

Cr-Commit-Position: refs/heads/master@{#29670}

9 years agoRevert of [handles] Sanitize Handle and friends. (patchset #5 id:180001 of https...
machenbach [Wed, 15 Jul 2015 08:05:42 +0000 (01:05 -0700)]
Revert of [handles] Sanitize Handle and friends. (patchset #5 id:180001 of https://codereview.chromium.org/1128533002/)

Reason for revert:
[Sheriff] Still breaks mac asan:
http://build.chromium.org/p/client.v8/builders/V8%20Mac64%20ASAN/builds/2066

Original issue's description:
> [handles] Sanitize Handle and friends.
>
> Bunch of cleanups to allow us to get rid of handles-inl.h at some
> point (in the not so far future); but more importantly to sanitize uses
> of handles and prepare for handle canonicalization support.
>
> R=yangguo@chromium.org
>
> Committed: https://crrev.com/3283195d0408333cce552cf4087577e6f41054e5
> Cr-Commit-Position: refs/heads/master@{#28222}
>
> Committed: https://crrev.com/d940c6d3bcc227b459cb4123d9a8332d9ed0d5f8
> Cr-Commit-Position: refs/heads/master@{#29666}

TBR=yangguo@chromium.org,bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1235253007

Cr-Commit-Position: refs/heads/master@{#29669}

9 years agoDebugger test updated to avoid setting breakpoints into random scripts.
ishell [Wed, 15 Jul 2015 07:41:55 +0000 (00:41 -0700)]
Debugger test updated to avoid setting breakpoints into random scripts.

Review URL: https://codereview.chromium.org/1231893007

Cr-Commit-Position: refs/heads/master@{#29668}

9 years ago[es6] JSObject::GetOwnElementKeys should collect String wrapper keys first
adamk [Wed, 15 Jul 2015 07:31:26 +0000 (00:31 -0700)]
[es6] JSObject::GetOwnElementKeys should collect String wrapper keys first

This makes Object.getOwnPropertyNames() return the integer keys in the
proper order, following the spec:

http://www.ecma-international.org/ecma-262/6.0/#sec-ordinary-object-internal-methods-and-internal-slots-ownpropertykeys

BUG=v8:4118
LOG=n

Review URL: https://codereview.chromium.org/1228803006

Cr-Commit-Position: refs/heads/master@{#29667}

9 years ago[handles] Sanitize Handle and friends.
bmeurer [Wed, 15 Jul 2015 07:13:50 +0000 (00:13 -0700)]
[handles] Sanitize Handle and friends.

Bunch of cleanups to allow us to get rid of handles-inl.h at some
point (in the not so far future); but more importantly to sanitize uses
of handles and prepare for handle canonicalization support.

R=yangguo@chromium.org

Committed: https://crrev.com/3283195d0408333cce552cf4087577e6f41054e5
Cr-Commit-Position: refs/heads/master@{#28222}

Review URL: https://codereview.chromium.org/1128533002

Cr-Commit-Position: refs/heads/master@{#29666}

9 years agoOptimize String.prototype.includes
littledan [Wed, 15 Jul 2015 01:01:42 +0000 (18:01 -0700)]
Optimize String.prototype.includes

This patch removes the MathMax call from String.prototype.includes
in order to improve performance. With some quick and dirty benchmarking,
(test case courtesy of the node folks) a sizable performance gain is visible:

d8> function testIndexOf() { var stringArray = [ 'hello', 'world', '123', 'abc' ]; return stringArray.some(function(val, idx, arr) { return val.indexOf('world') !== -1 })}
d8> function testIncludes() { var stringArray = [ 'hello', 'world', '123', 'abc' ]; return stringArray.some(function(val, idx, arr) { return val.includes('world') })}
d8> function testTime(fn) { var before = Date.now(); fn(); return Date.now() - before; }
d8> testTime(function() { for (var i = 0; i < 10000000; i++) { testIncludes() } })
2244
d8> testTime(function() { for (var i = 0; i < 10000000; i++) { testIndexOf() } })
2212

Compare that to before the test, when the performance difference was much larger:

d8> testTime(function() { for (var i = 0; i < 10000000; i++) { testIndexOf() } })
2223
d8> testTime(function() { for (var i = 0; i < 10000000; i++) { testIncludes() } })
2650

In my runs, performance of both functions drifts up and down, but running them in quick
succession back and forth shows a roughly consistent delta of about this magnitude.

String.prototype.includes is still slightly (maybe 5%) slower than String.prototype.indexOf,
but the effect is significantly reduced.

R=adamk
BUG=v8:3807
LOG=Y

Review URL: https://codereview.chromium.org/1231673008

Cr-Commit-Position: refs/heads/master@{#29665}

9 years agoDisable d8-worker-sharedarraybuffer test (fails on TSAN)
binji [Tue, 14 Jul 2015 23:34:17 +0000 (16:34 -0700)]
Disable d8-worker-sharedarraybuffer test (fails on TSAN)

See http://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN/builds/4695/steps/Check%20%28flakes%29/logs/d8-worker-sharedarray..

BUG=v8:4306
R=machenbach@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
LOG=n

Review URL: https://codereview.chromium.org/1241713003

Cr-Commit-Position: refs/heads/master@{#29664}

9 years agoReland of d8 workers: make sure Shell::Quit is only called once (patchset #1 id:1...
binji [Tue, 14 Jul 2015 23:04:18 +0000 (16:04 -0700)]
Reland of d8 workers: make sure Shell::Quit is only called once (patchset #1 id:1 of https://codereview.chromium.org/1235083004/)

Reason for revert:
Looks like the failure is unrelated to my change (still fails after the revert). See http://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Win/builds/856/steps/webkit_unit_tests/logs/stdio

Original issue's description:
> Revert of d8 workers: make sure Shell::Quit is only called once (patchset #5 id:80001 of https://codereview.chromium.org/1230403003/)
>
> Reason for revert:
> Breaks webkit_unit_tests. See http://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Win/builds/853/steps/webkit_unit_tests/logs/stdio
>
> Original issue's description:
> > d8 workers: make sure Shell::Quit is only called once
> >
> > When running with isolates, Quit can be called simultaneously by two threads.
> > If this happens, then both threads try to clean up the Workers, which could
> > crash.
> >
> > BUG=v8:4279
> > R=jarin@chromium.org
> > R=machenbach@chromium.org
> > LOG=n
> >
> > Committed: https://crrev.com/76184292b392d107609f21662a949b58bb1e258c
> > Cr-Commit-Position: refs/heads/master@{#29654}
>
> TBR=jarin@chromium.org,machenbach@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:4279
>
> Committed: https://crrev.com/6b2c6eb75678747afca59b4a78ace597e218145d
> Cr-Commit-Position: refs/heads/master@{#29656}

TBR=jarin@chromium.org,machenbach@chromium.org,adamk@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4279

Review URL: https://codereview.chromium.org/1224203004

Cr-Commit-Position: refs/heads/master@{#29663}

9 years agoImprove error message for duplicate parameters
littledan [Tue, 14 Jul 2015 21:58:49 +0000 (14:58 -0700)]
Improve error message for duplicate parameters

Duplicate parameters are banned both overall in strict mode and also
in arrow functions. Our error message for both cases blamed strict
mode, which is confusing. This patch fixes the message to point to
arrow functions as a possible source as well.

R=wingo, adamk
LOG=N

Review URL: https://codereview.chromium.org/1236863008

Cr-Commit-Position: refs/heads/master@{#29662}

9 years agoImprove parsing errors related to destructuring bind
littledan [Tue, 14 Jul 2015 21:57:40 +0000 (14:57 -0700)]
Improve parsing errors related to destructuring bind

For destructuring bind, the parser needs to complain about things
which are inappropriate to have on the left-hand side.

Previously, regexp literals and template literals were let through
the parser inappropriately. This patch turns those into errors.

This patch also fixes off-by-one errors in reporting the location
of this type of error for strings and numbers. Before the patch,
the error would look like:

d8> var {x: 3} = {x: 4}
(d8):1: SyntaxError: Unexpected number
var {x: 3} = {x: 4}
      ^
SyntaxError: Unexpected number

And with the patch, the error is

d8> var {x: 3} = {x: 4}
(d8):1: SyntaxError: Unexpected number
var {x: 3} = {x: 4}
        ^
SyntaxError: Unexpected number

R=rossberg

Review URL: https://codereview.chromium.org/1236803003

Cr-Commit-Position: refs/heads/master@{#29661}

9 years agoV8: Add utility functions to check SameValue and SameValueZero.
bbudge [Tue, 14 Jul 2015 21:35:46 +0000 (14:35 -0700)]
V8: Add utility functions to check SameValue and SameValueZero.
Adds SameValue and SameValueZero functions for float and double.
These will be used for HeapNumber and SIMD values.

LOG=N
BUG=v8:4124

Review URL: https://codereview.chromium.org/1234073003

Cr-Commit-Position: refs/heads/master@{#29660}

9 years agoPPC: Limit unbound label tracking to branch references.
mbrandy [Tue, 14 Jul 2015 20:11:45 +0000 (13:11 -0700)]
PPC: Limit unbound label tracking to branch references.

Labels which are not associated with branches (e.g. labels which
record the location of the embedded constant pool or jump tables)
should not be tracked for the purpose of trampoline generation.

This also improves management of the high water mark in the buffer
which triggers trampoline generation such that it is reset whenever
the number of tracked branches drops to zero.

These changes should help minimize unnecessary trampoline and
(subsequent) slow branch generation.

R=dstence@us.ibm.com, michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1237213002

Cr-Commit-Position: refs/heads/master@{#29659}

9 years agod8 workers: Fix transferring SharedArrayBuffer to multiple Workers. (try 2)
binji [Tue, 14 Jul 2015 19:56:47 +0000 (12:56 -0700)]
d8 workers: Fix transferring SharedArrayBuffer to multiple Workers. (try 2)

Note: the previous try was reverted for occasional flaky tests. This continued
after the revert, and should be fixed by
https://codereview.chromium.org/1226143003.

Previously, the serialization code would call Externalize for every transferred
ArrayBuffer or SharedArrayBuffer, but that function can only be called once. If
the buffer is already externalized, we should call GetContents instead.

Also fix use-after-free bug when transferring ArrayBuffers. The transferred
ArrayBuffer must be internalized in the new isolate, or be managed by the
Shell. The current code gives it to the isolate externalized and frees it
immediately afterward when the SerializationData object is destroyed.

BUG=chromium:497295
R=jarin@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1223813008

Cr-Commit-Position: refs/heads/master@{#29658}

9 years agoUnship spread calls and spread arrays
adamk [Tue, 14 Jul 2015 18:40:16 +0000 (11:40 -0700)]
Unship spread calls and spread arrays

Return both --harmony-spreadcalls and --harmony-spread-arrays
to staging, in preparation for disabling those features on
the M45 branch.

There are no known bugs in spread calls, but without rest and spread
arrays it seems appropriate to leave all of them out rather than
only supporting a singular use of the '...' operator.

BUG=v8:4298
LOG=y

Review URL: https://codereview.chromium.org/1230773005

Cr-Commit-Position: refs/heads/master@{#29657}

9 years agoRevert of d8 workers: make sure Shell::Quit is only called once (patchset #5 id:80001...
binji [Tue, 14 Jul 2015 18:13:46 +0000 (11:13 -0700)]
Revert of d8 workers: make sure Shell::Quit is only called once (patchset #5 id:80001 of https://codereview.chromium.org/1230403003/)

Reason for revert:
Breaks webkit_unit_tests. See http://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Win/builds/853/steps/webkit_unit_tests/logs/stdio

Original issue's description:
> d8 workers: make sure Shell::Quit is only called once
>
> When running with isolates, Quit can be called simultaneously by two threads.
> If this happens, then both threads try to clean up the Workers, which could
> crash.
>
> BUG=v8:4279
> R=jarin@chromium.org
> R=machenbach@chromium.org
> LOG=n
>
> Committed: https://crrev.com/76184292b392d107609f21662a949b58bb1e258c
> Cr-Commit-Position: refs/heads/master@{#29654}

TBR=jarin@chromium.org,machenbach@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4279

Review URL: https://codereview.chromium.org/1235083004

Cr-Commit-Position: refs/heads/master@{#29656}

9 years agoAllow setting accessor infos over read-only but configurable properties.
verwaest [Tue, 14 Jul 2015 17:43:09 +0000 (10:43 -0700)]
Allow setting accessor infos over read-only but configurable properties.

BUG=

Review URL: https://codereview.chromium.org/1228373004

Cr-Commit-Position: refs/heads/master@{#29655}

9 years agod8 workers: make sure Shell::Quit is only called once
binji [Tue, 14 Jul 2015 17:42:03 +0000 (10:42 -0700)]
d8 workers: make sure Shell::Quit is only called once

When running with isolates, Quit can be called simultaneously by two threads.
If this happens, then both threads try to clean up the Workers, which could
crash.

BUG=v8:4279
R=jarin@chromium.org
R=machenbach@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1230403003

Cr-Commit-Position: refs/heads/master@{#29654}

9 years agoDon't use length property when bounds checking atomics functions
binji [Tue, 14 Jul 2015 16:17:13 +0000 (09:17 -0700)]
Don't use length property when bounds checking atomics functions

The length property can be monkey-patched, so use the native function instead.

R=jarin@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1227913006

Cr-Commit-Position: refs/heads/master@{#29653}

9 years agoAdd -Wshorten-64-to-32 flag to mac builds.
balazs.kilvady [Tue, 14 Jul 2015 16:05:20 +0000 (09:05 -0700)]
Add -Wshorten-64-to-32 flag to mac builds.

BUG=

Review URL: https://codereview.chromium.org/1237753004

Cr-Commit-Position: refs/heads/master@{#29652}

9 years agoFollow-up for "Enable loads and stores to global vars through property cell shortcuts...
ishell [Tue, 14 Jul 2015 15:13:39 +0000 (08:13 -0700)]
Follow-up for "Enable loads and stores to global vars through property cell shortcuts installed into parent script context."

Review URL: https://codereview.chromium.org/1236523004

Cr-Commit-Position: refs/heads/master@{#29651}

9 years agoRemove duplicate flattening. Defining accessors doesn't call out, so don't assert...
verwaest [Tue, 14 Jul 2015 14:57:23 +0000 (07:57 -0700)]
Remove duplicate flattening. Defining accessors doesn't call out, so don't assert that the context doesn't change.

BUG=v8:4137
LOG=n

Review URL: https://codereview.chromium.org/1233073003

Cr-Commit-Position: refs/heads/master@{#29650}

9 years agoReplace Set*Callback with TransitionToAccessorPair
verwaest [Tue, 14 Jul 2015 11:58:32 +0000 (04:58 -0700)]
Replace Set*Callback with TransitionToAccessorPair

BUG=v8:4137
LOG=n

Review URL: https://codereview.chromium.org/1228803005

Cr-Commit-Position: refs/heads/master@{#29649}