platform/upstream/v8.git
9 years ago[es6] Introduce spec compliant IsConstructor.
bmeurer [Thu, 24 Sep 2015 06:50:01 +0000 (23:50 -0700)]
[es6] Introduce spec compliant IsConstructor.

There was already a bit on the Map named "function with prototype",
which basically meant that the Map was a map for a JSFunction that could
be used as a constructor. Now this CL generalizes that bit to
IsConstructor, which says that whatever (Heap)Object you are looking at
can be used as a constructor (i.e. the bit is also set for bound
functions that can be used as constructors and proxies that have a
[[Construct]] internal method).

This way we have a single chokepoint for IsConstructor checking, which
allows us to get rid of the various ways in which we tried to guess
whether something could be used as a constructor or not.

Drive-by-fix: Renamed IsConstructor on FunctionKind to
IsClassConstructor to resolve the weird name clash, and the
IsClassConstructor name also matches the spec.

CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg,v8_linux_nosnap_dbg
R=jarin@chromium.org, rossberg@chromium.org
BUG=v8:4413, v8:4430
LOG=n

Committed: https://crrev.com/8de4d9351df4cf66c8a128d561a6e331d196be54
Cr-Commit-Position: refs/heads/master@{#30900}

Review URL: https://codereview.chromium.org/1358423002

Cr-Commit-Position: refs/heads/master@{#30902}

9 years agoRevert of [es6] Introduce spec compliant IsConstructor. (patchset #2 id:20001 of...
bmeurer [Thu, 24 Sep 2015 05:26:44 +0000 (22:26 -0700)]
Revert of [es6] Introduce spec compliant IsConstructor. (patchset #2 id:20001 of https://codereview.chromium.org/1358423002/ )

Reason for revert:
Failed on Fuzzer and MIPS bot.

Original issue's description:
> [es6] Introduce spec compliant IsConstructor.
>
> There was already a bit on the Map named "function with prototype",
> which basically meant that the Map was a map for a JSFunction that could
> be used as a constructor. Now this CL generalizes that bit to
> IsConstructor, which says that whatever (Heap)Object you are looking at
> can be used as a constructor (i.e. the bit is also set for bound
> functions that can be used as constructors and proxies that have a
> [[Construct]] internal method).
>
> This way we have a single chokepoint for IsConstructor checking, which
> allows us to get rid of the various ways in which we tried to guess
> whether something could be used as a constructor or not.
>
> Drive-by-fix: Renamed IsConstructor on FunctionKind to
> IsClassConstructor to resolve the weird name clash, and the
> IsClassConstructor name also matches the spec.
>
> R=jarin@chromium.org, rossberg@chromium.org
> BUG=v8:4430
> LOG=n
>
> Committed: https://crrev.com/8de4d9351df4cf66c8a128d561a6e331d196be54
> Cr-Commit-Position: refs/heads/master@{#30900}

TBR=jarin@chromium.org,rossberg@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4430

Review URL: https://codereview.chromium.org/1360403002

Cr-Commit-Position: refs/heads/master@{#30901}

9 years ago[es6] Introduce spec compliant IsConstructor.
bmeurer [Thu, 24 Sep 2015 04:00:25 +0000 (21:00 -0700)]
[es6] Introduce spec compliant IsConstructor.

There was already a bit on the Map named "function with prototype",
which basically meant that the Map was a map for a JSFunction that could
be used as a constructor. Now this CL generalizes that bit to
IsConstructor, which says that whatever (Heap)Object you are looking at
can be used as a constructor (i.e. the bit is also set for bound
functions that can be used as constructors and proxies that have a
[[Construct]] internal method).

This way we have a single chokepoint for IsConstructor checking, which
allows us to get rid of the various ways in which we tried to guess
whether something could be used as a constructor or not.

Drive-by-fix: Renamed IsConstructor on FunctionKind to
IsClassConstructor to resolve the weird name clash, and the
IsClassConstructor name also matches the spec.

R=jarin@chromium.org, rossberg@chromium.org
BUG=v8:4430
LOG=n

Review URL: https://codereview.chromium.org/1358423002

Cr-Commit-Position: refs/heads/master@{#30900}

9 years agoX87: [builtins] Add support for NewTarget to Execution::New.
chunyang.dai [Thu, 24 Sep 2015 03:51:55 +0000 (20:51 -0700)]
X87: [builtins] Add support for NewTarget to Execution::New.

port 1dfac69f1fb5ad8e2db2d5be591c094def55d451 (r30857).

original commit message:

    Introduce new builtins Construct and ConstructFunction (in line
    with the Call and CallFunction builtins that we already have) as
    proper bottleneck for Construct and [[Construct]] on JSFunctions.
    Use these builtins to support passing NewTarget from C++ to
    JavaScript land.

    Long-term we want the CallConstructStub to be used for
    gathering feedback on entry to construction chain (i.e. the
    initial new Foo), and use the Construct builtins to do the
    actual work inside the construction chain (i.e. calling into
    super and stuff).

BUG=

Review URL: https://codereview.chromium.org/1362573002

Cr-Commit-Position: refs/heads/master@{#30899}

9 years agoX87: [turbofan] Add support for reinterpreting integers as floating point and vice...
chunyang.dai [Thu, 24 Sep 2015 03:43:42 +0000 (20:43 -0700)]
X87: [turbofan] Add support for reinterpreting integers as floating point and vice versa.

port c610a22231212b12055c294f55b8f3942127580b (r30849).

original commit message:

BUG=

Review URL: https://codereview.chromium.org/1362783003

Cr-Commit-Position: refs/heads/master@{#30898}

9 years agoX87: [ic] Also collect known map for relational comparison.
chunyang.dai [Thu, 24 Sep 2015 03:34:45 +0000 (20:34 -0700)]
X87: [ic] Also collect known map for relational comparison.

port e56f265f6d41fadbcea2be65d9b573bad8b4709d (r30852).

original commit message:

    Previously we only collected the known map for equality comparisons. But
    if we also collect it for relational comparisons, we can inline a fast
    path of ToPrimitive on the objects, which is especially interesting
    since both sides have the same map.

    For now we only inline a very limited subset of ToPrimitive in
    Crankshaft, which is when the receiver map (and its prototype chain)
    doesn't have @@toPrimitive, and both valueOf and toString are the
    default versions on the %ObjectPrototype%. In this case the relational
    comparison would reduce to a string comparison of "[object CLASS]" with
    itself and so we can reduce that to a boolean constant plus map checks
    on both left and right hand side, plus code dependencies on the
    prototype chain. This repairs the regression on box2d.

BUG=

Review URL: https://codereview.chromium.org/1342243005

Cr-Commit-Position: refs/heads/master@{#30897}

9 years agoUpdate V8 DEPS.
v8-autoroll [Thu, 24 Sep 2015 03:26:39 +0000 (20:26 -0700)]
Update V8 DEPS.

Rolling v8/tools/clang to 1cde9025c16dfc3e23be2db010b24f657c255b4c

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review URL: https://codereview.chromium.org/1359983006

Cr-Commit-Position: refs/heads/master@{#30896}

9 years ago[runtime] Replace %to_string_fun with %_ToString.
bmeurer [Wed, 23 Sep 2015 21:46:37 +0000 (14:46 -0700)]
[runtime] Replace %to_string_fun with %_ToString.

Introduce a new macro TO_STRING that maps to %_ToString and use that
instead of calling into any of the ToString/NonStringToString JavaScript
builtins. Also remove the TO_STRING_INLINE macro, which is basically
obsolete with %_ToString. We still have a few uses of ToString left (via
the utils export mechanism), where we need to investigate whether we
will tank badly if we replace them with TO_STRING as well.

CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg,v8_linux_nosnap_dbg
R=yangguo@chromium.org
BUG=v8:4307
LOG=n

Review URL: https://codereview.chromium.org/1323543002

Cr-Commit-Position: refs/heads/master@{#30895}

9 years ago[simdjs] Update Spec version to 0.9
gdeepti [Wed, 23 Sep 2015 18:24:51 +0000 (11:24 -0700)]
[simdjs] Update Spec version to 0.9

Remove sumOfAbsoluteDifferences functions.

BUG=v8:4124
LOG=Y

R=bbudge@chromium.org, littledan@chromium.org

Review URL: https://codereview.chromium.org/1356413002

Cr-Commit-Position: refs/heads/master@{#30894}

9 years agoRename PLACEHOLDER code kind to WASM_FUNCTION.
titzer [Wed, 23 Sep 2015 15:08:27 +0000 (08:08 -0700)]
Rename PLACEHOLDER code kind to WASM_FUNCTION.

R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1365613002

Cr-Commit-Position: refs/heads/master@{#30893}

9 years agoAdd CompilationInfo::output_code_kind to allow overriding the kind of code generated.
titzer [Wed, 23 Sep 2015 14:00:23 +0000 (07:00 -0700)]
Add CompilationInfo::output_code_kind to allow overriding the kind of code generated.

R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1356363004

Cr-Commit-Position: refs/heads/master@{#30892}

9 years ago[tools] Incrementally keep track of GC NVP output
mlippautz [Wed, 23 Sep 2015 13:52:35 +0000 (06:52 -0700)]
[tools] Incrementally keep track of GC NVP output

We not keep track of the histogram as we process values and do not wait until
printing the histogram. Furthermore processing the histogram is not O(n) for n
values.

BUG=

Review URL: https://codereview.chromium.org/1364733002

Cr-Commit-Position: refs/heads/master@{#30891}

9 years ago[builtins] Re-add similar String wrapper optimization for StringAdd.
bmeurer [Wed, 23 Sep 2015 13:49:09 +0000 (06:49 -0700)]
[builtins] Re-add similar String wrapper optimization for StringAdd.

For string wrappers (JSValue instances with [[StringData]] internal
fields), we can shortcirciut the ToPrimitive if

  (a) the {input} map matches the initial map of the String function,
  (b) the {input} [[Prototype]] is the unmodified %StringPrototype% (i.e.
      no one monkey-patched toString, @@toPrimitive or valueOf), and
  (c) the %ObjectPrototype% (i.e. the [[Prototype]] of the
      %StringPrototype%) is also unmodified, that is no one sneaked a
      @@toPrimitive into the %ObjectPrototype%.

If all these assumptions hold, we can just take the [[StringData]] value
and return it.

This just repairs a regression introduced by removing the
weird (and broken) intrinsic %_IsStringWrapperSafeForDefaultValue, which
was intendend to something similar to this, although less efficient and
wrong in the presence of @@toPrimitive. Long-term we might want to move
into the direction of having a ToPrimitiveStub that can do common cases
while staying in JavaScript land (i.e. not going to C++).

R=jarin@chromium.org
BUG=chromium:532524
LOG=n

Review URL: https://codereview.chromium.org/1366563002

Cr-Commit-Position: refs/heads/master@{#30890}

9 years agoRemove crash-hunting instrumentation that has served its purpose.
jkummerow [Wed, 23 Sep 2015 13:48:01 +0000 (06:48 -0700)]
Remove crash-hunting instrumentation that has served its purpose.

BUG=chromium:527994
LOG=n

Review URL: https://codereview.chromium.org/1358393004

Cr-Commit-Position: refs/heads/master@{#30889}

9 years agoRevert of [heap] Add more tasks for parallel compaction (patchset #11 id:200001 of...
machenbach [Wed, 23 Sep 2015 13:46:51 +0000 (06:46 -0700)]
Revert of [heap] Add more tasks for parallel compaction (patchset #11 id:200001 of https://codereview.chromium.org/1354383002/ )

Reason for revert:
[Sheriff] May have caused this new flake:
http://build.chromium.org/p/client.v8/builders/V8%20Linux/builds/5412

Original issue's description:
> [heap] Add more tasks for parallel compaction
>
> - We now compute the number of parallel compaction tasks, depending on the
>   evacuation candidate list, the number of cores, and some hard limit.
> - Free memory is moved over to compaction tasks (up to some limit)
> - Moving over memory is done by dividing the free list of a given space up among
>   other free lists. Since this is potentially slow we limit the maximum amount
>   of moved memory.
>
> BUG=chromium:524425
> LOG=N
>
> Committed: https://crrev.com/0e842418835eea85886a06cf37052895bc8a17db
> Cr-Commit-Position: refs/heads/master@{#30886}

TBR=hpayer@chromium.org,mlippautz@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:524425

Review URL: https://codereview.chromium.org/1356363005

Cr-Commit-Position: refs/heads/master@{#30888}

9 years ago[field type tracking] Fix handling of cleared WeakCells
jkummerow [Wed, 23 Sep 2015 12:35:21 +0000 (05:35 -0700)]
[field type tracking] Fix handling of cleared WeakCells

Whenever a generalization is computed, the inputs must be checked for being cleared, and if they are, the generalization must be Type::Any.

Hopefully this fixes Chromium issue 527994 as well.

BUG=v8:4325,chromium:527994
LOG=n

Review URL: https://codereview.chromium.org/1361103002

Cr-Commit-Position: refs/heads/master@{#30887}

9 years ago[heap] Add more tasks for parallel compaction
mlippautz [Wed, 23 Sep 2015 12:28:55 +0000 (05:28 -0700)]
[heap] Add more tasks for parallel compaction

- We now compute the number of parallel compaction tasks, depending on the
  evacuation candidate list, the number of cores, and some hard limit.
- Free memory is moved over to compaction tasks (up to some limit)
- Moving over memory is done by dividing the free list of a given space up among
  other free lists. Since this is potentially slow we limit the maximum amount
  of moved memory.

BUG=chromium:524425
LOG=N

Review URL: https://codereview.chromium.org/1354383002

Cr-Commit-Position: refs/heads/master@{#30886}

9 years agoExclude test/mjsunit/regress/regress-4121.js from GC stress testing.
ishell [Wed, 23 Sep 2015 11:15:50 +0000 (04:15 -0700)]
Exclude test/mjsunit/regress/regress-4121.js from GC stress testing.

NOTRY=true

Review URL: https://codereview.chromium.org/1364583003

Cr-Commit-Position: refs/heads/master@{#30885}

9 years ago[test] Add FOR_INT64_INPUTS and FOR_UINT64_INPUTS.
titzer [Wed, 23 Sep 2015 11:04:44 +0000 (04:04 -0700)]
[test] Add FOR_INT64_INPUTS and FOR_UINT64_INPUTS.

R=bmeurer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1360133002

Cr-Commit-Position: refs/heads/master@{#30884}

9 years ago[runtime] Remove weird pushing of something on StackOverflow.
bmeurer [Wed, 23 Sep 2015 10:58:38 +0000 (03:58 -0700)]
[runtime] Remove weird pushing of something on StackOverflow.

We somehow try to push some stuff on the stack when we detect a stack
overflow, that we don't need. Even worse we might access outside the
valid stack bounds. Since we don't need this, it's gone.

CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg,v8_linux_nosnap_dbg
R=jarin@chromium.org
BUG=chromium:534881
LOG=n

Review URL: https://codereview.chromium.org/1360953003

Cr-Commit-Position: refs/heads/master@{#30883}

9 years agoRemove unused function in presubmit script
thechargingvolcano [Wed, 23 Sep 2015 10:52:37 +0000 (03:52 -0700)]
Remove unused function in presubmit script

FilterFiles function is defined but unused in the code.

BUG=

R=machenbach@chromium.org

Review URL: https://codereview.chromium.org/1364643002

Cr-Commit-Position: refs/heads/master@{#30882}

9 years ago[arm64] Optimize fcmp when lhs operand is #0.0
pierre.langlois [Wed, 23 Sep 2015 09:33:27 +0000 (02:33 -0700)]
[arm64] Optimize fcmp when lhs operand is #0.0

This patch checks the type of the lhs operand of a floating point
comparison, and commutes the operands if it is #0.0.  It allows us to
optimize a comparison with zero, as the fcmp instruction accepts #0.0 as
rhs operand.

Code before for "0.0 < 0.123":
------------------------------
fmov d1, xzr
ldr d0, pc+96
fcmp d1, d0
b.lo #+0xc

Code after:
-----------
ldr d0, pc+92
fcmp d0, #0.0
b.gt #+0xc

Before this patch, we used unsigned condition codes for floating point
comparisons, but the unordered case was not correctly commuted.

Review URL: https://codereview.chromium.org/1356283003

Cr-Commit-Position: refs/heads/master@{#30881}

9 years agoReland "[turbofan] Checking of input counts on node creation"
jarin [Wed, 23 Sep 2015 09:08:15 +0000 (02:08 -0700)]
Reland "[turbofan] Checking of input counts on node creation"

(Original CL: https://codereview.chromium.org/1347353003/)

Unfortunately, the mips gcc gets confused by arraysize on
variadic templated arguments, so we use sizeof... instead.

Review URL: https://codereview.chromium.org/1366543003

Cr-Commit-Position: refs/heads/master@{#30880}

9 years agoShare literals arrays per <NativeContext, SharedFunctionInfo> pair.
ishell [Wed, 23 Sep 2015 08:46:09 +0000 (01:46 -0700)]
Share literals arrays per <NativeContext, SharedFunctionInfo> pair.

This CL also renames wrongly named test for v8:4173.

BUG=v8:4121
LOG=Y

Review URL: https://codereview.chromium.org/1353363002

Cr-Commit-Position: refs/heads/master@{#30879}

9 years agoRevert of [turbofan] Checking of input counts on node creation (patchset #4 id:60001...
machenbach [Wed, 23 Sep 2015 08:02:22 +0000 (01:02 -0700)]
Revert of [turbofan] Checking of input counts on node creation (patchset #4 id:60001 of https://codereview.chromium.org/1347353003/ )

Reason for revert:
[Sheriff] Breaks mips cross-compile:
http://build.chromium.org/p/client.v8/builders/V8%20Mips%20-%20builder/builds/4315

Original issue's description:
> [turbofan] Checking of input counts on node creation
>
> This required fixing bunch of tests with wrong input counts.
>
> Committed: https://crrev.com/260ec46efd74c45cdc4b156d95086b7de06621ad
> Cr-Commit-Position: refs/heads/master@{#30877}

TBR=bmeurer@chromium.org,mstarzinger@chromium.org,jarin@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1362783004

Cr-Commit-Position: refs/heads/master@{#30878}

9 years ago[turbofan] Checking of input counts on node creation
jarin [Wed, 23 Sep 2015 07:53:43 +0000 (00:53 -0700)]
[turbofan] Checking of input counts on node creation

This required fixing bunch of tests with wrong input counts.

Review URL: https://codereview.chromium.org/1347353003

Cr-Commit-Position: refs/heads/master@{#30877}

9 years ago[mips] Fix typo introduced in r30874.
Benedikt Meurer [Wed, 23 Sep 2015 07:26:44 +0000 (09:26 +0200)]
[mips] Fix typo introduced in r30874.

TBR=machenbach@chromium.org

Review URL: https://codereview.chromium.org/1363863002 .

Cr-Commit-Position: refs/heads/master@{#30876}

9 years ago[runtime] Remove obsolete Object::IsSpecFunction.
bmeurer [Wed, 23 Sep 2015 05:53:23 +0000 (22:53 -0700)]
[runtime] Remove obsolete Object::IsSpecFunction.

We don't need Object::IsSpecFunction anymore, since it only checks for
JSFunction and JSFunctionProxy, but what you actually want to check for
(in case of accessors) is whether the target has a [[Call]] internal
method, which is exactly what Object::IsCallable does.

CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg,v8_linux_nosnap_dbg
R=rossberg@chromium.org
BUG=v8:4413
LOG=n

Review URL: https://codereview.chromium.org/1358403002

Cr-Commit-Position: refs/heads/master@{#30875}

9 years ago[builtin] Refactor Invoke to deal with any kind of callable.
bmeurer [Wed, 23 Sep 2015 05:43:57 +0000 (22:43 -0700)]
[builtin] Refactor Invoke to deal with any kind of callable.

Now both Execution::Call and Execution::New can deal with any
kind of target and will raise a proper exception if the target is not
callable (which is not yet spec compliant for New, as we would
have to check IsConstructor instead, which we don't have yet).

Now we no longer need to do any of these weird call/construct
delegate gymnastics in C++, and we finally have a single true
bottleneck for Call/Construct abstract operations in the code
base, with only a few special handlings left in the compilers to
optimize the JSFunction case.

R=jarin@chromium.org
BUG=v8:4430, v8:4413
LOG=n

Review URL: https://codereview.chromium.org/1360793002

Cr-Commit-Position: refs/heads/master@{#30874}

9 years agoAdd JSTypedArray's length in post-mortem metadata.
julien.gilli [Wed, 23 Sep 2015 05:37:21 +0000 (22:37 -0700)]
Add JSTypedArray's length in post-mortem metadata.

BUG=
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1363683002

Cr-Commit-Position: refs/heads/master@{#30873}

9 years agoPPC: [builtins] Add support for NewTarget to Execution::New.
mbrandy [Tue, 22 Sep 2015 19:56:01 +0000 (12:56 -0700)]
PPC: [builtins] Add support for NewTarget to Execution::New.

Port 1dfac69f1fb5ad8e2db2d5be591c094def55d451

Original commit message:
    Introduce new builtins Construct and ConstructFunction (in line
    with the Call and CallFunction builtins that we already have) as
    proper bottleneck for Construct and [[Construct]] on JSFunctions.
    Use these builtins to support passing NewTarget from C++ to
    JavaScript land.

    Long-term we want the CallConstructStub to be used for
    gathering feedback on entry to construction chain (i.e. the
    initial new Foo), and use the Construct builtins to do the
    actual work inside the construction chain (i.e. calling into
    super and stuff).

R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=v8:4430
LOG=n

Review URL: https://codereview.chromium.org/1358203002

Cr-Commit-Position: refs/heads/master@{#30872}

9 years agoPPC: [ic] Introduce BOOLEAN state for CompareIC.
mbrandy [Tue, 22 Sep 2015 19:42:02 +0000 (12:42 -0700)]
PPC: [ic] Introduce BOOLEAN state for CompareIC.

Port 10c5f2e85ef92b7ca002ef95e406d5dc4f0c410b

Original commit message:
    Slow path for relational comparison of boolean primitive values
    now goes through the runtime, which made the slow path even
    slower than it already was. So in order to repair the regression,
    we just track boolean feedback for comparisons and use that
    to generate decent code in Crankshaft (not the best possible
    code, but good enough for Crankshaft; TurboFan will be able
    to do better on that).

R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=chromium:534200
LOG=n

Review URL: https://codereview.chromium.org/1362683002

Cr-Commit-Position: refs/heads/master@{#30871}

9 years agoPPC: Fix "[turbofan] Add support for reinterpreting integers as floating point and...
mbrandy [Tue, 22 Sep 2015 19:21:55 +0000 (12:21 -0700)]
PPC: Fix "[turbofan] Add support for reinterpreting integers as floating point and vice versa."

R=titzer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1358193002

Cr-Commit-Position: refs/heads/master@{#30870}

9 years agoPPC: [ic] Also collect known map for relational comparison.
mbrandy [Tue, 22 Sep 2015 19:19:52 +0000 (12:19 -0700)]
PPC: [ic] Also collect known map for relational comparison.

Port e56f265f6d41fadbcea2be65d9b573bad8b4709d

Original commit message:
    Previously we only collected the known map for equality comparisons. But
    if we also collect it for relational comparisons, we can inline a fast
    path of ToPrimitive on the objects, which is especially interesting
    since both sides have the same map.

    For now we only inline a very limited subset of ToPrimitive in
    Crankshaft, which is when the receiver map (and its prototype chain)
    doesn't have @@toPrimitive, and both valueOf and toString are the
    default versions on the %ObjectPrototype%. In this case the relational
    comparison would reduce to a string comparison of "[object CLASS]" with
    itself and so we can reduce that to a boolean constant plus map checks
    on both left and right hand side, plus code dependencies on the
    prototype chain. This repairs the regression on box2d.

R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=chromium:534200
LOG=n

Review URL: https://codereview.chromium.org/1358063005

Cr-Commit-Position: refs/heads/master@{#30869}

9 years agoDon't crash when preparsing destructured arguments
adamk [Tue, 22 Sep 2015 17:43:26 +0000 (10:43 -0700)]
Don't crash when preparsing destructured arguments

This adds the materialized literal count accumulated while parsing the
parameters (in the parser proper) to that accumulated by the preparser.

This should have been caught in cctest/test-parsing, but it's not covered
because the parsing tests call directly into the preparser rather than
using Parser::ParseFunctionLiteral (which fully-parses the parameters
and then calls into the preparser to skip over the function body).

Note that this further-inflates the materialized literal count for
functions with destructured arguments, since some of the counted
literals are actually binding patterns. But that's not specific to
binding patterns in formal parameters: it happens in function bodies, too.

BUG=v8:4400,v8:4407
LOG=n

Review URL: https://codereview.chromium.org/1350913005

Cr-Commit-Position: refs/heads/master@{#30868}

9 years ago[strong] Implement revised strong class semantics
conradw [Tue, 22 Sep 2015 16:34:40 +0000 (09:34 -0700)]
[strong] Implement revised strong class semantics

Weak classes can inherit from strong ones again, a strong base class makes
instances strong.

BUG=v8:3956
LOG=N

Review URL: https://codereview.chromium.org/1347243004

Cr-Commit-Position: refs/heads/master@{#30867}

9 years agoMake prettyprinter useful in gdb.
neis [Tue, 22 Sep 2015 15:57:04 +0000 (08:57 -0700)]
Make prettyprinter useful in gdb.

R=rossberg
BUG=

Review URL: https://codereview.chromium.org/1354433004

Cr-Commit-Position: refs/heads/master@{#30866}

9 years ago[tools] Add script to analyze GC tracing output
mlippautz [Tue, 22 Sep 2015 13:59:19 +0000 (06:59 -0700)]
[tools] Add script to analyze GC tracing output

BUG=

Review URL: https://codereview.chromium.org/1348763006

Cr-Commit-Position: refs/heads/master@{#30865}

9 years ago[heap] Process live weak cells directly in the marking visitor.
hpayer [Tue, 22 Sep 2015 13:48:12 +0000 (06:48 -0700)]
[heap] Process live weak cells directly in the marking visitor.

This reduces the pause time of weak cells processing during a full GC.

BUG=

Review URL: https://codereview.chromium.org/1363553002

Cr-Commit-Position: refs/heads/master@{#30864}

9 years agoWhitespace change to test infra changes.
Michael Achenbach [Tue, 22 Sep 2015 13:34:46 +0000 (15:34 +0200)]
Whitespace change to test infra changes.

Cr-Commit-Position: refs/heads/master@{#30863}

9 years agoWhitespace change to test infra changes.
Michael Achenbach [Tue, 22 Sep 2015 13:16:47 +0000 (15:16 +0200)]
Whitespace change to test infra changes.

Cr-Commit-Position: refs/heads/master@{#30862}

9 years ago[x64] Tweaking kMaxSizeEarlyOpt value to recover SunSpider/3d-cube.
ishell [Tue, 22 Sep 2015 08:39:48 +0000 (01:39 -0700)]
[x64] Tweaking kMaxSizeEarlyOpt value to recover SunSpider/3d-cube.

With the IC-less global variables accesses the size of the Rotate* functions became small enough to be immediately optimized by Crankshaft which in turn tanked SunSpider/3d-cube.

BUG=chromium:531338
LOG=N

Review URL: https://codereview.chromium.org/1356603005

Cr-Commit-Position: refs/heads/master@{#30861}

9 years ago[ic] Introduce BOOLEAN state for CompareIC.
bmeurer [Tue, 22 Sep 2015 08:01:26 +0000 (01:01 -0700)]
[ic] Introduce BOOLEAN state for CompareIC.

Slow path for relational comparison of boolean primitive values
now goes through the runtime, which made the slow path even
slower than it already was. So in order to repair the regression,
we just track boolean feedback for comparisons and use that
to generate decent code in Crankshaft (not the best possible
code, but good enough for Crankshaft; TurboFan will be able
to do better on that).

R=jarin@chromium.org
BUG=chromium:534200
LOG=n

Review URL: https://codereview.chromium.org/1347063004

Cr-Commit-Position: refs/heads/master@{#30860}

9 years ago[x64] Compare map instead of value to heap number map in ToStringStub.
bmeurer [Tue, 22 Sep 2015 07:19:58 +0000 (00:19 -0700)]
[x64] Compare map instead of value to heap number map in ToStringStub.

Fixes a typo introduced earlier, where we compare the value to heap
number map instead of the map loaded previously.

TBR=jarin@chromium.org

Review URL: https://codereview.chromium.org/1355253002

Cr-Commit-Position: refs/heads/master@{#30859}

9 years ago[crankshaft] Re-add fast-case for string add left/right.
bmeurer [Tue, 22 Sep 2015 05:46:36 +0000 (22:46 -0700)]
[crankshaft] Re-add fast-case for string add left/right.

Now the StringAddStub can optionally convert it's parameters to strings
(following the rules for the addition operator). This could be further
optimized once we have a ToPrimitiveStub, but it should be sufficient
for the moment.

Also removed the unused Strength parameter to the HStringAdd operator,
because string addition does not depend on language mode.

R=jarin@chromium.org
BUG=v8:4307, chromium:532524
LOG=n

Committed: https://crrev.com/d261849e53fbf8c36efae42d478271f87acff70f
Cr-Commit-Position: refs/heads/master@{#30726}

Review URL: https://codereview.chromium.org/1339053002

Cr-Commit-Position: refs/heads/master@{#30858}

9 years ago[builtins] Add support for NewTarget to Execution::New.
bmeurer [Tue, 22 Sep 2015 04:27:14 +0000 (21:27 -0700)]
[builtins] Add support for NewTarget to Execution::New.

Introduce new builtins Construct and ConstructFunction (in line
with the Call and CallFunction builtins that we already have) as
proper bottleneck for Construct and [[Construct]] on JSFunctions.
Use these builtins to support passing NewTarget from C++ to
JavaScript land.

Long-term we want the CallConstructStub to be used for
gathering feedback on entry to construction chain (i.e. the
initial new Foo), and use the Construct builtins to do the
actual work inside the construction chain (i.e. calling into
super and stuff).

MIPS and MIPS64 ports contributed by akos.palfi@imgtec.com.

R=jarin@chromium.org
BUG=v8:4430
LOG=n

Review URL: https://codereview.chromium.org/1359583002

Cr-Commit-Position: refs/heads/master@{#30857}

9 years ago[crankshaft] Handle @@toStringTag accessor correctly for BuildCompareInstruction.
bmeurer [Tue, 22 Sep 2015 04:07:53 +0000 (21:07 -0700)]
[crankshaft] Handle @@toStringTag accessor correctly for BuildCompareInstruction.

If @@toStringTag is an accessor property, we cannot assume that the result
of calling Object.prototype.toString() for objects with the same map.

R=adamk@chromium.org
BUG=chromium:534200
LOG=n

Review URL: https://codereview.chromium.org/1360723002

Cr-Commit-Position: refs/heads/master@{#30856}

9 years agoUpdate V8 DEPS.
v8-autoroll [Tue, 22 Sep 2015 03:25:00 +0000 (20:25 -0700)]
Update V8 DEPS.

Rolling v8/build/gyp to 01528c7244837168a1c80f06ff60fa5a9793c824

Rolling v8/tools/clang to 3e04436a49a26f4bd2c6f352efcf4c7b10a6d07d

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review URL: https://codereview.chromium.org/1360563003

Cr-Commit-Position: refs/heads/master@{#30855}

9 years agoSplit the GN 'snapshot_toolchain' logic out into an include file.
dpranke [Tue, 22 Sep 2015 02:28:32 +0000 (19:28 -0700)]
Split the GN 'snapshot_toolchain' logic out into an include file.

We need to build parts of v8 with a toolchain that might be different
from both the default (target) toolchain and the regular host toolchain,
because we need the snapshot to have the same bit-width as the target.
V8's build defines a 'snapshot_toolchain' setting for this.

It turns out that we need the value of this toolchain to be exposed
to the Chromium build because some of the test targets (in browser_tests)
depend on d8 and need to be able to built using the same toolchain.

R=brett@chromium.org, jochen@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1350223004

Cr-Commit-Position: refs/heads/master@{#30854}

9 years agoStage sloppy block-scoped functions (Annex B 3.3)
littledan [Mon, 21 Sep 2015 16:30:25 +0000 (09:30 -0700)]
Stage sloppy block-scoped functions (Annex B 3.3)

Turn on some test262 tests that pass now.

R=adamk
LOG=Y
BUG=v8:4285

Review URL: https://codereview.chromium.org/1357233002

Cr-Commit-Position: refs/heads/master@{#30853}

9 years ago[ic] Also collect known map for relational comparison.
bmeurer [Mon, 21 Sep 2015 16:05:27 +0000 (09:05 -0700)]
[ic] Also collect known map for relational comparison.

Previously we only collected the known map for equality comparisons. But
if we also collect it for relational comparisons, we can inline a fast
path of ToPrimitive on the objects, which is especially interesting
since both sides have the same map.

For now we only inline a very limited subset of ToPrimitive in
Crankshaft, which is when the receiver map (and its prototype chain)
doesn't have @@toPrimitive, and both valueOf and toString are the
default versions on the %ObjectPrototype%. In this case the relational
comparison would reduce to a string comparison of "[object CLASS]" with
itself and so we can reduce that to a boolean constant plus map checks
on both left and right hand side, plus code dependencies on the
prototype chain. This repairs the regression on box2d.

R=jkummerow@chromium.org
BUG=chromium:534200
LOG=n

Review URL: https://codereview.chromium.org/1355113002

Cr-Commit-Position: refs/heads/master@{#30852}

9 years agoWhitespace change to test infra changes.
Michael Achenbach [Mon, 21 Sep 2015 14:33:03 +0000 (16:33 +0200)]
Whitespace change to test infra changes.

Cr-Commit-Position: refs/heads/master@{#30851}

9 years ago[heap] Sort declarations for MemoryChunk.
mlippautz [Mon, 21 Sep 2015 14:03:44 +0000 (07:03 -0700)]
[heap] Sort declarations for MemoryChunk.

R=hpayer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1360553003

Cr-Commit-Position: refs/heads/master@{#30850}

9 years ago[turbofan] Add support for reinterpreting integers as floating point and vice versa.
titzer [Mon, 21 Sep 2015 14:00:51 +0000 (07:00 -0700)]
[turbofan] Add support for reinterpreting integers as floating point and vice versa.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1356913002

Cr-Commit-Position: refs/heads/master@{#30849}

9 years ago[heap] Add timer scopes to process weak cells and clear non-live references.
hpayer [Mon, 21 Sep 2015 13:16:21 +0000 (06:16 -0700)]
[heap] Add timer scopes to process weak cells and clear non-live references.

BUG=

Review URL: https://codereview.chromium.org/1345273004

Cr-Commit-Position: refs/heads/master@{#30848}

9 years ago[crankshaft] Generalize PropertyAccessInfo to Name (so it can deal with symbols).
bmeurer [Mon, 21 Sep 2015 12:58:00 +0000 (05:58 -0700)]
[crankshaft] Generalize PropertyAccessInfo to Name (so it can deal with symbols).

This doesn't fix the performance regression mentioned by the bug yet,
but is necessary cleanup to land the fix, and should be separated from
the actual fix.

R=jkummerow@chromium.org
BUG=chromium:534200
LOG=n

Review URL: https://codereview.chromium.org/1345313005

Cr-Commit-Position: refs/heads/master@{#30847}

9 years agoContinuing removing deprecated function from cctest
mythria [Mon, 21 Sep 2015 10:34:44 +0000 (03:34 -0700)]
Continuing removing deprecated function from cctest

Removes deprecated functions from the following files:

test/cctest/compiler/function-tester.h
test/cctest/test-thread-termination.cc
test/cctest/test-threads.cc
test/cctest/test-transitions.cc
test/cctest/test-typedarrays.cc
test/cctest/test-types.cc
test/cctest/test-typing-reset.cc
test/cctest/test-unbound-queue.cc
test/cctest/test-unboxed-doubles.cc

BUG=v8:4134
LOG=n

Review URL: https://codereview.chromium.org/1344583002

Cr-Commit-Position: refs/heads/master@{#30846}

9 years agoX87: [stubs] Refactor StringCompareStub and use it for HStringCompareAndBranch.
chunyang.dai [Mon, 21 Sep 2015 09:18:11 +0000 (02:18 -0700)]
X87: [stubs] Refactor StringCompareStub and use it for HStringCompareAndBranch.

port 8016547c8e6fde00fff0a1791f3c83b444d8af25 (r30818).

original commit message:

    The StringCompareStub used to take its parameters on the (JavaScript)
    stack, which made it impossible to use in TurboFan. Actually
    StringCompareStub was currently completely unused. This changes the
    calling convention to something TurboFan compatible and introduces a
    CallInterfaceDescriptor for StringCompareStub. It also changes
    HStringCompareAndBranch to use the StringCompareStub instead of using
    the full blown CompareICStub for a stupid string comparison.

BUG=

Review URL: https://codereview.chromium.org/1355983003

Cr-Commit-Position: refs/heads/master@{#30845}

9 years agoX87: [runtime] Replace COMPARE/COMPARE_STRONG with proper Object::Compare.
chunyang.dai [Mon, 21 Sep 2015 09:13:01 +0000 (02:13 -0700)]
X87: [runtime] Replace COMPARE/COMPARE_STRONG with proper Object::Compare.

port 593c655a3c814277283f9fa1520d5ce59d6b019c (r30816).

original commit message:

    This removes the weird COMPARE and COMPARE_STRONG JavaScript builtins
    and replaces them with a proper C++ implementation in Object::Compare
    and appropriate wrappers Object::LessThan, Object::GreaterThan, and
    friends that are intended to be used by a true/false returning CompareIC
    in the future, as well as the interpreter.  As a short-term solution we
    provide %Compare and %Compare_Strong entry points for the current
    CompareIC that return the appropriate integer values expected by
    fullcodegen currently.

    Now the Abstract Relational Comparison is also using the correct
    ToPrimitive implementation, which properly supports @@toPrimitive.

BUG=

Review URL: https://codereview.chromium.org/1353343002

Cr-Commit-Position: refs/heads/master@{#30844}

9 years agoAdd ScopeInfo constants to post-mortem metadata
julien.gilli [Mon, 21 Sep 2015 05:45:20 +0000 (22:45 -0700)]
Add ScopeInfo constants to post-mortem metadata

mdb_v8, a post-mortem debugging tool for Node.js, allows users to
inspect ScopeInfo structures in order to get more information about
closures.

Currently, it hardcodes the metadata it uses to find this information.
This change allows it to get this metadata from the node binary itself,
and thus to adapt to future changes made to the layout of the ScopeInfo
data structure.

BUG=

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1350843003

Cr-Commit-Position: refs/heads/master@{#30843}

9 years agoImplement sloppy-mode block-defined functions (Annex B 3.3)
littledan [Mon, 21 Sep 2015 04:30:50 +0000 (21:30 -0700)]
Implement sloppy-mode block-defined functions (Annex B 3.3)

ES2015 specifies very particular semantics for functions defined in blocks.
In strict mode, it is simply a lexical binding scoped to that block. In sloppy
mode, in addition to that lexical binding, there is a var-style binding in
the outer scope, which is overwritten with the local binding when the function
declaration is evaluated, *as long as* introducing ths var binding would not
create a var/let conflict in the outer scope.

This patch implements the semantics by introducing a DelegateStatement, which
is initially filled in with the EmptyStatement and overwritten with the
assignment when the scope is closed out and it can be checked that there is
no conflict.

This patch is tested with a new mjsunit test, and I tried staging it and running
test262, finding that the tests that we have disabled due to lack of Annex B
support now pass.

R=adamk,rossberg
LOG=Y
BUG=v8:4285

Review URL: https://codereview.chromium.org/1332873003

Cr-Commit-Position: refs/heads/master@{#30842}

9 years agoReland of Make profiler no frame region detection code more robust [ia86/x64]
alph [Sun, 20 Sep 2015 16:40:19 +0000 (09:40 -0700)]
Reland of Make profiler no frame region detection code more robust [ia86/x64]

Upon collection of the stack trace if the current PC falls into
the frame building code, the top frame might be in a non-consistent
state. That leads to some of the frames could be missing from the
stack trace.

The patch makes it check instructions under current PC and if they
look like the frame setup/destroy code, it skips the entire sample.

Support for x86/x64

CG_INCLUDE_TRYBOTS=tryserver.v8:v8_linux64_msan_rel
BUG=chromium:529931
LOG=N

Review URL: https://codereview.chromium.org/1348533005

Cr-Commit-Position: refs/heads/master@{#30841}

9 years agoUpdate V8 DEPS.
v8-autoroll [Sat, 19 Sep 2015 03:25:56 +0000 (20:25 -0700)]
Update V8 DEPS.

Rolling v8/build/gyp to cf3170e30578d600b8ec8cd68553cc5e606d42eb

Rolling v8/tools/clang to 76e743dc622478312b66661ad48997b318628cbb

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review URL: https://codereview.chromium.org/1357793002

Cr-Commit-Position: refs/heads/master@{#30840}

9 years agoUpdate BitField3 type in gen-postmortem-metadata.py
julien.gilli [Fri, 18 Sep 2015 22:41:04 +0000 (15:41 -0700)]
Update BitField3 type in gen-postmortem-metadata.py

Since https://codereview.chromium.org/272163002, BitField3 is a raw
uint32 field, and not a SMI anymore.

Update tools/gen-postmortem-metadata.py so that post-mortem tools can
work with versions of V8 that shipped after that change.

This change was merged in github.com/joyent/node right before node
v0.12.0 was released.

R=danno@chromium.org

TEST=mdb_v8, a post-mortem debugging tool running on SmartOS,  has been
using this change since Node.js v0.12.0 was released

BUG=

Review URL: https://codereview.chromium.org/1296743003

Cr-Commit-Position: refs/heads/master@{#30839}

9 years agoPPC: Fix AssertFunction.
mbrandy [Fri, 18 Sep 2015 19:42:25 +0000 (12:42 -0700)]
PPC: Fix AssertFunction.

R=joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1345223005

Cr-Commit-Position: refs/heads/master@{#30838}

9 years agoPPC: [stubs] Refactor StringCompareStub and use it for HStringCompareAndBranch.
mbrandy [Fri, 18 Sep 2015 18:40:32 +0000 (11:40 -0700)]
PPC: [stubs] Refactor StringCompareStub and use it for HStringCompareAndBranch.

Port 8016547c8e6fde00fff0a1791f3c83b444d8af25

Original commit message:
    The StringCompareStub used to take its parameters on the (JavaScript)
    stack, which made it impossible to use in TurboFan. Actually
    StringCompareStub was currently completely unused. This changes the
    calling convention to something TurboFan compatible and introduces a
    CallInterfaceDescriptor for StringCompareStub. It also changes
    HStringCompareAndBranch to use the StringCompareStub instead of using
    the full blown CompareICStub for a stupid string comparison.

R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1358553002

Cr-Commit-Position: refs/heads/master@{#30837}

9 years agoPPC: [runtime] Replace COMPARE/COMPARE_STRONG with proper Object::Compare.
mbrandy [Fri, 18 Sep 2015 18:39:06 +0000 (11:39 -0700)]
PPC: [runtime] Replace COMPARE/COMPARE_STRONG with proper Object::Compare.

Port 593c655a3c814277283f9fa1520d5ce59d6b019c

Original commit message:
    This removes the weird COMPARE and COMPARE_STRONG JavaScript builtins
    and replaces them with a proper C++ implementation in Object::Compare
    and appropriate wrappers Object::LessThan, Object::GreaterThan, and
    friends that are intended to be used by a true/false returning CompareIC
    in the future, as well as the interpreter.  As a short-term solution we
    provide %Compare and %Compare_Strong entry points for the current
    CompareIC that return the appropriate integer values expected by
    fullcodegen currently.

    Now the Abstract Relational Comparison is also using the correct
    ToPrimitive implementation, which properly supports @@toPrimitive.

R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=v8:4307
LOG=n

Review URL: https://codereview.chromium.org/1356983002

Cr-Commit-Position: refs/heads/master@{#30836}

9 years agoRemove on-by-default flag --harmony-object
adamk [Fri, 18 Sep 2015 18:37:44 +0000 (11:37 -0700)]
Remove on-by-default flag --harmony-object

It's been enabled since M45, which is now well into its stable period,
with no problems reported.

Review URL: https://codereview.chromium.org/1356793002

Cr-Commit-Position: refs/heads/master@{#30835}

9 years agoStop emitting kSloppyLexical errors when --harmony-sloppy-let is enabled
adamk [Fri, 18 Sep 2015 18:19:53 +0000 (11:19 -0700)]
Stop emitting kSloppyLexical errors when --harmony-sloppy-let is enabled

This changes the error message for code like:

  if (false) let x;

from "Block-scoped declarations (let, const, function, class) not yet supported outside strict mode"
to "Unexpected identifier" (pointing at |x|).

Review URL: https://codereview.chromium.org/1356783002

Cr-Commit-Position: refs/heads/master@{#30834}

9 years ago[turbofan] Merge group spill ranges.
mtrofin [Fri, 18 Sep 2015 16:01:52 +0000 (09:01 -0700)]
[turbofan] Merge group spill ranges.

Akin to linear scan's TryReuseSpillForPhi, we attempt to merge the
spill ranges of grouped live ranges (which are phi inputs and output),
to avoid inefficient slot-to-slot moves.

BUG=

Review URL: https://codereview.chromium.org/1353023003

Cr-Commit-Position: refs/heads/master@{#30833}

9 years ago[es6] Use the correct ToPrimitive in the Date Constructor.
bmeurer [Fri, 18 Sep 2015 13:20:25 +0000 (06:20 -0700)]
[es6] Use the correct ToPrimitive in the Date Constructor.

This way we can finally remove the ES5 ToPrimitive builtin from
runtime.js, and the Date Constructor now properly supports
@@toPrimitive for the single argument case as well.

CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg,v8_linux_nosnap_dbg
R=rossberg@chromium.org
BUG=v8:4307
LOG=n

Review URL: https://codereview.chromium.org/1346893003

Cr-Commit-Position: refs/heads/master@{#30832}

9 years ago[base] Fix check that makes sure we commit in the virtual memory range.
mlippautz [Fri, 18 Sep 2015 12:41:19 +0000 (05:41 -0700)]
[base] Fix check that makes sure we commit in the virtual memory range.

R=jochen@chromium.org
BUG=chromium:533342
LOG=N

Review URL: https://codereview.chromium.org/1349723005

Cr-Commit-Position: refs/heads/master@{#30831}

9 years agoFix incorrect buffer length.
vogelheim [Fri, 18 Sep 2015 12:07:16 +0000 (05:07 -0700)]
Fix incorrect buffer length.

R=jochen@chromium.org
BUG=chromium:533243
LOG=N

Review URL: https://codereview.chromium.org/1356863002

Cr-Commit-Position: refs/heads/master@{#30830}

9 years agoX87: Remove --pretenure-call-new
chunyang.dai [Fri, 18 Sep 2015 12:00:48 +0000 (05:00 -0700)]
X87: Remove --pretenure-call-new

port b5588f48fd0b4e3ee43be1fe6c19d7ddd8b8b5f1 (r30767).

original commit message:

    There isn't a plan to turn it on soon, so we'll take it out in favor of cleaner code.

BUG=

Review URL: https://codereview.chromium.org/1346043005

Cr-Commit-Position: refs/heads/master@{#30829}

9 years agoX87: [runtime] Initial step towards switching Execution::Call to callable.
chunyang.dai [Fri, 18 Sep 2015 11:59:31 +0000 (04:59 -0700)]
X87: [runtime] Initial step towards switching Execution::Call to callable.

port d5bbd45f044ae6796c0d0f7bd8732069d74418de (r30808).

oringial commit message:

    Currently Execution::Call (and friends) still duplicate a lot of the
    Call sequence logic that should be encapsulated in the Call and
    CallFunction builtins. So the plan now is to switch Execution::Call
    to accept any Callable and just pass that through to the Call builtin.

BUG=

Review URL: https://codereview.chromium.org/1350183005

Cr-Commit-Position: refs/heads/master@{#30828}

9 years agoX87: Vector ICs: Hook up vectors in platform builtins to their SharedFunctionInfos.
chunyang.dai [Fri, 18 Sep 2015 11:47:23 +0000 (04:47 -0700)]
X87: Vector ICs: Hook up vectors in platform builtins to their SharedFunctionInfos.

port 905e008c52ba06120f4a523aab00a53bc50830f1 (r30758)

BUG=

Review URL: https://codereview.chromium.org/1352173002

Cr-Commit-Position: refs/heads/master@{#30827}

9 years agoX87: [builtins] Unify the String constructor.
chunyang.dai [Fri, 18 Sep 2015 11:46:12 +0000 (04:46 -0700)]
X87: [builtins] Unify the String constructor.

port a3d6f6cce317dbe1d31079eb81e15e49f3fb687a (r30759).

original commit message:

    Implement the String constructor completely as native builtin,
    avoiding the need to do gymnastics in JavaScript builtin to
    properly detect the no argument case (which is different from
    the undefined argument case) and also allowing to just
    tailcall through to ToString or SymbolDescriptiveString for
    the common case. Also the JavaScript builtin was misleading
    since the case for construct call was unused, but could be
    triggered in a wrong way once we support tail calls from
    constructor functions.

    This refactoring allows us to properly implement subclassing
    for String builtins, once we have the correct initial_map on
    derived classes (it's merely a matter of using NewTarget
    instead of the target register now).

    This introduces a new %SymbolDescriptiveString runtime
    entry, which is also used by Symbol.toString() now.

BUG=

Review URL: https://codereview.chromium.org/1349403002

Cr-Commit-Position: refs/heads/master@{#30826}

9 years agoelements.cc cleanup
cbruni [Fri, 18 Sep 2015 11:15:34 +0000 (04:15 -0700)]
elements.cc cleanup

Reuse code for copying arguments and pushing/shifting elements.

BUG=

Review URL: https://codereview.chromium.org/1346013005

Cr-Commit-Position: refs/heads/master@{#30825}

9 years agoMIPS64: Optimize simulator.
balazs.kilvady [Fri, 18 Sep 2015 11:08:17 +0000 (04:08 -0700)]
MIPS64: Optimize simulator.

Port 09f41681ef83fe9e9d79748e2a60f16b70d5934c

Original commit message:
The patch decreases the calls of huge switch instructions making the
DecodeType*() functions to work in one phase and optimizing
Instruction::InstructionType(). Speed gain in release full check is
about 33% (6:13 s -> 4:09 s) and in optdebug full test is about 50%
(12:29 -> 6:17)

BUG=

Review URL: https://codereview.chromium.org/1356693002

Cr-Commit-Position: refs/heads/master@{#30824}

9 years agoFix --hydrogen-stats crashing on null_ptr for shared_info
cbruni [Fri, 18 Sep 2015 11:03:30 +0000 (04:03 -0700)]
Fix --hydrogen-stats crashing on null_ptr for shared_info

BUG=

Review URL: https://codereview.chromium.org/1350293002

Cr-Commit-Position: refs/heads/master@{#30823}

9 years ago[heap] Cleanup: Align naming of parallel sweeping with parallel compaction.
mlippautz [Fri, 18 Sep 2015 10:49:11 +0000 (03:49 -0700)]
[heap] Cleanup: Align naming of parallel sweeping with parallel compaction.

Pure refactoring.

R=hpayer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1354613002

Cr-Commit-Position: refs/heads/master@{#30822}

9 years ago[turbofan] Use StringCompareStub for string comparisons.
bmeurer [Fri, 18 Sep 2015 10:18:41 +0000 (03:18 -0700)]
[turbofan] Use StringCompareStub for string comparisons.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1353103002

Cr-Commit-Position: refs/heads/master@{#30821}

9 years agoUse public_deps for v8_base in GN.
brettw [Fri, 18 Sep 2015 09:32:30 +0000 (02:32 -0700)]
Use public_deps for v8_base in GN.

The previous code took advantage of the fact that a group's deps are implicitly public, but I'm trying to fix that. This also cleans up some duplicated code between component and non-component builds.

Review URL: https://codereview.chromium.org/1356723002

Cr-Commit-Position: refs/heads/master@{#30820}

9 years ago[hydrogen] Add crash-hunting instrumentation to Hydrogen too
jkummerow [Fri, 18 Sep 2015 09:15:39 +0000 (02:15 -0700)]
[hydrogen] Add crash-hunting instrumentation to Hydrogen too

This extends instrumentation added in r30683 and r30768 to cover
the possibility that the root cause we're after is in optimized code.

This CL is intended to be reverted in a couple of days, but should
cause no harm while it's in the tree (we would crash anyway).

BUG=chromium:527994
LOG=n

Review URL: https://codereview.chromium.org/1348823003

Cr-Commit-Position: refs/heads/master@{#30819}

9 years ago[stubs] Refactor StringCompareStub and use it for HStringCompareAndBranch.
bmeurer [Fri, 18 Sep 2015 08:30:22 +0000 (01:30 -0700)]
[stubs] Refactor StringCompareStub and use it for HStringCompareAndBranch.

The StringCompareStub used to take its parameters on the (JavaScript)
stack, which made it impossible to use in TurboFan. Actually
StringCompareStub was currently completely unused. This changes the
calling convention to something TurboFan compatible and introduces a
CallInterfaceDescriptor for StringCompareStub. It also changes
HStringCompareAndBranch to use the StringCompareStub instead of using
the full blown CompareICStub for a stupid string comparison.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1347913003

Cr-Commit-Position: refs/heads/master@{#30818}

9 years ago[test] Allow passing extra flags to perf tryjobs.
machenbach [Fri, 18 Sep 2015 08:06:14 +0000 (01:06 -0700)]
[test] Allow passing extra flags to perf tryjobs.

NOTRY=true

Review URL: https://codereview.chromium.org/1342263003

Cr-Commit-Position: refs/heads/master@{#30817}

9 years ago[runtime] Replace COMPARE/COMPARE_STRONG with proper Object::Compare.
bmeurer [Fri, 18 Sep 2015 06:35:36 +0000 (23:35 -0700)]
[runtime] Replace COMPARE/COMPARE_STRONG with proper Object::Compare.

This removes the weird COMPARE and COMPARE_STRONG JavaScript builtins
and replaces them with a proper C++ implementation in Object::Compare
and appropriate wrappers Object::LessThan, Object::GreaterThan, and
friends that are intended to be used by a true/false returning CompareIC
in the future, as well as the interpreter.  As a short-term solution we
provide %Compare and %Compare_Strong entry points for the current
CompareIC that return the appropriate integer values expected by
fullcodegen currently.

Now the Abstract Relational Comparison is also using the correct
ToPrimitive implementation, which properly supports @@toPrimitive.

BUG=v8:4307
LOG=n

Review URL: https://codereview.chromium.org/1350113002

Cr-Commit-Position: refs/heads/master@{#30816}

9 years agoUpdate V8 DEPS.
v8-autoroll [Fri, 18 Sep 2015 03:26:40 +0000 (20:26 -0700)]
Update V8 DEPS.

Rolling v8/tools/clang to 0e7dbd100f91096de47919f394ac0b32dd7c21a2

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review URL: https://codereview.chromium.org/1355633003

Cr-Commit-Position: refs/heads/master@{#30815}

9 years agoUse a kMaxSafeInteger instead of Number.MAX_SAFE_INTEGER
aperez [Thu, 17 Sep 2015 23:59:47 +0000 (16:59 -0700)]
Use a kMaxSafeInteger instead of Number.MAX_SAFE_INTEGER

Defines and uses a kMaxSafeInteger macro (which expands to the constant
2^53-1) instead of accessing Number.MAX_SAFE_INTEGER. This saves loading
the attribute from the Number object, which is slightly faster. This also
makes it clearer from reading the code that tha value being compared is
constant.

BUG=
LOG=N

Review URL: https://codereview.chromium.org/1353953002

Cr-Commit-Position: refs/heads/master@{#30814}

9 years agoPPC: [runtime] Initial step towards switching Execution::Call to callable.
mbrandy [Thu, 17 Sep 2015 20:39:45 +0000 (13:39 -0700)]
PPC: [runtime] Initial step towards switching Execution::Call to callable.

Port d5bbd45f044ae6796c0d0f7bd8732069d74418de

Original commit message:
    Currently Execution::Call (and friends) still duplicate a lot of the
    Call sequence logic that should be encapsulated in the Call and
    CallFunction builtins. So the plan now is to switch Execution::Call
    to accept any Callable and just pass that through to the Call builtin.

R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=v8:4413
LOG=n

Review URL: https://codereview.chromium.org/1347213003

Cr-Commit-Position: refs/heads/master@{#30813}

9 years ago[simdjs] Update spec version to 0.8.4
gdeepti [Thu, 17 Sep 2015 17:54:48 +0000 (10:54 -0700)]
[simdjs] Update spec version to 0.8.4

Merge ShiftRightArithmetic and ShiftRightLogical Functions.

BUG=v8:4124
LOG=Y

Review URL: https://codereview.chromium.org/1351663002

Cr-Commit-Position: refs/heads/master@{#30812}

9 years ago[arm64]: Fix bug introduced accidentally in r30710
rmcilroy [Thu, 17 Sep 2015 17:24:13 +0000 (10:24 -0700)]
[arm64]: Fix bug introduced accidentally in r30710

Uncomment the if (!serializer_enabled()) check which I accidentially left
commented out after debugging during the CLs development.

BUG=chromium:532969
R=bmeurer@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1351943002

Cr-Commit-Position: refs/heads/master@{#30811}

9 years agoPPC: [runtime] Replace the EQUALS builtin with proper Object::Equals.
mbrandy [Thu, 17 Sep 2015 17:16:43 +0000 (10:16 -0700)]
PPC: [runtime] Replace the EQUALS builtin with proper Object::Equals.

Port 54bab695f5de5bf5948c5b50b217628a00d60f91

Original commit message:
    Move the implementation of the Abstract Equality Comparison to the
    runtime and thereby remove the EQUALS dispatcher builtin. Also remove
    the various runtime entry points that were only used to support the
    EQUALS builtin.

    Now the Abstract Equality Comparison is also using the correct
    ToPrimitive implementation, which properly supports @@toPrimitive.

R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=v8:4307
LOG=n

Review URL: https://codereview.chromium.org/1357493002

Cr-Commit-Position: refs/heads/master@{#30810}

9 years agoPPC: [builtins] Unify the String constructor.
mbrandy [Thu, 17 Sep 2015 17:14:06 +0000 (10:14 -0700)]
PPC: [builtins] Unify the String constructor.

Port a3d6f6cce317dbe1d31079eb81e15e49f3fb687a

Original commit message:
    Implement the String constructor completely as native builtin,
    avoiding the need to do gymnastics in JavaScript builtin to
    properly detect the no argument case (which is different from
    the undefined argument case) and also allowing to just
    tailcall through to ToString or SymbolDescriptiveString for
    the common case. Also the JavaScript builtin was misleading
    since the case for construct call was unused, but could be
    triggered in a wrong way once we support tail calls from
    constructor functions.

    This refactoring allows us to properly implement subclassing
    for String builtins, once we have the correct initial_map on
    derived classes (it's merely a matter of using NewTarget
    instead of the target register now).

    This introduces a new %SymbolDescriptiveString runtime
    entry, which is also used by Symbol.toString() now.

R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1354663002

Cr-Commit-Position: refs/heads/master@{#30809}

9 years ago[runtime] Initial step towards switching Execution::Call to callable.
bmeurer [Thu, 17 Sep 2015 17:11:38 +0000 (10:11 -0700)]
[runtime] Initial step towards switching Execution::Call to callable.

Currently Execution::Call (and friends) still duplicate a lot of the
Call sequence logic that should be encapsulated in the Call and
CallFunction builtins. So the plan now is to switch Execution::Call
to accept any Callable and just pass that through to the Call builtin.

CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_dbg
R=jarin@chromium.org
BUG=v8:4413
LOG=n

Committed: https://crrev.com/359645f48156e15f235e9a9ede7910e0bcd9ae45
Cr-Commit-Position: refs/heads/master@{#30791}

Review URL: https://codereview.chromium.org/1353723002

Cr-Commit-Position: refs/heads/master@{#30808}

9 years agoPPC: Remove --pretenure-call-new
mbrandy [Thu, 17 Sep 2015 17:03:57 +0000 (10:03 -0700)]
PPC: Remove --pretenure-call-new

Port b5588f48fd0b4e3ee43be1fe6c19d7ddd8b8b5f1

Original commit message:
    There isn't a plan to turn it on soon, so we'll take it out in favor of cleaner code.

R=mvstanton@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1347253003

Cr-Commit-Position: refs/heads/master@{#30807}

9 years agoPPC: Vector ICs: Hook up vectors in platform builtins to their SharedFunctionInfos.
mbrandy [Thu, 17 Sep 2015 17:02:45 +0000 (10:02 -0700)]
PPC: Vector ICs: Hook up vectors in platform builtins to their SharedFunctionInfos.

Port 905e008c52ba06120f4a523aab00a53bc50830f1

R=mvstanton@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=v8:4423
LOG=N

Review URL: https://codereview.chromium.org/1350923003

Cr-Commit-Position: refs/heads/master@{#30806}

9 years agoWhitespace change.
tandrii [Thu, 17 Sep 2015 14:59:24 +0000 (07:59 -0700)]
Whitespace change.

R=machenbach@chromium.org,jochen@chromium.org
NOTRY=True
BUG=

Review URL: https://codereview.chromium.org/1357453002

Cr-Commit-Position: refs/heads/master@{#30805}

9 years agoPretenure builtin typed arrays.
ben [Thu, 17 Sep 2015 14:47:37 +0000 (07:47 -0700)]
Pretenure builtin typed arrays.

Typed arrays from the snapshot start out in the young space but they
all seem to end up in the old space sooner or later anyway.  Let's
expedite that by allocating them in the old space right away.

Review URL: https://codereview.chromium.org/1347263003

Cr-Commit-Position: refs/heads/master@{#30804}

9 years ago[heap] Fix waiting for parallel tasks
mlippautz [Thu, 17 Sep 2015 14:43:15 +0000 (07:43 -0700)]
[heap] Fix waiting for parallel tasks

R=hpayer@chromium.org
BUG=chromium:524425
LOG=N

Review URL: https://codereview.chromium.org/1356663002

Cr-Commit-Position: refs/heads/master@{#30803}