ishell [Fri, 27 Mar 2015 06:34:30 +0000 (23:34 -0700)]
Revert of Use a slot that is located on a heap page when removing invalid entries from the SlotsBuffer. (patchset #1 id:1 of https://codereview.chromium.org/
1020853022/)
Reason for revert:
Reverting risky GC changes that block v8 roll.
Original issue's description:
> Use a slot that is located on a heap page when removing invalid entries from the SlotsBuffer.
>
> BUG=chromium:470801
> LOG=Y
>
> Committed: https://crrev.com/
2f3a42f9a1d66ffc9d260d9700ff831c3aa1cd41
> Cr-Commit-Position: refs/heads/master@{#27467}
TBR=hpayer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:470801
Review URL: https://codereview.chromium.org/
1033163002
Cr-Commit-Position: refs/heads/master@{#27490}
paul.lind [Thu, 26 Mar 2015 22:50:54 +0000 (15:50 -0700)]
MIPS64: [turbofan] Fix loading of JSFunction from activation in case of adapter frame.
Use 64-bit load.
BUG=
Review URL: https://codereview.chromium.org/
1037863003
Cr-Commit-Position: refs/heads/master@{#27489}
michael_dawson [Thu, 26 Mar 2015 22:11:53 +0000 (15:11 -0700)]
PPC64: [turbofan] Fix DCHECK in AssembleSwap.
Fixes these tests in PPC,debug,non-sim
mjsunit/compiler/osr-maze1
mjsunit/compiler/regress-3
mjsunit/regress/regress-crbug-173907
mjsunit/regress/regress-crbug-173907b
R=mbrandy@us.ibm.com
BUG=
Review URL: https://codereview.chromium.org/
1038923003
Cr-Commit-Position: refs/heads/master@{#27488}
sergiyb [Thu, 26 Mar 2015 20:27:55 +0000 (13:27 -0700)]
Removed default value for project_bases
R=machenbach@chromium.org
Review URL: https://codereview.chromium.org/
1034153003
Cr-Commit-Position: refs/heads/master@{#27487}
michael_dawson [Thu, 26 Mar 2015 18:23:39 +0000 (11:23 -0700)]
PPC: [turbofan] Fix loading of JSFunction from activation in case of adapter frame.
Port
ebc51674766dd5b17ebbfadf4a35c514ab638a5f
Original commit message:
R=mbrandy@us.ibm.com
BUG=
Review URL: https://codereview.chromium.org/
1016003005
Cr-Commit-Position: refs/heads/master@{#27486}
erikcorry [Thu, 26 Mar 2015 16:53:47 +0000 (09:53 -0700)]
Disable test on deopt fuzzer that uses a little too much memory
R=ulan@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1032373002
Cr-Commit-Position: refs/heads/master@{#27485}
chunyang.dai [Thu, 26 Mar 2015 16:16:09 +0000 (09:16 -0700)]
Update the parameters of VisitSwitch function for turbofan unsupported platform.
This change comes from
a6940f7aa3d7dc36e2c8713d11daccdf6837371b.
BUG=
Review URL: https://codereview.chromium.org/
1031253005
Cr-Commit-Position: refs/heads/master@{#27484}
ulan [Thu, 26 Mar 2015 15:54:51 +0000 (08:54 -0700)]
Revert "Reland "Allow compaction when incremental marking is on.""
This reverts commit
89ba65fd4970130eea02b675e448a8219ae3d0dd.
Reason: crash in v8.detached_context_age_in_gc benchmark.
BUG=chromium:450824
LOG=NO
NOTRY=true
NOTREECHECKS=true
TBR=hpayer@chromium.org
Review URL: https://codereview.chromium.org/
1034203002
Cr-Commit-Position: refs/heads/master@{#27483}
dcarney [Thu, 26 Mar 2015 15:21:54 +0000 (08:21 -0700)]
add access checks to receivers on function callbacks
R=verwaest@chromium.org
BUG=468451
LOG=N
Review URL: https://codereview.chromium.org/
1036743004
Cr-Commit-Position: refs/heads/master@{#27482}
mstarzinger [Thu, 26 Mar 2015 15:04:39 +0000 (08:04 -0700)]
Fix broken JSFunction::is_compiled predicate.
The aforementioned predicate reported a JSFunction that was marked for
optimization as already compiled. This in turn also prevented us from
being aggressive about FLAG_always_opt treatment.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/
1019293003
Cr-Commit-Position: refs/heads/master@{#27481}
balazs.kilvady [Thu, 26 Mar 2015 15:01:04 +0000 (08:01 -0700)]
MIPS: Fix [turbofan] Factor out common switch-related code in instruction selectors.
BUG=
Review URL: https://codereview.chromium.org/
1019923004
Cr-Commit-Position: refs/heads/master@{#27480}
jochen [Thu, 26 Mar 2015 13:29:27 +0000 (06:29 -0700)]
Add CHECKs when updating pointers from the slots and store buffers
We want to verify that we always overwrite heap objects with heap
objects, and non-heap objects with non-heap objects
BUG=chromium:452095
R=hpayer@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/
1035763002
Cr-Commit-Position: refs/heads/master@{#27479}
chunyang.dai [Thu, 26 Mar 2015 13:06:47 +0000 (06:06 -0700)]
X87: Switch full-codegen from StackHandlers to handler table.
port
38a719f965d0a83ddac04392d5b9c5abe214281c (r27440)
original commit message:
This switches full-codegen to no longer push and pop StackHandler
markers onto the operand stack, but relies on a range-based handler
table instead. We only use StackHandlers in JSEntryStubs to mark the
transition from C to JS code.
Note that this makes deoptimization and OSR from within any try-block
work out of the box, makes the non-exception paths faster and should
overall be neutral on the memory footprint (pros).
On the other hand it makes the exception paths slower and actually
throwing and exception more expensive (cons).
BUG=
Review URL: https://codereview.chromium.org/
1030283003
Cr-Commit-Position: refs/heads/master@{#27478}
mstarzinger [Thu, 26 Mar 2015 12:30:43 +0000 (05:30 -0700)]
[debugger] Make Runtime_DebugEvaluate safe for reentry.
Only one FrameInspector can be active at a time on any given stack,
this ensures that it's lifetime is sufficiently scoped.
R=yangguo@chromium.org
TEST=mjsunit/regress/regress-crbug-259300
Review URL: https://codereview.chromium.org/
1034743002
Cr-Commit-Position: refs/heads/master@{#27477}
jochen [Thu, 26 Mar 2015 11:58:31 +0000 (04:58 -0700)]
Don't start marking while sweeping
BUG=none
R=hpayer@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/
1032963002
Cr-Commit-Position: refs/heads/master@{#27476}
dcarney [Thu, 26 Mar 2015 11:50:16 +0000 (04:50 -0700)]
two pass phantom collection
R=jochen@chromium.org, erikcorry@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
998253006
Cr-Commit-Position: refs/heads/master@{#27475}
pcc [Thu, 26 Mar 2015 11:40:51 +0000 (04:40 -0700)]
Use a different variant of CpuFeatures::FlushICache asm with clang.
This variant avoids a constant pool entry, which can be problematic
when LTO'ing. It is also slightly shorter.
R=bmeurer@chromium.org,Jacob.Bramley@arm.com
BUG=chromium:453195
LOG=n
Review URL: https://codereview.chromium.org/
986643004
Cr-Commit-Position: refs/heads/master@{#27474}
verwaest [Thu, 26 Mar 2015 11:21:52 +0000 (04:21 -0700)]
Remove CanRetainOtherContext since embedded objects are now weak.
Instead of CanRetainOtherContext, we now manually blacklist all access-checked objects.
BUG=
Review URL: https://codereview.chromium.org/
1020803004
Cr-Commit-Position: refs/heads/master@{#27473}
yangguo [Thu, 26 Mar 2015 10:43:37 +0000 (03:43 -0700)]
Revert of Revert of Debugger: deduplicate shared function info when setting script break points. (patchset #1 id:1 of https://codereview.chromium.org/
999273003/)
Reason for revert:
Reland since the failure has been fixed in https://codereview.chromium.org/
1035523005/
Original issue's description:
> Revert of Debugger: deduplicate shared function info when setting script break points. (patchset #4 id:60001 of https://codereview.chromium.org/
998253005/)
>
> Reason for revert:
> Code caching failures.
>
> Original issue's description:
> > Debugger: deduplicate shared function info when setting script break points.
> >
> > Also fix Debug.showBreakPoints for multiple break points at the same location.
> >
> > BUG=v8:3960
> > LOG=N
> >
> > Committed: https://crrev.com/
73b17a71a22564c0b66d9aa7c00948c748f5b290
> > Cr-Commit-Position: refs/heads/master@{#27444}
>
> TBR=mstarzinger@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:3960
>
> Committed: https://crrev.com/
9b29d008dfcc00bf56be8040add1d2c5e404673b
> Cr-Commit-Position: refs/heads/master@{#27448}
TBR=mstarzinger@chromium.org
BUG=v8:3960
LOG=N
Review URL: https://codereview.chromium.org/
1037013002
Cr-Commit-Position: refs/heads/master@{#27472}
yangguo [Thu, 26 Mar 2015 09:50:34 +0000 (02:50 -0700)]
Serializer: ensure unique script ids when deserializing.
R=jochen@chromium.org
Review URL: https://codereview.chromium.org/
1035523005
Cr-Commit-Position: refs/heads/master@{#27471}
titzer [Thu, 26 Mar 2015 09:38:11 +0000 (02:38 -0700)]
[turbofan]: Integrate basic type feedback for property accesses.
BUG=
Review URL: https://codereview.chromium.org/
1021713005
Cr-Commit-Position: refs/heads/master@{#27470}
titzer [Thu, 26 Mar 2015 09:17:57 +0000 (02:17 -0700)]
[turbofan] Enable OSR.
R=jarin@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1037913002
Cr-Commit-Position: refs/heads/master@{#27469}
titzer [Thu, 26 Mar 2015 09:08:45 +0000 (02:08 -0700)]
[turbofan] Factor out common switch-related code in instruction selectors.
R=bmeurer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1019803005
Cr-Commit-Position: refs/heads/master@{#27468}
ishell [Thu, 26 Mar 2015 09:00:16 +0000 (02:00 -0700)]
Use a slot that is located on a heap page when removing invalid entries from the SlotsBuffer.
BUG=chromium:470801
LOG=Y
Review URL: https://codereview.chromium.org/
1020853022
Cr-Commit-Position: refs/heads/master@{#27467}
yurys [Thu, 26 Mar 2015 08:49:52 +0000 (01:49 -0700)]
Return timestamp of the last recorded interval to the caller of HeapProfiler::GetHeapStats
Before this patch the embedder could assign timestamp to the last interval after calling GetHeapStats. This would be slightly different from the timstamps assigned by v8 internally and written into heap snapshot. This patch allow to avoid this small discrepancy by returning timestamp along with last heap stats update.
BUG=chromium:467222
LOG=Y
Review URL: https://codereview.chromium.org/
1037803002
Cr-Commit-Position: refs/heads/master@{#27466}
svenpanne [Thu, 26 Mar 2015 08:36:28 +0000 (01:36 -0700)]
Add full TurboFan support for accessing SeqString contents.
LOG=n
Review URL: https://codereview.chromium.org/
1013753016
Cr-Commit-Position: refs/heads/master@{#27465}
yangguo [Thu, 26 Mar 2015 08:15:32 +0000 (01:15 -0700)]
Debugger: remove unused JS Debugger API.
R=ulan@chromium.org
Review URL: https://codereview.chromium.org/
1005053004
Cr-Commit-Position: refs/heads/master@{#27464}
michael_dawson [Thu, 26 Mar 2015 08:06:41 +0000 (01:06 -0700)]
Fix host_arch detection for AIX and one new warning as error
The value returned on AIX for platform.machine() is not the
best value to map the architecture from. Use platform.system
to determine if we are on AIX and if so set host_arch to
ppc64 as AIX 6.1 (the earliest supported) only provides a
64 bit kernel
AIX was reporting warning that offset may be used uninitialized
modified: build/detect_v8_host_arch.py
modified: build/standalone.gypi
modified: src/hydrogen-bce.cc
R=mbrandy@us.ibm.com, jkummerow@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1006583004
Cr-Commit-Position: refs/heads/master@{#27463}
v8-autoroll [Thu, 26 Mar 2015 07:29:13 +0000 (00:29 -0700)]
Update V8 DEPS.
Rolling v8/tools/clang to
ea2f0a2d96ffc6f5a51c034db704ccc1a6543156
TBR=machenbach@chromium.org
Review URL: https://codereview.chromium.org/
1032223004
Cr-Commit-Position: refs/heads/master@{#27462}
chunyang.dai [Thu, 26 Mar 2015 02:52:59 +0000 (19:52 -0700)]
X87: VectorICs: keyed element loads were kicking out non-smi keys unnecessarily
port
6689cc27ebe60685c025de9ae1f09919093f8213 (r27377)
original commit message:
Handlers should be in charge of this work. The change uncovered a bug in
vector-ics related to keyed loads into strings. It's important for
StringCharCodeAtGenerator, a helper used in full code and in
LoadIndexedStringStub (a handler) to protect the vector and slot registers
when it makes a runtime call to convert a HeapNumber to a Smi.
It's still possible for the handler to MISS after this call, perhaps due
to out of bounds access. In that case, the vector and slot registers need
to be delivered safely to the MISS handler.
BUG=
Review URL: https://codereview.chromium.org/
1033733005
Cr-Commit-Position: refs/heads/master@{#27461}
chunyang.dai [Thu, 26 Mar 2015 02:24:22 +0000 (19:24 -0700)]
X87: [es6] implement Reflect.apply() & Reflect.construct()
port
d21fd15467e16f185e511dbfbaeef7caddfe804a (r27316)
original commit message:
[es6] implement Reflect.apply() & Reflect.construct()
BUG=
Review URL: https://codereview.chromium.org/
1021723006
Cr-Commit-Position: refs/heads/master@{#27460}
chunyang.dai [Thu, 26 Mar 2015 02:11:14 +0000 (19:11 -0700)]
X87: [es6] generate rest parameters correctly for subclass constructors
port
bef80fcfd7e89cadc215f7d10a016a375e346490 (r27344)
original commit message:
[es6] generate rest parameters correctly for subclass constructors
BUG=
Review URL: https://codereview.chromium.org/
1033643002
Cr-Commit-Position: refs/heads/master@{#27459}
kozyatinskiy [Wed, 25 Mar 2015 23:11:01 +0000 (16:11 -0700)]
Reland [V8] Removed SourceLocationRestrict
This method uses in messages.js in GetSourceLine and GetPositionInLine. This methods uses in v8::Message API methods and there is no documentation about it.
Method looks obsolete.
One of the strange side effect is shown by attached issue.
BUG=chromium:468781
TBR=yangguo@chromium.org
LOG=Y
Review URL: https://codereview.chromium.org/
1033973002
Cr-Commit-Position: refs/heads/master@{#27458}
machenbach [Wed, 25 Mar 2015 18:31:36 +0000 (11:31 -0700)]
Revert of add access checks to receivers on function callbacks (patchset #5 id:80001 of https://codereview.chromium.org/
1036743004/)
Reason for revert:
This seems to lead to lots of timeouts of layout tests, e.g.:
http://build.chromium.org/p/client.v8/builders/V8-Blink%20Linux%2064/builds/2807
Original issue's description:
> add access checks to receivers on function callbacks
>
> R=verwaest@chromium.org
> BUG=468451
> LOG=N
>
> Committed: https://crrev.com/
255528710b0a128eef7b66827d9ac43e44650ff4
> Cr-Commit-Position: refs/heads/master@{#27452}
TBR=verwaest@chromium.org,dcarney@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=468451
Review URL: https://codereview.chromium.org/
1023783009
Cr-Commit-Position: refs/heads/master@{#27457}
jacob.bramley [Wed, 25 Mar 2015 18:22:11 +0000 (11:22 -0700)]
ARM64: Remove some unused variables.
This fixes warnings on some compilers.
BUG=
Review URL: https://codereview.chromium.org/
1038623002
Cr-Commit-Position: refs/heads/master@{#27456}
titzer [Wed, 25 Mar 2015 18:05:57 +0000 (11:05 -0700)]
Disable some flags on threading tests that will break with --turbo-osr.
R=vogelheim@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1023753008
Cr-Commit-Position: refs/heads/master@{#27455}
titzer [Wed, 25 Mar 2015 17:46:03 +0000 (10:46 -0700)]
[turbofan] Fix loading of JSFunction from activation in case of adapter frame.
R=mstarzinger@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1026023004
Cr-Commit-Position: refs/heads/master@{#27454}
michael_dawson [Wed, 25 Mar 2015 17:26:31 +0000 (10:26 -0700)]
PPC: Switch full-codegen from StackHandlers to handler table.
Port
38a719f965d0a83ddac04392d5b9c5abe214281c
Original commit message:
This switches full-codegen to no longer push and pop StackHandler
markers onto the operand stack, but relies on a range-based handler
table instead. We only use StackHandlers in JSEntryStubs to mark the
transition from C to JS code.
Note that this makes deoptimization and OSR from within any try-block
work out of the box, makes the non-exception paths faster and should
overall be neutral on the memory footprint (pros).
On the other hand it makes the exception paths slower and actually
throwing and exception more expensive (cons).
TEST=cctest/test-run-jsexceptions/DeoptTry
R=yangguo@chromium.org, R=mbrandy@us.ibm.com
BUG=
Review URL: https://codereview.chromium.org/
1035533004
Cr-Commit-Position: refs/heads/master@{#27453}
dcarney [Wed, 25 Mar 2015 16:16:47 +0000 (09:16 -0700)]
add access checks to receivers on function callbacks
R=verwaest@chromium.org
BUG=468451
LOG=N
Review URL: https://codereview.chromium.org/
1036743004
Cr-Commit-Position: refs/heads/master@{#27452}
ulan [Wed, 25 Mar 2015 15:59:28 +0000 (08:59 -0700)]
Reland "Allow compaction when incremental marking is on."
BUG=chromium:450824
LOG=NO
Review URL: https://codereview.chromium.org/
1038663002
Cr-Commit-Position: refs/heads/master@{#27451}
machenbach [Wed, 25 Mar 2015 15:55:51 +0000 (08:55 -0700)]
Mark test as flaky.
BUG=v8:3838
LOG=n
TBR=ulan@chromium.org
Review URL: https://codereview.chromium.org/
1012993007
Cr-Commit-Position: refs/heads/master@{#27450}
yurys [Wed, 25 Mar 2015 15:32:04 +0000 (08:32 -0700)]
Remove v8::Isolate::ClearInterrupt
The method was deprecated a while ago: https://crrev.com/
87e4bba31eabfd3b12e42b5886dc9da08d2daf13
LOG=Y
BUG=YES
API=Remove v8::Isolate::ClearInterrupt
Review URL: https://codereview.chromium.org/
1032623007
Cr-Commit-Position: refs/heads/master@{#27449}
yangguo [Wed, 25 Mar 2015 15:19:05 +0000 (08:19 -0700)]
Revert of Debugger: deduplicate shared function info when setting script break points. (patchset #4 id:60001 of https://codereview.chromium.org/
998253005/)
Reason for revert:
Code caching failures.
Original issue's description:
> Debugger: deduplicate shared function info when setting script break points.
>
> Also fix Debug.showBreakPoints for multiple break points at the same location.
>
> BUG=v8:3960
> LOG=N
>
> Committed: https://crrev.com/
73b17a71a22564c0b66d9aa7c00948c748f5b290
> Cr-Commit-Position: refs/heads/master@{#27444}
TBR=mstarzinger@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3960
Review URL: https://codereview.chromium.org/
999273003
Cr-Commit-Position: refs/heads/master@{#27448}
mstarzinger [Wed, 25 Mar 2015 15:02:31 +0000 (08:02 -0700)]
[turbofan] Support initial step-in through debugger statement.
This adapts the debugger so that the first break event starting the
stepping process can come from optimized code. TurboFan supports a
debugger statement and hence can be the top-most frame whenever the
Debug::HandleDebugBreak handler is triggered.
R=yangguo@chromium.org
TEST=mjsunit/debug,cctest/test-debug
Review URL: https://codereview.chromium.org/
1038613002
Cr-Commit-Position: refs/heads/master@{#27447}
michael_dawson [Wed, 25 Mar 2015 14:59:13 +0000 (07:59 -0700)]
PPC: Ensure predictable code size at map_check in LCodeGen::DoInstanceOfKnownGlobal.
R=mbrandy@us.ibm.com, svenpanne@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1035723003
Cr-Commit-Position: refs/heads/master@{#27446}
machenbach [Wed, 25 Mar 2015 14:54:47 +0000 (07:54 -0700)]
Fix line breaks in md documentation.
NOTRY=true
Review URL: https://codereview.chromium.org/
1030813003
Cr-Commit-Position: refs/heads/master@{#27445}
yangguo [Wed, 25 Mar 2015 14:53:32 +0000 (07:53 -0700)]
Debugger: deduplicate shared function info when setting script break points.
Also fix Debug.showBreakPoints for multiple break points at the same location.
BUG=v8:3960
LOG=N
Review URL: https://codereview.chromium.org/
998253005
Cr-Commit-Position: refs/heads/master@{#27444}
balazs.kilvady [Wed, 25 Mar 2015 14:41:23 +0000 (07:41 -0700)]
MIPS: Switch full-codegen from StackHandlers to handler table.
Port
38a719f965d0a83ddac04392d5b9c5abe214281c
Original commit message:
This switches full-codegen to no longer push and pop StackHandler
markers onto the operand stack, but relies on a range-based handler
table instead. We only use StackHandlers in JSEntryStubs to mark the
transition from C to JS code.
Note that this makes deoptimization and OSR from within any try-block
work out of the box, makes the non-exception paths faster and should
overall be neutral on the memory footprint (pros).
On the other hand it makes the exception paths slower and actually
throwing and exception more expensive (cons).
TEST=cctest/test-run-jsexceptions/DeoptTry
BUG=
Review URL: https://codereview.chromium.org/
1037743002
Cr-Commit-Position: refs/heads/master@{#27443}
alexandre.rames [Wed, 25 Mar 2015 14:22:27 +0000 (07:22 -0700)]
Fix the V8_GNUC_PREREQ macro.
BUG=
Review URL: https://codereview.chromium.org/
1003383004
Cr-Commit-Position: refs/heads/master@{#27442}
dusan.milosavljevic [Wed, 25 Mar 2015 14:21:20 +0000 (07:21 -0700)]
Make ParameterTraits specializations for 32-bit integers valid for all arches.
TEST=
BUG=
Review URL: https://codereview.chromium.org/
1031113002
Cr-Commit-Position: refs/heads/master@{#27441}
mstarzinger [Wed, 25 Mar 2015 13:13:51 +0000 (06:13 -0700)]
Switch full-codegen from StackHandlers to handler table.
This switches full-codegen to no longer push and pop StackHandler
markers onto the operand stack, but relies on a range-based handler
table instead. We only use StackHandlers in JSEntryStubs to mark the
transition from C to JS code.
Note that this makes deoptimization and OSR from within any try-block
work out of the box, makes the non-exception paths faster and should
overall be neutral on the memory footprint (pros).
On the other hand it makes the exception paths slower and actually
throwing and exception more expensive (cons).
R=yangguo@chromium.org
TEST=cctest/test-run-jsexceptions/DeoptTry
Review URL: https://codereview.chromium.org/
1010883002
Cr-Commit-Position: refs/heads/master@{#27440}
verwaest [Wed, 25 Mar 2015 13:05:06 +0000 (06:05 -0700)]
Restore PushStackTraceAndDie for the case where we lookup starting with null
BUG=chromium:434952
LOG=n
Review URL: https://codereview.chromium.org/
1035613003
Cr-Commit-Position: refs/heads/master@{#27439}
dslomov [Wed, 25 Mar 2015 12:51:59 +0000 (05:51 -0700)]
Test for access checks on super assignments.
R=verwaest@chromium.org
BUG=chromium:470113
LOG=N
Review URL: https://codereview.chromium.org/
1034523002
Cr-Commit-Position: refs/heads/master@{#27438}
mstarzinger [Wed, 25 Mar 2015 12:43:38 +0000 (05:43 -0700)]
[turbofan] Remove obsolete JSDebugger operator.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/
1029583009
Cr-Commit-Position: refs/heads/master@{#27437}
dcarney [Wed, 25 Mar 2015 12:34:01 +0000 (05:34 -0700)]
fix nonmasking interceptor ic with interceptor on receiver
TBR=verwaest@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1036843002
Cr-Commit-Position: refs/heads/master@{#27436}
mvstanton [Wed, 25 Mar 2015 11:15:14 +0000 (04:15 -0700)]
VectorICs: Address test-heap TODOS
Tests for non-clearing of weak cells in LoadICs weren't running when
vector ICs are enabled.
R=ulan@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1032843002
Cr-Commit-Position: refs/heads/master@{#27435}
fedor [Wed, 25 Mar 2015 10:09:58 +0000 (03:09 -0700)]
postmortem: fixup after 33994b4
This commit has changed the enum names:
33994b4a22834efb26620ffa3053a5d15d48a6bd
`FIELD` is now called `DATA`.
BUG=
R=danno
Review URL: https://codereview.chromium.org/
1033733003
Cr-Commit-Position: refs/heads/master@{#27434}
ulan [Wed, 25 Mar 2015 08:52:51 +0000 (01:52 -0700)]
Reland "Filter invalid slots out from the SlotsBuffer after marking."
> There are two reasons that could cause invalid slots appearance in SlotsBuffer:
> 1) If GC trims "tail" of an array for which it has already recorded a slots and then migrate another object to the "tail".
> 2) Tagged slot could become a double slot after migrating of an object to another map with "shifted" fields (for example as a result of generalizing immutable data property to a data field).
> This CL also adds useful machinery that helps triggering incremental write barriers.
> BUG=chromium:454297
> LOG=Y
NOTRY=true
Review URL: https://codereview.chromium.org/
1032833002
Cr-Commit-Position: refs/heads/master@{#27433}
yangguo [Wed, 25 Mar 2015 07:40:05 +0000 (00:40 -0700)]
Revert of [turbofan] Enable --turbo-osr. (patchset #1 id:1 of https://codereview.chromium.org/
1035643002/)
Reason for revert:
Crash in pdfjs benchmark.
Original issue's description:
> [turbofan] Enable --turbo-osr.
>
> R=yangguo@chromium.org
> BUG=
>
> Committed: https://crrev.com/
50305aac39f90b6455305313db56ff3365ec96f5
> Cr-Commit-Position: refs/heads/master@{#27431}
TBR=titzer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/
1005163003
Cr-Commit-Position: refs/heads/master@{#27432}
Ben L. Titzer [Wed, 25 Mar 2015 07:29:09 +0000 (08:29 +0100)]
[turbofan] Enable --turbo-osr.
R=yangguo@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1035643002
Cr-Commit-Position: refs/heads/master@{#27431}
michael_dawson [Wed, 25 Mar 2015 06:42:17 +0000 (23:42 -0700)]
PPC: VectorICs: keyed element loads were kicking out non-smi keys unnecessarily
Port
6689cc27ebe60685c025de9ae1f09919093f8213
Original commit message:
Handlers should be in charge of this work. The change uncovered a bug in
vector-ics related to keyed loads into strings. It's important for
StringCharCodeAtGenerator, a helper used in full code and in
LoadIndexedStringStub (a handler) to protect the vector and slot registers
when it makes a runtime call to convert a HeapNumber to a Smi.
It's still possible for the handler to MISS after this call, perhaps due
to out of bounds access. In that case, the vector and slot registers need
to be delivered safely to the MISS handler.
R=mbrandy@us.ibm.com, svenpanne@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1029413002
Cr-Commit-Position: refs/heads/master@{#27430}
chunyang.dai [Wed, 25 Mar 2015 06:41:10 +0000 (23:41 -0700)]
X87: [turbofan] Turn Math.clz32 into an inlinable builtin.
port
3aa206b86560da94f895625186295bf07a0301d8 (r27329)
original commit message:
BUG=
Review URL: https://codereview.chromium.org/
1022523005
Cr-Commit-Position: refs/heads/master@{#27429}
michael_dawson [Wed, 25 Mar 2015 06:40:02 +0000 (23:40 -0700)]
PPC: Fix 'PPC: Serializer: serialize internal references via object visitor.'
Port
56d2ee0310972119ec47810ee03a4f7077f7117e
Original commit message:
R=mbrandy@us.ibm.com
BUG=
Review URL: https://codereview.chromium.org/
1036453002
Cr-Commit-Position: refs/heads/master@{#27428}
machenbach [Tue, 24 Mar 2015 22:02:28 +0000 (15:02 -0700)]
Revert of Track how many pages trigger fallback strategies in GC (patchset #2 id:20001 of https://codereview.chromium.org/
1029323003/)
Reason for revert:
This seems to cause lots of crashes in layout tests debug:
../../third_party/WebKit/Source/bindings/core/v8/V8PerIsolateData.cpp(67) : void blink::useCounterCallback(v8::Isolate *, v8::Isolate::UseCounte
http://build.chromium.org/p/client.v8/builders/V8-Blink%20Linux%2064%20%28dbg%29/builds/2332
Original issue's description:
> Track how many pages trigger fallback strategies in GC
>
> R=hpayer@chromium.org
> BUG=
>
> Committed: https://crrev.com/
bb880058f6499510cff12d98dc7d524d35d769cb
> Cr-Commit-Position: refs/heads/master@{#27421}
TBR=hpayer@chromium.org,erikcorry@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/
1000523003
Cr-Commit-Position: refs/heads/master@{#27427}
machenbach [Tue, 24 Mar 2015 22:01:20 +0000 (15:01 -0700)]
Revert of Filter invalid slots out from the SlotsBuffer after marking. (patchset #6 id:220001 of https://codereview.chromium.org/
1010363005/)
Reason for revert:
Need to revert in order to revert https://codereview.chromium.org/
1029323003/
Original issue's description:
> Filter invalid slots out from the SlotsBuffer after marking.
>
> There are two reasons that could cause invalid slots appearance in SlotsBuffer:
> 1) If GC trims "tail" of an array for which it has already recorded a slots and then migrate another object to the "tail".
> 2) Tagged slot could become a double slot after migrating of an object to another map with "shifted" fields (for example as a result of generalizing immutable data property to a data field).
>
> This CL also adds useful machinery that helps triggering incremental write barriers.
>
> BUG=chromium:454297
> LOG=Y
>
> Committed: https://crrev.com/
5c47c1c0d3e4a488f190c16a64ee02f5a14e6561
> Cr-Commit-Position: refs/heads/master@{#27423}
TBR=hpayer@chromium.org,erik.corry@gmail.com,ishell@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:454297
Review URL: https://codereview.chromium.org/
1033453005
Cr-Commit-Position: refs/heads/master@{#27426}
titzer [Tue, 24 Mar 2015 19:02:48 +0000 (12:02 -0700)]
Set test expectations prior to enabling --turbo-osr.
R=mstarzinger@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1018513003
Cr-Commit-Position: refs/heads/master@{#27425}
dslomov [Tue, 24 Mar 2015 17:16:45 +0000 (10:16 -0700)]
Do not assign positions to parser-generated desugarings.
The root cause for the bug is that the positions assigned to desugared
code was inconsistent with the source ranges of block scopes.
Since the fact that the position is assigned causes the debugger to
break at the parser-generated statement, the fix is to remove positions
from those nodes that we do not want to break on.
The CL also teaches Hydrogen to tolerate these cases.
R=adamk@chromium.org,rossberg@chromium.org
BUG=chromium:468661
LOG=Y
Review URL: https://codereview.chromium.org/
1032653002
Cr-Commit-Position: refs/heads/master@{#27424}
ishell [Tue, 24 Mar 2015 17:07:31 +0000 (10:07 -0700)]
Filter invalid slots out from the SlotsBuffer after marking.
There are two reasons that could cause invalid slots appearance in SlotsBuffer:
1) If GC trims "tail" of an array for which it has already recorded a slots and then migrate another object to the "tail".
2) Tagged slot could become a double slot after migrating of an object to another map with "shifted" fields (for example as a result of generalizing immutable data property to a data field).
This CL also adds useful machinery that helps triggering incremental write barriers.
BUG=chromium:454297
LOG=Y
Review URL: https://codereview.chromium.org/
1010363005
Cr-Commit-Position: refs/heads/master@{#27423}
marja [Tue, 24 Mar 2015 16:46:53 +0000 (09:46 -0700)]
[strong] Check strong mode free variables against the global object.
Gather references to unbound variables where the reference (VariableProxy) is
inside strong mode. Check them against the global object when a script is bound
to a context (during compilation).
This CL only checks unbound variables which are not inside lazy functions - TBD
how do we solve that; alternatives: add developer mode which disables laziness /
do the check whenever lazy functions are really compiled.
BUG=v8:3956
LOG=N
Review URL: https://codereview.chromium.org/
1005063002
Cr-Commit-Position: refs/heads/master@{#27422}
erikcorry [Tue, 24 Mar 2015 16:17:42 +0000 (09:17 -0700)]
Track how many pages trigger fallback strategies in GC
R=hpayer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1029323003
Cr-Commit-Position: refs/heads/master@{#27421}
dcarney [Tue, 24 Mar 2015 16:09:59 +0000 (09:09 -0700)]
fix attribute lookup for all can read indexed interceptors
R=verwaest@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1034513002
Cr-Commit-Position: refs/heads/master@{#27420}
aandrey [Tue, 24 Mar 2015 16:02:03 +0000 (09:02 -0700)]
Make debugger step into bound callbacks passed to Array.forEach.
BUG=chromium:450004
R=yangguo@chromium.org, kozyatinskiy@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/
1030673002
Cr-Commit-Position: refs/heads/master@{#27419}
titzer [Tue, 24 Mar 2015 15:38:20 +0000 (08:38 -0700)]
[turbofan] Macro-ify the tracing code in RegisterAllocator.
R=mstarzinger@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1014093008
Cr-Commit-Position: refs/heads/master@{#27418}
mvstanton [Tue, 24 Mar 2015 15:37:14 +0000 (08:37 -0700)]
Prevent leaks of cross context maps in the Oracle.
Some code in type-info.cc could allow a cross context map to be visible to
crankshaft. Tighten up this code to be certain that only a JSFunction, an
AllocationSite or a Symbol can be returned.
R=verwaest@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1026343004
Cr-Commit-Position: refs/heads/master@{#27417}
Michael Achenbach [Tue, 24 Mar 2015 15:33:56 +0000 (16:33 +0100)]
Move entire CQ config to the V8 repository
R=machenbach@chromium.org
BUG=408675
LOG=n
NOTRY=true
Review URL: https://codereview.chromium.org/
1025553007
Cr-Commit-Position: refs/heads/master@{#27416}
svenpanne [Tue, 24 Mar 2015 15:20:46 +0000 (08:20 -0700)]
Added %_HeapObjectGetMap and %_MapGetInstanceType intrinsics.
These are needed (among other things) for a TurboFan-generated
StringAddStub. Furthermore, they can be used to nuke the overly
complex %_IsInstanceType intrisic, it's completely expressible in
JavaScript now, but that will be done in a separate CL.
Alpha-sorted things a bit on the way to ease navigation.
Review URL: https://codereview.chromium.org/
1010973010
Cr-Commit-Position: refs/heads/master@{#27415}
erikcorry [Tue, 24 Mar 2015 15:02:21 +0000 (08:02 -0700)]
Fix OOM bug 3976.
Also introduce --trace-fragmentation-verbose, and fix --always-compact.
R=ulan@chromium.org
BUG=v8:3976
LOG=y
Review URL: https://codereview.chromium.org/
1024823002
Cr-Commit-Position: refs/heads/master@{#27414}
titzer [Tue, 24 Mar 2015 15:01:13 +0000 (08:01 -0700)]
[turbofan] Address minor TODOs in simplified lowering.
R=jarin@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1029843002
Cr-Commit-Position: refs/heads/master@{#27413}
ulan [Tue, 24 Mar 2015 14:35:55 +0000 (07:35 -0700)]
Reload length of retained_maps array after GC.
This fixes flaky GC stress failure:
> Fatal error in ../src/heap/mark-compact.cc, line 2127
> Check failed: retained_maps->Get(i)->IsWeakCell().
BUG=
TEST=test-heap/RegressArrayListGC
Review URL: https://codereview.chromium.org/
1026113004
Cr-Commit-Position: refs/heads/master@{#27412}
mstarzinger [Tue, 24 Mar 2015 14:17:05 +0000 (07:17 -0700)]
Remove CompilationInfoWithZone from public API.
This removes the CompilationInfoWithZone class from the header file
because it is more than a pure convenience class and shouldn't be used
outside of the compiler at all.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/
1000353004
Cr-Commit-Position: refs/heads/master@{#27411}
titzer [Tue, 24 Mar 2015 14:09:33 +0000 (07:09 -0700)]
[turbofan] Address minor TODOs in instruction selector.
R=dcarney@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1029383002
Cr-Commit-Position: refs/heads/master@{#27410}
titzer [Tue, 24 Mar 2015 14:05:21 +0000 (07:05 -0700)]
[turbofan] Remove Instruction::IsControl() and Instruction::MarkAsControl()
R=dcarney@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1031803004
Cr-Commit-Position: refs/heads/master@{#27409}
dcarney [Tue, 24 Mar 2015 13:36:44 +0000 (06:36 -0700)]
run phantom handle callbacks first
BUG=
Review URL: https://codereview.chromium.org/
1034473002
Cr-Commit-Position: refs/heads/master@{#27408}
dcarney [Tue, 24 Mar 2015 13:22:08 +0000 (06:22 -0700)]
fix disposal of phantom handles in GlobalValueMap
additionally, add a drive by fix to WeakCallbackInfo
R=jochen@chromium.org, erikcorry@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1026283004
Cr-Commit-Position: refs/heads/master@{#27407}
jarin [Tue, 24 Mar 2015 13:20:10 +0000 (06:20 -0700)]
Test for wrong arguments object materialization.
The test demonstrates a bad interaction between arguments object
materialization, escape analysis and exception handling.
We can return a wrong arguments object if we materialize arguments
object (using f.arguments) and then throw around f's frame so that f
does not clean up the materialized frame information (see the
MaterializedObjectStore in deoptimizer.h/.cc). If we enter another
function that has the same frame pointer and request an arguments object
of (or lazily deoptimize) that function, we can get the materialized
object of the original function.
We should clean up the materialized object store when we unwind the
stack.
BUG=v8:3985
LOG=n
Review URL: https://codereview.chromium.org/
1032623003
Cr-Commit-Position: refs/heads/master@{#27406}
titzer [Tue, 24 Mar 2015 13:17:24 +0000 (06:17 -0700)]
[turbofan] Add RegisterAllocator::NewLiveRange() utility method.
R=dcarney@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1036433002
Cr-Commit-Position: refs/heads/master@{#27405}
aperez [Tue, 24 Mar 2015 13:08:26 +0000 (06:08 -0700)]
Cleanups needed for this-scoping in arrow functions
Remove Variable::IsValidReference(), and the Variable::is_valid_ref_
member: This was "false" only for "this", and for internal variables.
For the first, VariableProxy::is_this() can be used for the check
instead; and for internal variables, it is guaranteed they they will
not be written to (because the V8 code does not do it, and they are
not accessible from JavaScript).
The "bool is_this" parameter of VariableProxy() constructor is
changed to use Variable::Kind. This will allow to later on adding
a parameter to create unresolved variables of any kind, which in
turn will be used to make references to "this" initially unresolved,
and use the existing variable resolution mechanics for "this".
BUG=v8:2700
LOG=N
Review URL: https://codereview.chromium.org/
1024703004
Cr-Commit-Position: refs/heads/master@{#27404}
loislo [Tue, 24 Mar 2015 12:46:13 +0000 (05:46 -0700)]
CpuProfiler: push the collected information about deopts to cpu profiler
it is the last patch of https://codereview.chromium.org/
1012633002
All that we need here is to push the collected info to the profiler
and convert it into actionable information about deopt.
On the Next: get the info accessible by embedder.
BUG=chromium:452067
LOG=n
TEST=DeoptAtFirstLevelInlinedSource, DeoptAtSecondLevelInlinedSource, DeoptUntrackedFunction
Review URL: https://codereview.chromium.org/
1013143003
Cr-Commit-Position: refs/heads/master@{#27403}
caitpotter88 [Tue, 24 Mar 2015 12:43:50 +0000 (05:43 -0700)]
[es6] call ToString() on template substitutions
BUG=v8:3980
R=arv@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/
1027183002
Cr-Commit-Position: refs/heads/master@{#27402}
titzer [Tue, 24 Mar 2015 12:40:01 +0000 (05:40 -0700)]
[turbofan] Rename Node::RemoveAllInputs() to Node::NullAllInputs().
R=mstarzinger@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1032553006
Cr-Commit-Position: refs/heads/master@{#27401}
erikcorry [Tue, 24 Mar 2015 12:16:11 +0000 (05:16 -0700)]
Fix out of date assert after PropertyCell enterbung
R=verwaest@chromium.org
BUG=
Review URL: https://codereview.chromium.org/
1028393002
Cr-Commit-Position: refs/heads/master@{#27400}
verwaest [Tue, 24 Mar 2015 12:05:45 +0000 (05:05 -0700)]
If CallNew targets a constant global, set its state to monomorphic
BUG=
Review URL: https://codereview.chromium.org/
1023103003
Cr-Commit-Position: refs/heads/master@{#27399}
machenbach [Tue, 24 Mar 2015 12:04:39 +0000 (05:04 -0700)]
Revert of [V8] Removed SourceLocationRestrict (patchset #3 id:40001 of https://codereview.chromium.org/
1022333004/)
Reason for revert:
[Sheriff] This seems to change layout test expectations of some tests, e.g.:
http://build.chromium.org/p/client.v8/builders/V8-Blink%20Linux%2064%20%28dbg%29/builds/2317
Expectation example:
https://storage.googleapis.com/chromium-layout-test-archives/V8-Blink_Linux_64__dbg_/2317/layout-test-results/fast/events/window-onerror-11-pretty-diff.html
Please add a needsmanualrebaseline expectation to the tests affected by this change on the blink side first before relanding.
Original issue's description:
> [V8] Removed SourceLocationRestrict
>
> This method uses in messages.js in GetSourceLine and GetPositionInLine. This methods uses in v8::Message API methods and there is no documentation about it.
> Method looks obsolete.
> One of the strange side effect is shown by attached issue.
>
> BUG=chromium:468781
> R=yangguo@chromium.org
> LOG=Y
>
> Committed: https://crrev.com/
b563ceac0f95551a128a1403cdbacc7aefcdabaf
> Cr-Commit-Position: refs/heads/master@{#27374}
TBR=yangguo@chromium.org,kozyatinskiy@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:468781
Review URL: https://codereview.chromium.org/
1028413002
Cr-Commit-Position: refs/heads/master@{#27398}
chunyang.dai [Tue, 24 Mar 2015 10:23:41 +0000 (03:23 -0700)]
X87: [stubs] Add missing interface descriptor for the CompareIC.
port
e18e3cd4d88f35f3690d2993ac1702b65edde54f (r27305)
original commit message:
[stubs] Add missing interface descriptor for the CompareIC.
BUG=
Review URL: https://codereview.chromium.org/
1024553007
Cr-Commit-Position: refs/heads/master@{#27397}
chunyang.dai [Tue, 24 Mar 2015 10:17:20 +0000 (03:17 -0700)]
X87: Serializer: serialize internal references via object visitor.
port
7c149afb6c875b1c53723384459dc14a0e961927 (r27275).
original commit message:
Serializer: serialize internal references via object visitor.
BUG=
Review URL: https://codereview.chromium.org/
1029793002
Cr-Commit-Position: refs/heads/master@{#27396}
chunyang.dai [Tue, 24 Mar 2015 10:10:49 +0000 (03:10 -0700)]
X87: Remove PropertyCell space
port
16c8485a35efc36cf6ccd15185282d65412e1502 (r27269).
original commit message:
Replaces StoreGlobalCell / LoadGlobalCell with NamedField variants that use write barriers.
BUG=
Review URL: https://codereview.chromium.org/
1013543004
Cr-Commit-Position: refs/heads/master@{#27395}
chunyang.dai [Tue, 24 Mar 2015 10:06:07 +0000 (03:06 -0700)]
X87: Use platform specific stubs for vector-based Load/KeyedLoad.
port
34a1a76ddf30109f7b6cb60aa2651493ab38660a (r27235)
original commit message:
A hydrogen code stub is not the best approach because it builds a frame
and doesn't have the technology to discard roots at tail call exits.
Platform-specific stubs provide much better performance at this point.
BUG=
Review URL: https://codereview.chromium.org/
1025073005
Cr-Commit-Position: refs/heads/master@{#27394}
jacob.bramley [Tue, 24 Mar 2015 09:51:30 +0000 (02:51 -0700)]
Revert "ARM64: use jssp for stack slots"
This reverts r21101. r21101 appears to be at fault for the ARM64
failures here: https://codereview.chromium.org/
1023103003
BUG=
Review URL: https://codereview.chromium.org/
1019393003
Cr-Commit-Position: refs/heads/master@{#27393}
michael_dawson [Tue, 24 Mar 2015 09:37:43 +0000 (02:37 -0700)]
PPC: [es6] implement Reflect.apply() & Reflect.construct()
Port
d21fd15467e16f185e511dbfbaeef7caddfe804a
Original commit message:
BUG=v8:3900
LOG=N
R=mbrandy@us.ibm.com, svenpanne@chromium.org, danno@chromium.org, jkummerow@chromium.org, dslomov@chromium.org
Review URL: https://codereview.chromium.org/
999613004
Cr-Commit-Position: refs/heads/master@{#27392}
michael_dawson [Tue, 24 Mar 2015 09:31:32 +0000 (02:31 -0700)]
PPC: [turbofan] Turn Math.clz32 into an inlinable builtin.
Port
3aa206b86560da94f895625186295bf07a0301d8
Original commit message:
R=dcarney@chromium.org, yangguo@chromium.org
BUG=v8:3952
LOG=n
R=mbrandy@us.ibm.com, svenpanne@chromium.org, danno@chromium.org, jkummerow@chromium.org
Review URL: https://codereview.chromium.org/
1028313003
Cr-Commit-Position: refs/heads/master@{#27391}
projects / platform / upstream / v8.git / log