platform/upstream/v8.git
9 years ago[crankshaft] Re-add fast-case for string add left/right.
bmeurer [Tue, 15 Sep 2015 06:00:33 +0000 (23:00 -0700)]
[crankshaft] Re-add fast-case for string add left/right.

Now the StringAddStub can optionally convert it's parameters to strings
(following the rules for the addition operator). This could be further
optimized once we have a ToPrimitiveStub, but it should be sufficient
for the moment.

Also removed the unused Strength parameter to the HStringAdd operator,
because string addition does not depend on language mode.

CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_win_nosnap_shared_rel,v8_linux_nosnap_dbg
R=mstarzinger@chromium.org
BUG=v8:4307
LOG=n

Review URL: https://codereview.chromium.org/1339053002

Cr-Commit-Position: refs/heads/master@{#30726}

9 years ago[turbofan] Limit the load/store machine types to the ones we actually use.
jarin [Tue, 15 Sep 2015 05:45:20 +0000 (22:45 -0700)]
[turbofan] Limit the load/store machine types to the ones we actually use.

Review URL: https://codereview.chromium.org/1333353005

Cr-Commit-Position: refs/heads/master@{#30725}

9 years agoUpdate V8 DEPS.
v8-autoroll [Tue, 15 Sep 2015 03:25:54 +0000 (20:25 -0700)]
Update V8 DEPS.

Rolling v8/buildtools to f7310ee61725e68b1c8921e381830362cf4f0999

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review URL: https://codereview.chromium.org/1342063002

Cr-Commit-Position: refs/heads/master@{#30724}

9 years agoRemoving function filtering from the v8 sampling
alph [Tue, 15 Sep 2015 01:21:42 +0000 (18:21 -0700)]
Removing function filtering from the v8 sampling

Filtering out functions does not allow sample processor
to figure out if a sample hit a non-frame region of a function.

The filtering should be done in the frontend.

BUG=chromium:529931
LOG=N

Review URL: https://codereview.chromium.org/1337743002

Cr-Commit-Position: refs/heads/master@{#30723}

9 years agoPPC: [builtins] Simplify String constructor code.
mbrandy [Mon, 14 Sep 2015 23:16:35 +0000 (16:16 -0700)]
PPC: [builtins] Simplify String constructor code.

Port eadfd666318c1dd959d7fac7c27538ef478a8b72

Original commit message:
    The String constructor was somewhat complex with a lot of micro
    optimizations that are not relevant or even misguided. It would be
    really hard to port that code to ES6, which requires String to be
    subclassable. So as a first step we reduced the necessary complexity
    to the bare minimum (also removing the last user of the fairly complex
    MacroAssembler::LookupNumberStringCache method).

    This also removes the counters for the String constructor, which
    were not properly exposed anymore (and not kept in sync with inlined
    versions of the String constructor anyway).

R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1339143002

Cr-Commit-Position: refs/heads/master@{#30722}

9 years agoPPC: [Interpreter] Add support for JS calls.
mbrandy [Mon, 14 Sep 2015 23:15:28 +0000 (16:15 -0700)]
PPC: [Interpreter] Add support for JS calls.

Port e7fb233946b990ecbbbd76cc6529f62bd5da64e3

Original commit message:
    Adds support for JS calls to the interpreter. In order to support
    calls from the interpreter, the PushArgsAndCall builtin is added
    which pushes a sequence of arguments onto the stack and calls
    builtin::Call.

    Adds the Call bytecode.

R=rmcilroy@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1345543002

Cr-Commit-Position: refs/heads/master@{#30721}

9 years ago[test] Add an option to the perf runner to support running with the internal profiler.
gdeepti [Mon, 14 Sep 2015 23:14:20 +0000 (16:14 -0700)]
[test] Add an option to the perf runner to support running with the internal profiler.

Enhance the perf runner to run with the profiler and print the summary for each d8 run. This automates running the profiler with multiple benchmarks.

BUG=None
LOG=N
TBR=machenbach@chromium.org

Review URL: https://codereview.chromium.org/1327033003

Cr-Commit-Position: refs/heads/master@{#30720}

9 years agoRevert of VectorICs: ia32 store ics need a virtual register. (patchset #3 id:40001...
machenbach [Mon, 14 Sep 2015 18:58:49 +0000 (11:58 -0700)]
Revert of VectorICs: ia32 store ics need a virtual register. (patchset #3 id:40001 of https://codereview.chromium.org/1336313002/ )

Reason for revert:
[Sheriff] Breaks GC stress on mac:
http://build.chromium.org/p/client.v8/builders/V8%20Mac%20GC%20Stress/builds/2536

Original issue's description:
> VectorICs: ia32 store ics need a virtual register.
>
> Some pretty hacky code was used to carry out the tail-call
> handler dispatch on ia32 vector stores due to a lack
> of free registers. It really tanks performance. A better
> approach is to use a virtual register on the isolate.
>
> BUG=
>
> Committed: https://crrev.com/b26e98f19b5e77df50cb4a259f099ee6afa335e3
> Cr-Commit-Position: refs/heads/master@{#30718}

TBR=jkummerow@chromium.org,vogelheim@chromium.org,mvstanton@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1340123002

Cr-Commit-Position: refs/heads/master@{#30719}

9 years agoVectorICs: ia32 store ics need a virtual register.
mvstanton [Mon, 14 Sep 2015 14:49:22 +0000 (07:49 -0700)]
VectorICs: ia32 store ics need a virtual register.

Some pretty hacky code was used to carry out the tail-call
handler dispatch on ia32 vector stores due to a lack
of free registers. It really tanks performance. A better
approach is to use a virtual register on the isolate.

BUG=

Review URL: https://codereview.chromium.org/1336313002

Cr-Commit-Position: refs/heads/master@{#30718}

9 years agoelements.cc CopyDoubleToObjectElements: avoid excessive HandleScopes
cbruni [Mon, 14 Sep 2015 14:29:46 +0000 (07:29 -0700)]
elements.cc CopyDoubleToObjectElements: avoid excessive HandleScopes

BUG=

Review URL: https://codereview.chromium.org/1341763002

Cr-Commit-Position: refs/heads/master@{#30717}

9 years ago[heap] No leakage of objects-visiting.h outside of heap.
mstarzinger [Mon, 14 Sep 2015 12:28:34 +0000 (05:28 -0700)]
[heap] No leakage of objects-visiting.h outside of heap.

This prevents the internal objects-visiting.h to be usable outisde of
the "heap" directory. The static object visitation is only usefull
within the GC and is now properly encapsulated.

R=hpayer@chromium.org,mlippautz@chromium.org

Review URL: https://codereview.chromium.org/1328003002

Cr-Commit-Position: refs/heads/master@{#30716}

9 years agoUsing GetMoreGeneralElementsKind in more places
cbruni [Mon, 14 Sep 2015 12:16:54 +0000 (05:16 -0700)]
Using GetMoreGeneralElementsKind in more places

BUG=

Review URL: https://codereview.chromium.org/1338983003

Cr-Commit-Position: refs/heads/master@{#30715}

9 years ago[loggers] Guard object/code move events using mutexes.
mlippautz [Mon, 14 Sep 2015 12:06:43 +0000 (05:06 -0700)]
[loggers] Guard object/code move events using mutexes.

Parallel compaction, i.e., concurrently moving of objects (and code) requires
proper synchronization in the logger.

R=hpayer@chromium.org
BUG=chromium:524425
LOG=N

Review URL: https://codereview.chromium.org/1338253002

Cr-Commit-Position: refs/heads/master@{#30714}

9 years agoFix initialization order (setup) for JSArrayBuffer objects.
mlippautz [Mon, 14 Sep 2015 11:59:14 +0000 (04:59 -0700)]
Fix initialization order (setup) for JSArrayBuffer objects.

BUG=chromium:531322
LOG=N
R=jochen@chromium.org

Review URL: https://codereview.chromium.org/1337943005

Cr-Commit-Position: refs/heads/master@{#30713}

9 years ago[heap] Separate scavenger functionality into own file.
mstarzinger [Mon, 14 Sep 2015 11:44:20 +0000 (04:44 -0700)]
[heap] Separate scavenger functionality into own file.

This moves scavenging functionality into a separate component so that
neither the scavenger nor objects-visiting need to be exposed outside
the heap.

R=hpayer@chromium.org,mlippautz@chromium.org

Review URL: https://codereview.chromium.org/1323993004

Cr-Commit-Position: refs/heads/master@{#30712}

9 years agoPreserve the ElementsKind in builtin.cc Slice early return
cbruni [Mon, 14 Sep 2015 10:32:35 +0000 (03:32 -0700)]
Preserve the ElementsKind in builtin.cc Slice early return

LOG=N

BUG=chromium:531348

Review URL: https://codereview.chromium.org/1344493004

Cr-Commit-Position: refs/heads/master@{#30711}

9 years ago[Interpreter] Add support for JS calls.
rmcilroy [Mon, 14 Sep 2015 10:05:18 +0000 (03:05 -0700)]
[Interpreter] Add support for JS calls.

Adds support for JS calls to the interpreter. In order to support
calls from the interpreter, the PushArgsAndCall builtin is added
which pushes a sequence of arguments onto the stack and calls
builtin::Call.

Adds the Call bytecode.

MIPS port contributed by akos.palfi@imgtec.com in https://codereview.chromium.org/1334873002/

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1323463005

Cr-Commit-Position: refs/heads/master@{#30710}

9 years agoMake --turbo-stats output more self-explanatory.
neis [Mon, 14 Sep 2015 09:25:18 +0000 (02:25 -0700)]
Make --turbo-stats output more self-explanatory.

BUG=

Review URL: https://codereview.chromium.org/1331553002

Cr-Commit-Position: refs/heads/master@{#30709}

9 years agoConstruct Range rather than Constant when typing integers.
neis [Mon, 14 Sep 2015 09:23:19 +0000 (02:23 -0700)]
Construct Range rather than Constant when typing integers.

Also clarify some comments.

R=jarin@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1328193003

Cr-Commit-Position: refs/heads/master@{#30708}

9 years ago[builtins] Remove STRING_ADD_LEFT and STRING_ADD_RIGHT builtins.
bmeurer [Mon, 14 Sep 2015 08:40:44 +0000 (01:40 -0700)]
[builtins] Remove STRING_ADD_LEFT and STRING_ADD_RIGHT builtins.

These builtins present an optimization for the general addition case,
where one side is already known to be a string. Unfortunately this
optimization is wrong in the presence of @@toPrimitive (there are some
ideas how to implement a similar optimization using the prototype
backpointer mechanism that jkummerow@ introduced earlier). So this
also removes the broken %_IsStringWrapperSafeForDefaultValueOf, which is
the key part of the optimization mentioned above.

R=mstarzinger@chromium.org
BUG=v8:4307
LOG=n

Review URL: https://codereview.chromium.org/1336273002

Cr-Commit-Position: refs/heads/master@{#30707}

9 years ago[builtins] Simplify String constructor code.
bmeurer [Mon, 14 Sep 2015 07:51:07 +0000 (00:51 -0700)]
[builtins] Simplify String constructor code.

The String constructor was somewhat complex with a lot of micro
optimizations that are not relevant or even misguided. It would be
really hard to port that code to ES6, which requires String to be
subclassable. So as a first step we reduced the necessary complexity
to the bare minimum (also removing the last user of the fairly complex
MacroAssembler::LookupNumberStringCache method).

This also removes the counters for the String constructor, which
were not properly exposed anymore (and not kept in sync with inlined
versions of the String constructor anyway).

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1335193002

Cr-Commit-Position: refs/heads/master@{#30706}

9 years agoFixing Sloppy Symbol.iterator setter
cbruni [Mon, 14 Sep 2015 07:19:58 +0000 (00:19 -0700)]
Fixing Sloppy Symbol.iterator setter
In certiain cases the ArgumentsIteratorSetter would trigger an invalid
state in the LookupIterator when being overridden. This is now solved
by bypassing the SetDataProperty and directly using
DefinePropertyOrElementIgnoringAttributes since we know exactly which
property we're going to install

LOG=N
BUG=chromium:521484

Review URL: https://codereview.chromium.org/1332873002

Cr-Commit-Position: refs/heads/master@{#30705}

9 years agoWhitespace change to test gnumbd for master branch.
tandrii [Sun, 13 Sep 2015 19:35:29 +0000 (12:35 -0700)]
Whitespace change to test gnumbd for master branch.

R=machenbach@chromium.org
BUG=530941
NOTRY=true
NOPRESUBMIT=true

Review URL: https://codereview.chromium.org/1340773002

Cr-Commit-Position: refs/heads/master@{#30704}

9 years agoOptionally use new GN optimization config.
brettw [Fri, 11 Sep 2015 18:28:15 +0000 (11:28 -0700)]
Optionally use new GN optimization config.

The GN default optimization flag is changing from being specific to the
debug/release status of the build to always being "default_optimization" so
it's easier to override without being conditional on the exact setup in
BUILDCONFIG.gn. See https://codereview.chromium.org/1324623005/

Since V8 is DEPS-ed in, it will need to support both modes to allow a landing.
This patch uses a temporary transitional flag I added to BUILDCONFIG to
indicate which variant should be used. After the patch is landed, we can remove
the new conditions and just remove default_optimization.

Review URL: https://codereview.chromium.org/1333963002

Cr-Commit-Position: refs/heads/master@{#30703}

9 years agoProfiler code clean-up
yurys [Fri, 11 Sep 2015 16:29:55 +0000 (09:29 -0700)]
Profiler code clean-up

BUG=None
LOG=N

Review URL: https://codereview.chromium.org/1332683002

Cr-Commit-Position: refs/heads/master@{#30702}

9 years ago[MIPS] Remove obsolete MacroAssembler::FlushICache.
mstarzinger [Fri, 11 Sep 2015 16:00:44 +0000 (09:00 -0700)]
[MIPS] Remove obsolete MacroAssembler::FlushICache.

R=mlippautz@chromium.org

Review URL: https://codereview.chromium.org/1334273002

Cr-Commit-Position: refs/heads/master@{#30701}

9 years agoMIPS: Save and restore callee-saved FP registers in cctest/ConvertDToI.
akos.palfi [Fri, 11 Sep 2015 15:31:08 +0000 (08:31 -0700)]
MIPS: Save and restore callee-saved FP registers in cctest/ConvertDToI.

Correctly save and restore FP registers in cctest/ConvertDToI to
avoid accidental register overwriting by the generated code.

Note: This failure is manifested only in R6 mode.

TEST=test/cctest/interpreter/test-interpreter
BUG=

Review URL: https://codereview.chromium.org/1337023002

Cr-Commit-Position: refs/heads/master@{#30700}

9 years agoMIPS: Refine '[stubs] Simplify the non-function case of CallConstructStub.'
balazs.kilvady [Fri, 11 Sep 2015 15:12:37 +0000 (08:12 -0700)]
MIPS: Refine '[stubs] Simplify the non-function case of CallConstructStub.'

Port 622fa0ea21b3517b1feaed447c87e580bafac865

Original commit message:
Currently we do this dance between the CallConstructStub, the
CALL_* builtins and the %GetConstructorDelegate, %GetProxyTrap,
and %Apply runtime functions for every [[Construct]] operation on
non-function callables. This is complexity is unnecessary, and can
be simplified to work without any JS builtin. This will also make it
a lot easier to implement ES6 compliant [[Construct]] for proxies.

Also sanitize the invariant for CallConstructStub, which up until now
always restored the context itself, but that force us to always create
another copy of all arguments in case of proxies and other callables,
so we can relax that constraint by making the caller restore the context
(this only affects fullcodegen, since the optimizing compilers already
properly restore the context anyway).

BUG=

Review URL: https://codereview.chromium.org/1340553002

Cr-Commit-Position: refs/heads/master@{#30699}

9 years agoPPC: Make FlushICache part of Assembler(Base) and take Isolate as parameter.
mbrandy [Fri, 11 Sep 2015 15:09:56 +0000 (08:09 -0700)]
PPC: Make FlushICache part of Assembler(Base) and take Isolate as parameter.

Port 9fc4fc141fa1d1aa1a3ccb901518cdffa0d6d268

R=mlippautz@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=chromium:524425
LOG=N

Review URL: https://codereview.chromium.org/1339673002

Cr-Commit-Position: refs/heads/master@{#30698}

9 years agoPPC: [builtins] Remove the weird STACK_OVERFLOW builtin.
mbrandy [Fri, 11 Sep 2015 15:08:49 +0000 (08:08 -0700)]
PPC: [builtins] Remove the weird STACK_OVERFLOW builtin.

Port 39604dda567b9ba9f4dcfe42f95471f30ec7cb6b

Original commit message:
    Just use a %ThrowStackOverflow runtime function instead, which
    does the trick, especially since the Isolate already has a
    preallocated StackOverflow error for that.

R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1334303002

Cr-Commit-Position: refs/heads/master@{#30697}

9 years agoPPC: [stubs] Simplify the non-function case of CallConstructStub.
mbrandy [Fri, 11 Sep 2015 15:07:42 +0000 (08:07 -0700)]
PPC: [stubs] Simplify the non-function case of CallConstructStub.

Port 622fa0ea21b3517b1feaed447c87e580bafac865

Original commit message:
    Currently we do this dance between the CallConstructStub, the
    CALL_* builtins and the %GetConstructorDelegate, %GetProxyTrap,
    and %Apply runtime functions for every [[Construct]] operation on
    non-function callables. This is complexity is unnecessary, and can
    be simplified to work without any JS builtin. This will also make it
    a lot easier to implement ES6 compliant [[Construct]] for proxies.

    Also sanitize the invariant for CallConstructStub, which up until now
    always restored the context itself, but that force us to always create
    another copy of all arguments in case of proxies and other callables,
    so we can relax that constraint by making the caller restore the context
    (this only affects fullcodegen, since the optimizing compilers already
    properly restore the context anyway).

R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1338663003

Cr-Commit-Position: refs/heads/master@{#30696}

9 years agoMake FlushICache part of Assembler(Base) and take Isolate as parameter.
mlippautz [Fri, 11 Sep 2015 12:59:30 +0000 (05:59 -0700)]
Make FlushICache part of Assembler(Base) and take Isolate as parameter.

BUG=chromium:524425
LOG=N

Review URL: https://codereview.chromium.org/1332283002

Cr-Commit-Position: refs/heads/master@{#30695}

9 years agoWhitespace change to smoke-test auto-bisect.
Michael Achenbach [Fri, 11 Sep 2015 11:35:36 +0000 (13:35 +0200)]
Whitespace change to smoke-test auto-bisect.

Cr-Commit-Position: refs/heads/master@{#30694}

9 years ago[builtins] Remove the weird STACK_OVERFLOW builtin.
bmeurer [Fri, 11 Sep 2015 10:21:27 +0000 (03:21 -0700)]
[builtins] Remove the weird STACK_OVERFLOW builtin.

Just use a %ThrowStackOverflow runtime function instead, which
does the trick, especially since the Isolate already has a
preallocated StackOverflow error for that.

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1337883002

Cr-Commit-Position: refs/heads/master@{#30693}

9 years agoVector ICs: gyp flag to run with vector-stores on.
mvstanton [Fri, 11 Sep 2015 10:00:05 +0000 (03:00 -0700)]
Vector ICs: gyp flag to run with vector-stores on.

This is so we can build with the flag on in the snapshot.
D8 then needs to be run with --vector-stores.

BUG=
R=machenbach@chromium.org

Review URL: https://codereview.chromium.org/1339593002

Cr-Commit-Position: refs/heads/master@{#30692}

9 years ago[stubs] Simplify the non-function case of CallConstructStub.
bmeurer [Fri, 11 Sep 2015 09:45:04 +0000 (02:45 -0700)]
[stubs] Simplify the non-function case of CallConstructStub.

Currently we do this dance between the CallConstructStub, the
CALL_* builtins and the %GetConstructorDelegate, %GetProxyTrap,
and %Apply runtime functions for every [[Construct]] operation on
non-function callables. This is complexity is unnecessary, and can
be simplified to work without any JS builtin. This will also make it
a lot easier to implement ES6 compliant [[Construct]] for proxies.

Also sanitize the invariant for CallConstructStub, which up until now
always restored the context itself, but that force us to always create
another copy of all arguments in case of proxies and other callables,
so we can relax that constraint by making the caller restore the context
(this only affects fullcodegen, since the optimizing compilers already
properly restore the context anyway).

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1335723002

Cr-Commit-Position: refs/heads/master@{#30691}

9 years ago[turbofan] Greedy: live range grouping.
mtrofin [Fri, 11 Sep 2015 05:35:41 +0000 (22:35 -0700)]
[turbofan] Greedy: live range grouping.

Grouping of live ranges that would be beneficial if
allocated on the same register. Currently, that means phi
outputs and inputs.

Review URL: https://codereview.chromium.org/1312473018

Cr-Commit-Position: refs/heads/master@{#30690}

9 years agoPPC: Vector ICs: The Oracle needs to report feedback for the object literals and...
mbrandy [Thu, 10 Sep 2015 19:18:22 +0000 (12:18 -0700)]
PPC: Vector ICs: The Oracle needs to report feedback for the object literals and the count operation.

Port 752b0308df72461bfeb644bf6dd8dd331fcdb722

Original commit message:
    The refactoring is because it's awkward and error-prone to deterimine which IC slot an
    ObjectLiteralProperty uses for feedback. The fix is for each one to know it's own slot. In the
    numbering pass, we allocate slots for the ObjectLiteral, then hand out those slots into the
    properties.

    It adds one word to the ObjectLiteralProperty expression - I'm investigating if thats a
    problem.

    This changes makes compiling the object literal cleaner across the three compilers. Also, the
    slot allocation logic in ObjectLiteral::ComputeFeedbackRequirements() was refactoring to mimic
    the style in full-codegen. This is useful since it must remain in sync with
    FullCodegen::VisitObjectLiteral().

R=mvstanton@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1331893003

Cr-Commit-Position: refs/heads/master@{#30689}

9 years agoProfiler: resolve top of stack address to a function
yurys [Thu, 10 Sep 2015 17:45:39 +0000 (10:45 -0700)]
Profiler: resolve top of stack address to a function

When we cannot map top frame's pc to a code object and top frame is JS frame we now assume that it was a frameless invocation of a native function (e.g. __fmod) and try to resolve address on top of the stack into a JS function.

BUG=chromium:529931
LOG=Y

Review URL: https://codereview.chromium.org/1315683007

Cr-Commit-Position: refs/heads/master@{#30688}

9 years ago[Interpreter] Skeleton bytecode graph builder
oth [Thu, 10 Sep 2015 16:21:34 +0000 (09:21 -0700)]
[Interpreter] Skeleton bytecode graph builder

Add skeleton version bytecode-graph-builder.{h,cc} for existing
bytecodes.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1291693004

Cr-Commit-Position: refs/heads/master@{#30687}

9 years agoVector ICs: The Oracle needs to report feedback for the object literals and the count...
mvstanton [Thu, 10 Sep 2015 15:02:21 +0000 (08:02 -0700)]
Vector ICs: The Oracle needs to report feedback for the object literals and the count operation.

The refactoring is because it's awkward and error-prone to deterimine which IC slot an
ObjectLiteralProperty uses for feedback. The fix is for each one to know it's own slot. In the
numbering pass, we allocate slots for the ObjectLiteral, then hand out those slots into the
properties.

It adds one word to the ObjectLiteralProperty expression - I'm investigating if thats a
problem.

This changes makes compiling the object literal cleaner across the three compilers. Also, the
slot allocation logic in ObjectLiteral::ComputeFeedbackRequirements() was refactoring to mimic
the style in full-codegen. This is useful since it must remain in sync with
FullCodegen::VisitObjectLiteral().

Review URL: https://codereview.chromium.org/1321993004

Cr-Commit-Position: refs/heads/master@{#30686}

9 years agoParsing especially large nested functions takes up more memory than necessary.
conradw [Thu, 10 Sep 2015 14:40:57 +0000 (07:40 -0700)]
Parsing especially large nested functions takes up more memory than necessary.
Inner functions must be eagerly parsed for scope analysis, but the full AST is
also kept around even though it's not needed.

This CL mitigates this problem by allocating some AstNodes of the inner function
to a temporary Zone which is deallocated once the scope information has been
built. The remaining nodes (such as VariableProxy) must persist until scope
analysis actually happens, and have to be allocated to a parser-persistent Zone.

BUG=417697
LOG=N

Review URL: https://codereview.chromium.org/1304923004

Cr-Commit-Position: refs/heads/master@{#30685}

9 years agoEnable loads and stores to global vars through property cell shortcuts installed...
ishell [Thu, 10 Sep 2015 14:21:18 +0000 (07:21 -0700)]
Enable loads and stores to global vars through property cell shortcuts installed into parent script context.

Review URL: https://codereview.chromium.org/1330213003

Cr-Commit-Position: refs/heads/master@{#30684}

9 years agoAdd instrumentation to track down a crasher
jkummerow [Thu, 10 Sep 2015 14:07:39 +0000 (07:07 -0700)]
Add instrumentation to track down a crasher

LoadICs must always return a JS-accessible value (nothing internal).
Dictionary property keys are guaranteed to be unique names.

BUG=chromium:527994
LOG=n

Review URL: https://codereview.chromium.org/1334673003

Cr-Commit-Position: refs/heads/master@{#30683}

9 years ago[es6] fixup for rest parameters perf test
caitpotter88 [Thu, 10 Sep 2015 13:44:58 +0000 (06:44 -0700)]
[es6] fixup for rest parameters perf test

BUG=v8:2160
LOG=N
NOTRY=true
R=adamk, machenbach@chromium.org, rossberg

Review URL: https://codereview.chromium.org/1331803003

Cr-Commit-Position: refs/heads/master@{#30682}

9 years agoContinuing removing deprecated functions from cctests
mythria [Thu, 10 Sep 2015 13:09:53 +0000 (06:09 -0700)]
Continuing removing deprecated functions from cctests

Removes deprecated functions from:
- test-unique.cc
- test-unscopables-hidden-prototype.cc
- test-utils-arm64.cc
- test-utils.cc
- test-version.cc
- test-weakmaps.cc
- test-weaksets.cc
- trace-extension.cc
- trace-extension.h

BUG=v8:4134
LOG=n

Review URL: https://codereview.chromium.org/1331013003

Cr-Commit-Position: refs/heads/master@{#30681}

9 years ago[runtime] Move binary operator fallbacks into the runtime.
bmeurer [Thu, 10 Sep 2015 13:04:15 +0000 (06:04 -0700)]
[runtime] Move binary operator fallbacks into the runtime.

Replace the ADD, SUB, etc. builtins with proper runtime implementations,
and expose them as runtime calls that can be used by the code stubs and
the interpreter (for now).

Also remove all the support runtime functions for ADD, SUB and friends,
namely %NumberAdd, %NumberSub, and so on.

R=mstarzinger@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg,v8_linux_nosnap_dbg

Review URL: https://codereview.chromium.org/1333843002

Cr-Commit-Position: refs/heads/master@{#30680}

9 years agoDo not look for the slot in the ScopeInfo's global range when it's not necessary.
ishell [Thu, 10 Sep 2015 12:54:53 +0000 (05:54 -0700)]
Do not look for the slot in the ScopeInfo's global range when it's not necessary.

This fixes the Runtime_DeclareGlobals performance regression caused by a huge number of global var declarations mentioned in chromium:517778.

BUG=chromium:517778
LOG=N

Review URL: https://codereview.chromium.org/1335633002

Cr-Commit-Position: refs/heads/master@{#30679}

9 years agoTypedArray accessor detection: consider entire prototype chain
fedor [Thu, 10 Sep 2015 12:21:47 +0000 (05:21 -0700)]
TypedArray accessor detection: consider entire prototype chain

When looking up a special accessor for known TypedArray fields
("length", "byteLength", "byteOffset"), consider the entire prototype
chain, not only the direct prototype.
This allows subclasses of TypedArrays to benefit from fast specialized
accesses.

Review URL: https://codereview.chromium.org/1313493005

Cr-Commit-Position: refs/heads/master@{#30678}

9 years agoFix for v8:4380 introduced a regression in Octane crypto.
mvstanton [Thu, 10 Sep 2015 11:38:07 +0000 (04:38 -0700)]
Fix for v8:4380 introduced a regression in Octane crypto.

Narrowed the scope of the fix, to make a best effort to avoid DEOPT in
case the hole is loaded, but not to permute the choice of a consolidated
load in case that effort fails.

BUG=chromium:530005
LOG=N

Review URL: https://codereview.chromium.org/1330233004

Cr-Commit-Position: refs/heads/master@{#30677}

9 years agoAdding template parameter to PrototypeIterator GetCurrent
cbruni [Thu, 10 Sep 2015 10:56:06 +0000 (03:56 -0700)]
Adding template parameter to PrototypeIterator GetCurrent

BUG=

Review URL: https://codereview.chromium.org/1330153003

Cr-Commit-Position: refs/heads/master@{#30676}

9 years ago[runtime] Remove Runtime::KeyedGetObjectProperty function.
mstarzinger [Thu, 10 Sep 2015 10:48:51 +0000 (03:48 -0700)]
[runtime] Remove Runtime::KeyedGetObjectProperty function.

R=conradw@chromium.org

Review URL: https://codereview.chromium.org/1317033009

Cr-Commit-Position: refs/heads/master@{#30675}

9 years ago[turbofan] Disable test that started to timeout.
mstarzinger [Thu, 10 Sep 2015 10:39:02 +0000 (03:39 -0700)]
[turbofan] Disable test that started to timeout.

The two tests in question got a lot slower and started to timeout now
that the C++ fallback implementation of the %Arguments intrinsics is
composable with respect to inlining.

R=bmeurer@chromium.org,machenbach@chromium.org

Review URL: https://codereview.chromium.org/1330203003

Cr-Commit-Position: refs/heads/master@{#30674}

9 years ago[turbofan] Remove obsolete --turbo-try-catch flag.
mstarzinger [Thu, 10 Sep 2015 09:38:29 +0000 (02:38 -0700)]
[turbofan] Remove obsolete --turbo-try-catch flag.

This removes the aforementioned flag which has been on by default for a
while now. Note that this does not control optimization decisions, only
the last-resort bailout in the graph builder.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1335543002

Cr-Commit-Position: refs/heads/master@{#30673}

9 years agoX87: On a call to Array(), we patched a call ic.
chunyang.dai [Thu, 10 Sep 2015 08:39:50 +0000 (01:39 -0700)]
X87: On a call to Array(), we patched a call ic.

port ba7b64139886ab7987406a92bf0e801b807c9fe4 (r30649)

original commit message:

   This CL makes do with a single dispatcher which inlines the special handling for the Array() call case, loading the allocation site found in the vector and c

BUG=

Review URL: https://codereview.chromium.org/1330993004

Cr-Commit-Position: refs/heads/master@{#30672}

9 years ago[runtime] Sanitize %NewClosure runtime entries.
bmeurer [Thu, 10 Sep 2015 08:35:55 +0000 (01:35 -0700)]
[runtime] Sanitize %NewClosure runtime entries.

There are now two runtime entries %NewClosure and %NewClosure_Tenured,
with the same signature (one parameter, the SharedFunctionInfo, and the
context of the caller).

Also remove the HFunctionLiteral special case instruction from Crankshaft,
as HCallWithDescriptor with FastNewClosureStub or HCallRuntime with
either %NewClosure or %NewClosure_Tenured can easily do that for you.

Also remove the redundant context parameter from the JSCreateClosure
operator, because every JS operator already takes a context input.

CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_dbg

Review URL: https://codereview.chromium.org/1329293003

Cr-Commit-Position: refs/heads/master@{#30671}

9 years agoMIPS: Fix illegal use of at register
Djordje.Pesic [Thu, 10 Sep 2015 06:02:25 +0000 (23:02 -0700)]
MIPS: Fix illegal use of at register

Fix illegal use of at register when ldc1 and sdc1 are called. Added dchecks to prevent such a usage.

TEST=mjsunit/asm/float64array-negative-offset(r6), mjsunit/asm/float64array-outofbounds(r6)

Review URL: https://codereview.chromium.org/1323763002

Cr-Commit-Position: refs/heads/master@{#30670}

9 years agoX87: [calls] Consistent call protocol for calls.
chunyang.dai [Thu, 10 Sep 2015 05:42:39 +0000 (22:42 -0700)]
X87: [calls] Consistent call protocol for calls.

port b37907ff7f866873ddfbfc97670b43c19a5fc7f9 (r30648).

original commit message:

    The number of actual arguments should always be available, there's no
    point in trying to optimize away a simple assignment of an immediate to
    a register before some calls.

    The main motivation is to have a consistent state at the beginning of every
    function. Currently the arguments register (i.e. rax or eax) either contains
    the number of arguments or some random garbage depending on whether
    the callsite decided that the callee might need the information or not.
    This causes trouble with runtime implementations of functions that
    do not set internal_formal_parameter_count to the DontAdaptArguments
    sentinel (we don't have any of those yet), but also makes it impossible
    to sanity check the arguments in the callee, because the callee doesn't
    know whether the caller decided to pass the number of arguments or
    random garbage.

BUG=

Review URL: https://codereview.chromium.org/1335453002

Cr-Commit-Position: refs/heads/master@{#30669}

9 years agoX87: [builtins] Unify the various versions of [[Call]] with a Call builtin.
chunyang.dai [Thu, 10 Sep 2015 05:41:33 +0000 (22:41 -0700)]
X87: [builtins] Unify the various versions of [[Call]] with a Call builtin.

port ccbb4ff00f1d8f32fd9227cd7aba1723791e5744 (r30629)

original commit message:

    The new Call and CallFunction builtins supersede the current
    CallFunctionStub (and CallIC magic) and will be the single bottleneck
    for all calling, including the currently special Function.prototype.call
    and Function.prototype.apply builtins, which had handwritten (and
    not fully compliant) versions of CallFunctionStub, and also the
    CallIC(s), which where also slightly different.

    This also reduces the overhead for API function calls, which is still
    unnecessary high, but let's do that step-by-step.

    This also fixes a bunch of cases where the implicit ToObject for
    sloppy receivers was done in the wrong context (in the caller
    context instead of the callee context), which basically meant
    that we allowed cross context access to %ObjectPrototype%.

BUG=

Review URL: https://codereview.chromium.org/1332703002

Cr-Commit-Position: refs/heads/master@{#30668}

9 years agoX87: [runtime] Replace many buggy uses of %_CallFunction with %_Call.
chunyang.dai [Thu, 10 Sep 2015 05:40:25 +0000 (22:40 -0700)]
X87: [runtime] Replace many buggy uses of %_CallFunction with %_Call.

port db2ba190dba6983b94eae36e111b0feebb97587e (r30634).

original commit message:

    The semantics of the %_CallFunction intrinsic seem to be very unclear,
    which resulted in a lot of bugs. Especially the combination with
    %IsSloppyModeFunction is always a bug, because the receiver would be
    wrapped in the wrong context. So the %IsSloppyModeFunction helper is
    gone now, and many of the buggy uses of %_CallFunction are also
    eliminated.

    If you ever need to call something with a different receiver, then
    %_Call is your friend now. It does what you want and implements the
    call sequence fully (and correct).

Review URL: https://codereview.chromium.org/1336443002

Cr-Commit-Position: refs/heads/master@{#30667}

9 years agoPPC: Fix "Desugar %DefaultConstructorCallSuper partially in parser."
mbrandy [Wed, 9 Sep 2015 20:34:37 +0000 (13:34 -0700)]
PPC: Fix "Desugar %DefaultConstructorCallSuper partially in parser."

R=mstarzinger@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1303333009

Cr-Commit-Position: refs/heads/master@{#30666}

9 years ago[turbofan] relative_id of splinters and their children.
mtrofin [Wed, 9 Sep 2015 19:33:56 +0000 (12:33 -0700)]
[turbofan] relative_id of splinters and their children.

A LiveRange is identified by 2 integers: the vreg() of its TopLevel,
which is the virtual register (operand) ID; and a relative_id(), which has
no meaning in the program, but is valuable in debugging or tracing
scenarios.

This change ensures that relative_id is unique even in cases of splinter
ranges and their children.

Review URL: https://codereview.chromium.org/1318493005

Cr-Commit-Position: refs/heads/master@{#30665}

9 years agoDesugar %DefaultConstructorCallSuper partially in parser.
mstarzinger [Wed, 9 Sep 2015 17:45:43 +0000 (10:45 -0700)]
Desugar %DefaultConstructorCallSuper partially in parser.

This desugars the loading of the super constructor function using the
%GetPrototype runtime function in the parser. The produced code remains
the same while fewer parts need to be glued together.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1321343004

Cr-Commit-Position: refs/heads/master@{#30664}

9 years ago[runtime] Move AtomicIsLockFree out of Runtime class.
mstarzinger [Wed, 9 Sep 2015 17:13:20 +0000 (10:13 -0700)]
[runtime] Move AtomicIsLockFree out of Runtime class.

R=binji@chromium.org

Review URL: https://codereview.chromium.org/1327743004

Cr-Commit-Position: refs/heads/master@{#30663}

9 years agoPPC: [calls] Consistent call protocol for calls.
mbrandy [Wed, 9 Sep 2015 16:09:18 +0000 (09:09 -0700)]
PPC: [calls] Consistent call protocol for calls.

Port b37907ff7f866873ddfbfc97670b43c19a5fc7f9

Original commit message:
    The number of actual arguments should always be available, there's no
    point in trying to optimize away a simple assignment of an immediate to
    a register before some calls.

    The main motivation is to have a consistent state at the beginning of every
    function. Currently the arguments register (i.e. rax or eax) either contains
    the number of arguments or some random garbage depending on whether
    the callsite decided that the callee might need the information or not.
    This causes trouble with runtime implementations of functions that
    do not set internal_formal_parameter_count to the DontAdaptArguments
    sentinel (we don't have any of those yet), but also makes it impossible
    to sanity check the arguments in the callee, because the callee doesn't
    know whether the caller decided to pass the number of arguments or
    random garbage.

R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=v8:4413
LOG=n

Review URL: https://codereview.chromium.org/1314353007

Cr-Commit-Position: refs/heads/master@{#30662}

9 years agoPPC: On a call to Array(), we patched a call ic. This CL makes do with a single dispa...
mbrandy [Wed, 9 Sep 2015 15:58:52 +0000 (08:58 -0700)]
PPC: On a call to Array(), we patched a call ic. This CL makes do with a single dispatcher which inlines the special handling for the Array() call case, loading the allocation site found in the vector and calling the array constructor stub appropriately.

Port ba7b64139886ab7987406a92bf0e801b807c9fe4

R=mvstanton@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1322103005

Cr-Commit-Position: refs/heads/master@{#30661}

9 years ago[Interpreter] Add support for property store operations.
rmcilroy [Wed, 9 Sep 2015 15:46:04 +0000 (08:46 -0700)]
[Interpreter] Add support for property store operations.

Adds support for property store operations via Store/KeyedStore ICs. Adds the
following bytecodes:
 - StoreIC
 - KeyedStoreIC

The --vector_store flag is now required for --ignition.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1319833004

Cr-Commit-Position: refs/heads/master@{#30660}

9 years agoCrankshaft: consolidated element loads always deopted on seeing the hole
mvstanton [Wed, 9 Sep 2015 15:15:20 +0000 (08:15 -0700)]
Crankshaft: consolidated element loads always deopted on seeing the hole

Update the consolidated load case to carefully chose the load mode
based on the consolidated elements kind.

BUG=v8:4380
LOG=N

Review URL: https://codereview.chromium.org/1329793003

Cr-Commit-Position: refs/heads/master@{#30659}

9 years agoAIX: Fix 'may be used uninitialized' compiler errors
mbrandy [Wed, 9 Sep 2015 14:55:23 +0000 (07:55 -0700)]
AIX: Fix 'may be used uninitialized' compiler errors

Fix additional cases where the AIX compiler reports that a variable
may be used uninitialized.

R=danno@chromium.org, michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1323313003

Cr-Commit-Position: refs/heads/master@{#30658}

9 years agoPPC: Reland Vector ICs: platform support for vector-based stores.
mbrandy [Wed, 9 Sep 2015 14:42:50 +0000 (07:42 -0700)]
PPC: Reland Vector ICs: platform support for vector-based stores.

Port 40fbed0609ddb3e4ee4338049383004b62d13853

Original commit message:
    The last changes for vector store functionality, they are in 3 areas:

    1) The new vector [keyed] store code stubs - implementation.
    2) IC and handler compiler adjustments
    3) Odds and ends. A change in ast.cc, a test update, a small Oracle fix.

R=mvstanton@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1330883002

Cr-Commit-Position: refs/heads/master@{#30657}

9 years agoPPC: [builtins] Unify the various versions of [[Call]] with a Call builtin.
mbrandy [Wed, 9 Sep 2015 14:39:51 +0000 (07:39 -0700)]
PPC: [builtins] Unify the various versions of [[Call]] with a Call builtin.

Port ccbb4ff00f1d8f32fd9227cd7aba1723791e5744

Original commit message:
    The new Call and CallFunction builtins supersede the current
    CallFunctionStub (and CallIC magic) and will be the single bottleneck
    for all calling, including the currently special Function.prototype.call
    and Function.prototype.apply builtins, which had handwritten (and
    not fully compliant) versions of CallFunctionStub, and also the
    CallIC(s), which where also slightly different.

    This also reduces the overhead for API function calls, which is still
    unnecessary high, but let's do that step-by-step.

    This also fixes a bunch of cases where the implicit ToObject for
    sloppy receivers was done in the wrong context (in the caller
    context instead of the callee context), which basically meant
    that we allowed cross context access to %ObjectPrototype%.

    MIPS and MIPS64 ports contributed by akos.palfi@imgtec.com.

R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=v8:4413
LOG=n

Review URL: https://codereview.chromium.org/1327093002

Cr-Commit-Position: refs/heads/master@{#30656}

9 years agoPPC: [runtime] Replace many buggy uses of %_CallFunction with %_Call.
mbrandy [Wed, 9 Sep 2015 14:27:20 +0000 (07:27 -0700)]
PPC: [runtime] Replace many buggy uses of %_CallFunction with %_Call.

Port db2ba190dba6983b94eae36e111b0feebb97587e

Original commit message:
    The semantics of the %_CallFunction intrinsic seem to be very unclear,
    which resulted in a lot of bugs. Especially the combination with
    %IsSloppyModeFunction is always a bug, because the receiver would be
    wrapped in the wrong context. So the %IsSloppyModeFunction helper is
    gone now, and many of the buggy uses of %_CallFunction are also
    eliminated.

    If you ever need to call something with a different receiver, then
    %_Call is your friend now. It does what you want and implements the
    call sequence fully (and correct).

R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=v8:4413
LOG=n

Review URL: https://codereview.chromium.org/1310303008

Cr-Commit-Position: refs/heads/master@{#30655}

9 years ago[turbofan] Make %Arguments composable with inlining.
mstarzinger [Wed, 9 Sep 2015 14:14:01 +0000 (07:14 -0700)]
[turbofan] Make %Arguments composable with inlining.

This makes the C++ fallback implementations for the two intrinsics,
%Arguments and %ArgumentsLength composable with respect to inlining.
Using deoptimization information gives us accurate data here.

R=bmeurer@chromium.org
TEST=mjsunit/regress/regress-4374
BUG=v8:4374
LOG=n

Review URL: https://codereview.chromium.org/1328363002

Cr-Commit-Position: refs/heads/master@{#30654}

9 years agoMIPS64: Fix 'On a call to Array(), we patched a call ic.'
balazs.kilvady [Wed, 9 Sep 2015 13:57:50 +0000 (06:57 -0700)]
MIPS64: Fix 'On a call to Array(), we patched a call ic.'

Port ba7b64139886ab7987406a92bf0e801b807c9fe4

Original commit message:
This CL makes do with a single dispatcher which inlines the special handling for the Array() call case, loading the allocation site found in the vector and calling the array constructor stub appropriately.

BUG=

Review URL: https://codereview.chromium.org/1324093005

Cr-Commit-Position: refs/heads/master@{#30653}

9 years ago[runtime] Remove unused %NumberUnaryMinus runtime function.
bmeurer [Wed, 9 Sep 2015 13:55:11 +0000 (06:55 -0700)]
[runtime] Remove unused %NumberUnaryMinus runtime function.

This has been dead code for quite a while now.

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1314353006

Cr-Commit-Position: refs/heads/master@{#30652}

9 years ago[turbofan] Handle stack overflow exceptions in JSInliner.
mstarzinger [Wed, 9 Sep 2015 10:24:17 +0000 (03:24 -0700)]
[turbofan] Handle stack overflow exceptions in JSInliner.

R=bmeurer@chromium.org
BUG=chromium:527364
LOG=n

Review URL: https://codereview.chromium.org/1322203005

Cr-Commit-Position: refs/heads/master@{#30651}

9 years agoUse v8-reviews@ for review mail, so v8-dev@ is free for dev discussions
jochen [Wed, 9 Sep 2015 08:13:57 +0000 (01:13 -0700)]
Use v8-reviews@ for review mail, so v8-dev@ is free for dev discussions

BUG=none
R=danno@chromium.org
LOG=y

Review URL: https://codereview.chromium.org/1308953011

Cr-Commit-Position: refs/heads/master@{#30650}

9 years agoOn a call to Array(), we patched a call ic. This CL makes do with a single dispatcher...
mvstanton [Wed, 9 Sep 2015 08:05:25 +0000 (01:05 -0700)]
On a call to Array(), we patched a call ic. This CL makes do with a single dispatcher which inlines the special handling for the Array() call case, loading the allocation site found in the vector and calling the array constructor stub appropriately.

BUG=

Review URL: https://codereview.chromium.org/1332563003

Cr-Commit-Position: refs/heads/master@{#30649}

9 years ago[calls] Consistent call protocol for calls.
bmeurer [Wed, 9 Sep 2015 05:01:01 +0000 (22:01 -0700)]
[calls] Consistent call protocol for calls.

The number of actual arguments should always be available, there's no
point in trying to optimize away a simple assignment of an immediate to
a register before some calls.

The main motivation is to have a consistent state at the beginning of every
function. Currently the arguments register (i.e. rax or eax) either contains
the number of arguments or some random garbage depending on whether
the callsite decided that the callee might need the information or not.
This causes trouble with runtime implementations of functions that
do not set internal_formal_parameter_count to the DontAdaptArguments
sentinel (we don't have any of those yet), but also makes it impossible
to sanity check the arguments in the callee, because the callee doesn't
know whether the caller decided to pass the number of arguments or
random garbage.

BUG=v8:4413
LOG=n

Review URL: https://codereview.chromium.org/1330033002

Cr-Commit-Position: refs/heads/master@{#30648}

9 years ago[es6] add js-perf-test for rest parameters
caitpotter88 [Tue, 8 Sep 2015 23:17:00 +0000 (16:17 -0700)]
[es6] add js-perf-test for rest parameters

BUG=v8:2160
LOG=N
R=adamk, rossberg, wingo

Review URL: https://codereview.chromium.org/1317113007

Cr-Commit-Position: refs/heads/master@{#30647}

9 years agoMIPS: minor cleanup in macro-assembler.
paul.lind [Tue, 8 Sep 2015 21:58:40 +0000 (14:58 -0700)]
MIPS: minor cleanup in macro-assembler.

Fix some dodgy temp-register usage and remove some unnecessary
push/pop's.

BUG=

Review URL: https://codereview.chromium.org/1324553004

Cr-Commit-Position: refs/heads/master@{#30646}

9 years agoMIPS64: [turbofan] Improve changes from and to Smi.
dusan.m.milosavljevic [Tue, 8 Sep 2015 21:54:52 +0000 (14:54 -0700)]
MIPS64: [turbofan] Improve changes from and to Smi.

The instruction selection for following sequences is
improved:

  113: Word64Sar(107, 91) : Internal/Any
  114: TruncateInt64ToInt32(113) : Signed32/UntaggedSigned32
  115: ChangeInt32ToFloat64(114) : Signed32/UntaggedFloat64

TEST=unittests/InstructionSelectorTest.ChangesFromToSmi
BUG=

Review URL: https://codereview.chromium.org/1318153006

Cr-Commit-Position: refs/heads/master@{#30645}

9 years agoMIPS: Fix 'Optimize simulator.'
balazs.kilvady [Tue, 8 Sep 2015 19:32:06 +0000 (12:32 -0700)]
MIPS: Fix 'Optimize simulator.'

For simulator optimization we modified Instruction::InstructionType() function so a simpler but less complete InstructionType() function used by default. This fix enables the full InstructionType checking to properly decode a dd-constant label as unsupported opcode, rather than aborting.

BUG=chromium:528875
LOG=NO

Review URL: https://codereview.chromium.org/1314673010

Cr-Commit-Position: refs/heads/master@{#30644}

9 years agoMIPS: Fix MacroAssembler::AssertFunction()
paul.lind [Tue, 8 Sep 2015 19:29:22 +0000 (12:29 -0700)]
MIPS: Fix MacroAssembler::AssertFunction()

Porting mistake in ccbb4ff0 '[builtins] Unify the various versions of [[Call]]
with a Call builtin.', which only showed as debug assertion in later commit
db2ba190 '[runtime] Replace many buggy uses of %_CallFunction with %_Call.'

Use temporary register rather than push/pop of 'object' register.

BUG=
TEST=cctest/test-api/SetFunctionEntryHook, cctest/test-serialize/PerIsolateSnapshotBlobs, ...

Review URL: https://codereview.chromium.org/1309163006

Cr-Commit-Position: refs/heads/master@{#30643}

9 years ago[heap] Prevent leakage of GCCallbacksScope outside of heap.
mstarzinger [Tue, 8 Sep 2015 17:14:12 +0000 (10:14 -0700)]
[heap] Prevent leakage of GCCallbacksScope outside of heap.

R=mlippautz@chromium.org

Review URL: https://codereview.chromium.org/1314543014

Cr-Commit-Position: refs/heads/master@{#30642}

9 years agoUse idle task to perform incremental marking steps.
ulan [Tue, 8 Sep 2015 15:54:24 +0000 (08:54 -0700)]
Use idle task to perform incremental marking steps.

This moves incremental marking steps from gc-idle-time-handler and heap to the new incremental marking task.

BUG=chromium:490559
LOG=NO

Review URL: https://codereview.chromium.org/1265423002

Cr-Commit-Position: refs/heads/master@{#30641}

9 years agoRemove all gyp BUILD rules with multiple outputs.
vogelheim [Tue, 8 Sep 2015 15:24:45 +0000 (08:24 -0700)]
Remove all gyp BUILD rules with multiple outputs.

- Modify js2c to accept --js and --nojs,
- modify mksnapshot to accept --startup_src
  (instead of a positional parameter, so that it can be omitted),
- modify v8.gyp to use the above so that no target has multiple
  output dependencies, and
- update GN to use the switches above.

(I have not succeeded in fixing the GYP->make translator to properly map
 multi-output rules, so that they work as expected in all edge cases.
 This CL signals defeat on that front, and instead I rewrite the GYP
 file to avoid that situation in the first place.)

R=jochen@chromium.org
BUG=v8:4382
LOG=N

Review URL: https://codereview.chromium.org/1310273009

Cr-Commit-Position: refs/heads/master@{#30640}

9 years ago[Interpreter] Ensure that implicit return undefined is generated.
rmcilroy [Tue, 8 Sep 2015 15:02:44 +0000 (08:02 -0700)]
[Interpreter] Ensure that implicit return undefined is generated.

When there is no explicit return we need to generate an implicit
return undefined.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1308693014

Cr-Commit-Position: refs/heads/master@{#30639}

9 years agoFix a potential overflow of binary search
jianghua.yjh [Tue, 8 Sep 2015 14:50:27 +0000 (07:50 -0700)]
Fix a potential overflow of binary search

BUG=

Review URL: https://codereview.chromium.org/1314253006

Cr-Commit-Position: refs/heads/master@{#30638}

9 years ago[heap] Remove obsolete DisallowAllocationFailure scope.
mstarzinger [Tue, 8 Sep 2015 14:42:27 +0000 (07:42 -0700)]
[heap] Remove obsolete DisallowAllocationFailure scope.

This removes the DisallowAllocationFailure assertion scope which mostly
coincided with the AlwaysAllocateScope anyways. Access to the bitfield
in the Isolate was not synchronized and hence the AlwaysAllocateScope
was not thread-safe in debug mode, now it is.

R=mlippautz@chromium.org

Review URL: https://codereview.chromium.org/1319153006

Cr-Commit-Position: refs/heads/master@{#30637}

9 years ago[builtins] Removing %_CallFunction in GetThirdIndex.
cbruni [Tue, 8 Sep 2015 14:22:19 +0000 (07:22 -0700)]
[builtins] Removing %_CallFunction in GetThirdIndex.

By using an InternArray for the pivot calculation we can get rid of yet
another %_CallFunction.

Review URL: https://codereview.chromium.org/1316673008

Cr-Commit-Position: refs/heads/master@{#30636}

9 years agoUse baseline code to compute message locations.
mstarzinger [Tue, 8 Sep 2015 14:14:48 +0000 (07:14 -0700)]
Use baseline code to compute message locations.

This switches Isolate::ComputeLocation to use baseline code when
computing message locations. This unifies locations between optimized
and non-optimized code by always going through the FrameSummary for
location computation.

R=bmeurer@chromium.org
TEST=message/regress/regress-4266
BUG=v8:4266
LOG=n

Review URL: https://codereview.chromium.org/1331603002

Cr-Commit-Position: refs/heads/master@{#30635}

9 years ago[runtime] Replace many buggy uses of %_CallFunction with %_Call.
bmeurer [Tue, 8 Sep 2015 13:35:20 +0000 (06:35 -0700)]
[runtime] Replace many buggy uses of %_CallFunction with %_Call.

The semantics of the %_CallFunction intrinsic seem to be very unclear,
which resulted in a lot of bugs. Especially the combination with
%IsSloppyModeFunction is always a bug, because the receiver would be
wrapped in the wrong context. So the %IsSloppyModeFunction helper is
gone now, and many of the buggy uses of %_CallFunction are also
eliminated.

If you ever need to call something with a different receiver, then
%_Call is your friend now. It does what you want and implements the
call sequence fully (and correct).

BUG=v8:4413
LOG=n

Review URL: https://codereview.chromium.org/1325573004

Cr-Commit-Position: refs/heads/master@{#30634}

9 years agoFix AstPrinter::VisitCallRuntime to not print garbage.
mstarzinger [Tue, 8 Sep 2015 12:39:26 +0000 (05:39 -0700)]
Fix AstPrinter::VisitCallRuntime to not print garbage.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1329133002

Cr-Commit-Position: refs/heads/master@{#30633}

9 years agoCache String.split not found results as well
karl [Tue, 8 Sep 2015 10:30:07 +0000 (03:30 -0700)]
Cache String.split not found results as well

Before String.split only cached results if the seperator was found

BUG=v8:4191
LOG=N

Review URL: https://codereview.chromium.org/1308373005

Cr-Commit-Position: refs/heads/master@{#30632}

9 years ago[es6] Optimize String{Starts, Ends}With
karl [Tue, 8 Sep 2015 10:20:29 +0000 (03:20 -0700)]
[es6] Optimize String{Starts, Ends}With

Replace Math{Min,Max}
Direct string comparison

Compared to https://codereview.chromium.org/1321853006/
single character
 found at true
77
P found at false
70
က found at false
70

BUG=v8:4384
LOG=N

Review URL: https://codereview.chromium.org/1324353002

Cr-Commit-Position: refs/heads/master@{#30631}

9 years ago[heap] Fix MemoryChunk::kHeaderSize computation and add some assertions.
mlippautz [Tue, 8 Sep 2015 08:36:18 +0000 (01:36 -0700)]
[heap] Fix MemoryChunk::kHeaderSize computation and add some assertions.

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1302423007

Cr-Commit-Position: refs/heads/master@{#30630}

9 years ago[builtins] Unify the various versions of [[Call]] with a Call builtin.
bmeurer [Tue, 8 Sep 2015 07:50:22 +0000 (00:50 -0700)]
[builtins] Unify the various versions of [[Call]] with a Call builtin.

The new Call and CallFunction builtins supersede the current
CallFunctionStub (and CallIC magic) and will be the single bottleneck
for all calling, including the currently special Function.prototype.call
and Function.prototype.apply builtins, which had handwritten (and
not fully compliant) versions of CallFunctionStub, and also the
CallIC(s), which where also slightly different.

This also reduces the overhead for API function calls, which is still
unnecessary high, but let's do that step-by-step.

This also fixes a bunch of cases where the implicit ToObject for
sloppy receivers was done in the wrong context (in the caller
context instead of the callee context), which basically meant
that we allowed cross context access to %ObjectPrototype%.

MIPS and MIPS64 ports contributed by akos.palfi@imgtec.com.

R=mstarzinger@chromium.org, jarin@chromium.org, mvstanton@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg,v8_linux_nosnap_dbg
BUG=v8:4413
LOG=n

Committed: https://crrev.com/ef268a83be4dead004047c25b702319ea4be7277
Cr-Commit-Position: refs/heads/master@{#30627}

Review URL: https://codereview.chromium.org/1311013008

Cr-Commit-Position: refs/heads/master@{#30629}

9 years agoRevert of [builtins] Unify the various versions of [[Call]] with a Call builtin....
bmeurer [Tue, 8 Sep 2015 06:12:17 +0000 (23:12 -0700)]
Revert of [builtins] Unify the various versions of [[Call]] with a Call builtin. (patchset #10 id:260001 of https://codereview.chromium.org/1311013008/ )

Reason for revert:
Breaks nosnap, needs investigation

Original issue's description:
> [builtins] Unify the various versions of [[Call]] with a Call builtin.
>
> The new Call and CallFunction builtins supersede the current
> CallFunctionStub (and CallIC magic) and will be the single bottleneck
> for all calling, including the currently special Function.prototype.call
> and Function.prototype.apply builtins, which had handwritten (and
> not fully compliant) versions of CallFunctionStub, and also the
> CallIC(s), which where also slightly different.
>
> This also reduces the overhead for API function calls, which is still
> unnecessary high, but let's do that step-by-step.
>
> This also fixes a bunch of cases where the implicit ToObject for
> sloppy receivers was done in the wrong context (in the caller
> context instead of the callee context), which basically meant
> that we allowed cross context access to %ObjectPrototype%.
>
> MIPS and MIPS64 ports contributed by akos.palfi@imgtec.com.
>
> R=mstarzinger@chromium.org, jarin@chromium.org, mvstanton@chromium.org
> CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg
> BUG=v8:4413
> LOG=n
>
> Committed: https://crrev.com/ef268a83be4dead004047c25b702319ea4be7277
> Cr-Commit-Position: refs/heads/master@{#30627}

TBR=rmcilroy@chromium.org,jarin@chromium.org,mstarzinger@chromium.org,mvstanton@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4413

Review URL: https://codereview.chromium.org/1328963004

Cr-Commit-Position: refs/heads/master@{#30628}

9 years ago[builtins] Unify the various versions of [[Call]] with a Call builtin.
bmeurer [Tue, 8 Sep 2015 05:06:27 +0000 (22:06 -0700)]
[builtins] Unify the various versions of [[Call]] with a Call builtin.

The new Call and CallFunction builtins supersede the current
CallFunctionStub (and CallIC magic) and will be the single bottleneck
for all calling, including the currently special Function.prototype.call
and Function.prototype.apply builtins, which had handwritten (and
not fully compliant) versions of CallFunctionStub, and also the
CallIC(s), which where also slightly different.

This also reduces the overhead for API function calls, which is still
unnecessary high, but let's do that step-by-step.

This also fixes a bunch of cases where the implicit ToObject for
sloppy receivers was done in the wrong context (in the caller
context instead of the callee context), which basically meant
that we allowed cross context access to %ObjectPrototype%.

MIPS and MIPS64 ports contributed by akos.palfi@imgtec.com.

R=mstarzinger@chromium.org, jarin@chromium.org, mvstanton@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_layout_dbg
BUG=v8:4413
LOG=n

Review URL: https://codereview.chromium.org/1311013008

Cr-Commit-Position: refs/heads/master@{#30627}