The bug was an error when copying arrays in crankshaft. If it's a holey smi
array, the copy must be done as FAST_HOLEY_ELEMENTS to prevent representation
changes from being inserted that deopt on encountering the hole.
Also, prevent inlining array pop() and shift() if the length is read-only.
BUG=435073
LOG=N
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/737383002
Cr-Commit-Position: refs/heads/master@{#25455}
D8 natives, in particular, will cause Windows static builds to not link due to another definition in the generated file d8-js.cc.
BUG=421063
Review URL: https://codereview.chromium.org/738153003
Cr-Commit-Position: refs/heads/master@{#25449}
if there is not enough type-feedback to detect that f is Function.prototype.apply.
BUG=v8:3709
LOG=N
TEST=mjsunit/regress/regress-3709
Review URL: https://codereview.chromium.org/736043002
Cr-Commit-Position: refs/heads/master@{#25447}
If we run out of code range, then GC wouldn't be able to compact code space,
because it wouldn't be able to allocate a new page. This can cause code space
fragmentation and OOM crashes.
BUG=chromium:430118
LOG=Y
Review URL: https://codereview.chromium.org/742733002
Cr-Commit-Position: refs/heads/master@{#25441}
- Use "leal" for subtraction of integer constant when non-constant input to
subtract is used more than once.
- Use "incl", "decl", and "addl" when they are smaller/cheaper than their
leal/addl/subl equivalant.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/738073002
Cr-Commit-Position: refs/heads/master@{#25439}
JavaScript shifts perform an implicit '& 0x1F' on their right operand, this
patch removes it when the underlying architecture already does it.
BUG=
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/732103002
Cr-Commit-Position: refs/heads/master@{#25438}
There are separated JS and C stacks on simulators so for some stack
extensive tests (like mozilla/js1_5/extensions/regress-355497) might
cause a C stack overflow and that overflow is not caught by V8. It is
not an issue on real HW. Increasing the C stack also solves the problem
but we have already FLAG_sim_stack_size flag to control the JS stack
size.
This patch makes it possible to add flags to tests conditionally in
.status files.
TEST=mozilla/js1_5/extensions/regress-355497
BUG=v8:3152
LOG=N
Review URL: https://codereview.chromium.org/735723006
Cr-Commit-Position: refs/heads/master@{#25434}
Since checking all possible combinations is taking so long this
reduces the test to test the odd cases (let, yield and static) as
well as a single ordinary case.
BUG=v8:3707
LOG=n
Review URL: https://codereview.chromium.org/724713004
Cr-Commit-Position: refs/heads/master@{#25428}
This generalization caused unnecessary map deprecation when the transition tree of the split map is full.
BUG=chromium:431807
LOG=N
Review URL: https://codereview.chromium.org/736953003
Cr-Commit-Position: refs/heads/master@{#25427}
Add new gn trybot and remove nosnap dbg for being too slow.
It can be used on demand.
BUG=chromium:353487
LOG=n
Review URL: https://codereview.chromium.org/743643002
Cr-Commit-Position: refs/heads/master@{#25419}
Skip one hard fail, and two frequent flakes while we investigate.
BUG=
NOTRY=true
Review URL: https://codereview.chromium.org/728653004
Cr-Commit-Position: refs/heads/master@{#25418}
First step towards replacing PropertyType with two enums: {DATA,ACCESSOR} x {CONST,WRITABLE}.
Review URL: https://codereview.chromium.org/733253004
Cr-Commit-Position: refs/heads/master@{#25417}
This fixes following exception in Sky on attempt to set a breakpoint
"Unhandled: Uncaught ReferenceError: break_point is not defined"
I think this happens in Sky but not in Chrome because Sky scripts are executed in strict mode.
BUG=None
LOG=N
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/741683002
Cr-Commit-Position: refs/heads/master@{#25415}
port 47f55baeaf (r25397)
original commit message:
Re-land r25392 Use a stub in crankshaft for grow store arrays.
Code was vulnerable to different evaluation order in Clang.
BUG=
Review URL: https://codereview.chromium.org/739823002
Cr-Commit-Position: refs/heads/master@{#25414}
According to ES5 9.5 and 9.6, NaN, -inf, +inf, -0 and 0 all truncate to
zero for both ToInt32 and ToUint32, so we can be a lot smarter in the
typer, loosing less information upon truncation (i.e. x | 0 and x >>> 0).
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/739743003
Cr-Commit-Position: refs/heads/master@{#25412}