Commit Graph

26560 Commits

Author SHA1 Message Date
v8-autoroll
4548c229ee Update V8 DEPS.
Rolling v8/build/gyp to 2c1e6cced23554ce84806e570acea637f6473afc

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review URL: https://codereview.chromium.org/1413923012

Cr-Commit-Position: refs/heads/master@{#31768}
2015-11-04 04:19:58 +00:00
adamk
4edbe3ac0f [cleanup] Merge harmony-{typed,}array.js into {typed,}array.js
The "harmony"-prefixed files have been included in the snapshot for
several releases now, and were only separate originally to enable
loading them via a runtime flag. This patch simply merges them into
the main implementation files for Arrays and TypedArrays, respectively.

Review URL: https://codereview.chromium.org/1416243007

Cr-Commit-Position: refs/heads/master@{#31767}
2015-11-04 01:08:11 +00:00
hpayer
45cb28409d [heap] Remove unecessary marking bit check in RecordWriteSlow.
BUG=

Review URL: https://codereview.chromium.org/1430943004

Cr-Commit-Position: refs/heads/master@{#31766}
2015-11-04 00:29:13 +00:00
mlippautz
e682048027 Revert of [heap] Turn on parallel compaction (patchset #1 id:1 of https://codereview.chromium.org/1364693002/ )
Reason for revert:
Fails on gc stress
  https://chromegw.corp.google.com/i/client.v8/builders/V8%20Linux%20-%20gc%20stress/builds/157/

Original issue's description:
> [heap] Turn on parallel compaction
>
> R=hpayer@chromium.org
> BUG=chromium:524425
> LOG=N
>
> Committed: https://crrev.com/04db5bfa915766b228218ddc748af308b57ae8ea
> Cr-Commit-Position: refs/heads/master@{#31763}

TBR=hpayer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:524425

Review URL: https://codereview.chromium.org/1424313008

Cr-Commit-Position: refs/heads/master@{#31765}
2015-11-03 23:24:32 +00:00
bradnelson
2cb3b9eaf3 Increase strictness of asm type conversions.
Only cast to integer with xor (closer to the spec which allows only ~~).
Check type matching on the bitwise operations.
Prevent mixing of types with the arthimetic operations.

BUG= https://code.google.com/p/v8/issues/detail?id=4203
TEST=test-asm-validator
R=titzer@chromium.org,aseemgarg@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/1405383007

Cr-Commit-Position: refs/heads/master@{#31764}
2015-11-03 22:46:54 +00:00
mlippautz
04db5bfa91 [heap] Turn on parallel compaction
R=hpayer@chromium.org
BUG=chromium:524425
LOG=N

Review URL: https://codereview.chromium.org/1364693002

Cr-Commit-Position: refs/heads/master@{#31763}
2015-11-03 22:14:54 +00:00
mlippautz
5b89001ccd [heap] Base number of compaction tasks on live memory and compaction speed.
BUG=chromium:524425
LOG=N

Review URL: https://codereview.chromium.org/1410633005

Cr-Commit-Position: refs/heads/master@{#31762}
2015-11-03 21:44:07 +00:00
balazs.kilvady
3573d3cb58 MIPS: r6 compact branch optimization.
BUG=

Review URL: https://codereview.chromium.org/1396133002

Cr-Commit-Position: refs/heads/master@{#31761}
2015-11-03 20:27:30 +00:00
ishell
059478165c [es6] Fix Object built-in subclassing.
BUG=v8:3886
LOG=Y

Review URL: https://codereview.chromium.org/1422853004

Cr-Commit-Position: refs/heads/master@{#31760}
2015-11-03 18:20:44 +00:00
ishell
208744bc10 [es6] Fix WeakMap/Set built-ins subclasssing.
BUG=v8:3101, v8:3330
LOG=Y

Review URL: https://codereview.chromium.org/1424283002

Cr-Commit-Position: refs/heads/master@{#31759}
2015-11-03 18:00:12 +00:00
machenbach
16e25179ec Revert of Implement flag and source getters on RegExp.prototype. (patchset #3 id:50001 of https://codereview.chromium.org/1419823010/ )
Reason for revert:
[Sheriff] Changes layout tests. Please rebase upstream first. E.g.:
http://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/2686

Original issue's description:
> Implement flag and source getters on RegExp.prototype.
>
> R=littledan@chromium.org
> BUG=v8:3715, v8:4528
> LOG=Y
>
> Committed: https://crrev.com/60e8877e161fe6175e19fafce2d6ed1c3999cdb1
> Cr-Commit-Position: refs/heads/master@{#31753}

TBR=littledan@chromium.org,jochen@chromium.org,ulan@chromium.org,yangguo@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3715, v8:4528

Review URL: https://codereview.chromium.org/1427733005

Cr-Commit-Position: refs/heads/master@{#31758}
2015-11-03 17:28:13 +00:00
rmcilroy
6eb5dae536 [Intepreter] Don't throw reference errors for globals in typeof.
Corrects LdaGlobal to deal with TypeofMode::INSIDE_TYPEOF so that it
doesn't throw a reference error on undefined globals.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1422443006

Cr-Commit-Position: refs/heads/master@{#31757}
2015-11-03 17:03:37 +00:00
ishell
babe50f083 Reland "[es6] Fix Function and GeneratorFunction built-ins subclassing."
Original issue's description:
> [es6] Fix Function and GeneratorFunction built-ins subclassing.
>
> BUG=v8:3101, v8:3330
> LOG=Y
>
> Committed: https://crrev.com/99e7f872d3d0a5fb799dcbafb05537cda491314a
> Cr-Commit-Position: refs/heads/master@{#31708}

The problem was in another CL, this is a clean reland with improved tests.

BUG=v8:3101, v8:3330
LOG=Y

Review URL: https://codereview.chromium.org/1415683007

Cr-Commit-Position: refs/heads/master@{#31756}
2015-11-03 16:42:43 +00:00
adamk
5ae9f846b4 Treat failed access checks for @@toStringTag as undefined
This matches the approach used for @@isConcatSpreadable, and seems to
match what Mozilla is planning to do in Firefox.

Given that there's already little compatibility around cross-origin toString
results, there seems to be little hazard in making this change even before
spec language hits the HTML spec.

BUG=v8:3502, v8:4289, chromium:532469
LOG=n

Review URL: https://codereview.chromium.org/1432543002

Cr-Commit-Position: refs/heads/master@{#31755}
2015-11-03 16:26:24 +00:00
ishell
0ac0e52847 [turbofan] Fix new.target when a function is inlined to a constructor.
Review URL: https://codereview.chromium.org/1432493003

Cr-Commit-Position: refs/heads/master@{#31754}
2015-11-03 16:20:28 +00:00
yangguo
60e8877e16 Implement flag and source getters on RegExp.prototype.
R=littledan@chromium.org
BUG=v8:3715, v8:4528
LOG=Y

Review URL: https://codereview.chromium.org/1419823010

Cr-Commit-Position: refs/heads/master@{#31753}
2015-11-03 16:17:03 +00:00
ahaas
870e908d88 [turbofan] Added the RoundInt64ToFloat64 instruction to TurboFan.
Review URL: https://codereview.chromium.org/1424333002

Cr-Commit-Position: refs/heads/master@{#31752}
2015-11-03 15:46:34 +00:00
neis
b5d0e31582 Fix another corner-case behavior of Object::SetSuperProperty.
If the property is a data property on the holder (or does not exist) and is a readonly data property in the receiver, then we must fail.

R=rossberg, verwaest@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1424233005

Cr-Commit-Position: refs/heads/master@{#31751}
2015-11-03 14:53:09 +00:00
jkummerow
b4d46bc5a0 Fix accessor map transitions vs. Object.defineProperty
BUG=v8:4534
LOG=n
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/1413723011

Cr-Commit-Position: refs/heads/master@{#31750}
2015-11-03 14:41:53 +00:00
mstarzinger
831b25fbaa [turbofan] Re-enable mozilla test that no longer fails.
R=bmeurer@chromium.org
TEST=mozilla/js1_5/Regress/regress-343713

Review URL: https://codereview.chromium.org/1424313007

Cr-Commit-Position: refs/heads/master@{#31749}
2015-11-03 14:26:13 +00:00
bmeurer
4eb41ba738 [turbofan] Split JSGlobalObjectSpecialization into separate class.
The JSNativeContextSpecialization class is getting rather huge with all
the stuff related to property and element access going in. Splitting off
the global object related stuff into JSGlobalObjectSpecialization seems
like a natural separation, especially since the global object
specialization is sort of separate issue anyway.  This is neutral
functionality- and performance-wise.

R=jarin@chromium.org
BUG=v8:4470
LOG=n

Review URL: https://codereview.chromium.org/1417043006

Cr-Commit-Position: refs/heads/master@{#31748}
2015-11-03 14:20:35 +00:00
rossberg
1ca66908d4 Divorce es-staging from harmony flag and activate destructuring on ClusterFuzz
R=neis@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1422803003

Cr-Commit-Position: refs/heads/master@{#31747}
2015-11-03 14:16:45 +00:00
mstarzinger
57b39017ab [debugger] Re-enable --always-opt in one debugger test.
R=yangguo@chromium.org
TEST=cctest/test-debug/Backtrace

Review URL: https://codereview.chromium.org/1415463017

Cr-Commit-Position: refs/heads/master@{#31746}
2015-11-03 14:15:32 +00:00
neis
f66c3f5c35 For now, don't assume failed-access-check callback to throw.
R=verwaest@chromium.org
BUG=chromium:548194
LOG=y

Review URL: https://codereview.chromium.org/1426293003

Cr-Commit-Position: refs/heads/master@{#31745}
2015-11-03 13:32:56 +00:00
ishell
0f6092a41f Objects printing improved a bit.
Review URL: https://codereview.chromium.org/1410023013

Cr-Commit-Position: refs/heads/master@{#31744}
2015-11-03 13:20:43 +00:00
ishell
678a5583d6 [es6] Fix RegExp built-in subclassing.
1) The Map::CopyInitialMap() did not set descriptor's array if
the source initial map had one.
2) Subclasses are temporarily disallowed to have more in-object
properties than the parent class (for GC reasons).

BUG=v8:3101, v8:3330, v8:4531
LOG=N

Review URL: https://codereview.chromium.org/1431593003

Cr-Commit-Position: refs/heads/master@{#31743}
2015-11-03 12:16:15 +00:00
mstarzinger
2a4336d97a [turbofan] Use sorted set in JSInliningHeuristic.
This changes the inlining candidates to be stored in a sorted set of
unique entries instead of a vector. We can avoid the final sorting
operation by amortizing the cost across insertions and also duplicate
entries are not created in the first place. Duplicate entries cause
crashes when candidates are processed.

R=bmeurer@chromium.org
BUG=chromium:549113
LOG=n

Review URL: https://codereview.chromium.org/1430553003

Cr-Commit-Position: refs/heads/master@{#31742}
2015-11-03 11:29:13 +00:00
rmcilroy
2e1bdea8ad [Interpreter] Ensure ToBoolean bytecodes are correctly emitted at the start of basic blocks
Existing code was assuming that 'lexical' blocks were the same as basic
blocks, therefore code which emitted jumps within a lexical block (e.g.,
logical or) would in some occassions incorrectly omit a necessary
ToBoolean.

This change removes Enter/LeaveBlock from BytecodeArrayBuilder and
instead tracks basic blocks via label bindings and jump operations. The
change also ensures we don't emit dead code at the end of a basic block,
and adds tests of the edge cases.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1406983010

Cr-Commit-Position: refs/heads/master@{#31741}
2015-11-03 11:28:04 +00:00
machenbach
efcc7fb2bd [Swarming] Let test runner exit gracefully after test failures.
The flake detection is done on the infra-side according to
the contents of the json test results. We don't want the
runner to fail after flakes.

This was controlled on the infra side by accepting any exit
codes so far. After the swarming switch, this is more
difficult, because the runner is wrapped by the swarming
collect script. There, failing exit codes can mean many
things, including network failures. Therefore, we now
force exit code 0 with test failures if those failures
are reported in the formal test results json.

The infrastructure will take care of reporting the flakes
and failures accordingly.

BUG=chromium:535160
LOG=n

Review URL: https://codereview.chromium.org/1416373005

Cr-Commit-Position: refs/heads/master@{#31740}
2015-11-03 10:55:14 +00:00
bmeurer
eee597209b [turbofan] We can inline property access for all primitives.
TurboFan is actually able to generate property access to all prototypes
of all primitives, except the special Oddball primitives that have no
wrapper counterparts (namely null and undefined from the ES6 point of
view).

R=jarin@chromium.org
BUG=v8:4470
LOG=n

Review URL: https://codereview.chromium.org/1409163007

Cr-Commit-Position: refs/heads/master@{#31739}
2015-11-03 10:44:57 +00:00
jkummerow
48f4cbc7c3 Ensure JSProxy correctness for PrototypeIterator uses
This CL fixes an invalid cast in Slow_ArrayConcat (a Proxy on a DICTIONARY_ELEMENTS array's prototype chain).
It also adds some comments and minor drive-by refactorings to other PrototypeIterator use sites.

R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/1402393003

Cr-Commit-Position: refs/heads/master@{#31738}
2015-11-03 10:43:35 +00:00
yangguo
e9a8d6ef09 Skip mjsunit/accessor-map-sharing on GC stress.
R=machenbach@chromium.org
BUG=v8:4534
LOG=N

Review URL: https://codereview.chromium.org/1426453005

Cr-Commit-Position: refs/heads/master@{#31737}
2015-11-03 10:06:46 +00:00
Michael Achenbach
e898290845 Whitespace change to test goma switch on windows.
Cr-Commit-Position: refs/heads/master@{#31736}
2015-11-03 09:50:01 +00:00
yangguo
210c18cf11 Initialize maths result array in JS.
R=ishell@chromium.org

Committed: https://crrev.com/aa26f5d4a11a1e5655d425ff40ced79c8ecdd55f
Cr-Commit-Position: refs/heads/master@{#31722}

Review URL: https://codereview.chromium.org/1421703004

Cr-Commit-Position: refs/heads/master@{#31735}
2015-11-03 08:24:39 +00:00
yangguo
2200c3898a Skip mjsunit/debug-references in gc-stress.
R=machenbach@chromium.org
BUG=v8:3079
LOG=N

Review URL: https://codereview.chromium.org/1406293010

Cr-Commit-Position: refs/heads/master@{#31734}
2015-11-03 08:20:48 +00:00
neis
8c1377a5b4 Fix corner-case behavior of Object::SetSuperProperty.
When the property is an accessor property in the receiver but not on the
holder (ES6 "target"), we must fail.

R=rossberg, verwaest@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1427113002

Cr-Commit-Position: refs/heads/master@{#31733}
2015-11-03 08:04:32 +00:00
bmeurer
5f4828a12d Revert of [turbofan] Remove redundant code. (patchset #1 id:1 of https://codereview.chromium.org/1428943004/ )
Reason for revert:
This CL reintroduces all kinds of funny moves for Merges of deferred code, which makes jump threading ineffective.

Original issue's description:
> [turbofan] Remove redundant code.
>
> When I centralized the treatment of memory operands, I forgot to delete
> the old code.
>
> There is a semantic difference between the old and new code. The old
> code was handling either memory operands, or ranges that had a spilled
> predecessor. The new code handles just memory operands. It may
> happen that (using LinearScan) an active range is spilled when trying
> to allocate another range (see SplitAndSpillIntersecting). That may make
> it a candidate for the old version of the code, however, since we would
> have spilled up to a register use, the old code wouldn't have had taken
> effect.
>
> Perf data shows this nuance doesn't make a difference in perf.
>
> BUG=
>
> Committed: https://crrev.com/c03d7a7f03657a452f71277d84e435ed73566327
> Cr-Commit-Position: refs/heads/master@{#31729}

TBR=jarin@chromium.org,mtrofin@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1416293004

Cr-Commit-Position: refs/heads/master@{#31732}
2015-11-03 07:42:25 +00:00
bmeurer
608ed2e24f [turbofan] Add support for named access to Number primitives.
Implement the missing bits for named access to Number values, which is
basically always done on the Number prototype.  Crankshaft only deals
with Number primitives in the polymorphic case, while we generally
support Numbers even for monomorphic access.

R=jarin@chromium.org
BUG=v8:4470
LOG=n

Review URL: https://codereview.chromium.org/1425293004

Cr-Commit-Position: refs/heads/master@{#31731}
2015-11-03 06:56:18 +00:00
yangguo
538197dada RegExp.prototype is an ordinary object.
R=littledan@chromium.org
BUG=v8:4003
LOG=N

Review URL: https://codereview.chromium.org/1423993006

Cr-Commit-Position: refs/heads/master@{#31730}
2015-11-03 06:18:44 +00:00
mtrofin
c03d7a7f03 [turbofan] Remove redundant code.
When I centralized the treatment of memory operands, I forgot to delete
the old code.

There is a semantic difference between the old and new code. The old
code was handling either memory operands, or ranges that had a spilled
predecessor. The new code handles just memory operands. It may
happen that (using LinearScan) an active range is spilled when trying
to allocate another range (see SplitAndSpillIntersecting). That may make
it a candidate for the old version of the code, however, since we would
have spilled up to a register use, the old code wouldn't have had taken
effect.

Perf data shows this nuance doesn't make a difference in perf.

BUG=

Review URL: https://codereview.chromium.org/1428943004

Cr-Commit-Position: refs/heads/master@{#31729}
2015-11-03 05:34:14 +00:00
zhengxing.li
a080d4c50c X87: fix the deoptimization issue.
On X87 the count of double register number is landed on the top
       of x87 register stack for deoptimization. (chunyang.dai@intle.com)

R=weiliang.lin@intel.com
BUG=

Review URL: https://codereview.chromium.org/1411223010

Cr-Commit-Position: refs/heads/master@{#31728}
2015-11-03 05:02:01 +00:00
littledan
8a93f12995 test262 roll
R=adamk

Review URL: https://codereview.chromium.org/1429963002

Cr-Commit-Position: refs/heads/master@{#31727}
2015-11-03 01:31:30 +00:00
bradnelson
b0f7830bef Fixing asm typing issues.
Fixing handling of uint32 to be more correct (previously some uint32's
were being interpreted as int32).
Fixing enforcement type matching in comparisons (previously mismatched
expressions could be compared).

BUG= https://code.google.com/p/v8/issues/detail?id=4203
TEST=test-asm-validator
R=titzer@chromium.org,aseemgarg@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/1423563008

Cr-Commit-Position: refs/heads/master@{#31726}
2015-11-03 00:29:31 +00:00
mlippautz
88b764d7f7 [heap] Use live memory as heuristic for spawning compaction tasks
R=hpayer@chromium.org
BUG=chromium:524425
LOG=N

Review URL: https://codereview.chromium.org/1410163005

Cr-Commit-Position: refs/heads/master@{#31725}
2015-11-03 00:04:47 +00:00
mlippautz
8789eca0fb [heap] Fix helping sweeping for parallel compaction spaces
R=hpayer@chromium.org
BUG=chromium:524425
LOG=N

Review URL: https://codereview.chromium.org/1413223011

Cr-Commit-Position: refs/heads/master@{#31724}
2015-11-02 23:38:33 +00:00
mlippautz
7d7292a692 Revert of Initialize maths result array in JS. (patchset #1 id:1 of https://codereview.chromium.org/1421703004/ )
Reason for revert:
Failed on
  http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap/builds/5020

Original issue's description:
> Initialize maths result array in JS.
>
> R=ishell@chromium.org
>
> Committed: https://crrev.com/aa26f5d4a11a1e5655d425ff40ced79c8ecdd55f
> Cr-Commit-Position: refs/heads/master@{#31722}

TBR=ishell@chromium.org,yangguo@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1409143011

Cr-Commit-Position: refs/heads/master@{#31723}
2015-11-02 23:34:05 +00:00
yangguo
aa26f5d4a1 Initialize maths result array in JS.
R=ishell@chromium.org

Review URL: https://codereview.chromium.org/1421703004

Cr-Commit-Position: refs/heads/master@{#31722}
2015-11-02 21:23:28 +00:00
rmcilroy
e4b4dd41ed [Interpreter] Don't compile Api or Builtin id functions through the interpreter.
The Interpreter uses the function_data slot in the shared function info, so
can't be used to compile functions which use that field for other reasons,
such as API functions or functions with builtin function ids.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1427143002

Cr-Commit-Position: refs/heads/master@{#31721}
2015-11-02 20:38:18 +00:00
mbrandy
5a8da4945c PPC: [es6] Better support for built-ins subclassing.
Port 4490ce8520

Original commit message:
    Create proper initial map for original constructor (new.target) instead of doing prototype
    transition on the base constructor's initial map. This approach fixes in-object slack tracking
    for subclass instances.
    This CL also fixes subclassing from String.

    It also fixes typed array map smashing done during typed array initialization.

R=ishell@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=v8:3101, v8:3330, v8:4419
LOG=N

Review URL: https://codereview.chromium.org/1425353002

Cr-Commit-Position: refs/heads/master@{#31720}
2015-11-02 19:52:14 +00:00
jochen
16ca5c6102 Mark GetCallingContext as soon-to-be deprecated
The calling context is the second top-most non-debugger context on the
stack, but that's not necessarily the actually calling context, e.g.,
when a tail-call was used.

BUG=chromium:541703
R=verwaest@chromium.org
LOG=y

Review URL: https://codereview.chromium.org/1431473003

Cr-Commit-Position: refs/heads/master@{#31719}
2015-11-02 19:23:13 +00:00