Commit Graph

27545 Commits

Author SHA1 Message Date
machenbach
28b55ffd1e Revert of Use ES2015-style TypedArray prototype chain (patchset #5 id:80001 of https://codereview.chromium.org/1541233002/ )
Reason for revert:
[Sheriff] Changes layout tests. Please fix upstream first if intended.

https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/3689

Original issue's description:
> Use ES2015-style TypedArray prototype chain
>
> This patch switches TypedArrays to use the prototype chain described
> in the ES2015 specification, which adds a %TypedArray% superclass above
> all individual TypedArray types. Most methods are defined on the
> superclass rather than the subclasses.
>
> In order to prevent a performance regression, a few methods are
> marked as inline. Inlining might prevent code which was previously
> monomorphic from becoming polymorphic, and it was specifically
> applied in places where methods became more polymorphic than before.
> Tests with realistic workloads would be nice to do before this
> ships in stable.
>
> This patch does not bring TypedArrays up to full spec compliance. In
> particular, @@species is not yet supported.
>
> R=cbruni
> BUG=v8:4085
> LOG=Y
>
> Committed: https://crrev.com/07c91dccbe55c7be3ec75857dee5ad59873330b7
> Cr-Commit-Position: refs/heads/master@{#33050}

TBR=caitpotter88@gmail.com,cbruni@chromium.org,littledan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4085

Review URL: https://codereview.chromium.org/1554523002

Cr-Commit-Position: refs/heads/master@{#33053}
2015-12-29 08:43:29 +00:00
v8-autoroll
fb9b89315c Update V8 DEPS.
Rolling v8/tools/clang to 2f115cac36580d305f8060d98fb9cc1f034e78e8

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review URL: https://codereview.chromium.org/1550883002

Cr-Commit-Position: refs/heads/master@{#33052}
2015-12-29 04:26:58 +00:00
bmeurer
cf25c24110 [builtins] Fix context for ConstructStub calls into C++.
When calling into C++ for a ConstructStub, we need to enter the target
context manually currently, which seems to be too fragile and easy to
forget. So instead of doing that manually, we just always enter the
correct context in the trampoline.

Drive-by-fix: Trivial cleanups for some builtins.

R=cbruni@chromium.org

Review URL: https://codereview.chromium.org/1551473002

Cr-Commit-Position: refs/heads/master@{#33051}
2015-12-28 20:18:05 +00:00
littledan
07c91dccbe Use ES2015-style TypedArray prototype chain
This patch switches TypedArrays to use the prototype chain described
in the ES2015 specification, which adds a %TypedArray% superclass above
all individual TypedArray types. Most methods are defined on the
superclass rather than the subclasses.

In order to prevent a performance regression, a few methods are
marked as inline. Inlining might prevent code which was previously
monomorphic from becoming polymorphic, and it was specifically
applied in places where methods became more polymorphic than before.
Tests with realistic workloads would be nice to do before this
ships in stable.

This patch does not bring TypedArrays up to full spec compliance. In
particular, @@species is not yet supported.

R=cbruni
BUG=v8:4085
LOG=Y

Review URL: https://codereview.chromium.org/1541233002

Cr-Commit-Position: refs/heads/master@{#33050}
2015-12-28 17:28:54 +00:00
littledan
9c304f1e78 Guard the property RegExp.prototype.unicode behind --harmony-regexp-unicode
When the 'y' flag was shipped, the property RegExp.prototype.unicode was
accidentally also shipped. However, the existence of this property should
be a usable feature testing point. This patch adds the 'unicode' getter on
RegExp.prototype only if the --harmony-regexp-unicode flag is turned on.

R=cbruni
CC=yangguo
BUG=v8:4644
LOG=Y

Review URL: https://codereview.chromium.org/1550713002

Cr-Commit-Position: refs/heads/master@{#33049}
2015-12-28 16:38:54 +00:00
ivica.bogosavljevic
7b42c6cfc6 MIPS64: Fix [runtime] Introduce dedicated JSBoundFunction to represent bound functions.
Fix 97def8070c

On MIPS64, the address of BoundTargetFunction was calculated badly
because instruction ADD was used for this instead of instruction DADD.
This caused flaky crashes of several tests.

TEST=mjsunit/es6/debug-step-into-constructor,mjsunit/es6/array-of,
mjsunit/function-bind,...

BUG=

Review URL: https://codereview.chromium.org/1549383002

Cr-Commit-Position: refs/heads/master@{#33048}
2015-12-28 15:27:21 +00:00
machenbach
47cb4b2c7f [test] Skip flaky test for ignition.
This crashes flakily. Leftover from
e7373f4285

NOTRY=true
TBR=bmeurer@chromium.org, rmcilroy@chromium.org, mythria@chromium.org,

Review URL: https://codereview.chromium.org/1544363002

Cr-Commit-Position: refs/heads/master@{#33047}
2015-12-28 07:37:33 +00:00
zhengxing.li
37d1dd823b X87: [runtime] Introduce dedicated JSBoundFunction to represent bound functions.
port 97def8070c (r33044)

  original commit message:
  According to the ES2015 specification, bound functions are exotic
  objects, and thus don't need to be implemented as JSFunctions. So
  we introduce a new JSBoundFunction type to represent bound functions
  and make them optimizable. This already improves the performance of
  calling or constructing bound functions by 10-100x depending on the
  use case because we avoid the crazy dance between JavaScript and C++
  that was implemented in v8natives.js previously.

  There's still room for improvement in the performance of actually
  creating bound functions, which is also relevant in practice, but
  we already have a plan how to accomplish that later.

  The mips/mips64 ports were contributed by akos.palfi@imgtec.com.

BUG=

Review URL: https://codereview.chromium.org/1548253002

Cr-Commit-Position: refs/heads/master@{#33046}
2015-12-28 06:18:58 +00:00
zhengxing.li
fa98795500 X87: [TurboFan] Increase SP Delta when the operand of kX87Push is in double register.
As the operand in double register is put into stack, the SP delta should be increased too similar to
  the operand of kX87Push is in double slot of stack.

BUG=

Review URL: https://codereview.chromium.org/1549133002

Cr-Commit-Position: refs/heads/master@{#33045}
2015-12-28 06:16:14 +00:00
bmeurer
97def8070c [runtime] Introduce dedicated JSBoundFunction to represent bound functions.
According to the ES2015 specification, bound functions are exotic
objects, and thus don't need to be implemented as JSFunctions. So
we introduce a new JSBoundFunction type to represent bound functions
and make them optimizable. This already improves the performance of
calling or constructing bound functions by 10-100x depending on the
use case because we avoid the crazy dance between JavaScript and C++
that was implemented in v8natives.js previously.

There's still room for improvement in the performance of actually
creating bound functions, which is also relevant in practice, but
we already have a plan how to accomplish that later.

The mips/mips64 ports were contributed by akos.palfi@imgtec.com.

CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
BUG=chromium:535408, chromium:571299, v8:4629
LOG=n

Committed: https://crrev.com/ca8623eaa468cba65a5adafcdfb4615966f43ce2
Cr-Commit-Position: refs/heads/master@{#33042}

Review URL: https://codereview.chromium.org/1542963002

Cr-Commit-Position: refs/heads/master@{#33044}
2015-12-27 06:31:44 +00:00
bmeurer
1cf8b105d6 Revert of [runtime] Introduce dedicated JSBoundFunction to represent bound functions. (patchset #14 id:260001 of https://codereview.chromium.org/1542963002/ )
Reason for revert:
Breaks arm64 sim nosnap: https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20nosnap%20-%20debug/builds/805/steps/Check/logs/function-bind

Original issue's description:
> [runtime] Introduce dedicated JSBoundFunction to represent bound functions.
>
> According to the ES2015 specification, bound functions are exotic
> objects, and thus don't need to be implemented as JSFunctions. So
> we introduce a new JSBoundFunction type to represent bound functions
> and make them optimizable. This already improves the performance of
> calling or constructing bound functions by 10-100x depending on the
> use case because we avoid the crazy dance between JavaScript and C++
> that was implemented in v8natives.js previously.
>
> There's still room for improvement in the performance of actually
> creating bound functions, which is also relevant in practice, but
> we already have a plan how to accomplish that later.
>
> The mips/mips64 ports were contributed by akos.palfi@imgtec.com.
>
> CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
> BUG=chromium:535408, chromium:571299, v8:4629
> LOG=n
>
> Committed: https://crrev.com/ca8623eaa468cba65a5adafcdfb4615966f43ce2
> Cr-Commit-Position: refs/heads/master@{#33042}

TBR=cbruni@chromium.org,hpayer@chromium.org,yangguo@chromium.org,akos.palfi@imgtec.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:535408, chromium:571299, v8:4629

Review URL: https://codereview.chromium.org/1552473002

Cr-Commit-Position: refs/heads/master@{#33043}
2015-12-27 04:42:13 +00:00
bmeurer
ca8623eaa4 [runtime] Introduce dedicated JSBoundFunction to represent bound functions.
According to the ES2015 specification, bound functions are exotic
objects, and thus don't need to be implemented as JSFunctions. So
we introduce a new JSBoundFunction type to represent bound functions
and make them optimizable. This already improves the performance of
calling or constructing bound functions by 10-100x depending on the
use case because we avoid the crazy dance between JavaScript and C++
that was implemented in v8natives.js previously.

There's still room for improvement in the performance of actually
creating bound functions, which is also relevant in practice, but
we already have a plan how to accomplish that later.

The mips/mips64 ports were contributed by akos.palfi@imgtec.com.

CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
BUG=chromium:535408, chromium:571299, v8:4629
LOG=n

Review URL: https://codereview.chromium.org/1542963002

Cr-Commit-Position: refs/heads/master@{#33042}
2015-12-26 20:28:17 +00:00
v8-autoroll
61b311283e Update V8 DEPS.
Rolling v8/tools/clang to 48322a540c208cda85790c2a6df4c4d335b191e1

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review URL: https://codereview.chromium.org/1552433002

Cr-Commit-Position: refs/heads/master@{#33041}
2015-12-26 04:24:52 +00:00
v8-autoroll
2c48421e49 Update V8 DEPS.
Rolling v8/tools/clang to 58034a11a42065e1af1263dfead64df24cb879b9

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review URL: https://codereview.chromium.org/1545193002

Cr-Commit-Position: refs/heads/master@{#33040}
2015-12-25 04:25:47 +00:00
jarin
bafb568b6e [turbofan] Add Int64(Add|Sub)WithOverflow support.
Review URL: https://codereview.chromium.org/1544743004

Cr-Commit-Position: refs/heads/master@{#33039}
2015-12-24 18:51:26 +00:00
paul.lind
ac33eaba10 MIPS: Remove clang-format-off from assembler tests.
Per request in https://codereview.chromium.org/1047213002/

These files will continue to have a lot of churn in next two months
as we finish support for MIPS r6 instruction set. When things settle
down, we will do a clang-format --full to clean them up. For now,
we'd prefer to be able to do easy diffs, and will do incremental
re-formats as we make changes.

BUG=

Review URL: https://codereview.chromium.org/1546973003

Cr-Commit-Position: refs/heads/master@{#33038}
2015-12-24 14:17:57 +00:00
thakis
25864f2d00 Remove an unneeded OS!=win now that update.py is used.
Follow-up to https://codereview.chromium.org/1495653002, and makes it easier
to maybe have a clang/win build of v8 at some point in the future.

BUG=none
LOG=n

Review URL: https://codereview.chromium.org/1549053002

Cr-Commit-Position: refs/heads/master@{#33037}
2015-12-24 11:58:30 +00:00
ivica.bogosavljevic
78d8ce1bb1 MIPS: Fix [es6] Introduce spec compliant IsConstructor.
In Builtins::Generate_Construct, the system was trying to
call ConstructProxy on a Proxy object without a constructor
because it was checking the wrong bit in the Proxy object's
supported operation mask.

TEST=test262/built-ins/Proxy/create-target-is-not-constructor
BUG=

Review URL: https://codereview.chromium.org/1545983002

Cr-Commit-Position: refs/heads/master@{#33036}
2015-12-24 08:40:56 +00:00
zhengxing.li
e1bb354bc3 X87: Remove inlined marking part.
port 866f9e6e87 (r33026)

  original commit message:

BUG=

Review URL: https://codereview.chromium.org/1541323005

Cr-Commit-Position: refs/heads/master@{#33035}
2015-12-24 08:10:40 +00:00
zhengxing.li
d9cfa7293d X87: Partial revert of rest parameter desugaring.
port d3f074b231 (r33024)

  original commit message:
  We'll be able to optimize rest parameters in TurboFan similarly to the arguments array. This CL restores the previous behavior, and a follow-on will enable TurboFan optimization.

  (TBR for rossberg since we discussed the revert beforehand. The only changes are a few lines related to tests and rebasing.)

BUG=

Review URL: https://codereview.chromium.org/1545053002

Cr-Commit-Position: refs/heads/master@{#33034}
2015-12-24 08:07:53 +00:00
cbruni
0bd4131426 [runtime] Add Arguments.atOrUndefined()
atOrUndefined() will return undefined if the index is >= length()

BUG=

Review URL: https://codereview.chromium.org/1541413002

Cr-Commit-Position: refs/heads/master@{#33033}
2015-12-23 19:29:41 +00:00
cbruni
f17c1d1140 [proxies] Improve JSProxyVerify and test most proxy invariants.
BUG=

Review URL: https://codereview.chromium.org/1549793003

Cr-Commit-Position: refs/heads/master@{#33032}
2015-12-23 17:38:17 +00:00
ishell
5ca478a556 [field type tracking] Fix handling of cleared WeakCells.
Previous CL (https://codereview.chromium.org/1522413002) has a typo.

BUG=chromium:571402,chromium:514080,chromium:527994,v8:4325
LOG=N

Review URL: https://codereview.chromium.org/1541403002

Cr-Commit-Position: refs/heads/master@{#33031}
2015-12-23 17:09:38 +00:00
mbrandy
358efce089 PPC: Fix "Remove inlined marking part."
Revert mistaken removal of JumpIfBlack prototype.

R=hpayer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=chromium:561449
LOG=n

Review URL: https://codereview.chromium.org/1544043002

Cr-Commit-Position: refs/heads/master@{#33030}
2015-12-23 16:09:08 +00:00
ishell
5b3fbf231c Ensure that all non-stable maps created by Map::AddMissingTransitions() are marked as such.
BUG=chromium:570131
LOG=N

Review URL: https://codereview.chromium.org/1546933002

Cr-Commit-Position: refs/heads/master@{#33029}
2015-12-23 15:35:03 +00:00
mbrandy
fc23b49498 PPC: Partial revert of rest parameter desugaring.
Port d3f074b231

Original commit message:
    We'll be able to optimize rest parameters in TurboFan similarly to
    the arguments array. This CL restores the previous behavior, and a
    follow-on will enable TurboFan optimization.

R=mvstanton@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1549743003

Cr-Commit-Position: refs/heads/master@{#33028}
2015-12-23 14:49:57 +00:00
hablich
953c35f651 [Test] Skip tests crashing with ignition
NOTRY=true
TBR=rmcilroy,machenbach

Review URL: https://codereview.chromium.org/1547913003

Cr-Commit-Position: refs/heads/master@{#33027}
2015-12-23 13:03:53 +00:00
hpayer
866f9e6e87 Remove inlined marking part.
BUG=chromium:561449
LOG=n

Review URL: https://codereview.chromium.org/1542113002

Cr-Commit-Position: refs/heads/master@{#33026}
2015-12-23 12:52:34 +00:00
Michael Hablich
df7fe6af21 [Test] Mark flaky test cctest/test-lockers/LockAndUnlockDifferentIsolates for real
BUG=v8:4642
LOG=N
NOTRY=true
TBR=machenbach@chromium.org,mvstanton@chromium.org

Review URL: https://codereview.chromium.org/1549663004 .

Cr-Commit-Position: refs/heads/master@{#33025}
2015-12-23 12:31:50 +00:00
mvstanton
d3f074b231 Partial revert of rest parameter desugaring.
We'll be able to optimize rest parameters in TurboFan similarly to the arguments array. This CL restores the previous behavior, and a follow-on will enable TurboFan optimization.

(TBR for rossberg since we discussed the revert beforehand. The only changes are a few lines related to tests and rebasing.)

TBR=rossberg@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1537683002

Cr-Commit-Position: refs/heads/master@{#33024}
2015-12-23 12:07:26 +00:00
cbruni
31779283ed [elements] Enable left-trimming again
Essentially a revert of https://codereview.chromium.org/1346013005 but
preserving the refactorings in elements.cc which happened in the mean time.

drive-by-fix: pass isolate as argument to more functions in elements.cc.

BUG=v8:4606
LOG=y

Review URL: https://codereview.chromium.org/1543563002

Cr-Commit-Position: refs/heads/master@{#33023}
2015-12-23 11:49:23 +00:00
hablich
f6d90a6365 [Test] Skip tests crashing on ignition
NOTRY=true
TBR=rmcilroy,machenbach

Review URL: https://codereview.chromium.org/1541373002

Cr-Commit-Position: refs/heads/master@{#33022}
2015-12-23 10:06:07 +00:00
hablich
2cea136a87 [Test] Mark flaky test cctest/test-lockers/LockAndUnlockDifferentIsolates
BUG=v8:4642
LOG=N
NOTRY=true
R=machenbach@chromium.org,mvstanton@chromium.org

Review URL: https://codereview.chromium.org/1542253002

Cr-Commit-Position: refs/heads/master@{#33021}
2015-12-23 10:03:18 +00:00
mythria
87dee75e1f [Interpreter] Updates load/store global and named property to accept variable name.
Changes LoadGlobal, StoreGlobal, LoadNamedProperty, and StoreNamedProperty to accept
the name of variable instead of index into the constant pool entry. Also made
GetConstantPoolEntry as a private function since it is no longer used outside of
BytecodeArrayBuilder.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1546643002

Cr-Commit-Position: refs/heads/master@{#33020}
2015-12-23 09:34:41 +00:00
mythria
6eb00e4ad3 [Interpreter] Adds support for DeleteLookupSlot to Interpreter.
Adds support for deleting a variable in a lookup slot. Adds a new bytecode,
its implementation and tests. Also adds support for this bytecode to the
bytecode graph builder.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1542083002

Cr-Commit-Position: refs/heads/master@{#33019}
2015-12-23 09:11:50 +00:00
zhengxing.li
eb5ecd8386 X87: [turbofan] Exhaustive switches for MachineRepresentation.
port 739c018735 (r33011)

  original commit message:

BUG=

Review URL: https://codereview.chromium.org/1544013002

Cr-Commit-Position: refs/heads/master@{#33018}
2015-12-23 05:09:27 +00:00
zhengxing.li
a1c2e40276 X87: [runtime] Rewrite Function.prototype.toString in C++.
port 4acca53e62cdfe6f3c495c87ca7d3c8fe1059f01(r32996)

  original commit message:
  There's actually no point trying to do Function.prototype.toString in
  JavaScript, as it always calls into C++ at least once, so it only
  complicates things (esp. once we start optimizing bound functions).

  Drive-by-fix: Rename FunctionApply and FunctionCall builtins to also
  reflect the fact that these are builtins in the Function.prototype and
  not on Function itself.

BUG=

Review URL: https://codereview.chromium.org/1548483003

Cr-Commit-Position: refs/heads/master@{#33017}
2015-12-23 05:05:52 +00:00
mtrofin
3f7e96df21 [turbofan] move optimizer - CompressBlock cleanup.
I believe the code reads easier after this change. The original code
probably dates back to when we had 4 gap positions. Now that there
are only 2, the logic can be simpler by avoiding a loop and instead
treating each case explicitly: no gaps; gaps just at end; gaps at start and
maybe end. That way, it is also  easier to understand how the moves get
pushed downwards. This is what got me to make this change in the first
place: trying to work out a finer grained move optimization.

BUG=

Review URL: https://codereview.chromium.org/1543973002

Cr-Commit-Position: refs/heads/master@{#33016}
2015-12-23 04:59:28 +00:00
mbrandy
f736422206 PPC: [turbofan] Exhaustive switches for MachineRepresentation.
Port 739c018735

R=jarin@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1549493005

Cr-Commit-Position: refs/heads/master@{#33015}
2015-12-23 02:09:35 +00:00
mbrandy
d95511c57f PPC: [runtime] Rewrite Function.prototype.toString in C++.
Port 4acca53e62

Original commit message:
    There's actually no point trying to do Function.prototype.toString in
    JavaScript, as it always calls into C++ at least once, so it only
    complicates things (esp. once we start optimizing bound functions).

    Drive-by-fix: Rename FunctionApply and FunctionCall builtins to also
    reflect the fact that these are builtins in the Function.prototype and
    not on Function itself.

R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=chromium:535408
LOG=n

Review URL: https://codereview.chromium.org/1544833002

Cr-Commit-Position: refs/heads/master@{#33014}
2015-12-22 16:57:48 +00:00
cbruni
88b58591ac [proxies] Expose proxies in the API
Add API-accessors for [[ProxyTarget]], [[ProxyHandler]]. Additionally
create new proxies and revoke proxies via the API.

BUG=v8:1543
LOG=n

Review URL: https://codereview.chromium.org/1542943002

Cr-Commit-Position: refs/heads/master@{#33013}
2015-12-22 16:37:24 +00:00
bmeurer
d1d4fa20b0 [runtime] Also migrate the Function and GeneratorFunction constructors to C++.
These constructors always go through C++ at least twice anyway, so
there's not really a point in trying to implement them in JavaScript.

R=yangguo@chromium.org
BUG=chromium:535408
LOG=n

Review URL: https://codereview.chromium.org/1548623002

Cr-Commit-Position: refs/heads/master@{#33012}
2015-12-22 14:15:53 +00:00
jarin
739c018735 [turbofan] Exhaustive switches for MachineRepresentation.
Review URL: https://codereview.chromium.org/1542093002

Cr-Commit-Position: refs/heads/master@{#33011}
2015-12-22 13:54:36 +00:00
cbruni
b7ff2bd5cd [proxies] Better print for proxies in d8
Function proxies would not be printed so far since they ended up in Function.prototype.toString which only works with Function as a receiver but no Proxy. Additionally added support for more gracefully dealing with recursive __proto__ structures introduced by proxies.

drive-by-fix: use IS_PROXY if possible in .js files.

BUG=v8:1543
LOG=n

Committed: https://crrev.com/8bfb7189a3472bc9d0820a1bd4534eaaf78ff847
Cr-Commit-Position: refs/heads/master@{#32985}

Review URL: https://codereview.chromium.org/1530293004

Cr-Commit-Position: refs/heads/master@{#33010}
2015-12-22 13:50:17 +00:00
yangguo
b00d9e25bf [debugger] step on every assignment in destructuring bind.
R=caitpotter88@gmail.com, littledan@chromium.org

Review URL: https://codereview.chromium.org/1542813003

Cr-Commit-Position: refs/heads/master@{#33009}
2015-12-22 13:29:33 +00:00
yangguo
a2cc715bf9 Prevent using 0 as random seed.
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1541143002

Cr-Commit-Position: refs/heads/master@{#33008}
2015-12-22 13:22:22 +00:00
cbruni
e10fdbed6d [proxies] Limit recursive proxy prototype lookups to 100'000
Creating proto-recursive proxies might lead to instanceof while-looping
endlessly in Object::HasInPrototypeChain (For traps we already have stack
guards in place to prevent stack overflows). We prevent this by limiting
the number of proxies we visit in PrototypeIterator to a magic large number.

LOG=n
BUG=v8:1534

Review URL: https://codereview.chromium.org/1542583003

Cr-Commit-Position: refs/heads/master@{#33007}
2015-12-22 12:52:57 +00:00
bmeurer
a878dcfdbc [runtime] Migrate GlobalEval to C++.
The GlobalEval JavaScript function was just a small driver for stuff
implemented in C++ anyway, so there's no point in having it around at
all. The next step will be to move the Function constructor to C++ as
well, which is the other user of %CompileString.

R=yangguo@chromium.org
BUG=chromium:535408
LOG=n

Review URL: https://codereview.chromium.org/1540893004

Cr-Commit-Position: refs/heads/master@{#33006}
2015-12-22 10:08:00 +00:00
mythria
e7373f4285 [Interpreter] Allocates new temporary register outside the reservation for consecutive registers.
Consecutive registers are allocated in two passes. First we "reserve"
a set of registers and these get allocated when we actually use them.
If we request for a temporary register before we use all the consecutive
registers, the earlier implementation does not gaurantee that it allocates
outside the reservation for consecutive registers. This could cause problems
for example, in call_func(a, b++, c). This cl fixes
TemporaryRegisterScope::NewRegister, to return a new temporary register
outside the reservation for consecutive registers.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1531273002

Cr-Commit-Position: refs/heads/master@{#33005}
2015-12-22 09:26:25 +00:00
mythria
5dd3122c63 [Interpreter] Adds support for CreateArguments to BytecodeGraphBuilder.
Adds implementation and tests for CreateMappedArguments and
CreateUnmappedArguments to bytecode graph builder.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1490283003

Cr-Commit-Position: refs/heads/master@{#33004}
2015-12-22 09:25:28 +00:00