Commit Graph

34413 Commits

Author SHA1 Message Date
verwaest
9e2b40aa87 Revert of Don't use different function scopes when parsing with temp zones (patchset #11 id:200001 of https://codereview.chromium.org/2368313002/ )
Reason for revert:
Revert due to asm.js slowdown

Original issue's description:
> Don't use different function scopes when parsing with temp zones
>
> Previously we'd have a scope in the main zone, and another in the temp zone. Then we carefully copied back data to the main zone. This CL changes it so that the scope is just fixed up to only contain data from the main zone. That avoids additional copies and additional allocations; while not increasing the care that needs to be taken. This will also make it easier to abort preparsing while parsing using a temp zone.
>
> BUG=
>
> Committed: https://crrev.com/f41e7ebd62b32e861b6aa14ad8bfce3018d03c3c
> Cr-Commit-Position: refs/heads/master@{#39800}

TBR=marja@chromium.org,adamk@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review-Url: https://codereview.chromium.org/2379533003
Cr-Commit-Position: refs/heads/master@{#39821}
2016-09-28 11:17:36 +00:00
verwaest
db6f3701ba Revert of [parser] Refactor of ParseClass* and ParseNativeDeclaration (patchset #7 id:120001 of https://codereview.chromium.org/2368083002/ )
Reason for revert:
Blocks reverting https://codereview.chromium.org/2368313002

Original issue's description:
> [parser] Refactor of ParseClass* and ParseNativeDeclaration
>
> This patch moves the following parsing method to ParserBase:
>
> - ParseClassDeclaration
> - ParseClassLiteral
> - ParseNativeDeclaration
>
> R=adamk@chromium.org, marja@chromium.org
> BUG=
> LOG=N
>
> Committed: https://crrev.com/7818355363b7a66ff7709e33c72bfdef5eb21450
> Cr-Commit-Position: refs/heads/master@{#39814}

TBR=adamk@chromium.org,marja@chromium.org,nikolaos@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review-Url: https://codereview.chromium.org/2380663002
Cr-Commit-Position: refs/heads/master@{#39820}
2016-09-28 11:16:26 +00:00
baptiste.afsa
1164f06e1c [turbofan] Relax dependencies due to deopt during instruction scheduling.
R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2376963002
Cr-Commit-Position: refs/heads/master@{#39819}
2016-09-28 11:05:46 +00:00
franzih
ab486146d4 [api] Add documentation for various HasProperty functions.
Add documentation for Has(), HasOwnProperty(), and HasRealNamedProperty()
that points out their differences and links to the other functions.

BUG=v8:5433

Review-Url: https://codereview.chromium.org/2365403003
Cr-Commit-Position: refs/heads/master@{#39818}
2016-09-28 09:57:46 +00:00
jgruber
da27e0c886 Allow empty first parts of ConsStrings
TurboFan lowering (see [0]) of ConsString creation cannot ensure that
the first part of the cons string is non-empty without introducing a phi
and negatively impacting performance.

This modifies ConsStringIterator to allow empty first parts of
ConsStrings.

BUG=v8:5440

Review-Url: https://codereview.chromium.org/2377983002
Cr-Commit-Position: refs/heads/master@{#39817}
2016-09-28 09:46:56 +00:00
cbruni
8e283057aa [tools] Add support to launch the replay server separately for callstats.py
BUG=
NOTRY=true

Review-Url: https://codereview.chromium.org/2380643002
Cr-Commit-Position: refs/heads/master@{#39816}
2016-09-28 09:37:50 +00:00
verwaest
24ae2955ec Revert of Preparse top-level functions in discardable zones (patchset #2 id:20001 of https://codereview.chromium.org/2374963002/ )
Reason for revert:
Needed to revert https://codereview.chromium.org/2368313002 which slows down asm.js code

Original issue's description:
> Preparse top-level functions in discardable zones
>
> BUG=
>
> Committed: https://crrev.com/ff8cfa9e5e8495165291ddf6e01dba3f8cb5a177
> Cr-Commit-Position: refs/heads/master@{#39809}

TBR=marja@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review-Url: https://codereview.chromium.org/2375013002
Cr-Commit-Position: refs/heads/master@{#39815}
2016-09-28 09:21:04 +00:00
nikolaos
7818355363 [parser] Refactor of ParseClass* and ParseNativeDeclaration
This patch moves the following parsing method to ParserBase:

- ParseClassDeclaration
- ParseClassLiteral
- ParseNativeDeclaration

R=adamk@chromium.org, marja@chromium.org
BUG=
LOG=N

Review-Url: https://codereview.chromium.org/2368083002
Cr-Commit-Position: refs/heads/master@{#39814}
2016-09-28 09:12:31 +00:00
jkummerow
b15dd963a3 [stubs] KeyedLoadIC_Megamorphic: use stub cache lookup as fallback
When the inline lookup on a fast-property receiver doesn't find anything,
try a stub cache lookup before going into the runtime. This is much
faster for properties loaded from the receiver's prototype chain.

BUG=chromium:650236

Review-Url: https://codereview.chromium.org/2373683002
Cr-Commit-Position: refs/heads/master@{#39813}
2016-09-28 09:05:17 +00:00
bmeurer
55bd4f0572 Revert of [stubs] Don't unconditionally canonicalize in ChangeFloat64ToTagged. (patchset #2 id:20001 of https://codereview.chromium.org/2380543002/ )
Reason for revert:
Tanks ai-astar in Kraken pretty badly (some deopt loop).

Original issue's description:
> [stubs] Don't unconditionally canonicalize in ChangeFloat64ToTagged.
>
> Add a CanonicalizationMode to CodeStubAssembler::ChangeFloat64ToTagged,
> so clients can request Smi canonicalization when desired, but otherwise
> get Crankshaft/Fullcodegen compatible behavior of just boxing the double
> into a HeapNumber.
>
> R=verwaest@chromium.org
> BUG=v8:5268
>
> Committed: https://crrev.com/06eef6e6d8199df8317df8469d767092472f3fe0
> Cr-Commit-Position: refs/heads/master@{#39804}

TBR=verwaest@chromium.org,jarin@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5268

Review-Url: https://codereview.chromium.org/2373253003
Cr-Commit-Position: refs/heads/master@{#39812}
2016-09-28 09:04:03 +00:00
mlippautz
6d32126cb7 [heap] Make committed counters on space size_t
BUG=

Review-Url: https://codereview.chromium.org/2371133002
Cr-Commit-Position: refs/heads/master@{#39811}
2016-09-28 08:48:37 +00:00
zhengxing.li
990a8e3913 [tracing] Avoid Gcc compilation fail by declaring AddTraceEvent function in Class derived from Platform Class.
The CL #39789 (https://codereview.chromium.org/2367603002 ) caused the Gcc compilation fail for v8 debug mode.
  The error message was:
  In file included from .././include/libplatform/v8-tracing.h:13:0,
                   from .././src/libplatform/default-platform.h:14,
                   from ../src/libplatform/default-platform.cc:5:
  .././include/v8-platform.h:169:20: error: ‘virtual uint64_t v8::Platform::AddTraceEvent(char, const uint8_t*, const char*, const char*, uint64_t, uint64_t, int32_t, const char**, const uint8_t*, const uint64_t*, unsigned int)’ was hidden [-Werror=overloaded-virtual]
     virtual uint64_t AddTraceEvent(
                      ^
  In file included from ../src/libplatform/default-platform.cc:5:0:
  .././src/libplatform/default-platform.h:55:12: error:   by ‘virtual uint64_t v8::platform::DefaultPlatform::AddTraceEvent(char, const uint8_t*, const char*, const char*, uint64_t, uint64_t, int32_t, const char**, const uint8_t*, const uint64_t*, std::unique_ptr<v8::ConvertableToTraceFormat>*, unsigned int)’ [-Werror=overloaded-virtual]
     uint64_t AddTraceEvent(
              ^

  This CL fixed this issue by adding "using Platform::AddTraceEvent;" before all declarations of AddTraceEvent functions in Classes derived from Platform Class.

BUG=

Review-Url: https://codereview.chromium.org/2380583002
Cr-Commit-Position: refs/heads/master@{#39810}
2016-09-28 08:47:33 +00:00
verwaest
ff8cfa9e5e Preparse top-level functions in discardable zones
BUG=

Review-Url: https://codereview.chromium.org/2374963002
Cr-Commit-Position: refs/heads/master@{#39809}
2016-09-28 08:44:47 +00:00
ishell
632e261a3a [es8] Remove syntactic tail calls support.
BUG=v8:4915

Review-Url: https://codereview.chromium.org/2372513003
Cr-Commit-Position: refs/heads/master@{#39808}
2016-09-28 08:25:45 +00:00
cbruni
24e29f28ba [test] Add micro benchmark for Object.create
BUG=

Review-Url: https://codereview.chromium.org/2378613002
Cr-Commit-Position: refs/heads/master@{#39807}
2016-09-28 08:14:21 +00:00
cbruni
c5c117a70d [tools] Improve callstats.html
- Select Total group by default, this way graphs show up immediately
- Groups can now be toggled much like pages and versions

BUG=
NOTRY=true

Review-Url: https://codereview.chromium.org/2368393005
Cr-Commit-Position: refs/heads/master@{#39806}
2016-09-28 07:50:02 +00:00
bmeurer
50f18b8332 [stubs] Fix invalid IntPtrMul in DivideStub.
R=jarin@chromium.org
BUG=v8:5268

Review-Url: https://codereview.chromium.org/2375863002
Cr-Commit-Position: refs/heads/master@{#39805}
2016-09-28 07:14:03 +00:00
bmeurer
06eef6e6d8 [stubs] Don't unconditionally canonicalize in ChangeFloat64ToTagged.
Add a CanonicalizationMode to CodeStubAssembler::ChangeFloat64ToTagged,
so clients can request Smi canonicalization when desired, but otherwise
get Crankshaft/Fullcodegen compatible behavior of just boxing the double
into a HeapNumber.

R=verwaest@chromium.org
BUG=v8:5268

Review-Url: https://codereview.chromium.org/2380543002
Cr-Commit-Position: refs/heads/master@{#39804}
2016-09-28 06:42:57 +00:00
bmeurer
19b3943607 [turbofan] ChangeFloat64ToTagged shouldn't canonicalize.
This matches current Crankshaft/fullcodegen behavior more closely and
thus reduces the chances that we run into unnecessary polymorphism due
to the field representation tracking in our object model.

Drive-by-fixes: Make sure the JSRegExp::lastIndex field stays Smi
if possible (otherwise we tank the regexp benchmark in Octane).

CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_mac64_rel,v8_mac64_dbg
R=jarin@chromium.org
BUG=v8:5267

Committed: 6a939714e9
Committed: https://crrev.com/ee158e6c4cc896479a32245432a3c2fdd31bcb73
Committed: https://crrev.com/ddf792beb3a72f6dba83e94fc8ada03ebf1630bd
Review-Url: https://codereview.chromium.org/2367593003
Cr-Original-Original-Commit-Position: refs/heads/master@{#39692}
Cr-Original-Commit-Position: refs/heads/master@{#39748}
Cr-Commit-Position: refs/heads/master@{#39803}
2016-09-28 06:07:57 +00:00
bmeurer
15a449b141 [typedarray] Properly initialize JSTypedArray::length with Smi.
Even after https://codereview.chromium.org/2371963002 we still did not
always store a Smi into the JSTypedArray::length field, the runtime
function %TypedArrayInitializeFromArrayLike was still storing whatever
it got from the JavaScript code, which is highly dependent on internal
decisions of the ICs and the representation selection in the optimizing
compilers, so that's pretty fragile.

R=verwaest@chromium.org
BUG=chromium:650933

Review-Url: https://codereview.chromium.org/2377943002
Cr-Commit-Position: refs/heads/master@{#39802}
2016-09-28 05:49:37 +00:00
v8-autoroll
9a7678a049 Update V8 DEPS.
Rolling v8/build to 5e4ffb5c8928fe5afacd1b1b0f2bb732cdc0d77c

Rolling v8/third_party/WebKit/Source/platform/inspector_protocol to 5258fd5cfb62ec917c9258ce9089c62e17aee5dc

Rolling v8/tools/clang to f991b268a2441c4bc09b9cafdb3af797a13729fe

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review-Url: https://codereview.chromium.org/2380523002
Cr-Commit-Position: refs/heads/master@{#39801}
2016-09-28 04:06:01 +00:00
verwaest
f41e7ebd62 Don't use different function scopes when parsing with temp zones
Previously we'd have a scope in the main zone, and another in the temp zone. Then we carefully copied back data to the main zone. This CL changes it so that the scope is just fixed up to only contain data from the main zone. That avoids additional copies and additional allocations; while not increasing the care that needs to be taken. This will also make it easier to abort preparsing while parsing using a temp zone.

BUG=

Review-Url: https://codereview.chromium.org/2368313002
Cr-Commit-Position: refs/heads/master@{#39800}
2016-09-28 02:42:28 +00:00
adamk
841b82a408 [ast] Make FunctionLiteral delegate to its Scope for FunctionKind
As a side-effect, this lets us remove bit_field_2_ from FunctionLiteral.

R=verwaest@chromium.org
BUG=v8:5209

Review-Url: https://codereview.chromium.org/2369293003
Cr-Commit-Position: refs/heads/master@{#39799}
2016-09-28 01:20:59 +00:00
bradnelson
53b228239e [wasm] asm.js: Work around parser converting !0 and !1 to boolean.
!0 -> true and !1 -> false etc in the parser.
This clashes with some of the typing logic in asm.js,
and can show up in some real programs in the wild (at least in past asm.js
versions).

BUG= https://bugs.chromium.org/p/v8/issues/detail?id=4203
R=aseemgarg@chromium.org,jpp@chromium.org

Review-Url: https://codereview.chromium.org/2372823004
Cr-Commit-Position: refs/heads/master@{#39798}
2016-09-27 23:20:21 +00:00
neis
7beb149f47 [bootstrapper] Remove some redundant calls to set_native.
R=adamk@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2378483002
Cr-Commit-Position: refs/heads/master@{#39797}
2016-09-27 22:30:00 +00:00
mtrofin
fa071284ed [wasm] resolve mips build error post 0xC land
BUG=

Review-Url: https://codereview.chromium.org/2377683003
Cr-Commit-Position: refs/heads/master@{#39796}
2016-09-27 22:09:51 +00:00
titzer
28392ab196 [wasm] Master CL for Binary 0xC changes.
[0xC] Convert to stack machine semantics.
[0xC] Use section codes instead of names.
[0xC] Add elements section decoding.
[0xC] Decoding of globals section.
[0xC] Decoding of memory section.
[0xC] Decoding of imports section.
[0xC] Decoding of exports section.
[0xC] Decoding of data section.
[0xC] Remove CallImport bytecode.
[0xC] Function bodies have an implicit block.
[0xC] Remove the bottom label from loops.
[0xC] Add signatures to blocks.
[0xC] Remove arities from branches.
Add tests for init expression decoding.
Rework compilation of import wrappers and how they are patched.
Rework function indices in debugging.
Fix ASM->WASM builder for stack machine.
Reorganize asm.js foreign functions due to import indices change.

R=ahaas@chromium.org,rossberg@chromium.org,bradnelson@chromium.org
BUG=chromium:575167
LOG=Y

Committed: https://crrev.com/76eb976a67273b8c03c744f64ad850b0432554b9
Review-Url: https://codereview.chromium.org/2345593003
Cr-Original-Commit-Position: refs/heads/master@{#39678}
Cr-Commit-Position: refs/heads/master@{#39795}
2016-09-27 20:46:30 +00:00
alph
fcf1bac99a [tracing] Implement Add/RemoveTraceStateObserver for default platform.
BUG=chromium:406277

Review-Url: https://codereview.chromium.org/2369073003
Cr-Commit-Position: refs/heads/master@{#39794}
2016-09-27 20:12:55 +00:00
kozyatinskiy
ff135975b0 [inspector] run microtasks after async Runtime.evaluate
If promise was resolved before adding handler in Runtime.evaluate method then this callback won't be called. We need to run microtasks after adding handlers.

R=dgozman@chromium.org,alph@chromium.org

Review-Url: https://codereview.chromium.org/2371773004
Cr-Commit-Position: refs/heads/master@{#39793}
2016-09-27 19:42:30 +00:00
adamk
34922e8d77 Remove empty SNPrintF call to make mips build happy
TBR=klaasb@google.com

Review-Url: https://codereview.chromium.org/2370033004
Cr-Commit-Position: refs/heads/master@{#39792}
2016-09-27 19:28:51 +00:00
gsathya
1f89abcb9a [promises] Don't create resolving functions for PromiseCreate
Previously passing in the PromiseNopResolver function to the Promise
constructor would result in creating the resolving functions to be in
passed in to the executor, but the PromiseNopResolver does not use
these resolving functions resulting in wastefully creating these closures.

Instead we pass in the promiseRawSymbol to the promise constructor
so that these unnecessary resolving functions are not created.

BUG=v8:5046

Review-Url: https://codereview.chromium.org/2353303003
Cr-Commit-Position: refs/heads/master@{#39791}
2016-09-27 18:46:18 +00:00
adamk
01824e5e96 [modules] Move Evaluate from api.cc into internal Module implementation
R=neis@chromium.org
BUG=v8:1569

Review-Url: https://codereview.chromium.org/2376693003
Cr-Commit-Position: refs/heads/master@{#39790}
2016-09-27 18:32:24 +00:00
alph
4810f41a52 [tracing] Support ConvertableToTraceFormat argument type.
Drive-by: Use perfect forwarding for AddTraceEvent arguments.

BUG=406277

Committed: https://crrev.com/dcac49af485fe5d4c0027f153901435dbb29c232
Review-Url: https://codereview.chromium.org/2367603002
Cr-Original-Commit-Position: refs/heads/master@{#39742}
Cr-Commit-Position: refs/heads/master@{#39789}
2016-09-27 18:08:53 +00:00
nikolaos
dfb90f7c62 [parser] Refactor of (Parse|Desugar)*(Async|Arrow)*
This patch moves the following parsing method to ParserBase:

- DesugarAsyncFunctionBody, renamed to ParseAsyncFunctionBody
- ParseAsyncFunctionExpression, renamed to ParseAsyncFunctionLiteral
- ParseAsyncFunctionDeclaration

It renames the parser implementation methods:

- ParseArrowFunctionFormalParameterList -> DeclareArrowFunctionFormalParameters
- ParseArrowFunctionFormalParameters -> AddArrowFunctionFormalParameters

It also eliminates method ParseAsyncArrowSingleExpressionBody.

R=adamk@chromium.org, marja@chromium.org
BUG=
LOG=N

Review-Url: https://codereview.chromium.org/2372733002
Cr-Commit-Position: refs/heads/master@{#39788}
2016-09-27 18:02:24 +00:00
neis
b7913f33a3 [modules] Don't throw when detecting cycle while processing star exports.
We must not throw when seeing a cycle while trying to resolve a name through
star exports.  (It may be surprising that we do have to throw when seeing an
ambiguity, but this is what the spec says.)

R=adamk@chromium.org
BUG=v8:1569

Review-Url: https://codereview.chromium.org/2376563002
Cr-Commit-Position: refs/heads/master@{#39787}
2016-09-27 17:31:37 +00:00
kozyatinskiy
4dffc8a700 [inspector] fixed console.count with empty stack
BUG=chromium:644629
R=dgozman@chromium.org

Review-Url: https://codereview.chromium.org/2372093002
Cr-Commit-Position: refs/heads/master@{#39786}
2016-09-27 17:11:36 +00:00
mlippautz
263c20d36c [heap] Cleanup Heap::SetUp
BUG=

Review-Url: https://codereview.chromium.org/2371173002
Cr-Commit-Position: refs/heads/master@{#39785}
2016-09-27 17:06:34 +00:00
mvstanton
7abb0c69fb --turbo-cache-shared-code shouldn't control lookup in optimized code map.
This flag is meant to control whether we add a special context-free
entry to the optimized code map or not. A usage of the flag was
bogus.

BUG=

Review-Url: https://codereview.chromium.org/2374723002
Cr-Commit-Position: refs/heads/master@{#39784}
2016-09-27 16:44:28 +00:00
jgruber
f26c4d2d55 [stubs] Add SmiMax and refactor SmiMin to use Select
SmiMax will be used in a follow-up commit.

BUG=

Review-Url: https://codereview.chromium.org/2372543002
Cr-Commit-Position: refs/heads/master@{#39783}
2016-09-27 16:36:28 +00:00
klaasb
0d1e15d6e5 Remove decision by Turbofan OSR to optimize on next call
When we OSR using Turbofan, we would set the function to be optimized
on the next call, irrespective of the runtime profiler's previous
decisions - such as compiling for baseline. It seems more prudent to
always make these decisions in the runtime profiler where the data is
available.

Review-Url: https://codereview.chromium.org/2369043002
Cr-Commit-Position: refs/heads/master@{#39782}
2016-09-27 16:27:42 +00:00
ulan
55dd687a43 [heap] Decouple SpaceIterator from ObjectIterator.
BUG=

Review-Url: https://codereview.chromium.org/2377513007
Cr-Commit-Position: refs/heads/master@{#39781}
2016-09-27 16:23:50 +00:00
ulan
74145159af [heap] Remove --print-cumulative-gc-stat flag.
The same information can be obtained by processing --trace-gc-nvp output
or using trace event and GC metric of catapult in Chrome.

BUG=

Review-Url: https://codereview.chromium.org/2361073002
Cr-Commit-Position: refs/heads/master@{#39780}
2016-09-27 15:27:34 +00:00
machenbach
4f02ff7ee5 [test] Make test runner more rubust on startup.
The test driver fails once in a while with no output when
listing the tests on windows, causing the testing to not
even start.

This should make that less likely if there's a flaky crash
when listing the tests.

BUG=v8:5438

Review-Url: https://codereview.chromium.org/2373043002
Cr-Commit-Position: refs/heads/master@{#39779}
2016-09-27 15:14:01 +00:00
mlippautz
42ece47446 [heap] Remove border page
A page now belongs either the nursery *or* the intermediate gen. The page that
contained objects of both spaces is removed in this change.

BUG=chromium:636331

Review-Url: https://codereview.chromium.org/2209583002
Cr-Commit-Position: refs/heads/master@{#39778}
2016-09-27 15:02:22 +00:00
epertoso
0fb486fe44 [interpreter] Fix the interface descriptor for interpreter dispatch.
The bytecode offset parameter was Int32, but everywhere else it's an IntPtr.

BUG=

Review-Url: https://codereview.chromium.org/2369033003
Cr-Commit-Position: refs/heads/master@{#39777}
2016-09-27 15:00:09 +00:00
mstarzinger
437a33efd2 [turbofan] Fix indirect escapes in escape analysis.
This makes sure we only replace load operations for fields on virtual
objects. Even though data flow information for non-virtual (escaping)
allocations is available, it might be inaccurate in certain situations
where object state hasn't been cleared.

R=jarin@chromium.org
TEST=mjsunit/compiler/regress-escape-analysis-indirect

Review-Url: https://codereview.chromium.org/2369953002
Cr-Commit-Position: refs/heads/master@{#39776}
2016-09-27 14:53:17 +00:00
haraken
9285e66630 Add v8::Object::CreationContext that works for a persistent handle
I need this API for https://codereview.chromium.org/1609343002/.

BUG=483722

Review-Url: https://codereview.chromium.org/1627233002
Cr-Commit-Position: refs/heads/master@{#39775}
2016-09-27 14:19:46 +00:00
jgruber
515994b8ca [regexp] Don't cache exec method in Regexp.proto[@@split]
The call to RegExpSubclassExec may refer to a different exec method
since splitter is newly constructed previously to the call.

BUG=v8:5351

Review-Url: https://codereview.chromium.org/2370733003
Cr-Commit-Position: refs/heads/master@{#39774}
2016-09-27 14:02:33 +00:00
mstarzinger
66e73b3a1b [turbofan] Remove unsafe JSToBoolean lowering.
The lowering of {JSToBoolean} operators in {JSTypedLowering} inserts
loads that are not part of the effect chain. This does not play well
with effect-sensitive data flow analysis (e.g. escape analysis). This
removes the lowering in question, we can implement it using a dedicated
simplified operator eventually if needed.

R=bmeurer@chromium.org
TEST=mjsunit/wasm/embenchen/lua_binarytrees

Review-Url: https://codereview.chromium.org/2366363003
Cr-Commit-Position: refs/heads/master@{#39773}
2016-09-27 13:55:25 +00:00
jgruber
0ce95e0878 [stubs] Add a test for canary crashes in SubStringStub
These crashes were caused by an invalid pointer stored in a tagged
variable in SubStringStub. This can be reproduced by calling the stub on
an external string and ensuring GC kicks in on the subsequent
allocation.

Only the TurboFan implementation of SubStringStub is affected, the current
PlatformStub implementation handles this case just fine.

BUG=chromium:649967

Review-Url: https://codereview.chromium.org/2374603003
Cr-Commit-Position: refs/heads/master@{#39772}
2016-09-27 13:53:15 +00:00