Commit Graph

27055 Commits

Author SHA1 Message Date
mstarzinger
33142c120d [turbofan] Make RawMachineAssembler handle the end node.
This moves the proper handling for the end node withing the constructed
graph into the RawMachineAssembler. This simplifies all assemblers and
makes the handling of {Start} and {End} symmetrical.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1493963003

Cr-Commit-Position: refs/heads/master@{#32563}
2015-12-03 13:30:06 +00:00
mythria
75f1102129 [Interpreter] Adds support for Increment and Decrement to BytecodeGraphBuilder.
Adds implementation and tests for Inc and Dec to bytecode graph builder.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1499593002

Cr-Commit-Position: refs/heads/master@{#32562}
2015-12-03 13:21:12 +00:00
hpayer
463c130d33 Reland of Introduce instance type for transition arrays. (patchset #1 id:1 of https://codereview.chromium.org/1483003002/ )
Reason for revert:
Suspect for crashing found, relanding for canary coverage.

Original issue's description:
> Revert of Introduce instance type for transition arrays. (patchset #6 id:100001 of https://codereview.chromium.org/1480873003/ )
>
> Reason for revert:
> Broken canary. Trying to find out root cause.
>
> Original issue's description:
> > Introduce instance type for transition arrays.
> >
> > The motivation is to allow specialized marking visitor for transition arrays and collect all transition array in a list for post-processing in ClearNonLiveReferences.
> >
> > BUG=chromium:554488
> > LOG=NO
> >
> > Committed: https://crrev.com/026095a3c7932573e1810b8064ec3008ed696601
> > Cr-Commit-Position: refs/heads/master@{#32396}
>
> TBR=mlippautz@chromium.org,jkummerow@chromium.org,ulan@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=chromium:554488
>
> Committed: https://crrev.com/38bf70b9cd2a07b99ac0c0b7eda111849e79c146
> Cr-Commit-Position: refs/heads/master@{#32404}

TBR=mlippautz@chromium.org,jkummerow@chromium.org,ulan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:554488

Review URL: https://codereview.chromium.org/1500623002

Cr-Commit-Position: refs/heads/master@{#32561}
2015-12-03 13:18:50 +00:00
hpayer
2c7aee2817 Reland of Tenure transition array. (patchset #1 id:1 of https://codereview.chromium.org/1485613003/ )
Reason for revert:
Suspect for crashing found, relanding for canary coverage.

Original issue's description:
> Revert of Tenure transition array. (patchset #1 id:1 of https://codereview.chromium.org/1472363007/ )
>
> Reason for revert:
> Broken canary. Trying to find out root cause.
>
> Original issue's description:
> > Tenure transition array.
> >
> > BUG=
> >
> > Committed: https://crrev.com/c88d7cd1e09d921e8a9a2930cfe6f2dfbea3dc90
> > Cr-Commit-Position: refs/heads/master@{#32378}
>
> TBR=ulan@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=chromium:563378
>
> Committed: https://crrev.com/cdb4b8fba1774f7617e51228c89286bcbd0425f0
> Cr-Commit-Position: refs/heads/master@{#32405}

TBR=ulan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:563378

Review URL: https://codereview.chromium.org/1492223003

Cr-Commit-Position: refs/heads/master@{#32560}
2015-12-03 13:06:40 +00:00
machenbach
edda955ed6 Reland of [CQ] Update proto format to fix triggered builders.
Reason for revert:

Should be fixed after
https://chromereviews.googleplex.com/318207014/

TBR=sergiyb@chromium.org,tandrii@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:561530

Review URL: https://codereview.chromium.org/1494893003

Cr-Commit-Position: refs/heads/master@{#32559}
2015-12-03 12:56:20 +00:00
neis
82d974799b [proxies] Make Array.isArray respect proxies.
An array is either a JSArray or a proxy whose target is an array.

R=bmeurer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1497483004

Cr-Commit-Position: refs/heads/master@{#32558}
2015-12-03 12:51:43 +00:00
cbruni
a32096c43c [runtime] [proxy] Remove JSProxy::CallTrap
LOG=n
BUG=v8:1543

Review URL: https://codereview.chromium.org/1500553002

Cr-Commit-Position: refs/heads/master@{#32557}
2015-12-03 12:43:48 +00:00
verwaest
324ab7076c For non-prototype objects constructed using base==new.target, use the cached constructor to render the name.
BUG=chromium:563791
LOG=y

Review URL: https://codereview.chromium.org/1494673004

Cr-Commit-Position: refs/heads/master@{#32556}
2015-12-03 12:41:27 +00:00
hpayer
fa7a07c3bd Reland of Do not remove write barriers for stores of old space references in most recent old space allocation. (patchset #1 id:1 of https://codereview.chromium.org/1482973003/ )
Reason for revert:
Suspect for crashing found, relanding for canary coverage.

Original issue's description:
> Revert of Do not remove write barriers for stores of old space references in most recent old space allocation. (patchset #1 id:1 of https://codereview.chromium.org/1478113002/ )
>
> Reason for revert:
> Broken canary. Trying to find out root cause.
>
> Original issue's description:
> > Do not remove write barriers for stores of old space references in most recent old space allocation.
> >
> > BUG=chromium:561449
> > LOG=n
> >
> > Committed: https://crrev.com/369778ec55a63ebe51e8fa8497edb5b681069b9b
> > Cr-Commit-Position: refs/heads/master@{#32368}
>
> TBR=ulan@chromium.org,bmeurer@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=chromium:561449
>
> Committed: https://crrev.com/da56525478f1820e3da629576ab61acc5f84daac
> Cr-Commit-Position: refs/heads/master@{#32406}

TBR=ulan@chromium.org,bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:561449

Review URL: https://codereview.chromium.org/1493313002

Cr-Commit-Position: refs/heads/master@{#32555}
2015-12-03 12:24:20 +00:00
hpayer
2ee18a5d40 Reland of [heap] Remove eager shortcut in JSFunction visitor. (patchset #1 id:1 of https://codereview.chromium.org/1488063002/ )
Reason for revert:
Suspect for crashing found, relanding for canary coverage.

Original issue's description:
> Revert of [heap] Remove eager shortcut in JSFunction visitor. (patchset #1 id:1 of https://codereview.chromium.org/1476223002/ )
>
> Reason for revert:
> Still investigating bad canary.
>
> Original issue's description:
> > [heap] Remove eager shortcut in JSFunction visitor.
> >
> > This removes an optimization in the static JSFunction visitor that
> > eagerly marked through to the SharedFunctionInfo for code flushing
> > candidates. This causes all processing in VisitJSFunction to be
> > side-stepped and hence might cause leaks.
> >
> > R=hpayer@chromium.org
> >
> > Committed: https://crrev.com/a29f0576c32e8fda90bf7ab19c6d170568150a7f
> > Cr-Commit-Position: refs/heads/master@{#32332}
>
> TBR=mstarzinger@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
>
> Committed: https://crrev.com/672b49119b857c4f96234b03e48b4b60de256969
> Cr-Commit-Position: refs/heads/master@{#32463}

TBR=mstarzinger@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1486413006

Cr-Commit-Position: refs/heads/master@{#32554}
2015-12-03 12:23:07 +00:00
yangguo
8f87ff5d62 [debugger] do not predict step in target for liveedit.
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/1491743005

Cr-Commit-Position: refs/heads/master@{#32553}
2015-12-03 12:12:02 +00:00
hpayer
4f2009eb39 [heap] Fix finalization of incremental marking race.
Between requesting finalization of incremental marking and the time where we handle the request in the stack guard, the current full GC may have finished. In that case the stack guard triggers to late and tries to finalize marking in a state where marking is not going on.

Note that a cleaner fix would be to express the finalization phase in a special marking phase. I will do that in a follow-up CL.

BUG=

Review URL: https://codereview.chromium.org/1493133003

Cr-Commit-Position: refs/heads/master@{#32552}
2015-12-03 12:10:16 +00:00
jochen
e0a661fc4c Deprecate non-standard Array methods and clarify Object::isArray
BUG=none
R=neis@chromium.org
LOG=y

Review URL: https://codereview.chromium.org/1493053004

Cr-Commit-Position: refs/heads/master@{#32551}
2015-12-03 11:44:51 +00:00
mstarzinger
eaa0e59611 Remove new.target value from construct stub frames.
This drops the specific slot containing the new.target value from our
construct stub frames. This side-channel has been deprecated and will
no longer be accessed by any consumers.

R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/1489353004

Cr-Commit-Position: refs/heads/master@{#32550}
2015-12-03 11:33:39 +00:00
bmeurer
0e95683376 [proxies] InstanceOfStub should bailout to %HasInPrototypeChain for proxies.
Whenever the InstanceOfStub finds a proxy (either passed as object or
somewhere on the prototype chain), it should bailout to the
%HasInPrototypeChain runtime function, which will do the right thing
(soonish).

R=yangguo@chromium.org
BUG=v8:1543
LOG=n

Review URL: https://codereview.chromium.org/1492243003

Cr-Commit-Position: refs/heads/master@{#32549}
2015-12-03 10:43:39 +00:00
mstarzinger
440a42b741 [fullcode] Switch passing of new.target to register.
This passes the new.target value in a register instead of through a
side-channel via the construct stub. Note that this marks the last
consumer of said side-channel and the special slot in the construct
stub frame can be removed as a follow-up.

R=bmeurer@chromium.org,yangguo@chromium.org
TEST=mjsunit/es6/regress/regress-new-target-context

Review URL: https://codereview.chromium.org/1492793002

Cr-Commit-Position: refs/heads/master@{#32548}
2015-12-03 10:04:35 +00:00
ishell
5d38d6819c Fix inobject slack tracking for both subclassing and non-subclassing cases.
It didn't support subclassing case at all and in non-subclassing case the runtime
allocation didn't do the slack tracking step.

BUG=chromium:563339
LOG=Y

Review URL: https://codereview.chromium.org/1488023002

Cr-Commit-Position: refs/heads/master@{#32547}
2015-12-03 10:03:00 +00:00
machenbach
5cdb107f88 Revert of [CQ] Update proto format to fix triggered builders. (patchset #1 id:1 of https://codereview.chromium.org/1494103002/ )
Reason for revert:
Still not working...

Original issue's description:
> Reland of [CQ] Update proto format to fix triggered builders.
>
> Reason for revert:
>
> Should be fixed after
> https://chromereviews.googleplex.com/317197013/
> https://codereview.chromium.org/1487413002/
> https://codereview.chromium.org/1489293003/
>
> TBR=sergiyb@chromium.org,tandrii@chromium.org
> NOPRESUBMIT=true
> NOTRY=true
> BUG=chromium:561530
>
> Committed: https://crrev.com/224c7fa72b8002348bb876ab7a4d4fabbf9438a4
> Cr-Commit-Position: refs/heads/master@{#32544}

TBR=sergiyb@chromium.org,tandrii@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:561530

Review URL: https://codereview.chromium.org/1497583003

Cr-Commit-Position: refs/heads/master@{#32546}
2015-12-03 09:43:21 +00:00
hablich
478d3d6a32 [Release] releases.py should not crash on non-release versions
NOTRY=true
R=machenbach@chromium.org

Review URL: https://codereview.chromium.org/1493633005

Cr-Commit-Position: refs/heads/master@{#32545}
2015-12-03 09:21:02 +00:00
machenbach
224c7fa72b Reland of [CQ] Update proto format to fix triggered builders.
Reason for revert:

Should be fixed after
https://chromereviews.googleplex.com/317197013/
https://codereview.chromium.org/1487413002/
https://codereview.chromium.org/1489293003/

TBR=sergiyb@chromium.org,tandrii@chromium.org
NOPRESUBMIT=true
NOTRY=true
BUG=chromium:561530

Review URL: https://codereview.chromium.org/1494103002

Cr-Commit-Position: refs/heads/master@{#32544}
2015-12-03 09:18:38 +00:00
zhengxing.li
aae3f9610e X87: [turbofan] Desugar JSUnaryNot(x) to Select(x, false, true).
port 411c5b7fb0 (r32524)

  original commit message:
  Also remove the ResultMode from ToBooleanStub and always return true or
  false and use the same mechanism in fullcodegen.  This is in preparation
  for adding ToBoolean hints to TurboFan.

  Drive-by-fix: We can use the power of the ToBooleanIC in TurboFan now
  that the ResultMode is gone (and the runtime always returns true or
  false from the miss handler).

BUG=

Review URL: https://codereview.chromium.org/1500483002

Cr-Commit-Position: refs/heads/master@{#32543}
2015-12-03 08:51:54 +00:00
v8-autoroll
36c395ce3f Update V8 DEPS.
Rolling v8/tools/clang to b2ed9e4af62108938543234380912eeb9d5a58e6

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review URL: https://codereview.chromium.org/1491363003

Cr-Commit-Position: refs/heads/master@{#32542}
2015-12-03 08:48:00 +00:00
machenbach
3e021da8f8 [test] Disable flaky test.
BUG=v8:4588
LOG=n
TBR=yangguo@chromium.org
NOTRY=true

Review URL: https://codereview.chromium.org/1496863002

Cr-Commit-Position: refs/heads/master@{#32541}
2015-12-03 08:24:41 +00:00
zhengxing.li
93a5a8552e X87: [debugger] simplify reloc info for debug break slots.
port 531dde9f80 (r32516)

  original commit message:
  The new step-in implementation no longer tries to predict the step-in
  target, so we don't need the arguments count nor call type anymore.

BUG=

Review URL: https://codereview.chromium.org/1493993002

Cr-Commit-Position: refs/heads/master@{#32540}
2015-12-03 07:52:31 +00:00
bmeurer
a330af0ed1 [crankshaft] Deoptimize if HHasInPrototypeChainAndBranch hits a proxy.
The optimized code generated by Crankshaft cannot properly deal
with proxies (in the prototype chain), and there's probably no
point in trying to make that work^Wfast with Crankshaft at all.
TurboFan will handle that properly; Crankshaft just bails out
to fullcodegen, which then goes to the runtime, which should do
the right thing soon.

BUG=v8:1543
LOG=n

Review URL: https://codereview.chromium.org/1492983002

Cr-Commit-Position: refs/heads/master@{#32539}
2015-12-03 06:22:42 +00:00
zhengxing.li
28a5baa01c X87: [stubs] A new approach to TF stubs.
port 3e7e3ed726 (r32508)

  original commit message:
  * Add a sibling interface to InterpreterAssembler called
    CodeStubAssembler which provides a wrapper around the
    RawMachineAssembler and is intented to make it easy to build
    efficient cross-platform code stubs. Much of the implementation
    of CodeStubAssembler is shamelessly stolen from the
    InterpreterAssembler, and the idea is to eventually merge the
    two interfaces somehow, probably moving the
    InterpreterAssembler interface over to use the
    CodeStubAssembler. Short-term, however, the two interfaces
    shall remain decoupled to increase our velocity developing the
    two systems in parallel.
  * Implement the StringLength stub in TurboFan with the new
    CodeStubAssembler. Replace and remove the old Hydrogen-stub
    version.
  * Remove a whole slew of machinery to support JavaScript-style
    code stub generation, since it ultimately proved unwieldy,
    brittle and baroque. This cleanup includes removing the shared
    code stub context, several example stubs and a tangle of build
    file changes.

BUG=

Review URL: https://codereview.chromium.org/1492213002

Cr-Commit-Position: refs/heads/master@{#32538}
2015-12-03 05:48:54 +00:00
zhengxing.li
d03dc2a135 X87: [turbofan] Implemented the optional Float32RoundTruncate operator.
port 19741ac977 (r32301)

  original commit message:
  The Float32RoundTruncate operator rounds float32 numbers towards zero.
  The operator is currently implemented on x64, ia32, arm, and arm64.

  Additionally I added support for the float32 vrintz, vrintn, and vrinta
  instructions to the arm simulator.

BUG=

Review URL: https://codereview.chromium.org/1493213002

Cr-Commit-Position: refs/heads/master@{#32537}
2015-12-03 05:19:55 +00:00
adamk
bc7d63ccef [cleanup] Remove redundant fields from DeclarationDescriptor
Both the is_const and declaration_scope fields can be reliably derived
from the mode field. needs_init cannot be, unfortunately, due to the
special case of CONST in for loops.

Also inline the sole remaining non-trivial caller of
Parser::DeclarationScope(VariableMode).

Review URL: https://codereview.chromium.org/1487603003

Cr-Commit-Position: refs/heads/master@{#32536}
2015-12-02 23:58:14 +00:00
adamk
3aa862896b [cleanup] Remove cruft from old rest parameter implementation
Review URL: https://codereview.chromium.org/1485823003

Cr-Commit-Position: refs/heads/master@{#32535}
2015-12-02 23:45:51 +00:00
adamk
b2ad33c2d2 [cleanup] Remove modules-related cruft from Scope
These bits were relevant back when we had nested lexical modules, but
I don't think they'll be of any use for ES2015 modules.

Review URL: https://codereview.chromium.org/1485053002

Cr-Commit-Position: refs/heads/master@{#32534}
2015-12-02 23:28:56 +00:00
mbrandy
74d92ca83c PPC: [debugger] simplify reloc info for debug break slots.
Port 531dde9f80

Original commit message:
    The new step-in implementation no longer tries to predict the step-in
    target, so we don't need the arguments count nor call type anymore.

R=yangguo@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1490413002

Cr-Commit-Position: refs/heads/master@{#32533}
2015-12-02 22:40:56 +00:00
mbrandy
9151860c12 PPC: [stubs] A new approach to TF stubs
Port 3e7e3ed726

Original commit message:
    * Add a sibling interface to InterpreterAssembler called
      CodeStubAssembler which provides a wrapper around the
      RawMachineAssembler and is intented to make it easy to build
      efficient cross-platform code stubs. Much of the implementation
      of CodeStubAssembler is shamelessly stolen from the
      InterpreterAssembler, and the idea is to eventually merge the
      two interfaces somehow, probably moving the
      InterpreterAssembler interface over to use the
      CodeStubAssembler. Short-term, however, the two interfaces
      shall remain decoupled to increase our velocity developing the
      two systems in parallel.
    * Implement the StringLength stub in TurboFan with the new
      CodeStubAssembler. Replace and remove the old Hydrogen-stub
      version.
    * Remove a whole slew of machinery to support JavaScript-style
      code stub generation, since it ultimately proved unwieldy,
      brittle and baroque. This cleanup includes removing the shared
      code stub context, several example stubs and a tangle of build
      file changes.

R=danno@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=v8:4587
LOG=n

Review URL: https://codereview.chromium.org/1492633006

Cr-Commit-Position: refs/heads/master@{#32532}
2015-12-02 22:01:24 +00:00
mbrandy
65d28d70cd PPC: [turbofan] Desugar JSUnaryNot(x) to Select(x, false, true).
Port 411c5b7fb0

Original commit message:
    Also remove the ResultMode from ToBooleanStub and always return true or
    false and use the same mechanism in fullcodegen.  This is in preparation
    for adding ToBoolean hints to TurboFan.

    Drive-by-fix: We can use the power of the ToBooleanIC in TurboFan now
    that the ResultMode is gone (and the runtime always returns true or
    false from the miss handler).

R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=v8:4583
LOG=n

Review URL: https://codereview.chromium.org/1490363003

Cr-Commit-Position: refs/heads/master@{#32531}
2015-12-02 21:40:12 +00:00
littledan
c63236328e Revert of Disable non-standard Promise functions in staging (patchset #1 id:1 of https://codereview.chromium.org/1478533002/ )
Reason for revert:
Will test better; there seems to be a bug related to this.

Original issue's description:
> Reland of Disable non-standard Promise functions in staging (patchset #1 id:1 of https://codereview.chromium.org/1473603002/ )
>
> Reason for revert:
> Breakage in Ignition seems unrelated; relanding.
>
> Original issue's description:
> > Revert of Disable non-standard Promise functions in staging (patchset #5 id:80001 of https://codereview.chromium.org/1469543003/ )
> >
> > Reason for revert:
> > [Sheriff] This breaks ignition on arm sim debug:
> > https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20arm%20-%20sim%20-%20debug/builds/5317
> >
> > Seems to not be caught by the cq bot that builds release with dchecks.
> >
> > Original issue's description:
> > > Disable non-standard Promise functions in staging
> > >
> > > This patch removes Promise functions and methods which are absent
> > > from the ES2015 specification when the --es-staging flag is on.
> > >
> > > BUG=v8:3237
> > > R=rossberg
> > > LOG=Y
> > >
> > > Committed: https://crrev.com/941251af7e04d50ac2243da2870249a42111221a
> > > Cr-Commit-Position: refs/heads/master@{#32194}
> >
> > TBR=rossberg@chromium.org,littledan@chromium.org
> > NOPRESUBMIT=true
> > NOTREECHECKS=true
> > NOTRY=true
> > BUG=v8:3237
> >
> > Committed: https://crrev.com/86bd2b3c23b562213d5af158849dcd65f347a827
> > Cr-Commit-Position: refs/heads/master@{#32199}
>
> TBR=rossberg@chromium.org,rmcilroy@chromium.org,machenbach@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:3237
>
> Committed: https://crrev.com/9278b7b05a45c2089007e8b61822af96b5d0c8df
> Cr-Commit-Position: refs/heads/master@{#32235}

TBR=rossberg@chromium.org,rmcilroy@chromium.org,machenbach@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3237

Review URL: https://codereview.chromium.org/1493713004

Cr-Commit-Position: refs/heads/master@{#32530}
2015-12-02 20:35:40 +00:00
thakis
39bef217a3 Let v8 standalone builds use update.py instead of update.sh.
update.sh is gone in chromium, and using update.py will do the right
thing both before and after the deletion in chromium (previously,
update.py used to call update.sh internally on non-win).

This also has the benefit of working on Windows.

No intended behavior change.

BUG=chromium:494442
LOG=n

Review URL: https://codereview.chromium.org/1495653002

Cr-Commit-Position: refs/heads/master@{#32529}
2015-12-02 20:28:14 +00:00
kozyatinskiy
cab2512a5e Removed support deprecated (//@|/*@) source(URL|MappingURL)=
LOG=Y
BUG=chromium:558998
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/1495633002

Cr-Commit-Position: refs/heads/master@{#32528}
2015-12-02 19:53:47 +00:00
verwaest
a6ed24d61c Improve rendering of callsite with non-function target.
This hackily disambiguates multiple calls for the iterator protocols in ForOf / Yield* by adding -2 / -1 to the pos.

BUG=v8:3953
LOG=y

Review URL: https://codereview.chromium.org/1491923003

Cr-Commit-Position: refs/heads/master@{#32527}
2015-12-02 18:37:29 +00:00
mbrandy
37c145580e PPC: Pad InterpreterEntryTrampoline end with bkpt instruction.
While execution will not return to this location, stack iteration
logic will attempt to find the code object associated with the return
address.  This makes sure that it maps to the correct object and not
to the one immediately following it in memory.

R=joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1490343002

Cr-Commit-Position: refs/heads/master@{#32526}
2015-12-02 17:53:52 +00:00
jkummerow
4a246c1fff [cleanup] Introduce PropertyFilter
Split out of PropertyAttributes, and used for all filtering purposes.
Also moved PropertyAttributes into the v8::internal:: namespace.

No change in behavior intended.

Review URL: https://codereview.chromium.org/1492653004

Cr-Commit-Position: refs/heads/master@{#32525}
2015-12-02 16:30:24 +00:00
bmeurer
411c5b7fb0 [turbofan] Desugar JSUnaryNot(x) to Select(x, false, true).
Also remove the ResultMode from ToBooleanStub and always return true or
false and use the same mechanism in fullcodegen.  This is in preparation
for adding ToBoolean hints to TurboFan.

Drive-by-fix: We can use the power of the ToBooleanIC in TurboFan now
that the ResultMode is gone (and the runtime always returns true or
false from the miss handler).

R=mstarzinger@chromium.org
BUG=v8:4583
LOG=n

Review URL: https://codereview.chromium.org/1491223002

Cr-Commit-Position: refs/heads/master@{#32524}
2015-12-02 15:22:13 +00:00
sigurds
6095d0af30 [turbofan] Refactor escape analysis to only expose one class.
R=mstarzinger@chromium.org
BUG=v8:4586
LOG=n

Review URL: https://codereview.chromium.org/1491903002

Cr-Commit-Position: refs/heads/master@{#32523}
2015-12-02 15:21:21 +00:00
mlippautz
9b421f2690 Revert of [heap] Refactor evacuation for young and old gen into visitors. (patchset #1 id:1 of https://codereview.chromium.org/1493523003/ )
Reason for revert:
Speculative revert for crashing Canary.

Original issue's description:
> Reland of [heap] Refactor evacuation for young and old gen into visitors. (patchset #1 id:1 of https://codereview.chromium.org/1483393002/ )
>
> Reason for revert:
> Reland after fixing the potential root cause of the canary crasher.
>
> Original issue's description:
> > Revert of [heap] Refactor evacuation for young and old gen into visitors. (patchset #5 id:80001 of https://codereview.chromium.org/1470253002/ )
> >
> > Reason for revert:
> > Still investigating bad canary.
> >
> > Original issue's description:
> > > [heap] Refactor evacuation for young and old gen into visitors.
> > >
> > > Create a visitor for evacuating objects for young and old generation. This is
> > > the first step of preparing a task to process, both,  newspace and oldspace
> > > pages in parallel.
> > >
> > > BUG=chromium:524425
> > > LOG=N
> > >
> > > Committed: https://crrev.com/138d9bae5d7014e0d205634a49b5eac3697744c8
> > > Cr-Commit-Position: refs/heads/master@{#32349}
> >
> > TBR=mlippautz@chromium.org
> > NOPRESUBMIT=true
> > NOTREECHECKS=true
> > NOTRY=true
> > BUG=chromium:524425
> >
> > Committed: https://crrev.com/aa24a3135ec308e1f84bce334844caf0cae2437a
> > Cr-Commit-Position: refs/heads/master@{#32462}
>
> TBR=mlippautz@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=chromium:524425
>
> Committed: https://crrev.com/120b640dfce5f02cecc5af72ca0b2b3b93ce8652
> Cr-Commit-Position: refs/heads/master@{#32500}

TBR=hpayer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:524425

Review URL: https://codereview.chromium.org/1495583002

Cr-Commit-Position: refs/heads/master@{#32522}
2015-12-02 14:50:27 +00:00
mlippautz
e35e8c9d96 Revert of [heap] Unify evacuating an object for new and old generation. (patchset #1 id:1 of https://codereview.chromium.org/1494533002/ )
Reason for revert:
Speculative revert for crashing Canary.

Original issue's description:
> Reland of [heap] Unify evacuating an object for new and old generation. (patchset #1 id:1 of https://codereview.chromium.org/1483963004/ )
>
> Reason for revert:
> Reland after fixing the potential root cause of the canary crasher.
>
> Original issue's description:
> > Revert of [heap] Unify evacuating an object for new and old generation. (patchset #2 id:20001 of https://codereview.chromium.org/1481873002/ )
> >
> > Reason for revert:
> > Still investigating bad canary.
> >
> > Original issue's description:
> > > [heap] Unify evacuating an object for new and old generation.
> > >
> > > BUG=chromium:524425
> > > LOG=N
> > >
> > > Committed: https://crrev.com/afb8bcce8ba889280ed747eb218d287ddd233b4a
> > > Cr-Commit-Position: refs/heads/master@{#32365}
> >
> > TBR=mlippautz@chromium.org
> > NOPRESUBMIT=true
> > NOTREECHECKS=true
> > NOTRY=true
> > BUG=chromium:524425
> >
> > Committed: https://crrev.com/9c60ddc60e96da0c59e646660789c26550ad52a2
> > Cr-Commit-Position: refs/heads/master@{#32460}
>
> TBR=mlippautz@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=chromium:524425
>
> Committed: https://crrev.com/7ea8ac98f6eb5ffa9d4976aa22fec9befb814e0c
> Cr-Commit-Position: refs/heads/master@{#32501}

TBR=hpayer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:524425

Review URL: https://codereview.chromium.org/1491013003

Cr-Commit-Position: refs/heads/master@{#32521}
2015-12-02 14:49:37 +00:00
mlippautz
2322768104 Revert of "[heap] Clean up stale store buffer entries for aborted pages." (patchset #3 id:40001 of https://codereview.chromium.org/1494503004/ )
Reason for revert:
Still failing on GC stress
  https://chromegw.corp.google.com/i/client.v8/builders/V8%20Linux%20-%20gc%20stress/builds/690

Original issue's description:
> Reland of "[heap] Clean up stale store buffer entries for aborted pages."
>
> This reverts commit d4fc4a8cad.
>
> 1.  Let X be the aborted slot (slot in an evacuated object in an aborted page)
> 2.  Assume X contains pointer to Y and Y is in the new space, so X is in the
>     store buffer.
> 3.  Store buffer rebuilding will not filter out X (it checks InNewSpace(Y)).
> 4.  The current mark-sweep finishes. The slot X is in free space and is also in
>     the store buffer.
> 5.  A string of length 9 "abcdefghi" is allocated in the new space. The string
>     looks like |MAP|LENGTH|hgfedcba|NNNNNNNi| in memory, where NNNNNNN is
>     previous garbage. Let's assume that NNNNNNN0 was pointing to a new space
>     object before.
> 6.  Scavenge happens.
> 7.  Slot X is still in free space and in store buffer. [It causes scavenge of
>     the object Y in
>     store_buffer()->IteratePointersToNewSpace(&Scavenger::ScavengeObject). But
>     it is not important].
> 8.  Our string is promoted and is allocated over the slot X, such that NNNNNNNi
>     is written in X.
> 9.  The scavenge finishes.
> 9.  Another scavenge starts.
> 10. We crash in
>     store_buffer()->IteratePointersToNewSpace(&Scavenger::ScavengeObject) when
>     processing slot X, because it doesn't point to valid map.
>
> BUG=chromium:524425, chromium:564498
> LOG=N
> R=hpayer@chromium.org, ulan@chromium.org
>
> Committed: https://crrev.com/fc6ff534003480e49dc481d9c665e961ab709c02
> Cr-Commit-Position: refs/heads/master@{#32514}

TBR=hpayer@chromium.org,ulan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:524425, chromium:564498

Review URL: https://codereview.chromium.org/1492823002

Cr-Commit-Position: refs/heads/master@{#32520}
2015-12-02 14:48:06 +00:00
bmeurer
ddb9f461f1 [turbofan] Optimize %_IsJSReceiver based on input type.
We can constant fold %_IsJSReceiver(x) based on whether x is always a
receiver or can never be a receiver.  This is important as
%_IsJSReceiver is inserted by the JSInliner.

R=jarin@chromium.org
BUG=v8:4544
LOG=n

Review URL: https://codereview.chromium.org/1486383003

Cr-Commit-Position: refs/heads/master@{#32519}
2015-12-02 14:35:54 +00:00
mbrandy
d0b30d0276 Account for embedded constant pool pointer in Live Edit frame.
R=mvstanton@chromium.org, yangguo@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1491683003

Cr-Commit-Position: refs/heads/master@{#32518}
2015-12-02 14:30:51 +00:00
yangguo
e1866c8f6f [debugger] fix liveedit in combination with step in.
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/1493733002

Cr-Commit-Position: refs/heads/master@{#32517}
2015-12-02 14:27:09 +00:00
yangguo
531dde9f80 [debugger] simplify reloc info for debug break slots.
The new step-in implementation no longer tries to predict the step-in
target, so we don't need the arguments count nor call type anymore.

R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/1484893003

Cr-Commit-Position: refs/heads/master@{#32516}
2015-12-02 14:14:29 +00:00
zhengxing.li
7d6c566622 X87: [turbofan] Implemented the optional Float32RoundUp operator.
port 4f4947898d (r32262)

  original commit message:
  The Float32RoundUp operator rounds float32 numbers towards infinity.
  The operator is currently implemented on x64, ia32, arm, and arm64.

BUG=

Review URL: https://codereview.chromium.org/1491843003

Cr-Commit-Position: refs/heads/master@{#32515}
2015-12-02 14:06:33 +00:00
mlippautz
fc6ff53400 Reland of "[heap] Clean up stale store buffer entries for aborted pages."
This reverts commit d4fc4a8cad.

1.  Let X be the aborted slot (slot in an evacuated object in an aborted page)
2.  Assume X contains pointer to Y and Y is in the new space, so X is in the
    store buffer.
3.  Store buffer rebuilding will not filter out X (it checks InNewSpace(Y)).
4.  The current mark-sweep finishes. The slot X is in free space and is also in
    the store buffer.
5.  A string of length 9 "abcdefghi" is allocated in the new space. The string
    looks like |MAP|LENGTH|hgfedcba|NNNNNNNi| in memory, where NNNNNNN is
    previous garbage. Let's assume that NNNNNNN0 was pointing to a new space
    object before.
6.  Scavenge happens.
7.  Slot X is still in free space and in store buffer. [It causes scavenge of
    the object Y in
    store_buffer()->IteratePointersToNewSpace(&Scavenger::ScavengeObject). But
    it is not important].
8.  Our string is promoted and is allocated over the slot X, such that NNNNNNNi
    is written in X.
9.  The scavenge finishes.
9.  Another scavenge starts.
10. We crash in
    store_buffer()->IteratePointersToNewSpace(&Scavenger::ScavengeObject) when
    processing slot X, because it doesn't point to valid map.

BUG=chromium:524425, chromium:564498
LOG=N
R=hpayer@chromium.org, ulan@chromium.org

Review URL: https://codereview.chromium.org/1494503004

Cr-Commit-Position: refs/heads/master@{#32514}
2015-12-02 14:04:56 +00:00