Reason for revert:
Failure on compiling runtime.js on windows
Original issue's description:
> Add unoptimized/optimized variants of MathFloor TF code stub
>
> - Add a TurboFanIC class, derived from TurboFanCodeStub, that
> automatically distinguishes between versions of the IC called from
> optimized and unoptimized code.
> - Add appropriate InterfaceDescriptors for both the versions of the
> stub called from unoptimized and optimized code
> - Change the MathFloor TF stub generator to output either the
> for-optimized or for-unoptimized version based on the minor_key
> parameter.
>
> Committed: https://crrev.com/8f13b655b8a10dae2116dd18b32f09337bb2d410
> Cr-Commit-Position: refs/heads/master@{#29534}
TBR=mvstanton@chromium.org,bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1220783006
Cr-Commit-Position: refs/heads/master@{#29535}
- Add a TurboFanIC class, derived from TurboFanCodeStub, that
automatically distinguishes between versions of the IC called from
optimized and unoptimized code.
- Add appropriate InterfaceDescriptors for both the versions of the
stub called from unoptimized and optimized code
- Change the MathFloor TF stub generator to output either the
for-optimized or for-unoptimized version based on the minor_key
parameter.
Review URL: https://codereview.chromium.org/1225943002
Cr-Commit-Position: refs/heads/master@{#29534}
Smi immediates are not supported, so instructions with Smi representations need their constants in a register. LAddI has already been doing this. The manifestation of the bug was that an operation would compute 0 instead of the correct result.
BUG=chromium:478612
LOG=y
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/1224623017
Cr-Commit-Position: refs/heads/master@{#29529}
If we compile handlers to call accessors, Debug::HandleStepIn won't get
called. Therefore we need to clear ICs each time. This has not been
necessary before because we used to patch ICs for breaking, and restored
them with cleared ICs. This is no longer the case. We do not use ICs
for breaking anymore, so they are not implicitly cleared any longer.
R=mvstanton@chromium.org
BUG=v8:4269
LOG=N
Review URL: https://codereview.chromium.org/1212253009
Cr-Commit-Position: refs/heads/master@{#29518}
Reason for revert:
[Sheriff] Test hangs sometimes and times out flakily. E.g.: http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosse3/builds/4551/steps/Check%20%28flakes%29/logs/d8-worker-sharedarray..
Original issue's description:
> Fix bug when transferring SharedArrayBuffer to multiple Workers.
>
> Previously, the serialization code would call Externalize for every transferred
> ArrayBuffer or SharedArrayBuffer, but that function can only be called once. If
> the buffer is already externalized, we should call GetContents instead.
>
> Also fix use-after-free bug when transferring ArrayBuffers. The transferred
> ArrayBuffer must be internalized in the new isolate, or be managed by the
> Shell. The current code gives it to the isolate externalized and frees it
> immediately afterward when the SerializationData object is destroyed.
>
> BUG=chromium:497295
> R=jarin@chromium.org
> LOG=n
>
> Committed: https://crrev.com/dd7962bf7838f8379ba776ee6b7b0e4d3bec2140
> Cr-Commit-Position: refs/heads/master@{#29499}
TBR=jarin@chromium.org,jochen@chromium.org,binji@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:497295
Review URL: https://codereview.chromium.org/1224843008
Cr-Commit-Position: refs/heads/master@{#29506}
Previously, the serialization code would call Externalize for every transferred
ArrayBuffer or SharedArrayBuffer, but that function can only be called once. If
the buffer is already externalized, we should call GetContents instead.
Also fix use-after-free bug when transferring ArrayBuffers. The transferred
ArrayBuffer must be internalized in the new isolate, or be managed by the
Shell. The current code gives it to the isolate externalized and frees it
immediately afterward when the SerializationData object is destroyed.
BUG=chromium:497295
R=jarin@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1215233004
Cr-Commit-Position: refs/heads/master@{#29499}
The context constant cannot be materialized from the frame when we are
compiling for OSR, because the context spill slot contains the current
instead of the outermost context in full-codegen.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1220013003
Cr-Commit-Position: refs/heads/master@{#29472}
Currently we lower shifts directly to machine operators, and add an
appropriate Word32And to implement the & 0x1F operation on the right
hand side required by the specification. However for Word32And we assume
Int32 in simplified lowering, which is basically changes the right hand
side bit interpretation for the shifts from Uint32 to Int32, which is
obviously wrong. So now we represent that explicitly by proper
simplified operators for the shifts, which are lowered to machine in
simplified lowering.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1213803008
Cr-Commit-Position: refs/heads/master@{#29465}
Keeping this CL separate in case there are more GC-stress problems.
BUG=v8:3956
LOG=N
Review URL: https://codereview.chromium.org/1217543006
Cr-Commit-Position: refs/heads/master@{#29449}
The only right way to enable access checks is to install access check callbacks on an object template via v8::ObjectTemplate::SetAccessCheckCallbacks(). It does not make sense to enable access checks on an arbitrary object.
Review URL: https://codereview.chromium.org/1217893012
Cr-Commit-Position: refs/heads/master@{#29439}
This involves:
- Enabling the tail call optimization reducer in all cases.
- Adding an addition flag to CallFunctionParameters to mark call sites
that can be tail-called enabled.
- Only set the tail-call flag for %_CallFunction.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1216933011
Cr-Commit-Position: refs/heads/master@{#29436}
Conditionally including Array and TypedArray methods seems to cause
a slowdown in V8 context creation, possibly due to the new code added.
BUG=chromium:504629
R=adamk@chromium.org
LOG=Y
Review URL: https://codereview.chromium.org/1215863003
Cr-Commit-Position: refs/heads/master@{#29430}
This is more consistent with the DOM API, and is clearer w.r.t. which values
are available in the lexical environment of the Worker.
BUG=chromium:497295
R=jarin@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1218553004
Cr-Commit-Position: refs/heads/master@{#29426}
The enumerable expression in a for-in/of loop is supposed to have a TDZ for any
lexically bound names in that loop (there can be more than one with destructuring).
This patch accomplishes this with an almost-correct desugaring. The only thing missing
is proper debugger support (the let declarations added by the desugaring, while invisible
to code due to shadowing, are visible to the debugger).
BUG=v8:4210
LOG=n
Review URL: https://codereview.chromium.org/1218543003
Cr-Commit-Position: refs/heads/master@{#29396}
v8::Internal::List will DCHECK when indexing out of the array, even if just to
get the address, and the value is never used. So this construct will fail:
memcpy(p, &data[0], length);
When data is empty and length is 0.
BUG=chromium:505778
R=mstarzinger@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1216853003
Cr-Commit-Position: refs/heads/master@{#29388}
Revert "Revert relanded strong property access CL"
Regression issues should be solved. Initial patchset is the original, subsequent patchsets are the fixing modifications.
This reverts commit 4ac7be5656.
BUG=v8:3956
LOG=N
Review URL: https://codereview.chromium.org/1199983002
Cr-Commit-Position: refs/heads/master@{#29384}
Also fixes a crankshaft bug with strong implicit conversions.
It turns out that the implicit conversion of oddball values
is smushed into so many places in crankshaft that it would
have been pretty invasive surgery to make everything fall
out naturally.
BUG=v8:3956
LOG=N
Review URL: https://codereview.chromium.org/1216463003
Cr-Commit-Position: refs/heads/master@{#29381}
This makes sure that the exit control flow that merges the try-block
with the catch-block after a try-catch-statement creates a new merge
node in cases where it has to. Otherwise dangling phi nodes might have
the wrong number of value inputs.
R=bmeurer@chromium.org
TEST=mjsunit/regress/regress-crbug-505354
BUG=chromium:505354
LOG=N
Review URL: https://codereview.chromium.org/1213183003
Cr-Commit-Position: refs/heads/master@{#29362}
This makes new.target work in [[Call]] and [[Construct]] of ordinary
functions.
We achieve this by introducing a new construct stub for functions that
uses the new.target variable. The construct stub pushes the original
constructor just above the receiver in the construct frame.
BUG=v8:3887
LOG=N
R=adamk@chromium.org, dslomov@chromium.org
Review URL: https://codereview.chromium.org/1203813002
Cr-Commit-Position: refs/heads/master@{#29358}
zlib is broken for mips after 35eb3a0260.
We're still working on a fix. Skip test for now, so the bots cycle green.
BUG=
Review URL: https://codereview.chromium.org/1209253005
Cr-Commit-Position: refs/heads/master@{#29356}
Dumb typo introduced in refs/heads/master@{#29306}. I thought I was turning on
report_exceptions in Shell::ExecuteString, but instead I turned on print_result
(which assumes an interactive debugger and a HandleScope for the
utility_context_).
BUG=chromium:504727,chromium:504728
R=mstarzinger@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/1219563002
Cr-Commit-Position: refs/heads/master@{#29350}