Commit Graph

22530 Commits

Author SHA1 Message Date
marja
2dc0f2ec01 [strong] Allow mutually recursive classes.
The previous restrictions were overshooting (didn't allow a class to refer to a
later class under any circumstances); after this CL we're undershooting (allow
referring to any class from inside a method).

Implementing the correct checks (allow referring only if the class declarations
are in a consecutive block and if there's no dependency cycle) will be
implemented as a follow up.

BUG=v8:3956
LOG=N

Review URL: https://codereview.chromium.org/1087543004

Cr-Commit-Position: refs/heads/master@{#27888}
2015-04-16 14:12:52 +00:00
yangguo
a2baf44bf6 Serializer: collect and output memory statistics.
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1086363002

Cr-Commit-Position: refs/heads/master@{#27887}
2015-04-16 13:39:16 +00:00
ulan
da12c7c7c7 Add a flag to trace heap object stats on GC.
BUG=

Review URL: https://codereview.chromium.org/1094613002

Cr-Commit-Position: refs/heads/master@{#27886}
2015-04-16 13:30:30 +00:00
conradw
d8bccfe974 [strong] Implement static restrictions on switch statement
Implements the strong mode proposal's restrictions on the syntax of the
switch statement. Also fixes a minor bug with empty statements in strong
mode and improves StrongUndefinedArrow parser synch tests.

BUG=v8:3956
LOG=N

Review URL: https://codereview.chromium.org/1084983002

Cr-Commit-Position: refs/heads/master@{#27885}
2015-04-16 13:29:20 +00:00
erikcorry
71a19439e8 If a code space commit partially succeeds, free the memory
R=hpayer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1086253004

Cr-Commit-Position: refs/heads/master@{#27884}
2015-04-16 13:28:14 +00:00
erikcorry
9716468ae6 Fix logic for doing incremental marking steps on tenured allocation.
R=hpayer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1040233003

Cr-Commit-Position: refs/heads/master@{#27883}
2015-04-16 13:20:38 +00:00
hablich
0bc1a1526f Store hashes of current and previous shipped V8 version
Will be used for calculating changes between versions

BUG=
NOTRY=true

Review URL: https://codereview.chromium.org/1095483002

Cr-Commit-Position: refs/heads/master@{#27882}
2015-04-16 12:51:42 +00:00
mstarzinger
54cb7b6ea3 Disable more failing tests after f3338dd3b0.
TBR=jkummerow@chromium.org
TEST=mjsunit/debug-ignore-breakpoints
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1087673003

Cr-Commit-Position: refs/heads/master@{#27881}
2015-04-16 12:46:28 +00:00
wingo
e0913eccfb Simplify DoParseProgram
DoParseProgram doesn't appear to need to receive toplevel scopes as
arguments; it can properly set the end_position of the scopes to the
scanner's position after parsing is complete.

R=marja@chromium.org
BUG=
LOG=N

Review URL: https://codereview.chromium.org/1091743002

Cr-Commit-Position: refs/heads/master@{#27880}
2015-04-16 12:42:37 +00:00
yangguo
05bfdd866a Wrap map and set implementation in functions.
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1094563002

Cr-Commit-Position: refs/heads/master@{#27879}
2015-04-16 12:17:35 +00:00
yangguo
d3b788df0a Migrate error messages, part 2.
Motivation for this is reducing the size of the native context.

Review URL: https://codereview.chromium.org/1086313003

Cr-Commit-Position: refs/heads/master@{#27878}
2015-04-16 11:34:47 +00:00
chunyang.dai
758c5e123b X87: Use Cells to check prototype chain validity (disabled by default).
port 0179ec5797 (r27846).

original commit message:

 The cells are stored on prototypes (in their map's PrototypeInfo). When a
 prototype object changes its map, then both its own validity cell and those
 of all "downsstream" prototypes are invalidated; handlers for a given receiver
 embed the currently valid cell for that receiver's prototype during their
 compilation and check it on execution.

BUG=

Review URL: https://codereview.chromium.org/1090803002

Cr-Commit-Position: refs/heads/master@{#27877}
2015-04-16 10:40:43 +00:00
erikcorry
a3f5e04c99 Make store buffer more robust to OOM.
R=hpayer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1086263002

Cr-Commit-Position: refs/heads/master@{#27876}
2015-04-16 10:39:38 +00:00
chunyang.dai
5729299752 X87: Array() in optimized code can create with wrong ElementsKind in corner cases
port 13459c1ae3 (r27857)

original commit message:

    Array() in optimized code can create with wrong ElementsKind in corner cases.

    Calling new Array(JSObject::kInitialMaxFastElementArray) in optimized code
    makes a stub call that bails out due to the length. Currently, the bailout
    code a) doesn't have the allocation site, and b) wouldn't use it if it did
    because the length is perceived to be too high.

    This CL passes the allocation site to the stub call (rather than undefined),
    and alters the bailout code to utilize the feedback.

BUG=

Review URL: https://codereview.chromium.org/1088423002

Cr-Commit-Position: refs/heads/master@{#27875}
2015-04-16 10:38:35 +00:00
jkummerow
e39d33d3df Add missing Handle to GetOrCreatePrototypeChainValidityCell
Follow-up to 333219a745.

NOTRY=true
NOTREECHECKS=true

Review URL: https://codereview.chromium.org/1095503002

Cr-Commit-Position: refs/heads/master@{#27874}
2015-04-16 10:37:23 +00:00
chunyang.dai
e481c91b64 X87: VectorICs: megamorphic keyed loads in crankshaft don't need a vector.
port 776770c0e4 (r27827).

original commit message:

  This needs "Pass load ic state through the Oracle"
  (https://codereview.chromium.org/1083933002/) to land first.

BUG=

Review URL: https://codereview.chromium.org/1093433004

Cr-Commit-Position: refs/heads/master@{#27873}
2015-04-16 10:02:41 +00:00
jkummerow
333219a745 Enable Cell-based prototype chain checks
Review URL: https://codereview.chromium.org/1070253004

Cr-Commit-Position: refs/heads/master@{#27872}
2015-04-16 09:31:54 +00:00
hpayer
bbd222f882 Revert of Experiment: reduce heap growing factor to investigate OOM impact. (patchset #4 id:60001 of https://codereview.chromium.org/1060533003/)
Reason for revert:
Experiment done.

Original issue's description:
> Experiment: reduce heap growing factor to investigate OOM impact.
>
> This CL will be reverted after getting sufficient data.
> BUG=
>
> Committed: https://crrev.com/8b737395c8fcde35cbfbed6607f767ed48eefc5b
> Cr-Commit-Position: refs/heads/master@{#27804}

TBR=ulan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1085353003

Cr-Commit-Position: refs/heads/master@{#27871}
2015-04-16 09:06:40 +00:00
titzer
addb10633c [turbofan] Clean up cached nodes in JSGraph.
R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1080023002

Cr-Commit-Position: refs/heads/master@{#27870}
2015-04-16 08:41:34 +00:00
ulan
aae2c01740 Use atomic operation to read the length of a fixed array.
This fixes a race where
- mutator changes the fixed array length by trimming it,
- sweeper thread reads the length of the fixed array.

Also rename FROM_GC and FROM_MUTATOR to be more precise.

BUG=chromium:462908
LOG=NO

Review URL: https://codereview.chromium.org/1034163002

Cr-Commit-Position: refs/heads/master@{#27869}
2015-04-16 08:39:12 +00:00
ulan
63c6f7da34 Avoid evacuation of popular pages.
This breaks the (evacuation -> slots buffer overflow -> abort -> new GC -> evacuation) cycle for popular pages.

BUG=

Review URL: https://codereview.chromium.org/1037433002

Cr-Commit-Position: refs/heads/master@{#27868}
2015-04-16 08:34:03 +00:00
bmeurer
c66a2f7b46 Revert of [x64] Use xorl to materialize smi zero. (patchset #1 id:1 of https://codereview.chromium.org/1085153002/)
Reason for revert:
Seems to cause performance regressions.

Original issue's description:
> [x64] Use xorl to materialize smi zero.
>
> Before we always loaded smi zero via a movabs with a 64-bit immediate,
> which is pretty expensive compared to the xorl.
>
> R=jarin@chromium.org
>
> Committed: https://crrev.com/f236777bfe6e080ff1ead6baf847cc9b6bb4f9cb
> Cr-Commit-Position: refs/heads/master@{#27829}

TBR=jarin@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:477592
LOG=n

Review URL: https://codereview.chromium.org/1059543004

Cr-Commit-Position: refs/heads/master@{#27867}
2015-04-16 08:31:17 +00:00
dcarney
f89bea1e17 fix visiting of phantom handles that should be retained
BUG=

Review URL: https://codereview.chromium.org/1094473002

Cr-Commit-Position: refs/heads/master@{#27866}
2015-04-16 08:30:18 +00:00
yangguo
2e0cf57804 Fix signed/unsigned compare in messages.cc
R=machenbach@chromium.org
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1089363002

Cr-Commit-Position: refs/heads/master@{#27865}
2015-04-16 07:59:32 +00:00
yangguo
a5ac029058 Start migrating error message templates to the runtime.
Currently done with two templates, one used from native js, one from runtime.

R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/1087633005

Cr-Commit-Position: refs/heads/master@{#27864}
2015-04-16 07:01:16 +00:00
bmeurer
0e703bd34c [turbofan] Typed lowering requires typed nodes.
There's no point in checking whether a node is typed in JSTypedLowering.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1086303002

Cr-Commit-Position: refs/heads/master@{#27863}
2015-04-16 06:39:43 +00:00
bmeurer
d641cc457c [turbofan] Split ControlEquivalence implementation and add trace flag.
Split interface and implementation of ControlEquivalence and add a
dedicated trace flag --trace-turbo-ceq to make it reusable outside the
scheduler.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1056093005

Cr-Commit-Position: refs/heads/master@{#27862}
2015-04-16 06:04:36 +00:00
Benedikt Meurer
4d3370149d [turbofan] Make js-typed-lowering.h self contained.
TBR=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/1091723002

Cr-Commit-Position: refs/heads/master@{#27861}
2015-04-16 06:00:59 +00:00
v8-autoroll
df31577e98 Update V8 DEPS.
Rolling v8/tools/clang to 32e839da8bd2088ef23c3ea874d3c1cd04cd1384

TBR=machenbach@chromium.org

Review URL: https://codereview.chromium.org/1093493002

Cr-Commit-Position: refs/heads/master@{#27860}
2015-04-16 03:25:36 +00:00
adamk
b054ff4620 Revert "Add basic crankshaft support for slow-mode for-in to avoid disabling optimizations"
This reverts commit 8c98cc074e
because it causes flaky failures in the dromaeo.jslibeventprototype
benchmark on Linux/Windows and consistent failures on Android.

Also reverts the followup "Remove kForInStatementIsNotFastCase bailout reason"
(commit ba24e67696) to avoid breaking the build.

BUG=chromium:476592
TBR=verwaest@chromium.org
LOG=y

Review URL: https://codereview.chromium.org/1066663005

Cr-Commit-Position: refs/heads/master@{#27859}
2015-04-15 21:28:22 +00:00
wingo
53ddccfc33 Fix FormalParameterErrorLocations member names
R=arv@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1083953002

Cr-Commit-Position: refs/heads/master@{#27858}
2015-04-15 21:08:11 +00:00
mvstanton
13459c1ae3 Array() in optimized code can create with wrong ElementsKind in corner cases.
Calling new Array(JSObject::kInitialMaxFastElementArray) in optimized code
makes a stub call that bails out due to the length. Currently, the bailout
code a) doesn't have the allocation site, and b) wouldn't use it if it did
because the length is perceived to be too high.

This CL passes the allocation site to the stub call (rather than undefined),
and alters the bailout code to utilize the feedback.

BUG=

Review URL: https://codereview.chromium.org/1086873003

Cr-Commit-Position: refs/heads/master@{#27857}
2015-04-15 21:02:13 +00:00
machenbach
c85b22486a Revert of Simplify DoParseProgram (patchset #2 id:20001 of https://codereview.chromium.org/1058363003/)
Reason for revert:
[Sheriff] Changes some layout tests on all platforms, e.g.:
http://build.chromium.org/p/client.v8/builders/V8-Blink%20Linux%2032/builds/2543

Original issue's description:
> Simplify DoParseProgram
>
> DoParseProgram doesn't appear to need to receive toplevel scopes as
> arguments; it can properly set the end_position of the scopes to the
> scanner's position after parsing is complete.
>
> R=marja@chromium.org
> BUG=
> LOG=N
>
> Committed: https://crrev.com/8da9252f61d3c499a78b0b94299c314b2eb0b0c8
> Cr-Commit-Position: refs/heads/master@{#27847}

TBR=marja@chromium.org,wingo@igalia.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1089623002

Cr-Commit-Position: refs/heads/master@{#27856}
2015-04-15 17:20:21 +00:00
arv
79be74364a Fix issues with name and length on poison pill function
In ES6 function name and length are configurable. However, the length
and name properties of the poison pill function must not be
configurable.

BUG=v8:4011
LOG=N
R=adamk@chromium.org, rossberg@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1061393002

Cr-Commit-Position: refs/heads/master@{#27855}
2015-04-15 17:15:26 +00:00
scottmg
df087b23ed Make BitsetType enum uint32_t to avoid narrowing warnings
enum defaults to signed on win, and kTagged has 1<<31 causing
warning.

Full errors:

d:\src\cr3\src\v8\src\types.cc(1259): error C2220: warning treated as error - no 'object' file generated
d:\src\cr3\src\v8\src\types.cc(1241): note: while compiling class template member function 'void v8::internal::TypeImpl<v8::internal::ZoneTypeConfig>::BitsetType::Print(std::ostream &,v8::internal::TypeImpl<v8::internal::ZoneTypeConfig>::bitset)'
d:\src\cr3\src\v8\src\types.cc(1283): note: see reference to function template instantiation 'void v8::internal::TypeImpl<v8::internal::ZoneTypeConfig>::BitsetType::Print(std::ostream &,v8::internal::TypeImpl<v8::internal::ZoneTypeConfig>::bitset)' being compiled
d:\src\cr3\src\v8\src\types.cc(1355): note: see reference to class template instantiation 'v8::internal::TypeImpl<v8::internal::ZoneTypeConfig>::BitsetType' being compiled
d:\src\cr3\src\v8\src\types.cc(1259): warning C4838: conversion from 'int' to 'const v8::internal::TypeImpl<v8::internal::ZoneTypeConfig>::bitset' requires a narrowing conversion
d:\src\cr3\src\v8\src\types.cc(1259): note: to simplify migration, consider the temporary use of /Wv:18 flag with the version of the compiler with which you used to build without warnings
d:\src\cr3\src\v8\src\types.cc(323): warning C4838: conversion from '' to 'v8::internal::TypeImpl<v8::internal::ZoneTypeConfig>::bitset' requires a narrowing conversion
d:\src\cr3\src\v8\src\types.cc(323): note: to simplify migration, consider the temporary use of /Wv:18 flag with the version of the compiler with which you used to build without warnings
d:\src\cr3\src\v8\src\types.cc(315): note: while compiling class template static data member 'const v8::internal::TypeImpl<v8::internal::ZoneTypeConfig>::BitsetType::Boundary v8::internal::TypeImpl<v8::internal::ZoneTypeConfig>::BitsetType::BoundariesArray[]'
d:\src\cr3\src\v8\src\types.cc(1259): warning C4838: conversion from 'int' to 'const v8::internal::TypeImpl<v8::internal::HeapTypeConfig>::bitset' requires a narrowing conversion
d:\src\cr3\src\v8\src\types.cc(1259): note: to simplify migration, consider the temporary use of /Wv:18 flag with the version of the compiler with which you used to build without warnings
d:\src\cr3\src\v8\src\types.cc(1241): note: while compiling class template member function 'void v8::internal::TypeImpl<v8::internal::HeapTypeConfig>::BitsetType::Print(std::ostream &,v8::internal::TypeImpl<v8::internal::HeapTypeConfig>::bitset)'
d:\src\cr3\src\v8\src\types.cc(1283): note: see reference to function template instantiation 'void v8::internal::TypeImpl<v8::internal::HeapTypeConfig>::BitsetType::Print(std::ostream &,v8::internal::TypeImpl<v8::internal::HeapTypeConfig>::bitset)' being compiled
d:\src\cr3\src\v8\src\types.cc(1359): note: see reference to class template instantiation 'v8::internal::TypeImpl<v8::internal::HeapTypeConfig>::BitsetType' being compiled
d:\src\cr3\src\v8\src\types.cc(323): warning C4838: conversion from '' to 'v8::internal::TypeImpl<v8::internal::HeapTypeConfig>::bitset' requires a narrowing conversion
d:\src\cr3\src\v8\src\types.cc(323): note: to simplify migration, consider the temporary use of /Wv:18 flag with the version of the compiler with which you used to build without warnings
d:\src\cr3\src\v8\src\types.cc(315): note: while compiling class template static data member 'const v8::internal::TypeImpl<v8::internal::HeapTypeConfig>::BitsetType::Boundary v8::internal::TypeImpl<v8::internal::HeapTypeConfig>::BitsetType::BoundariesArray[]'

LOG=N
R=jochen@chromium.org
BUG=440500

Review URL: https://codereview.chromium.org/1055933004

Cr-Commit-Position: refs/heads/master@{#27854}
2015-04-15 16:31:33 +00:00
scottmg
961e61b012 Remove operator delete on VS2015 to avoid compiler bug
LOG=N
R=jochen@chromium.org
BUG=chromium:440500

Review URL: https://codereview.chromium.org/1084763002

Cr-Commit-Position: refs/heads/master@{#27853}
2015-04-15 16:23:24 +00:00
Jakob Kummerow
2064c3c9b2 Makefile: introduce debugsymbols=on flag
R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1085283002

Cr-Commit-Position: refs/heads/master@{#27852}
2015-04-15 15:20:18 +00:00
erikcorry
e0be05036f Reduce regexp compiler stack size when not optimizing regexps
R=jkummerow@chromium.org
BUG=chromium:475705
LOG=y

Review URL: https://codereview.chromium.org/1082763002

Cr-Commit-Position: refs/heads/master@{#27851}
2015-04-15 15:15:52 +00:00
mbrandy
ccc7952e3b PPC: VectorICs: megamorphic keyed loads in crankshaft don't need a vector.
Port c8e4d57d3b

Original commit message:
They are content with a dummy vector, as MISSES won't result in
changing the real vector/slot at all.

R=mvstanton@chromium.org, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1085913003

Cr-Commit-Position: refs/heads/master@{#27850}
2015-04-15 14:43:55 +00:00
mbrandy
0dc5fd7080 PPC: Use Cells to check prototype chain validity (disabled by default).
Port 0179ec5797

Original commit message:
The cells are stored on prototypes (in their map's PrototypeInfo). When a prototype object changes its map, then both its own validity cell and those of all "downstream" prototypes are invalidated; handlers for a given receiver embed the currently valid cell for that receiver's prototype during their compilation and check it on execution.

R=michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1091563002

Cr-Commit-Position: refs/heads/master@{#27849}
2015-04-15 14:39:48 +00:00
jkummerow
e02807ee8a Fix a few potential integer negation overflows
AFAICT none of these can actually be triggered currently; but it's still good to harden the code a little.

Review URL: https://codereview.chromium.org/1058533007

Cr-Commit-Position: refs/heads/master@{#27848}
2015-04-15 13:55:21 +00:00
wingo
8da9252f61 Simplify DoParseProgram
DoParseProgram doesn't appear to need to receive toplevel scopes as
arguments; it can properly set the end_position of the scopes to the
scanner's position after parsing is complete.

R=marja@chromium.org
BUG=
LOG=N

Review URL: https://codereview.chromium.org/1058363003

Cr-Commit-Position: refs/heads/master@{#27847}
2015-04-15 13:42:20 +00:00
mstarzinger
b807d112d7 [turbofan] Fix ForInStatement that deopts during filter.
This adds a missing bailout id to a ForInStatement for when retrieving
and filtering a property name deoptimizes. This can happen with proxies
that have a getPropertyDescriptor trap.

R=jarin@chromium.org
TEST=mjsunit/for-in-opt

Review URL: https://codereview.chromium.org/1086083002

Cr-Commit-Position: refs/heads/master@{#27846}
2015-04-15 13:12:05 +00:00
jkummerow
0179ec5797 Use Cells to check prototype chain validity (disabled by default).
The cells are stored on prototypes (in their map's PrototypeInfo). When a prototype object changes its map, then both its own validity cell and those of all "downstream" prototypes are invalidated; handlers for a given receiver embed the currently valid cell for that receiver's prototype during their compilation and check it on execution.

Review URL: https://codereview.chromium.org/908213002

Cr-Commit-Position: refs/heads/master@{#27845}
2015-04-15 12:53:24 +00:00
mvstanton
a2481f8dd9 VectorICs: recent changes broke cases with --novector-ics
Ensure that we protect turning off the vector ics flag.

BUG=
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/1087213002

Cr-Commit-Position: refs/heads/master@{#27844}
2015-04-15 12:49:51 +00:00
mstarzinger
969475b604 [crankshaft] Add missing source position for calls.
R=verwaest@chromium.org
TEST=cctest/test-api
BUG=v8:3995
LOG=N

Review URL: https://codereview.chromium.org/1058553004

Cr-Commit-Position: refs/heads/master@{#27843}
2015-04-15 12:48:48 +00:00
dcarney
00aec79079 [turbofan] cleanup ParallelMove
- make ParallelMove into a ZoneVector, removing an annoying level of indirection
- make MoveOperands hold InstructionOperands instead of pointers, so there's no more operand aliasing for moves
- opens up possibility of storing MachineType in allocated operands

R=bmeurer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1081373002

Cr-Commit-Position: refs/heads/master@{#27842}
2015-04-15 12:36:27 +00:00
hablich
6198bbc56d Retrieval of information by release channel
Polls omahaproxy for data about Chrome releases

BUG=
NOTRY=true

Review URL: https://codereview.chromium.org/1063073003

Cr-Commit-Position: refs/heads/master@{#27841}
2015-04-15 12:25:22 +00:00
ulan
3a814e4c1a Make climit and jslimit stack limits atomic.
This fixes TSAN failure caused by race between:
 - optimizing compiler thread setting climit
 - and json parser reading climit in the main thread.

BUG=

Review URL: https://codereview.chromium.org/1031223004

Cr-Commit-Position: refs/heads/master@{#27840}
2015-04-15 11:37:03 +00:00
yangguo
dd06f905cb Reland "Wrap typed array implementations in functions."
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/1090563002

Cr-Commit-Position: refs/heads/master@{#27839}
2015-04-15 10:36:19 +00:00