Commit Graph

27016 Commits

Author SHA1 Message Date
bmeurer
411c5b7fb0 [turbofan] Desugar JSUnaryNot(x) to Select(x, false, true).
Also remove the ResultMode from ToBooleanStub and always return true or
false and use the same mechanism in fullcodegen.  This is in preparation
for adding ToBoolean hints to TurboFan.

Drive-by-fix: We can use the power of the ToBooleanIC in TurboFan now
that the ResultMode is gone (and the runtime always returns true or
false from the miss handler).

R=mstarzinger@chromium.org
BUG=v8:4583
LOG=n

Review URL: https://codereview.chromium.org/1491223002

Cr-Commit-Position: refs/heads/master@{#32524}
2015-12-02 15:22:13 +00:00
sigurds
6095d0af30 [turbofan] Refactor escape analysis to only expose one class.
R=mstarzinger@chromium.org
BUG=v8:4586
LOG=n

Review URL: https://codereview.chromium.org/1491903002

Cr-Commit-Position: refs/heads/master@{#32523}
2015-12-02 15:21:21 +00:00
mlippautz
9b421f2690 Revert of [heap] Refactor evacuation for young and old gen into visitors. (patchset #1 id:1 of https://codereview.chromium.org/1493523003/ )
Reason for revert:
Speculative revert for crashing Canary.

Original issue's description:
> Reland of [heap] Refactor evacuation for young and old gen into visitors. (patchset #1 id:1 of https://codereview.chromium.org/1483393002/ )
>
> Reason for revert:
> Reland after fixing the potential root cause of the canary crasher.
>
> Original issue's description:
> > Revert of [heap] Refactor evacuation for young and old gen into visitors. (patchset #5 id:80001 of https://codereview.chromium.org/1470253002/ )
> >
> > Reason for revert:
> > Still investigating bad canary.
> >
> > Original issue's description:
> > > [heap] Refactor evacuation for young and old gen into visitors.
> > >
> > > Create a visitor for evacuating objects for young and old generation. This is
> > > the first step of preparing a task to process, both,  newspace and oldspace
> > > pages in parallel.
> > >
> > > BUG=chromium:524425
> > > LOG=N
> > >
> > > Committed: https://crrev.com/138d9bae5d7014e0d205634a49b5eac3697744c8
> > > Cr-Commit-Position: refs/heads/master@{#32349}
> >
> > TBR=mlippautz@chromium.org
> > NOPRESUBMIT=true
> > NOTREECHECKS=true
> > NOTRY=true
> > BUG=chromium:524425
> >
> > Committed: https://crrev.com/aa24a3135ec308e1f84bce334844caf0cae2437a
> > Cr-Commit-Position: refs/heads/master@{#32462}
>
> TBR=mlippautz@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=chromium:524425
>
> Committed: https://crrev.com/120b640dfce5f02cecc5af72ca0b2b3b93ce8652
> Cr-Commit-Position: refs/heads/master@{#32500}

TBR=hpayer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:524425

Review URL: https://codereview.chromium.org/1495583002

Cr-Commit-Position: refs/heads/master@{#32522}
2015-12-02 14:50:27 +00:00
mlippautz
e35e8c9d96 Revert of [heap] Unify evacuating an object for new and old generation. (patchset #1 id:1 of https://codereview.chromium.org/1494533002/ )
Reason for revert:
Speculative revert for crashing Canary.

Original issue's description:
> Reland of [heap] Unify evacuating an object for new and old generation. (patchset #1 id:1 of https://codereview.chromium.org/1483963004/ )
>
> Reason for revert:
> Reland after fixing the potential root cause of the canary crasher.
>
> Original issue's description:
> > Revert of [heap] Unify evacuating an object for new and old generation. (patchset #2 id:20001 of https://codereview.chromium.org/1481873002/ )
> >
> > Reason for revert:
> > Still investigating bad canary.
> >
> > Original issue's description:
> > > [heap] Unify evacuating an object for new and old generation.
> > >
> > > BUG=chromium:524425
> > > LOG=N
> > >
> > > Committed: https://crrev.com/afb8bcce8ba889280ed747eb218d287ddd233b4a
> > > Cr-Commit-Position: refs/heads/master@{#32365}
> >
> > TBR=mlippautz@chromium.org
> > NOPRESUBMIT=true
> > NOTREECHECKS=true
> > NOTRY=true
> > BUG=chromium:524425
> >
> > Committed: https://crrev.com/9c60ddc60e96da0c59e646660789c26550ad52a2
> > Cr-Commit-Position: refs/heads/master@{#32460}
>
> TBR=mlippautz@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=chromium:524425
>
> Committed: https://crrev.com/7ea8ac98f6eb5ffa9d4976aa22fec9befb814e0c
> Cr-Commit-Position: refs/heads/master@{#32501}

TBR=hpayer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:524425

Review URL: https://codereview.chromium.org/1491013003

Cr-Commit-Position: refs/heads/master@{#32521}
2015-12-02 14:49:37 +00:00
mlippautz
2322768104 Revert of "[heap] Clean up stale store buffer entries for aborted pages." (patchset #3 id:40001 of https://codereview.chromium.org/1494503004/ )
Reason for revert:
Still failing on GC stress
  https://chromegw.corp.google.com/i/client.v8/builders/V8%20Linux%20-%20gc%20stress/builds/690

Original issue's description:
> Reland of "[heap] Clean up stale store buffer entries for aborted pages."
>
> This reverts commit d4fc4a8cad.
>
> 1.  Let X be the aborted slot (slot in an evacuated object in an aborted page)
> 2.  Assume X contains pointer to Y and Y is in the new space, so X is in the
>     store buffer.
> 3.  Store buffer rebuilding will not filter out X (it checks InNewSpace(Y)).
> 4.  The current mark-sweep finishes. The slot X is in free space and is also in
>     the store buffer.
> 5.  A string of length 9 "abcdefghi" is allocated in the new space. The string
>     looks like |MAP|LENGTH|hgfedcba|NNNNNNNi| in memory, where NNNNNNN is
>     previous garbage. Let's assume that NNNNNNN0 was pointing to a new space
>     object before.
> 6.  Scavenge happens.
> 7.  Slot X is still in free space and in store buffer. [It causes scavenge of
>     the object Y in
>     store_buffer()->IteratePointersToNewSpace(&Scavenger::ScavengeObject). But
>     it is not important].
> 8.  Our string is promoted and is allocated over the slot X, such that NNNNNNNi
>     is written in X.
> 9.  The scavenge finishes.
> 9.  Another scavenge starts.
> 10. We crash in
>     store_buffer()->IteratePointersToNewSpace(&Scavenger::ScavengeObject) when
>     processing slot X, because it doesn't point to valid map.
>
> BUG=chromium:524425, chromium:564498
> LOG=N
> R=hpayer@chromium.org, ulan@chromium.org
>
> Committed: https://crrev.com/fc6ff534003480e49dc481d9c665e961ab709c02
> Cr-Commit-Position: refs/heads/master@{#32514}

TBR=hpayer@chromium.org,ulan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:524425, chromium:564498

Review URL: https://codereview.chromium.org/1492823002

Cr-Commit-Position: refs/heads/master@{#32520}
2015-12-02 14:48:06 +00:00
bmeurer
ddb9f461f1 [turbofan] Optimize %_IsJSReceiver based on input type.
We can constant fold %_IsJSReceiver(x) based on whether x is always a
receiver or can never be a receiver.  This is important as
%_IsJSReceiver is inserted by the JSInliner.

R=jarin@chromium.org
BUG=v8:4544
LOG=n

Review URL: https://codereview.chromium.org/1486383003

Cr-Commit-Position: refs/heads/master@{#32519}
2015-12-02 14:35:54 +00:00
mbrandy
d0b30d0276 Account for embedded constant pool pointer in Live Edit frame.
R=mvstanton@chromium.org, yangguo@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1491683003

Cr-Commit-Position: refs/heads/master@{#32518}
2015-12-02 14:30:51 +00:00
yangguo
e1866c8f6f [debugger] fix liveedit in combination with step in.
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/1493733002

Cr-Commit-Position: refs/heads/master@{#32517}
2015-12-02 14:27:09 +00:00
yangguo
531dde9f80 [debugger] simplify reloc info for debug break slots.
The new step-in implementation no longer tries to predict the step-in
target, so we don't need the arguments count nor call type anymore.

R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/1484893003

Cr-Commit-Position: refs/heads/master@{#32516}
2015-12-02 14:14:29 +00:00
zhengxing.li
7d6c566622 X87: [turbofan] Implemented the optional Float32RoundUp operator.
port 4f4947898d (r32262)

  original commit message:
  The Float32RoundUp operator rounds float32 numbers towards infinity.
  The operator is currently implemented on x64, ia32, arm, and arm64.

BUG=

Review URL: https://codereview.chromium.org/1491843003

Cr-Commit-Position: refs/heads/master@{#32515}
2015-12-02 14:06:33 +00:00
mlippautz
fc6ff53400 Reland of "[heap] Clean up stale store buffer entries for aborted pages."
This reverts commit d4fc4a8cad.

1.  Let X be the aborted slot (slot in an evacuated object in an aborted page)
2.  Assume X contains pointer to Y and Y is in the new space, so X is in the
    store buffer.
3.  Store buffer rebuilding will not filter out X (it checks InNewSpace(Y)).
4.  The current mark-sweep finishes. The slot X is in free space and is also in
    the store buffer.
5.  A string of length 9 "abcdefghi" is allocated in the new space. The string
    looks like |MAP|LENGTH|hgfedcba|NNNNNNNi| in memory, where NNNNNNN is
    previous garbage. Let's assume that NNNNNNN0 was pointing to a new space
    object before.
6.  Scavenge happens.
7.  Slot X is still in free space and in store buffer. [It causes scavenge of
    the object Y in
    store_buffer()->IteratePointersToNewSpace(&Scavenger::ScavengeObject). But
    it is not important].
8.  Our string is promoted and is allocated over the slot X, such that NNNNNNNi
    is written in X.
9.  The scavenge finishes.
9.  Another scavenge starts.
10. We crash in
    store_buffer()->IteratePointersToNewSpace(&Scavenger::ScavengeObject) when
    processing slot X, because it doesn't point to valid map.

BUG=chromium:524425, chromium:564498
LOG=N
R=hpayer@chromium.org, ulan@chromium.org

Review URL: https://codereview.chromium.org/1494503004

Cr-Commit-Position: refs/heads/master@{#32514}
2015-12-02 14:04:56 +00:00
cbruni
535e221d4f [runtime] Rename IsPropertyEnumerable to PropertyIsEnumerable conforming to the spec.
BUG=

Review URL: https://codereview.chromium.org/1491613002

Cr-Commit-Position: refs/heads/master@{#32513}
2015-12-02 14:03:49 +00:00
machenbach
1125f16088 Revert of [CQ] Update proto format to fix triggered builders. (patchset #1 id:1 of https://codereview.chromium.org/1495443003/ )
Reason for revert:
Still not working

Original issue's description:
> Reland of [CQ] Update proto format to fix triggered builders. (patchset #1 id:1 of https://codereview.chromium.org/1485813004/ )
>
> Reason for revert:
> Should be fixed after https://codereview.chromium.org/1487413002/
>
> Original issue's description:
> > Revert of [CQ] Update proto format to fix triggered builders. (patchset #1 id:1 of https://codereview.chromium.org/1486963002/ )
> >
> > Reason for revert:
> > Maybe causing problems
> >
> > Original issue's description:
> > > [CQ] Update proto format to fix triggered builders.
> > >
> > > Depends on https://chromereviews.googleplex.com/319777013/
> > >
> > > BUG=chromium:561530
> > > LOG=n
> > > TBR=sergiyb@chromium.org, tandrii@chromium.org
> > > NOTRY=true
> > >
> > > Committed: https://crrev.com/51d6d619330080a76c5bc7a2ebdafebc6a808aa8
> > > Cr-Commit-Position: refs/heads/master@{#32453}
> >
> > TBR=sergiyb@chromium.org,tandrii@chromium.org
> > NOPRESUBMIT=true
> > NOTREECHECKS=true
> > NOTRY=true
> > BUG=chromium:561530
> >
> > Committed: https://crrev.com/79ded5acc9da6a80cbd739c24c6dfa0cf207ae93
> > Cr-Commit-Position: refs/heads/master@{#32464}
>
> TBR=sergiyb@chromium.org,tandrii@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=chromium:561530
>
> Committed: https://crrev.com/3cea13351c1af365013f51c7b67e72eeba79afe6
> Cr-Commit-Position: refs/heads/master@{#32511}

TBR=sergiyb@chromium.org,tandrii@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:561530

Review URL: https://codereview.chromium.org/1493693003

Cr-Commit-Position: refs/heads/master@{#32512}
2015-12-02 13:28:07 +00:00
machenbach
3cea13351c Reland of [CQ] Update proto format to fix triggered builders. (patchset #1 id:1 of https://codereview.chromium.org/1485813004/ )
Reason for revert:
Should be fixed after https://codereview.chromium.org/1487413002/

Original issue's description:
> Revert of [CQ] Update proto format to fix triggered builders. (patchset #1 id:1 of https://codereview.chromium.org/1486963002/ )
>
> Reason for revert:
> Maybe causing problems
>
> Original issue's description:
> > [CQ] Update proto format to fix triggered builders.
> >
> > Depends on https://chromereviews.googleplex.com/319777013/
> >
> > BUG=chromium:561530
> > LOG=n
> > TBR=sergiyb@chromium.org, tandrii@chromium.org
> > NOTRY=true
> >
> > Committed: https://crrev.com/51d6d619330080a76c5bc7a2ebdafebc6a808aa8
> > Cr-Commit-Position: refs/heads/master@{#32453}
>
> TBR=sergiyb@chromium.org,tandrii@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=chromium:561530
>
> Committed: https://crrev.com/79ded5acc9da6a80cbd739c24c6dfa0cf207ae93
> Cr-Commit-Position: refs/heads/master@{#32464}

TBR=sergiyb@chromium.org,tandrii@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:561530

Review URL: https://codereview.chromium.org/1495443003

Cr-Commit-Position: refs/heads/master@{#32511}
2015-12-02 12:55:34 +00:00
hablich
424b246bce [Release] CC hpayer@ and ulan@ to every heap change
NOTRY=true
TBR=hpayer@chromium.org, ulan@chromium.org

Review URL: https://codereview.chromium.org/1490263002

Cr-Commit-Position: refs/heads/master@{#32510}
2015-12-02 12:49:50 +00:00
jochen
6c0d1a1100 Pass explicit Isolate parameter to v8::Debug methods that need it
BUG=v8:2487
LOG=n
R=vogelheim@chromium.org

Review URL: https://codereview.chromium.org/1496493002

Cr-Commit-Position: refs/heads/master@{#32509}
2015-12-02 12:47:41 +00:00
danno
3e7e3ed726 [stubs] A new approach to TF stubs
* Add a sibling interface to InterpreterAssembler called
  CodeStubAssembler which provides a wrapper around the
  RawMachineAssembler and is intented to make it easy to build
  efficient cross-platform code stubs. Much of the implementation
  of CodeStubAssembler is shamelessly stolen from the
  InterpreterAssembler, and the idea is to eventually merge the
  two interfaces somehow, probably moving the
  InterpreterAssembler interface over to use the
  CodeStubAssembler. Short-term, however, the two interfaces
  shall remain decoupled to increase our velocity developing the
  two systems in parallel.
* Implement the StringLength stub in TurboFan with the new
  CodeStubAssembler. Replace and remove the old Hydrogen-stub
  version.
* Remove a whole slew of machinery to support JavaScript-style
  code stub generation, since it ultimately proved unwieldy,
  brittle and baroque. This cleanup includes removing the shared
  code stub context, several example stubs and a tangle of build
  file changes.

BUG=v8:4587
LOG=n

Review URL: https://codereview.chromium.org/1475953002

Cr-Commit-Position: refs/heads/master@{#32508}
2015-12-02 12:35:20 +00:00
bmeurer
2377170d07 [proxies] Implement the Proxy constructor in C++ fully.
The main part of the Proxy constructor was already in C++, there's
actually no point in keeping a JavaScript wrapper.

R=cbruni@chromium.org
BUG=v8:1543
LOG=n

Review URL: https://codereview.chromium.org/1491893002

Cr-Commit-Position: refs/heads/master@{#32507}
2015-12-02 12:30:16 +00:00
cbruni
9cffd0d2ce [runtime] Adding more detailed error message for Object::GetMethod.
BUG=

Review URL: https://codereview.chromium.org/1484393002

Cr-Commit-Position: refs/heads/master@{#32506}
2015-12-02 12:25:51 +00:00
bmeurer
4013a8df54 [builtins] Some refactoring on the builtin mechanism.
Allow to pass new.target (in addition to target) to C++ builtins, and
remove some obsolete/dangerous code from the C++ builtins.

R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/1491883002

Cr-Commit-Position: refs/heads/master@{#32505}
2015-12-02 12:01:33 +00:00
mlippautz
d4fc4a8cad Revert of [heap] Clean up stale store buffer entries for aborted pages. (patchset #4 id:60001 of https://codereview.chromium.org/1493653002/ )
Reason for revert:
Not completely correct fix.

Original issue's description:
> [heap] Clean up stale store buffer entries for aborted pages.
>
> 1.  Let X be the aborted slot (slot in an evacuated object in an aborted page)
> 2.  Assume X contains pointer to Y and Y is in the new space, so X is in the
>     store buffer.
> 3.  Store buffer rebuilding will not filter out X (it checks InNewSpace(Y)).
> 4.  The current mark-sweep finishes. The slot X is in free space and is also in
>     the store buffer.
> 5.  A string of length 9 "abcdefghi" is allocated in the new space. The string
>     looks like |MAP|LENGTH|hgfedcba|NNNNNNNi| in memory, where NNNNNNN is
>     previous garbage. Let's assume that NNNNNNN0 was pointing to a new space
>     object before.
> 6.  Scavenge happens.
> 7.  Slot X is still in free space and in store buffer. [It causes scavenge of
>     the object Y in
>     store_buffer()->IteratePointersToNewSpace(&Scavenger::ScavengeObject). But
>     it is not important].
> 8.  Our string is promoted and is allocated over the slot X, such that NNNNNNNi
>     is written in X.
> 9.  The scavenge finishes.
> 9.  Another scavenge starts.
> 10. We crash in
>     store_buffer()->IteratePointersToNewSpace(&Scavenger::ScavengeObject) when
>     processing slot X, because it doesn't point to valid map.
>
> BUG=chromium:524425,chromium:564498
> LOG=N
> R=hpayer@chromium.org, ulan@chromium.org
>
> Committed: https://crrev.com/2e7eea4aef3403969fe885e30f892d46253b3572
> Cr-Commit-Position: refs/heads/master@{#32495}

TBR=hpayer@chromium.org,ulan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:524425,chromium:564498

Review URL: https://codereview.chromium.org/1489243004

Cr-Commit-Position: refs/heads/master@{#32504}
2015-12-02 11:43:42 +00:00
hpayer
09032dade4 Reland of [heap] Remove live weak cells from weak cell list when finalizing incremental marking. (patchset #1 id:1 of https://codereview.chromium.org/1481383004/ )
Reason for revert:
Reland after fixing the potential root cause of the canary crasher.

Original issue's description:
> Revert of [heap] Remove live weak cells from weak cell list when finalizing incremental marking. (patchset #3 id:40001 of https://codereview.chromium.org/1474303002/ )
>
> Reason for revert:
> Still investigating bad canary.
>
> Original issue's description:
> > [heap] Remove live weak cells from weak cell list when finalizing incremental marking.
> >
> > BUG=chromium:548562
> > LOG=n
> >
> > Committed: https://crrev.com/6190c608c8f3ced0f00ff53965e115b78646cecd
> > Cr-Commit-Position: refs/heads/master@{#32372}
>
> TBR=ulan@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=chromium:548562
>
> Committed: https://crrev.com/72ae472ccc51ec304a66a8730c1fedbe265c16fa
> Cr-Commit-Position: refs/heads/master@{#32459}

TBR=ulan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:548562

Review URL: https://codereview.chromium.org/1491743003

Cr-Commit-Position: refs/heads/master@{#32503}
2015-12-02 11:06:46 +00:00
hpayer
0240d20265 Reland of [heap] Cleanup mark bit usage. (patchset #1 id:1 of https://codereview.chromium.org/1490753003/ )
Reason for revert:
Reland after fixing the potential root cause of the canary crasher.

Original issue's description:
> Revert of [heap] Cleanup mark bit usage. (patchset #1 id:1 of https://codereview.chromium.org/1474203003/ )
>
> Reason for revert:
> Still investigating bad canary.
>
> Original issue's description:
> > [heap] Cleanup mark bit usage.
> >
> > BUG=
> >
> > Committed: https://crrev.com/5874ac783ff9bc4bb4b2fda81f5077f06619f96c
> > Cr-Commit-Position: refs/heads/master@{#32362}
>
> TBR=mlippautz@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=
>
> Committed: https://crrev.com/d3faef8658598e68331208b5a1846ac1c250cb49
> Cr-Commit-Position: refs/heads/master@{#32461}

TBR=mlippautz@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1488393003

Cr-Commit-Position: refs/heads/master@{#32502}
2015-12-02 11:05:56 +00:00
hpayer
7ea8ac98f6 Reland of [heap] Unify evacuating an object for new and old generation. (patchset #1 id:1 of https://codereview.chromium.org/1483963004/ )
Reason for revert:
Reland after fixing the potential root cause of the canary crasher.

Original issue's description:
> Revert of [heap] Unify evacuating an object for new and old generation. (patchset #2 id:20001 of https://codereview.chromium.org/1481873002/ )
>
> Reason for revert:
> Still investigating bad canary.
>
> Original issue's description:
> > [heap] Unify evacuating an object for new and old generation.
> >
> > BUG=chromium:524425
> > LOG=N
> >
> > Committed: https://crrev.com/afb8bcce8ba889280ed747eb218d287ddd233b4a
> > Cr-Commit-Position: refs/heads/master@{#32365}
>
> TBR=mlippautz@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=chromium:524425
>
> Committed: https://crrev.com/9c60ddc60e96da0c59e646660789c26550ad52a2
> Cr-Commit-Position: refs/heads/master@{#32460}

TBR=mlippautz@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:524425

Review URL: https://codereview.chromium.org/1494533002

Cr-Commit-Position: refs/heads/master@{#32501}
2015-12-02 11:04:24 +00:00
hpayer
120b640dfc Reland of [heap] Refactor evacuation for young and old gen into visitors. (patchset #1 id:1 of https://codereview.chromium.org/1483393002/ )
Reason for revert:
Reland after fixing the potential root cause of the canary crasher.

Original issue's description:
> Revert of [heap] Refactor evacuation for young and old gen into visitors. (patchset #5 id:80001 of https://codereview.chromium.org/1470253002/ )
>
> Reason for revert:
> Still investigating bad canary.
>
> Original issue's description:
> > [heap] Refactor evacuation for young and old gen into visitors.
> >
> > Create a visitor for evacuating objects for young and old generation. This is
> > the first step of preparing a task to process, both,  newspace and oldspace
> > pages in parallel.
> >
> > BUG=chromium:524425
> > LOG=N
> >
> > Committed: https://crrev.com/138d9bae5d7014e0d205634a49b5eac3697744c8
> > Cr-Commit-Position: refs/heads/master@{#32349}
>
> TBR=mlippautz@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=chromium:524425
>
> Committed: https://crrev.com/aa24a3135ec308e1f84bce334844caf0cae2437a
> Cr-Commit-Position: refs/heads/master@{#32462}

TBR=mlippautz@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:524425

Review URL: https://codereview.chromium.org/1493523003

Cr-Commit-Position: refs/heads/master@{#32500}
2015-12-02 11:03:34 +00:00
ivica.bogosavljevic
60d77c8a43 MIPS: Correct handling of Nan values on MIPS R6
MIPS R6 introduced new behavior for handling of NaN values
for TRUNC, FLOOR, CEIL and CVT instructions. Adding support for
the new behavior in MIPS and MIPS64 simulators. Fixing tests
for MIPS and MIPS64 to align them with the new behavior.

BUG=

Review URL: https://codereview.chromium.org/1488613007

Cr-Commit-Position: refs/heads/master@{#32499}
2015-12-02 10:55:23 +00:00
sigurds
aa0ddf7db4 [turbofan] Initial support for escape analysis.
This is the first part of escape analysis for turbofan.
At the moment, there is no deopt support, and support
for loops is partial (only binary Phis are handled).

The CL includes 4 unittests.

There are also 8 new mjsunit tests, some of which are
skiped as they require features not yet implemented.

BUG=v8:4586
LOG=n

Review URL: https://codereview.chromium.org/1457683003

Cr-Commit-Position: refs/heads/master@{#32498}
2015-12-02 10:53:50 +00:00
verwaest
9bee67509c Don't EnsureHasInitialMap on non-constructors.
non-constructors are not allowed to have initial maps. The optimizing compilers used to add initial maps unconditionally to functions used as right-hand-side in instanceof.

BUG=

Review URL: https://codereview.chromium.org/1490003003

Cr-Commit-Position: refs/heads/master@{#32497}
2015-12-02 10:39:46 +00:00
jkummerow
e478a8ac39 [proxies] Implement Symbol/DONT_ENUM filtering for GetKeys()
And use it to fix Object.keys() for proxies.

BUG=v8:1543
LOG=n
R=cbruni@chromium.org

Review URL: https://codereview.chromium.org/1488873003

Cr-Commit-Position: refs/heads/master@{#32496}
2015-12-02 10:19:59 +00:00
mlippautz
2e7eea4aef [heap] Clean up stale store buffer entries for aborted pages.
1.  Let X be the aborted slot (slot in an evacuated object in an aborted page)
2.  Assume X contains pointer to Y and Y is in the new space, so X is in the
    store buffer.
3.  Store buffer rebuilding will not filter out X (it checks InNewSpace(Y)).
4.  The current mark-sweep finishes. The slot X is in free space and is also in
    the store buffer.
5.  A string of length 9 "abcdefghi" is allocated in the new space. The string
    looks like |MAP|LENGTH|hgfedcba|NNNNNNNi| in memory, where NNNNNNN is
    previous garbage. Let's assume that NNNNNNN0 was pointing to a new space
    object before.
6.  Scavenge happens.
7.  Slot X is still in free space and in store buffer. [It causes scavenge of
    the object Y in
    store_buffer()->IteratePointersToNewSpace(&Scavenger::ScavengeObject). But
    it is not important].
8.  Our string is promoted and is allocated over the slot X, such that NNNNNNNi
    is written in X.
9.  The scavenge finishes.
9.  Another scavenge starts.
10. We crash in
    store_buffer()->IteratePointersToNewSpace(&Scavenger::ScavengeObject) when
    processing slot X, because it doesn't point to valid map.

BUG=chromium:524425,chromium:564498
LOG=N
R=hpayer@chromium.org, ulan@chromium.org

Review URL: https://codereview.chromium.org/1493653002

Cr-Commit-Position: refs/heads/master@{#32495}
2015-12-02 09:39:35 +00:00
yangguo
62dcf2fab6 [es6] correctly handle object wrappers in JSON.stringify.
R=bmeurer@chromium.org
BUG=v8:4581
LOG=N

Review URL: https://codereview.chromium.org/1495473002

Cr-Commit-Position: refs/heads/master@{#32494}
2015-12-02 08:44:03 +00:00
hablich
4fb84b9dd6 Clobber to hopefully resolve a clang problem
BUG=chromium:500934
LOG=N
TBR=yangguo@chromium.org

Review URL: https://codereview.chromium.org/1486343003

Cr-Commit-Position: refs/heads/master@{#32493}
2015-12-02 08:09:19 +00:00
zhengxing.li
ed679e5280 X87: [turbofan] Implemented the optional Float32RoundDown operator.
port 74434403f6 (r32261)

  original commit message:
  I implemented the optional Float32RoundDown operator on x64, ia32, arm,
  and arm64.

  For arm I also had to adjust the simulator.

BUG=

Review URL: https://codereview.chromium.org/1490113003

Cr-Commit-Position: refs/heads/master@{#32492}
2015-12-02 08:03:15 +00:00
bmeurer
f618401a8e [builtins] Remove some (now) unused code from C++ builtin adaptor.
Sanitize ConstructStub handling and add a test case to ensure that the
Symbol constructor is using the correct context.

R=jarin@chromium.org
BUG=v8:4413
LOG=n

Review URL: https://codereview.chromium.org/1489323002

Cr-Commit-Position: refs/heads/master@{#32491}
2015-12-02 07:32:10 +00:00
zhengxing.li
a0134a6dc6 X87: [turbofan] Added the optional Float64RoundTiesEven operator to turbofan.
port dffecf31fc (r32005)

  original commit message:
  The TiesEven rounding mode rounds float64 numbers to the nearest
  integer. If there are two nearest integers, then the number is rounded
  to the even one.  This is the default rounding mode according to
  IEEE~754.

  I implemented the operator on ia32, x64, arm, arm64, mips, and mips64.

  I think there is a bug in the current implementation of the ppc
  simulator, which kept me from implementing the operator on ppc.
  According to my understanding of the ppc instruction manual, the FRIN
  instruction provides the right behavior for Float64RoundTiesEven. In the
  simulator, however, FRIN provides a different semantics. If there are
  two nearest integers, then the simulator returns the one which is
  further away form 0.

BUG=

Review URL: https://codereview.chromium.org/1486323003

Cr-Commit-Position: refs/heads/master@{#32490}
2015-12-02 07:03:48 +00:00
zhengxing.li
4879550675 X87: Array constructor failed to enter it's function execution context.
port d2f78c6b79 (r32476)

  original commit message:
  This becomes visible if an exception is thrown by the constructor.
  We do this on "new Array(3.5)", throwing a RangeError.

BUG=

Review URL: https://codereview.chromium.org/1491153002

Cr-Commit-Position: refs/heads/master@{#32489}
2015-12-02 05:35:42 +00:00
zhengxing.li
54a9d349db X87: Provide call counts for constructor calls, surface them as a vector IC.
port 66d5a9df62 (r32452)

  original commit message:
  CallIC and CallConstructStub look so alike, at least in the feedback they gather even if the implementation differs...and CallIC has such a nice way of surfacing the feedback (CallICNexus), that there

BUG=

Review URL: https://codereview.chromium.org/1491063003

Cr-Commit-Position: refs/heads/master@{#32488}
2015-12-02 05:26:42 +00:00
zhengxing.li
ee29b94a83 X87: [debugger] Remove code to predict step-in target.
port 2f559f210d (r32449)

  original commit message:

BUG=

Review URL: https://codereview.chromium.org/1494453002

Cr-Commit-Position: refs/heads/master@{#32487}
2015-12-02 05:23:37 +00:00
zhengxing.li
a7ec7ebda3 X87: [x86] Sane default for Label::Distance on JumpIfRoot/JumpIfNotRoot.
port c83db2d071 (r32456)

  original commit message:

BUG=

Review URL: https://codereview.chromium.org/1487293002

Cr-Commit-Position: refs/heads/master@{#32486}
2015-12-02 05:21:16 +00:00
v8-autoroll
44ec33978d Update V8 DEPS.
Rolling v8/build/gyp to e2313c02ad7b6d589b38fe578f5d39970a9bbc20

Rolling v8/tools/clang to 3cc3dac50b26c67176bfed187a300741f31651bf

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review URL: https://codereview.chromium.org/1491133002

Cr-Commit-Position: refs/heads/master@{#32485}
2015-12-02 04:23:09 +00:00
zhengxing.li
0b94c99847 X87: [turbofan] Added the optional Float64RoundUp operator to turbofan.
port 1389b9f53c (r32004)

  original commit message:
  I implemented it on x64, ia32, arm, arm64, mips, mips64, and ppc.

BUG=

Review URL: https://codereview.chromium.org/1488993002

Cr-Commit-Position: refs/heads/master@{#32484}
2015-12-02 02:13:55 +00:00
yangguo
564a208676 [bootstrapper] no longer use outdated contexts list.
We currently use the outdated contexts list provided by the serializer
to update the receiver (the global proxy) in script contexts. However,
this is not actually necessary, since the global proxy is passed to the
deserializer and replaced as we deserialize.

Originally, the outdated contexts list is to update the global object
field in contexts. This was necessary since at the time the deserializer
creates the native context, the global object has not yet been created.
But the global proxy already exists.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1488873004

Cr-Commit-Position: refs/heads/master@{#32483}
2015-12-01 23:42:02 +00:00
mbrandy
70e699751c PPC: [debugger] Remove code to predict step-in target.
Port 2f559f210d

R=yangguo@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1490923004

Cr-Commit-Position: refs/heads/master@{#32482}
2015-12-01 23:17:18 +00:00
mbrandy
8ea834385e PPC: Provide call counts for constructor calls, surface them as a vector IC.
Port 66d5a9df62

Original commit message:
    CallIC and CallConstructStub look so alike, at least in the feedback
    they gather even if the implementation differs...and CallIC has such
    a nice way of surfacing the feedback (CallICNexus), that there is a
    request to make CallConstructStub look analogous. Enter ConstructICStub.

R=mvstanton@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1485303002

Cr-Commit-Position: refs/heads/master@{#32481}
2015-12-01 23:09:48 +00:00
mbrandy
ec5590dc82 PPC: Array constructor failed to enter it's function execution context.
Port d2f78c6b79

Original commit message:
    This becomes visible if an exception is thrown by the constructor.
    We do this on "new Array(3.5)", throwing a RangeError.

R=mvstanton@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1484423003

Cr-Commit-Position: refs/heads/master@{#32480}
2015-12-01 23:08:58 +00:00
dusan.m.milosavljevic
2d0e9abebf MIPS:[turbofan] Use Ins, Dins to clear bits instead of And with inverted immediate.
TEST=unittests/InstructionSelectorTest.Word(32|64)AndToClearBits
BUG=

Review URL: https://codereview.chromium.org/1485023004

Cr-Commit-Position: refs/heads/master@{#32479}
2015-12-01 22:16:48 +00:00
dusan.m.milosavljevic
6b11cc830b MIPS:[turbofan] Use Nor instruction for bit negation instead of xori.
Xori instruction can only have unisgned 16-bit immediates for right input,
as such it is not suitable for bit negation on mips.

TEST=unittests/InstructionSecetorTest.Word(32|64)XorMinusOneWithParameter
BUG=

Review URL: https://codereview.chromium.org/1485833003

Cr-Commit-Position: refs/heads/master@{#32478}
2015-12-01 21:58:43 +00:00
caitpotter88
5058f68596 [parser] treat MethodDefinitions in ObjectPatterns as SyntaxErrors
BUG=v8:4585
LOG=N
R=adamk@chromium.org, rossberg@chromium.org

Review URL: https://codereview.chromium.org/1488043002

Cr-Commit-Position: refs/heads/master@{#32477}
2015-12-01 20:33:11 +00:00
mvstanton
d2f78c6b79 Array constructor failed to enter it's function execution context.
This becomes visible if an exception is thrown by the constructor.
We do this on "new Array(3.5)", throwing a RangeError.

BUG=

Review URL: https://codereview.chromium.org/1483053004

Cr-Commit-Position: refs/heads/master@{#32476}
2015-12-01 18:43:03 +00:00
cbruni
f4d4051521 [runtime] [proxy] Runtime_HasOwnProperty and thus
Object.prototype.hasOwnProperty should use JSReceiver::HasOwnProperty for
proxies.

BUG=v8:1543
LOG=N

Review URL: https://codereview.chromium.org/1480213004

Cr-Commit-Position: refs/heads/master@{#32475}
2015-12-01 17:33:04 +00:00