Commit Graph

10744 Commits

Author SHA1 Message Date
rmcilroy
1ea0b91a83 [Interpreter] Make ForInPrepare take a kRegTriple8 and ForInNext take kRegPair8 for cache state
Make ForInPrepare take a kRegTriple8 operand and ForInNext take kRegPair8
operand for cache state. This is to ensure that the cache state output of
ForInPrepare is in consecutive registers to allow us to deopt the
ForInPrepare node from TF->Ignition (to be done in a followup CL).

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1584813002

Cr-Commit-Position: refs/heads/master@{#33357}
2016-01-18 12:40:22 +00:00
neis
107db2ca8c Remove premature crankshaft optimization of HasInPrototypeChain.
R=bmeurer@chromium.org
BUG=chromium:578775
LOG=n

Review URL: https://codereview.chromium.org/1605483002

Cr-Commit-Position: refs/heads/master@{#33356}
2016-01-18 12:12:32 +00:00
mythria
dac46ef717 [Interpreter] Adds support for variable/function declarations in lookup slots.
Adds support for variable and function declarations in lookup slots to the
interpreter.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1583783003

Cr-Commit-Position: refs/heads/master@{#33355}
2016-01-18 12:00:25 +00:00
yangguo
085487dd03 [regexp] fix interpreted irregexp build.
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1595403003

Cr-Commit-Position: refs/heads/master@{#33354}
2016-01-18 10:42:13 +00:00
ahaas
e06f7d784e [turbofan] Add the RoundInt32ToFloat32 operator to turbofan.
The new operator converts an int32 input to float32. If the input cannot
be represented exactly in float32, the value is rounded using the
round-ties-even rounding mode (the default rounding mode).

I provide implementations of the new operator for x64, ia32, arm, arm64,
mips, mips64, ppc, and ppc64.

R=titzer@chromium.org, v8-arm-ports@googlegroups.com, v8-mips-ports@googlegroups.com, v8-ppc-ports@googlegroups.com

Review URL: https://codereview.chromium.org/1589363002

Cr-Commit-Position: refs/heads/master@{#33347}
2016-01-16 13:12:16 +00:00
ahaas
fc53eed14b [turbofan] Add the TruncateFloat32ToInt32 operator to turbofan.
The new operator converts a float32 input to int32 through truncation.
I provide implementations of the new operator for x64, ia32, arm,
arm64, mips, mips64, and x87. @v8-ppc-ports, can you please take care
of the ppc implementation?

R=titzer@chromium.org, v8-arm-ports@googlegroups.com, v8-mips-ports@googlegroups.com, weiliang.lin@intel.com

Review URL: https://codereview.chromium.org/1583323004

Cr-Commit-Position: refs/heads/master@{#33346}
2016-01-16 11:41:31 +00:00
adamk
25532be593 [modules] Support parsing anonymous default exports
This includes anonymous Function, Generator, and Class declarations when
preceded by 'export default'. Parsing only at the moment, nothing useful is
done with the parsed Function/ClassLiteral.

BUG=v8:1569
LOG=n

Review URL: https://codereview.chromium.org/1589173002

Cr-Commit-Position: refs/heads/master@{#33344}
2016-01-15 20:39:00 +00:00
rmcilroy
609e754193 [Interpreter] Skip test-heap/Regress538257 on Arm64 Ignition due to flake.
BUG=v8:4280
LOG=N
TBR=machenbach@chromium.org
NOTRY=TRUE

Review URL: https://codereview.chromium.org/1584343006

Cr-Commit-Position: refs/heads/master@{#33337}
2016-01-15 16:04:56 +00:00
cbruni
c86f1897ac [runtime] Throw exception for derived constructors in correct context.
When derived constructors return a non-object (or not undefined) we
currently throw an exception directly in the callee context. This was
achieved by desugaring the return statement for derived classes. To
be spec compliamnt a separate ConstructStubForDerived is introduced.
Instead of trowing directly, the desugared return statement inside
a derived constructor only returns an integer to indicate an incompatible
result.

BUG=v8:4509
LOG=n

Review URL: https://codereview.chromium.org/1593553002

Cr-Commit-Position: refs/heads/master@{#33336}
2016-01-15 15:31:28 +00:00
bmeurer
f23985d767 [runtime] No need to carry around the creation context for JSBoundFunctions.
We can return the creation context of the [[BoundTargetFunction]], and
don't need to remember the context in which the function was bound.

R=verwaest@chromium.org
BUG=chromium:535408
LOG=n

Review URL: https://codereview.chromium.org/1590273002

Cr-Commit-Position: refs/heads/master@{#33332}
2016-01-15 14:15:02 +00:00
rmcilroy
8a9927c351 [Interpreter] Skip regress-2249 on Arm Ignition which is still failing
BUG=v8:4280
LOG=N
TBR=machenbach@chromium.org
NOTRY=true

Review URL: https://codereview.chromium.org/1582273005

Cr-Commit-Position: refs/heads/master@{#33331}
2016-01-15 13:53:29 +00:00
jochen
ea1152676b Make JSProxies always be in slow mode
That way, we don't have to implement the fast <-> slow migration logic,
and we don't allocate in-object properties anyways

BUG=chromium:571365
R=verwaest@chromium.org,neis@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1582773003

Cr-Commit-Position: refs/heads/master@{#33328}
2016-01-15 13:03:10 +00:00
rmcilroy
be2210bcc4 [Interpreter] Remove Ignition skips fixed by 48a3227b
Remove ignition skips which are fixed by 48a3227b7d.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1590513003

Cr-Commit-Position: refs/heads/master@{#33322}
2016-01-15 11:26:24 +00:00
ishell
1bb7cfda7f [crankshaft] Don't inline array indexOf operations if receiver's proto is not a JSObject.
BUG=chromium:577112
LOG=N

Review URL: https://codereview.chromium.org/1584303002

Cr-Commit-Position: refs/heads/master@{#33320}
2016-01-15 10:19:59 +00:00
epertoso
ea5a1ac8b5 Marks FunctionCallbackInfo's Callee as deprecated.
BUG=

Review URL: https://codereview.chromium.org/1582793004

Cr-Commit-Position: refs/heads/master@{#33319}
2016-01-15 10:03:15 +00:00
bradnelson
3dcbc57e73 Allow asm modules to be instatiated with external heaps.
This merges the instantiation logic between instantiateModule
and instantiateModuleFromAsm.

BUG= https://code.google.com/p/v8/issues/detail?id=4203
TEST=asm-wasm
R=aseemgarg@chromium.org,titzer@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/1581913005

Cr-Commit-Position: refs/heads/master@{#33316}
2016-01-14 23:09:03 +00:00
bradnelson
090bf558f5 Reformat asm-wasm.js for increased readability.
BUG= https://code.google.com/p/v8/issues/detail?id=4203
TEST=asm-wasm
R=aseemgarg@chromium.org,titzer@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/1587213003

Cr-Commit-Position: refs/heads/master@{#33315}
2016-01-14 22:10:07 +00:00
littledan
e13f2ff40b Construct instances of base class from TypedArray.prototype.subarray
Previous changes with subclassable builtins and @@species were a bit
aggressive in making TypedArray.prototype.subarray act like the
ES2016 specification in terms of returning an instance of the
subclass as a result. It turns out that Node.js, and extracted
libraries for the web, subclass TypedArrays but don't expect the
subclass constructor to be called by subarray. @@species will provide
an escape hatch, but it has not shipped yet, and will take some time
for uptake by libraries.

For now, this patch makes TypedArray.prototype.subarray fall back to
constructing an instance of the parent TypedArray class, such as
Uint8Array.

R=adamk
LOG=Y
BUG=v8:4665

Review URL: https://codereview.chromium.org/1583773005

Cr-Commit-Position: refs/heads/master@{#33312}
2016-01-14 19:23:26 +00:00
adamk
bcde4e271e Propagate the "calls eval" bit from ScopeInfo to lazily-compiled arrow functions
This avoids generating different scopes on the two compilation passes, which
results in various delirious side-effects.

There's some cleanup to be done in lazy arrow function parsing, but I'd
rather do that in a separate patch, with this one targeted at fixing the
particular crash.

BUG=chromium:572589
LOG=n

Review URL: https://codereview.chromium.org/1575333004

Cr-Commit-Position: refs/heads/master@{#33311}
2016-01-14 19:21:24 +00:00
rossberg
92e6f7a315 Don't pre-initialise block contexts with holes
Respective declarations will explicitly initialise slots
with the hole anyway, so this always was unnecessary.
With varblocks it even became wrong, because block contexts
may now host var bindings, which want undefined.

Fixes the hole leaking when accessing an unitialised,
block-context-allocated var.

R=neis@chromium.org
BUG=571149
LOG=N

Review URL: https://codereview.chromium.org/1584243002

Cr-Commit-Position: refs/heads/master@{#33309}
2016-01-14 18:04:35 +00:00
mbrandy
04f1759522 Skip failing wasm tests on platforms with function descriptors.
Temporarily disable until solution is implemented.

R=titzer@chromium.org, bradnelson@chromium.org, ahaas@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1581103005

Cr-Commit-Position: refs/heads/master@{#33308}
2016-01-14 17:57:40 +00:00
mbrandy
0c1430ac2b Additional 64-bit Wasm tests to skip list for big-endian.
R=titzer@chromium.org, hablich@chromium.org, paul.lind@imgtec.com
BUG=

Review URL: https://codereview.chromium.org/1582143004

Cr-Commit-Position: refs/heads/master@{#33306}
2016-01-14 17:28:04 +00:00
jkummerow
b40a22dc87 Robustify NewNumberFromSize against int-overflow on cast
As luck would have it, there doesn't seem to be a way to trigger
observable misbehavior currently (only with special flags).

BUG=chromium:380671
LOG=n
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/1588013002

Cr-Commit-Position: refs/heads/master@{#33305}
2016-01-14 17:24:07 +00:00
vogelheim
8c04c33f28 Generalize 'fast accessor' tests to work with --always-opt.
BUG=508898
LOG=N

Review URL: https://codereview.chromium.org/1588053002

Cr-Commit-Position: refs/heads/master@{#33297}
2016-01-14 14:25:02 +00:00
rmcilroy
ef21fb2de6 [Interpreter] Ensure we always have an outer register allocation scope.
Split RegisterAllocationScope out of ExpressionResult and allocate one
for each statement. This ensures that we always have an outer register
allocation scope for statement code (used in CountOperation and
RegisterExecutionResult). Also refactored the register allocator code to
move it to it's own file and rename from TemporaryRegisterScope to
BytecodeRegisterAllocator.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1587033002

Cr-Commit-Position: refs/heads/master@{#33296}
2016-01-14 13:43:40 +00:00
epertoso
71129d5b43 Fix the receiver check in the HandleFastApiCall builtin.
CompatibleReceiverCheck used by the HandleFastApiCall builtin was terminating with failure upon encountering a hidden prototype.

It should actually stop iterating on the first non-hidden prototype.

BUG=

Review URL: https://codereview.chromium.org/1576423003

Cr-Commit-Position: refs/heads/master@{#33294}
2016-01-14 12:24:04 +00:00
vogelheim
41719a42ac Restrict GeneratePreagedPrologue to proper functions.
This solves a bug discovered with fast accessors, where a pre-age prologue
was written into a stub. Since StaticMarkingVisitor<.>::IsFlushable will
only flush Code::FUNCTION [1], we'll restrict GeneratePreagedPrologue to
functions, too, instead of adding a Code::STUB restriction.

Also, generalize api accessor test cases to --optimize-for-size.
Also, fix CompilationCacheCachingBehavior for --optimize-for-size.

[1] https://code.google.com/p/chromium/codesearch#chromium/src/v8/src/heap/objects-visiting-inl.h&l=629-632

R=epertoso
BUG=

Review URL: https://codereview.chromium.org/1580323003

Cr-Commit-Position: refs/heads/master@{#33291}
2016-01-14 11:48:17 +00:00
ishell
405c7a68ab Generalize all representations when reconfiguring a property of a strict Function subclass.
BUG=chromium:575080
LOG=N

Review URL: https://codereview.chromium.org/1579603002

Cr-Commit-Position: refs/heads/master@{#33288}
2016-01-14 10:45:34 +00:00
titzer
d1bc4f0e27 Reland of [wasm] Add tests for JS wrappers to test-run-wasm.
Fix: pass global object as receiver when calling WASM->JS.

R=bradnelson@chromium.org, ahaas@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1581393003

Cr-Commit-Position: refs/heads/master@{#33286}
2016-01-14 09:49:04 +00:00
caitpotter88
d19e3a21d6 [parser] reject AssignmentElements with non-ASSIGN initializer ops
When parsing a pattern element with an assignment operator that is not
Token::ASSIGN, record a pattern error to indicate the invalid assignment target.

BUG=v8:811, v8:4666
LOG=N
R=adamk@chromium.org, rossberg@chromium.org, littledan@chromium.org

Review URL: https://codereview.chromium.org/1583863003

Cr-Commit-Position: refs/heads/master@{#33279}
2016-01-14 03:09:16 +00:00
adamk
92610888dd [test262] Remove stale status lines
The bulk of these were marked simply '[PASS]', while one was marked
'[PASS, FAIL]' but seems to always pass.

BUG=v8:3305, v8:4405
LOG=n

Review URL: https://codereview.chromium.org/1584863003

Cr-Commit-Position: refs/heads/master@{#33277}
2016-01-14 01:03:41 +00:00
caitpotter88
2a20d51837 [es6] add SetFunctionName() behaviour to AssignmentExpression
BUG=v8:3699
LOG=N
R=adamk@chromium.org, rossberg@chromium.org, littledan@chromium.org

Review URL: https://codereview.chromium.org/1582783004

Cr-Commit-Position: refs/heads/master@{#33276}
2016-01-13 23:36:09 +00:00
adamk
a3a6bd4128 Revert of [wasm] Add tests for JS wrappers to test-run-wasm. (patchset #1 id:1 of https://codereview.chromium.org/1581643004/ )
Reason for revert:
New test failed on nosnap builder (https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap%20-%20debug/builds/4738):

Test: cctest/test-run-wasm-js/Run_CallJS_Add_jswrapped

Stderr:
abort: Sloppy function expects JSReceiver as receiver.

#
# Fatal error in ../../src/objects-inl.h, line 3221
# Check failed: !v8::internal::FLAG_enable_slow_asserts || (object->IsJSFunction()).
#

Original issue's description:
> [wasm] Add tests for JS wrappers to test-run-wasm.
>
> R=bradnelson@chromium.org, ahaas@chromium.org
> BUG=
>
> Committed: https://crrev.com/c52f5ced4e600a57c02301f2936b80f086613985
> Cr-Commit-Position: refs/heads/master@{#33274}

TBR=ahaas@chromium.org,bradnelson@chromium.org,titzer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1587763002

Cr-Commit-Position: refs/heads/master@{#33275}
2016-01-13 21:01:58 +00:00
titzer
c52f5ced4e [wasm] Add tests for JS wrappers to test-run-wasm.
R=bradnelson@chromium.org, ahaas@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1581643004

Cr-Commit-Position: refs/heads/master@{#33274}
2016-01-13 19:56:56 +00:00
mythria
eccbdde041 [Interpreter] Removes assignment hazard scope.
Removes assignment hazard scope. Reverts back to the naive scheme of
allocating a temporary for every variable load. It was decided to revert it
because the current implementation does not handle logical expressions,
ternary operators, visiting objects in named/keyed loads. Also, we wanted
to evaluate alternate approaches and choose one when we have a mechanism
to measure performance.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1576403004

Cr-Commit-Position: refs/heads/master@{#33269}
2016-01-13 15:41:31 +00:00
jarin
ed21aa2449 [turbofan] Avoid using the typer's types in representation inference for phis.
Once we use type feedback, we need to reflect the feedback in the types, propagate
the new narrower types forward and use them in the subsequent
representation inference. This CL propagates and uses the recomputed types
for Phi and Select nodes (rather than using the types from the typer).

Review URL: https://codereview.chromium.org/1580353003

Cr-Commit-Position: refs/heads/master@{#33268}
2016-01-13 15:35:36 +00:00
sigurds
fc9a73e8a6 [turbofan] Various performance enhancements for escape analysis
This bug improves performance of escape analysis.

* A allocation discovery phase  (EscapeAnalysis::AssignAliases)
  ensures compact representation of virtual state
* Node revisiting in EscapeStatusAnalysis has been improved
* Escape analysis no longer requires a trimmed graph

BUG=v8:4586
LOG=n

Review URL: https://codereview.chromium.org/1559123003

Cr-Commit-Position: refs/heads/master@{#33267}
2016-01-13 15:30:48 +00:00
balazs.kilvady
0830ac7cc3 MIPS: Fix 'MIPS: Fix dd() implementations for compact branches.'
Port 5091e8f2f5

TEST=cctest/test-assembler-mips64/jump_tables1,cctest/test-assembler-mips64/jump_tables2,cctest/test-assembler-mips64/jump_tables3,cctest/test-macro-assembler-mips/jump_tables5
BUG=

Review URL: https://codereview.chromium.org/1582533005

Cr-Commit-Position: refs/heads/master@{#33266}
2016-01-13 15:16:31 +00:00
bmeurer
322ffda30d [builtins] Migrate Number constructor similar to String constructor.
Also migrate the Number constructor to a native builtin, using the
same mechanism already used by the String constructor. Otherwise just
parsing and compiling the Number constructor to optimized code already
eats 2ms on desktop for no good reason, and the resulting optimized
code is not even close to awesome.

Drive-by-fix: Use correct context for the [[Construct]] case of the
String constructor as well, and share some code with it.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1573243009

Cr-Commit-Position: refs/heads/master@{#33265}
2016-01-13 15:15:08 +00:00
bmeurer
12bcba1543 [builtins] Sanitize receiver patching for API functions.
The API functions are always in sloppy mode, so receiver is always a
JSReceiver once the actual call trampoline runs, no need to check again
in various places.

R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/1575973006

Cr-Commit-Position: refs/heads/master@{#33258}
2016-01-13 05:58:53 +00:00
aseemgarg
9933b03de8 Add __init__ function to all modules created in asm-to-wasm
TEST=asm-wasm.js
R=titzer@chromium.org,bradnelson@google.com
BUG=

Review URL: https://codereview.chromium.org/1583603002

Cr-Commit-Position: refs/heads/master@{#33256}
2016-01-13 01:24:00 +00:00
caitpotter88
6b28f294c1 [parser] reject parenthesized patterns as DestructuringAssignmentTargets
http://tc39.github.io/ecma262/#sec-destructuring-assignment-static-semantics-early-errors
requires that DestructuringAssignmentTargets which do not match Pattern productions,
must return true for IsValidSimpleAssignmentTarget.

This change rejects parenthesized patterns with a SyntaxError.

BUG=v8:4662, v8:811
LOG=N
R=adamk@chromium.org, rossberg@chromium.org, nikolaos@chromium.org

Review URL: https://codereview.chromium.org/1585473002

Cr-Commit-Position: refs/heads/master@{#33254}
2016-01-13 00:41:16 +00:00
aseemgarg
cd646f88a1 refactor BlockVisitor in asm to wasm and fix tests
TEST=asm-wasm.js
R=titzer@chromium.org,bradnelson@google.com
BUG=

Review URL: https://codereview.chromium.org/1584573002

Cr-Commit-Position: refs/heads/master@{#33253}
2016-01-12 21:59:53 +00:00
titzer
995c9fe3dc [wasm] Rename the WASM object to _WASMEXP_.
R=ahaas@chromium.org,bradnelson@chromium.org
LOG=Y
BUG=chromium:575167

Review URL: https://codereview.chromium.org/1577803002

Cr-Commit-Position: refs/heads/master@{#33251}
2016-01-12 20:16:46 +00:00
caitpotter88
d3fe473b92 [parser] fix null-dereference in DoExpression rewriting
BUG=v8:4661, v8:4488
LOG=N
R=adamk@chromium.org, rossberg@chromium.org, jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1575133003

Cr-Commit-Position: refs/heads/master@{#33250}
2016-01-12 19:54:12 +00:00
balazs.kilvady
5091e8f2f5 MIPS: Fix dd() implementations for compact branches.
BUG=

Review URL: https://codereview.chromium.org/1573953002

Cr-Commit-Position: refs/heads/master@{#33249}
2016-01-12 19:49:18 +00:00
machenbach
e0f23ea76a [test] Skip tests for ignition.
NOTRY=true
TBR=rmcilroy@chromium.org, neis@chromium.org

Review URL: https://codereview.chromium.org/1574343002

Cr-Commit-Position: refs/heads/master@{#33247}
2016-01-12 19:00:05 +00:00
adamk
f5828cb4db Stop treating scopes containing template strings tagged with 'eval' specially
There's no need to mark these as possibly-direct-eval, since all such an
eval-tagged string will ever get passed is the array of string parts, which
will be immediately returns (since it's not a string). It will
never do a lookup in the current scope, nor (in sloppy mode) introduce
new declarations.

This patch is not intended to change behavior, but I've added tests that
demonstrate the stuff explained in the preceding paragraph.

Review URL: https://codereview.chromium.org/1580463003

Cr-Commit-Position: refs/heads/master@{#33245}
2016-01-12 18:09:13 +00:00
neis
96ec06efb0 Reland of "[Proxies] Ship Proxies + Reflect."
Failing chromium layout tests were marked for rebaselining.

Addition to original CL (https://codereview.chromium.org/1580693002/):
Skip some more ignition tests.

BUG=v8:3931,v8:1543
LOG=Y
R=hablich@chromium.org
CC=verwaest@chromium.org, rossberg@chromium.org,rmcilroy, oth

Review URL: https://codereview.chromium.org/1580783002

Cr-Commit-Position: refs/heads/master@{#33244}
2016-01-12 17:19:52 +00:00
rmcilroy
9b52c52845 [Interpreter] Add StackCheck node to BytecodeGraphBuilder graphs.
This fixes a number of crashes where other code was assuming there would
be at least one deopt point in all optimized functions (i.e., the
StackCheck) but we weren't producing any.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1572333002

Cr-Commit-Position: refs/heads/master@{#33243}
2016-01-12 17:08:27 +00:00
neis
863bf39a5f Gracefully handle proxies in AllCanWrite().
R=verwaest@chromium.org
BUG=chromium:576662,v8:1543
LOG=y

Review URL: https://codereview.chromium.org/1580723003

Cr-Commit-Position: refs/heads/master@{#33240}
2016-01-12 14:56:54 +00:00
titzer
ed6fea15a9 [wasm] Fix double to int conversions.
R=ahaas@chromium.org
LOG=Y
BUG=chromium:576560

Review URL: https://codereview.chromium.org/1574063005

Cr-Commit-Position: refs/heads/master@{#33239}
2016-01-12 13:47:01 +00:00
titzer
d672ee30c9 [wasm] Fix empty asm.js function in ASM->WASM.
R=ahaas@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1574263002

Cr-Commit-Position: refs/heads/master@{#33238}
2016-01-12 13:34:19 +00:00
rmcilroy
d00c4666a4 [Interpreter] Add support for LOOKUP_SLOT_CALL to interpreter.
Adds support for LOOKUP_SLOT_CALL calls to the interpreter. Also changes
VisitCall to keep callee and reciever consecutive to avoid register
shuffles when performing LOOKUP_SLOT_CALL calls. Adds tests for the
interpreter and bytecode graph generator.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1568323002

Cr-Commit-Position: refs/heads/master@{#33237}
2016-01-12 13:12:20 +00:00
machenbach
284010c8b3 Revert of [Proxies] Ship Proxies + Reflect (patchset #2 id:20001 of https://codereview.chromium.org/1580693002/ )
Reason for revert:
[Sheriff] Breaks layout tests. Please fix upstream first.

https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2032/builds/3587
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/3873

Original issue's description:
> [Proxies] Ship Proxies + Reflect
>
> BUG=v8:3931,v8:1543
> LOG=Y
> R=verwaest@chromium.org, rossberg@chromium.org
>
> Committed: https://crrev.com/9ce5162fd2a36daf318e0ec3838cd90f4e179168
> Cr-Commit-Position: refs/heads/master@{#33234}

TBR=rossberg@chromium.org,verwaest@chromium.org,hablich@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3931,v8:1543

Review URL: https://codereview.chromium.org/1579573004

Cr-Commit-Position: refs/heads/master@{#33236}
2016-01-12 13:08:18 +00:00
hablich
9ce5162fd2 [Proxies] Ship Proxies + Reflect
BUG=v8:3931,v8:1543
LOG=Y
R=verwaest@chromium.org, rossberg@chromium.org

Review URL: https://codereview.chromium.org/1580693002

Cr-Commit-Position: refs/heads/master@{#33234}
2016-01-12 11:51:01 +00:00
bmeurer
9e217ee490 [builtins] Refactor the remaining Date builtins.
This migrates the remaining Date builtins to C++ and removes obsolete
intrinsics and JavaScript wrappers. This reduces the overhead imposed
by the Date builtins, and will allow us to optimize them later in the
TurboFan compiler, while the interpreter doesn't need to worry about
them.

R=yangguo@chromium.org
BUG=chromium:576574
LOG=n

Committed: https://crrev.com/1e51af1a5c80b1650de47dd4bc8f846fa2d85281
Cr-Commit-Position: refs/heads/master@{#33228}

Review URL: https://codereview.chromium.org/1579613002

Cr-Commit-Position: refs/heads/master@{#33231}
2016-01-12 10:48:26 +00:00
machenbach
405ee3aad5 Revert of [builtins] Refactor the remaining Date builtins. (patchset #2 id:20001 of https://codereview.chromium.org/1579613002/ )
Reason for revert:
[Sheriff] Breaks https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20noi18n%20-%20debug/builds/5711

Original issue's description:
> [builtins] Refactor the remaining Date builtins.
>
> This migrates the remaining Date builtins to C++ and removes obsolete
> intrinsics and JavaScript wrappers. This reduces the overhead imposed
> by the Date builtins, and will allow us to optimize them later in the
> TurboFan compiler, while the interpreter doesn't need to worry about
> them.
>
> R=yangguo@chromium.org
> BUG=chromium:576574
> LOG=n
>
> Committed: https://crrev.com/1e51af1a5c80b1650de47dd4bc8f846fa2d85281
> Cr-Commit-Position: refs/heads/master@{#33228}

TBR=yangguo@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:576574

Review URL: https://codereview.chromium.org/1574223002

Cr-Commit-Position: refs/heads/master@{#33230}
2016-01-12 10:15:25 +00:00
bmeurer
1e51af1a5c [builtins] Refactor the remaining Date builtins.
This migrates the remaining Date builtins to C++ and removes obsolete
intrinsics and JavaScript wrappers. This reduces the overhead imposed
by the Date builtins, and will allow us to optimize them later in the
TurboFan compiler, while the interpreter doesn't need to worry about
them.

R=yangguo@chromium.org
BUG=chromium:576574
LOG=n

Review URL: https://codereview.chromium.org/1579613002

Cr-Commit-Position: refs/heads/master@{#33228}
2016-01-12 09:12:55 +00:00
paul.lind
40d3095c2e Add WasmDecoderTest.AllLoadMemCombinations to skips for big-endian.
BUG=

Review URL: https://codereview.chromium.org/1573343002

Cr-Commit-Position: refs/heads/master@{#33226}
2016-01-12 08:26:07 +00:00
littledan
569145019d Add @@species/better subclassing support to Promises
This patch makes Promise.prototype.then use @@species as specified
in ES2015. The fix is hoped for by certain users, such as legacy
core.js versions which encounter an unhandled Promise reject (complete
with an ugly console message) when Promise subclassing is supported
in a mostly correct way, and we do error checking on Promise
constructors, but @@species is not supported.

BUG=chromium:575314,v8:4633
LOG=Y
R=adamk

Review URL: https://codereview.chromium.org/1577223002

Cr-Commit-Position: refs/heads/master@{#33225}
2016-01-12 06:33:15 +00:00
littledan
2bd9bdbe62 TypedArray and ArrayBuffer support for @@species
This patch improves ArrayBuffer and TypedArray subclassing by adding
support for @@species and constructing outputs to certain methods
by creating an instance of the constructor determined by the
SpeciesConstructor algorithm, rather than fixed to a superclass or
naively the constructor. The new behavior is enabled by the
--harmony-species flag. Care is taken to not significantly change the
observable behavior when the flag is off. Previously, TypedArrays
already supported subclassing by reading the constructor of the
receiver, but ArrayBuffers did not, and this old behavior is
preserved and tested for, to avoid a multi-stage upgrade path and keep
things simple for users.

R=adamk
BUG=v8:4093
LOG=Y

Review URL: https://codereview.chromium.org/1574903004

Cr-Commit-Position: refs/heads/master@{#33223}
2016-01-12 06:07:59 +00:00
jarin
b37e7861ce [turbofan] Replace MachineSemantic with Type in simplified lowering.
Review URL: https://codereview.chromium.org/1571263004

Cr-Commit-Position: refs/heads/master@{#33222}
2016-01-12 05:55:08 +00:00
bradnelson
b369fefc80 Enforce asm restrictions on switch more precisely.
Enforce cases have no duplicates.
Enforce cases have a maximum range of 2^31.
Enforce default case comes last.

BUG= https://code.google.com/p/v8/issues/detail?id=4203
TEST=test-asm-validator
R=aseemgarg@chromium.org,titzer@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/1578963003

Cr-Commit-Position: refs/heads/master@{#33221}
2016-01-12 02:11:24 +00:00
aseemgarg
210e65ed12 Add switch to asm to wasm
TEST=asm-wasm.js
R=titzer@chromium.org,bradnelson@google.com
BUG=

Review URL: https://codereview.chromium.org/1573413002

Cr-Commit-Position: refs/heads/master@{#33220}
2016-01-12 02:02:51 +00:00
littledan
95145fa826 Ship ES2015 sloppy-mode const semantics
This patch moves the semantics of 'const' in sloppy mode to match those
in strict mode, that is, const makes lexical (let-like) bindings, must
have an initializer, and does not create properties of the global object.

R=adamk
LOG=Y
BUG=v8:3305
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1571873004

Cr-Commit-Position: refs/heads/master@{#33218}
2016-01-11 23:09:59 +00:00
littledan
ee9d7acafc Partial rollback of Promise error checking
As V8 becomes more and more spec-compliant, Promise polyfill libraries
like core.js expect fully correct. However, our Promises do not yet
support Symbol.species. Therefore, a case like

```
var test = new Promise(function(){});
test.constructor = function(){};
Promise.resolve(test)
```

would lead to an unhandled Promise rejection, whereas it should not
because test.constructor[Symbol.species] is undefined, so test.then
should end up constructing %Promise% as a fallback, rather than
calling test.constructor as if it were a constructor, which leads
this error checking code to throw.

For now, this patch removes the error checking code (which was not
present until recently). In an interactive test using core.js, the
error message on the console goes away with this patch. When @@species
support is in place, this patch can be reverted. A regression test
is added which checks for the same thing.

Partially reverted patch was originally out for review at
https://codereview.chromium.org/1531073004

BUG=v8:4633
LOG=Y
R=adamk,caitp88@gmail.com

Review URL: https://codereview.chromium.org/1578893002

Cr-Commit-Position: refs/heads/master@{#33217}
2016-01-11 22:42:11 +00:00
bradnelson
6932124c18 Fixing asm validation of switch statements.
BUG= https://code.google.com/p/v8/issues/detail?id=4203
TEST=test-asm-validator
R=aseemgarg@chromium.org,titzer@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/1564393003

Cr-Commit-Position: refs/heads/master@{#33216}
2016-01-11 20:36:49 +00:00
bradnelson
ab2e908468 Fix filename typo in OWNERS.
test-validator-asm -> test-asm-validator.

BUG=
TBR=titzer@chromium.org

Review URL: https://codereview.chromium.org/1574943004

Cr-Commit-Position: refs/heads/master@{#33215}
2016-01-11 20:20:18 +00:00
caitpotter88
ee1671b9af [promise] use PromiseCapabilities directly for Promise.race resolve/reject
Does not remove the extra private state added, as doing so seems to break the
debugger.

Fixes new Test262 tests:
- built-ins/Promise/race/same-resolve-function
- built-ins/Promise/race/same-reject-function

BUG=v8:4632
LOG=N
R=littledan@chromium.org, cbruni@chromium.org

Review URL: https://codereview.chromium.org/1538853002

Cr-Commit-Position: refs/heads/master@{#33214}
2016-01-11 19:11:11 +00:00
titzer
391517ea99 [wasm] Fix set_local appearing in unreachable code.
R=ahaas@chromium.org
LOG=Y
BUG=chromium:575861

Review URL: https://codereview.chromium.org/1573053003

Cr-Commit-Position: refs/heads/master@{#33213}
2016-01-11 17:39:00 +00:00
neis
2b352bb84f Do not leak private property names to proxy traps and interceptors.
R=rossberg
BUG=

Review URL: https://codereview.chromium.org/1573143002

Cr-Commit-Position: refs/heads/master@{#33212}
2016-01-11 16:47:30 +00:00
rmcilroy
2e2e6b41b5 [Interpreter] Add wide context slot load / store operations.
Adds wide context slot load / store operations. Adds LdaContextSlotWide
and StaContextSlotWide bytecodes.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1572283002

Cr-Commit-Position: refs/heads/master@{#33211}
2016-01-11 16:38:33 +00:00
yangguo
8645a5ccd0 [regexp] quantifier refers to the surrogate pair in unicode regexp.
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/1571563003

Cr-Commit-Position: refs/heads/master@{#33209}
2016-01-11 15:07:55 +00:00
yangguo
fbbb9cab45 [regexp] correctly parse non-BMP unicode escapes in atoms.
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/1568623004

Cr-Commit-Position: refs/heads/master@{#33207}
2016-01-11 14:19:21 +00:00
bradnelson
c4a6af7fda Adding aseemgarg and bradnelson to OWNERS for asm typer.
BUG=
R=titzer@chromium.org

Review URL: https://codereview.chromium.org/1574643002

Cr-Commit-Position: refs/heads/master@{#33204}
2016-01-11 13:00:01 +00:00
bradnelson
0840e20764 Reject lack of "use asm" marker in asm typer.
Until now we've been allowing unmarked asm code
through the typer. Start rejecting it.

Adding a cctest that asm modules missing an export return
fail validation.

BUG= https://code.google.com/p/v8/issues/detail?id=4203
TEST=test-asm-validator
R=aseemgarg@chromium.org,titzer@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/1569423002

Cr-Commit-Position: refs/heads/master@{#33199}
2016-01-11 12:27:11 +00:00
paul.lind
37b4f2879e Add Wasm tests to skip list for big-endian.
Get the BE bots green in the short term.

BUG=

Review URL: https://codereview.chromium.org/1571243002

Cr-Commit-Position: refs/heads/master@{#33197}
2016-01-11 10:19:17 +00:00
adamk
067c27be65 Add test showing broken-ness of non-simple parameter named 'arguments'
This at least puts something in the tree demonstrating the breakage;
it can be moved into regress/ if we fix it.

R=littledan@chromium.org
BUG=v8:4577
LOG=n

Review URL: https://codereview.chromium.org/1576503002

Cr-Commit-Position: refs/heads/master@{#33193}
2016-01-08 20:29:46 +00:00
caitpotter88
dfce900d64 [es6] enable destructuring rest parameters
Originally, only BindingIdentifiers were a legal operand for the `...` ellipsis
in a function rest parameter. This has since changed, allowing the rest array
to be destructured.

The grammar is now the following:

```
FunctionRestParameter[Yield]:
    BindingRestElement[?Yield]

BindingRestElement[Yield]:
    ... BindingIdentifier[?Yield]
    ... BindingPattern[?Yield]
```

*Spec change: d322357e6b
*TC39 Discussion: https://github.com/tc39/tc39-notes/blob/master/es7/2015-07/july-28.md#66-bindingrestelement-should-allow-a-bindingpattern-ala-assignmentrestelement

BUG=v8:4627, v8:2159
LOG=N
R=littledan@chromium.org, adamk@chromium.org, wingo@igalia.com, rossberg@chromium.org

Review URL: https://codereview.chromium.org/1532873004

Cr-Commit-Position: refs/heads/master@{#33192}
2016-01-08 20:22:52 +00:00
caitpotter88
1f1af42d3a [parser] parenthesized Literals are not valid AssignmentPatterns
Encode "parenthesized" status of parenthesized Expressions to prevent
them from being treated as Patterns.

BUG=v8:4657, v8:811
LOG=N
R=rossberg@chromium.org, adamk@chromium.org, littledan@chromium.org

Review URL: https://codereview.chromium.org/1570793002

Cr-Commit-Position: refs/heads/master@{#33190}
2016-01-08 17:47:17 +00:00
littledan
23235b5fdb Reland of Ship ES2015 sloppy-mode function hoisting, let, class (patchset #1 id:1 of https://codereview.chromium.org/1565263002/ )
Reason for revert:
Crash fixed by https://codereview.chromium.org/1564923007

Original issue's description:
> Revert of Ship ES2015 sloppy-mode function hoisting, let, class (patchset #7 id:120001 of https://codereview.chromium.org/1551443002/ )
>
> Reason for revert:
> Causes frequent crashes in Canary: chromium:537816
>
> Original issue's description:
> > Ship ES2015 sloppy-mode function hoisting, let, class
> >
> > This patch doesn't ship all features of ES2015 variable/scoping
> > changes, notably omitting the removal of legacy const. I think
> > function hoisting, let and class in sloppy mode can stand to
> > themselves as a package, and the legacy const change is much
> > riskier and more likely to be reverted, so my intention is to
> > pursue those as a separate, follow-on patch.
> >
> > R=adamk@chromium.org
> > BUG=v8:4285,v8:3305
> > LOG=Y
> > CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
> >
> > Committed: https://crrev.com/fcff8588a5a01587643d6c2507c7b882c78a2957
> > Cr-Commit-Position: refs/heads/master@{#33133}
>
> TBR=adamk@chromium.org
> # Not skipping CQ checks because original CL landed more than 1 days ago.
> BUG=v8:4285,v8:3305,chromium:537816
> LOG=Y
>
> Committed: https://crrev.com/adac5956c6216056a211cfaa460a00ac1500d8f8
> Cr-Commit-Position: refs/heads/master@{#33162}

TBR=adamk@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4285,v8:3305,chromium:537816

Review URL: https://codereview.chromium.org/1571793002

Cr-Commit-Position: refs/heads/master@{#33189}
2016-01-08 17:34:59 +00:00
mythria
3f0b6c5dcc [Interpreter] Loads accumulator before calling StoreNamedProperty in ForInAssignment.
Fixed a bug in VisitForInAssignment. After visiting the object the value
to be stored was not loaded back to the accumulator. Also added two tests
to check this case.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1571753002

Cr-Commit-Position: refs/heads/master@{#33188}
2016-01-08 17:02:35 +00:00
rmcilroy
b261976cc0 [Interpreter] Add support for CallRuntimeForPair to Bytecode Graph Builder.
Adds support for the CallRuntimeForPair bytecode to the Bytecode Graph
Builder. Modifies the FrameState support to allow updating of output
registers.

Also adds Eval tests to test-run-bytecode-graph-builder since these are
enabled by CallRuntimeForPair support.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1570623007

Cr-Commit-Position: refs/heads/master@{#33186}
2016-01-08 16:40:58 +00:00
littledan
eb9deba815 Fix sloppy block-scoped function hoisting with nested zones
The sloppy block-scoped function declaration placeholder statements
are held in parser_zone_-allocated hashtables. These hashtables are
not updated when local_zone_s are removed. Therefore, the
NewSloppyBlockFunctionStatement method should allocate
SloppyBlockScopeFunctionStatements in the parser_zone_ to avoid a
use-after-free. Scope fixup code may end up updating something which
is thrown away, but this is a small cost and much simpler than
removing dead hashtable entries later.

R=adamk
LOG=Y
BUG=chromium:537816

Review URL: https://codereview.chromium.org/1564923007

Cr-Commit-Position: refs/heads/master@{#33185}
2016-01-08 16:16:46 +00:00
rmcilroy
32879ae0fa [Interpreter] Add support for calling eval.
Adds support for calling eval to the interpreter.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1508293003

Cr-Commit-Position: refs/heads/master@{#33184}
2016-01-08 15:46:21 +00:00
nikolaos
0406fa2237 Fix for temporaries in parameter initializers
This patch introduces a mechanism for changing the scope of temporary
variables, which is necessary for rewriting arrow parameter
initializers.

It also fixes a potential bug in AstExpressionVisitor, which did not
visit the automatically generated members of ForEachStatement.

Fixes test/mjsunit/harmony/regress/regress-4658.js

R=rossberg@chromium.org
BUG=v8:4658
LOG=N

Review URL: https://codereview.chromium.org/1564343002

Cr-Commit-Position: refs/heads/master@{#33183}
2016-01-08 15:44:26 +00:00
rmcilroy
1a063d944d [Interpreter] Add support for calling runtime functions which return a pair.
Adds support for calling runtime functions which return a pair of
values. Adds the bytecode CallRuntimePair. Also adds support to TurboFan
for calling stubs which return multiple values.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1568493002

Cr-Commit-Position: refs/heads/master@{#33181}
2016-01-08 15:16:28 +00:00
neis
d006f617d4 [proxies] Adapt and reenable remaining tests in proxies.js
R=cbruni@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1543553002

Cr-Commit-Position: refs/heads/master@{#33180}
2016-01-08 14:57:02 +00:00
titzer
cad2294e42 [wasm] Fix validation error for missing return statement in asm.js module.
R=mstarzinger@chromium.org,bradnelson@chromium.org
LOG=Y
BUG=chromium:575364

Review URL: https://codereview.chromium.org/1564313003

Cr-Commit-Position: refs/heads/master@{#33175}
2016-01-08 12:50:07 +00:00
bmeurer
fc5c7e0486 [date] Migrate Date field accessors to native builtins.
There's no reason to have JavaScript wrappers for those accessors,
since the meat is already in hand-written native code (via %_DateField).
First step now to put them into native builtins. Next step will be to
completely remove %_DateField.

R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/1567353002

Cr-Commit-Position: refs/heads/master@{#33172}
2016-01-08 12:43:12 +00:00
titzer
3c716641ab [wasm] Fix MSAN failures for some WASM tests.
R=rossberg@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1571703002

Cr-Commit-Position: refs/heads/master@{#33171}
2016-01-08 12:35:36 +00:00
yangguo
0a808704c9 [regexp] move regexp parser into own files.
R=rossberg@chromium.org, ulan@chromium.org

Review URL: https://codereview.chromium.org/1565183002

Cr-Commit-Position: refs/heads/master@{#33169}
2016-01-08 09:56:04 +00:00
dtc-v8
0427d9ff2a WASM: Reserve an ignored section for source code meta information.
Requesting reservation of a wasm section for experimentation with
storing source code meta information, such as source code comments,
and also extra inform on presentation of the AST such an `if-block`
pattern being presented as a `when` operation.

The wasm design already defines unrecognized sections to be ignored,
and this reserved section is ignored. This section is only intended to
hold source code meta information and to have no effect on code
execution.

With wasm going live (behind a flag) on v8, I would also like to be
able to give people something to play with in terms of the deployed
binary code being a useful source code. It's all experimental, but I
understand the entire binary format that V8 is currently using is
basically a throwaway, and that the working strategy is to get
something running and then revisit format decisions.

I would like a fixed reserved section number to avoid potential
clashes with other projects - although I am not aware of any other
calls for addition sections beyond the need for debug info. If a fixed
number is not acceptable, then could this patch alternatively ignore
all unrecognized sections and perhaps add the section size to them
all - something which is already noted todo in the design document?

BUG=

Review URL: https://codereview.chromium.org/1565693002

Cr-Commit-Position: refs/heads/master@{#33165}
2016-01-08 00:36:19 +00:00
caitpotter88
96c6b33863 [promise] make builtin resolve functions and executors non-constructors
Fixes a number of test262 tests, including:

- built-ins/Promise/reject-function-nonconstructor.js
- built-ins/Promise/resolve-function-nonconstructor.js
- built-ins/Promise/all/resolve-element-function-nonconstructor.js
- built-ins/Promise/executor-function-nonconstructor.js

BUG=v8:4633
LOG=N
R=adamk@chromium.org, cbruni@chromium.org, littledan@chromium.org

Review URL: https://codereview.chromium.org/1565303004

Cr-Commit-Position: refs/heads/master@{#33164}
2016-01-08 00:20:09 +00:00
caitpotter88
7459d8cecb [promise] Make Promise.all match spec, and always respect [[AlreadyResolved]]
Testing the promise status is not enough to ensure that resolve functions are
called only once.

This change adds a similar version of the [[AlreadyResolved]] slot to the
Promise.all resolve element function, and also ensures that [[AlreadyResolved]]
is respected in the Promise executor, and when resolving thenables. This means
replacing PromiseReject() shortcuts with promiseCapability.reject(), which has
an [[AlreadyResolved]] record in a context slot.

Also ensures that changes to the list accumulator in Promise.all() is not observable
via accessors installed in the Array prototype chain, using the same mechanism used
in several Array methods.

Fixes the following Test262 tests:
- built-ins/Promise/all/call-resolve-element-items.js
- built-ins/Promise/all/call-resolve-element.js
- built-ins/Promise/all/call-resolve-element-after-return.js
- built-ins/Promise/all/same-reject-function.js
- built-ins/Promise/all/resolve-from-same-thenable.js
- built-ins/Promise/all/resolve-before-loop-exit.js
- built-ins/Promise/all/resolve-before-loop-exit-from-same.js
- built-ins/Promise/exception-after-resolve-in-executor.js
- built-ins/Promise/exception-after-resolve-in-thenable-job.js
- built-ins/Promise/all/does-not-invoke-array-setters.js

BUG=v8:4633
LOG=N
R=littledan@chromium.org, cbruni@chromium.org

Review URL: https://codereview.chromium.org/1534813005

Cr-Commit-Position: refs/heads/master@{#33163}
2016-01-07 20:24:26 +00:00
littledan
adac5956c6 Revert of Ship ES2015 sloppy-mode function hoisting, let, class (patchset #7 id:120001 of https://codereview.chromium.org/1551443002/ )
Reason for revert:
Causes frequent crashes in Canary: chromium:537816

Original issue's description:
> Ship ES2015 sloppy-mode function hoisting, let, class
>
> This patch doesn't ship all features of ES2015 variable/scoping
> changes, notably omitting the removal of legacy const. I think
> function hoisting, let and class in sloppy mode can stand to
> themselves as a package, and the legacy const change is much
> riskier and more likely to be reverted, so my intention is to
> pursue those as a separate, follow-on patch.
>
> R=adamk@chromium.org
> BUG=v8:4285,v8:3305
> LOG=Y
> CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
>
> Committed: https://crrev.com/fcff8588a5a01587643d6c2507c7b882c78a2957
> Cr-Commit-Position: refs/heads/master@{#33133}

TBR=adamk@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:4285,v8:3305,chromium:537816
LOG=Y

Review URL: https://codereview.chromium.org/1565263002

Cr-Commit-Position: refs/heads/master@{#33162}
2016-01-07 20:23:21 +00:00
titzer
7334b263d2 [wasm] Fix simple graph building tests by enabling all optional operators.
R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1564053002

Cr-Commit-Position: refs/heads/master@{#33161}
2016-01-07 16:59:14 +00:00
caitpotter88
c12a47a520 [promise] unskip more passing Test262 tests
BUG=v8:4633
LOG=N
R=adamk@chromium.org, littledan@chromium.org, cbruni@chromium.org

Review URL: https://codereview.chromium.org/1568433004

Cr-Commit-Position: refs/heads/master@{#33160}
2016-01-07 16:20:08 +00:00
neis
837900ef24 [tests] Fix bogus uses of assertThrows.
Some tests passed a string as second argument to assertThrows, expecting it to
be matched against the exception.  However, assertThrows simply ignored these.
(Some other tests actually seem to use that argument as a comment ...)

This CL
- changes assertThrows to fail if the second argument is not a function,
- adds assertThrowsEquals which compares the exception to a given value using
  assertEquals
- fixes some bogus tests that got exposed by this.

R=jarin@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1544793002

Cr-Commit-Position: refs/heads/master@{#33159}
2016-01-07 14:49:21 +00:00
jkummerow
a0d03d729a Fix^3 cast in HasEnumerableElements
Empty FixedDoubleArrays aren't FixedDoubleArrays.

BUG=chromium:569534
LOG=n
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/1568863002

Cr-Commit-Position: refs/heads/master@{#33158}
2016-01-07 14:47:27 +00:00
titzer
0927a15004 [wasm] OOB test should pass on all architectures.
R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1567853002

Cr-Commit-Position: refs/heads/master@{#33157}
2016-01-07 14:16:09 +00:00
bmeurer
61f157370d [test] Remove obsolete entries from cctest status file.
R=danno@chromium.org

Review URL: https://codereview.chromium.org/1555823002

Cr-Commit-Position: refs/heads/master@{#33156}
2016-01-07 14:15:07 +00:00
titzer
5341e9fa39 [wasm] Add tests that pass float/double parameters directly for binops and unops.
R=rossberg@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1562883003

Cr-Commit-Position: refs/heads/master@{#33152}
2016-01-07 10:56:18 +00:00
rmcilroy
50cac4436a [Interpreter] Skip a couple more flaky test262 tests on Ignition.
BUG=v8:4280
LOG=N
NOTRY=true
TBR=machenbach@chromium.org

Review URL: https://codereview.chromium.org/1563163003

Cr-Commit-Position: refs/heads/master@{#33151}
2016-01-07 10:22:11 +00:00
rmcilroy
306f195d1e [Interpreter] Add two more Ignition skips for mjsunit/compiler on Arm.
BUG=v8:4280
LOG=N
TBR=machenbach@chromium.org
NOTRY=true

Review URL: https://codereview.chromium.org/1568533005

Cr-Commit-Position: refs/heads/master@{#33150}
2016-01-07 09:58:39 +00:00
bmeurer
b0d0d57d2b [date] Date parser says true even for wrong dates, check twice.
R=yangguo@chromium.org
BUG=chromium:575082
LOG=n

Review URL: https://codereview.chromium.org/1566973002

Cr-Commit-Position: refs/heads/master@{#33149}
2016-01-07 09:30:46 +00:00
rmcilroy
13626e97e0 [Interpreter] Enable most of the mjsunit/compiler tests for Ignition.
BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1567633002

Cr-Commit-Position: refs/heads/master@{#33148}
2016-01-07 09:00:11 +00:00
littledan
6e96223750 Add Array support for @@species and subclassing
This patch implements @@species, guarded behind the --harmony-species
flag, on Arrays. Methods which return an Array will instead return
the appropriate instance based on the ArraySpeciesCreate algorithm.
The algorithm is implemented in C++ to get access to realm information
and to implement some Array methods in C++, but it is also accessed
from JavaScript through a new runtime function. A couple interactive
Octane runs show no performance regression with the flag turned off,
but turning --harmony-species on will surely have a significant
regression, as Array methods now heavily use ObjectDefineProperty.

BUG=v8:4093
LOG=Y
R=adamk,cbruni

Review URL: https://codereview.chromium.org/1560763002

Cr-Commit-Position: refs/heads/master@{#33144}
2016-01-07 02:30:01 +00:00
zhengxing.li
48bc94253f X87: [wasm] Change the test case for Run_WasmCall_Float32Sub
The reason is same as the CL #31808 (issue 1430943002, X87: Change the test case for X87 float operations), please refer: https://codereview.chromium.org/1430943002/

  Here is the key comments from CL #31808
  Some new test cases use CheckFloatEq(...) and CheckDoubleEq(...) function for result check. When GCC compiling the CheckFloatEq() and CheckDoubleEq() function, those inlined functions has different behavior comparing with GCC ia32 build and x87 build.
  The major difference is sse float register still has single precision rounding semantic. While X87 register has no such rounding precsion semantic when directly use register value.
  The V8 turbofan JITTed has exactly same result in both X87 and IA32 port.

  So we add the following sentence to do type case to keep the same precision for Run_WasmCall_Float32Sub.
  Such as: volatile float expect = *i +/- *j; // *i +/- *j, etc.

BUG=

Review URL: https://codereview.chromium.org/1561023002

Cr-Commit-Position: refs/heads/master@{#33143}
2016-01-07 01:53:22 +00:00
adamk
2367abf025 [es6] Handle function names in object and class literals
This required refactoring ParsePropertyDefinition to pass the parsed
string name as an out param, since ObjectLiteralProperty stores Smis
for Smi-representable property keys.

Computed properties are not yet handled in this patch.

BUG=v8:3699
LOG=n

Review URL: https://codereview.chromium.org/1563923002

Cr-Commit-Position: refs/heads/master@{#33141}
2016-01-06 23:39:15 +00:00
mbrandy
26f2f242d5 PPC: Fix simulator and re-enable wasm tests.
R=bradnelson@chromium.org, titzer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1567753002

Cr-Commit-Position: refs/heads/master@{#33140}
2016-01-06 23:38:12 +00:00
caitpotter88
6cd8535c3b [promise] Test IsPromise() early in Promise.prototype.then()
Addresses TODO by Dan --- simply by moving the check and exception
earlier in the function, before calling NewPromiseCapability() or
loading the constructor.

BUG=v8:4633
LOG=N
R=adamk@chromium.org, littledan@chromium.org, cbruni@chromium.org

Fixes 'test262/built-ins/Promise/prototype/then/context-check-on-entry'

Review URL: https://codereview.chromium.org/1561193002

Cr-Commit-Position: refs/heads/master@{#33137}
2016-01-06 18:51:28 +00:00
ivica.bogosavljevic
2c63060f11 MIPS64: r6 compact branch optimization.
Several ports to enable r6 compact branch optimizations on MIPS64

Port 3573d3cb58

Original commit message:
MIPS: r6 compact branch optimization.

Port bddf8c9e08

Original commit message:
MIPS: Fix trampoline pool handling in MacroAssembler::BranchShort()

Port 6993cd0de5

Original commit message:
MIPS: Fix 'MIPS:r6 compact branch optimization.'

Jic and jialc compact branch ops are fixed as they does
not have 'forbidden slot' restriction. Also COP1 branches
(CTI instructions) added to IsForbiddenAfterBranchInstr().

Port bb332195d3

Original commit message:
MIPS: Fix trampoline pool handling in MacroAssembler::BranchShort()

Port c91bcf7192

Original commit message:
MIPS: Fix trampoline pool handling in MacroAssembler::BranchShort()
for r6.

BUG=

Review URL: https://codereview.chromium.org/1534183002

Cr-Commit-Position: refs/heads/master@{#33136}
2016-01-06 13:36:41 +00:00
littledan
fcff8588a5 Ship ES2015 sloppy-mode function hoisting, let, class
This patch doesn't ship all features of ES2015 variable/scoping
changes, notably omitting the removal of legacy const. I think
function hoisting, let and class in sloppy mode can stand to
themselves as a package, and the legacy const change is much
riskier and more likely to be reverted, so my intention is to
pursue those as a separate, follow-on patch.

R=adamk@chromium.org
BUG=v8:4285,v8:3305
LOG=Y
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1551443002

Cr-Commit-Position: refs/heads/master@{#33133}
2016-01-06 02:03:07 +00:00
bradnelson
e27a3713be Disable more wasm tests.
Disabling a failing PPC wasm test.

BUG=
R=bbudge@chromium.org

Review URL: https://codereview.chromium.org/1561823002

Cr-Commit-Position: refs/heads/master@{#33132}
2016-01-06 00:11:35 +00:00
bradnelson
4c22608133 Disable more crashing / failing wasm tests.
Disabling some tests for ppc, mips, arm.

BUG=
R=bbudge@chromium.org

Review URL: https://codereview.chromium.org/1564553002

Cr-Commit-Position: refs/heads/master@{#33131}
2016-01-05 23:33:12 +00:00
caitpotter88
e4af5cdbf9 [promise] Make Promise.reject match spec, and validate promise capabilities
Correctly validate promise capabilities in NewPromiseCapabilities() and in
GetCapabilitiesExtractor(). Also explicitly follows Promise.race step 2 and
similar cases in the spec, rather than passing tests asserting these steps
are taken in NewPromiseCapability

Also changes Promise.reject to match specification.

Fixes the following test262 tests:

- built-ins/Promise/all/capability-executor-called-twice.js
- built-ins/Promise/all/capability-executor-not-callable.js
- built-ins/Promise/prototype/then/capability-executor-called-twice.js
- built-ins/Promise/prototype/then/capability-executor-not-callable.js
- built-ins/Promise/reject/capability-executor-called-twice.js
- built-ins/Promise/reject/capability-executor-not-callable.js
- built-ins/Promise/resolve/capability-executor-called-twice.js
- built-ins/Promise/resolve/capability-executor-not-callable.js
- built-ins/Promise/race/capability-executor-called-twice.js
- built-ins/Promise/race/capability-executor-not-callable.js
- built-ins/Promise/reject/S25.4.4.4_A3.1_T1.js
- built-ins/Promise/race/S25.4.4.3_A3.1_T2.js

Per v8:3641, mjsunit/es6/debug-promises/throw-with-undefined-reject.js becomes invalid. The exception is thrown before the chain handler is ever invoked, and is caught externally by d8's own handler --- thus evading the uncaught exception event.

BUG=v8:4633, v8:4631, v8:4243, v8:3641
LOG=N
R=littledan@chromium.org, cbruni@chromium.org

Review URL: https://codereview.chromium.org/1531073004

Cr-Commit-Position: refs/heads/master@{#33128}
2016-01-05 22:19:34 +00:00
balazs.kilvady
8d6899c827 MIPS: Add lsa and dlsa r6 instructions.
BUG=

Review URL: https://codereview.chromium.org/1545013002

Cr-Commit-Position: refs/heads/master@{#33127}
2016-01-05 19:46:15 +00:00
bradnelson
0cf8254213 Disable several tests, fix PPC build.
Work around ppc assembler use of Mul, Div macros.

Disable several tests that fail for nosse4.
Disable several tests that fail for msan.

BUG=
R=titzer@chromium.org

Review URL: https://codereview.chromium.org/1562513002

Cr-Commit-Position: refs/heads/master@{#33126}
2016-01-05 19:16:38 +00:00
oth
8109f63fd5 [Interpreter] Add support for jumps using constants with wide operands.
This increases the size of addressable constant pool entries for jumps
to match other bytecodes using operands indexing the constant pool.

This change also introduces reservations for constant pool entries.
Reservations are used for forward jumps to ensure a constant pool entry
will be available when the jump target (label) is bound and the jump is
patched up in the bytecode array.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1546683002

Cr-Commit-Position: refs/heads/master@{#33125}
2016-01-05 19:09:10 +00:00
bradnelson
0e8b7ec8b1 Remove wasm compile time option and enable wasm behind a runtime flag.
Deferring enabling of tests to separate per platform CLs.

R=machenbach@chromium.org,titzer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1553083003

Cr-Commit-Position: refs/heads/master@{#33123}
2016-01-05 18:06:54 +00:00
machenbach
bb3972f6f8 [test] Skip test for ignition.
NOTRY=true
TBR=rmcilroy@chromium.org, mythria@chromium.org
BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1562463002

Cr-Commit-Position: refs/heads/master@{#33121}
2016-01-05 17:05:15 +00:00
mythria
3efce1c77e [Interpreted] Throws an error if rest parameters are used.
Throws an error if rest parameters are used. This feature is not
yet supported in interpreter.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1561603002

Cr-Commit-Position: refs/heads/master@{#33120}
2016-01-05 17:04:15 +00:00
jkummerow
b4583c0444 [prototype user tracking] Don't skip JSGlobalProxies
For a prototype chain foo -> global_proxy -> global_object, we used to
register a dependency from foo -> global_object. This is incorrect when
the global_proxy/global_object pairing is modified, e.g. when navigating
in iframes. With this patch, we properly register foo -> global_proxy and
global_proxy -> global_object dependencies.
Additionally, when a prototype's prototype changes from null to something
else, this new usage relation must be registered if there are other users
further down on the prototype chain that might expect a complete chain of
registrations to exist (which was the case before, and must be preserved).

BUG=chromium:571517
LOG=n
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/1559323002

Cr-Commit-Position: refs/heads/master@{#33119}
2016-01-05 16:15:48 +00:00
mythria
47d7ae1154 [Interpreter] Pass correct closure argument when creating block context.
After this change, https://codereview.chromium.org/1475383002 we should
not pass Smi 0 for a closure and expect runtime to look it up. We should
pass the correct argument always.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1558153002

Cr-Commit-Position: refs/heads/master@{#33117}
2016-01-05 15:35:33 +00:00
sigurds
3b473d7aad [turbofan] Deopt support for escape analysis
Deopt support is added on two levels. On the IR level,
a new ObjectState node is added, which represenents an
object to be materialized. ObjectState nodes appear as
inputs of FrameState and StateValues nodes. On the
instruction select/code-generation level, the
FrameStateDescriptor class handles the nesting
introduced by ObjectState, and ensures that deopt code
with CAPTURED_OBJECT/DUPLICATED_OBJECT entries are
generated similarly to what crankshaft's escape
analysis does.

Two unittests test correctness of the IR level implementation.

Correctness for instruction selection / code generation
is tested by mjsunit tests.

R=jarin@chromium.org,mstarzinger@chromium.org
BUG=v8:4586
LOG=n

Review URL: https://codereview.chromium.org/1485183002

Cr-Commit-Position: refs/heads/master@{#33115}
2016-01-05 13:31:02 +00:00
mythria
a0a8b60643 [Interpreter] Adds support for wide variant of load/store lookup slots.
Adds implementation and tests for wide variant of load/store lookup slots.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1555063002

Cr-Commit-Position: refs/heads/master@{#33111}
2016-01-05 11:36:48 +00:00
bmeurer
065e9c536f [runtime] Migrate several Date builtins to C++.
Almost all of the Date builtins always call into C++ at least once
anyway, so parsing, compiling and executing the JavaScript wrappers
is just a waste of time.  The most important part here is the Date
constructor itself, which is one of the blockers for new.target in
TurboFan, because compiling the Date constructor takes too much time
with TurboFan (for no reason since we end up in C++ anway).

R=cbruni@chromium.org

Review URL: https://codereview.chromium.org/1556333002

Cr-Commit-Position: refs/heads/master@{#33109}
2016-01-05 11:05:50 +00:00
mvstanton
c89ddbb7bc Optimized TurboFan support for rest args.
R=bmeurer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1557883002

Cr-Commit-Position: refs/heads/master@{#33105}
2016-01-05 09:40:41 +00:00
machenbach
a48875c975 [test] Skip tests for ignition.
BUG=v8:4280
LOG=N
TBR=rmcilroy@chromium.org
NOTRY=true

Review URL: https://codereview.chromium.org/1555003004

Cr-Commit-Position: refs/heads/master@{#33104}
2016-01-05 08:50:12 +00:00
aseemgarg
7fdb0da001 Add do-while and conditional and mark non asm nodes as unreachable
TEST=asm-wasm.js
R=titzer@chromium.org,bradnelson@chromium.org
BUG=

Add for loop to asm-to-wasm

TEST=asm-wasm.js
R=titzer@chromium.org,bradnelson@google.com

Review URL: https://codereview.chromium.org/1530093002

Cr-Commit-Position: refs/heads/master@{#33101}
2016-01-04 23:47:08 +00:00
littledan
acbd64be36 Accept time zones like GMT-8 in the legacy date parser
In the Date constructor or Date.parse, other browsers will accept time
zones like GMT-8, but before this patch, Chrome would interpret 8 as
8 minutes. This patch interprets GMT-+ a one or two digit number as hours,
not minutes.

R=adamk,jshin@chromium.org
LOG=Y
BUG=chromium:422858

Review URL: https://codereview.chromium.org/1557053002

Cr-Commit-Position: refs/heads/master@{#33100}
2016-01-04 23:25:57 +00:00
jshin
4e18190e69 Timezone name check fix
1. Location names with more than one underscores (e.g. Ho_Chi_Minh)
   didn't work because of the way capturing works with repeated patterns
   in RE. It's now supported by changing the RE to capture the whole string
   and splitting on '_' in the next step.

2. Adds support for location names with a hyphen

3. Adds support for timezone ids with three parts (e.g.
   American/Argentina/Buenos_Aires)

4. Adds special handling of 'au', 'es' and 'of' in zone ids. They need to be kept in lowercase. (see the full list at https://en.wikipedia.org/wiki/List_of_tz_database_time_zones )

5. Adds regression tests for all the above and make the existing tests
   more robust against future ICU changes. ICU canonicalizes zone names to
   deprecated names, but it may change. (
   http://bugs.icu-project.org/trac/ticket/12044 )

BUG=364374
LOG=Y

Review URL: https://codereview.chromium.org/1529363005

Cr-Commit-Position: refs/heads/master@{#33097}
2016-01-04 21:48:04 +00:00
rmcilroy
af95a4dd3e [Interpreter] Add Ignition whitelist for cctests.
Adds an ignition whitelist for cctests.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1557893002

Cr-Commit-Position: refs/heads/master@{#33096}
2016-01-04 21:01:34 +00:00
littledan
fb5cbc2e2d Add a --harmony-species flag, defining @@species on constructors
This patch adds the basis for subclassing TypedArrays, Arrays and
ArrayBuffers through the @@species hook, added in ES2015. This is
the first patch in a series. This patch simply defines the
@@species Symbol and installs it on the appropriate constructors.
The behavior is guarded behind the --harmony-species flag.

R=cbruni
BUG=v8:4093
LOG=Y
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
TBR=hpayer@chromium.org

Review URL: https://codereview.chromium.org/1558543002

Cr-Commit-Position: refs/heads/master@{#33095}
2016-01-04 19:39:59 +00:00
caitpotter88
4f9471152c [promise] make Promise.resolve match spec
Fixes a number of test262 tests, including

- built-ins/Promise/resolve/resolve-from-promise-capability.js
- built-ins/Promise/resolve/context-non-object-with-promise.js
- built-ins/Promise/executor-function-length.js

BUG=v8:4633
LOG=N
R=littledan@chromium.org, cbruni@chromium.org

Review URL: https://codereview.chromium.org/1536013002

Cr-Commit-Position: refs/heads/master@{#33094}
2016-01-04 19:16:09 +00:00
oth
c958c98c4f [Interpreter] Bytecodes for exchanging registers.
New bytecodes for making registers with indicies wider than 1-byte
accessible.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1555713002

Cr-Commit-Position: refs/heads/master@{#33091}
2016-01-04 17:38:26 +00:00
rmcilroy
5b4626ad19 [Interpreter] Enable TurboFan for Ignition variant tests.
Adds --turbo to the set of flags run with ignition (making the
configuration pure Ignition+TurboFan except for fallbacks to
full-codegen for catch / eval). Also changes the default
--ignition-filter to allow everything, rather than omit everything.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1537433003

Cr-Commit-Position: refs/heads/master@{#33090}
2016-01-04 17:33:08 +00:00
machenbach
ee66506737 [test] Add ignition test set.
Add control for the ignition test suites. This will be
followed by a change on the infra side that targets the
ignition set instead of the hardcoded mjsunit.

After that, cctest can be enabled in a separate CL. This CL
already includes the logic for running cctest for ignition
on swarming.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1559943002

Cr-Commit-Position: refs/heads/master@{#33089}
2016-01-04 17:26:42 +00:00
jarin
964964541d [turbofan] Fix turbofan-enabling conditions.
This restricts turbofan to turbofan-supported subset for the shipping
configuration ("use asm" and features unsupported by Crankshaft).

Without this, we compile with Turbofan even when there is
try-catch-finally as long as the function is "use asm" or
it contains a feature unsupported by crankshaft but supported
by turbofan (e.g., 'with' statement).

BUG=

Review URL: https://codereview.chromium.org/1552233002

Cr-Commit-Position: refs/heads/master@{#33085}
2016-01-04 14:53:07 +00:00
bmeurer
fed2c416df Use JSObjectVerify instead of trying to reimplement parts of it.
R=verwaest@chromium.org
BUG=chromium:573857
LOG=n

Review URL: https://codereview.chromium.org/1551333002

Cr-Commit-Position: refs/heads/master@{#33083}
2016-01-04 13:50:06 +00:00
verwaest
09c41d9bfd ThrowTypeError should not be constructable, so shouldn't have a prototype.
In addition to ThrowTypeError not being a constructor, it was invalidly set up by simply swapping the map. Swapping the map is insufficient since NewFunction* actually set up the function depending on the used map.

BUG=chromium:573858
LOG=n

Review URL: https://codereview.chromium.org/1552223002

Cr-Commit-Position: refs/heads/master@{#33082}
2016-01-04 13:33:09 +00:00
Benedikt Meurer
5f6bcdaf12 [test] Blacklist mjsunit/regress/regress-417709a while Jaro is working on it.
TBR=jarin@chromium.org

Review URL: https://codereview.chromium.org/1555053002 .

Cr-Commit-Position: refs/heads/master@{#33080}
2016-01-04 12:29:24 +00:00
jarin
140f69d784 [turbofan] Add deopt point for InternalSetPrototype in VisitObjectLiteral.
BUG=572409
LOG=n

Review URL: https://codereview.chromium.org/1555023002

Cr-Commit-Position: refs/heads/master@{#33078}
2016-01-04 09:54:51 +00:00
Benedikt Meurer
2d997d8659 [turbofan] Blacklist test case which needs investigation.
TBR=jarin@chromium.org

Review URL: https://codereview.chromium.org/1557833002 .

Cr-Commit-Position: refs/heads/master@{#33077}
2016-01-04 09:29:14 +00:00
mythria
6d8979c779 [Interpreter] Fixes tests for wide bytecodes.
After this change (https://codereview.chromium.org/1507903004) to type feedback
vector, wide bytecodes for global/keyed/named load-stores were not generated due
to a change in the number of type feedback vector slots. This cl fixes tests to
generate wide bytecodes.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1546923002

Cr-Commit-Position: refs/heads/master@{#33076}
2016-01-04 09:23:55 +00:00
mythria
d5e849a1dd [Interpreter] Adds support for Load/Store LookupSlots to BytecodeGraphBuilder.
Adds support for loads and stores to lookup slots to BytecodeGraphBuilder.
Also adds tests for them.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1541143003

Cr-Commit-Position: refs/heads/master@{#33075}
2016-01-04 09:20:57 +00:00
bmeurer
70c4bf1331 [builtins] Migrate a bunch of Object builtins to C++.
The Object.freeze, Object.isExtensible, Object.isFrozen,
Object.isSealed, Object.preventExtensions and Object.seal builtins were
already implemented in C++, but they still had some funny JavaScript
wrappers that just called into the C++ implementation on every
(interesting) execution path.

Review URL: https://codereview.chromium.org/1553043002

Cr-Commit-Position: refs/heads/master@{#33074}
2016-01-04 08:11:07 +00:00
bmeurer
84a88a1bd0 [turbofan] Port Crankshaft's weak objects mechanism to TurboFan.
Use the same mechanism that is already available for Crankshaft to not
leak all kinds of things in TurboFan generated code. Long-term we will
support weakness in a better way, but for now, just use the
infrastructure that is already in place to avoid memory leaks via
TurboFan generated code.

R=jarin@chromium.org, ulan@chromium.org

Review URL: https://codereview.chromium.org/1555743003

Cr-Commit-Position: refs/heads/master@{#33073}
2016-01-04 07:12:35 +00:00
bmeurer
cb21144baf [es6] Unify ArrayBuffer and SharedArrayBuffer constructors.
Unify the constructors and isView methods for ArrayBuffer and
SharedArrayBuffer, moving them to C++ because there's no point
in having the JavaScript wrappers for them.

We choose to deliberately violate the ES2015 specification and
implement the ArrayBuffer constructor in a way that matches
Firefox and Safari instead.

CQ_INCLUDE_TRYBOTS=tryserver.blink:linux_blink_rel
BUG=chromium:565917, v8:4592
TBR=hpayer@chromium.org
R=cbruni@chromium.org
LOG=n

Committed: https://crrev.com/3235ccbb7826ceec2188f6ebab98fc851b54f60e
Cr-Commit-Position: refs/heads/master@{#32590}

Review URL: https://codereview.chromium.org/1500543002

Cr-Commit-Position: refs/heads/master@{#33072}
2016-01-01 07:13:16 +00:00
mvstanton
66b0d0315f Basic TurboFan support for rest arguments.
TurboFan can accept them, it calls a runtime function to initialize
the rest object as a JSArray.

BUG=
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1543253002

Cr-Commit-Position: refs/heads/master@{#33071}
2015-12-31 11:56:39 +00:00
littledan
a9c791009b Fix 'illegal access' in Date constructor edge case
In a rare edge case, a difference in checks between C++ and
JavaScript lead to an 'illegal access' being thrown by the Date
constructor. This patch harmonizes the checks from both sides.
It's possible that slightly larger dates could be permitted,
as the ECMAScript 2015 specification indicates that +287396-10-12
would be a permissible date in the note in
http://tc39.github.io/ecma262/#sec-extended-years
This patch does not revisit the limit, only clears up the
inconsistency.

BUG=v8:4640
R=cbruni
LOG=Y

Review URL: https://codereview.chromium.org/1545883003

Cr-Commit-Position: refs/heads/master@{#33068}
2015-12-30 23:54:59 +00:00
littledan
e549c7a356 Reland of Use ES2015-style TypedArray prototype chain (patchset #1 id:1 of https://codereview.chromium.org/1554523002/ )
Reason for revert:
Should be fixed again with this Blink change to add NeedsManualRebaseline

Original issue's description:
> Revert of Use ES2015-style TypedArray prototype chain (patchset #5 id:80001 of https://codereview.chromium.org/1541233002/ )
>
> Reason for revert:
> [Sheriff] Changes layout tests. Please fix upstream first if intended.
>
> https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/3689
>
> Original issue's description:
> > Use ES2015-style TypedArray prototype chain
> >
> > This patch switches TypedArrays to use the prototype chain described
> > in the ES2015 specification, which adds a %TypedArray% superclass above
> > all individual TypedArray types. Most methods are defined on the
> > superclass rather than the subclasses.
> >
> > In order to prevent a performance regression, a few methods are
> > marked as inline. Inlining might prevent code which was previously
> > monomorphic from becoming polymorphic, and it was specifically
> > applied in places where methods became more polymorphic than before.
> > Tests with realistic workloads would be nice to do before this
> > ships in stable.
> >
> > This patch does not bring TypedArrays up to full spec compliance. In
> > particular, @@species is not yet supported.
> >
> > R=cbruni
> > BUG=v8:4085
> > LOG=Y
> >
> > Committed: https://crrev.com/07c91dccbe55c7be3ec75857dee5ad59873330b7
> > Cr-Commit-Position: refs/heads/master@{#33050}
>
> TBR=caitpotter88@gmail.com,cbruni@chromium.org,littledan@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:4085
>
> Committed: https://crrev.com/28b55ffd1e32e09aaf42b8bbb407944d4808e07c
> Cr-Commit-Position: refs/heads/master@{#33053}

TBR=caitpotter88@gmail.com,cbruni@chromium.org,machenbach@chromium.org
BUG=v8:4085
LOG=Y

CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1558663002

Cr-Commit-Position: refs/heads/master@{#33067}
2015-12-30 22:14:16 +00:00
littledan
797d1090ae Reland "Clean up promises and fix an edge case bug (patchset #4 id:60001 of https://codereview.chromium.org/1488783002/ )"
This patch relands a change to ES2015 Promises which brings us closer to
spec compliance. In this new version, a bug which would lose async callstack
data was fixed.

R=adamk
CC=rossberg,caitp
LOG=Y
BUG=v8:3641
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1538663002

Cr-Commit-Position: refs/heads/master@{#33065}
2015-12-30 20:47:37 +00:00
ishell
bae0d6c8dc [crankshaft] Don't inline array resize operations if receiver's proto is not a JSObject.
BUG=chromium:571064
LOG=Y
TBR=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1548363003

Cr-Commit-Position: refs/heads/master@{#33058}
2015-12-29 14:35:18 +00:00
ishell
c1aded3c4b [ic] Fixed receiver_map register trashing in KeyedStoreIC megamorphic.
BUG=chromium:571370
LOG=Y

Review URL: https://codereview.chromium.org/1546323002

Cr-Commit-Position: refs/heads/master@{#33057}
2015-12-29 12:52:13 +00:00
bmeurer
2fcf3aa62c Only verify in-object fields in fast properties case.
This matches the behavior of JSObject::JSObjectVerify() and seems to be
the current contract for --verify-heap.

BUG=chromium:572590
LOG=n

Review URL: https://codereview.chromium.org/1553463002

Cr-Commit-Position: refs/heads/master@{#33056}
2015-12-29 11:20:52 +00:00
machenbach
2545f18851 [test] Skip tests for ignition.
NOTRY=true
TBR=rmcilroy@chromium.org, littledan@chromium.org

Review URL: https://codereview.chromium.org/1552663002

Cr-Commit-Position: refs/heads/master@{#33054}
2015-12-29 08:51:03 +00:00
machenbach
28b55ffd1e Revert of Use ES2015-style TypedArray prototype chain (patchset #5 id:80001 of https://codereview.chromium.org/1541233002/ )
Reason for revert:
[Sheriff] Changes layout tests. Please fix upstream first if intended.

https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/3689

Original issue's description:
> Use ES2015-style TypedArray prototype chain
>
> This patch switches TypedArrays to use the prototype chain described
> in the ES2015 specification, which adds a %TypedArray% superclass above
> all individual TypedArray types. Most methods are defined on the
> superclass rather than the subclasses.
>
> In order to prevent a performance regression, a few methods are
> marked as inline. Inlining might prevent code which was previously
> monomorphic from becoming polymorphic, and it was specifically
> applied in places where methods became more polymorphic than before.
> Tests with realistic workloads would be nice to do before this
> ships in stable.
>
> This patch does not bring TypedArrays up to full spec compliance. In
> particular, @@species is not yet supported.
>
> R=cbruni
> BUG=v8:4085
> LOG=Y
>
> Committed: https://crrev.com/07c91dccbe55c7be3ec75857dee5ad59873330b7
> Cr-Commit-Position: refs/heads/master@{#33050}

TBR=caitpotter88@gmail.com,cbruni@chromium.org,littledan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4085

Review URL: https://codereview.chromium.org/1554523002

Cr-Commit-Position: refs/heads/master@{#33053}
2015-12-29 08:43:29 +00:00
littledan
07c91dccbe Use ES2015-style TypedArray prototype chain
This patch switches TypedArrays to use the prototype chain described
in the ES2015 specification, which adds a %TypedArray% superclass above
all individual TypedArray types. Most methods are defined on the
superclass rather than the subclasses.

In order to prevent a performance regression, a few methods are
marked as inline. Inlining might prevent code which was previously
monomorphic from becoming polymorphic, and it was specifically
applied in places where methods became more polymorphic than before.
Tests with realistic workloads would be nice to do before this
ships in stable.

This patch does not bring TypedArrays up to full spec compliance. In
particular, @@species is not yet supported.

R=cbruni
BUG=v8:4085
LOG=Y

Review URL: https://codereview.chromium.org/1541233002

Cr-Commit-Position: refs/heads/master@{#33050}
2015-12-28 17:28:54 +00:00
littledan
9c304f1e78 Guard the property RegExp.prototype.unicode behind --harmony-regexp-unicode
When the 'y' flag was shipped, the property RegExp.prototype.unicode was
accidentally also shipped. However, the existence of this property should
be a usable feature testing point. This patch adds the 'unicode' getter on
RegExp.prototype only if the --harmony-regexp-unicode flag is turned on.

R=cbruni
CC=yangguo
BUG=v8:4644
LOG=Y

Review URL: https://codereview.chromium.org/1550713002

Cr-Commit-Position: refs/heads/master@{#33049}
2015-12-28 16:38:54 +00:00
machenbach
47cb4b2c7f [test] Skip flaky test for ignition.
This crashes flakily. Leftover from
e7373f4285

NOTRY=true
TBR=bmeurer@chromium.org, rmcilroy@chromium.org, mythria@chromium.org,

Review URL: https://codereview.chromium.org/1544363002

Cr-Commit-Position: refs/heads/master@{#33047}
2015-12-28 07:37:33 +00:00
bmeurer
97def8070c [runtime] Introduce dedicated JSBoundFunction to represent bound functions.
According to the ES2015 specification, bound functions are exotic
objects, and thus don't need to be implemented as JSFunctions. So
we introduce a new JSBoundFunction type to represent bound functions
and make them optimizable. This already improves the performance of
calling or constructing bound functions by 10-100x depending on the
use case because we avoid the crazy dance between JavaScript and C++
that was implemented in v8natives.js previously.

There's still room for improvement in the performance of actually
creating bound functions, which is also relevant in practice, but
we already have a plan how to accomplish that later.

The mips/mips64 ports were contributed by akos.palfi@imgtec.com.

CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
BUG=chromium:535408, chromium:571299, v8:4629
LOG=n

Committed: https://crrev.com/ca8623eaa468cba65a5adafcdfb4615966f43ce2
Cr-Commit-Position: refs/heads/master@{#33042}

Review URL: https://codereview.chromium.org/1542963002

Cr-Commit-Position: refs/heads/master@{#33044}
2015-12-27 06:31:44 +00:00
bmeurer
1cf8b105d6 Revert of [runtime] Introduce dedicated JSBoundFunction to represent bound functions. (patchset #14 id:260001 of https://codereview.chromium.org/1542963002/ )
Reason for revert:
Breaks arm64 sim nosnap: https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20nosnap%20-%20debug/builds/805/steps/Check/logs/function-bind

Original issue's description:
> [runtime] Introduce dedicated JSBoundFunction to represent bound functions.
>
> According to the ES2015 specification, bound functions are exotic
> objects, and thus don't need to be implemented as JSFunctions. So
> we introduce a new JSBoundFunction type to represent bound functions
> and make them optimizable. This already improves the performance of
> calling or constructing bound functions by 10-100x depending on the
> use case because we avoid the crazy dance between JavaScript and C++
> that was implemented in v8natives.js previously.
>
> There's still room for improvement in the performance of actually
> creating bound functions, which is also relevant in practice, but
> we already have a plan how to accomplish that later.
>
> The mips/mips64 ports were contributed by akos.palfi@imgtec.com.
>
> CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
> BUG=chromium:535408, chromium:571299, v8:4629
> LOG=n
>
> Committed: https://crrev.com/ca8623eaa468cba65a5adafcdfb4615966f43ce2
> Cr-Commit-Position: refs/heads/master@{#33042}

TBR=cbruni@chromium.org,hpayer@chromium.org,yangguo@chromium.org,akos.palfi@imgtec.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:535408, chromium:571299, v8:4629

Review URL: https://codereview.chromium.org/1552473002

Cr-Commit-Position: refs/heads/master@{#33043}
2015-12-27 04:42:13 +00:00
bmeurer
ca8623eaa4 [runtime] Introduce dedicated JSBoundFunction to represent bound functions.
According to the ES2015 specification, bound functions are exotic
objects, and thus don't need to be implemented as JSFunctions. So
we introduce a new JSBoundFunction type to represent bound functions
and make them optimizable. This already improves the performance of
calling or constructing bound functions by 10-100x depending on the
use case because we avoid the crazy dance between JavaScript and C++
that was implemented in v8natives.js previously.

There's still room for improvement in the performance of actually
creating bound functions, which is also relevant in practice, but
we already have a plan how to accomplish that later.

The mips/mips64 ports were contributed by akos.palfi@imgtec.com.

CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
BUG=chromium:535408, chromium:571299, v8:4629
LOG=n

Review URL: https://codereview.chromium.org/1542963002

Cr-Commit-Position: refs/heads/master@{#33042}
2015-12-26 20:28:17 +00:00
jarin
bafb568b6e [turbofan] Add Int64(Add|Sub)WithOverflow support.
Review URL: https://codereview.chromium.org/1544743004

Cr-Commit-Position: refs/heads/master@{#33039}
2015-12-24 18:51:26 +00:00
paul.lind
ac33eaba10 MIPS: Remove clang-format-off from assembler tests.
Per request in https://codereview.chromium.org/1047213002/

These files will continue to have a lot of churn in next two months
as we finish support for MIPS r6 instruction set. When things settle
down, we will do a clang-format --full to clean them up. For now,
we'd prefer to be able to do easy diffs, and will do incremental
re-formats as we make changes.

BUG=

Review URL: https://codereview.chromium.org/1546973003

Cr-Commit-Position: refs/heads/master@{#33038}
2015-12-24 14:17:57 +00:00
ishell
5b3fbf231c Ensure that all non-stable maps created by Map::AddMissingTransitions() are marked as such.
BUG=chromium:570131
LOG=N

Review URL: https://codereview.chromium.org/1546933002

Cr-Commit-Position: refs/heads/master@{#33029}
2015-12-23 15:35:03 +00:00
hablich
953c35f651 [Test] Skip tests crashing with ignition
NOTRY=true
TBR=rmcilroy,machenbach

Review URL: https://codereview.chromium.org/1547913003

Cr-Commit-Position: refs/heads/master@{#33027}
2015-12-23 13:03:53 +00:00
Michael Hablich
df7fe6af21 [Test] Mark flaky test cctest/test-lockers/LockAndUnlockDifferentIsolates for real
BUG=v8:4642
LOG=N
NOTRY=true
TBR=machenbach@chromium.org,mvstanton@chromium.org

Review URL: https://codereview.chromium.org/1549663004 .

Cr-Commit-Position: refs/heads/master@{#33025}
2015-12-23 12:31:50 +00:00
mvstanton
d3f074b231 Partial revert of rest parameter desugaring.
We'll be able to optimize rest parameters in TurboFan similarly to the arguments array. This CL restores the previous behavior, and a follow-on will enable TurboFan optimization.

(TBR for rossberg since we discussed the revert beforehand. The only changes are a few lines related to tests and rebasing.)

TBR=rossberg@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1537683002

Cr-Commit-Position: refs/heads/master@{#33024}
2015-12-23 12:07:26 +00:00
hablich
f6d90a6365 [Test] Skip tests crashing on ignition
NOTRY=true
TBR=rmcilroy,machenbach

Review URL: https://codereview.chromium.org/1541373002

Cr-Commit-Position: refs/heads/master@{#33022}
2015-12-23 10:06:07 +00:00
hablich
2cea136a87 [Test] Mark flaky test cctest/test-lockers/LockAndUnlockDifferentIsolates
BUG=v8:4642
LOG=N
NOTRY=true
R=machenbach@chromium.org,mvstanton@chromium.org

Review URL: https://codereview.chromium.org/1542253002

Cr-Commit-Position: refs/heads/master@{#33021}
2015-12-23 10:03:18 +00:00
mythria
87dee75e1f [Interpreter] Updates load/store global and named property to accept variable name.
Changes LoadGlobal, StoreGlobal, LoadNamedProperty, and StoreNamedProperty to accept
the name of variable instead of index into the constant pool entry. Also made
GetConstantPoolEntry as a private function since it is no longer used outside of
BytecodeArrayBuilder.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1546643002

Cr-Commit-Position: refs/heads/master@{#33020}
2015-12-23 09:34:41 +00:00
mythria
6eb00e4ad3 [Interpreter] Adds support for DeleteLookupSlot to Interpreter.
Adds support for deleting a variable in a lookup slot. Adds a new bytecode,
its implementation and tests. Also adds support for this bytecode to the
bytecode graph builder.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1542083002

Cr-Commit-Position: refs/heads/master@{#33019}
2015-12-23 09:11:50 +00:00
cbruni
88b58591ac [proxies] Expose proxies in the API
Add API-accessors for [[ProxyTarget]], [[ProxyHandler]]. Additionally
create new proxies and revoke proxies via the API.

BUG=v8:1543
LOG=n

Review URL: https://codereview.chromium.org/1542943002

Cr-Commit-Position: refs/heads/master@{#33013}
2015-12-22 16:37:24 +00:00
bmeurer
d1d4fa20b0 [runtime] Also migrate the Function and GeneratorFunction constructors to C++.
These constructors always go through C++ at least twice anyway, so
there's not really a point in trying to implement them in JavaScript.

R=yangguo@chromium.org
BUG=chromium:535408
LOG=n

Review URL: https://codereview.chromium.org/1548623002

Cr-Commit-Position: refs/heads/master@{#33012}
2015-12-22 14:15:53 +00:00
yangguo
b00d9e25bf [debugger] step on every assignment in destructuring bind.
R=caitpotter88@gmail.com, littledan@chromium.org

Review URL: https://codereview.chromium.org/1542813003

Cr-Commit-Position: refs/heads/master@{#33009}
2015-12-22 13:29:33 +00:00
cbruni
e10fdbed6d [proxies] Limit recursive proxy prototype lookups to 100'000
Creating proto-recursive proxies might lead to instanceof while-looping
endlessly in Object::HasInPrototypeChain (For traps we already have stack
guards in place to prevent stack overflows). We prevent this by limiting
the number of proxies we visit in PrototypeIterator to a magic large number.

LOG=n
BUG=v8:1534

Review URL: https://codereview.chromium.org/1542583003

Cr-Commit-Position: refs/heads/master@{#33007}
2015-12-22 12:52:57 +00:00
mythria
e7373f4285 [Interpreter] Allocates new temporary register outside the reservation for consecutive registers.
Consecutive registers are allocated in two passes. First we "reserve"
a set of registers and these get allocated when we actually use them.
If we request for a temporary register before we use all the consecutive
registers, the earlier implementation does not gaurantee that it allocates
outside the reservation for consecutive registers. This could cause problems
for example, in call_func(a, b++, c). This cl fixes
TemporaryRegisterScope::NewRegister, to return a new temporary register
outside the reservation for consecutive registers.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1531273002

Cr-Commit-Position: refs/heads/master@{#33005}
2015-12-22 09:26:25 +00:00
mythria
5dd3122c63 [Interpreter] Adds support for CreateArguments to BytecodeGraphBuilder.
Adds implementation and tests for CreateMappedArguments and
CreateUnmappedArguments to bytecode graph builder.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1490283003

Cr-Commit-Position: refs/heads/master@{#33004}
2015-12-22 09:25:28 +00:00
littledan
424ef009a5 Reland of Add web compat workarounds for ES2015 RegExp semantics (patchset #3 id:40001 of https://codereview.chromium.org/1543723002/ )
Unexpectedly, websites depend on doing feature testing with
RegExp.prototype.sticky and browser testing with RegExp.prototype.toString().
ES2015 newly throws exceptions for both of these. In order to enable shipping
new ES2015 semantics, this patch puts in narrow workarounds for those two
cases, keeping their old behavior. UseCounters are added for how often
those particular cases come up, so we can see if it can be deprecated.

This reland replaces problematic legacy const usage with var, to
avoid issues with nosnap builds.

R=yangguo
CC=bmeurer
BUG=v8:4637,v8:4617
LOG=Y
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1545633002

Cr-Commit-Position: refs/heads/master@{#33002}
2015-12-22 09:16:56 +00:00
yangguo
831b7ee3aa [debugger] step on every assignment in a destructuring assignment.
R=caitpotter88@gmail.com, littledan@chromium.org
BUG=v8:811
LOG=N

Review URL: https://codereview.chromium.org/1533313002

Cr-Commit-Position: refs/heads/master@{#33000}
2015-12-22 08:21:33 +00:00
bmeurer
08a1d1a288 Revert of Add web compat workarounds for ES2015 RegExp semantics (patchset #3 id:40001 of https://codereview.chromium.org/1543723002/ )
Reason for revert:
Breaks nosnap: http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap/builds/5883

Original issue's description:
> Add web compat workarounds for ES2015 RegExp semantics
>
> Unexpectedly, websites depend on doing feature testing with
> RegExp.prototype.sticky and browser testing with RegExp.prototype.toString().
> ES2015 newly throws exceptions for both of these. In order to enable shipping
> new ES2015 semantics, this patch puts in narrow workarounds for those two
> cases, keeping their old behavior. UseCounters are added for how often
> those particular cases come up, so we can see if it can be deprecated.
>
> R=yangguo
> BUG=v8:4637,v8:4617
> LOG=Y
> CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
>
> Committed: https://crrev.com/98f819c3e0c92d54a306cdacadda73cf96d21b52
> Cr-Commit-Position: refs/heads/master@{#32997}

TBR=yangguo@google.com,yangguo@chromium.org,littledan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4637,v8:4617

Review URL: https://codereview.chromium.org/1546493003

Cr-Commit-Position: refs/heads/master@{#32999}
2015-12-22 07:37:59 +00:00
littledan
98f819c3e0 Add web compat workarounds for ES2015 RegExp semantics
Unexpectedly, websites depend on doing feature testing with
RegExp.prototype.sticky and browser testing with RegExp.prototype.toString().
ES2015 newly throws exceptions for both of these. In order to enable shipping
new ES2015 semantics, this patch puts in narrow workarounds for those two
cases, keeping their old behavior. UseCounters are added for how often
those particular cases come up, so we can see if it can be deprecated.

R=yangguo
BUG=v8:4637,v8:4617
LOG=Y
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1543723002

Cr-Commit-Position: refs/heads/master@{#32997}
2015-12-22 06:36:17 +00:00
littledan
492d93a03f test262 roll, as of 17-12-2015
Review URL: https://codereview.chromium.org/1539843003

Cr-Commit-Position: refs/heads/master@{#32994}
2015-12-22 05:04:24 +00:00
hablich
4fb5a9ff4f [ES6] Stage sloppy function block scoping
The Inbox problem got resolved so staging is ok.

BUG=v8:3305
LOG=Y
R=adamk@chromium.org, littledan@chromium.org,rossberg@chromium.org

Review URL: https://codereview.chromium.org/1538243002

Cr-Commit-Position: refs/heads/master@{#32992}
2015-12-21 23:08:09 +00:00
caitpotter88
76f6d2a3c8 [es6] use correct --harmony-destructuring-assignment flag when preparsing
BUG=v8:811, v8:4636
LOG=N
R=adamk@chromium.org, yangguo@chromium.org

Review URL: https://codereview.chromium.org/1544483002

Cr-Commit-Position: refs/heads/master@{#32991}
2015-12-21 20:13:46 +00:00
zhengxing.li
dd31b080f2 X87: Change the test case for X87 RunFloat64Add and RunFloat64Sub
The CL #32908 (https://codereview.chromium.org/1526293002) updated the Float64 test data and cause the RunFloat64Add and RunFloat64Sub test cases failed.

  The reason is same as the CL #31808 (issue 1430943002,  X87: Change the test case for X87 float operations), please refer: https://codereview.chromium.org/1430943002/

  Here is the key comments from CL #31808
  Some new test cases use CheckFloatEq(...) and CheckDoubleEq(...) function for result check. When GCC compiling the CheckFloatEq() and CheckDoubleEq() function,
  those inlined functions has different behavior comparing with GCC ia32 build and x87 build.
  The major difference is sse float register still has single precision rounding semantic. While X87 register has no such rounding precsion semantic when directly use register value.
  The V8 turbofan JITTed has exactly same result in both X87 and IA32 port.

  So we add the following sentence to do type case to keep the same precision for RunFloat64Add and RunFloat64Sub.
  Such as: volatile double  expect = *i +/- *j; // *i +/- *j, etc.

BUG=

Review URL: https://codereview.chromium.org/1533593003

Cr-Commit-Position: refs/heads/master@{#32988}
2015-12-21 15:49:43 +00:00
oth
4926be6eb2 [Interpreter] Implement ForIn in bytecode graph builder.
A pre-requisite for this change was changing the interpreter to use
Runtime::ForInStep to bring the interpreter implementation closer
to the turbofan implementation. Also required to flatten out the
cache parameters into the interpreter frame for de-opt.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1531693002

Cr-Commit-Position: refs/heads/master@{#32986}
2015-12-21 13:31:14 +00:00
ahaas
dcac1f144e [wasm] Fixed float-to-int32 conversion to match the spec.
The new implementation detects if the input value is outside i32 range
and traps it that case.

The range check is done as follows:
The input value is converted to int32 and then back to float. If the
result is the same as the truncated input value, then the input value
is within int32 range.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1537393003

Cr-Commit-Position: refs/heads/master@{#32984}
2015-12-21 10:53:16 +00:00
ivica.bogosavljevic
108d52645a MIPS: Fix uninitialized upper word bits for Cvt_d_uw macro.
After Cvt_d_uw macro, upper 32 bits of the output remain
unitnitialized which caused flaky failures on some tests on
MIPS32R6

TEST=cctest/test-assembler-mips/MIPS13,mjsunit/asm/int32-umod
BUG=

Review URL: https://codereview.chromium.org/1537973002

Cr-Commit-Position: refs/heads/master@{#32983}
2015-12-21 10:49:35 +00:00
mlippautz
a4e3a3b6a8 [heap] Move to LAB-based allocation for newspace evacuation.
This CL prepare newspace evacuation for parallel execution wrt. to actual
allocations. The priority for allocations is:
* Try to allocate from LAB if objects are below kMaxLabObjectSize
* Allocate directly (synchronized) from newspace for larger objects.
* Fall back to old space allocation (which will be backed by a local compaction
  space in future).

Semantical change: Previously we did fall back to regular new space promotion if
we are OOM in old space. With this CL we fall back to new space promotion, which
could fail because of fragmentation, again leading to an old space allocation
that finally bails into OOM.

Newspace evacuation is still single threaded and requires further changes to
allocation site tracking.

BUG=chromium:524425
LOG=N

Review URL: https://codereview.chromium.org/1487853002

Cr-Commit-Position: refs/heads/master@{#32970}
2015-12-18 18:33:50 +00:00
dusan.m.milosavljevic
7bc8fac472 MIPS: [turbofan] Optimize Float32 to Int32 rep. changes with Float32 round ops.
TEST=unittests/InstructionSelectorTest.CombineChangeFloat32ToInt32WithRoundFloat32,
     ChangeFloat64ToInt32OfChangeFloat32ToFloat64, TruncateFloat64ToFloat32OfChangeInt32ToFloat64
BUG=

Review URL: https://codereview.chromium.org/1520503002

Cr-Commit-Position: refs/heads/master@{#32969}
2015-12-18 16:12:51 +00:00
jkummerow
d30693880c Stage Proxies and Reflect behind --harmony flag
BUG=v8:1543,v8:3931
LOG=y

Review URL: https://codereview.chromium.org/1528423002

Cr-Commit-Position: refs/heads/master@{#32967}
2015-12-18 11:12:01 +00:00
yangguo
67bd94508c [debugger] simplify stepping logic.
Now that we do not support arbitrary step count anymore, we can
make this a lot easier.

R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1539483002

Cr-Commit-Position: refs/heads/master@{#32966}
2015-12-18 10:34:32 +00:00
rmcilroy
32211800d8 [Interpreter] Generate valid FrameStates in the Bytecode Graph Builder.
Adds FrameState nodes to graphs built by the Bytecode Graph Builder, in
preparation for adding deopt support. Also adds a new
FrameStateType::kInterpretedFunction to allow for specialized deopt
stack translation for interpreted frames. Finally adds support for
disabling typed lowering of binary ops, since the current approach
relies on a FrameState hack which does not apply to interpreted frames

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1514413002

Cr-Commit-Position: refs/heads/master@{#32964}
2015-12-18 08:41:25 +00:00
fmeawad
70a7c754bf Implement tracing interface for v8
This is based on the Skia Implementation.

More on the project can be found here:
https://docs.google.com/a/chromium.org/document/d/1_4LAnInOB8tM_DLjptWiszRwa4qwiSsDzMkO4tU-Qes/edit#heading=h.p97rw6yt8o2j

The V8 Tracing platform will replace the isolate->event_logger().
But since the current embedders (namely chromium) currently use the isolate->event_logger, I made the default implementation (event-tracer) call into isolate->event_logger if an event_logger was set.
Once the embedders properly implement the interface (for example in chromium it would look like this: https://codereview.chromium.org/707273005/), the default implementation will be doing nothing.

Once the embedders side is fixed, we will change how V8 uses the tracing framework beyond the call from Logger:CallEventLogger. (which would also include a d8 implementation)

BUG=v8:4560
LOG=N

Review URL: https://codereview.chromium.org/988893003

Cr-Commit-Position: refs/heads/master@{#32959}
2015-12-17 18:48:35 +00:00
machenbach
2a09d7f9b5 Revert of Remove wasm compile time option and enable wasm behind a runtime flag. (patchset #54 id:1050001 of https://codereview.chromium.org/1516753007/ )
Reason for revert:
[Sheriff] Some build failures, e.g.:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20shared/builds/7502

Original issue's description:
> Remove wasm compile time option and enable wasm behind a runtime flag.
>
> R=titzer@chromium.org
> BUG=
>
> Committed: https://crrev.com/153f2bd47cce9d5dfa74074dda34c02731d96924
> Cr-Commit-Position: refs/heads/master@{#32955}

TBR=titzer@chromium.org,bradnelson@google.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1531073003

Cr-Commit-Position: refs/heads/master@{#32957}
2015-12-17 17:59:00 +00:00
ishell
37b5ebc31d Fix UTC offset computation in date parser.
BUG=chromium:561973
LOG=N

Review URL: https://codereview.chromium.org/1532573003

Cr-Commit-Position: refs/heads/master@{#32956}
2015-12-17 16:29:33 +00:00
bradnelson
153f2bd47c Remove wasm compile time option and enable wasm behind a runtime flag.
R=titzer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1516753007

Cr-Commit-Position: refs/heads/master@{#32955}
2015-12-17 16:04:57 +00:00
bradnelson
d9ffa30563 Fixing more wasm warnings.
R=ahaas@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1536663002

Cr-Commit-Position: refs/heads/master@{#32952}
2015-12-17 14:55:16 +00:00
verwaest
01b8e7c7f6 Throw TypeError when reading global references through a JSProxy
Allowing global references to be read through a proxy results in cross-origin information leaks. The ES6 spec currently does not mitigate this in any way. This CL adds a workaround that's easy for V8: throw whenever an unresolved reference would result in a proxy trap to be fired. I'm landing this so we can move forwards with staging proxies without putting users of --harmony at risk.

BUG=chromium:399951
LOG=n

Review URL: https://codereview.chromium.org/1529303003

Cr-Commit-Position: refs/heads/master@{#32949}
2015-12-17 14:37:41 +00:00
bradnelson
879b21a43a Have WasmModule free it's own memory.
Make WasmModule free it's own memory, avoid mixing stack and
heap allocations in tests. This fixes several memory leaks.

Fix several signed compare issues.
Fix several floating point warnings.

Don't setup heap as external, as then the GC can't collect it.

Disable some tests that fail under ASAN.

R=ahaas@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1538543002

Cr-Commit-Position: refs/heads/master@{#32948}
2015-12-17 13:27:34 +00:00
verwaest
d64dc800db Return CallSite numbers as Number rather than Smi
BUG=chromium:570651
LOG=n

Review URL: https://codereview.chromium.org/1532083002

Cr-Commit-Position: refs/heads/master@{#32947}
2015-12-17 13:17:42 +00:00
neis
641cdd3067 [proxies] Fix Object.prototype.hasOwnProperty
It must call the 'getOwnPropertyDescriptor' trap, not the 'has' trap.

R=cbruni@chromium.org, jkummerow@chromium.org
BUG=v8:1543
LOG=n

Review URL: https://codereview.chromium.org/1532723005

Cr-Commit-Position: refs/heads/master@{#32944}
2015-12-17 12:12:10 +00:00
bradnelson
eccce9b755 Fix memory leaks and compiler incompatibilities in wasm unittests.
Fixing several memory leaks in wasm unittests.
Avoiding std::vector::data() as it isn't supported on all
compilers on the bots.
Use EXCEPT_TRUE / EXPECT_FALSE to avoid warnings on some compilers when testing boolean equality.

R=ahaas@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1536603003

Cr-Commit-Position: refs/heads/master@{#32940}
2015-12-17 11:38:56 +00:00
bradnelson
98d4fbfb2d Add --enable-wasm to wasm tests.
In preparation for switching wasm from a compile to
a runtime option, add the runtime flag to all mjsunit tests.

R=ahaas@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1537643002

Cr-Commit-Position: refs/heads/master@{#32938}
2015-12-17 10:54:55 +00:00
ahaas
0794c3c9b9 [turbofan] Fixed the second return value of TryTruncateFloatXXToUint64.
As required by the spec, the second return value now returns success
also for the range between 0 and -1 where the conversion results in 0.

R=bradnelson@chromium.org, mstarzinger@chromium.org, v8-arm-ports@googlegroups.com, v8-mips-ports@googlegroups.com

Review URL: https://codereview.chromium.org/1533503002

Cr-Commit-Position: refs/heads/master@{#32936}
2015-12-17 10:24:54 +00:00
neis
0d83aad557 [proxies] Correctly handle proxies in Function.prototype.bind
- Before getting the length property, we must check for it
  using [[GetOwnProperty]].  Also, if the obtained length
  is a number, we must properly convert it to an integer.

- In order to get the prototype we must use [[GetPrototypeOf]],
  and do so before checking the length.

R=cbruni@chromium.org, jkummerow@chromium.org
BUG=v8:1543
LOG=n

Review URL: https://codereview.chromium.org/1530893002

Cr-Commit-Position: refs/heads/master@{#32934}
2015-12-17 09:07:57 +00:00
paul.lind
a0c7e25f99 Update MIPS owners.
Add Ivica B.

NOTRY=true

Review URL: https://codereview.chromium.org/1525413003

Cr-Commit-Position: refs/heads/master@{#32933}
2015-12-17 09:07:00 +00:00
Benedikt Meurer
5bd4832492 [es6] Correct Function.prototype.apply, Reflect.construct and Reflect.apply.
Introduce a new Apply builtin that forms a correct and optimizable
foundation for the Function.prototype.apply, Reflect.construct and
Reflect.apply builtins (which properly does the PrepareForTailCall
as required by the ES2015 spec).

The new Apply builtin avoids going to the runtime if it is safe to
just access the backing store elements of the argArray, i.e. if you
pass a JSArray with no holes, or an unmapped, unmodified sloppy or
strict arguments object.

mips/mips64 ports by Balazs Kilvady <balazs.kilvady@imgtec.com>

CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux64_tsan_rel
BUG=v8:4413, v8:4430
LOG=n
R=yangguo@chromium.org

Committed: e4d2538911

Review URL: https://codereview.chromium.org/1523753002 .

Cr-Commit-Position: refs/heads/master@{#32929}
2015-12-17 08:41:19 +00:00
Benedikt Meurer
567c24d947 Revert of [es6] Correct Function.prototype.apply, Reflect.construct and Reflect.apply. (patchset #5 id:80001 of https://codereview.chromium.org/1523753002/ )
Reason for revert:
Breaks TSAN somewhow: http://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN/builds/7000

Original issue's description:
> [es6] Correct Function.prototype.apply, Reflect.construct and Reflect.apply.
>
> Introduce a new Apply builtin that forms a correct and optimizable
> foundation for the Function.prototype.apply, Reflect.construct and
> Reflect.apply builtins (which properly does the PrepareForTailCall
> as required by the ES2015 spec).
>
> The new Apply builtin avoids going to the runtime if it is safe to
> just access the backing store elements of the argArray, i.e. if you
> pass a JSArray with no holes, or an unmapped, unmodified sloppy or
> strict arguments object.
>
> mips/mips64 ports by Balazs Kilvady <balazs.kilvady@imgtec.com>
>
> CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
> BUG=v8:4413, v8:4430
> LOG=n
> R=yangguo@chromium.org
>
> Committed: e4d2538911

TBR=yangguo@chromium.org,paul.lind@imgtec.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4413, v8:4430

Review URL: https://codereview.chromium.org/1533803002 .

Cr-Commit-Position: refs/heads/master@{#32928}
2015-12-17 08:06:37 +00:00
Benedikt Meurer
e4d2538911 [es6] Correct Function.prototype.apply, Reflect.construct and Reflect.apply.
Introduce a new Apply builtin that forms a correct and optimizable
foundation for the Function.prototype.apply, Reflect.construct and
Reflect.apply builtins (which properly does the PrepareForTailCall
as required by the ES2015 spec).

The new Apply builtin avoids going to the runtime if it is safe to
just access the backing store elements of the argArray, i.e. if you
pass a JSArray with no holes, or an unmapped, unmodified sloppy or
strict arguments object.

mips/mips64 ports by Balazs Kilvady <balazs.kilvady@imgtec.com>

CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
BUG=v8:4413, v8:4430
LOG=n
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/1523753002 .

Cr-Commit-Position: refs/heads/master@{#32927}
2015-12-17 07:47:40 +00:00
Benedikt Meurer
aafc3e5484 [runtime] Drop FIRST/LAST_NONCALLABLE_SPEC_OBJECT instance type range.
The FIRST-LAST_NONCALLABLE_SPEC_OBJECT_TYPE range was accidentially used
in field type tracking, where we should check for JSReceiver instead
(there's no need to exclude JSProxy or JSFunction from tracking).

And the use in %_ClassOf was actually wrong and didn't match the C++
implementation in JSReceiver::class_name() anymore. Now it's consistent
again.

R=yangguo@chromium.org
BUG=chromium:535408
LOG=n

Review URL: https://codereview.chromium.org/1535523003 .

Cr-Commit-Position: refs/heads/master@{#32926}
2015-12-17 06:20:01 +00:00
mythria
a4162898d8 [Interpreter] Add support for Load / Store to Lookup slots.
Adds support for loading and storing lookup variables.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1524803003

Cr-Commit-Position: refs/heads/master@{#32913}
2015-12-16 17:25:00 +00:00
oth
d0304f91ee [Interpreter] Add support for break statements in labelled blocks.
BUG=V8:4280
LOG=N

Review URL: https://codereview.chromium.org/1524893003

Cr-Commit-Position: refs/heads/master@{#32912}
2015-12-16 17:06:30 +00:00
oth
d3168202f5 [Interpreter] Local flow control in the bytecode graph builder.
This change adds support for local control flow when building graphs
from bytecode. The change ensures loop emitted from the bytecode
generator are in natural order so the only back branches are for loops.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1502243002

Cr-Commit-Position: refs/heads/master@{#32911}
2015-12-16 16:29:45 +00:00
mvstanton
6540e736f3 Bugfix: Make sure not to overwrite the empty optimized code map root.
BUG=chromium:568765
LOG=N
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1534453002

Cr-Commit-Position: refs/heads/master@{#32910}
2015-12-16 16:28:02 +00:00
akodat
aeb8073c4a Add Isolate::DiscardThreadSpecificMetadata method to embedder API.
If many threads use the same Isolate (or many Isolates) and then
terminate, their PerIsolateThreadData objects are never cleaned
up, resulting in a slow memory leak and, worse, the
PerIsolateThreadData chain getting larger and larger, adversely
affecting performance.

In this situation, embedders will now be encouraged to apply
DiscardThreadSpecificMetadata against any Isolate a thread is
done with, especially if the thread is about to terminate.

Note that it is harmless to run DiscardThreadSpecificMetadata
against an Isolate for which a thread has no thread data and
per-Isolate thread data can be reestablished if a thread starts
using an Isolate again after running DiscardThreadSpecificMetadata
against it.

It is, however, an embedder error to run
DiscardThreadSpecificMetadata against an Isolate in thread with a
Locker for the Isolate in the stack or against an Entered Isolate.

This change cannot cause any change in behavior in existing apps
as the only added coded can only be reached via the new
DiscardThreadSpecificMetadata method.

R=Jakob, jochen
BUG=

Review URL: https://codereview.chromium.org/1522703002

Cr-Commit-Position: refs/heads/master@{#32909}
2015-12-16 15:49:49 +00:00
ahaas
2358a5be4c [turbofan] Fixed a bug in TryTruncateFloatXXToInt64 with INT64_MIN.
On x64 and arm64 TryTruncateFloatXXToInt64 incorrectly failed when the
input was INT64_MIN.

R=bradnelson@chromium.org, mstarzinger@chromium.org, v8-arm-ports@googlegroups.com

Review URL: https://codereview.chromium.org/1526293002

Cr-Commit-Position: refs/heads/master@{#32908}
2015-12-16 15:34:34 +00:00
adamk
c6e7d658e5 Stage destructuring assignment
BUG=v8:811
LOG=y

Review URL: https://codereview.chromium.org/1515613009

Cr-Commit-Position: refs/heads/master@{#32905}
2015-12-16 14:51:40 +00:00
cbruni
2c75e3d2ab [proxies] fix access issue when having proxies on the prototype-chain of global objects.
We can no longer just walk the prototype chain without doing proper access-checks. When installing a proxy as the __proto__ of the global object we might accidentally end up invoking cross-realm code without access-checks (see proxies-cross-realm-ecxeption.js).

Review URL: https://codereview.chromium.org/1521953002

Cr-Commit-Position: refs/heads/master@{#32903}
2015-12-16 14:31:39 +00:00
neis
f723b12336 [proxies] Recognize arraylike proxies in Object.prototype.toString.
We must print "[object Array]" for proxies that satisfy Array.isArray.

Cosmetic change on the side: move ObjectProtoToString from JSObject to Object
since it deals with arbitrary objects.

R=adamk@chromium.org, verwaest@chromium.org
BUG=v8:1543
LOG=n

Review URL: https://codereview.chromium.org/1526023002

Cr-Commit-Position: refs/heads/master@{#32902}
2015-12-16 14:27:23 +00:00
neis
d0ef84b340 [proxies] Make Array.prototype.concat work correctly with proxies.
R=rossberg
BUG=v8:1543
LOG=n

Review URL: https://codereview.chromium.org/1525983002

Cr-Commit-Position: refs/heads/master@{#32900}
2015-12-16 14:17:25 +00:00
mlippautz
2bb51df9bd Reland of "[cctest] Add tests for aborting compaction of pages"
Tests for
* aborting a full page.
* partially aborting a page.
* partially aborting a page with pointers between aborted pages.
* partially aborting a page with store buffer entries.

Also introduces force_oom() which prohibits a old space to
expand

BUG=chromium:524425
LOG=N

CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_nosnap_rel,v8_linux_nosnap_dbg,v8_win_nosnap_shared_rel,v8_win_nosnap_shared_compile_rel

Review URL: https://codereview.chromium.org/1518803005

Cr-Commit-Position: refs/heads/master@{#32899}
2015-12-16 14:06:51 +00:00
yangguo
65d3009e03 [regexp] clear QuickCheckDetails for backward reads.
R=erik.corry@gmail.com
BUG=chromium:570241
LOG=N

Review URL: https://codereview.chromium.org/1528333002

Cr-Commit-Position: refs/heads/master@{#32898}
2015-12-16 13:43:23 +00:00
aseemgarg
1c8130bd89 Add for loop to asm-to-wasm
TEST=asm-wasm.js
R=titzer@chromium.org,bradnelson@google.com
BUG=

Review URL: https://codereview.chromium.org/1523843003

Cr-Commit-Position: refs/heads/master@{#32895}
2015-12-16 12:10:33 +00:00
ahaas
7ae140fe91 [wasm] Fixed FxxNeg for inputs of NaN.
The new implementation also changes the sign bit if the input is NaN.
(https://github.com/WebAssembly/v8-native-prototype/issues/99)

R=bradnelson@chromium.org

Review URL: https://codereview.chromium.org/1532513002

Cr-Commit-Position: refs/heads/master@{#32894}
2015-12-16 11:45:30 +00:00
ahaas
13412d6693 [wasm] Fixed a problem with float32 stack parameters on 32 bit machines.
The code generation for pushing call parameters on the stack does not
distinguish between float32 and float64 parameters because both are
stored in the same registers. Therefore float32 parameters require two
words on the stack.  The wasm linkage, however, only considered one word
on the stack for float32 parameters, which caused the problem that
float32 parameters were not located correctly on the stack. I fixed the
problem by considering two words for float32 parameters on the stack.

R=bradnelson@chromium.org

Review URL: https://codereview.chromium.org/1529773003

Cr-Commit-Position: refs/heads/master@{#32893}
2015-12-16 11:43:52 +00:00
jkummerow
35e5b6824e [proxies] Fix bogus cast in HasOwnPropertyImplementation
BUG=v8:1543,chromium:570120
LOG=n

Review URL: https://codereview.chromium.org/1530873002

Cr-Commit-Position: refs/heads/master@{#32892}
2015-12-16 11:42:47 +00:00
caitpotter88
8f63710a3d [es6] strict eval/arguments and strong undefined in AssignmentPattern
BUG=v8:4613
LOG=N
R=adamk@chromium.org

Review URL: https://codereview.chromium.org/1522693002

Cr-Commit-Position: refs/heads/master@{#32888}
2015-12-16 10:48:00 +00:00
yangguo
8bee91a58b [debugger] remove step count parameter from prepare step.
And tons of changes to debugger tests.

R=bmeurer@chromium.org
BUG=chromium:569835
LOG=N

Review URL: https://codereview.chromium.org/1525173003

Cr-Commit-Position: refs/heads/master@{#32885}
2015-12-16 08:39:54 +00:00
bmeurer
fa13da2e2b [stubs] Fix TypeOfStub to properly return "undefined" for undetectable.
The TypeOfStub didn't test the undetectable bit properly if the instance
was also callable, and therefore returned "object" for document.all
(which is both undetectable and callable).

CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
R=yangguo@chromium.org
BUG=chromium:567998
LOG=n

Committed: https://crrev.com/02cc310370df7e51ac4f705038820066fdfd0cdc
Cr-Commit-Position: refs/heads/master@{#32852}

Review URL: https://codereview.chromium.org/1527863003

Cr-Commit-Position: refs/heads/master@{#32883}
2015-12-16 08:30:00 +00:00
bmeurer
b742026a22 [runtime] Remove two obsolete intrinsics.
The %HeapObjectGetMap and %MapGetInstanceType intrinsics are obsolete
because they are unsafe, so we can drop the code.

R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/1532493002

Cr-Commit-Position: refs/heads/master@{#32882}
2015-12-16 08:26:36 +00:00
yangguo
44a8fec8a1 [regexp] break recursion in mutually recursive capture/back references.
TBR=adamk@chromium.org
R=erik.corry@gmail.com
BUG=v8:4616
LOG=N

Review URL: https://codereview.chromium.org/1522353002

Cr-Commit-Position: refs/heads/master@{#32879}
2015-12-16 06:58:58 +00:00
jkummerow
3d8b51e248 [proxies] Check for stack overflow in Proxy internal methods
The proxy may be on its own target's or handler's prototype chain, leading
to infinite recursion either when looking up the trap, or when calling
through to the target.
We can't eagerly prevent this from happening (e.g. at "foo.__proto__ = bar"
calling time) because the presence of traps can change at any time.

BUG=v8:1543,chromium:569882
LOG=n

Review URL: https://codereview.chromium.org/1526953002

Cr-Commit-Position: refs/heads/master@{#32872}
2015-12-15 17:23:44 +00:00
mstarzinger
00f24ba7a0 [turbofan] Disable one more failing mjsunit test.
TBR=rmcilroy@chromium.org

Review URL: https://codereview.chromium.org/1526983002

Cr-Commit-Position: refs/heads/master@{#32870}
2015-12-15 15:18:10 +00:00
mstarzinger
1e385a832a [interpreter] Use interpreter on all function literals.
This fixes a path in the compilation pipeline that side-stepped the
interpreter when a function literal was eagerly compiled. This caused
the interpreter to miss some test coverage.

R=rmcilroy@chromium.org

Review URL: https://codereview.chromium.org/1528853002

Cr-Commit-Position: refs/heads/master@{#32867}
2015-12-15 14:12:51 +00:00
yangguo
bead244884 [debugger] remove frame argument for prepare step.
The third argument optionally specifies the frame from which to step.
This feature is not used and not well tested.

R=jkummerow@chromium.org
BUG=chromium:569835
LOG=N

Review URL: https://codereview.chromium.org/1525993002

Cr-Commit-Position: refs/heads/master@{#32865}
2015-12-15 13:37:20 +00:00
yangguo
a227a6b6de Revert of [debugger] re-enable step in frame test. (patchset #1 id:1 of https://codereview.chromium.org/1518403004/ )
Reason for revert:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20gc%20stress/builds/4780/steps/Mjsunit/logs/debug-step-4-in-frame

Original issue's description:
> [debugger] re-enable step in frame test.
>
> Issue has long been fixed.
>
> R=jkummerow@chromium.org
> BUG=v8:2921
> LOG=N
>
> Committed: https://crrev.com/f27105b17a23a64faeae33b939555840e388136e
> Cr-Commit-Position: refs/heads/master@{#32862}

TBR=jkummerow@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:2921

Review URL: https://codereview.chromium.org/1522333003

Cr-Commit-Position: refs/heads/master@{#32863}
2015-12-15 12:45:40 +00:00
yangguo
f27105b17a [debugger] re-enable step in frame test.
Issue has long been fixed.

R=jkummerow@chromium.org
BUG=v8:2921
LOG=N

Review URL: https://codereview.chromium.org/1518403004

Cr-Commit-Position: refs/heads/master@{#32862}
2015-12-15 12:12:02 +00:00
yangguo
44e401f18c [serializer] remove some dead code.
credits to gcov.

R=vogelheim@chromium.org

Review URL: https://codereview.chromium.org/1529763002

Cr-Commit-Position: refs/heads/master@{#32859}
2015-12-15 11:01:17 +00:00
yangguo
abe2feb081 [debugger] debug-evaluate should not not modify local values.
Debug evaluate no longer writes back changes to the replicated
context chain to the original after execution. Changes to the
global object or script contexts still stick. Calling functions
that bind to the original context chain also have their expected
side effects.

As far as I can tell, DevTools is not interested in modifying
local variable values. Modifying global variable values still
works as expected. However, I have not yet removed the old
implementation, but merely keep it behind a flag.

R=mstarzinger@chromium.org, rossberg@chromium.org

Committed: https://crrev.com/92caa9b85eefffbef51c67428397951bd2e2c330
Cr-Commit-Position: refs/heads/master@{#32841}

Review URL: https://codereview.chromium.org/1513183003

Cr-Commit-Position: refs/heads/master@{#32857}
2015-12-15 09:54:46 +00:00
yangguo
6d8a2611c0 [debugger] flood function for stepping on throw.
We used to flood the handler when preparing for stepping,
even if we may not throw. Instead, we now flood the
handler only when we actually throw.

This also solves an issue with step-next when we throw and
leave the function unexpectedly. In combination with
microtasks, this could cause a crash.

R=mstarzinger@chromium.org
BUG=chromium:568477
LOG=N

Review URL: https://codereview.chromium.org/1527593002

Cr-Commit-Position: refs/heads/master@{#32856}
2015-12-15 09:33:39 +00:00
machenbach
88e11c80ad Revert of [stubs] Fix TypeOfStub to properly return "undefined" for undetectable. (patchset #1 id:1 of https://codereview.chromium.org/1527863003/ )
Reason for revert:
[Sheriff] Changes layout tests. Please fix upstream first:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/3491

Original issue's description:
> [stubs] Fix TypeOfStub to properly return "undefined" for undetectable.
>
> The TypeOfStub didn't test the undetectable bit properly if the instance
> was also callable, and therefore returned "object" for document.all
> (which is both undetectable and callable).
>
> R=yangguo@chromium.org
> BUG=chromium:567998
> LOG=n
>
> Committed: https://crrev.com/02cc310370df7e51ac4f705038820066fdfd0cdc
> Cr-Commit-Position: refs/heads/master@{#32852}

TBR=yangguo@chromium.org,bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:567998

Review URL: https://codereview.chromium.org/1525703003

Cr-Commit-Position: refs/heads/master@{#32855}
2015-12-15 09:31:58 +00:00
bmeurer
02cc310370 [stubs] Fix TypeOfStub to properly return "undefined" for undetectable.
The TypeOfStub didn't test the undetectable bit properly if the instance
was also callable, and therefore returned "object" for document.all
(which is both undetectable and callable).

R=yangguo@chromium.org
BUG=chromium:567998
LOG=n

Review URL: https://codereview.chromium.org/1527863003

Cr-Commit-Position: refs/heads/master@{#32852}
2015-12-15 08:06:36 +00:00
Benedikt Meurer
18b22e3249 [ignition] Blacklist crashing test regress/regress-347914.
R=machenbach@chromium.org
TBR=rmcilroy@chromium.org

Review URL: https://codereview.chromium.org/1522343002 .

Cr-Commit-Position: refs/heads/master@{#32851}
2015-12-15 07:54:19 +00:00
machenbach
a2f2e913f8 Revert of [debugger] debug-evaluate should not not modify local values. (patchset #2 id:20001 of https://codereview.chromium.org/1513183003/ )
Reason for revert:
[Sheriff] Layout test changes.

Original issue's description:
> [debugger] debug-evaluate should not not modify local values.
>
> Debug evaluate no longer writes back changes to the replicated
> context chain to the original after execution. Changes to the
> global object or script contexts still stick. Calling functions
> that bind to the original context chain also have their expected
> side effects.
>
> As far as I can tell, DevTools is not interested in modifying
> local variable values. Modifying global variable values still
> works as expected. However, I have not yet removed the old
> implementation, but merely keep it behind a flag.
>
> R=mstarzinger@chromium.org, rossberg@chromium.org
>
> Committed: https://crrev.com/92caa9b85eefffbef51c67428397951bd2e2c330
> Cr-Commit-Position: refs/heads/master@{#32841}

TBR=mstarzinger@chromium.org,rossberg@chromium.org,yangguo@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1526553003

Cr-Commit-Position: refs/heads/master@{#32845}
2015-12-14 17:19:46 +00:00
jkummerow
0e2ea6a508 [proxies] [tests] Un-skip proxies-with-unscopables, delete proxies-symbols
- proxies-with-unscopables needed updating of trap names
- proxies-symbols doesn't make sense any more: it tested symbol fitering/
  blacklisting, but Proxies interact with Symbols just fine according to
  the current spec.

BUG=v8:1543
LOG=n

Review URL: https://codereview.chromium.org/1529473002

Cr-Commit-Position: refs/heads/master@{#32844}
2015-12-14 16:37:53 +00:00
neis
1596b015ff [proxies] Support proxies in JSON.parse and JSON.stringify.
This CL tries to correctly support the following:
- stringifying a proxy,
- stringifying with a proxy as replacer (callable or arraylike),
- stringifying with a replacer that returns a proxy,
- parsing with a callable proxy as reviver,
- parsing with a reviver that inserts proxies into the object,
- and whatever else you can imagine.

This also fixes some bugs observable without proxies.

BUG=v8:3139,v8:1543
LOG=n

Review URL: https://codereview.chromium.org/1515133002

Cr-Commit-Position: refs/heads/master@{#32843}
2015-12-14 15:12:12 +00:00
ahaas
973bc260c5 [wasm] Fixed a wasm test on ia32.
The test Run_Wasm_StoreMem_offset_oob contained an I64STORE instruction,
which is not yet implemented on 32 bit platforms. I turned off those
parts of the test on 32 bit platforms which contain I64 instructions.

R=bradnelson@chromium.org

Review URL: https://codereview.chromium.org/1526573002

Cr-Commit-Position: refs/heads/master@{#32842}
2015-12-14 14:55:21 +00:00
yangguo
92caa9b85e [debugger] debug-evaluate should not not modify local values.
Debug evaluate no longer writes back changes to the replicated
context chain to the original after execution. Changes to the
global object or script contexts still stick. Calling functions
that bind to the original context chain also have their expected
side effects.

As far as I can tell, DevTools is not interested in modifying
local variable values. Modifying global variable values still
works as expected. However, I have not yet removed the old
implementation, but merely keep it behind a flag.

R=mstarzinger@chromium.org, rossberg@chromium.org

Review URL: https://codereview.chromium.org/1513183003

Cr-Commit-Position: refs/heads/master@{#32841}
2015-12-14 14:54:28 +00:00
machenbach
a8e4eecf61 [test] Skip some tests on the coverage bot.
BUG=chromium:568949
LOG=n
NOTRY=true

Review URL: https://codereview.chromium.org/1520163003

Cr-Commit-Position: refs/heads/master@{#32840}
2015-12-14 14:38:19 +00:00
bradnelson
40cb3ce5f9 Adding OWNERS files to test directories for wasm.
R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1526623002

Cr-Commit-Position: refs/heads/master@{#32839}
2015-12-14 14:22:15 +00:00
sigurds
4390514154 [turbofan] Escape Analysis improvements
Move replacements out of virtual object. Replacements are
global to the graph and are not dependent on the virtual
state (after they are discovered).

R=mstarzinger@chromium.org
BUG=v8:4586
LOG=n

Review URL: https://codereview.chromium.org/1527533002

Cr-Commit-Position: refs/heads/master@{#32838}
2015-12-14 14:13:31 +00:00
yangguo
fd781bcc84 [debugger] correctly find source position of implicit return statement.
The parser reads one character beyond EOF to have an additional source
position that the rewriter can use to insert the implicit return
statement at the end of a script. If we break at that return statement,
we need to be able to translate the source position to line and
column number.

R=jkummerow@chromium.org
BUG=chromium:569514
LOG=N

Committed: https://crrev.com/0b1076a68e1eadba260cec8afc5acec618561c28
Cr-Commit-Position: refs/heads/master@{#32825}

Review URL: https://codereview.chromium.org/1521953003

Cr-Commit-Position: refs/heads/master@{#32835}
2015-12-14 13:25:06 +00:00
sigurds
3161c17126 [turbofan] Stabilize escape analysis (without deopt)
Bugfixes and improvements in escape analysis include:

* Handling of ObjectIsSmi (non-escaping)
* Handling of nested phi replacements
* Handling of phis with arity > 2
* Resilience against effectful nodes dangling from start
* Allocations escape now, if non-const load/store is performed
* Fixed a bug where non-allocated objects where tracked
* Allow fixed double arrays to be tracked

R=mstarzinger@chromium.org
BUG=v8:4586
LOG=n

Review URL: https://codereview.chromium.org/1510973006

Cr-Commit-Position: refs/heads/master@{#32833}
2015-12-14 13:14:17 +00:00
neis
4460b85a3e [proxies] Add missing condition to GetProperty consistency check.
BUG=v8:1543
LOG=N
R=cbruni@chromium.org,jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1519073002

Cr-Commit-Position: refs/heads/master@{#32832}
2015-12-14 12:49:59 +00:00
yangguo
28e61d5a32 [debugger] correctly update test expectation for ThreadedDebugging.
It has been broken by
https://crrev.com/089edbfa97eab324bc463829ea03c167fdc6d45c

R=machenbach@chromium.org
NOTRY=true

Review URL: https://codereview.chromium.org/1522883002

Cr-Commit-Position: refs/heads/master@{#32831}
2015-12-14 12:41:49 +00:00
yangguo
5a0233f6de Revert of [debugger] correctly find source position of implicit return statement. (patchset #1 id:1 of https://codereview.chromium.org/1521953003/ )
Reason for revert:
Layout test failures: https://chromegw.corp.google.com/i/client.v8.fyi/builders/V8-Blink%20Mac/builds/2732/steps/webkit_tests%20%28with%20patch%29/logs/stdio

Original issue's description:
> [debugger] correctly find source position of implicit return statement.
>
> The parser reads one character beyond EOF to have an additional source
> position that the rewriter can use to insert the implicit return
> statement at the end of a script. If we break at that return statement,
> we need to be able to translate the source position to line and
> column number.
>
> R=jkummerow@chromium.org
>
> Committed: https://crrev.com/0b1076a68e1eadba260cec8afc5acec618561c28
> Cr-Commit-Position: refs/heads/master@{#32825}

TBR=jkummerow@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1526583002

Cr-Commit-Position: refs/heads/master@{#32829}
2015-12-14 10:26:08 +00:00
yangguo
089edbfa97 [debugger] fix debug-evaluate wrt shadowed context var.
Debug-evaluate used to resolve stack variables that shadow
context variables incorrectly, since the stack variable is
not visible in the context chain.

To fix this, we limit local variables accessible by debug-
evaluate to the ones directly referenced inside the function.
What is not referenced by the function itself, is considered
optimized out and not accessible by debug-evaluate.

To achieve this, we duplicate the entire context chain up to
the native context, and write back changes after debug-
evaluate. Changes to the original context chain will however
be overwritten. This already happens for catch and block
scopes though.

Also fix a crash caused by declaring variables inside debug-
evaluate.

R=mstarzinger@chromium.org
BUG=v8:4593
LOG=N

Review URL: https://codereview.chromium.org/1500933002

Cr-Commit-Position: refs/heads/master@{#32828}
2015-12-14 10:25:11 +00:00
yangguo
466da713c3 [es6] implement RegExp.@@search.
BUG=v8:4344
LOG=N
R=littledan@chromium.org

Review URL: https://codereview.chromium.org/1506353009

Cr-Commit-Position: refs/heads/master@{#32827}
2015-12-14 10:22:41 +00:00
yangguo
86c2dd4042 [es6] ship regexp sticky flag.
R=littledan@chromium.org
BUG=v8:4342
LOG=Y

Review URL: https://codereview.chromium.org/1509733010

Cr-Commit-Position: refs/heads/master@{#32826}
2015-12-14 10:06:27 +00:00
yangguo
0b1076a68e [debugger] correctly find source position of implicit return statement.
The parser reads one character beyond EOF to have an additional source
position that the rewriter can use to insert the implicit return
statement at the end of a script. If we break at that return statement,
we need to be able to translate the source position to line and
column number.

R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1521953003

Cr-Commit-Position: refs/heads/master@{#32825}
2015-12-14 09:36:08 +00:00
littledan
5aa5258e51 Enable some passing, disabled Intl tests
A couple of the Intl tests made calls to getDefaultTimeZone(), which
doesn't exist in V8; however, these were not core to the test. Rather
than marking the whole test as failing, just comment out that
unimportant part of the test.

R=adamk

Review URL: https://codereview.chromium.org/1522533003

Cr-Commit-Position: refs/heads/master@{#32819}
2015-12-12 01:33:52 +00:00
adamk
a229c9b94f Remove --harmony-array-includes flag
Array.prototype.includes shipped in Chrome 47.

Review URL: https://codereview.chromium.org/1513843006

Cr-Commit-Position: refs/heads/master@{#32818}
2015-12-12 01:04:10 +00:00
adamk
819c429ca2 [es6] Support Function name inference in variable declarations
This is behind the --harmony-function-name flag, currently disabled.

With the flag enabled, we now pass the relevant tests in
language/statements/*/fn-name-*.

BUG=v8:3699
LOG=y

Review URL: https://codereview.chromium.org/1518873004

Cr-Commit-Position: refs/heads/master@{#32817}
2015-12-12 00:20:37 +00:00
adamk
5ceb4feca3 Remove always-on --harmony-rest-parameters flag
It shipped in Chrome 47.

Review URL: https://codereview.chromium.org/1519073004

Cr-Commit-Position: refs/heads/master@{#32816}
2015-12-12 00:00:38 +00:00
caitpotter88
18f41e4653 [es6] support AssignmentPattern as LHS in for-in/of loops
BUG=v8:811, v8:4599
LOG=N
R=adamk@chromium.org, rossberg@chromium.org

Review URL: https://codereview.chromium.org/1517973002

Cr-Commit-Position: refs/heads/master@{#32814}
2015-12-11 19:39:40 +00:00
danno
bf24486b22 [tubofan] Remove .dot output of --trace-turbo
Review URL: https://codereview.chromium.org/1514323002

Cr-Commit-Position: refs/heads/master@{#32813}
2015-12-11 16:58:31 +00:00
ishell
5c3bfe8f57 During property reconfiguring ensure that the first map that gets new descriptors is the one that owns the whole descriptor array.
This is necessary to guarantee that the whole descriptor would be marked, otherwise DescriptorArray pretenuring would cause crashes.

Review URL: https://codereview.chromium.org/1520613006

Cr-Commit-Position: refs/heads/master@{#32812}
2015-12-11 16:41:46 +00:00
ahaas
746cd5f856 [wasm] Fixed FxxMin and FxxMax for cases where one operand is NaN.
R=titzer@chromium.org

Review URL: https://codereview.chromium.org/1519823002

Cr-Commit-Position: refs/heads/master@{#32811}
2015-12-11 16:40:07 +00:00
jochen
716eb14aec Remove remaing deprecated API calls from cctest
BUG=v8:4134
R=vogelheim@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1521593002

Cr-Commit-Position: refs/heads/master@{#32809}
2015-12-11 16:15:19 +00:00
verwaest
a1e9ccf90f Fix Object.prototype.toString.call(proxy)
BUG=

Review URL: https://codereview.chromium.org/1517673002

Cr-Commit-Position: refs/heads/master@{#32806}
2015-12-11 15:57:30 +00:00
jkummerow
cf46317483 [proxies] Fix JSObject::AllCanRead for Proxies on the prototype chain
Review URL: https://codereview.chromium.org/1517753003

Cr-Commit-Position: refs/heads/master@{#32805}
2015-12-11 15:51:46 +00:00
jarin
56673804e0 [turbofan] Store nodes use only MachineRepresentation, not MachineType.
Review URL: https://codereview.chromium.org/1513383003

Cr-Commit-Position: refs/heads/master@{#32803}
2015-12-11 15:34:16 +00:00
ahaas
3ee4c36089 [wasm] Fixed F32Neg and F64Neg for -0.0.
R=titzer@chromium.org

Review URL: https://codereview.chromium.org/1516143004

Cr-Commit-Position: refs/heads/master@{#32802}
2015-12-11 15:30:15 +00:00
cbruni
df2a92972b [proxy] fixing for-in for proxies, fixing harmony/proxy.js tests, improving error messages and some drive-by fixes
BUG=v8:1543
LOG=n

patch from issue 1519473002 at patchset 1 (http://crrev.com/1519473002#ps1)

Review URL: https://codereview.chromium.org/1516843002

Cr-Commit-Position: refs/heads/master@{#32801}
2015-12-11 14:56:00 +00:00
ahaas
d83057b4ce [wasm] Change the return type of traps for tests, and added ftoi64 instructions.
Before this change traps always returned a 32 bit word in tests. With this
change traps return either a 32 bit word or a64 bit word, depending on the size
of the actual return value of the test.

Additionally this CL implements the wasm instructions I64SCONVERTF32,
I64UCONVERTF32, I64SCONVERTF64, and I64UCONVERTF64.

R=titzer@chromium.org

Review URL: https://codereview.chromium.org/1519013003

Cr-Commit-Position: refs/heads/master@{#32800}
2015-12-11 14:54:20 +00:00
jkummerow
a83546932b Move Object.assign implementation to C++
This avoids a pair of super-high-degree polymorphic load/store ICs, and
creates the opportunity to add more fast paths if needed.

Review URL: https://codereview.chromium.org/1517963002

Cr-Commit-Position: refs/heads/master@{#32799}
2015-12-11 14:10:55 +00:00
bradnelson
ff0cc4a4c1 Reland addition of init function for asm->wasm.
This relands this, in it's new home:
032faa8a90

R=titzer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1522473002

Cr-Commit-Position: refs/heads/master@{#32798}
2015-12-11 14:10:00 +00:00
ahaas
97161a29ed [turbofan] Change TruncateFloat32ToUint64 to TryTruncateFloat32ToUint64.
TryTruncateFloat32ToUint64 converts a float32 to a uint64. Additionally it
provides an optional second return value which indicates whether the conversion
succeeded (i.e. float32 value was within uint64 range) or not.

I implemented the new operator on x64, arm64, and mips64. @v8-ppc-ports, can you
please take care of the ppc64 implementation of the second output?

Additionally I fixed a bug on x64 and mips64 in the implementation of
TryTruncateFloat64ToUint64. Cases where the input value was between -1 and 0
were handled incorrectly.

R=titzer@chromium.org, v8-arm-ports@googlegroups.com, v8-mips-ports@googlegroups.com

Review URL: https://codereview.chromium.org/1512023002

Cr-Commit-Position: refs/heads/master@{#32796}
2015-12-11 14:07:18 +00:00
Hannes Payer
9a5650ac9e Remove obsolete PrototypeTransitionClearing cctest.
BUG=

Review URL: https://codereview.chromium.org/1520793003 .

Cr-Commit-Position: refs/heads/master@{#32795}
2015-12-11 12:53:09 +00:00
titzer
4c5b3609fd Initial import of v8-native WASM.
As discussed in person, this adds the code from v8-native-prototype into
V8 proper, guarded by GYP flags that do not build the code by default.
Passing wasm=on to 'make' or setting v8_wasm as a GYP flag activates
building of this code.

An additional header file is added to and exported from the compiler
directory, src/compiler/wasm-compiler.h. This exposes a limited interface
with opaque Node and Graph types to the decoder to build TF graphs, as
well as functions to compile WASM graphs.

The mjsunit tests added are blacklisted because they fail without the
WASM object exposed to JS, which is also disabled by the build config
option.

This corresponds closely to 5981e06ebc, with some formatting fixes and moving some files into src/compiler.

R=mstarzinger@chromium.org, bradnelson@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1504713014

Cr-Commit-Position: refs/heads/master@{#32794}
2015-12-11 12:27:05 +00:00
Ben L. Titzer
69cf31f0b7 Disable test-heap/PrototypeTransitionClearing
R=hpayer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1521583003 .

Cr-Commit-Position: refs/heads/master@{#32792}
2015-12-11 12:21:09 +00:00
mvstanton
3f648d7b44 Turbofan instanceof lowering needs to address proxies.
BUG=

Review URL: https://codereview.chromium.org/1518773003

Cr-Commit-Position: refs/heads/master@{#32788}
2015-12-11 11:03:07 +00:00
epertoso
474ecd67ea Revert of Removes the Callee parameter from FunctionCallbackInfo. (patchset #1 id:1 of https://codereview.chromium.org/1510483002/ )
Reason for revert:
Need to figure out a better solution for this.

Original issue's description:
> Removes the Callee parameter from FunctionCallbackInfo.
>
> This will help us to instantiate AccessorPair's getters and setters only when they are needed.
>
> BUG=
>
> Committed: https://crrev.com/2fe34ebdcdee0f21b88daa4098a7918e91abb8fb
> Cr-Commit-Position: refs/heads/master@{#32759}

TBR=jochen@chromium.org,verwaest@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1520843002

Cr-Commit-Position: refs/heads/master@{#32787}
2015-12-11 10:20:51 +00:00
vogelheim
5819e4be5b Re-re-land FastAccessorBuilder.
... using the RawMachineAssembler and the work in crrev.com/1407313004.

The original change collided with crrev.com/1513543003.

BUG=chromium:508898
LOG=Y

Committed: https://crrev.com/515d9ccd8e6df7bf2ca01e2a55aaad30226399e1
Cr-Commit-Position: refs/heads/master@{#32742}

patch from issue 1474543004 at patchset 260001 (http://crrev.com/1474543004#ps260001)

Committed: https://crrev.com/ee5c38d7db907ff86dd4049721c0cb4bc90a6c4d
Cr-Commit-Position: refs/heads/master@{#32753}

patch from issue 1504713012 at patchset 20001 (http://crrev.com/1504713012#ps20001)

Review URL: https://codereview.chromium.org/1518703002

Cr-Commit-Position: refs/heads/master@{#32786}
2015-12-11 09:54:00 +00:00
mlippautz
a86ddc5bc3 Revert of [cctest] Add tests for aborting compaction of pages (patchset #6 id:140001 of https://codereview.chromium.org/1511933002/ )
Reason for revert:
Failing on Win 32bit nosnap:
  https://chromegw.corp.google.com/i/client.v8/builders/V8%20Win32%20-%20nosnap%20-%20shared/builds/10602

Original issue's description:
> [cctest] Add tests for aborting compaction of pages
>
> Tests for
> * aborting a full page.
> * partially aborting a page.
> * partially aborting a page with pointers between aborted pages.
> * partially aborting a page with store buffer entries.
>
> Also introduces force_oom() which prohibits a old space to
> expand
>
> BUG=chromium:524425
> LOG=N

TBR=ulan@chromium.org,hpayer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:524425

Review URL: https://codereview.chromium.org/1514603008

Cr-Commit-Position: refs/heads/master@{#32785}
2015-12-11 09:50:47 +00:00
mlippautz
161a0e0051 [cctest] Add tests for aborting compaction of pages
Tests for
* aborting a full page.
* partially aborting a page.
* partially aborting a page with pointers between aborted pages.
* partially aborting a page with store buffer entries.

Also introduces ShouldForceOOM() which prohibits a PagedSpace from expanding.
Compaction spaces refer to the corresponding actual space.

BUG=chromium:524425
LOG=N

Review URL: https://codereview.chromium.org/1511933002

Cr-Commit-Position: refs/heads/master@{#32783}
2015-12-11 09:14:46 +00:00
bmeurer
7e5ff19ee2 [turbofan] Some more cleanup on the intrinsics.
Remove unused obsolete %_StringGetStringLength intrinsic, and properly
optimize the %_SubString, %_RegExpExec, %_RegExpFlags, %_RegExpSource
and %_RegExpConstructResult intrinsics.

Review URL: https://codereview.chromium.org/1516753006

Cr-Commit-Position: refs/heads/master@{#32782}
2015-12-11 09:12:12 +00:00
adamk
8b968b70e9 Revert of [es6] support AssignmentPattern as LHS in for-in/of loops (patchset #9 id:280001 of https://codereview.chromium.org/1508933004/ )
Reason for revert:
Hits unreachable code (found by fuzzer). Example crasher:

"for(();;);"

Original issue's description:
> [es6] support AssignmentPattern as LHS in for-in/of loops
>
> BUG=v8:811, v8:4599
> LOG=N
> R=adamk@chromium.org, rossberg@chromium.org
>
> Committed: https://crrev.com/e47bdb775564b2cd8365047425898ab4274190a6
> Cr-Commit-Position: refs/heads/master@{#32773}

TBR=rossberg@chromium.org,caitpotter88@gmail.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:811, v8:4599

Review URL: https://codereview.chromium.org/1511773009

Cr-Commit-Position: refs/heads/master@{#32774}
2015-12-11 02:00:01 +00:00
caitpotter88
e47bdb7755 [es6] support AssignmentPattern as LHS in for-in/of loops
BUG=v8:811, v8:4599
LOG=N
R=adamk@chromium.org, rossberg@chromium.org

Review URL: https://codereview.chromium.org/1508933004

Cr-Commit-Position: refs/heads/master@{#32773}
2015-12-11 01:06:48 +00:00
littledan
88c8361b8f Unstage non-standard Promise functions
This patch removes Promise functions and methods which are absent
from the ES2015 specification when the --es-staging flag is on.
The patch is being relanded after being reverted due to an
unrelated bug. This version is slightly different as promise_chain
is installed on the context regardless of the flag value, so that
the Promise::Chain API continues to work until it is deprecated.

BUG=v8:3237
R=rossberg
LOG=Y

Review URL: https://codereview.chromium.org/1513873002

Cr-Commit-Position: refs/heads/master@{#32772}
2015-12-10 23:58:26 +00:00
littledan
46cb23c24b Disable new regression tests with noi18n
BUG=chromium:487322
R=adamk
LOG=N

Review URL: https://codereview.chromium.org/1514993002

Cr-Commit-Position: refs/heads/master@{#32770}
2015-12-10 22:52:44 +00:00
littledan
bff3074d73 Allow ICU to normalize time zones
There's at least one case of a time zone alias: Asia/Kathmandu aliases
Asia/Katmandu. ICU seems to normalize to the (deprecated) latter choice.
V8 internationalization choked on this change; this patch interprets
ICU's output more precisely and allows it.

BUG=chromium:487322
R=jungshik,adamk
LOG=Y

Review URL: https://codereview.chromium.org/1509273007

Cr-Commit-Position: refs/heads/master@{#32769}
2015-12-10 20:13:45 +00:00
adamk
eb67f85439 Fix FuncNameInferrer usage in ParseAssignmentExpression
Without this fix, AssignmentExpressions that happen to be arrow functions
would lead to unbalanced Enter/Leave calls on the fni_, causing thrashing
while trying to infer function names. Symptoms include slow parsing
or OOM (when we create too many AstConsStrings).

To try to keep this from happening in the future, added an RAII helper
class to handle Entering/Leaving FNI state.

The included regression test crashes on my workstation without the patch.
Note that it's too slow in debug mode (as well as under TurboFan),
so I've skipped it there.

BUG=v8:4595
LOG=y

Review URL: https://codereview.chromium.org/1507283003

Cr-Commit-Position: refs/heads/master@{#32768}
2015-12-10 19:19:35 +00:00
ishell
dddcd0ac17 Fix Function subclassing.
Function subclasses did not have function properties installed (name, prototype, etc.).
Now when an instance of a Function subclass is created it gets initial map that corresponds
to the language mode of the function body. The language mode dependent maps are cached as
special transitions on initial map of the subclass constructor.

BUG=v8:4597, v8:3101, v8:3330
LOG=Y

Review URL: https://codereview.chromium.org/1510753005

Cr-Commit-Position: refs/heads/master@{#32764}
2015-12-10 17:28:08 +00:00