Commit Graph

23769 Commits

Author SHA1 Message Date
bmeurer
5056c8219a [turbofan] Revive the useful parts of the SimplifiedOperatorReducer.
This partially reverts https://codereview.chromium.org/1162563002
because we might actually be able to optimize certain combinations
now due to dead code elimination.

R=titzer@chromium.org

Review URL: https://codereview.chromium.org/1202263006

Cr-Commit-Position: refs/heads/master@{#29277}
2015-06-25 04:47:16 +00:00
bbudge
9b36c6e37a Make helper functions compatible with larger ToBooleanStub types.
I missed some functions that need to change.

LOG=N
BUG=v8:4124

Review URL: https://codereview.chromium.org/1199413009

Cr-Commit-Position: refs/heads/master@{#29276}
2015-06-25 04:32:19 +00:00
mstarzinger
defa7459b6 Make sure bound functions never make it into optimized code map.
This is one step torwards extracting an OptimizedCodeMap out from the
SharedFunctionInfo in order to have a more flexible implementation.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1210523002

Cr-Commit-Position: refs/heads/master@{#29275}
2015-06-25 04:12:03 +00:00
v8-autoroll
2161d3972d Update V8 DEPS.
Rolling v8/third_party/icu to c3f79166089e5360c09e3053fce50e6e296c3204

TBR=machenbach@chromium.org

Review URL: https://codereview.chromium.org/1206173002

Cr-Commit-Position: refs/heads/master@{#29274}
2015-06-25 03:28:37 +00:00
arv
206cd93b5a JSON.stringify should handle the replacer before the space
BUG=v8:4227
LOG=N
R=adamk
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1200373003

Cr-Commit-Position: refs/heads/master@{#29273}
2015-06-25 00:04:35 +00:00
arv
f4e39a8c1f Fix evaluation order of Object.prototype.hasOwnProperty
We need to do the ToName before the ToObject.

BUG=v8:4229
LOG=N
R=adamk

Review URL: https://codereview.chromium.org/1211663002

Cr-Commit-Position: refs/heads/master@{#29272}
2015-06-24 22:30:52 +00:00
arv
a0f4706e5e jsmin.py: Fix issue with escaping of back ticks
The escaping of back ticks in template strings was incorrect

BUG=v8:4240
LOG=N
TBR=yangguo@chromium.org

Review URL: https://codereview.chromium.org/1209713003

Cr-Commit-Position: refs/heads/master@{#29271}
2015-06-24 22:29:46 +00:00
arv
6e6a1c8aee JSON.stringify should use toString of replacer and not valueOf
If the replacer array contains a number wrapper we should use the
toString result and not valueOf.

BUG=v8:4228
LOG=N
R=adamk
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1207013002

Cr-Commit-Position: refs/heads/master@{#29270}
2015-06-24 22:18:08 +00:00
dstence
c05c9f1881 PPC: Debug check fix for test SMI optimization.
R=mbrandy@us.ibm.com, michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1202383005

Cr-Commit-Position: refs/heads/master@{#29269}
2015-06-24 21:22:01 +00:00
arv
51073d5f40 i18n.js was not using original functions
The i18n.js code was calling a lot of methods, which might have been
removed or replaced by user code.

Make sure we use the original functions.

BUG=v8:4220
LOG=N
R=adamk, littledan
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1199813004

Cr-Commit-Position: refs/heads/master@{#29268}
2015-06-24 20:54:22 +00:00
machenbach
93d130ce70 Revert of Fix receiver when calling eval() bound by with scope (patchset #3 id:40001 of https://codereview.chromium.org/1202963005/)
Reason for revert:
[Sheriff] Breaks layout tests. Please fix upstream blink first.
http://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Mac/builds/574

Please consider extra blink trybots on a reland.

Original issue's description:
> Fix receiver when calling eval() bound by with scope
>
> Thanks to André Bargull for the report.
>
> BUG=v8:4214
> LOG=N
> R=arv@chromium.org, mstarzinger@chromium.org
>
> Committed: https://crrev.com/3c5f0db3a1768ade68108bf003676ce378d1cbdc
> Cr-Commit-Position: refs/heads/master@{#29259}

TBR=arv@chromium.org,mstarzinger@chromium.org,verwaest@chromium.org,wingo@igalia.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4214

Review URL: https://codereview.chromium.org/1201273004

Cr-Commit-Position: refs/heads/master@{#29267}
2015-06-24 19:08:35 +00:00
machenbach
3eae40d7a4 Revert of Extend big-disjunction optimization to case-independent regexps (patchset #5 id:80001 of https://codereview.chromium.org/1182783009/)
Reason for revert:
[Sheriff] Test times out now on msan:
http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/builds/2947

Original issue's description:
> Extend big-disjunction optimization to case-independent regexps
>
> R=yangguo@chromium.org
> BUG=chromium:482998
> LOG=n
>
> Committed: https://crrev.com/d2135603bcf462e15a1284d8ed969f6692610dda
> Cr-Commit-Position: refs/heads/master@{#29264}

TBR=yangguo@chromium.org,erikcorry@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:482998

Review URL: https://codereview.chromium.org/1204013003

Cr-Commit-Position: refs/heads/master@{#29266}
2015-06-24 19:04:15 +00:00
binji
5023335b4d Fix cluster-fuzz regression with Workers and recursive serialization
Shell::SerializeValue was using a HandleScope, but was also storing Handles in
an ObjectList. The ObjectList handles would persist after the function had
returned, but will have already been destroyed by the HandleScope, so there is
a use-after-free.

This change removes the HandleScope in Shell::SerializeValue and relies on the
caller's HandleScope.

BUG=chromium:503968
R=jochen@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1211433003

Cr-Commit-Position: refs/heads/master@{#29265}
2015-06-24 18:31:50 +00:00
erikcorry
d2135603bc Extend big-disjunction optimization to case-independent regexps
R=yangguo@chromium.org
BUG=chromium:482998
LOG=n

Review URL: https://codereview.chromium.org/1182783009

Cr-Commit-Position: refs/heads/master@{#29264}
2015-06-24 18:17:41 +00:00
binji
b3bd7289f7 Fix cluster-fuzz regression with Workers when serializing empty string
BUG=chromium:503991
R=jochen@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1210623002

Cr-Commit-Position: refs/heads/master@{#29263}
2015-06-24 17:47:23 +00:00
wingo
edcc242a44 Fix unexpected token messages in expression classifier
Some tokens need special messages because their token corresponds to
many names.

R=arv@chromium.org
BUG=v8:4213
LOG=N

Review URL: https://codereview.chromium.org/1207743004

Cr-Commit-Position: refs/heads/master@{#29262}
2015-06-24 17:25:25 +00:00
binji
627627b327 Fix cluster-fuzz regression with Workers on mips.debug
BUG=chromium:503698
R=jochen@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1208573003

Cr-Commit-Position: refs/heads/master@{#29261}
2015-06-24 17:09:59 +00:00
dslomov
c09268f2e1 Use C runtime functions for ThrowNewXXError desugarings.
JS runtime function calls cause Hydrogen to bail out.

R=adamk@chromiunm.org,arv@chromium.org

Review URL: https://codereview.chromium.org/1210533003

Cr-Commit-Position: refs/heads/master@{#29260}
2015-06-24 16:54:53 +00:00
wingo
3c5f0db3a1 Fix receiver when calling eval() bound by with scope
Thanks to André Bargull for the report.

BUG=v8:4214
LOG=N
R=arv@chromium.org, mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1202963005

Cr-Commit-Position: refs/heads/master@{#29259}
2015-06-24 16:47:58 +00:00
hpayer
6e6af7e7c7 Re-land new insertion write barrier.
BUG=

Review URL: https://codereview.chromium.org/1211513002

Cr-Commit-Position: refs/heads/master@{#29258}
2015-06-24 16:40:54 +00:00
mbrandy
5989a374c9 PPC: Use big-boy Types to annotate interface descriptor parameters
Port c019d7f498

Original commit message:
- Thread Type::FunctionType through stubs and the TF pipeline.
- Augment Typer to decorate parameter nodes with types from
  a Type::FunctionType associated with interface descriptors.
- Factor interface descriptors into platform-specific and
  platform-independent components so that all descriptors share
  a common Type::FunctionType for all platforms.

R=danno@chromium.org, dstence@us.ibm.com, michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1206893002

Cr-Commit-Position: refs/heads/master@{#29257}
2015-06-24 16:10:11 +00:00
ishell
339ac2700d Ensure there is some space on JS stack available for bootstrapping.
Review URL: https://codereview.chromium.org/1203873005

Cr-Commit-Position: refs/heads/master@{#29256}
2015-06-24 14:57:52 +00:00
yangguo
f1982eb490 Serializer: clear next link in weak cells.
If we do not clear next links during serialization, the
serializer would simply follow those links and serialize
arbitrary objects held by weak cells. This breaks the
invariant in the code serializer, which crashes if it
sees context-dependent objects.

R=ulan@chromium.org
BUG=chromium:503552
LOG=Y

Review URL: https://codereview.chromium.org/1203973002

Cr-Commit-Position: refs/heads/master@{#29255}
2015-06-24 14:26:42 +00:00
mbrandy
8636e105d1 PPC: Do not add extra argument for new.target
Port 8196c28a94

Original commit message:
JSConstructStub for subclass constructors instead locates new.target in
a known location on the stack.

R=dslomov@chromium.org, dstence@us.ibm.com, michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1208443002

Cr-Commit-Position: refs/heads/master@{#29254}
2015-06-24 13:29:23 +00:00
wingo
a955871539 Fix -Werror=sign-compare error with GCC
R=jkummerow@chromium.org
LOG=N
BUG=

Review URL: https://codereview.chromium.org/1202843006

Cr-Commit-Position: refs/heads/master@{#29253}
2015-06-24 12:23:36 +00:00
machenbach
9f67f3f2d5 [android] Set platform to 16 for 32 bit builds.
TBR=ulan, jochen
NOTRY=true

Review URL: https://codereview.chromium.org/1209453003

Cr-Commit-Position: refs/heads/master@{#29252}
2015-06-24 10:20:30 +00:00
bmeurer
db4101ef81 [turbofan] Make TyperCache global and thread safe.
This way we need the common types only once per process and we don't
need to recreate them for every compilation. It uses the same pattern
that we already apply to caching operators. This simplifies the type
cache a lot.

R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/1209513002

Cr-Commit-Position: refs/heads/master@{#29251}
2015-06-24 09:16:39 +00:00
bmeurer
7a675e0e3b [x64] Fix instruction selection for Word64Equal(Word64And, 0).
This fixes a slight inconsistency in the InstructionSelector that
basically disabled the optimization for things like ObjectIsSmi.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1206773002

Cr-Commit-Position: refs/heads/master@{#29250}
2015-06-24 09:15:31 +00:00
jacob.bramley
48d726cd6f Reland r21101: "ARM64: use jssp for stack slots"
The original implementation assumed that LPushArguments and
LInvoke/Call* could be assumed to be exclusively sequential. However,
this isn't always the case. For example, GenerateCallFunction pushes
some arguments and then selects between HInvokeFunction and
HCallFunction.

This fixed implementation resets a pushed_arguments_ counter based on
the argument_count() of the preceeding basic block, then tracks it
per-instruction as before (except that now we maintain a count rather
than a boolean flag).

At the same time, since we now track exactly how many arguments have
been pushed onto the stack, I was able to adjust the offset accordingly
and use jssp for stack slots even when arguments have been pushed.

BUG=

Review URL: https://codereview.chromium.org/1038363002

Cr-Commit-Position: refs/heads/master@{#29249}
2015-06-24 06:47:42 +00:00
danno
c019d7f498 Use big-boy Types to annotate interface descriptor parameters
- Thread Type::FunctionType through stubs and the TF pipeline.
- Augment Typer to decorate parameter nodes with types from
  a Type::FunctionType associated with interface descriptors.
- Factor interface descriptors into platform-specific and
  platform-independent components so that all descriptors share
  a common Type::FunctionType for all platforms.

Review URL: https://codereview.chromium.org/1197703002

Cr-Commit-Position: refs/heads/master@{#29248}
2015-06-24 06:22:04 +00:00
bbudge
b7f4981c16 Expand ToBoolean stub so it can handle more types.
SIMD values will require their own type code for conversion to boolean.

LOG=N
BUG=v8:4124

Review URL: https://codereview.chromium.org/1202973003

Cr-Commit-Position: refs/heads/master@{#29247}
2015-06-24 06:10:59 +00:00
binji
3e2c6a2eb7 Fix ReferenceError of Worker in regress-crbug-503578
Worker is not defined on the V8 Shared bots.

BUG=chromium:503578
R=jarin@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1202763004

Cr-Commit-Position: refs/heads/master@{#29246}
2015-06-24 05:36:20 +00:00
machenbach
d70419e474 [android] Completly move path logic to gyp config.
BUG=chromium:502176
LOG=n

Review URL: https://codereview.chromium.org/1203653002

Cr-Commit-Position: refs/heads/master@{#29245}
2015-06-24 05:35:14 +00:00
binji
10b6af71b8 Fix cluster-fuzz found regression in d8 when deserializing ArrayBuffer
BUG=503578
R=jarin@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1204753002

Cr-Commit-Position: refs/heads/master@{#29244}
2015-06-24 04:23:58 +00:00
mstarzinger
5e2a114102 [turbofan] Remove stale control-reducer.cc file.
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1197793005

Cr-Commit-Position: refs/heads/master@{#29243}
2015-06-24 03:50:24 +00:00
arv
6181ec9c28 Date() should not depend on Date.prototype.toString
We used to call toString as a method which is not safe.

BUG=v8:4225
LOG=Y
R=adamk, littledan
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1200033003

Cr-Commit-Position: refs/heads/master@{#29242}
2015-06-23 23:18:40 +00:00
adamk
3164aa7483 Revert "Keep a canonical list of shared function infos."
Speculative revert in the hopes of fixing serializer crashes seen in canary.

This reverts commit c166945083, as well as
followup change "Do not look for existing shared function info when compiling a new script."
(commit 7c43967bb7).

BUG=chromium:503552,v8:4132
TBR=yangguo@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1207583002

Cr-Commit-Position: refs/heads/master@{#29241}
2015-06-23 22:59:30 +00:00
mathias
57306b59e8 Avoid built-ins in Date.prototype.toISOString
TEST=mjsunit/date
BUG=v8:4226
LOG=N

Review URL: https://codereview.chromium.org/1203733002

Cr-Commit-Position: refs/heads/master@{#29240}
2015-06-23 18:43:08 +00:00
titzer
2c979b96f1 Add mjsunit tests for optimization of float min/max.
R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1199053011

Cr-Commit-Position: refs/heads/master@{#29239}
2015-06-23 17:26:25 +00:00
dslomov
8196c28a94 Do not add extra argument for new.target
JSConstructStub for subclass constructors instead locates new.target in
a known location on the stack.

R=arv@chromium.org,adamk@chromium.org
BUG=v8:3886
LOG=N

Review URL: https://codereview.chromium.org/1196193014

Cr-Commit-Position: refs/heads/master@{#29238}
2015-06-23 16:50:57 +00:00
adamk
df47224028 Expose Map/Set methods through the API
Map: get, set, has, delete, clear
Set: add, has, delete, clear

All except clear are implemented as calls into collection.js.

Note that some of these shadow methods of v8::Object. It's unclear
how confusing that's going to be: on the one hand, it seems likely
that most operations you would want to do on a Map or Set are these.
On the other, generic code could get confused if it somehow gets
ahold of a variable that happens to be C++-typed as a v8::Map or v8::Set.

BUG=v8:3340
LOG=y

Review URL: https://codereview.chromium.org/1204623002

Cr-Commit-Position: refs/heads/master@{#29237}
2015-06-23 15:14:17 +00:00
ishell
bcb276c6f7 Fixed exception handling in Realm.create().
BUG=chromium:501711
LOG=N

Review URL: https://codereview.chromium.org/1207453002

Cr-Commit-Position: refs/heads/master@{#29236}
2015-06-23 15:08:50 +00:00
jochen
93d6216099 Let GC select the collector when the external memory allocation limit is reached
BUG=none
R=hpayer@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1201993002

Cr-Commit-Position: refs/heads/master@{#29235}
2015-06-23 15:02:16 +00:00
mbrandy
b76cf1f802 PPC: [turbofan] Fix implementation of Float64Min.
The optimized instruction sequences for floating-point min/max do not
have the same behaviour as TurboFan's Float(32|64)(Min|Max) functions
(incorrect handling for NaN operands).

R=dstence@us.ibm.com, michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1193843015

Cr-Commit-Position: refs/heads/master@{#29234}
2015-06-23 14:56:57 +00:00
verwaest
c49659b008 Don't insert elements transitions into normalized maps
BUG=chromium:499790
LOG=n

Review URL: https://codereview.chromium.org/1203653003

Cr-Commit-Position: refs/heads/master@{#29233}
2015-06-23 14:33:11 +00:00
verwaest
dee4895d0a Cleanup adding elements and in particular dictionary elements
BUG=v8:4137
LOG=n

Review URL: https://codereview.chromium.org/1196163005

Cr-Commit-Position: refs/heads/master@{#29232}
2015-06-23 13:35:12 +00:00
mstarzinger
7f5a2d9ed5 [turbofan] Make global variable loads and stores explicit.
This is a precursor to using specialized LoadIC and StoreIC stubs for
global variable access. It also removes the need to keep track of the
global object in the type system, hence freeing up one bit.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1205473004

Cr-Commit-Position: refs/heads/master@{#29231}
2015-06-23 13:34:06 +00:00
bmeurer
78e9a2dff2 [turbofan] NaN is never truish.
BUG=v8:4207
LOG=y
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1198993009

Cr-Commit-Position: refs/heads/master@{#29230}
2015-06-23 12:24:54 +00:00
jacob.bramley
d783b76362 [arm64][turbofan] Fix implementation of Float64Min.
ARM64's `fmin` and `fmax` instructions don't have the same behaviour as
TurboFan's Float(32|64)(Min|Max) functions.

BUG=4206
LOG=N

Review URL: https://codereview.chromium.org/1200123004

Cr-Commit-Position: refs/heads/master@{#29229}
2015-06-23 11:58:58 +00:00
verwaest
17b26fd2a5 Fix regexp perf: Only increase array size if needed
BUG=chromium:503457
LOG=n

Review URL: https://codereview.chromium.org/1198993008

Cr-Commit-Position: refs/heads/master@{#29228}
2015-06-23 11:41:47 +00:00