Commit Graph

23611 Commits

Author SHA1 Message Date
wingo
541b6c39e0 Ship arrow functions
R=rossberg@chromium.org
LOG=Y
BUG=v8:2700

Review URL: https://codereview.chromium.org/1187173004

Cr-Commit-Position: refs/heads/master@{#29119}
2015-06-18 15:13:49 +00:00
caitpotter88
12e194860a [es6] ship Object.assign
BUG=v8:4007
LOG=N
R=rossberg@chromium.org, arv@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1191003003

Cr-Commit-Position: refs/heads/master@{#29118}
2015-06-18 14:56:14 +00:00
bmeurer
4185bf299e [turbofan] Deslowify the GraphTrimmer in debug mode.
R=machenbach@chromium.org

Review URL: https://codereview.chromium.org/1189943005

Cr-Commit-Position: refs/heads/master@{#29117}
2015-06-18 14:51:43 +00:00
verwaest
49495ace70 Cleanup INTEGER_INDEXED_EXOTIC handling a bit
BUG=v8:4137
LOG=n

Review URL: https://codereview.chromium.org/1191813003

Cr-Commit-Position: refs/heads/master@{#29116}
2015-06-18 14:39:11 +00:00
conradw
407657b706 Revert of [strong] Implement strong mode restrictions on property access (patchset #23 id:460001 of https://codereview.chromium.org/1168093002/)
Reason for revert:
Speculative revert, maybe breaks GC-stress

http://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/808

Original issue's description:
> [strong] Implement strong mode restrictions on property access
>
> Implements the strong mode proposal's restrictions on property access.
>
> To be fully explored in a followup: proxies, interceptors, access checks, load from super
>
> BUG=v8:3956
> LOG=N
>
> Committed: https://crrev.com/85dbfb9a389e7b21bd2a63862202ee97fc5d7982
> Cr-Commit-Position: refs/heads/master@{#29109}

TBR=rossberg@chromium.org,mvstanton@chromium.org,mstarzinger@chromium.org,verwaest@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3956

Review URL: https://codereview.chromium.org/1189153002

Cr-Commit-Position: refs/heads/master@{#29115}
2015-06-18 13:40:20 +00:00
verwaest
5a4b156204 Minor cleanup in element handling
BUG=v8:4137
LOG=n

Review URL: https://codereview.chromium.org/1190143002

Cr-Commit-Position: refs/heads/master@{#29114}
2015-06-18 12:57:03 +00:00
verwaest
72d6ed749b Return void from array setters since the return value needs to be ignored
BUG=v8:4137
LOG=n

Review URL: https://codereview.chromium.org/1188073003

Cr-Commit-Position: refs/heads/master@{#29113}
2015-06-18 12:52:00 +00:00
machenbach
370a8ea3f2 [test] Extend clusterfuzz check with more jobs.
BUG=chromium:493043
LOG=n
NOTRY=true

Review URL: https://codereview.chromium.org/1196453002

Cr-Commit-Position: refs/heads/master@{#29112}
2015-06-18 12:43:49 +00:00
verwaest
6a3ba3cc2c More cleanly separate adding from setting elements
This is a first step towards disentangling the backend code. In the future we should just use ElementsAccessors.
BUG=v8:4137
LOG=n

Review URL: https://codereview.chromium.org/1177043012

Cr-Commit-Position: refs/heads/master@{#29111}
2015-06-18 12:21:04 +00:00
jochen
aac18f3927 Extend find-anywhere so it also works while debugging a live process
R=yangguo@chromium.org
BUG=none
LOG=n

Review URL: https://codereview.chromium.org/1179413006

Cr-Commit-Position: refs/heads/master@{#29110}
2015-06-18 11:57:03 +00:00
conradw
85dbfb9a38 [strong] Implement strong mode restrictions on property access
Implements the strong mode proposal's restrictions on property access.

To be fully explored in a followup: proxies, interceptors, access checks, load from super

BUG=v8:3956
LOG=N

Review URL: https://codereview.chromium.org/1168093002

Cr-Commit-Position: refs/heads/master@{#29109}
2015-06-18 11:55:45 +00:00
conradw
1bb051b8a4 [es6] Fix completion values of for loops with lexical variables
Currently, the desugaring of for loops of the form for
(let/const ...; bla; bla) causes them to always have a
completion value of 1, regardless of whether the loop body
is executed or not. This CL fixes this, realigning
initializer blocks as a more general purpose way to avoid
the completion value rewriter (since that's all they really
do anyway).

BUG=

Review URL: https://codereview.chromium.org/1177053006

Cr-Commit-Position: refs/heads/master@{#29108}
2015-06-18 11:54:16 +00:00
machenbach
4a4ba797ae Reland [turbofan] Disable select matching due to bug manifesting on arm. (patchset #2 id:40001 of https://codereview.chromium.org/1176403005/)
Reason for revert:
This causes timeouts in Massive on chromebooks.

Original issue's description:
> Revert of [turbofan] Disable select matching due to bug manifesting on arm. (patchset #1 id:1 of https://codereview.chromium.org/1077613002/)
>
> Reason for revert:
> [Sheriff] Checking if this still fails and if yes persists info about failures.
>
> Original issue's description:
> > [turbofan] Disable select matching due to bug manifesting on arm.
> >
> > R=machenbach@chromium.org
> > BUG=
> >
> > Committed: https://crrev.com/6e5d805718195c4b5ac64cd540379cecf10b8f5c
> > Cr-Commit-Position: refs/heads/master@{#27702}
>
> TBR=bmeurer@chromium.org
>
> Committed: https://crrev.com/7c36a7d91d8706b29df07013085fbe3c8e93b0ed
> Cr-Commit-Position: refs/heads/master@{#29103}

TBR=titzer@chromium.org,bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1195563003

Cr-Commit-Position: refs/heads/master@{#29107}
2015-06-18 10:43:11 +00:00
ulan
42263aab99 Dampen the old generation allocation limit only after the initial old generation size was configured.
Otherwise, dampening interferes with initial size configuration and causes GC too early.

BUG=501703
LOG=NO

Review URL: https://codereview.chromium.org/1183633005

Cr-Commit-Position: refs/heads/master@{#29106}
2015-06-18 10:00:24 +00:00
bmeurer
92e6bcf13c [turbofan] Improve interplay of ControlReducer and CommonOperatorReducer.
This turns the CommonOperatorReducer into an AdvancedReducer and makes
it independent of JSGraph (which was used only because it was convienent),
and let's the CommonOperatorReducer run together with the ControlReducer.

The ControlReducer is still not able to run together with other reducers,
but we're getting closer. The plan is to split the ControlReducer into
two parts: The dead code elimination part and the common operator
reduction part. This separation will help to avoid tricky bugs in the
future and should make testing a *lot* easier.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1192063002

Cr-Commit-Position: refs/heads/master@{#29105}
2015-06-18 09:15:42 +00:00
mstarzinger
eb0e7437d3 [turbofan] Introduce DeadValue and DeadEffect operators.
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1186033006

Cr-Commit-Position: refs/heads/master@{#29104}
2015-06-18 08:17:17 +00:00
machenbach
7c36a7d91d Revert of [turbofan] Disable select matching due to bug manifesting on arm. (patchset #1 id:1 of https://codereview.chromium.org/1077613002/)
Reason for revert:
[Sheriff] Checking if this still fails and if yes persists info about failures.

Original issue's description:
> [turbofan] Disable select matching due to bug manifesting on arm.
>
> R=machenbach@chromium.org
> BUG=
>
> Committed: https://crrev.com/6e5d805718195c4b5ac64cd540379cecf10b8f5c
> Cr-Commit-Position: refs/heads/master@{#27702}

TBR=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1176403005

Cr-Commit-Position: refs/heads/master@{#29103}
2015-06-18 07:57:32 +00:00
bmeurer
a3106d228e [turbofan] Remove another premature optimization from ControlReducer.
We never hit the phi case for DecideCondition in practice, since a more
general optimization is already performed by typing and constant
propagation.

R=jarin@chromium.org,mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1186973005

Cr-Commit-Position: refs/heads/master@{#29102}
2015-06-18 07:13:47 +00:00
machenbach
221ae5a624 [test] Unskip layout tests after fixing bot.
BUG=chromium:498689
LOG=n
NOTRY=true
TBR=sergiyb@chromium.org

Review URL: https://codereview.chromium.org/1185623003

Cr-Commit-Position: refs/heads/master@{#29101}
2015-06-18 07:10:36 +00:00
balazs.kilvady
0acc511e62 MIPS: Fix unaligned memory access.
On MIPS32 we can't read a 8 bytes long data from a not 8 bytes aligned memory address.

BUG=
TEST=mjsunit/debug-backtrace

Review URL: https://codereview.chromium.org/1193433002

Cr-Commit-Position: refs/heads/master@{#29100}
2015-06-18 07:01:38 +00:00
machenbach
91d869a343 Revert of Update V8 DEPS. (patchset #1 id:1 of https://codereview.chromium.org/1192033002/)
Reason for revert:
[Sheriff] gyp still contains an offending patch

Original issue's description:
> Update V8 DEPS.
>
> Rolling v8/build/gyp to fdcd8bc10c935eff13b391644b01460593c46861
>
> Rolling v8/tools/clang to d2b4eddd701ff0265124147bcb0a65f32273f06b
>
> TBR=machenbach@chromium.org
>
> Committed: https://crrev.com/a940eb8a7cba6596ea25819c0112c3ca053074ed
> Cr-Commit-Position: refs/heads/master@{#29097}

TBR=v8-autoroll@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1185453011

Cr-Commit-Position: refs/heads/master@{#29099}
2015-06-18 06:24:41 +00:00
mstarzinger
10d47da61c [turbofan] Add test to keep generic pipeline on life support.
R=bmeurer@chromium.org
TEST=cctest/test-pipeline

Review URL: https://codereview.chromium.org/1193543002

Cr-Commit-Position: refs/heads/master@{#29098}
2015-06-18 04:52:44 +00:00
v8-autoroll
a940eb8a7c Update V8 DEPS.
Rolling v8/build/gyp to fdcd8bc10c935eff13b391644b01460593c46861

Rolling v8/tools/clang to d2b4eddd701ff0265124147bcb0a65f32273f06b

TBR=machenbach@chromium.org

Review URL: https://codereview.chromium.org/1192033002

Cr-Commit-Position: refs/heads/master@{#29097}
2015-06-18 03:29:10 +00:00
sheyang
99e24fccf6 Add signcla verifier for v8.
Currently this verifier will post an informative error if the author has not signed CLA, instead of rejecting the CL.

LOG=N

BUG=457428

Review URL: https://codereview.chromium.org/1185193009

Cr-Commit-Position: refs/heads/master@{#29096}
2015-06-17 16:36:53 +00:00
verwaest
d69ead663c Make sure to flatten names before lookup. Lookup using cons strings is really slow.
Restores SortNumbers perf degrade

BUG=chromium:495949, v8:4137
LOG=n

Review URL: https://codereview.chromium.org/1177043009

Cr-Commit-Position: refs/heads/master@{#29095}
2015-06-17 16:05:34 +00:00
ulan
b62a7a833b Add option to compute average scavenge speed w.r.t survived objects.
Use it in detection of low young generation allocation rate.

BUG=501314
LOG=NO
TBR=hpayer@chromium.org

Review URL: https://codereview.chromium.org/1186903005

Cr-Commit-Position: refs/heads/master@{#29094}
2015-06-17 16:03:21 +00:00
yangguo
789c0601fd --print-scopes should ignore native code, even ones parsed lazily.
R=adamk@chromium.org

Review URL: https://codereview.chromium.org/1185313002

Cr-Commit-Position: refs/heads/master@{#29093}
2015-06-17 15:21:30 +00:00
mstarzinger
9e7732c517 Reenable some cctest tests that no longer fail.
R=jochen@chromium.org,jarin@chromium.org
TEST=cctest

Review URL: https://codereview.chromium.org/1176423007

Cr-Commit-Position: refs/heads/master@{#29092}
2015-06-17 14:56:03 +00:00
jkummerow
5de595a603 [test] Fix gc-stress failures of regress-crbug-500497.js
R=machenbach@chromium.org
NOTRY=y

Review URL: https://codereview.chromium.org/1175123003

Cr-Commit-Position: refs/heads/master@{#29091}
2015-06-17 14:24:36 +00:00
verwaest
9a92d294f3 Use output parameter to distinguish error from absent result
Otherwise we'd have to probe for pending exceptions.

I'll do the same to other interceptors in follow-up CLs

BUG=chromium:495949,v8:4137
LOG=n

Review URL: https://codereview.chromium.org/1190023002

Cr-Commit-Position: refs/heads/master@{#29090}
2015-06-17 14:06:39 +00:00
bmeurer
afc2fb26a1 [turbofan] Remove another ineffective optimization from the ControlReducer.
The condition of a Branch or Select can never be a NumberConstant,
because the resulting graph would be invalid, so we don't need to
optimize this case. It can only ever be a tagged boolean or an untagged
bit.

Drive-by-fix: Test the interesting cases in the unit tests instead.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1195443004

Cr-Commit-Position: refs/heads/master@{#29089}
2015-06-17 12:50:45 +00:00
mstarzinger
f28f16c916 [turbofan] Remove obsolete 'incomplete' flag from GraphDecorator.
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1187263003

Cr-Commit-Position: refs/heads/master@{#29088}
2015-06-17 12:34:45 +00:00
ulan
ddac006659 Fix --trace-gc output after 084d1f.
BUG=
TBR=hpayer@chromium.org

Review URL: https://codereview.chromium.org/1188093003

Cr-Commit-Position: refs/heads/master@{#29087}
2015-06-17 12:31:47 +00:00
bmeurer
a4f060278f [turbofan] Fix life time and use of the Typer.
Currently the Typer is installed on the Graph, no matter if we actually
use the types or not (read: even in the generic pipeline). Also the
Typer tries hard to eagerly type nodes during graph building, which
takes time, just to remove those types later again, and retype
everything from scratch. Plus this is inconsistent, since it only
applies to the outermost graph, not the inlined graphs (which are
eagerly typed once the nodes are copied). So in summary, what's
currently implemented is neither useful nor well defined, so for now we
stick to the full typing approach until a proper design for eager typing
is available that will actually benefit us.

R=rossberg@chromium.org,mstarzinger@chromium.org,jarin@chromium.org

Review URL: https://codereview.chromium.org/1192553002

Cr-Commit-Position: refs/heads/master@{#29086}
2015-06-17 12:25:06 +00:00
machenbach
d05cb6b30f Revert of Added constructor call on object in InstantiateObject method (patchset #5 id:80001 of https://codereview.chromium.org/1137693003/)
Reason for revert:
[Sheriff] This breaks layout test expectations:
http://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2032/builds/437

See:
https://storage.googleapis.com/chromium-layout-test-archives/V8-Blink_Linux_32/437/layout-test-results/fast/dom/create-element-after-stack-overflow-pretty-diff.html

Please land a needsmanualrebaseline change on the blink-side before relanding this, if the change was intended.

Please include a blink trybot on relanding this.

Original issue's description:
> Added constructor call on object in InstantiateObject method
>
> I found after upgrading from 4.2.2 where apinatives.js still
> existed to 4.4.56 where everything had been converted to C++ in
> api-natives.cc, my constructors for ObjectTemplate instantiated objects
> were no longer being called.  After investigation, I noticed in
> apinatives.js that a new call would handle that, but there was no
> corresponding constructor call in api-natives.cc (or anywhere else
> along the chain of InstantiateObject), so I added a call to
> Execution::Call to actually construct the object.  Forgive me if that
> isn't the right place to add it (InitializeBody in objects-inl.h also
> looked like a good place), or if there's a reason constructors are
> not being called.
>
> I also added myself to the AUTHORS file in this CL.
>
> Committed: https://crrev.com/e61a957b2a9726294cdd2802a6a2b6e3a9ef657d
> Cr-Commit-Position: refs/heads/master@{#29076}

TBR=verwaest@chromium.org,svenpanne@chromium.org,dtalley@gmail.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1188233002

Cr-Commit-Position: refs/heads/master@{#29085}
2015-06-17 12:20:59 +00:00
ulan
31e3177bb0 Add V8 platform API to call delayed task.
Delayed tasks can be used to perform non-urgent clean up work.

BUG=chromium:490559
LOG=NO

Review URL: https://codereview.chromium.org/1179153002

Cr-Commit-Position: refs/heads/master@{#29084}
2015-06-17 12:09:40 +00:00
ulan
885455e99d Replace ad-hoc weakness in transition array with WeakCell.
BUG=

Review URL: https://codereview.chromium.org/1157943003

Cr-Commit-Position: refs/heads/master@{#29083}
2015-06-17 12:07:52 +00:00
jkummerow
882055ff6a Clean up JSConstructStub
- fix truthfulness of comments
- use InitializeFieldsWithFiller more consistently
- use unsigned comparisons for pointers

No change in functionality intended.

Bonus: improve JavaScriptFrame::Print() for an enhanced debugging experience:

- print PC of each frame
- print the function's source also for optimized frames

Review URL: https://codereview.chromium.org/1186823003

Cr-Commit-Position: refs/heads/master@{#29082}
2015-06-17 11:58:30 +00:00
mstarzinger
25e687965f [turbofan] Remove hack for dead nodes from JSGenericLowering.
Now that the graph is being trimmed after generic lowering, we can drop
this workaround. The diamond will no longer confuse the scheduler.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1191913002

Cr-Commit-Position: refs/heads/master@{#29081}
2015-06-17 11:30:06 +00:00
verwaest
bb23bccb8b Support CreateDataProperty on JSObject in the runtime
BUG=v8:4137
LOG=n

Review URL: https://codereview.chromium.org/1181013011

Cr-Commit-Position: refs/heads/master@{#29080}
2015-06-17 11:25:36 +00:00
jkummerow
5fca3947cf Hydrogen object literals: always initialize in-object properties
This fixes a bug where new-space GC could be triggered by non-folded allocations for some of the in-object properties, while the object was only partially initialized.

BUG=chromium:500497
LOG=y
R=ishell@chromium.org

Review URL: https://codereview.chromium.org/1182113007

Cr-Commit-Position: refs/heads/master@{#29079}
2015-06-17 11:24:24 +00:00
dusan.milosavljevic
14151c81a2 Reland "MIPS64: Fix lithium arithmetic operations for integers to sign-extend result."
TEST==mjsunit/asm/double-lo
BUG=

Review URL: https://codereview.chromium.org/1170923004

Cr-Commit-Position: refs/heads/master@{#29078}
2015-06-17 10:58:53 +00:00
bmeurer
80a6e53935 [turbofan] Move graph trimming functionality to dedicated GraphTrimmer.
Up until now that was still mixed with control reduction in the
ControlReducer. This separation allows us to remove the horrible
Reducer::Finish hack and also do graph trimming at more appropriate
places in the pipeline (i.e. trim dead nodes after generic lowering,
which can also make nodes dead).

R=jarin@chromium.org,mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1188433010

Cr-Commit-Position: refs/heads/master@{#29077}
2015-06-17 10:56:37 +00:00
dtalley
e61a957b2a Added constructor call on object in InstantiateObject method
I found after upgrading from 4.2.2 where apinatives.js still
existed to 4.4.56 where everything had been converted to C++ in
api-natives.cc, my constructors for ObjectTemplate instantiated objects
were no longer being called.  After investigation, I noticed in
apinatives.js that a new call would handle that, but there was no
corresponding constructor call in api-natives.cc (or anywhere else
along the chain of InstantiateObject), so I added a call to
Execution::Call to actually construct the object.  Forgive me if that
isn't the right place to add it (InitializeBody in objects-inl.h also
looked like a good place), or if there's a reason constructors are
not being called.

I also added myself to the AUTHORS file in this CL.

Review URL: https://codereview.chromium.org/1137693003

Cr-Commit-Position: refs/heads/master@{#29076}
2015-06-17 10:24:10 +00:00
verwaest
bb1b54a776 Only walk the hidden prototype chain for private nonexistent symbols
BUG=chromium:479528
LOG=n

Review URL: https://codereview.chromium.org/1185373004

Cr-Commit-Position: refs/heads/master@{#29075}
2015-06-17 10:20:52 +00:00
verwaest
72cdb99346 Rely on the map being a dictionary map rather than not having a backpointer
BUG=chromium:500173
LOG=n

Review URL: https://codereview.chromium.org/1194513003

Cr-Commit-Position: refs/heads/master@{#29074}
2015-06-17 10:14:01 +00:00
Michael Achenbach
20bc6f530f Whitespace change to test infra.
Cr-Commit-Position: refs/heads/master@{#29073}
2015-06-17 10:00:08 +00:00
ulan
084d1f3db3 Dampen old generation allocation limit after scavenge if allocation rate is low.
BUG=chromium:491907,chromium:499815
LOG=NO

Review URL: https://codereview.chromium.org/1180203003

Cr-Commit-Position: refs/heads/master@{#29072}
2015-06-17 09:15:48 +00:00
svenpanne
d4f7bff1ea Replace OFFSET_OF with offsetof as far as possible.
The remaining uses need some non-mechanical work:

  * non-standard-layout type, probably due to mixed access control

  * extended field designators

Review URL: https://codereview.chromium.org/1173343006

Cr-Commit-Position: refs/heads/master@{#29071}
2015-06-17 09:06:56 +00:00
machenbach
b4d3e1ceba Revert of Add %TypedArray% to proto chain (patchset #6 id:100001 of https://codereview.chromium.org/1186733002/)
Reason for revert:
[Sheriff] Changes layout tests:
http://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2032/builds/429

See e.g.:
https://storage.googleapis.com/chromium-layout-test-archives/V8-Blink_Linux_32/429/layout-test-results/inspector/console/console-big-array-pretty-diff.html

Please upload a blink side needsmanualrebaseline change first for these tests if the change is intended. Please also add a blink trybot on a reland of this CL.

Original issue's description:
> Add %TypedArray% to proto chain
>
> According to the ES6 spec, the main methods and getters shouldn't
> be properties of the individual TypedArray objects and prototypes
> but instead on %TypedArray% and %TypedArray%.prototype. This
> difference is observable through introspection. This patch moves
> some methods and getters to the proper place, with the exception
> of %TypedArray%.prototype.subarray and harmony methods. These will
> be moved in follow-on patches.
>
> BUG=v8:4085
> LOG=Y
> R=adamk
>
> Committed: https://crrev.com/a10590158260737b256fac3254b4939f48f90095
> Cr-Commit-Position: refs/heads/master@{#29057}

TBR=adamk@chromium.org,arv@chromium.org,littledan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4085

Review URL: https://codereview.chromium.org/1192433003

Cr-Commit-Position: refs/heads/master@{#29070}
2015-06-17 09:05:51 +00:00