Commit Graph

6118 Commits

Author SHA1 Message Date
ahaas
510246f6e2 [wasm] Use the native_context for the TypeError in ToJS()
With this CL we use isolate->native_context() to provide a context for
the CEntryStub of the runtime call. The native_context() is sufficient
here because Runtime::kWasmThrowTypeError does not use the context.

R=titzer@chromium.org
TEST=mjsunit/wasm/ffi-error.js
BUG=chromium:639492

Review-Url: https://codereview.chromium.org/2291043002
Cr-Commit-Position: refs/heads/master@{#39014}
2016-08-30 12:46:02 +00:00
bmeurer
864cdc124c [test] Speed-up regression test for growing stores.
TBR=machenbach@chromium.org
BUG=chromium:635798,chromium:638295

Review-Url: https://codereview.chromium.org/2288813003
Cr-Commit-Position: refs/heads/master@{#38991}
2016-08-30 04:04:32 +00:00
littledan
5af4cd9840 Disallow tail calls from async functions and generators
Tail calls don't make sense from async functions and generators, as
each activation of these functions needs to make a new, distnict,
non-reused generator object. These tail calls are not required per
spec. This patch disables both syntactic and implicit tail calls
in async functions and generators.

R=neis
BUG=v8:5301,chromium:639270

Review-Url: https://codereview.chromium.org/2278413003
Cr-Commit-Position: refs/heads/master@{#38986}
2016-08-29 18:31:35 +00:00
bgeron
791118fca5 [turbofan] Also inline into try blocks.
This removes test/webkit/fast/js/stack-overflow-arrity-catch.js, which tests that the stack overflows in a very particular way. It doesn't seem to test anything important, and only used to work because we didn't inline into try-blocks.

BUG=
R=jarin

Review-Url: https://codereview.chromium.org/2216353002
Cr-Commit-Position: refs/heads/master@{#38976}
2016-08-29 11:27:06 +00:00
bgeron
d90d76bdb5 [turbofan] Improve inline-exception tests.
- Make constants more interesting.
- Add an addition to be done after the inlined call in the try-block.
- On command line, have a bit more output.
- New alternative that deopts from unoptimized code.

BUG=
R=jarin

Review-Url: https://codereview.chromium.org/2285743002
Cr-Commit-Position: refs/heads/master@{#38974}
2016-08-29 11:17:16 +00:00
verwaest
5558a50878 Merge DeclarationScope::temps_ and Scope::ordered_variables_ into Scope::locals_
BUG=v8:5209

Review-Url: https://codereview.chromium.org/2272083003
Cr-Commit-Position: refs/heads/master@{#38920}
2016-08-25 19:12:00 +00:00
jarin
2a97b1bcb1 Reland of [turbofan] Insert dummy values when changing from None type.
This reverts commit a55fdb1e7c, relands
https://codereview.chromium.org/2266823002/.

BUG=chromium:638132

Review-Url: https://codereview.chromium.org/2277283002
Cr-Commit-Position: refs/heads/master@{#38917}
2016-08-25 16:58:13 +00:00
bgeron
244d9ccd40 [turbofan] Tests for inlining calls, constructors, property access inside try..catch..finally.
These tests were spliced out of changelist 2216353002 and extended.

BUG=

Review-Url: https://codereview.chromium.org/2245263003
Cr-Commit-Position: refs/heads/master@{#38906}
2016-08-25 12:50:48 +00:00
bmeurer
a55fdb1e7c Revert of [turbofan] Insert dummy values when changing from None type. (patchset #5 id:80001 of https://codereview.chromium.org/2266823002/ )
Reason for revert:
Octane/Mandreel aborts with an exception now:

TypeError: __FUNCTION_TABLE__[(r2 >> 2)] is not a function

Original issue's description:
> [turbofan] Insert dummy values when changing from None type.
>
> Currently we choose the MachineRepresentation::kNone representation for
> values of Type::None, and when converting values from the kNone representation
> we use "impossible" conversions that will crash at runtime. This
> assumes that the impossible conversions should never be hit (the only
> way to produce the impossible values is to perform an always-failing
> runtime check on a value, such as Smi-checking a string). Note that
> this assumes that the runtime check is executed before the impossible
> convesrion.
>
> Introducing BitwiseOr type feedback broke this in two ways:
>
> - we always pick Word32 representation for bitwise-or, so the
>   impossible conversion does not trigger (it only triggers with
>   None representation), and we could end up with unsupported
>   conversions from Word32.
>
> - even if we inserted impossible conversions, they are pure conversions.
>   Since untagging, bitwise-or operations are also pure, we could hoist
>   all these before the smi check of the inputs and we could hit the
>   impossible conversions before we get to the smi check.
>
> This CL addresses this by just providing dummy values for conversions
> from the Type::None type. It also removes the impossible-to-* conversions.
>
> BUG=chromium:638132
>
> Committed: https://crrev.com/c83b21ab755f1420b6da85b3ff43d7e96ead9bbe
> Cr-Commit-Position: refs/heads/master@{#38883}

TBR=mstarzinger@chromium.org,jarin@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:638132

Review-Url: https://codereview.chromium.org/2280613002
Cr-Commit-Position: refs/heads/master@{#38893}
2016-08-25 08:50:23 +00:00
bmeurer
b471d4ab5c [turbofan] Disable LoadElimination completely for asm.js.
There's no point in running the LoadElimination on asm.js functions and
it would take serious amount of effort to actually make it correct for
the deprecated parts of the pipeline.

R=jarin@chromium.org
BUG=v8:5308

Review-Url: https://codereview.chromium.org/2276273002
Cr-Commit-Position: refs/heads/master@{#38884}
2016-08-25 06:14:59 +00:00
jarin
c83b21ab75 [turbofan] Insert dummy values when changing from None type.
Currently we choose the MachineRepresentation::kNone representation for
values of Type::None, and when converting values from the kNone representation
we use "impossible" conversions that will crash at runtime. This
assumes that the impossible conversions should never be hit (the only
way to produce the impossible values is to perform an always-failing
runtime check on a value, such as Smi-checking a string). Note that
this assumes that the runtime check is executed before the impossible
convesrion.

Introducing BitwiseOr type feedback broke this in two ways:

- we always pick Word32 representation for bitwise-or, so the
  impossible conversion does not trigger (it only triggers with
  None representation), and we could end up with unsupported
  conversions from Word32.

- even if we inserted impossible conversions, they are pure conversions.
  Since untagging, bitwise-or operations are also pure, we could hoist
  all these before the smi check of the inputs and we could hit the
  impossible conversions before we get to the smi check.

This CL addresses this by just providing dummy values for conversions
from the Type::None type. It also removes the impossible-to-* conversions.

BUG=chromium:638132

Review-Url: https://codereview.chromium.org/2266823002
Cr-Commit-Position: refs/heads/master@{#38883}
2016-08-25 06:06:58 +00:00
littledan
aae17eb31b Do not trigger ExceptionEvents for another forwarding case
This patch fixes up one last case of redundant ExceptionEvents being
triggered in the debugger for Promises--it makes the default reject
handler for Promises (e.g., if the second argument for
Promise.prototype.then is missing) appear to the debugger as a
rethrow.

R=adamk@chromium.org,jgruber@chromium.org
BUG=v8:5167

Review-Url: https://codereview.chromium.org/2278643002
Cr-Commit-Position: refs/heads/master@{#38876}
2016-08-24 20:38:13 +00:00
jarin
dc330f2bd3 [turbofan] Fix merging of empty and non-empty state in load elimination.
Unfortunately, I was unable to produce a repro without asm.js. In normal
JavaScript, the bounds check renaming saves us.

I have not done anything about the index variable aliasing and handling
of differently sized elements yet!

BUG=chromium:639210, v8:5266

Review-Url: https://codereview.chromium.org/2270793004
Cr-Commit-Position: refs/heads/master@{#38874}
2016-08-24 17:14:24 +00:00
mstarzinger
b52aecac7e [compiler] Make Compiler::EnsureBytecode not switch tiers.
This preserves the original shared code of the underlying function when
bytecode is provided. The method in question should only ensure bytecode
is present, but should avoid switching compilation tiers of the given
function. It might be that the function was fast-tracked to baseline by
inlining without going through the interpreted tier first.

R=rmcilroy@chromium.org
TEST=mjsunit/regress/regress-crbug-635923
BUG=chromium:635923

Review-Url: https://codereview.chromium.org/2278543002
Cr-Commit-Position: refs/heads/master@{#38866}
2016-08-24 14:09:59 +00:00
bmeurer
6646d73b6f [turbofan] Use ObjectIsReceiver directly for inlining.
Don't bother using %_IsJSReceiver, which immediately gets lowered to
ObjectIsReceiver anyways (by the JSIntrinsicLowering), but requires
some complicated rewiring of effect/control chains.

R=mstarzinger@chromium.org
BUG=chromium:640369

Review-Url: https://codereview.chromium.org/2271973003
Cr-Commit-Position: refs/heads/master@{#38864}
2016-08-24 11:09:32 +00:00
littledan
013e49f73c Change which ExceptionEvents are triggered by Promises
To make async/await catch prediction work well, this patch regularizes
the exception events sent to DevTools from various places in the Promise
lifecycle. The core is that there should be an exception event when the
rejection first starts, rather than when it is propagated.

- Several cases within Promise code which propagate errors are
  modified to not trigger a new ExceptionEvent in that case, such
  as .then on a rejected Promise and returning a rejected Promise
  from .then, as well as Promise.race and Promise.all.
- Make Promise.reject() create an ExceptionEvent, subject to catch
  prediction based on the Promise stack. This is important
  so that, e.g., if "await Promise.reject()" will trigger a new
  throw (rather than a silent rethrow of something that never
  triggered an event in the first place).

BUG=v8:5167

Review-Url: https://codereview.chromium.org/2244003003
Cr-Commit-Position: refs/heads/master@{#38847}
2016-08-24 00:20:50 +00:00
mstarzinger
09a7ac5fca [deoptimizer] Potentially deopt into debug bytecode.
This makes sure the deoptimizer picks bytecode prepared for debugging
when materializing an interpreted frame if one is available. This is
normally done by the interpreter entry trampoline and hence needs to be
replicated by the deoptimizer.

R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2271443003
Cr-Commit-Position: refs/heads/master@{#38815}
2016-08-23 11:55:47 +00:00
bradnelson
e5f5ac7d2b [wasm] asm.js - Remove Wasm.instantiateModuleFromAsm, use asm.js directly.
Make use of %IsAsmWasmCode in place of Wasm.instantiateModuleFromAsm,
in order to reduce the surface area of the Wasm object,
and to focus on testing asm.js coming in via the parser.

Ignore extra CONST_LEGACY assignment introduced by the parser
when modules have the form:
(function Foo(a, b, c) {..});
This requires both a validator and AsmWasmBuilder change.

Move stdlib use collection to import time,
to reject modules that import a function, even if not used.

BUG= https://bugs.chromium.org/p/v8/issues/detail?id=4203
LOG=N
R=jpp@chromium.org,titzer@chromium.org

Review-Url: https://codereview.chromium.org/2264913002
Cr-Commit-Position: refs/heads/master@{#38806}
2016-08-23 04:07:23 +00:00
littledan
b2a257f9ff Remove --promise-extra flag
This flag was shipped on in 52, so it's due for removal. The patch includes
removing the deprecated and unused-in-Blink API Promise::Chain, and many
test updates.

R=adamk@chromium.org
BUG=v8:4633

Review-Url: https://codereview.chromium.org/2267033002
Cr-Commit-Position: refs/heads/master@{#38804}
2016-08-22 21:35:06 +00:00
mattloring
da5d713d73 [builtins] Array indexOf in TurboFan/Runtime
Includes fast paths in the runtime for
DictionaryElementsAccessor, FastSmiOrObjectElementsAccessor,
FastDoubleElementsAccessor, TypedElementsAccessor, and
SloppyArgumentsElementsAccessor.

BUG=

Review-Url: https://codereview.chromium.org/2232063002
Cr-Commit-Position: refs/heads/master@{#38800}
2016-08-22 18:37:08 +00:00
bradnelson
2d46ef23b1 [wasm] asm.js - Check stdlib functions are valid.
Check remaining asm.js stdlib functions for validitity at instatiation.

Fail when a member is referenced, even if not used.

BUG= https://bugs.chromium.org/p/v8/issues/detail?id=4203
LOG=N
R=jpp@chromium.org,titzer@chromium.org

Review-Url: https://codereview.chromium.org/2267633002
Cr-Commit-Position: refs/heads/master@{#38796}
2016-08-22 17:17:57 +00:00
franzih
6e665b094e [turbofan] Induction variable bound analysis for decrements.
This detects loops with integer decrements.

Drive-by fix: Add lower bounds to lower_bounds
zone vector instead of upper_bounds.

BUG=

Review-Url: https://codereview.chromium.org/2260153002
Cr-Commit-Position: refs/heads/master@{#38772}
2016-08-22 09:21:42 +00:00
bradnelson
561bfcb70d [wasm] asm.js - Check stdlib.NaN is valid, prepare for the rest.
Record which asm.js stdlib members are used and add a check that NaN is actually correctly set. Other stdlib members to be added in a later change.

Also add a stdlib argument to Wasm.instantiateModuleFromAsm, in preparation for that function to be replaced by normal asm.js instantiation.

BUG= https://bugs.chromium.org/p/v8/issues/detail?id=4203
LOG=N
R=jpp@chromium.org,titzer@chromium.org

Review-Url: https://codereview.chromium.org/2251433002
Cr-Commit-Position: refs/heads/master@{#38760}
2016-08-19 18:26:24 +00:00
verwaest
10c72887b5 Move asm_module_ and asm_function_ down to DeclarationScope
BUG=v8:5209

Review-Url: https://codereview.chromium.org/2253913002
Cr-Commit-Position: refs/heads/master@{#38753}
2016-08-19 13:29:34 +00:00
bmeurer
99edc1b8e7 [turbofan] Unify Int32Add/Sub representation selection rules.
Unify the representation selection rules for NumberAdd/Subtract and
SpeculativeNumberAdd/Subtract wrt. Int32Add/Sub selection. We can
safely use Int32Add/Sub as long as the inputs are in the safe additive
integer range and the output is either truncated to Word32 or provably
in Signed32 or Unsigned32 range.

R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2253293005
Cr-Commit-Position: refs/heads/master@{#38746}
2016-08-19 09:50:22 +00:00
ahaas
bb187a106e [wasm] Add stack checks at the beginning of each function.
TEST=mjsunit/wasm/stack.js:testStackOverflow

R=titzer@chromium.org

Review-Url: https://codereview.chromium.org/2256603002
Cr-Commit-Position: refs/heads/master@{#38742}
2016-08-19 08:54:39 +00:00
mtrofin
d64bd5f506 [wasm] removed redundant load line from mjsunit test
BUG=

Review-Url: https://codereview.chromium.org/2261643002
Cr-Commit-Position: refs/heads/master@{#38735}
2016-08-19 06:13:12 +00:00
ahaas
92b7c728e2 [wasm] Throw a type error if an I64 is exported to JS.
As required by the spec, ToJS now throws a TypeError fit I64 values
instead of truncating the I64 value to I32. To throw a TypeError I
introduced a new runtime function because the existing
Runtime::kThrowWasmError does not throw a TypeError. Since we have calls
to two runtime functions now, and an additional one is needed for stack
checks, I extracted the call to runtime functions into a helper function.

R=titzer@chromium.org

TEST=mjsunit/wasm/ffi-error.js:I64InSignatureThrows

Review-Url: https://codereview.chromium.org/2254803002
Cr-Commit-Position: refs/heads/master@{#38718}
2016-08-18 14:33:08 +00:00
mstarzinger
8ab555cc15 [interpreter] Fix canonicalization when preserving bytecode.
This fixes canonicalization of {SharedFunctionInfo} objects in the
{Compiler::GetSharedFunctionInfo} method when bytecode is preserved.
Eager compilation is only triggered when no code is present.

R=rmcilroy@chromium.org
TEST=mjsunit/regress/regress-crbug-638551
BUG=chromium:638551

Review-Url: https://codereview.chromium.org/2245263006
Cr-Commit-Position: refs/heads/master@{#38709}
2016-08-18 10:42:40 +00:00
neis
074aa90ca5 [test] Fix copy&paste error in bug link.
TBR=littledan@chromium.org
NOTRY=true
BUG=

Review-Url: https://codereview.chromium.org/2259793002
Cr-Commit-Position: refs/heads/master@{#38701}
2016-08-18 08:44:32 +00:00
rmcilroy
477495c886 [Parser] Track ContainsDot for SMI values.
Ensures SMI values have SMI type even if they have a dot (e.g., 1.0).
Adds SMI_WITH_DOT type to maintain this.

BUG=chromium:638134

Review-Url: https://codereview.chromium.org/2248693005
Cr-Commit-Position: refs/heads/master@{#38698}
2016-08-18 08:15:43 +00:00
mstarzinger
f9763eb275 [wasm] Fix asm.js module instantiation on retry.
This fixes the case where a module is instantiated twice via the same
closure when in the meantime another closure has destroyed and removed
the WASM data attached to the SharedFunctionInfo.

R=bradnelson@chromium.org
TEST=mjsunit/asm/asm-validation
BUG=v8:4203

Review-Url: https://codereview.chromium.org/2253613004
Cr-Commit-Position: refs/heads/master@{#38696}
2016-08-18 07:44:30 +00:00
mtrofin
93b7251f74 [wasm] binary and test for hosts' integration tests
Ensure wasm binaries intended to be used in hosts of v8, such as
chromium, are up to date.

See https://codereview.chromium.org/2255673003/

BUG=v8:5072

Review-Url: https://codereview.chromium.org/2259693002
Cr-Commit-Position: refs/heads/master@{#38694}
2016-08-18 03:18:14 +00:00
bakkot
95e0ba65ec Reland of Amends the TypedArray constructor to use the path for primitives for all (patchset #1 id:1 of https://codereview.chromium.org/2120763002/ )
Reason for revert:
WebGL tests have been updated and rolled (at https://codereview.chromium.org/2227023002), so this should no longer fail outdated tests.

Original issue's description:
> Revert of Amends the TypedArray constructor to use the path for primitives for all (patchset #4 id:60001 of https://codereview.chromium.org/2096873002/ )
>
> Reason for revert:
> Speculative revert to unblock roll https://codereview.chromium.org/2114113002/
>
> Original issue's description:
> > Amends the TypedArray constructor to use the path for primitives for all
> > types of primitives, not just undefined, booleans, numbers, and strings.
> > (The missing cases were null and Symbol.) This is required by the
> > specification, and there are test262 tests which we were failing due to
> > this bug.
> >
> > BUG=v8:5124
> >
> > Committed: https://crrev.com/f788bd9cce19815cba746e47bb65abfe25c16208
> > Committed: https://crrev.com/f772c22cd1c492aa0235a8e6012d0386146d2eb2
> > Cr-Original-Commit-Position: refs/heads/master@{#37234}
> > Cr-Commit-Position: refs/heads/master@{#37407}
>
> TBR=littledan@chromium.org,bakkot@google.com
> NOTREECHECKS=true
> BUG=v8:5124
>
> Committed: https://crrev.com/9c0aef52fa672db856ebfac7f4bdcd7d7b103663
> Cr-Commit-Position: refs/heads/master@{#37487}

TBR=littledan@chromium.org,hablich@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:5124

Review-Url: https://codereview.chromium.org/2255543002
Cr-Commit-Position: refs/heads/master@{#38691}
2016-08-17 17:44:11 +00:00
bakkot
a3c13435aa Reland of Amend DataView, ArrayBuffer, and TypedArray methods to use ToIndex. (patchset #2 id:170001 of https://codereview.chromium.org/2113593002/ )
Reason for revert:
WebGL tests have been updated and rolled (at https://codereview.chromium.org/2227023002), so this should no longer fail outdated tests.

Original issue's description:
> Revert of Amend DataView, ArrayBuffer, and TypedArray methods to use ToIndex. (patchset #8 id:140001 of https://codereview.chromium.org/2090353003/ )
>
> Reason for revert:
> Speculative revert to unblock roll: https://codereview.chromium.org/2107223003/
>
> Original issue's description:
> > Amend DataView, ArrayBuffer, and TypedArray methods to use ToIndex.
> >
> > The spec was modified to relax some requirements which implementors had not been
> > enforcing. Part of this process involved introducing a new abstract operation
> > ToIndex, which had partial overlap with our existing semantics as well as some
> > differences (most notably treating undefined as 0). Test262 tests were introduced to
> > check for the new semantics, some of which we were failing. This patch amends the
> > parts of our implementation corresponding to specification algorithms which use
> > ToIndex to follow its semantics precisely.
> >
> > BUG=v8:4784,v8:5120
> >
> > Committed: https://crrev.com/09720349ea058d178521ec58d0a5676443a5a132
> > Cr-Commit-Position: refs/heads/master@{#37406}
>
> TBR=littledan@chromium.org,adamk@chromium.org,bakkot@google.com
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:4784,v8:5120
>
> Committed: https://crrev.com/b1f7f1f4e41a723d5f997738a07e35a031713b8f
> Cr-Commit-Position: refs/heads/master@{#37417}

TBR=littledan@chromium.org,adamk@chromium.org,hablich@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:4784,v8:5120

Review-Url: https://codereview.chromium.org/2247073004
Cr-Commit-Position: refs/heads/master@{#38689}
2016-08-17 17:38:56 +00:00
bradnelson
d0e52555f0 [wasm] Support validation of asm.js modules with != 3 args.
Our previous per-arch instantiation thunks for asm.js
didn't support modules that had or were called with anything other
than 3 arguments. Adding support for this.

Addding a runtime test method to check if asm validation succeeded.

Adding a test of validation with different argument count combinations.

R=mstarzinger@chromium.org
TEST=mjsunit/asm/asm-validator.js
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=4203

Review-Url: https://codereview.chromium.org/2229723002
Cr-Commit-Position: refs/heads/master@{#38688}
2016-08-17 17:22:30 +00:00
neis
7fe4d930c9 [interpreter] Don't assume generator functions do an initial yield.
Async functions are implemented via special generator functions; special in the
sense that they generally do not immediately yield.  However, our generators
implementation still assumed that every generator function initially yields
(concretely: before doing the state dispatch in a loop header).  This CL fixes
that.

R=littledan@chromium.org, rmcilroy@chromium.org
BUG=chromium:638019

Review-Url: https://codereview.chromium.org/2253033002
Cr-Commit-Position: refs/heads/master@{#38684}
2016-08-17 15:03:43 +00:00
jarin
b190d13331 [turbofan] Only do value numbering when types are compatible.
At the moment, two NumberConstant nodes get different type even if their
value is the same because we always allocate a new heap number for
each number constant. This can lead to replacing a node with a node of
disjoint type in value numbering, which can result in incorrect code
down the line because of inconsistent types.

This fix makes sure that we only replace a node with a sub-type
node. Once we introduce a proper type for number constants, we can
move back to the intersection typing in value numbering.

Unfortunately, it is quite hard to write a repro for this because we cache NumberConstant nodes. We only throw away cached values that have too many conflicts (>5), so the test has to contain values that fall into the same bucket. That's where the magic floating point numbers in the test come from (they have the same low 8-bits of their hashes).

BUG=chromium:633497

Review-Url: https://codereview.chromium.org/2251833002
Cr-Commit-Position: refs/heads/master@{#38675}
2016-08-17 08:45:26 +00:00
verwaest
860a3ce26f Declare 'this' as DYNAMIC_GLOBAL on the script_scope
Follow-up cleanup to https://codereview.chromium.org/2231813003

BUG=

Review-Url: https://codereview.chromium.org/2237873002
Cr-Commit-Position: refs/heads/master@{#38643}
2016-08-16 07:44:10 +00:00
caitp
a9e470797b [parser] improve inferred function names for async arrow functions
No longer include the "async" keyword, or an async arrow function's single
identifier parameter as part of its inferred name.

BUG=v8:5281, v8:4483
R=adamk@chromium.org, littledan@chromium.org, marja@chromium.org

Review-Url: https://codereview.chromium.org/2235423003
Cr-Commit-Position: refs/heads/master@{#38627}
2016-08-12 22:47:11 +00:00
yangguo
f03bebc77d [debugger] add mixed-stack tests.
R=jgruber@chromium.org, mstarzinger@chromium.org
BUG=v8:5265

Review-Url: https://codereview.chromium.org/2246483002
Cr-Commit-Position: refs/heads/master@{#38621}
2016-08-12 13:51:19 +00:00
bmeurer
665f0e4020 [turbofan] Fix CheckedInt32Mod lowering for -0 case with negative left hand side.
Properly deoptimize if the left hand side of a CheckedInt32Mod is
negative and the result of the operation is zero.

R=jarin@chromium.org
BUG=v8:5286

Review-Url: https://codereview.chromium.org/2243803002
Cr-Commit-Position: refs/heads/master@{#38615}
2016-08-12 12:13:51 +00:00
jgruber
d252808011 Handle missing context when getting frame details
This bug was triggered by a very specific combination:

* A context-allocated variable at script scope.
* OSR optimization.
* A scheduled breakpoint, which triggers at stack checks.

Stack checks differ from other possible breakpoint locations in that
the context (among other things) may be in a register and not on the
stack, making it impossible to recover during deoptimization. The
frame_inspector then returns undefined when asked for the context.

In GetFrameDetails, handle this case by omitting all context-allocated
variables.

BUG=v8:5279

Review-Url: https://codereview.chromium.org/2245603002
Cr-Commit-Position: refs/heads/master@{#38611}
2016-08-12 11:20:19 +00:00
yangguo
1b43aab528 [debugger] add test for debug evaluate.
This test would have failed prior to 58524d6df3.

R=verwaest@chromium.org

Review-Url: https://codereview.chromium.org/2235323003
Cr-Commit-Position: refs/heads/master@{#38610}
2016-08-12 11:18:59 +00:00
verwaest
e77a78cd2d Cleanup scope resolution
BUG=v8:5209

Review-Url: https://codereview.chromium.org/2230323004
Cr-Commit-Position: refs/heads/master@{#38580}
2016-08-11 13:26:06 +00:00
bmeurer
b8f475045c [turbofan] Add inlined Array.prototype.pop support.
This adds a very first version of inlined Array.prototype.pop into
TurboFan optimized code. We currently limit the inlining to fast
object or smi elements, until the unclear situation around hole NaNs
is resolved and we have a clear semantics inside the compiler.

It's also probably overly defensive in when it's safe to inline
the call to Array.prototype.pop, but we can always extend that
later once we have sufficient trust in the implementation and see
an actual need to extend it.

BUG=v8:2229,v8:3952,v8:5267
R=epertoso@chromium.org

Review-Url: https://codereview.chromium.org/2239703002
Cr-Commit-Position: refs/heads/master@{#38578}
2016-08-11 13:13:21 +00:00
ahaas
8d4910893c [wasm] Allow import function to be any kind of callables.
With this CL all kinds of Callable can imported into wasm. Please take a special look at the context that is used now in the WasmToJSWrapper.

BUG=633895
TEST=mjsunit/wasm/ffi.js

Review-Url: https://codereview.chromium.org/2208703002
Cr-Commit-Position: refs/heads/master@{#38569}
2016-08-11 08:33:54 +00:00
gdeepti
fe555065ea Revert runtime lowering of wasm SIMD ops
This CL reverts the runtime lowering introduced here -
https://codereview.chromium.org/1991143002/
Additional ops to the runtime pass will cause GC issues as WASM frames may
have outgoing arguments to runtime calls that have pointers that aren't scanned.

Preserving decoding of SIMD opcodes and macros for native implementations.

R=bbudge@chromium.org, mtrofin@chromium.org, bradnelson@chromium.org

Review-Url: https://codereview.chromium.org/2235013002
Cr-Commit-Position: refs/heads/master@{#38564}
2016-08-10 21:39:21 +00:00
littledan
7ea3b09982 Destructuring/default tests for generators and async functions
This patch adds additional tests for async functions and generators, in how
they interact with destructuring, default arguments and shadow parameter
copying.

BUG=v8:5167

Review-Url: https://codereview.chromium.org/2229243002
Cr-Commit-Position: refs/heads/master@{#38560}
2016-08-10 19:32:29 +00:00
mstarzinger
685210ecb0 [interpreter] Switch profiler to use frames for OSR.
This switches the interface of the runtime profiler to use frames as
opposed to functions for performing on-stack replacement. Requests for
such replacements need to target a specific frame. This will enable us
to activate bytecode as well as baseline code for the same function.

The existing %OptimizeOsr runtime function also had to adapted and now
takes an optional stack depth to target a specific stack frame.

R=bmeurer@chromium.org
BUG=v8:4764

Review-Url: https://codereview.chromium.org/2230783004
Cr-Commit-Position: refs/heads/master@{#38548}
2016-08-10 15:59:31 +00:00
jgruber
4cff8218b8 Allow access to scopes of suspended generator objects
The scopes of suspended generators can now be accessed through GeneratorMirror
(similar to FrameMirror).

BUG=v8:5235

Review-Url: https://codereview.chromium.org/2228393002
Cr-Commit-Position: refs/heads/master@{#38530}
2016-08-10 11:14:45 +00:00
epertoso
9e14155da9 [turbofan] Fix CheckedInt32Mod lowering.
We now deopt when the lhs of a mod is negative and the rhs is 1 too (previously, we erroneusly returned 0 instead of -0).

BUG=v8:5278
R=bmeurer@chromium.org

Review-Url: https://codereview.chromium.org/2233713002
Cr-Commit-Position: refs/heads/master@{#38525}
2016-08-10 09:24:59 +00:00
bmeurer
7060bab81c [turbofan] Properly guard keyed stores wrt. setters in the prototype chain.
For holey/growing keyed stores, we need to check that there are no
setters in the prototype chain and protect against changes to that
via code dependencies.

R=verwaest@chromium.org
BUG=v8:5275,v8:5276

Review-Url: https://codereview.chromium.org/2231683002
Cr-Commit-Position: refs/heads/master@{#38514}
2016-08-10 06:30:22 +00:00
mtrofin
c001a9ecc1 [wasm] Serialization/Deserialization of compiled module
Implementation of serialization/deserialization for compiled wasm
module.

BUG=v8:5072

Review-Url: https://codereview.chromium.org/2205973003
Cr-Commit-Position: refs/heads/master@{#38498}
2016-08-09 15:19:38 +00:00
bmeurer
78727d4362 [runtime] %GrowArrayElements doesn't have a native context in TurboFan.
When we compile a growing store in TurboFan, we don't pass a (native)
context to the %GrowArrayElements fallback function, as the whole logic
is actually context independent. However, that means that we need to
bailout early in case the object is a prototype, which requires context
dependent checks in the array protector code.

R=cbruni@chromium.org
BUG=chromium:635798

Review-Url: https://codereview.chromium.org/2224253003
Cr-Commit-Position: refs/heads/master@{#38491}
2016-08-09 13:03:07 +00:00
mstarzinger
20e34ace72 [test] Mark flaky tests after variant split.
R=machenbach@chromium.org
NOTREECHECKS=true
NOTRY=true

Review-Url: https://codereview.chromium.org/2227703002
Cr-Commit-Position: refs/heads/master@{#38486}
2016-08-09 12:05:06 +00:00
mstarzinger
b531266da1 [test] Split Ignition mjsunit expectations for variants.
R=rmcilroy@chromium.org

Review-Url: https://codereview.chromium.org/2227663002
Cr-Commit-Position: refs/heads/master@{#38483}
2016-08-09 11:06:38 +00:00
rmcilroy
c1ae15d930 [Interpreter] Don't try to create bytecode array if HasStackOverflow().
BUG=chromium:635429

Review-Url: https://codereview.chromium.org/2228503004
Cr-Commit-Position: refs/heads/master@{#38474}
2016-08-09 07:24:13 +00:00
ahaas
c5f34d46c2 [test] Remove test exception, test has been removed.
The test has already been removed in
https://codereview.chromium.org/2226053002/.

NOTRY=true
R=machenbach@chromium.org, bradnelson@chromium.org

Review-Url: https://codereview.chromium.org/2229713002
Cr-Commit-Position: refs/heads/master@{#38463}
2016-08-09 06:45:12 +00:00
bradnelson
1c5c526b90 [wasm] Remove single function JIT support.
While we might at some point want to explore if this is a win versus
whole modules, for now we have the Tables interface planned.

R=titzer@chromium.org,ahaas@chromium.org,mtrofin@chromium.org,rossberg@chromium.org
BUG=v8:5044

Review-Url: https://codereview.chromium.org/2226053002
Cr-Commit-Position: refs/heads/master@{#38461}
2016-08-08 21:50:13 +00:00
mstarzinger
025ddb21ef [test] Split TurboFan mjsunit expectations for variants.
R=machenbach@chromium.org

Committed: https://crrev.com/5eed70c6b474635ccdf111e2269dbf33e629ce0b
Review-Url: https://codereview.chromium.org/2225843002
Cr-Original-Commit-Position: refs/heads/master@{#38445}
Cr-Commit-Position: refs/heads/master@{#38452}
2016-08-08 16:26:55 +00:00
jarin
ad8e0e2554 [turbofan] Fix silly bug in loop variable analysis.
Review-Url: https://codereview.chromium.org/2222953003
Cr-Commit-Position: refs/heads/master@{#38448}
2016-08-08 15:50:57 +00:00
machenbach
a40e08d0cf Revert of [test] Split TurboFan mjsunit expectations for variants. (patchset #5 id:80001 of https://codereview.chromium.org/2225843002/ )
Reason for revert:
Revert as asan bot blocks the clusterfuzz uploads:

https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20ASAN/builds/14256

https://build.chromium.org/p/client.v8/builders/V8%20Mac64%20ASAN

Please add more skips on reland.

Original issue's description:
> [test] Split TurboFan mjsunit expectations for variants.
>
> R=machenbach@chromium.org
>
> Committed: https://crrev.com/5eed70c6b474635ccdf111e2269dbf33e629ce0b
> Cr-Commit-Position: refs/heads/master@{#38445}

TBR=mstarzinger@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review-Url: https://codereview.chromium.org/2227733002
Cr-Commit-Position: refs/heads/master@{#38446}
2016-08-08 15:50:55 +00:00
mstarzinger
5eed70c6b4 [test] Split TurboFan mjsunit expectations for variants.
R=machenbach@chromium.org

Review-Url: https://codereview.chromium.org/2225843002
Cr-Commit-Position: refs/heads/master@{#38445}
2016-08-08 14:13:24 +00:00
hpayer
caf5c5a194 [heap] Use smaller minimum allocation limit growing step when optimizing for memory usage.
BUG=chromium:634900

Review-Url: https://codereview.chromium.org/2223493002
Cr-Commit-Position: refs/heads/master@{#38435}
2016-08-08 11:32:01 +00:00
mstarzinger
3c437762c2 [turbofan] Enable debugger test that no longer fails.
R=bmeurer@chromium.org
TEST=mjsunit/debug-referenced-by
BUG=v8:4754

Review-Url: https://codereview.chromium.org/2225803002
Cr-Commit-Position: refs/heads/master@{#38431}
2016-08-08 10:31:33 +00:00
neis
4df91581d1 [modules] Introduce new VariableLocation for module imports/exports.
Introduces a new VariableLocation MODULE for variables that live in a
module's export table.  Scope analysis sets this for the approriate variables.
Not yet supported by any backend.

Also, treats all imports as CONST bindings (including namespace imports), rather
than having new special variable modes.

BUG=

Review-Url: https://codereview.chromium.org/2199283002
Cr-Commit-Position: refs/heads/master@{#38426}
2016-08-08 09:49:27 +00:00
littledan
7826bfa789 [promise] Async/await edge case spec compliance fix
- Don't read .constructor when returning a Promise from an async function.
  Instead, call out to the internals of Promise.resolve directly.
  This is done by adding back in an "optimization" from an earlier form of
  the async/await code written by Caitlin Potter.
- Async functions always return a new Promise with a distinct identity,
  even if they simply return another Promise.

R=caitp@igalia.com
BUG=v8:4483

Review-Url: https://codereview.chromium.org/2219623002
Cr-Commit-Position: refs/heads/master@{#38404}
2016-08-06 01:00:47 +00:00
jarin
e144335fe3 [turbofan] Insert sigma nodes for loop variable backedge.
If we infer loop variable bounds, we need to insert a type rename node
(sigma) to make sure that simplified lowering can choose representations
consistently.

Review-Url: https://codereview.chromium.org/2222513002
Cr-Commit-Position: refs/heads/master@{#38391}
2016-08-05 14:34:05 +00:00
caitp
6cd494fead [test] don't use Intl.Collator in non-Intl regression test
Unskip test which failed with Intl support disabled, and avoid using Intl
objects within the test.

BUG=chromium:634273,chromium:634357,v8:5162
NOTRY=true
R=mstarzinger@chromium.org

Review-Url: https://codereview.chromium.org/2218743003
Cr-Commit-Position: refs/heads/master@{#38384}
2016-08-05 12:56:39 +00:00
machenbach
55a4344f41 [test] Activate ignition_staging variant
BUG=v8:5238
NOTREECHECKS=true

Review-Url: https://codereview.chromium.org/2214283003
Cr-Commit-Position: refs/heads/master@{#38381}
2016-08-05 12:48:36 +00:00
machenbach
dea16c9a42 Revert of [Interpreter] Collect type feedback for 'new' in the bytecode handler (patchset #6 id:100001 of https://codereview.chromium.org/2190293003/ )
Reason for revert:
[Sheriff] Fails on nosnap debug:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap%20-%20debug/builds/8403

Original issue's description:
> [Interpreter] Collect type feedback for 'new' in the bytecode handler
>
> Collect type feedback in the bytecode handler for 'new' bytecode. The
> earlier cl (https://codereview.chromium.org/2153433002/) was reverted
> because that implementation did not collect allocation site feedback.
> This regressed delta blue by an order of magnitude. This implementation
> includes collection of allocation site feedback.
>
> BUG=v8:4280, v8:4780
> LOG=N
>
> Committed: https://crrev.com/9d5e6129c4c7f9cbfe81a5fad2a470f219fe137c
> Cr-Commit-Position: refs/heads/master@{#38364}

TBR=bmeurer@chromium.org,rmcilroy@chromium.org,balazs.kilvady@imgtec.com,mythria@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4280, v8:4780

Review-Url: https://codereview.chromium.org/2212343002
Cr-Commit-Position: refs/heads/master@{#38368}
2016-08-05 10:36:20 +00:00
mythria
9d5e6129c4 [Interpreter] Collect type feedback for 'new' in the bytecode handler
Collect type feedback in the bytecode handler for 'new' bytecode. The
earlier cl (https://codereview.chromium.org/2153433002/) was reverted
because that implementation did not collect allocation site feedback.
This regressed delta blue by an order of magnitude. This implementation
includes collection of allocation site feedback.

BUG=v8:4280, v8:4780
LOG=N

Review-Url: https://codereview.chromium.org/2190293003
Cr-Commit-Position: refs/heads/master@{#38364}
2016-08-05 09:58:39 +00:00
mstarzinger
f00b42ae31 [interpreter] Fix profiler when hitting OSR frame.
This fixes the runtime profiler to no longer assume that seeing an
optimized frame on the stack implies the underlying function is not
being interpreted when entered normally. This no longer holds with code
generated for OSR directly from bytecode (not installed on function).

R=rmcilroy@chromium.org
TEST=mjsunit/regress/regress-crbug-632800
BUG=chromium:632800

Review-Url: https://codereview.chromium.org/2208603005
Cr-Commit-Position: refs/heads/master@{#38360}
2016-08-05 08:47:48 +00:00
mstarzinger
5671b663f9 [interpreter] Avoid tier-up when there is an OSR activation.
This makes sure we prevent a tier-up for function which also have an
optimized activation of OSR code on the stack. In case the OSR code
deoptimizes, it needs the bytecode to still be around.

R=rmcilroy@chromium.org
TEST=mjsunit/regress/regress-5262
BUG=v8:5262

Review-Url: https://codereview.chromium.org/2206363004
Cr-Commit-Position: refs/heads/master@{#38359}
2016-08-05 07:55:03 +00:00
yangguo
771b81f806 [debug] fix exception prediction for asm frames.
R=mstarzinger@chromium.org
BUG=chromium:633999

Review-Url: https://codereview.chromium.org/2215713002
Cr-Commit-Position: refs/heads/master@{#38358}
2016-08-05 07:14:21 +00:00
machenbach
0dabe5f6fe [test] Skip test failing without i18n support
BUG=chromium:634273,chromium:634357,v8:5162
NOTRY=true
TBR=caitp

Review-Url: https://codereview.chromium.org/2211383002
Cr-Commit-Position: refs/heads/master@{#38357}
2016-08-05 07:10:35 +00:00
bmeurer
cad5b29610 [turbofan] Remove unnecessary prototype checks for element access.
We don't need to add stability dependencies on JSObject prototypes when
storing to an element, because we do the map check (and thereby guard
the elements kind) and we also properly deoptimize on holes if the array
protector is not usable.

R=verwaest@chromium.org
BUG=chromium:616709

Review-Url: https://codereview.chromium.org/2198833002
Cr-Commit-Position: refs/heads/master@{#38355}
2016-08-05 04:55:03 +00:00
caitp
0272aa502f [promise] separate PerformPromiseThen from PromiseThen
The `PerformPromiseThen` spec-internal operation is used by the async functions
proposal, in order to ensure that AwaitExpressions are not observable via
usual mechanisms/hooks, such as Symbol.species.

BUG=v8:5253
R=littledan@chromium.org, adamk@chromium.org, gsathya@chromium.org, yangguo@chromium.org

Review-Url: https://codereview.chromium.org/2209433003
Cr-Commit-Position: refs/heads/master@{#38353}
2016-08-04 22:56:45 +00:00
gdeepti
1269306a3b [wasm] Grow memory should return -1 on failure.
Return -1 instead of out of throwing errors, update tests.

R=titzer@chromium.org, ahaas@chromium.org

Review-Url: https://codereview.chromium.org/2216443002
Cr-Commit-Position: refs/heads/master@{#38350}
2016-08-04 20:39:32 +00:00
clarkchenwang
dfd8db8bec Add signature checking when directly import a foreign function
Review-Url: https://codereview.chromium.org/2204703002
Cr-Commit-Position: refs/heads/master@{#38349}
2016-08-04 20:34:02 +00:00
marja
bf3081c837 Put Scopes into temporary Zone (second try)
When parsing a eagerly-parsed-but-lazily-compiled function, we
used to put some of its AST nodes into a discardable Zone. This
CL puts the function Scope, its inner Scopes and the related AST
nodes (Declarations, VariableProxys) into the temporary Zone
too. This reduces peak memory usage and enables future work to
keep the temporary Zone around for later compilation.

BUG=

Review-Url: https://codereview.chromium.org/2210243002
Cr-Commit-Position: refs/heads/master@{#38348}
2016-08-04 19:15:55 +00:00
caitp
9977a2caf3 [elements] update Dictionary in IncludesValue if own elements change
Ensure that receiver->elements() == *dictionary after calling an accessor, in
addition to checking the prototype.

BUG=chromium:634273, chromium: 634357, v8:5162
R=cbruni@chromium.org, mstarzinger@chromium.org

Review-Url: https://codereview.chromium.org/2212963002
Cr-Commit-Position: refs/heads/master@{#38347}
2016-08-04 19:09:30 +00:00
adamk
e6d2c9b584 Properly pass InitializationFlag back from ScriptContextTable lookups
This was dropped accidentally in bb97d27ab.

R=verwaest@chromium.org
BUG=chromium:633884

Review-Url: https://codereview.chromium.org/2203213003
Cr-Commit-Position: refs/heads/master@{#38345}
2016-08-04 16:13:41 +00:00
caitp
0d7f7dc3ee [elements] limit TypedElementsAccessor::IncludesValue to backing store length
The contract is that the method is only invoked when there are no elements on
the prototype, and this elements type forbids accessor elements. So it is safe
to limit the search to the end of the backing store.

BUG=chromium:634269, v8:5162
R=cbruni@chromium.org, mstarzinger@chromium.org

Review-Url: https://codereview.chromium.org/2209273002
Cr-Commit-Position: refs/heads/master@{#38344}
2016-08-04 15:54:55 +00:00
machenbach
03f5124822 [test] Enable test status filtering by variant
This adds the possibility to address test cases in the
status file with the variant under which the test is running.
This is only allowed in top-level sections.

Example:
[{
  'test-case': [PASS, SLOW],
}]

['variant == foo', {
  'test-case': [FAIL],
}]

The test case "test-case" is marked as slow in all variants.
Additionally, in variant foo, it'll be expected to fail.

This CL also exemplifies the new feature with test cases
running under the ignition_turbofan variant. The
corresponding legacy flag is deprecated.

BUG=v8:5238

Review-Url: https://codereview.chromium.org/2203013002
Cr-Commit-Position: refs/heads/master@{#38342}
2016-08-04 14:42:16 +00:00
ahaas
d61c9873ee [wasm] Turn off wasm jit tests.
There seems to be a fundamental problem with calling runtime functions
from wasm if the runtime function can cause a GC.

NOTRY=true
R=machenbach@chromium.org, titzer@chromium.org

Review-Url: https://codereview.chromium.org/2216433003
Cr-Commit-Position: refs/heads/master@{#38340}
2016-08-04 12:41:14 +00:00
mstarzinger
667d8ad099 [turbofan] Fix missing bailout for accessors in literals.
This adds the missing lazy bailout point when defining accessor pairs
within object literals via Runtime::kDefineAccessorPropertyUnchecked.
The runtime function in question can indeed trigger a lazy deopt due
to a DependentCode::kPrototypeCheckGroup dependency.

R=bmeurer@chromium.org
TEST=mjsunit/regress/regress-crbug-633585
BUG=chromium:633585

Review-Url: https://codereview.chromium.org/2207413002
Cr-Commit-Position: refs/heads/master@{#38336}
2016-08-04 10:28:46 +00:00
jgruber
ea6b9609a6 Handle stack overflows in NoSideEffectToString
An infinite recursion can be triggered when NoSideEffectToString is
called on an error object with its name property set to itself.

BUG=633998

Review-Url: https://codereview.chromium.org/2206313002
Cr-Commit-Position: refs/heads/master@{#38325}
2016-08-04 07:45:11 +00:00
jgruber
76193d4b6c Fix several stack-traces tests using assertUnreachable()
These tests all called assertUnreachable within a try/catch block.

BUG=v8:5246

Review-Url: https://codereview.chromium.org/2209663003
Cr-Commit-Position: refs/heads/master@{#38323}
2016-08-04 07:22:10 +00:00
rmcilroy
aacbdacb89 [Crankshaft] Move don't crankshaft check before EnsureDeoptimizationSupport.
Avoids compiling baseline code when the function isn't able to be
optimized by crankshaft.

BUG=chromium:632289

Review-Url: https://codereview.chromium.org/2194453002
Cr-Commit-Position: refs/heads/master@{#38304}
2016-08-03 15:02:38 +00:00
caitp
c4ee3d9474 [builtins] fix mapcheck in Array.includes fast-case when searching for String
Use LoadInstanceType() rather than LoadMapInstanceType(), as this part of the
code is operating on a JS-accessible HeapObject rather than a Map.

BUG=chromium:633883, v8:5162
R=mstarzinger@chromium.org, bmeurer@chromium.org

Review-Url: https://codereview.chromium.org/2207903002
Cr-Commit-Position: refs/heads/master@{#38297}
2016-08-03 14:27:38 +00:00
jgruber
d48170dbf5 Move NoSideEffectToString to C++
BUG=

Review-Url: https://codereview.chromium.org/2206573002
Cr-Commit-Position: refs/heads/master@{#38289}
2016-08-03 12:22:23 +00:00
neis
f813494fcc [debug] Don't notify listener of exceptions internal to a desugaring.
In the parser, we desugar yield* with the help of a regular yield. One
particular implementation detail of this desugaring is that when the user calls
the generator's throw method, this throws an exception that we immediately
catch. This exception should not be visible to the user, but through Devtools'
"Pause on Caught Exceptions" feature it used to be.

This CL extends the type of catch predictions with a new value for such internal
exceptions and uses that for the offending try-catch statement in yield*.  It
instruments the debugger to _not_ trigger an exception event in that case.

R=yangguo@chromium.org
TBR=littledan@chromium.org
BUG=v8:5218

Review-Url: https://codereview.chromium.org/2203803002
Cr-Commit-Position: refs/heads/master@{#38286}
2016-08-03 11:27:49 +00:00
caitp
0c76b0ae85 Reland [builtins] implement Array.prototype.includes in TurboFan
BUG=v8:5162
R=bmeurer@chromium.org, cbruni@chromium.org

Review-Url: https://codereview.chromium.org/2205883003
Cr-Commit-Position: refs/heads/master@{#38266}
2016-08-03 03:27:43 +00:00
titzer
d4392107fa [wasm] Make LoadGlobal/StoreGlobal opcodes match what is coming in binary 0xC.
R=ahaas@chromium.org,bradnelson@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2209433002
Cr-Commit-Position: refs/heads/master@{#38262}
2016-08-02 22:40:50 +00:00
adamk
83b63c308a Sloppy eval declarations should not shadow lexical function declarations
This was being allowed due to the use of BindingFlags instead of VariableMode
to determine whether a looked-up binding was lexical. Because function
declarations are hoisted, they never need hole checks, and so were being
miscategorized as non-lexical.

This patch augments Context::Lookup with a VariableMode out param, which
allows this check to determine precisely whether the binding is lexical.

BUG=v8:4454, v8:5256

Review-Url: https://codereview.chromium.org/2206483004
Cr-Commit-Position: refs/heads/master@{#38260}
2016-08-02 20:27:38 +00:00
jpp
3fa56f2bb2 [wasm] asm.js. Adds support for clz32 in asm.js.
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=4203

Review-Url: https://codereview.chromium.org/2200213002
Cr-Commit-Position: refs/heads/master@{#38259}
2016-08-02 18:36:52 +00:00
marja
51685002a6 Revert of Put Scopes into temporary Zone (patchset #12 id:220001 of https://codereview.chromium.org/2193793002/ )
Reason for revert:
Broke Node.js tests (test-require-dot etc.)

Original issue's description:
> Put Scopes into temporary Zone
>
> When parsing a eagerly-parsed-but-lazily-compiled function, we
> used to put some of its AST nodes into a discardable Zone. This
> CL puts the function Scope, its inner Scopes and the related AST
> nodes (Declarations, VariableProxys) into the temporary Zone
> too. This reduces peak memory usage and enables future work to
> keep the temporary Zone around for later compilation.
>
> BUG=
>
> Committed: https://crrev.com/eaebdd858b466057ccc39894a172c9b66868e8f7
> Cr-Commit-Position: refs/heads/master@{#38232}

TBR=adamk@chromium.org,titzer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review-Url: https://codereview.chromium.org/2205013002
Cr-Commit-Position: refs/heads/master@{#38258}
2016-08-02 18:16:14 +00:00
adamk
56f9754387 Remove --harmony-exponentiation-operator flag
It's shipped in M52.

R=caitp@igalia.com, littledan@chromium.org

Review-Url: https://codereview.chromium.org/2203843002
Cr-Commit-Position: refs/heads/master@{#38256}
2016-08-02 17:17:35 +00:00