Commit Graph

27321 Commits

Author SHA1 Message Date
bmeurer
5964152c8f [contexts] Place the initial JSArray maps on the native context directly.
No need to have an indirection to get to the initial JSArray maps from
the native context; we only cache the fast elements maps anyway, so
those could live on the native context directly. This will also
integrate nicely with the load/store propagation in TurboFan (once we
propagate the immutable flag for FieldAccess as well).

Drive-by-fix: Also don't embed any of the initial JSArray maps in
TurboFan generated code when allocating a new JSArray, but instead
always load the appropriate map from the native context.  This way
we ensure that we never leak a reference to one of those maps and
its as efficient as embedding a constant map.

R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/1516433005

Cr-Commit-Position: refs/heads/master@{#32779}
2015-12-11 06:51:21 +00:00
zhengxing.li
da7c5a739c X87: [turbofan] Make MachineType a pair of enums.
port bb2a830deb (r32738)

  original commit message:
  MachineType is now a class with two enum fields:
  - MachineRepresentation
  - MachineSemantic

  Both enums are usable on their own, and this change switches some places from using MachineType to use just MachineRepresentation. Most notably:
  - register allocator now uses just the representation.
  - Phi and Select nodes only refer to representations.

BUG=

Review URL: https://codereview.chromium.org/1520793002

Cr-Commit-Position: refs/heads/master@{#32778}
2015-12-11 05:07:49 +00:00
adamk
ed698f3da1 Rewrite Object.prototype.toString in C++
The main impetus is to improve performance when --harmony-tostring
is enabled, thanks to using a generic property load instead of a
megamorphic IC.

This also reduces duplication, as the API function
v8::Object::ObjectProtoToString can share the runtime implementation.

The only functional change in this patch is to drop an accidental difference
between the JS and API implementations: the arguments object should toString
as "[object Arguments]". The JS side was corrected in
https://code.google.com/p/v8/source/detail?r=3279, but the API version was
missed in that patch.

BUG=chromium:555127, v8:3502
LOG=n
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1509533003

Cr-Commit-Position: refs/heads/master@{#32777}
2015-12-11 04:26:43 +00:00
v8-autoroll
8bd393090d Update V8 DEPS.
Rolling v8/buildtools to 68e3c238a5ab347436762cb929316aa55ca72563

Rolling v8/tools/clang to 3a1510ccbc295798602abbbffcf61065704e8acb

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review URL: https://codereview.chromium.org/1516193002

Cr-Commit-Position: refs/heads/master@{#32776}
2015-12-11 04:23:15 +00:00
mtrofin
0b1261439b [turbofan] regalloc: model context and function mark as reg-defined.
If we model them as memory operands ("SpillOperands"), as we
currently do, they are treated by the register allocator as being defined
in memory, so spilling them up to the first use requiring them in a
register is free.

That's not the case for context and function marker. They come in
registers, and the frame construction also pushes them on the stack.
This conflicts with the goals of frame elision: the allocator should avoid
eagerly spilling them, which would force a frame construction; also,
their not being spilled, should frame elision succeed for the first block,
means modeling them as spill operands incorrect.

The natural choice would be to fully decouple their spilling from frame
construction, and let the register allocator spill them. That means they
need to be presented to the register allocator as vanilla live ranges,
with pre-assigned spill slots.

The main challenge there is that not all instructions (mainly, stack checks) list their dependency on these ranges being spilled. In this
change, we change the model but leave the frame construction as-is.
This has the benefit that it unblocks frame elision, but has the drawback
that we may see double spills in the case where these live ranges spill
only in deferred blocks. I plan to enable frame elision next, after which
tackle this issue with spilling.

BUG= v8:4533
LOG=N

Review URL: https://codereview.chromium.org/1501363002

Cr-Commit-Position: refs/heads/master@{#32775}
2015-12-11 02:44:12 +00:00
adamk
8b968b70e9 Revert of [es6] support AssignmentPattern as LHS in for-in/of loops (patchset #9 id:280001 of https://codereview.chromium.org/1508933004/ )
Reason for revert:
Hits unreachable code (found by fuzzer). Example crasher:

"for(();;);"

Original issue's description:
> [es6] support AssignmentPattern as LHS in for-in/of loops
>
> BUG=v8:811, v8:4599
> LOG=N
> R=adamk@chromium.org, rossberg@chromium.org
>
> Committed: https://crrev.com/e47bdb775564b2cd8365047425898ab4274190a6
> Cr-Commit-Position: refs/heads/master@{#32773}

TBR=rossberg@chromium.org,caitpotter88@gmail.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:811, v8:4599

Review URL: https://codereview.chromium.org/1511773009

Cr-Commit-Position: refs/heads/master@{#32774}
2015-12-11 02:00:01 +00:00
caitpotter88
e47bdb7755 [es6] support AssignmentPattern as LHS in for-in/of loops
BUG=v8:811, v8:4599
LOG=N
R=adamk@chromium.org, rossberg@chromium.org

Review URL: https://codereview.chromium.org/1508933004

Cr-Commit-Position: refs/heads/master@{#32773}
2015-12-11 01:06:48 +00:00
littledan
88c8361b8f Unstage non-standard Promise functions
This patch removes Promise functions and methods which are absent
from the ES2015 specification when the --es-staging flag is on.
The patch is being relanded after being reverted due to an
unrelated bug. This version is slightly different as promise_chain
is installed on the context regardless of the flag value, so that
the Promise::Chain API continues to work until it is deprecated.

BUG=v8:3237
R=rossberg
LOG=Y

Review URL: https://codereview.chromium.org/1513873002

Cr-Commit-Position: refs/heads/master@{#32772}
2015-12-10 23:58:26 +00:00
sigurds
5aeb98efcf [turbofan] Fix missing guard in native context specialization
Native context specialization was missing an SSI renaming.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1520513002

Cr-Commit-Position: refs/heads/master@{#32771}
2015-12-10 22:53:41 +00:00
littledan
46cb23c24b Disable new regression tests with noi18n
BUG=chromium:487322
R=adamk
LOG=N

Review URL: https://codereview.chromium.org/1514993002

Cr-Commit-Position: refs/heads/master@{#32770}
2015-12-10 22:52:44 +00:00
littledan
bff3074d73 Allow ICU to normalize time zones
There's at least one case of a time zone alias: Asia/Kathmandu aliases
Asia/Katmandu. ICU seems to normalize to the (deprecated) latter choice.
V8 internationalization choked on this change; this patch interprets
ICU's output more precisely and allows it.

BUG=chromium:487322
R=jungshik,adamk
LOG=Y

Review URL: https://codereview.chromium.org/1509273007

Cr-Commit-Position: refs/heads/master@{#32769}
2015-12-10 20:13:45 +00:00
adamk
eb67f85439 Fix FuncNameInferrer usage in ParseAssignmentExpression
Without this fix, AssignmentExpressions that happen to be arrow functions
would lead to unbalanced Enter/Leave calls on the fni_, causing thrashing
while trying to infer function names. Symptoms include slow parsing
or OOM (when we create too many AstConsStrings).

To try to keep this from happening in the future, added an RAII helper
class to handle Entering/Leaving FNI state.

The included regression test crashes on my workstation without the patch.
Note that it's too slow in debug mode (as well as under TurboFan),
so I've skipped it there.

BUG=v8:4595
LOG=y

Review URL: https://codereview.chromium.org/1507283003

Cr-Commit-Position: refs/heads/master@{#32768}
2015-12-10 19:19:35 +00:00
balazs.kilvady
fef93bb23b MIPS: Fix sizeField in MacroAssembler::BranchFCommon().
BUG=

Review URL: https://codereview.chromium.org/1505983008

Cr-Commit-Position: refs/heads/master@{#32767}
2015-12-10 17:45:40 +00:00
mvstanton
45fc8f4c09 Bugfix: type feedback vector should allocate *before* changing internal state.
An allocation can reenter type feedback code because of a triggered GC. Make
sure the vector state remains coherent at these points.

BUG=568524
LOG=N

Review URL: https://codereview.chromium.org/1517613003

Cr-Commit-Position: refs/heads/master@{#32766}
2015-12-10 17:40:11 +00:00
hpayer
1c5df4fb62 [heap] New Dijkstra marking write barrier.
A.x = B
Change from mark grey A to mark grey B.

BUG=

Review URL: https://codereview.chromium.org/1409813007

Cr-Commit-Position: refs/heads/master@{#32765}
2015-12-10 17:29:13 +00:00
ishell
dddcd0ac17 Fix Function subclassing.
Function subclasses did not have function properties installed (name, prototype, etc.).
Now when an instance of a Function subclass is created it gets initial map that corresponds
to the language mode of the function body. The language mode dependent maps are cached as
special transitions on initial map of the subclass constructor.

BUG=v8:4597, v8:3101, v8:3330
LOG=Y

Review URL: https://codereview.chromium.org/1510753005

Cr-Commit-Position: refs/heads/master@{#32764}
2015-12-10 17:28:08 +00:00
mythria
67f3c80da9 Adds additional tests for bytecode graph builder
Adds more tests for Delete, InstanceOf, and ToName bytecodes.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1509273005

Cr-Commit-Position: refs/heads/master@{#32763}
2015-12-10 17:08:45 +00:00
rmcilroy
42718a4c88 Remove dummy control / effect edges from RMA Load / Store / Div nodes.
Review URL: https://codereview.chromium.org/1510173004

Cr-Commit-Position: refs/heads/master@{#32762}
2015-12-10 17:07:41 +00:00
mvstanton
909f93d052 Tighten the interface to the optimized code map
We either want to add code+literals to the map, or just literals.
A recent change in the structure of the map (it now uses WeakCells)
meant that we have to be more clear about what we want to do the right
thing.

BUG=

Review URL: https://codereview.chromium.org/1516833002

Cr-Commit-Position: refs/heads/master@{#32761}
2015-12-10 17:03:42 +00:00
mstarzinger
aa4a1abdcf [turbofan] Remove FP-based AccessBuilder functions.
This is deprecating the ability of TurboFan to access FP-based slots
via LoadField and StoreField nodes. The corresponding constructors for
FieldAccess tuples are being removed.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1512243003

Cr-Commit-Position: refs/heads/master@{#32760}
2015-12-10 15:53:01 +00:00
epertoso
2fe34ebdcd Removes the Callee parameter from FunctionCallbackInfo.
This will help us to instantiate AccessorPair's getters and setters only when they are needed.

BUG=

Review URL: https://codereview.chromium.org/1510483002

Cr-Commit-Position: refs/heads/master@{#32759}
2015-12-10 15:36:54 +00:00
cbruni
c20156c550 [runtime] [proxies] adding tests for uncovered branches
fly-by fix of Proxy [[Construct]] on mips.

BUG=v8:1543
LOG=N

Review URL: https://codereview.chromium.org/1517463002

Cr-Commit-Position: refs/heads/master@{#32758}
2015-12-10 15:35:15 +00:00
yangguo
7ae5a4d8f7 [es6] omit callable check if possible, since %_Call already does it.
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1513223003

Cr-Commit-Position: refs/heads/master@{#32757}
2015-12-10 15:15:47 +00:00
jkummerow
e2dd98a39e [proxies] Fix "with" statements for proxies
BUG=v8:1543
LOG=n

Review URL: https://codereview.chromium.org/1510913005

Cr-Commit-Position: refs/heads/master@{#32756}
2015-12-10 15:12:41 +00:00
jkummerow
989f44f126 Fix mix-up in HasEnumerableElements()
Only JSArrays ever have packed elements; holey elements can be on any kind of object.

BUG=chromium:568525
LOG=n
R=cbruni@chromium.org

Review URL: https://codereview.chromium.org/1515963002

Cr-Commit-Position: refs/heads/master@{#32755}
2015-12-10 15:01:49 +00:00
vogelheim
f564231a6b Revert of Re-land FastAccessorBuilder. (patchset #2 id:20001 of https://codereview.chromium.org/1504713012/ )
Reason for revert:
Meeh. Now "V8 Linux - gcmole" bot has issues; apparently due to a somewhat exotic builder configuration.

Original issue's description:
> Re-land FastAccessorBuilder.
>
> ... using the RawMachineAssembler and the work in crrev.com/1407313004.
>
> The original change collided with crrev.com/1513543003.
>
> BUG=chromium:508898
> LOG=Y
>
> Committed: https://crrev.com/515d9ccd8e6df7bf2ca01e2a55aaad30226399e1
> Cr-Commit-Position: refs/heads/master@{#32742}
>
> patch from issue 1474543004 at patchset 260001 (http://crrev.com/1474543004#ps260001)
>
> Committed: https://crrev.com/ee5c38d7db907ff86dd4049721c0cb4bc90a6c4d
> Cr-Commit-Position: refs/heads/master@{#32753}

TBR=epertoso@chromium.org,mstarzinger@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:508898

Review URL: https://codereview.chromium.org/1517683002

Cr-Commit-Position: refs/heads/master@{#32754}
2015-12-10 14:45:55 +00:00
vogelheim
ee5c38d7db Re-land FastAccessorBuilder.
... using the RawMachineAssembler and the work in crrev.com/1407313004.

The original change collided with crrev.com/1513543003.

BUG=chromium:508898
LOG=Y

Committed: https://crrev.com/515d9ccd8e6df7bf2ca01e2a55aaad30226399e1
Cr-Commit-Position: refs/heads/master@{#32742}

patch from issue 1474543004 at patchset 260001 (http://crrev.com/1474543004#ps260001)

Review URL: https://codereview.chromium.org/1504713012

Cr-Commit-Position: refs/heads/master@{#32753}
2015-12-10 14:15:19 +00:00
rmcilroy
c4745aa187 Remove dummy control / effect edges from RMA Call nodes.
Removes the dummy control and effect edges from the RMA Call nodes. This
requires a change to the node matchers to allow them to cope with nodes
which don't have control or effect matchers.

Review URL: https://codereview.chromium.org/1518673002

Cr-Commit-Position: refs/heads/master@{#32752}
2015-12-10 13:36:28 +00:00
adamk
93d56fde70 Activate destructuring assignment on ClusterFuzz
BUG=v8:811
LOG=n

Review URL: https://codereview.chromium.org/1512153002

Cr-Commit-Position: refs/heads/master@{#32751}
2015-12-10 13:27:53 +00:00
neis
a5380fe9ed JSON.parse: properly deal with reviver result
When the reviver returns undefined, the property in question must be deleted
even for arrays.  So far this only happened for non-array objects.

Also change the property enumeration to be spec-conformant, which is observable when the reviver modifies its "this" object directly.  There are a few further issues that need to be addressed in a separate CL.

R=yangguo@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1506933003

Cr-Commit-Position: refs/heads/master@{#32750}
2015-12-10 12:49:06 +00:00
dusan.m.milosavljevic
3ef18f5a91 MIPS: [turbofan] Use RINT instruction for Float64|32Round ops. on r6.
TEST=
BUG=

Review URL: https://codereview.chromium.org/1508423002

Cr-Commit-Position: refs/heads/master@{#32749}
2015-12-10 12:24:28 +00:00
jarin
be16b62fb8 [turbofan] Fix bitfield size in regalloc (after moving to MachineRepresentation).
Review URL: https://codereview.chromium.org/1514063002

Cr-Commit-Position: refs/heads/master@{#32748}
2015-12-10 12:22:45 +00:00
jarin
9c87bd4b82 [turbofan] Get rid of truncation by store.
Nowadays, representation inference and simplified lowering can insert the
right truncations based on the use.

Review URL: https://codereview.chromium.org/1512243002

Cr-Commit-Position: refs/heads/master@{#32747}
2015-12-10 11:23:55 +00:00
cbruni
40817d2242 [v8natives.js] updating comments to ES6
BUG=

Review URL: https://codereview.chromium.org/1512903002

Cr-Commit-Position: refs/heads/master@{#32746}
2015-12-10 10:43:37 +00:00
mstarzinger
cdafea2011 [presubmit] Enable readability/nolint linter checking.
R=jochen@chromium.org

Review URL: https://codereview.chromium.org/1506233008

Cr-Commit-Position: refs/heads/master@{#32745}
2015-12-10 10:41:47 +00:00
vogelheim
0a50af8625 Revert of Implement Fast Accessor Builder (patchset #14 id:260001 of https://codereview.chromium.org/1474543004/ )
Reason for revert:
Broke the build, apparently.

Original issue's description:
> Implement FastAccessorBuilder.
>
> ... using the RawMachineAssembler and the work in cl/1407313004
>
> BUG=chromium:508898
> LOG=Y
>
> Committed: https://crrev.com/515d9ccd8e6df7bf2ca01e2a55aaad30226399e1
> Cr-Commit-Position: refs/heads/master@{#32742}

TBR=epertoso@chromium.org,bmeurer@chromium.org,jochen@chromium.org,mstarzinger@chromium.org,mvstanton@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:508898

Review URL: https://codereview.chromium.org/1513203002

Cr-Commit-Position: refs/heads/master@{#32744}
2015-12-10 10:16:35 +00:00
jkummerow
ce47fc8b72 [build system] Support code coverage.
Review URL: https://codereview.chromium.org/1511893004

Cr-Commit-Position: refs/heads/master@{#32743}
2015-12-10 10:11:16 +00:00
vogelheim
515d9ccd8e Implement FastAccessorBuilder.
... using the RawMachineAssembler and the work in cl/1407313004

BUG=chromium:508898
LOG=Y

Review URL: https://codereview.chromium.org/1474543004

Cr-Commit-Position: refs/heads/master@{#32742}
2015-12-10 10:10:11 +00:00
balazs.kilvady
9597b019bc MIPS: Fix NaN tests.
BUG=
TEST=mjsunit/regress/regress-undefined-nan, mjsunit/regress/regress-undefined-nan3, mjsunit/regress/regress-2596

Review URL: https://codereview.chromium.org/1507363002

Cr-Commit-Position: refs/heads/master@{#32741}
2015-12-10 10:06:17 +00:00
jkummerow
1e9c4b448f [tools] Fix tools/bash-completion.sh for bool flags and harmony features
NOTRY=true

Review URL: https://codereview.chromium.org/1518663002

Cr-Commit-Position: refs/heads/master@{#32740}
2015-12-10 10:01:39 +00:00
mlippautz
f07dd5dade [heap] Cleanup: remove unused declaration
R=ulan@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1510213002

Cr-Commit-Position: refs/heads/master@{#32739}
2015-12-10 09:15:26 +00:00
jarin
bb2a830deb [turbofan] Make MachineType a pair of enums.
MachineType is now a class with two enum fields:
- MachineRepresentation
- MachineSemantic

Both enums are usable on their own, and this change switches some places from using MachineType to use just MachineRepresentation. Most notably:
- register allocator now uses just the representation.
- Phi and Select nodes only refer to representations.

Review URL: https://codereview.chromium.org/1513543003

Cr-Commit-Position: refs/heads/master@{#32738}
2015-12-10 09:03:53 +00:00
ahaas
28261daa47 [turbofan] Change TruncateFloat32ToInt64 to TryTruncateFloat32ToInt64.
This operator now provides a second output which indicates whether the
conversion from float32 to int64 was successful or not. The second output
returns 0 if the conversion fails, or something else if the conversion succeeds.

The second output can be ignored, which means that the operator can be used the
same as the original operator.

I implement the new operator on x64, arm64, and mips64. @v8-ppc-ports, can you
please take care of the ppc64 implementation of the second output?

R=titzer@chromium.org, v8-arm-ports@googlegroups.com, v8-mips-ports@googlegroups.com

Review URL: https://codereview.chromium.org/1504363002

Cr-Commit-Position: refs/heads/master@{#32737}
2015-12-10 08:12:23 +00:00
paul.lind
aa5eb1e0ed MIPS: Fix [runtime] [proxy] implement [[Construct]].
Avoid overwrite of instance type while checking IsCallable() (t2->t3).
Also slightly optimize push of register pair.

TEST=mjsunit/harmony/proxies-construct
BUG=

Review URL: https://codereview.chromium.org/1510493011

Cr-Commit-Position: refs/heads/master@{#32736}
2015-12-10 07:33:20 +00:00
bmeurer
66f934efa1 [turbofan] Optimize JSCallConstruct in typed lowering to direct calls.
Lower JSCallConstruct with known target JSFunction to a direct call to
the target's construct_stub, and JSCallConstruct with function target to
direct call to ConstructFunction builtin.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1517593003

Cr-Commit-Position: refs/heads/master@{#32735}
2015-12-10 06:03:47 +00:00
brucedawson
667efbd0d7 Remove workaround for VS 2015 RC bug
R=mstarzinger@chromium.org
LOG=N
BUG=440500

Review URL: https://codereview.chromium.org/1518473003

Cr-Commit-Position: refs/heads/master@{#32734}
2015-12-10 04:43:35 +00:00
adamk
8a7e6fc34d Make AstConsString::length constant-time instead of O(N)
This makes it consistent in behavior with its heap-resident equivalent.

Also some minor cleanup in the AstString class hierarchy.

BUG=v8:4595
LOG=n

Review URL: https://codereview.chromium.org/1511363002

Cr-Commit-Position: refs/heads/master@{#32733}
2015-12-10 04:42:39 +00:00
v8-autoroll
8b3ccd809d Update V8 DEPS.
Rolling v8/tools/clang to 668876fb488c6e3c5860a367b7d9a7fb8821df76

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review URL: https://codereview.chromium.org/1513903003

Cr-Commit-Position: refs/heads/master@{#32732}
2015-12-10 04:41:00 +00:00
verwaest
2d13f6ec43 Fix Promise intrinsicDefaultProto
BUG=v8:3900, v8:3931, v8:1543, v8:3330
LOG=n

Review URL: https://codereview.chromium.org/1511893002

Cr-Commit-Position: refs/heads/master@{#32731}
2015-12-10 00:33:51 +00:00
yangguo
e110a2a8f3 Make mjsunit/random-bit-correlations more predictable.
R=machenbach@chromium.org
BUG=v8:4588
LOG=N

Review URL: https://codereview.chromium.org/1508583002

Cr-Commit-Position: refs/heads/master@{#32730}
2015-12-09 21:05:07 +00:00