Commit Graph

22487 Commits

Author SHA1 Message Date
mbrandy
cc01cd94ab PPC: Array() in optimized code can create with wrong ElementsKind in corner cases.
Port 13459c1ae3

Original commit message:
Calling new Array(JSObject::kInitialMaxFastElementArray) in optimized code
makes a stub call that bails out due to the length. Currently, the bailout
code a) doesn't have the allocation site, and b) wouldn't use it if it did
because the length is perceived to be too high.

This CL passes the allocation site to the stub call (rather than undefined),
and alters the bailout code to utilize the feedback.

R=mvstanton@chromium.org, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1089913002

Cr-Commit-Position: refs/heads/master@{#27895}
2015-04-16 16:13:12 +00:00
paul.lind
e8fe704921 MIPS: Fix for StringCharCodeAtGenerator for vector-ics.
Register pop order bug only surfaced after vector-ic optimization
in https://codereview.chromium.org/1053843003 was landed.

TEST=mjsunit/string-index.js
BUG=

Review URL: https://codereview.chromium.org/1074123004

Cr-Commit-Position: refs/heads/master@{#27894}
2015-04-16 16:06:48 +00:00
paul.lind
80f24f7a4c Reland MIPS: Vector-ICs - speed towards the monomorphic exit as quickly as possible.
Port 35a67b745d

Original commit message:
Thanks to some careful assumptions, we can examine the object found at
vector[slot] and trust it's a heap object where the second field is
either a map if it's a WeakCell, or definitely not a map if it's a
Symbol, String or FixedArray. Use this to save a memory read.

BUG=

Review URL: https://codereview.chromium.org/1053843003

Cr-Commit-Position: refs/heads/master@{#27757}

Review URL: https://codereview.chromium.org/1083413003

Cr-Commit-Position: refs/heads/master@{#27893}
2015-04-16 16:05:45 +00:00
titzer
b882479f1c Refactor compilation dependency handling.
Extract a new data structure CompilationDependencies and move (most) logic there.

R=mstarzinger@chromium.org,verwaest@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1095433002

Cr-Commit-Position: refs/heads/master@{#27892}
2015-04-16 16:04:34 +00:00
titzer
cb08656b6d Move GetRootListIndex into Heap.
R=hpayer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1095513003

Cr-Commit-Position: refs/heads/master@{#27891}
2015-04-16 15:08:09 +00:00
erikcorry
a0e2dd23ce Make test unthreaded so other tests don't interfere with heap size
R=hpayer@chromium.org
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1086423003

Cr-Commit-Position: refs/heads/master@{#27890}
2015-04-16 14:44:25 +00:00
machenbach
d881baaced Revert of Migrate error messages, part 2. (patchset #1 id:1 of https://codereview.chromium.org/1086313003/)
Reason for revert:
[Sheriff]: This changes layout test expectations e.g.
http://build.chromium.org/p/client.v8/builders/V8-Blink%20Win/builds/2964

Original issue's description:
> Migrate error messages, part 2.
>
> Motivation for this is reducing the size of the native context.
>
> Committed: https://crrev.com/d3b788df0a4ccfedbe6e1df5e214cb6ba2792a65
> Cr-Commit-Position: refs/heads/master@{#27878}

TBR=mvstanton@chromium.org,yangguo@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1095573002

Cr-Commit-Position: refs/heads/master@{#27889}
2015-04-16 14:33:26 +00:00
marja
2dc0f2ec01 [strong] Allow mutually recursive classes.
The previous restrictions were overshooting (didn't allow a class to refer to a
later class under any circumstances); after this CL we're undershooting (allow
referring to any class from inside a method).

Implementing the correct checks (allow referring only if the class declarations
are in a consecutive block and if there's no dependency cycle) will be
implemented as a follow up.

BUG=v8:3956
LOG=N

Review URL: https://codereview.chromium.org/1087543004

Cr-Commit-Position: refs/heads/master@{#27888}
2015-04-16 14:12:52 +00:00
yangguo
a2baf44bf6 Serializer: collect and output memory statistics.
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1086363002

Cr-Commit-Position: refs/heads/master@{#27887}
2015-04-16 13:39:16 +00:00
ulan
da12c7c7c7 Add a flag to trace heap object stats on GC.
BUG=

Review URL: https://codereview.chromium.org/1094613002

Cr-Commit-Position: refs/heads/master@{#27886}
2015-04-16 13:30:30 +00:00
conradw
d8bccfe974 [strong] Implement static restrictions on switch statement
Implements the strong mode proposal's restrictions on the syntax of the
switch statement. Also fixes a minor bug with empty statements in strong
mode and improves StrongUndefinedArrow parser synch tests.

BUG=v8:3956
LOG=N

Review URL: https://codereview.chromium.org/1084983002

Cr-Commit-Position: refs/heads/master@{#27885}
2015-04-16 13:29:20 +00:00
erikcorry
71a19439e8 If a code space commit partially succeeds, free the memory
R=hpayer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1086253004

Cr-Commit-Position: refs/heads/master@{#27884}
2015-04-16 13:28:14 +00:00
erikcorry
9716468ae6 Fix logic for doing incremental marking steps on tenured allocation.
R=hpayer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1040233003

Cr-Commit-Position: refs/heads/master@{#27883}
2015-04-16 13:20:38 +00:00
hablich
0bc1a1526f Store hashes of current and previous shipped V8 version
Will be used for calculating changes between versions

BUG=
NOTRY=true

Review URL: https://codereview.chromium.org/1095483002

Cr-Commit-Position: refs/heads/master@{#27882}
2015-04-16 12:51:42 +00:00
mstarzinger
54cb7b6ea3 Disable more failing tests after f3338dd3b0.
TBR=jkummerow@chromium.org
TEST=mjsunit/debug-ignore-breakpoints
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1087673003

Cr-Commit-Position: refs/heads/master@{#27881}
2015-04-16 12:46:28 +00:00
wingo
e0913eccfb Simplify DoParseProgram
DoParseProgram doesn't appear to need to receive toplevel scopes as
arguments; it can properly set the end_position of the scopes to the
scanner's position after parsing is complete.

R=marja@chromium.org
BUG=
LOG=N

Review URL: https://codereview.chromium.org/1091743002

Cr-Commit-Position: refs/heads/master@{#27880}
2015-04-16 12:42:37 +00:00
yangguo
05bfdd866a Wrap map and set implementation in functions.
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1094563002

Cr-Commit-Position: refs/heads/master@{#27879}
2015-04-16 12:17:35 +00:00
yangguo
d3b788df0a Migrate error messages, part 2.
Motivation for this is reducing the size of the native context.

Review URL: https://codereview.chromium.org/1086313003

Cr-Commit-Position: refs/heads/master@{#27878}
2015-04-16 11:34:47 +00:00
chunyang.dai
758c5e123b X87: Use Cells to check prototype chain validity (disabled by default).
port 0179ec5797 (r27846).

original commit message:

 The cells are stored on prototypes (in their map's PrototypeInfo). When a
 prototype object changes its map, then both its own validity cell and those
 of all "downsstream" prototypes are invalidated; handlers for a given receiver
 embed the currently valid cell for that receiver's prototype during their
 compilation and check it on execution.

BUG=

Review URL: https://codereview.chromium.org/1090803002

Cr-Commit-Position: refs/heads/master@{#27877}
2015-04-16 10:40:43 +00:00
erikcorry
a3f5e04c99 Make store buffer more robust to OOM.
R=hpayer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1086263002

Cr-Commit-Position: refs/heads/master@{#27876}
2015-04-16 10:39:38 +00:00
chunyang.dai
5729299752 X87: Array() in optimized code can create with wrong ElementsKind in corner cases
port 13459c1ae3 (r27857)

original commit message:

    Array() in optimized code can create with wrong ElementsKind in corner cases.

    Calling new Array(JSObject::kInitialMaxFastElementArray) in optimized code
    makes a stub call that bails out due to the length. Currently, the bailout
    code a) doesn't have the allocation site, and b) wouldn't use it if it did
    because the length is perceived to be too high.

    This CL passes the allocation site to the stub call (rather than undefined),
    and alters the bailout code to utilize the feedback.

BUG=

Review URL: https://codereview.chromium.org/1088423002

Cr-Commit-Position: refs/heads/master@{#27875}
2015-04-16 10:38:35 +00:00
jkummerow
e39d33d3df Add missing Handle to GetOrCreatePrototypeChainValidityCell
Follow-up to 333219a745.

NOTRY=true
NOTREECHECKS=true

Review URL: https://codereview.chromium.org/1095503002

Cr-Commit-Position: refs/heads/master@{#27874}
2015-04-16 10:37:23 +00:00
chunyang.dai
e481c91b64 X87: VectorICs: megamorphic keyed loads in crankshaft don't need a vector.
port 776770c0e4 (r27827).

original commit message:

  This needs "Pass load ic state through the Oracle"
  (https://codereview.chromium.org/1083933002/) to land first.

BUG=

Review URL: https://codereview.chromium.org/1093433004

Cr-Commit-Position: refs/heads/master@{#27873}
2015-04-16 10:02:41 +00:00
jkummerow
333219a745 Enable Cell-based prototype chain checks
Review URL: https://codereview.chromium.org/1070253004

Cr-Commit-Position: refs/heads/master@{#27872}
2015-04-16 09:31:54 +00:00
hpayer
bbd222f882 Revert of Experiment: reduce heap growing factor to investigate OOM impact. (patchset #4 id:60001 of https://codereview.chromium.org/1060533003/)
Reason for revert:
Experiment done.

Original issue's description:
> Experiment: reduce heap growing factor to investigate OOM impact.
>
> This CL will be reverted after getting sufficient data.
> BUG=
>
> Committed: https://crrev.com/8b737395c8fcde35cbfbed6607f767ed48eefc5b
> Cr-Commit-Position: refs/heads/master@{#27804}

TBR=ulan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1085353003

Cr-Commit-Position: refs/heads/master@{#27871}
2015-04-16 09:06:40 +00:00
titzer
addb10633c [turbofan] Clean up cached nodes in JSGraph.
R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1080023002

Cr-Commit-Position: refs/heads/master@{#27870}
2015-04-16 08:41:34 +00:00
ulan
aae2c01740 Use atomic operation to read the length of a fixed array.
This fixes a race where
- mutator changes the fixed array length by trimming it,
- sweeper thread reads the length of the fixed array.

Also rename FROM_GC and FROM_MUTATOR to be more precise.

BUG=chromium:462908
LOG=NO

Review URL: https://codereview.chromium.org/1034163002

Cr-Commit-Position: refs/heads/master@{#27869}
2015-04-16 08:39:12 +00:00
ulan
63c6f7da34 Avoid evacuation of popular pages.
This breaks the (evacuation -> slots buffer overflow -> abort -> new GC -> evacuation) cycle for popular pages.

BUG=

Review URL: https://codereview.chromium.org/1037433002

Cr-Commit-Position: refs/heads/master@{#27868}
2015-04-16 08:34:03 +00:00
bmeurer
c66a2f7b46 Revert of [x64] Use xorl to materialize smi zero. (patchset #1 id:1 of https://codereview.chromium.org/1085153002/)
Reason for revert:
Seems to cause performance regressions.

Original issue's description:
> [x64] Use xorl to materialize smi zero.
>
> Before we always loaded smi zero via a movabs with a 64-bit immediate,
> which is pretty expensive compared to the xorl.
>
> R=jarin@chromium.org
>
> Committed: https://crrev.com/f236777bfe6e080ff1ead6baf847cc9b6bb4f9cb
> Cr-Commit-Position: refs/heads/master@{#27829}

TBR=jarin@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:477592
LOG=n

Review URL: https://codereview.chromium.org/1059543004

Cr-Commit-Position: refs/heads/master@{#27867}
2015-04-16 08:31:17 +00:00
dcarney
f89bea1e17 fix visiting of phantom handles that should be retained
BUG=

Review URL: https://codereview.chromium.org/1094473002

Cr-Commit-Position: refs/heads/master@{#27866}
2015-04-16 08:30:18 +00:00
yangguo
2e0cf57804 Fix signed/unsigned compare in messages.cc
R=machenbach@chromium.org
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1089363002

Cr-Commit-Position: refs/heads/master@{#27865}
2015-04-16 07:59:32 +00:00
yangguo
a5ac029058 Start migrating error message templates to the runtime.
Currently done with two templates, one used from native js, one from runtime.

R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/1087633005

Cr-Commit-Position: refs/heads/master@{#27864}
2015-04-16 07:01:16 +00:00
bmeurer
0e703bd34c [turbofan] Typed lowering requires typed nodes.
There's no point in checking whether a node is typed in JSTypedLowering.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1086303002

Cr-Commit-Position: refs/heads/master@{#27863}
2015-04-16 06:39:43 +00:00
bmeurer
d641cc457c [turbofan] Split ControlEquivalence implementation and add trace flag.
Split interface and implementation of ControlEquivalence and add a
dedicated trace flag --trace-turbo-ceq to make it reusable outside the
scheduler.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1056093005

Cr-Commit-Position: refs/heads/master@{#27862}
2015-04-16 06:04:36 +00:00
Benedikt Meurer
4d3370149d [turbofan] Make js-typed-lowering.h self contained.
TBR=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/1091723002

Cr-Commit-Position: refs/heads/master@{#27861}
2015-04-16 06:00:59 +00:00
v8-autoroll
df31577e98 Update V8 DEPS.
Rolling v8/tools/clang to 32e839da8bd2088ef23c3ea874d3c1cd04cd1384

TBR=machenbach@chromium.org

Review URL: https://codereview.chromium.org/1093493002

Cr-Commit-Position: refs/heads/master@{#27860}
2015-04-16 03:25:36 +00:00
adamk
b054ff4620 Revert "Add basic crankshaft support for slow-mode for-in to avoid disabling optimizations"
This reverts commit 8c98cc074e
because it causes flaky failures in the dromaeo.jslibeventprototype
benchmark on Linux/Windows and consistent failures on Android.

Also reverts the followup "Remove kForInStatementIsNotFastCase bailout reason"
(commit ba24e67696) to avoid breaking the build.

BUG=chromium:476592
TBR=verwaest@chromium.org
LOG=y

Review URL: https://codereview.chromium.org/1066663005

Cr-Commit-Position: refs/heads/master@{#27859}
2015-04-15 21:28:22 +00:00
wingo
53ddccfc33 Fix FormalParameterErrorLocations member names
R=arv@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1083953002

Cr-Commit-Position: refs/heads/master@{#27858}
2015-04-15 21:08:11 +00:00
mvstanton
13459c1ae3 Array() in optimized code can create with wrong ElementsKind in corner cases.
Calling new Array(JSObject::kInitialMaxFastElementArray) in optimized code
makes a stub call that bails out due to the length. Currently, the bailout
code a) doesn't have the allocation site, and b) wouldn't use it if it did
because the length is perceived to be too high.

This CL passes the allocation site to the stub call (rather than undefined),
and alters the bailout code to utilize the feedback.

BUG=

Review URL: https://codereview.chromium.org/1086873003

Cr-Commit-Position: refs/heads/master@{#27857}
2015-04-15 21:02:13 +00:00
machenbach
c85b22486a Revert of Simplify DoParseProgram (patchset #2 id:20001 of https://codereview.chromium.org/1058363003/)
Reason for revert:
[Sheriff] Changes some layout tests on all platforms, e.g.:
http://build.chromium.org/p/client.v8/builders/V8-Blink%20Linux%2032/builds/2543

Original issue's description:
> Simplify DoParseProgram
>
> DoParseProgram doesn't appear to need to receive toplevel scopes as
> arguments; it can properly set the end_position of the scopes to the
> scanner's position after parsing is complete.
>
> R=marja@chromium.org
> BUG=
> LOG=N
>
> Committed: https://crrev.com/8da9252f61d3c499a78b0b94299c314b2eb0b0c8
> Cr-Commit-Position: refs/heads/master@{#27847}

TBR=marja@chromium.org,wingo@igalia.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1089623002

Cr-Commit-Position: refs/heads/master@{#27856}
2015-04-15 17:20:21 +00:00
arv
79be74364a Fix issues with name and length on poison pill function
In ES6 function name and length are configurable. However, the length
and name properties of the poison pill function must not be
configurable.

BUG=v8:4011
LOG=N
R=adamk@chromium.org, rossberg@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1061393002

Cr-Commit-Position: refs/heads/master@{#27855}
2015-04-15 17:15:26 +00:00
scottmg
df087b23ed Make BitsetType enum uint32_t to avoid narrowing warnings
enum defaults to signed on win, and kTagged has 1<<31 causing
warning.

Full errors:

d:\src\cr3\src\v8\src\types.cc(1259): error C2220: warning treated as error - no 'object' file generated
d:\src\cr3\src\v8\src\types.cc(1241): note: while compiling class template member function 'void v8::internal::TypeImpl<v8::internal::ZoneTypeConfig>::BitsetType::Print(std::ostream &,v8::internal::TypeImpl<v8::internal::ZoneTypeConfig>::bitset)'
d:\src\cr3\src\v8\src\types.cc(1283): note: see reference to function template instantiation 'void v8::internal::TypeImpl<v8::internal::ZoneTypeConfig>::BitsetType::Print(std::ostream &,v8::internal::TypeImpl<v8::internal::ZoneTypeConfig>::bitset)' being compiled
d:\src\cr3\src\v8\src\types.cc(1355): note: see reference to class template instantiation 'v8::internal::TypeImpl<v8::internal::ZoneTypeConfig>::BitsetType' being compiled
d:\src\cr3\src\v8\src\types.cc(1259): warning C4838: conversion from 'int' to 'const v8::internal::TypeImpl<v8::internal::ZoneTypeConfig>::bitset' requires a narrowing conversion
d:\src\cr3\src\v8\src\types.cc(1259): note: to simplify migration, consider the temporary use of /Wv:18 flag with the version of the compiler with which you used to build without warnings
d:\src\cr3\src\v8\src\types.cc(323): warning C4838: conversion from '' to 'v8::internal::TypeImpl<v8::internal::ZoneTypeConfig>::bitset' requires a narrowing conversion
d:\src\cr3\src\v8\src\types.cc(323): note: to simplify migration, consider the temporary use of /Wv:18 flag with the version of the compiler with which you used to build without warnings
d:\src\cr3\src\v8\src\types.cc(315): note: while compiling class template static data member 'const v8::internal::TypeImpl<v8::internal::ZoneTypeConfig>::BitsetType::Boundary v8::internal::TypeImpl<v8::internal::ZoneTypeConfig>::BitsetType::BoundariesArray[]'
d:\src\cr3\src\v8\src\types.cc(1259): warning C4838: conversion from 'int' to 'const v8::internal::TypeImpl<v8::internal::HeapTypeConfig>::bitset' requires a narrowing conversion
d:\src\cr3\src\v8\src\types.cc(1259): note: to simplify migration, consider the temporary use of /Wv:18 flag with the version of the compiler with which you used to build without warnings
d:\src\cr3\src\v8\src\types.cc(1241): note: while compiling class template member function 'void v8::internal::TypeImpl<v8::internal::HeapTypeConfig>::BitsetType::Print(std::ostream &,v8::internal::TypeImpl<v8::internal::HeapTypeConfig>::bitset)'
d:\src\cr3\src\v8\src\types.cc(1283): note: see reference to function template instantiation 'void v8::internal::TypeImpl<v8::internal::HeapTypeConfig>::BitsetType::Print(std::ostream &,v8::internal::TypeImpl<v8::internal::HeapTypeConfig>::bitset)' being compiled
d:\src\cr3\src\v8\src\types.cc(1359): note: see reference to class template instantiation 'v8::internal::TypeImpl<v8::internal::HeapTypeConfig>::BitsetType' being compiled
d:\src\cr3\src\v8\src\types.cc(323): warning C4838: conversion from '' to 'v8::internal::TypeImpl<v8::internal::HeapTypeConfig>::bitset' requires a narrowing conversion
d:\src\cr3\src\v8\src\types.cc(323): note: to simplify migration, consider the temporary use of /Wv:18 flag with the version of the compiler with which you used to build without warnings
d:\src\cr3\src\v8\src\types.cc(315): note: while compiling class template static data member 'const v8::internal::TypeImpl<v8::internal::HeapTypeConfig>::BitsetType::Boundary v8::internal::TypeImpl<v8::internal::HeapTypeConfig>::BitsetType::BoundariesArray[]'

LOG=N
R=jochen@chromium.org
BUG=440500

Review URL: https://codereview.chromium.org/1055933004

Cr-Commit-Position: refs/heads/master@{#27854}
2015-04-15 16:31:33 +00:00
scottmg
961e61b012 Remove operator delete on VS2015 to avoid compiler bug
LOG=N
R=jochen@chromium.org
BUG=chromium:440500

Review URL: https://codereview.chromium.org/1084763002

Cr-Commit-Position: refs/heads/master@{#27853}
2015-04-15 16:23:24 +00:00
Jakob Kummerow
2064c3c9b2 Makefile: introduce debugsymbols=on flag
R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1085283002

Cr-Commit-Position: refs/heads/master@{#27852}
2015-04-15 15:20:18 +00:00
erikcorry
e0be05036f Reduce regexp compiler stack size when not optimizing regexps
R=jkummerow@chromium.org
BUG=chromium:475705
LOG=y

Review URL: https://codereview.chromium.org/1082763002

Cr-Commit-Position: refs/heads/master@{#27851}
2015-04-15 15:15:52 +00:00
mbrandy
ccc7952e3b PPC: VectorICs: megamorphic keyed loads in crankshaft don't need a vector.
Port c8e4d57d3b

Original commit message:
They are content with a dummy vector, as MISSES won't result in
changing the real vector/slot at all.

R=mvstanton@chromium.org, michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1085913003

Cr-Commit-Position: refs/heads/master@{#27850}
2015-04-15 14:43:55 +00:00
mbrandy
0dc5fd7080 PPC: Use Cells to check prototype chain validity (disabled by default).
Port 0179ec5797

Original commit message:
The cells are stored on prototypes (in their map's PrototypeInfo). When a prototype object changes its map, then both its own validity cell and those of all "downstream" prototypes are invalidated; handlers for a given receiver embed the currently valid cell for that receiver's prototype during their compilation and check it on execution.

R=michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1091563002

Cr-Commit-Position: refs/heads/master@{#27849}
2015-04-15 14:39:48 +00:00
jkummerow
e02807ee8a Fix a few potential integer negation overflows
AFAICT none of these can actually be triggered currently; but it's still good to harden the code a little.

Review URL: https://codereview.chromium.org/1058533007

Cr-Commit-Position: refs/heads/master@{#27848}
2015-04-15 13:55:21 +00:00
wingo
8da9252f61 Simplify DoParseProgram
DoParseProgram doesn't appear to need to receive toplevel scopes as
arguments; it can properly set the end_position of the scopes to the
scanner's position after parsing is complete.

R=marja@chromium.org
BUG=
LOG=N

Review URL: https://codereview.chromium.org/1058363003

Cr-Commit-Position: refs/heads/master@{#27847}
2015-04-15 13:42:20 +00:00
mstarzinger
b807d112d7 [turbofan] Fix ForInStatement that deopts during filter.
This adds a missing bailout id to a ForInStatement for when retrieving
and filtering a property name deoptimizes. This can happen with proxies
that have a getPropertyDescriptor trap.

R=jarin@chromium.org
TEST=mjsunit/for-in-opt

Review URL: https://codereview.chromium.org/1086083002

Cr-Commit-Position: refs/heads/master@{#27846}
2015-04-15 13:12:05 +00:00