Commit Graph

6008 Commits

Author SHA1 Message Date
machenbach
a23a74a7be [test] Remove deprecated --ignition test-runner flag
The flag was introduced for ignition development. It can only
be used when running ignition tests in isolation on the bots.

The bots only use ignition_turbo in isolation since a while
and don't pass the --ignition flag anymore.

BUG=v8:5238

Review-Url: https://codereview.chromium.org/2197123002
Cr-Commit-Position: refs/heads/master@{#38206}
2016-08-01 12:11:43 +00:00
cbruni
f4f06c5029 [keys] Trigger [[getOwnPropertyDescriptor]] trap on proxies for Object.keys
This CL fixes a long-standing bug with Object.keys where the enumerability
check was omitted if the [ownKeys] trap is not present. The only distinction the
KeyAccumulator needs is whether it collects keys for for-in (is_for_in_) or not.
ForInFilter performs a separate step to filter out non-enumerable keys later-on
while in all the other use-cases we have to filter keys.

BUG=v8:1543, v8:5250

Review-Url: https://codereview.chromium.org/2176113009
Cr-Commit-Position: refs/heads/master@{#38199}
2016-08-01 10:10:52 +00:00
bmeurer
986b04a62a [turbofan] Fix various bailout points for AstGraphBuilder.
This introduces a bunch of new tests that test various aspects of
accessor inlining in TurboFan (without the actual inlining), and does
the appropriate fixes to the AstGraphBuilder. The actual inlining CL
will land separately (so we don't need to revert the tests and fixes
if the accessor CL has to be reverted).

R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2197913002
Cr-Commit-Position: refs/heads/master@{#38191}
2016-08-01 06:18:48 +00:00
epertoso
79ebd37d65 [turbofan] Adds speculative opcodes for shift right.
Drive-by fix: actually match the hint in the IsSpeculativeBinopMatcher.

Review-Url: https://codereview.chromium.org/2191883002
Cr-Commit-Position: refs/heads/master@{#38176}
2016-07-29 11:04:24 +00:00
mstarzinger
de244af9ba [interpreter] Support on-stack replacement in profiler.
This adds preliminary support for on-stack replacement from Ignition to
optimized code generated by TurboFan to the runtime profiler. Involved
heuristics (e.g. code size allowance) have been taken from existing code
without any re-evaluation in the new setting.

R=rmcilroy@chromium.org
BUG=v8:4764

Review-Url: https://codereview.chromium.org/2182183005
Cr-Commit-Position: refs/heads/master@{#38159}
2016-07-29 08:32:19 +00:00
jgruber
1c7c0521f1 Set Error.stack property writable
Previously, the stack property was set up in JS as read-only; but since
it had a JS setter, writability was ignored and writing to stack was
possible.

This is no longer the case now that stack is either an actual data
property, or is associated with C++ accessors. Explicitly set the
property as writable to preserve old behavior.

BUG=5245
R=yangguo@chromium.org

Review-Url: https://codereview.chromium.org/2190313002
Cr-Commit-Position: refs/heads/master@{#38158}
2016-07-29 08:15:26 +00:00
mstarzinger
70489a1be5 [interpreter] Extend test for OSR from within generators.
R=rmcilroy@chromium.org
TEST=mjsunit/ignition/osr-from-generator
BUG=v8:4764

Review-Url: https://codereview.chromium.org/2185973004
Cr-Commit-Position: refs/heads/master@{#38144}
2016-07-28 16:52:26 +00:00
oth
02b0985335 [interpreter] Fix peephole rule on eliding last before jump.
BUG=chromium:629792
LOG=N

Review-Url: https://codereview.chromium.org/2185123003
Cr-Commit-Position: refs/heads/master@{#38140}
2016-07-28 14:41:26 +00:00
ishell
fc66694de8 [fullcode][mips][mips64][ppc][s390] Avoid trashing of a home object when doing a count operation with keyed load/store to a super.
BUG=chromium:631917

Review-Url: https://codereview.chromium.org/2191663004
Cr-Commit-Position: refs/heads/master@{#38139}
2016-07-28 14:31:07 +00:00
jgruber
b48b04edc4 Handle missing scripts in CallSite.GetEvalOrigin
BUG=630950,631909

Review-Url: https://codereview.chromium.org/2184193004
Cr-Commit-Position: refs/heads/master@{#38133}
2016-07-28 12:06:12 +00:00
danno
7f1fa30e34 [stubs] Port CreateWeakCellStub to turbofan
In the process also inline the stub into the appropriate interpreter bytecode
handler and make sure that the context register is preserved in hand-written
assembly code that calls the stub and expects the context register to be
preserved.

BUG=608675

Review-Url: https://codereview.chromium.org/2188993003
Cr-Commit-Position: refs/heads/master@{#38132}
2016-07-28 11:49:00 +00:00
jgruber
da69889609 Handle failed stack trace captures
BUG=630953
R=yangguo@chromium.org

Review-Url: https://codereview.chromium.org/2191713004
Cr-Commit-Position: refs/heads/master@{#38131}
2016-07-28 11:13:06 +00:00
mstarzinger
fcdcff5605 [interpreter] Add test for OSR from within generators.
R=neis@chromium.org
TEST=mjsunit/ignition/osr-from-generator
BUG=v8:4764

Review-Url: https://codereview.chromium.org/2188723005
Cr-Commit-Position: refs/heads/master@{#38125}
2016-07-28 09:49:58 +00:00
neis
d4e5851bad Make Array.prototype[Symbol.iterator] non-constructible.
R=adamk@chromium.org
BUG=v8:5237

Review-Url: https://codereview.chromium.org/2188753002
Cr-Commit-Position: refs/heads/master@{#38116}
2016-07-28 08:19:55 +00:00
ddchen
0a9d4003c7 [wasm] Add support for multiple indirect function tables
This patch updates internal data structures used by V8 to support
multiple indirect function tables (WebAssembly/design#682). But, since
this feature is post-MVP, the functionality is not directly exposed and
parsing/generation of WebAssembly is left unchanged. Nevertheless, it
is being used in an experiment to implement fine-grained control flow
integrity based on C/C++ types.

BUG=

Review-Url: https://codereview.chromium.org/2174123002
Cr-Commit-Position: refs/heads/master@{#38110}
2016-07-28 04:57:18 +00:00
mlippautz
e97b8686f2 [heap] Don't consider mementos on pages below age mark
Objects that reside below the age mark could be on pages that have been moved
within new space. In this case mementos survived which can actually point to
already-collected allocation sites.

BUG=chromium:631050,chromium:581412
R=hpayer@chromium.org

Review-Url: https://codereview.chromium.org/2179033005
Cr-Commit-Position: refs/heads/master@{#38094}
2016-07-27 12:18:16 +00:00
yangguo
071b655fa9 [debugger] Scope iterator should not visit inner function literals.
R=marja@chromium.org
BUG=chromium:621361

Review-Url: https://codereview.chromium.org/2185913003
Cr-Commit-Position: refs/heads/master@{#38087}
2016-07-27 09:04:20 +00:00
epertoso
94ab292fba [turbofan] Adds handling of number or oddball type feedback to SpeculativeNumberShiftLeft.
This required the introduction of the CheckedNumberOrOddballAsWord32 use info, and a change in the RepresentationChanger to handle it.

BUG=

Review-Url: https://codereview.chromium.org/2184513003
Cr-Commit-Position: refs/heads/master@{#38086}
2016-07-27 09:04:19 +00:00
mstarzinger
908f355ecc [interpreter] Enable OSR test that no longer fails.
R=mythria@chromium.org
TEST=mjsunit/regress/regress-2618
BUG=v8:4764

Review-Url: https://codereview.chromium.org/2183463003
Cr-Commit-Position: refs/heads/master@{#38085}
2016-07-27 08:58:53 +00:00
mstarzinger
e1ad114ed2 Reland of [interpreter] Add explicit OSR polling bytecode. (patchset #1 id:1 of https://codereview.chromium.org/2184553003/ )
Reason for revert:
Fix has been landed.

Original issue's description:
> Revert of [interpreter] Add explicit OSR polling bytecode. (patchset #6 id:100001 of https://codereview.chromium.org/2172233002/ )
>
> Reason for revert:
> Bunch of breakages. Maybe bad interaction with e520e5da55 ?
>
> E.g.:
> https://build.chromium.org/p/client.v8/builders/V8%20Linux64/builds/11607
>
> Original issue's description:
> > [interpreter] Add explicit OSR polling bytecode.
> >
> > This adds an explicit {OsrPoll} bytecode into every loop header which
> > triggers on-stack replacement when armed. Note that each such bytecode
> > stores the static loop depths as an operand, and hence can be armed for
> > specific loop depths.
> >
> > This also adds builtin code that triggers OSR compilation and switches
> > execution over to optimized code in case compilation succeeds. In case
> > compilation fails, the bytecode dispatch just continues unhindered.
> >
> > R=rmcilroy@chromium.org
> > TEST=mjsunit/ignition/osr-from-bytecode
> > BUG=v8:4764
> >
> > Committed: https://crrev.com/a55beb68e0ededb3773affa294a71edc50621458
> > Cr-Commit-Position: refs/heads/master@{#38043}
>
> TBR=rmcilroy@chromium.org,mstarzinger@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:4764
>
> Committed: https://crrev.com/439aa2c6d708bfd95db725bd6f97c4c49bbc51fc
> Cr-Commit-Position: refs/heads/master@{#38044}

TBR=rmcilroy@chromium.org,machenbach@chromium.org
BUG=v8:4764

Review-Url: https://codereview.chromium.org/2184713002
Cr-Commit-Position: refs/heads/master@{#38056}
2016-07-26 14:32:32 +00:00
machenbach
439aa2c6d7 Revert of [interpreter] Add explicit OSR polling bytecode. (patchset #6 id:100001 of https://codereview.chromium.org/2172233002/ )
Reason for revert:
Bunch of breakages. Maybe bad interaction with e520e5da55 ?

E.g.:
https://build.chromium.org/p/client.v8/builders/V8%20Linux64/builds/11607

Original issue's description:
> [interpreter] Add explicit OSR polling bytecode.
>
> This adds an explicit {OsrPoll} bytecode into every loop header which
> triggers on-stack replacement when armed. Note that each such bytecode
> stores the static loop depths as an operand, and hence can be armed for
> specific loop depths.
>
> This also adds builtin code that triggers OSR compilation and switches
> execution over to optimized code in case compilation succeeds. In case
> compilation fails, the bytecode dispatch just continues unhindered.
>
> R=rmcilroy@chromium.org
> TEST=mjsunit/ignition/osr-from-bytecode
> BUG=v8:4764
>
> Committed: https://crrev.com/a55beb68e0ededb3773affa294a71edc50621458
> Cr-Commit-Position: refs/heads/master@{#38043}

TBR=rmcilroy@chromium.org,mstarzinger@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4764

Review-Url: https://codereview.chromium.org/2184553003
Cr-Commit-Position: refs/heads/master@{#38044}
2016-07-26 11:07:20 +00:00
mstarzinger
a55beb68e0 [interpreter] Add explicit OSR polling bytecode.
This adds an explicit {OsrPoll} bytecode into every loop header which
triggers on-stack replacement when armed. Note that each such bytecode
stores the static loop depths as an operand, and hence can be armed for
specific loop depths.

This also adds builtin code that triggers OSR compilation and switches
execution over to optimized code in case compilation succeeds. In case
compilation fails, the bytecode dispatch just continues unhindered.

R=rmcilroy@chromium.org
TEST=mjsunit/ignition/osr-from-bytecode
BUG=v8:4764

Review-Url: https://codereview.chromium.org/2172233002
Cr-Commit-Position: refs/heads/master@{#38043}
2016-07-26 10:35:17 +00:00
bmeurer
32346aaea0 [turbofan] Fix overly aggressive dead code elimination.
When we eliminate nodes during truncation analysis that have no value
uses, we must make sure that we do not eliminate speculative number
operations that would have side effects depending on the inputs, i.e.
for example a SpeculativeNumberMultiply(x,y) does ToNumber(x) and
ToNumber(y) first, so if either x or y could throw an exception during
ToNumber conversion, we must not eliminate the multiplication, even if
it has no value uses (some later pass may kill the actual machine
multiplication, but the checks on the inputs have to remain still).
So we check whether both x and y are PlainPrimitive, i.e. neither
Receiver nor Symbol, which could raise exceptions for ToNumber, and
only in that case we propagate the "unusedness" of the node to its
inputs.

This also uncovered a bug with the type of Dead, which must be None,
as this represents an impossible value, so we had to fix that too.

Also the dead code removal will not work correctly for constants (i.e.
pure nodes with no value inputs), as those might be cached and hence
we might resurrect them for an unrelated node lowering during
SimplifiedLowering and only later kill the actual node (replacing its
uses with Dead), which would then also replace the new use with Dead.
So that was fixed as well. This shouldn't change anything for the
result, as unused constants automagically disappear from the graph later
on anyways.

R=yangguo@chromium.org
BUG=chromium:631318

Review-Url: https://codereview.chromium.org/2182003002
Cr-Commit-Position: refs/heads/master@{#38038}
2016-07-26 07:09:58 +00:00
caitp
917f0093fb [test] copy revoked proxy tests for array-concat to new files
The tests array-concat-revoked-proxy-*.js are copied out from array-concat.js,
in order to verify that they work correctly with a valid ArrayProtector cell.

These tests pass with https://crrev.com/122a9b7af02606dae558336082ab139a87eba39d
applied, but fail without it.

BUG=v8:5134
R=neis@chromium.org, cbruni@chromium.org, littledan@chromium.org

Review-Url: https://codereview.chromium.org/2177903002
Cr-Commit-Position: refs/heads/master@{#38026}
2016-07-25 15:26:16 +00:00
neis
88a795d1c8 Remove the --ignition-generators flag.
This flag has been enabled by default for over a month now.

R=mstarzinger@chromium.org, rmcilroy@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2176143002
Cr-Commit-Position: refs/heads/master@{#38020}
2016-07-25 12:56:27 +00:00
mvstanton
0a36b5cd2c [Turbofan] Make the -0 deopt case more efficient in multiplication.
After multiplying two integers we emit code like:

  if (result == 0) {
    if (OR_OPERATION(rhs, lhs) < 0) {
      DEOPT;
    }
  }

This CL allows us to eliminate the OR and comparison if either rhs or
lhs is a negative number, reducing the code to:

  if (result == 0) DEOPT;

BUG=

Review-Url: https://codereview.chromium.org/2167643002
Cr-Commit-Position: refs/heads/master@{#38016}
2016-07-25 12:15:22 +00:00
mvstanton
480f155ed6 [Turbofan] IsUseLessGeneral shouldn't consider machine representation.
BUG=chromium:630952

Review-Url: https://codereview.chromium.org/2177193002
Cr-Commit-Position: refs/heads/master@{#38014}
2016-07-25 12:01:54 +00:00
bmeurer
5bed1516c8 [turbofan] Avoid introducing machine operators during typed lowering.
Introducing machine operators early causes trouble for the typing,
truncation analysis and representation selection, so we should rather
stick to simplified operators instead. Now there's only the for-in case
left, which is not clear how we can handle this in a better way.

Drive-by-fix: Also don't introduce Int32Constant and Word32Shl in
JSTypedLowering, but use NumberConstant and proper NumberShiftLeft
operators instead.

R=jarin@chromium.org
BUG=chromium:630951

Review-Url: https://codereview.chromium.org/2182453002
Cr-Commit-Position: refs/heads/master@{#38008}
2016-07-25 10:38:00 +00:00
yangguo
02503b080f Make stack property collected by captureStackTrace non-enumerable and -writable.
TBR=jgruber@chromium.org

Review-Url: https://codereview.chromium.org/2177183002
Cr-Commit-Position: refs/heads/master@{#38005}
2016-07-25 10:04:13 +00:00
yangguo
986814218b Native try-catch syntax parsing should not crash.
R=littledan@chromium.org
BUG=chromium:630559

Review-Url: https://codereview.chromium.org/2176613002
Cr-Commit-Position: refs/heads/master@{#37996}
2016-07-25 05:32:28 +00:00
bmeurer
e3e347b85c [turbofan] Remove overly restrictive DCHECK.
The dead code elimination in SimplifiedLowering can eliminate pure nodes
if they don't have value uses. But some of those can indeed have control
inputs, i.e. Phi nodes do of course have a control input.

R=jarin@chromium.org
BUG=chromium:630923

Review-Url: https://codereview.chromium.org/2177133002
Cr-Commit-Position: refs/heads/master@{#37995}
2016-07-25 05:22:19 +00:00
jarin
a81d19d583 [turbofan] Handle impossible types (Type::None()) in the backend.
BUG=chromium:630611

Review-Url: https://codereview.chromium.org/2177483002
Cr-Commit-Position: refs/heads/master@{#37994}
2016-07-25 04:02:58 +00:00
cbruni
7ede61ed1d [elements] Omit fast path in PrependElementIndices
In PrependElementIndicesImpl we sort a FixedArray of indices potentially
containing HeapNumbers. During the string conversion we might trigger a GC.
This in turn might try to read a slot where we previously had a HeapNumber
but the sort sneaked a SMI in there which is not a valid pointer.

BUG=chromium:630561

Review-Url: https://codereview.chromium.org/2173653003
Cr-Commit-Position: refs/heads/master@{#37993}
2016-07-23 12:16:14 +00:00
caitp
122a9b7af0 [builtins] take slow path in IsConcatSpreadable if proxy in prototype
BUG=v8:5134
R=cbruni@chromium.org, littledan@chromium.org, neis@chromium.org

Review-Url: https://codereview.chromium.org/2131383002
Cr-Commit-Position: refs/heads/master@{#37987}
2016-07-22 18:43:19 +00:00
jgruber
89403e0316 Omit frames up to new target in Error constructor
BUG=v8:5216
R=yangguo@chromium.org

Review-Url: https://codereview.chromium.org/2175603003
Cr-Commit-Position: refs/heads/master@{#37978}
2016-07-22 11:45:50 +00:00
jgruber
4feafee9d9 Eagerly format traces in captureStackTrace
This allows us to skip complicated logic for setting the accessors.

BUG=

Review-Url: https://codereview.chromium.org/2164903004
Cr-Commit-Position: refs/heads/master@{#37969}
2016-07-22 08:14:50 +00:00
yangguo
6d0a420298 [debug] use catch prediction flag for promise rejections.
This is in preparation to implementing exception prediction for async
functions.  Each handler table entry can now predict "caught", "uncaught", or
"promise". The latter indicates that the exception will lead to a promise
rejection.

To mark the relevant try-catch blocks, we add a new native syntax.
try { } %catch (e) { } indicates a TryCatchStatement with the "promise"
prediction.

The previous implementation of using the function to tell the relevant
try-catch apart from inner try-catch blocks will not work for async functions
since these can have inner try-catch blocks inside the same function.

BUG=v8:5167

Review-Url: https://codereview.chromium.org/2161263003
Cr-Commit-Position: refs/heads/master@{#37966}
2016-07-22 06:04:54 +00:00
ritesht
b887013712 Revert "[wasm] Adding a convolution matrix filter test to highlight the performance advantages of JITing"
GC-Stress asserts in filter-jit.

This reverts commit ccfd224ec3.

BUG=v8:5044
R=bradnelson@chromium.org

Review-Url: https://codereview.chromium.org/2168343002
Cr-Commit-Position: refs/heads/master@{#37961}
2016-07-22 02:10:44 +00:00
jwolfe
3cfd80d6a2 Adjust whitespace to make tests oblivious to --harmony-function-tostring
See discussion in https://codereview.chromium.org/2156303002/#msg8

With the new --harmony-function-tostring behavior, these tests would
fail without this change. This change makes the tests pass regardless
of whether or not --harmony-function-tostring is used.

All of these changes are simply inserting a space after the "function"
keyword to match the current function toString behavior. When
--harmony-function-tostring is enabled, the toString behavior matches
the spacing used in the function declaration. With the declaration
matching the current formatting, the toString behavior becomes
unaffected by --harmony-function-tostring.

BUG=v8:4958
LOG=n

Review-Url: https://codereview.chromium.org/2161413002
Cr-Commit-Position: refs/heads/master@{#37959}
2016-07-22 00:18:41 +00:00
ritesht
ccfd224ec3 [wasm] Adding a convolution matrix filter test to highlight the performance advantages of JITing
This cl also fixes two bugs in the previous code:
    1) JITed functions were not allowed access to the heap because the module instance wasn't correctly synthesized. This wasn't discovered in the previous test.
    2) Decoding of functions with the JITSingleFunction opcode was off by 1 as the length of the opcode wasn't computed correctly.
BUG=5044

Review-Url: https://codereview.chromium.org/2168183002
Cr-Commit-Position: refs/heads/master@{#37957}
2016-07-21 22:39:41 +00:00
ivica.bogosavljevic
eaa86cbf06 MIPS: Fix infinite loop in Math.pow(2,-2147483648)
BUG=v8:5213

Review-Url: https://codereview.chromium.org/2163963003
Cr-Commit-Position: refs/heads/master@{#37955}
2016-07-21 19:38:01 +00:00
yangguo
07a0f9ebff [debugger] be more lenient about argument type in %DebugGetProperty.
R=mstarzinger@chromium.org
BUG=chromium:629996

Review-Url: https://codereview.chromium.org/2166123003
Cr-Commit-Position: refs/heads/master@{#37942}
2016-07-21 11:29:24 +00:00
cbruni
4b59bf5313 [fullcodegen] [crankshaft] Avoid jumping to the runtime for ForInFilter
Use the ForInFilterStub directly. Hence we will only jump to the runtime for
special receivers (instance_type <= LAST_SPECIAL_RECEIVER_TYPE) and for
converting element indices which are not in the string cache.

BUG=

Review-Url: https://codereview.chromium.org/2151773002
Cr-Commit-Position: refs/heads/master@{#37934}
2016-07-21 09:34:11 +00:00
jacob.bramley
e83739c0ae [arm] Fix infinite loop in Math.pow(2,2147483648).
BUG=v8:5214

Review-Url: https://codereview.chromium.org/2166743003
Cr-Commit-Position: refs/heads/master@{#37933}
2016-07-21 09:30:32 +00:00
bmeurer
f793cb1fc3 [runtime] %TransitionElementsKind works for any kind of JSObject.
The optimizing compilers actually invoke %TransitionElementsKind for
any kind of JSObject, the only relevant thing is the elements kind.
The runtime function was however checking for JSArray unnecessarily.
This only worked by coincindence in Crankshaft because the stub would
normally not call into the runtime fallback.

R=jarin@chromium.org
BUG=chromium:629823

Review-Url: https://codereview.chromium.org/2166963004
Cr-Commit-Position: refs/heads/master@{#37919}
2016-07-21 07:23:58 +00:00
ahaas
6627d81c68 [wasm] Use a C wrapper function to calculate F64Pow.
This CL more or less reverts commit https://codereview.chromium.org/2107733002/
The use of the MathPow code stub that was introduced by that commit caused
problems on arm64, and the MathPow code stub was also an obstacle in the
implementation of parallel code generation.

In addition this CL turns on the mjsunit/wasm/embenchen tests for arm64
which were turned off because of problems with MathPow on arm64.

R=titzer@chromium.org, bradnelson@chromium.org

Review-Url: https://codereview.chromium.org/2166793002
Cr-Commit-Position: refs/heads/master@{#37911}
2016-07-20 14:27:06 +00:00
jgruber
9211dee01a Move Error methods to C++
This ports a large portion of Error methods to C++,
including the constructor, stack setter and getter,
and Error.prototype.toString.

BUG=

Committed: https://crrev.com/5742da056a290caa13a0b8717ddb1e43424e0d31
Review-Url: https://codereview.chromium.org/2142933003
Cr-Original-Commit-Position: refs/heads/master@{#37870}
Cr-Commit-Position: refs/heads/master@{#37908}
2016-07-20 13:05:47 +00:00
neis
f2c2ef1f0e Make toLocaleString on arrays always call toLocaleString on its elements.
As required by the spec.

This is a variant of what I reverted in f47e722403.
It will probably still cause a regression but now it's easier to migrate (parts of)
the current implementation to C++, which is expected to make things faster again.

BUG=chromium:627729,v8:5113

Review-Url: https://codereview.chromium.org/2164923002
Cr-Commit-Position: refs/heads/master@{#37897}
2016-07-20 09:32:20 +00:00
jgruber
8c163cfe45 Revert of Move Error methods to C++ (patchset #11 id:200001 of https://codereview.chromium.org/2142933003/ )
Reason for revert:
Clusterfuzz failures: https://bugs.chromium.org/p/chromium/issues/detail?id=629749

Original issue's description:
> Move Error methods to C++
>
> This ports a large portion of Error methods to C++,
> including the constructor, stack setter and getter,
> and Error.prototype.toString.
>
> BUG=
>
> Committed: https://crrev.com/5742da056a290caa13a0b8717ddb1e43424e0d31
> Cr-Commit-Position: refs/heads/master@{#37870}

TBR=yangguo@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review-Url: https://codereview.chromium.org/2159223004
Cr-Commit-Position: refs/heads/master@{#37881}
2016-07-20 06:45:49 +00:00
jgruber
5742da056a Move Error methods to C++
This ports a large portion of Error methods to C++,
including the constructor, stack setter and getter,
and Error.prototype.toString.

BUG=

Review-Url: https://codereview.chromium.org/2142933003
Cr-Commit-Position: refs/heads/master@{#37870}
2016-07-19 13:51:07 +00:00
yangguo
4de5e1456e [debug] add test case for scope iterator using correct language mode.
TBR=mstarzinger@chromium.org
BUG=v8:5207

Review-Url: https://codereview.chromium.org/2154393003
Cr-Commit-Position: refs/heads/master@{#37860}
2016-07-19 11:07:03 +00:00
bmeurer
e0b8707c78 [turbofan] Fix typing rule for number addition.
R=jarin@chromium.org
BUG=chromium:629435

Review-Url: https://codereview.chromium.org/2161013002
Cr-Commit-Position: refs/heads/master@{#37859}
2016-07-19 10:08:13 +00:00
bmeurer
15f99cd5b5 [turbofan] Properly handle bit->float64 representation changes.
BUG=chromium:629062
R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2155323003
Cr-Commit-Position: refs/heads/master@{#37853}
2016-07-19 08:29:52 +00:00
bmeurer
173313e297 [crankshaft] Guard against side effects in Array.prototype.shift lowering.
We need to pay attention to potential side effects from parameter
evaluation when inlining the fast case Array.prototype.shift.

R=yangguo@chromium.org
BUG=chromium:614644

Review-Url: https://codereview.chromium.org/2161943002
Cr-Commit-Position: refs/heads/master@{#37850}
2016-07-19 06:43:04 +00:00
thakis
6e5077a450 improve grammar in comment
Review-Url: https://codereview.chromium.org/2160633002
Cr-Commit-Position: refs/heads/master@{#37844}
2016-07-18 15:52:21 +00:00
jochen
02ba244125 Reland^2 "Don't compile functions in a context the caller doesn't have access to"
Original issue's description:
> Don't compile functions in a context the caller doesn't have access to
>
> Instead just return undefined
>
> A side effect of this is that it's no longer possible to compile
> functions in a detached context.
>
> BUG=chromium:541703
> R=verwaest@chromium.org,bmeurer@chromium.org

BUG=chromium:541703
R=verwaest@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng

Review-Url: https://codereview.chromium.org/2155503004
Cr-Commit-Position: refs/heads/master@{#37842}
2016-07-18 15:35:45 +00:00
yangguo
a51f429772 [regexp] Fix case-insensitive matching for one-byte subjects.
The bug occurs because we do not canonicalize character class ranges
before adding case equivalents. While adding case equivalents, we abort
early for one-byte subject strings, assuming that the ranges are sorted.
Which they are not.

R=marja@chromium.org
BUG=v8:5199

Review-Url: https://codereview.chromium.org/2159683002
Cr-Commit-Position: refs/heads/master@{#37833}
2016-07-18 12:03:37 +00:00
jarin
86110796f6 [turbofan] Eliminate checkpoints before return in common op reducer.
This makes sure that we preserve call's tailness even if we have
introduced a loop exit between the call and the return.

BUG=chromium:628773

Review-Url: https://codereview.chromium.org/2155123002
Cr-Commit-Position: refs/heads/master@{#37832}
2016-07-18 11:56:54 +00:00
mvstanton
47aaac6442 [Turbofan]: Eliminate the check for -0 if it's not possible/observable.
In int32 multiplication, if we have a positive integer as input, then we know we can't produce a -0 answer. The same is true if truncation is applied (x * y | 0). Without this information, we have to rather annoyingly check if the result of multiplication is 0, then OR the inputs to check for negativity, and possibly return -0. In TurboFan, we'll deopt in this case.

BUG=

Review-Url: https://codereview.chromium.org/2154073002
Cr-Commit-Position: refs/heads/master@{#37831}
2016-07-18 11:37:23 +00:00
mstarzinger
a95cdbb4b4 [turbofan] Fix deopt point for [[ToObject]] lazy bailout.
This fixes the deoptimization information for the lazy bailout point
after a [[ToObject]] operation inserted for with statements. The result
value was pushed on the operand stack but erroneously ignored and left
on the operand stack by the FullCodeGenerator.

R=jarin@chromium.org
TEST=mjsunit/regress/regress-5205
BUG=v8:5205

Review-Url: https://codereview.chromium.org/2158443002
Cr-Commit-Position: refs/heads/master@{#37818}
2016-07-18 08:08:47 +00:00
jarin
514951f651 [turbofan] In effect control linearizer, only delay effect phi update for loops.
Delaying for merges caused branch cloning using dummy effect phi inputs,
potentially splitting the effect chain at start.

We still have to delay the creation for loops because we need to break
cycles.

BUG=chromium:628403

Review-Url: https://codereview.chromium.org/2159603002
Cr-Commit-Position: refs/heads/master@{#37808}
2016-07-16 12:39:14 +00:00
gdeepti
18543ff1da Convert SIMD wasm ops to runtime function calls
- Add Simd128 type to Wasm AST types
 - Decode SIMD prefix, wasm opcodes correctly
 - Add a pass that converts SIMD machine ops to runtime calls
 - Sample opcodes Int32x4Splat, Int32x4ExtractLane and test

LOG=N
BUG=v8:4124

R=bradnelson@chromium.org, bbudge@chromium.org, titzer@chromium.org

Committed: https://crrev.com/73df92fc2fdbbfadc17e8ab4e58ec56ae2b3d91a
Review-Url: https://codereview.chromium.org/1991143002
Cr-Original-Commit-Position: refs/heads/master@{#37789}
Cr-Commit-Position: refs/heads/master@{#37807}
2016-07-16 03:50:54 +00:00
ishell
5d66a7f76b [fullcode] Restore context after calling ToNumber builtin.
BUG=chromium:628573

Review-Url: https://codereview.chromium.org/2153783002
Cr-Commit-Position: refs/heads/master@{#37796}
2016-07-15 13:18:57 +00:00
neis
f47e722403 Revert "Make toLocaleString on arrays always call toLocaleString on its elements."
This reverts commit 457c02573c because it caused a
regression in SunSpider/string-fasta and possibly AreWeFastYet/Life.  Need to
implement this in a smarter way.

TBR=littledan@chromium.org
BUG=chromium:627729,v8:5113

Review-Url: https://codereview.chromium.org/2149303003
Cr-Commit-Position: refs/heads/master@{#37793}
2016-07-15 11:28:42 +00:00
jarin
9f859c66a1 [turbofan] Add re-typing for PlainPrimitiveToNumber during representation inference.
This makes sure that the uses of PlainPrimitiveToNumber get a more
precise type (so that the uses know how to interpret the output
representation).

BUG=chromium:628516

Review-Url: https://codereview.chromium.org/2151223002
Cr-Commit-Position: refs/heads/master@{#37792}
2016-07-15 10:37:27 +00:00
machenbach
9f46c1112b Revert of Convert SIMD wasm ops to runtime function calls (patchset #17 id:320001 of https://codereview.chromium.org/1991143002/ )
Reason for revert:
[Sheriff] Violates msan and tsan:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/builds/9663
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN/builds/10670

Original issue's description:
> Convert SIMD machine ops to runtime function calls
>  - Add Simd128 type to Wasm AST types
>  - Add a pass that converts SIMD machine ops to runtime calls
>  - Sample opcodes Int32x4Splat, Int32x4ExtractLane and test
>  - Separate out generic SIMD Machine ops as these cannot be
>  handled by runtime functions just yet.
>
> LOG=N
> BUG=v8:4124
>
> R=bradnelson@chromium.org, bbudge@chromium.org, titzer@chromium.org
>
> Committed: https://crrev.com/73df92fc2fdbbfadc17e8ab4e58ec56ae2b3d91a
> Cr-Commit-Position: refs/heads/master@{#37789}

TBR=bbudge@chromium.org,bradnelson@chromium.org,titzer@chromium.org,gdeepti@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4124

Review-Url: https://codereview.chromium.org/2154723002
Cr-Commit-Position: refs/heads/master@{#37790}
2016-07-15 09:00:02 +00:00
gdeepti
73df92fc2f Convert SIMD machine ops to runtime function calls
- Add Simd128 type to Wasm AST types
 - Add a pass that converts SIMD machine ops to runtime calls
 - Sample opcodes Int32x4Splat, Int32x4ExtractLane and test
 - Separate out generic SIMD Machine ops as these cannot be
 handled by runtime functions just yet.

LOG=N
BUG=v8:4124

R=bradnelson@chromium.org, bbudge@chromium.org, titzer@chromium.org

Review-Url: https://codereview.chromium.org/1991143002
Cr-Commit-Position: refs/heads/master@{#37789}
2016-07-15 08:30:25 +00:00
bakkot
f6c6ae9034 Block-scoped functions in evals are now only conditionally hoisted out.
Annex B.3.3 of the spec requires that sloppy-mode block-scoped functions
declared by "eval" are hoisted unless doing so would cause an early
error (which is to say, conflict with a lexical declaration). This patch
amends the check for conflicting declarations to include those outside
of the eval itself.

BUG=v8:4468, v8:4479

Review-Url: https://codereview.chromium.org/2112163002
Cr-Commit-Position: refs/heads/master@{#37783}
2016-07-14 22:43:01 +00:00
adamk
458bd3b9a3 Slight cleanup of TryCatch parsing/variable declaration
Instead of unconditionally parsing the catch parameter as an expression
and then recovering if it turns out to be a simple variable proxy
(the overwhelmingly common case), this patch peeks one token ahead
before attempting to parse. This avoids doing the usual RemoveUnresolved
gymnastics in ParseTryStatement, and as a side-effect slightly improves
function name inference for an async arrow function test case.

Review-Url: https://codereview.chromium.org/2151433005
Cr-Commit-Position: refs/heads/master@{#37780}
2016-07-14 17:55:45 +00:00
mtrofin
bd03c64297 [wasm] Compile and Instantiation
Implemented the WebAssembly.Module and WebAssembly.Instance
in terms of the WasmModule::CompileFunctions and
WasmModule::Instantiate APIs.

Added negative tests - for invalid module object.

BUG=

Review-Url: https://codereview.chromium.org/2121593002
Cr-Commit-Position: refs/heads/master@{#37775}
2016-07-14 16:31:07 +00:00
neis
1c1bdfe17e [test] Extend a test of destructuring.
R=adamk@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2147733003
Cr-Commit-Position: refs/heads/master@{#37773}
2016-07-14 16:11:41 +00:00
mstarzinger
ed5802cc8c [turbofan] Re-enable flaky tests that should no longer flake.
R=machenbach@chromium.org

Review-Url: https://codereview.chromium.org/2143973002
Cr-Commit-Position: refs/heads/master@{#37767}
2016-07-14 13:54:24 +00:00
mvstanton
e7111cfff7 [Turbofan]: Add integer multiplication with overflow to typed lowering.
BUG=

Review-Url: https://codereview.chromium.org/2141953002
Cr-Commit-Position: refs/heads/master@{#37764}
2016-07-14 13:25:15 +00:00
epertoso
d93fd41aaa [turbofan] Introduces the SpeculativeNumberShiftLeft opcode.
Typed lowering now produces SpeculativeNumberShiftLeft for JSShiftLeft if the type feedback is kSignedSmall or kSigned32.

BUG=v8:4583
LOG=n

Review-Url: https://codereview.chromium.org/2150553002
Cr-Commit-Position: refs/heads/master@{#37762}
2016-07-14 12:49:32 +00:00
jochen
63449d21d3 Revert of Reland "Don't compile functions in a context the caller doesn't have access to" (patchset #4 id:60001 of https://codereview.chromium.org/2143893005/ )
Reason for revert:
blink is unhappy about the microtask change

Original issue's description:
> Reland "Don't compile functions in a context the caller doesn't have access to"
>
> Original issue's description:
> > Don't compile functions in a context the caller doesn't have access to
> >
> > Instead just return undefined
> >
> > A side effect of this is that it's no longer possible to compile
> > functions in a detached context.
> >
> > BUG=chromium:541703
> > R=verwaest@chromium.org,bmeurer@chromium.org
>
> BUG=chromium:541703
> R=verwaest@chromium.org
>
> Committed: https://crrev.com/6bceabac5b705b2ce1f52d34650cea1ae3b8c617
> Cr-Commit-Position: refs/heads/master@{#37756}

TBR=verwaest@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:541703

Review-Url: https://codereview.chromium.org/2151843002
Cr-Commit-Position: refs/heads/master@{#37760}
2016-07-14 12:39:13 +00:00
mstarzinger
95ba1af314 [i18n] Make regression test work without i18n.
TBR=machenbach@chromium.org
NOTREECHECKS=true
NOTRY=true

Review-Url: https://codereview.chromium.org/2144263002
Cr-Commit-Position: refs/heads/master@{#37759}
2016-07-14 12:32:45 +00:00
bmeurer
6530a16eb5 [stubs] Properly handle length overflow in StringAddStub.
Using the Hydrogen code stub bailout mechanism is not correct for the
string length overflow check in the StringAddStub. Instead make sure we
just throw the proper exception.

R=mstarzinger@chromium.org
BUG=chromium:627934

Review-Url: https://codereview.chromium.org/2146353002
Cr-Commit-Position: refs/heads/master@{#37758}
2016-07-14 11:47:42 +00:00
mstarzinger
8226c88b52 [i18n] Ensure [[ToString]] conversion of time zone names.
This adds a missing conversion of time zone names to string primitives
before case conversion and regular expression matching are applied.

This is in sync with ECMA-402, section 12.1.1.1, step 16(a).

R=jochen@chromium.org
TEST=mjsunit/regress/regress-crbug-627935
BUG=chromium:627935

Review-Url: https://codereview.chromium.org/2143003005
Cr-Commit-Position: refs/heads/master@{#37757}
2016-07-14 11:31:29 +00:00
jochen
6bceabac5b Reland "Don't compile functions in a context the caller doesn't have access to"
Original issue's description:
> Don't compile functions in a context the caller doesn't have access to
>
> Instead just return undefined
>
> A side effect of this is that it's no longer possible to compile
> functions in a detached context.
>
> BUG=chromium:541703
> R=verwaest@chromium.org,bmeurer@chromium.org

BUG=chromium:541703
R=verwaest@chromium.org

Review-Url: https://codereview.chromium.org/2143893005
Cr-Commit-Position: refs/heads/master@{#37756}
2016-07-14 11:08:52 +00:00
mvstanton
8e18a5f2a0 [turbofan] Introduce integer multiplication with overflow.
BUG=

Review-Url: https://codereview.chromium.org/2101123005
Cr-Commit-Position: refs/heads/master@{#37748}
2016-07-14 08:56:14 +00:00
adamk
68f205b2a7 Revert of Don't compile functions in a context the caller doesn't have access to (patchset #9 id:160001 of https://codereview.chromium.org/2034083002/ )
Reason for revert:
Causes crashes on Canary

Original issue's description:
> Don't compile functions in a context the caller doesn't have access to
>
> Instead just return undefined
>
> A side effect of this is that it's no longer possible to compile
> functions in a detached context.
>
> BUG=chromium:541703
> R=verwaest@chromium.org,bmeurer@chromium.org
> CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng
>
> Committed: https://crrev.com/992e34c21635b179a993b82ac1d81753e7a6a57a
> Cr-Commit-Position: refs/heads/master@{#37657}

TBR=bmeurer@chromium.org,verwaest@chromium.org,jochen@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=chromium:541703, chromium:628053

Review-Url: https://codereview.chromium.org/2148163002
Cr-Commit-Position: refs/heads/master@{#37736}
2016-07-14 02:02:20 +00:00
ritesht
de33e4bad2 [wasm] Adding feature to JIT a wasm function at runtime and hook up the compiled code into the indirect function table
The runtime JIT function is passed in the function table to hook up the compiled code and the starting address of the memory to locate the bytes to be compiled.

BUG=5044

Review-Url: https://codereview.chromium.org/2137993003
Cr-Commit-Position: refs/heads/master@{#37735}
2016-07-14 01:13:50 +00:00
jpp
aa91225289 V8. ASM-2-WASM. Migrates asm-wasm-builder to the new asm-typer.
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=4203
TEST=mjsunit/wasm/*
LOG=N

Review-Url: https://codereview.chromium.org/2134333003
Cr-Commit-Position: refs/heads/master@{#37729}
2016-07-13 19:40:10 +00:00
bakkot
819fe04645 Reland of Add errors for declarations which conflict with catch parameters. (patchset #1 id:1 of https://codereview.chromium.org/2112223002/ )
Reason for revert:
Correcting issue.

Original issue's description:
> Revert of Add errors for declarations which conflict with catch parameters. (patchset #6 id:100001 of https://codereview.chromium.org/2109733003/ )
>
> Reason for revert:
> Fuzzer claims `try {  \"\" ; } catch(x) { let x1 = [1,,], x = x; }` causes a crash.
>
> Original issue's description:
> > Add errors for declarations which conflict with catch parameters.
> >
> > Catch parameters are largely treated as lexical declarations in the
> > block which contains their body for the purposes of early syntax errors,
> > with some exceptions outlined in B.3.5. This patch introduces most of
> > those errors, except those from `eval('for (var e of ...);')` inside of
> > a catch with a simple parameter named 'e'.
> >
> > Note that annex B.3.5 allows var declarations to conflict with simple
> > catch parameters, except when the variable declaration is the init of a
> > for-of statement.
> >
> > BUG=v8:5112,v8:4231
> >
> > Committed: https://crrev.com/2907c726b2bb5cf20b2bec639ca9e6a521585406
> > Cr-Commit-Position: refs/heads/master@{#37462}
>
> TBR=littledan@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:5112,v8:4231
>
> Committed: https://crrev.com/8834d5ecb559001c87c42322969471da60574a8c
> Cr-Commit-Position: refs/heads/master@{#37464}

R=littledan@chromium.org
BUG=v8:5112,v8:4231

Review-Url: https://codereview.chromium.org/2119933002
Cr-Commit-Position: refs/heads/master@{#37728}
2016-07-13 19:29:11 +00:00
binji
a16ca012e0 [Atomics] Rename Atomics.futex*, remove Atomics.futexWakeOrRequeue
* Rename Atomics.futexWait -> Atomics.wait
* Rename Atomics.futexWake -> Atomics.wake
* Remove Atomics.futexWakeOrRequeue
* Return value of Atomics.wait is now a string: "ok", "not-equal" or
  "timed-out"
* Update comments that reference URL for ecmascript_sharedmem to
  https://github.com/tc39/ecmascript_sharedmem

Review-Url: https://codereview.chromium.org/2143443002
Cr-Commit-Position: refs/heads/master@{#37727}
2016-07-13 18:34:03 +00:00
mstarzinger
a2f1519f68 [turbofan] Fix deopt point for [[ToName]] lazy bailout.
This fixes the deoptimization information for the lazy bailout point
after a [[ToName]] operation inserted for object literals and class
literals. The result value was erroneously ignored.

R=jarin@chromium.org
TEST=mjsunit/regress/regress-crbug-627828
BUG=chromium:627828

Review-Url: https://codereview.chromium.org/2149493003
Cr-Commit-Position: refs/heads/master@{#37719}
2016-07-13 15:18:10 +00:00
mstarzinger
04062e92cc [runtime] Fully remove RUNTIME_ASSERT for good.
This fully deprecates all uses of the RUNTIME_ASSERT macro and removes
the macro and underlying logging function in question. All uses have
been replaces with CHECK macros which crash safely even in production.

It makes sure we discover abuse of runtime functions in the wild early
and also abort the process safely. Breaking assumptions in any runtime
function can no longer accidentally be caught by JavaScript.

R=yangguo@chromium.org
BUG=v8:5066

Review-Url: https://codereview.chromium.org/2132493002
Cr-Commit-Position: refs/heads/master@{#37704}
2016-07-13 08:36:04 +00:00
mstarzinger
08843650db [turbofan] Respect catch prediction provided by parser.
This makes sure the {AstGraphBuilder} respects the catch-prediction that
is provided by the parser along with each {TryStatement}. This is needed
for try-blocks materialized by the parser not to influence predictions
users expect when using the debugger.

R=neis@chromium.org
TEST=mjsunit/debug-exceptions
BUG=v8:5183

Review-Url: https://codereview.chromium.org/2147573002
Cr-Commit-Position: refs/heads/master@{#37702}
2016-07-13 08:13:18 +00:00
mythria
fd420203ec [Interpreter] Collect type feedback for calls in the bytecode handler
Collect type feedback in the call bytecode handler. The current
implementation only collects feedback for JS function objects. The other
objects and Array functions do not collect any feedback. They will be
marked Megamorphic.

BUG=v8:4280, v8:4780
LOG=N

Review-Url: https://codereview.chromium.org/2122183002
Cr-Commit-Position: refs/heads/master@{#37700}
2016-07-13 08:00:23 +00:00
aseemgarg
cd95c600be [wasm] allow array access with unsigned indices
BUG=618608
R=bradnelson@chromium.org
TEST=regress-618608.js

Review-Url: https://codereview.chromium.org/2138243002
Cr-Commit-Position: refs/heads/master@{#37693}
2016-07-12 21:56:38 +00:00
neis
457c02573c Make toLocaleString on arrays always call toLocaleString on its elements.
As required by the spec.

BUG=v8:5113

Review-Url: https://codereview.chromium.org/2141603002
Cr-Commit-Position: refs/heads/master@{#37689}
2016-07-12 17:33:36 +00:00
neis
8f1f1cb1c7 Move catch prediction into frontend and make it aware of rethrows.
This solves an issue with throws inside for-of always being marked as caught.

BUG=v8:5183

Review-Url: https://codereview.chromium.org/2146493002
Cr-Commit-Position: refs/heads/master@{#37686}
2016-07-12 15:23:35 +00:00
cbruni
d234118e29 Revert of making heap verification more aggressive (patchset #7 id:120001 of https://codereview.chromium.org/2126613002/ )
Reason for revert:
failing gc stress tests: https://build.chromium.org/p/client.v8/builders/V8%20Mac%20GC%20Stress/builds/7223/steps/Mjsunit/logs/stdio

Original issue's description:
> [runtime] making heap verification more aggressive
>
> - check that packed elements do not contain the_hole (with fix)
> - verify argument objects with elements kind
> - use JSObjectVerifiy in all JSObject "subclasses"
> - change initialization order for ArrayLiteralBoilerplate to simplify verification
>
> BUG=v8:5188
>
> Committed: https://crrev.com/599aa2e106ca8ab79f5cc489d1b93b6a26b19714
> Cr-Commit-Position: refs/heads/master@{#37680}

TBR=ishell@chromium.org,ulan@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5188

Review-Url: https://codereview.chromium.org/2140163002
Cr-Commit-Position: refs/heads/master@{#37682}
2016-07-12 14:07:17 +00:00
cbruni
599aa2e106 [runtime] making heap verification more aggressive
- check that packed elements do not contain the_hole (with fix)
- verify argument objects with elements kind
- use JSObjectVerifiy in all JSObject "subclasses"
- change initialization order for ArrayLiteralBoilerplate to simplify verification

BUG=v8:5188

Review-Url: https://codereview.chromium.org/2126613002
Cr-Commit-Position: refs/heads/master@{#37680}
2016-07-12 13:32:03 +00:00
mstarzinger
6e38f4270a [test] Remove NaCl support from test runner harness.
R=machenbach@chromium.org

Review-Url: https://codereview.chromium.org/2141013002
Cr-Commit-Position: refs/heads/master@{#37678}
2016-07-12 13:18:49 +00:00
mstarzinger
88402eccc7 [turbofan] Re-enable tests no longer failing on ARM hardware.
R=machenbach@chromium.org

Review-Url: https://codereview.chromium.org/2141563002
Cr-Commit-Position: refs/heads/master@{#37677}
2016-07-12 12:44:11 +00:00
mstarzinger
f3ca214222 [turbofan] Speed up structural graph verification.
This removes the checking for use-def and def-use chain links from the
graph verification. Presence of such links can only be violated by a bug
in the actual {Node} implementation itself. That container class is also
covered by unit tests.

The verification in question was useful in the early days when the graph
implementation itself was prone to bugs. By now it has stabilized and
spending O(n^2) time during graph verification is too wasteful to still
be considered a reasonable trade-off.

R=jarin@chromium.org
TEST=unittests/NodeTest.*

Review-Url: https://codereview.chromium.org/2140973003
Cr-Commit-Position: refs/heads/master@{#37670}
2016-07-12 09:31:12 +00:00
bmeurer
4e862dd964 [intrinsics] Remove obsolete intrinsics.
Remove obsolete definitions from macros.py, and drop the now obsolete
%_ToPrimitive, %_ToPrimitive_Number, %_ToPrimitive_String, %_ToName
and the %ToPrimitive_String intrinsics/runtime entries.

R=yangguo@chromium.org
BUG=v8:5049

Review-Url: https://codereview.chromium.org/2137203002
Cr-Commit-Position: refs/heads/master@{#37665}
2016-07-12 06:41:23 +00:00
yangguo
bbb2159d4c [regexp] Fix regexp source escaping with preceding backslashes.
R=franzih@chromium.org
BUG=chromium:515897

Review-Url: https://codereview.chromium.org/2137033002
Cr-Commit-Position: refs/heads/master@{#37664}
2016-07-12 05:36:17 +00:00
jochen
992e34c216 Don't compile functions in a context the caller doesn't have access to
Instead just return undefined

A side effect of this is that it's no longer possible to compile
functions in a detached context.

BUG=chromium:541703
R=verwaest@chromium.org,bmeurer@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng

Review-Url: https://codereview.chromium.org/2034083002
Cr-Commit-Position: refs/heads/master@{#37657}
2016-07-11 20:11:51 +00:00