Commit Graph

12539 Commits

Author SHA1 Message Date
adamk
54ce1935b5 [intl] Clean up function name handling in AddBoundMethod
AddBoundMethod, in i18n.js, returns functions all of which share the
same backing SharedFunctionInfo, which means that its calls to
InstallGetter were causing all such functions to have a single name
(that of the last caller, "get breakType").

This patch skips calling InstallGetter and instead directly calls
%DefineGetterPropertyUnchecked, which itself sets the name property
on the JSFunction instance (it knows how to do this in order to handle
getters that have computed property names).

Also takes care of a TODO having to do with the inner boundMethod:
its name is now made empty, by using a new macro that gets around
ES2015's function name inference.

Finally, removes a redundant %FunctionRemovePrototype: arrow functions
have no prototypes to begin with.

R=littledan@chromium.org
BUG=v8:4778

Review-Url: https://codereview.chromium.org/2109223002
Cr-Commit-Position: refs/heads/master@{#37459}
2016-06-30 20:10:42 +00:00
lpy
f20d6788e7 Enable ThreadTicks on Windows.
BUG=v8:5000

Review-Url: https://codereview.chromium.org/2106243002
Cr-Commit-Position: refs/heads/master@{#37454}
2016-06-30 15:36:08 +00:00
rmcilroy
02c3414d62 [Interpereter] Inline FastNewClosure into CreateClosure bytecode handler
BUG=v8:4280

Review-Url: https://codereview.chromium.org/2113613002
Cr-Commit-Position: refs/heads/master@{#37453}
2016-06-30 15:32:59 +00:00
verwaest
c17b44bd3a Fix double canonicalization
This turns the blacklist back into a white-list adding all binary operations as allowed operations. The one known fix is that it forces canonicalization of the double-hole as double constant.

BUG=chromium:621147

Review-Url: https://codereview.chromium.org/2106393002
Cr-Commit-Position: refs/heads/master@{#37452}
2016-06-30 15:18:16 +00:00
ulan
5a8cfaf06d Fix clearing of slots on large page uncommit
BUG=chromium:624544
LOG=NO

Review-Url: https://codereview.chromium.org/2110213003
Cr-Commit-Position: refs/heads/master@{#37451}
2016-06-30 15:03:17 +00:00
littledan
34880eb3dc Revert of Put RegExp js code in strict mode (patchset #2 id:20001 of https://codereview.chromium.org/1776883005/ )
Reason for revert:
Found to break SAP Web IDE, and these semantics are not shipped in any other browser.
Revert to legacy semantics while assessing web compatibility.

BUG=chromium:624318

Original issue's description:
> Put RegExp js code in strict mode
>
> src/js/regexp.js was one of the few files that was left in sloppy
> mode. The ES2017 draft specification requires that writes to
> lastIndex throw when the property is non-writable, and test262
> tests enforce this behavior. This patch puts that file in strict
> mode.
>
> BUG=v8:4504
> R=yangguo@chromium.org
> LOG=Y
>
> Committed: https://crrev.com/80b1b2a45bbd9bf3d08e4e6516acfaaa8f438213
> Cr-Commit-Position: refs/heads/master@{#34801}

TBR=yangguo@chromium.org,adamk@chromium.org

Review-Url: https://codereview.chromium.org/2112713003
Cr-Commit-Position: refs/heads/master@{#37449}
2016-06-30 14:36:34 +00:00
ahaas
de369129d2 [wasm] Detect unrepresentability in the float32-to-int32 conversion correctly on arm.
In the current implementation of wasm an unrepresentable input of the
float32-to-int32 conversion is detected by first truncating the input, then
converting the truncated input to int32 and back to float32, and then checking
whether the result is the same as the truncated input.

This input check does not work on arm and arm64 for an input of (INT32_MAX + 1)
because on these platforms the float32-to-int32 conversion results in INT32_MAX
if the input is greater than INT32_MAX.  When INT32_MAX is converted back to
float32, then the result is (INT32_MAX + 1) again because INT32_MAX cannot be
represented precisely as float32, and rounding-to-nearest results in (INT32_MAX
+ 1). Since (INT32_MAX + 1) equals the truncated input value, the input appears
to be representable.

With the changes in this CL, the result of the float32-to-int32 conversion is
incremented by 1 if the original result was INT32_MAX. Thereby the detection of
unrepresenable inputs in wasm works. Note that since INT32_MAX cannot be
represented precisely in float32, it can also never be a valid result of the
float32-to-int32 conversion.

@v8-mips-ports, can you do a similar implementation for mips?

R=titzer@chromium.org, Rodolph.Perfetta@arm.com

Review-Url: https://codereview.chromium.org/2105313002
Cr-Commit-Position: refs/heads/master@{#37448}
2016-06-30 14:30:44 +00:00
titzer
fa69cbb86b [turbofan] Allow OptionalOperator to return a placeholder.
R=bmeurer@chromium.org, ahaas@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2112733003
Cr-Commit-Position: refs/heads/master@{#37445}
2016-06-30 14:18:35 +00:00
bbudge
aca3716a50 [Turbofan] Add Simd128 registers to RegisterConfiguration.
-Defines SIMD128_REGISTERS for all platforms.
-Adds Simd128 register information to RegisterConfiguration, and implements
aliasing calculations.

LOG=N
BUG=v8:4124

Review-Url: https://codereview.chromium.org/2092103004
Cr-Commit-Position: refs/heads/master@{#37437}
2016-06-30 11:29:36 +00:00
franzih
203391bcc0 [builtins] Migrate Math.abs() to TurboFan builtins.
Like the other Math builtins, Math.abs() is now a TurboFan builtin.
It uses RawMachineAssembler::Float64Abs().

R=bmeurer@chromium.org
BUG=v8:5163, v8:5086
LOG=N

Review-Url: https://codereview.chromium.org/2115493002
Cr-Commit-Position: refs/heads/master@{#37433}
2016-06-30 10:27:09 +00:00
bmeurer
bbc44c2696 [intrinsics] Drop the now obsolete %_DoubleHi and %_DoubleLo intrinsics.
These are no longer used, except in tests that test these intrinsics.

R=yangguo@chromium.org

Review-Url: https://codereview.chromium.org/2114613002
Cr-Commit-Position: refs/heads/master@{#37432}
2016-06-30 10:21:13 +00:00
titzer
d249efd705 [wasm] Disassemble wasm code from script
This stores the wasm object and the function index in the script, and
adds functions to get the disassembled wasm code as well as the offset
table mapping from byte position to line and column in the disassembly
solely from the script.
This will be used to show "ui source code" in DevTools, and map raw
locations from the stack trace into this code view.

R=yangguo@chromium.org, ahaas@chromium.org, titzer@chromium.org
BUG=chromium:613110

patch from issue 2063013004 at patchset 80001 (http://crrev.com/2063013004#ps80001)

Review-Url: https://codereview.chromium.org/2105303002
Cr-Commit-Position: refs/heads/master@{#37430}
2016-06-30 09:57:07 +00:00
titzer
971731f354 [wasm] Fix receiver conversion for WASM->JS calls.
R=yangguo@chromium.org,ahaas@chromium.org
BUG=chromium:624713
LOG=Y

Review-Url: https://codereview.chromium.org/2111843002
Cr-Commit-Position: refs/heads/master@{#37428}
2016-06-30 09:41:43 +00:00
yangguo
141cddc720 Move RelocInfo::kNoPosition.
R=mstarzinger@chromium.org
BUG=v8:5117

Review-Url: https://codereview.chromium.org/2109773004
Cr-Commit-Position: refs/heads/master@{#37426}
2016-06-30 09:29:30 +00:00
mvstanton
cede9ce5e1 [builtins] Unify Cosh, Sinh and Tanh as exports from flibm
BUG=v8:5086

Review-Url: https://codereview.chromium.org/2083573002
Cr-Commit-Position: refs/heads/master@{#37424}
2016-06-30 08:44:46 +00:00
hablich
b1f7f1f4e4 Revert of Amend DataView, ArrayBuffer, and TypedArray methods to use ToIndex. (patchset #8 id:140001 of https://codereview.chromium.org/2090353003/ )
Reason for revert:
Speculative revert to unblock roll: https://codereview.chromium.org/2107223003/

Original issue's description:
> Amend DataView, ArrayBuffer, and TypedArray methods to use ToIndex.
>
> The spec was modified to relax some requirements which implementors had not been
> enforcing. Part of this process involved introducing a new abstract operation
> ToIndex, which had partial overlap with our existing semantics as well as some
> differences (most notably treating undefined as 0). Test262 tests were introduced to
> check for the new semantics, some of which we were failing. This patch amends the
> parts of our implementation corresponding to specification algorithms which use
> ToIndex to follow its semantics precisely.
>
> BUG=v8:4784,v8:5120
>
> Committed: https://crrev.com/09720349ea058d178521ec58d0a5676443a5a132
> Cr-Commit-Position: refs/heads/master@{#37406}

TBR=littledan@chromium.org,adamk@chromium.org,bakkot@google.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4784,v8:5120

Review-Url: https://codereview.chromium.org/2113593002
Cr-Commit-Position: refs/heads/master@{#37417}
2016-06-30 07:39:09 +00:00
jgruber
5febc27b5d [builtins] New frame type for exits to C++ builtins
Prior to this commit, calls to C++ builtins created standard exit
frames, which are skipped when constructing JS stack traces. In order to
show these calls on traces, we introduce a new builtin exit frame type.

Builtin exit frames contain target and new.target on the stack and are
not skipped during stack trace construction.

BUG=v8:4815
R=bmeurer@chromium.org, yangguo@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel;tryserver.v8:v8_linux_nosnap_dbg

Committed: https://crrev.com/3c60c6b105f39344f93a8407f41534e5e60cf19a
Review-Url: https://codereview.chromium.org/2090723005
Cr-Original-Commit-Position: refs/heads/master@{#37384}
Cr-Commit-Position: refs/heads/master@{#37416}
2016-06-30 06:58:23 +00:00
adamk
7166503f6e Do all parsing for try/catch destructuring inside the appropriate scopes
Previously, any expressions inside destructuring patterns in a catch
would be parsed in the surrounding scope, instead of in the catch's
scope. This change fixes that by entering not only the catch scope,
but also the block scope inside it.

R=neis@chromium.org
BUG=v8:5106, v8:5112

Review-Url: https://codereview.chromium.org/2110193002
Cr-Commit-Position: refs/heads/master@{#37415}
2016-06-30 06:52:13 +00:00
gdeepti
8bd1e0dc88 [wasm] Explicitly Disallow heap allocation when wasm memory references are updated
- Enable grow memory tests on 32 bit windows
 - Use handles to module JSObject instead of object pointers

R=ahaas@chromium.org, bradnelson@chromium.org

Review-Url: https://codereview.chromium.org/2105013004
Cr-Commit-Position: refs/heads/master@{#37409}
2016-06-29 23:42:42 +00:00
bakkot
f772c22cd1 Amends the TypedArray constructor to use the path for primitives for all
types of primitives, not just undefined, booleans, numbers, and strings.
(The missing cases were null and Symbol.) This is required by the
specification, and there are test262 tests which we were failing due to
this bug.

BUG=v8:5124

Committed: https://crrev.com/f788bd9cce19815cba746e47bb65abfe25c16208
Review-Url: https://codereview.chromium.org/2096873002
Cr-Original-Commit-Position: refs/heads/master@{#37234}
Cr-Commit-Position: refs/heads/master@{#37407}
2016-06-29 22:23:18 +00:00
bakkot
09720349ea Amend DataView, ArrayBuffer, and TypedArray methods to use ToIndex.
The spec was modified to relax some requirements which implementors had not been
enforcing. Part of this process involved introducing a new abstract operation
ToIndex, which had partial overlap with our existing semantics as well as some
differences (most notably treating undefined as 0). Test262 tests were introduced to
check for the new semantics, some of which we were failing. This patch amends the
parts of our implementation corresponding to specification algorithms which use
ToIndex to follow its semantics precisely.

BUG=v8:4784,v8:5120

Review-Url: https://codereview.chromium.org/2090353003
Cr-Commit-Position: refs/heads/master@{#37406}
2016-06-29 21:18:59 +00:00
bakkot
9bbba1441a Sloppy-mode function declarations in blocks are now hoisted appropriately.
In ES2016, function declarations nested in blocks are formally allowed. This was
never a part of ECMAScript, but was a common extension. Unfortunately
implementations differed in the exact semantics. Annex B.3.3 in the spec tries
to standardize the parts which are common to different implementations, but does
so with some fairly complicated semantics.

This CL addresses three issues related to annex B.3.3:
* When the outer function had a complex parameter list, no hoisting whatsoever was
  being performed.
* Hoisting was not blocked by parameters of the same name.
* Hoisting was not blocked by nested lexical declarations of the same name.

We had tests which checked for the second, but they were incorrectly passing due to
the first. This CL adds more complete tests.

BUG=v8:5151, v8:5111

Review-Url: https://codereview.chromium.org/2099623003
Cr-Commit-Position: refs/heads/master@{#37405}
2016-06-29 20:55:35 +00:00
bradnelson
b218d6448a Adding a few more owners to the wasm directory.
Mircea and Andreas have been making changes to wasm.

R=titzer@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2103793006
Cr-Commit-Position: refs/heads/master@{#37401}
2016-06-29 17:38:30 +00:00
georgia.kouveli
317dc0578f [arm64] Generate adds/ands.
Perform the following transformation:

    | Before           | After               |
    |------------------+---------------------|
    | add w2, w0, w1   | adds w2, w0, w1     |
    | cmp w2, #0x0     | b.<cond'> <addr>    |
    | b.<cond> <addr>  |                     |
    |------------------+---------------------|
    | add w2, w0, w1   | adds w2, w0, w1     |
    | cmp #0x0, w2     | b.<cond'> <addr>    |
    | b.<cond> <addr>  |                     |

and the same for and instructions instead of add.  When the result of the
add/and is not used, generate cmn/tst instead. We need to take care with which
conditions we can handle and what new condition we map them to.

BUG=

Review-Url: https://codereview.chromium.org/2065243005
Cr-Commit-Position: refs/heads/master@{#37400}
2016-06-29 14:57:49 +00:00
yangguo
d5b89c28cf Remove position info from relocation info.
R=mstarzinger@chromium.org
BUG=v8:5117

Review-Url: https://codereview.chromium.org/2109613004
Cr-Commit-Position: refs/heads/master@{#37397}
2016-06-29 13:49:50 +00:00
bmeurer
5927deaaf1 Revert of [builtins] New frame type for exits to C++ builtins (patchset #5 id:80001 of https://codereview.chromium.org/2090723005/ )
Reason for revert:
Looks like this breaks on nosnap: http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap%20-%20debug/builds/7626

Original issue's description:
> [builtins] New frame type for exits to C++ builtins
>
> Prior to this commit, calls to C++ builtins created standard exit
> frames, which are skipped when constructing JS stack traces. In order to
> show these calls on traces, we introduce a new builtin exit frame type.
>
> Builtin exit frames contain target and new.target on the stack and are
> not skipped during stack trace construction.
>
> BUG=v8:4815
> R=bmeurer@chromium.org, yangguo@chromium.org
> CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
>
> Committed: https://crrev.com/3c60c6b105f39344f93a8407f41534e5e60cf19a
> Cr-Commit-Position: refs/heads/master@{#37384}

TBR=yangguo@chromium.org,jgruber@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4815

Review-Url: https://codereview.chromium.org/2106113002
Cr-Commit-Position: refs/heads/master@{#37394}
2016-06-29 12:39:36 +00:00
bmeurer
89c9fc73be [turbofan] Fix non-termination in RedundancyElimination.
A pointer comparison on the effect path states is not sufficient to
guarantee termination; we really need to check the actual nodes to
make sure we terminate properly, similar to what BranchElimination
does.

R=jarin@chromium.org
BUG=v8:5161

Review-Url: https://codereview.chromium.org/2112463002
Cr-Commit-Position: refs/heads/master@{#37389}
2016-06-29 11:58:03 +00:00
titzer
c4588df160 [wasm] Cleanup AST decoder. Remove Tree and TreeResult.
R=ahaas@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2110053002
Cr-Commit-Position: refs/heads/master@{#37387}
2016-06-29 11:40:11 +00:00
bmeurer
e0c87cfce6 [turbofan] Don't eagerly introduce machine operators in JSTypedLowering.
This functionality is duplicated with the same functionality in
SimplifiedLowering, which is kinda premature and doesn't seem to
be useful.

R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2103323003
Cr-Commit-Position: refs/heads/master@{#37386}
2016-06-29 11:13:31 +00:00
jgruber
3c60c6b105 [builtins] New frame type for exits to C++ builtins
Prior to this commit, calls to C++ builtins created standard exit
frames, which are skipped when constructing JS stack traces. In order to
show these calls on traces, we introduce a new builtin exit frame type.

Builtin exit frames contain target and new.target on the stack and are
not skipped during stack trace construction.

BUG=v8:4815
R=bmeurer@chromium.org, yangguo@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review-Url: https://codereview.chromium.org/2090723005
Cr-Commit-Position: refs/heads/master@{#37384}
2016-06-29 11:10:27 +00:00
bmeurer
6f920d7d59 [turbofan] Disallow typing for change/checked operators.
There are no useful typing rules for Change and Checked operators, so we
better make sure we don't run them through the Typer at all.

R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2107783004
Cr-Commit-Position: refs/heads/master@{#37382}
2016-06-29 10:32:19 +00:00
mlippautz
67b5a501db Remove SealHandleScope from TryNumberToSize conversion
This function should also be callable from a concurrent thread, so we cannot use
the scope here. Instead, provide a test that checks that no handles are created.

R=ulan@chromium.org
TEST=cctest/test-conversions/NoHandlesForTryNumberToSize
BUG=

Review-Url: https://codereview.chromium.org/2106083002
Cr-Commit-Position: refs/heads/master@{#37381}
2016-06-29 10:29:16 +00:00
titzer
2f8ed90582 [wasm] Enable wasm frame inspection for debugging
This changes many interfaces to accept StandardFrames instead of
JavaScriptFrames, and use the StackTraceFrameIterator instead of the
JavaScriptFrameIterator.
Also, the detailed frame information array now contains the script in
addition to the function, as wasm frames are not associated to any
javascript function.

This is a rebase of (https://codereview.chromium.org/2069823003/), since clemensh's internship has ended.

R=yangguo@chromium.org,ahaas@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2109093003
Cr-Commit-Position: refs/heads/master@{#37379}
2016-06-29 10:23:09 +00:00
neis
f96be554b9 Fix order of conversions in String.prototype.substr.
The start argument must be converted to an integer before the length argument is
converted.  (Consequently, the start argument is converted even when the length
is 0.)  This matters because conversion is observable.

Also rewrite the function in a way that closely resembles the spec text.

R=littledan@chromium.org
BUG=v8:5140

Review-Url: https://codereview.chromium.org/2109583002
Cr-Commit-Position: refs/heads/master@{#37378}
2016-06-29 09:53:48 +00:00
hpayer
46a365faae [heap] Reland uncommit unused large object page memory.
BUG=

Review-Url: https://codereview.chromium.org/2109943003
Cr-Commit-Position: refs/heads/master@{#37376}
2016-06-29 09:38:45 +00:00
ivica.bogosavljevic
77546feb85 Reland of "Implement WASM big-endian support".
Reland of https://codereview.chromium.org/2034093002 (reverted by
https://codereview.chromium.org/2080153002).

Original commit message:
Implement WASM support on big-endian platforms. WASM has
an implicit requirement that it is running on little-endian
machine. We achieve WASM support on BE by keeping data
in memory in little-endian order, and changing data
endianness before storing to memory and after loading from
memory.

BUG=

Review-Url: https://codereview.chromium.org/2083523002
Cr-Commit-Position: refs/heads/master@{#37373}
2016-06-29 09:26:31 +00:00
zhengxing.li
9a9ffd1370 X87: disable some sin/cos/expm1/tan test cases for x87.
The reason:
  All RunFloat64Sin/RunFloat64Cos/RunFloat64Expm1/RunFloat64Tan/Ieee754.Expm1/Ieee754.Cos/Ieee754.Tan test cases
  use the C++ function to generate the expected value or result. So for x87, all those expected value or result are
  extended double precision as the extended double precision is default for x87 Gcc compiler and std lib on linux platform.

  The issue is:
  For RunFloat64Sin/RunFloat64Cos/RunFloat64Expm1/RunFloat64Tan test cases, the expected values generated by C++ function
  are extended double precision, the results generated by X87 jitted code are double precision according to the ECMA standard.
  The comparison of different precisons caused some of those test cases failed.

  For Ieee754.Expm1/Ieee754.Cos/Ieee754.Tan test cases, the expected values are pre-defined double precision values, the results
  generated by C++ function are extended double precision. The comparison of different precisons caused some of those test cases
  failed too.

  This CL disables RunFloat64Sin/RunFloat64Cos/RunFloat64Expm1/RunFloat64Tan/Ieee754.Expm1/Ieee754.Cos/Ieee754.Tan test cases for x87.

BUG=

Review-Url: https://codereview.chromium.org/2111493002
Cr-Commit-Position: refs/heads/master@{#37371}
2016-06-29 09:02:51 +00:00
epertoso
c0d4bb89a1 [ia32] Fixes a wrong use of Operand in a test.
Operand(reg) -> reg
Operand(reg, 0) -> [reg]

BUG=

Review-Url: https://codereview.chromium.org/2111503002
Cr-Commit-Position: refs/heads/master@{#37370}
2016-06-29 08:53:55 +00:00
neis
40641fbc03 [regexp] Fix writing of lastIndex in JSRegExp::Initialize.
The lastIndex property must be written with the semantics of a strict [[Set]],
so an exception must be thrown when the attributes don't allow writing.  We used
to ignore the attributes.

R=littledan@chromium.org, yangguo@chromium.org
BUG=v8:5138

Review-Url: https://codereview.chromium.org/2109593002
Cr-Commit-Position: refs/heads/master@{#37369}
2016-06-29 08:48:03 +00:00
jochen
356a85be5d Provide a convenience array buffer allocator
BUG=none
R=ulan@chromium.org

Review-Url: https://codereview.chromium.org/2101413002
Cr-Commit-Position: refs/heads/master@{#37365}
2016-06-29 07:42:40 +00:00
machenbach
15498e16c8 [test] Fix status file.
BUG=v8:5161
NOTRY=true
NOTREECHECKS=true
TBR=bmeurer@chromium.org

Review-Url: https://codereview.chromium.org/2111483002
Cr-Commit-Position: refs/heads/master@{#37363}
2016-06-29 07:33:12 +00:00
machenbach
33452e7a05 [test] Skip flaky tests with turbofan
BUG=v8:5161
NOTRY=true
TBR=bmeurer@chromium.org

Review-Url: https://codereview.chromium.org/2107113002
Cr-Commit-Position: refs/heads/master@{#37362}
2016-06-29 07:21:10 +00:00
bmeurer
be32c055f1 [turbofan] Drop the obsolete TypeGuard operator.
The only real use case left for TypeGuard was the renaming inside the
LoadElimination, but this case only occurs in dead code (guarded by a
previous Check), so it's not relevant, and we can drop the TypeGuard
operator completely.

R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2108793003
Cr-Commit-Position: refs/heads/master@{#37361}
2016-06-29 06:36:05 +00:00
jwolfe
1ac0965542 Allow trailing commas in function parameter lists
Add a flag harmony_trailing_commas_in_parameters that allows trailing
commas in function parameter declaration lists and function call
parameter lists. Trailing commas are allowed in parenthetical lists like
`(a, b, c,)` only if the next token is `=>`, thereby making it an arrow
function declaration. Only 1 trailing comma is allowed, not `(a,,)`. A
trailing comma must follow a non-rest parameter, so `(,)` and `(...a,)`
are still SyntaxErrors. However, a trailing comma is allowed after a
spread parameter, e.g. `a(...b,);`.

Add parser tests for all of the above.

BUG=v8:5051
LOG=y

Review-Url: https://codereview.chromium.org/2094463002
Cr-Commit-Position: refs/heads/master@{#37355}
2016-06-29 01:39:10 +00:00
aseemgarg
fa5cb207a1 [wasm] fix loops and if-else to take int type instead of signed
BUG=617526
R=bradnelson@chromium.org
TEST=regress-617526.js

Review-Url: https://codereview.chromium.org/2101923003
Cr-Commit-Position: refs/heads/master@{#37354}
2016-06-29 00:40:32 +00:00
bradnelson
e42983d147 [wasm] Making compare and conditionals more correct.
Comparisons were allowing asm 'int' values in places
that require strict 'signed' or 'unsigned' but not both.

Fixes crash when these make it to asm-wasm.

BUG=599413
BUG=v8:4203
R=aseemgarg@chromium.org

Review-Url: https://codereview.chromium.org/2106683003
Cr-Commit-Position: refs/heads/master@{#37353}
2016-06-28 23:50:14 +00:00
mtrofin
9d6014ad55 Revert "Revert "[wasm] Complete separation of compilation and instantiation""
This reverts commit 1eb1dfabe4.

The original compilation separation change avoided associating a heap
for the wasm instance if memory was not provided, nor needed. The
grow memory CL assumed the old behavior, where a memory buffer was
always present, but may have had a zero size.

The 2CLS  landed shortly after one another. We decided to treat the
grow memory as the race condition winner, so this CL here re-lands
compilation separation, plus adjusts grow memory to deal with
the undefined mem buffer.

BUG=

Review-Url: https://codereview.chromium.org/2102193003
Cr-Commit-Position: refs/heads/master@{#37352}
2016-06-28 23:50:13 +00:00
mtrofin
1eb1dfabe4 Revert "[wasm] Complete separation of compilation and instantiation"
This reverts commit 0c7ee92783.

BUG=

Review-Url: https://codereview.chromium.org/2103983003
Cr-Commit-Position: refs/heads/master@{#37351}
2016-06-28 21:55:35 +00:00
bradnelson
c5856779eb [wasm] Forbid sign mismatch in asm typer.
asm.js forbids mixing signed and unsigned % or /.
We had been allowing these.

Fixes crash.

BUG=618602
BUG=v8:4203
R=aseemgarg@chromium.org

Review-Url: https://codereview.chromium.org/2107683002
Cr-Commit-Position: refs/heads/master@{#37350}
2016-06-28 21:01:36 +00:00
bradnelson
58920e04bc [wasm] Require wasm explicit asm instantiation to be of a function.
We were not checking that the string passed to instantiateFromAsm
contains a function declaration (any declaration was allowed).

Fixes crash.

BUG=620649
BUG=v8:4203
R=aseemgarg@chromium.org

Review-Url: https://codereview.chromium.org/2109533002
Cr-Commit-Position: refs/heads/master@{#37349}
2016-06-28 20:58:28 +00:00
mtrofin
0c7ee92783 [wasm] Complete separation of compilation and instantiation
Support for serializing/deserializing the compiled wasm module.

We want to reuse the javascript snapshotting mechanics, at least in the
short term, when we still use the JS heap for the compiled wasm code.
Given that a module may be compiled in one v8 instance and then
instantiated later, in a different instance, whatever information we need
at instantiation time must also be serializable.

We currently hold on to the un-decoded wasm bytes, for enabling
debugging scenarios. This imposes a ~20% penalty on the memory
requirements of the wasm compiled code. We do not need this data
otherwise, for runtime, and it is sensible to consider eventually loading it
on demand. Therefore, I intentionally avoided relying on it and re-
decoding the wasm module data, and instead saved the information
necessary to support instantiation.

Given how whatever we need to persist must be serializable, the CL
uses a structure made out of serializable objects (fixed arrays mostly)
for storing this information. I preferred going this route rather than
adding more wasm-specific support to the serializer, given that we want
to eventually move off the JS heap, and therefore the serializer.

Additionally, it turns out this extra information is relatively not complex:
minimal structure, little nesting depth, mostly simple data like numbers
or byte blobs, or opaque data like compiled functions.

This CL also moves export compilation ahead of instantiation time.

This change added a helper getter to FixedArray, to make typed retrieval
of elements easier.

BUG=

Review-Url: https://codereview.chromium.org/2094563002
Cr-Commit-Position: refs/heads/master@{#37348}
2016-06-28 20:49:27 +00:00
hpayer
f99f633309 Revert of [heap] Reland uncommit unused large object page memory. (patchset #1 id:1 of https://codereview.chromium.org/2101383002/ )
Reason for revert:
Crashes unbox-double-arrays

Original issue's description:
> [heap] Reland uncommit unused large object page memory.
>
> BUG=
>
> Committed: https://crrev.com/dd0ee5fd11653ba41a292641ccd66ae7cc5a8398
> Cr-Commit-Position: refs/heads/master@{#37341}

TBR=ulan@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review-Url: https://codereview.chromium.org/2106933003
Cr-Commit-Position: refs/heads/master@{#37347}
2016-06-28 20:22:35 +00:00
epertoso
588e15c034 [ia32] Fixes a bug in cmpw.
The opcodes for 'cmpw r/m16, r16' and 'cmpw r16, r/m16' were swapped, causing a few issues when less than/greater than comparison were performed.

Adds a regression test.

BUG=621926

Committed: https://crrev.com/efa7095e3e360fbadbe909d831ac11b268ca26b0
Review-Url: https://codereview.chromium.org/2103713003
Cr-Original-Commit-Position: refs/heads/master@{#37339}
Cr-Commit-Position: refs/heads/master@{#37345}
2016-06-28 18:35:44 +00:00
epertoso
bcdd031590 Revert of [ia32] Fixes a bug in cmpw. (patchset #3 id:40001 of https://codereview.chromium.org/2103713003/ )
Reason for revert:
Causes "buildbot failure in V8 on V8 Linux gcc 4.8, Check"

Original issue's description:
> [ia32] Fixes a bug in cmpw.
>
> The opcodes for 'cmpw r/m16, r16' and 'cmpw r16, r/m16' were swapped, causing a few issues when less than/greater than comparison were performed.
>
> Adds a regression test.
>
> BUG=621926
>
> Committed: https://crrev.com/efa7095e3e360fbadbe909d831ac11b268ca26b0
> Cr-Commit-Position: refs/heads/master@{#37339}

TBR=bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=621926

Review-Url: https://codereview.chromium.org/2106913002
Cr-Commit-Position: refs/heads/master@{#37342}
2016-06-28 17:44:46 +00:00
hpayer
dd0ee5fd11 [heap] Reland uncommit unused large object page memory.
BUG=

Review-Url: https://codereview.chromium.org/2101383002
Cr-Commit-Position: refs/heads/master@{#37341}
2016-06-28 17:41:30 +00:00
epertoso
efa7095e3e [ia32] Fixes a bug in cmpw.
The opcodes for 'cmpw r/m16, r16' and 'cmpw r16, r/m16' were swapped, causing a few issues when less than/greater than comparison were performed.

Adds a regression test.

BUG=621926

Review-Url: https://codereview.chromium.org/2103713003
Cr-Commit-Position: refs/heads/master@{#37339}
2016-06-28 17:23:32 +00:00
gdeepti
ef2f33d6c6 Implement Wasm GrowMemory opcode as a wasm runtime call
- GrowMemory runtime function, tests added to checks if memory can be grown
  and relocation information is updated correctly

R=titzer@chromium.org, bradnelson@chromium.org

Review-Url: https://codereview.chromium.org/2051043002
Cr-Commit-Position: refs/heads/master@{#37338}
2016-06-28 16:49:13 +00:00
nikolaos
61c137c811 Fix bug with re-scoping arrow function parameter initializers
When re-scoping arrow function parameter initializers, temporaries
should be moved from the closure of the old scope to the closure of
the new scope, if necessary.

R=adamk@chromium.org, rossberg@chromium.org
BUG=chromium:622663
LOG=N

Review-Url: https://codereview.chromium.org/2083083007
Cr-Commit-Position: refs/heads/master@{#37335}
2016-06-28 15:10:17 +00:00
yangguo
872c461b00 [snapshot] revisit snapshot API.
This part of the snapshot API should not be in use yet, so we can still
change this. The motivation for this change is:
- Use MaybeHandle where reasonable.
- Remove ambiguity: when we use index to create context from snapshot,
  we should not have a silent fallback if snapshot is not available.
- Symmetry: rename to Context::FromSnapshot to mirror templates.

R=jochen@chromium.org
BUG=chromium:617892

Review-Url: https://codereview.chromium.org/2100073002
Cr-Commit-Position: refs/heads/master@{#37334}
2016-06-28 13:48:05 +00:00
cbruni
6b63d524c2 [keys] support shadowing keys in the KeyAccumulator
This cl fixes the long-standing bug for for-in with shadowing properties.

BUG=v8:705

Review-Url: https://codereview.chromium.org/2081733002
Cr-Commit-Position: refs/heads/master@{#37333}
2016-06-28 13:33:31 +00:00
machenbach
994dc21148 [gn] Use one source of truth for test source files.
This avoids forgetting to add files for either gyp or gn.

While for most executables, this is detected by compilation
errors, for test executables, it can lead to tests silently
not running.

BUG=chromium:474921

Review-Url: https://codereview.chromium.org/2098313002
Cr-Commit-Position: refs/heads/master@{#37331}
2016-06-28 13:24:08 +00:00
ahaas
5e05854019 Reland [heap] Avoid the use of cells to point from code to new-space objects.
The reason for reverting is: This breaks gc-stress bot:
https://chromegw.corp.google.com/i/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot

Abortion of compaction could cause duplicate entries in the typed-old-to-new remembered set. These duplicates could cause a DCHECK to trigger which checks that slots recorded in the remembered set never point to to-space. This reland-CL allows duplicates in the remembered set by removing the DCHECK, and additionally clears entries in the remembered set if objects are moved.

Original issue's description:

Cells were needed originally because there was no typed remembered set to
record direct pointers from code space to new space. A previous
CL (https://codereview.chromium.org/2003553002/) already introduced
the remembered set, this CL uses it.

This CL
* stores direct pointers in code objects, even if the target is in new space,
* records the slot of the pointer in typed-old-to-new remembered set,
* adds a list which stores weak code-to-new-space references,
* adds a test to test-heap.cc for weak code-to-new-space references,
* removes prints in tail-call-megatest.js

Review-Url: https://codereview.chromium.org/2097023002
Cr-Commit-Position: refs/heads/master@{#37325}
2016-06-28 12:36:31 +00:00
bjaideep
75219dad71 PPC64: disable big-array-literal testcase due to stack overflow
Testcase big-array-literal fails with stack overflow error on ppc64,
    increasing stack-size to 1100 resolves the issue, but causes
    other platforms to fail ( https://codereview.chromium.org/2072533002/ ).
    For now, disabling the testcase on ppc64.

R=machenbach@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com

BUG=
LOG=N
NOTRY=true

Review-Url: https://codereview.chromium.org/2098413002
Cr-Commit-Position: refs/heads/master@{#37324}
2016-06-28 12:24:38 +00:00
bmeurer
e607e12ea0 [turbofan] Introduce Float64Pow and NumberPow operators.
Introduce a new machine operator Float64Pow that for now is backed by
the existing MathPowStub to start the unification of Math.pow, and at
the same time address the main performance issue that TurboFan still has
with the imaging-darkroom benchmark in Kraken.

Also migrate the Math.pow builtin itself to a TurboFan builtin and
remove a few hundred lines of hand-written platform code for special
handling of the fullcodegen Math.pow version.

BUG=v8:3599,v8:5086,v8:5157

Review-Url: https://codereview.chromium.org/2103733003
Cr-Commit-Position: refs/heads/master@{#37323}
2016-06-28 10:26:10 +00:00
bmeurer
29da5460fc [arm64] We must not overwrite registers for binop results that are used in frame states.
The ARM64 instruction selector can generate code like this

  negs w0, w1
  b.vs deopt

but then reference the old value of w0 in the frame state, which will
obviously lead to wrong results.

R=jarin@chromium.org
BUG=v8:5158

Review-Url: https://codereview.chromium.org/2103793002
Cr-Commit-Position: refs/heads/master@{#37322}
2016-06-28 10:11:13 +00:00
oth
3bc6cc4fee [interpreter] Streamline bytecode array writing.
Simplify bytecode array writing and remove some now unused bytecode traits
definitions.

BUG=v8:4280
LOG=N

Review-Url: https://codereview.chromium.org/2100793003
Cr-Commit-Position: refs/heads/master@{#37321}
2016-06-28 10:04:52 +00:00
neis
2f0cb3afa3 Fix behavior of throw on yield*.
When calling the throw method on a generator suspended inside a yield*, yield*
in turn tries to call throw on its iterable.  If the iterable does not provide a
throw method, yield* must try to call the return method instead and then throw a
TypeError.  Due to a bug in our desugaring, we never threw the TypeError.

R=adamk@chromium.org
BUG=v8:5132

Review-Url: https://codereview.chromium.org/2094253002
Cr-Commit-Position: refs/heads/master@{#37314}
2016-06-28 07:46:16 +00:00
yangguo
353e1152a5 [liveedit] remove bogus test case.
Removing a bad test case because:
- The test case makes wrong assumptions about compilation. We now
  may run bytecode with the interpreter.
- The test exposes internal implementation details such as pc offset
  of JIT code.
- The test uses a runtime function specially written to cater to, and
  used only by this test. Being unmaintained, this runtime function
  is already returning bogus results, making this test useless.

R=jgruber@chromium.org

Review-Url: https://codereview.chromium.org/2101223002
Cr-Commit-Position: refs/heads/master@{#37312}
2016-06-28 07:40:23 +00:00
neis
41f5f0c0ba Rip out most of our outdated modules implementation.
R=adamk@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2081733004
Cr-Commit-Position: refs/heads/master@{#37311}
2016-06-28 07:25:38 +00:00
neis
6dffb07804 Fix behavior of return on yield*.
When calling the return method on a generator suspended inside a yield*, yield*
in turn calls return on its iterable.  If this results in a "done" iterator,
yield* must return immediately, thus terminating the generator.  For some
reason, we didn't terminate the generator but continued right after the yield*.

R=adamk@chromium.org
BUG=v8:5131

Review-Url: https://codereview.chromium.org/2100093002
Cr-Commit-Position: refs/heads/master@{#37310}
2016-06-28 07:10:54 +00:00
yangguo
610a8cbb51 Use source position table for unoptimized code.
R=bmeurer@chromium.org, jgruber@chromium.org
BUG=v8:5117

Review-Url: https://codereview.chromium.org/2095893002
Cr-Commit-Position: refs/heads/master@{#37309}
2016-06-28 05:52:52 +00:00
bmeurer
f50a601ffa [turbofan] Introduce simplified operator NumberAbs.
Add NumberAbs operator to implement an inline version of Math.abs, that
can be optimized and eliminated. We don't use any speculation here, but
for now stick to the information we can infer (this way we avoid the
inherent deopt loops that Crankshaft has around Math.abs).

CQ_INCLUDE_TRYBOTS=tryserver.blink:linux_blink_rel
R=jarin@chromium.org
BUG=v8:5086

Review-Url: https://codereview.chromium.org/2096403002
Cr-Commit-Position: refs/heads/master@{#37306}
2016-06-28 04:37:02 +00:00
caitpotter88
4efd20ab57 [parser] report error for shorthand property "await" in async arrow formals
In addition to recording the BindingPattern error, also record an
AsyncArrowFormalParameters error for shorthand property "await" in object
literals.

BUG=v8:4483, v8:5148
R=littledan@chromium.org, jwolfe@igalia.com, adamk@chromium.org, nikolaos@chromium.org

Review-Url: https://codereview.chromium.org/2100623002
Cr-Commit-Position: refs/heads/master@{#37302}
2016-06-27 21:12:19 +00:00
ddchen
fd2bf837a5 [wasm] improve handling of malformed inputs
When reading malformed input, the length of variable-length types can be very large. Computing operand length with this and adding it to PC will overflow and screw up decode.

This patch switches to unsigned int for arity and lengths, terminates loop analysis on error, adds overflow checking to BranchTableOperand, and adds a unit test.

Review-Url: https://codereview.chromium.org/2052623003
Cr-Commit-Position: refs/heads/master@{#37301}
2016-06-27 20:37:28 +00:00
bbudge
257336d26a [RegisterConfiguration] Streamline access to arch defaults, simplify Registers.
Replaces ArchDefault method with Crankshaft and Turbofan getters.
Eliminates IsAllocated method on Register, FloatRegister, DoubleRegister.
Eliminates ToString method too.
Changes call sites to access appropriate arch default RegisterConfiguration.

LOG=N
BUG=

Review-Url: https://codereview.chromium.org/2092413002
Cr-Commit-Position: refs/heads/master@{#37297}
2016-06-27 15:31:31 +00:00
ssanfilippo
7d073b03c7 This commit is the first step towards emitting unwinding information in
the .eh_frame format as part of the jitdump generated when
FLAG_perf_prof is enabled. The final goal is allowing precise unwinding
of callchains that include JITted code when profiling V8 using perf.

Unwinding information is stored in the body of code objects after the
code itself, prefixed with its length and aligned to a 8-byte boundary.
A boolean flag in the header signals its presence, resulting in zero
memory overhead when the generation of unwinding info is disabled or
no such information was attached to the code object.

A new jitdump record type (with id 4) is introduced for specifying
optional unwinding information for code load records. The EhFrameHdr
struct is also introduced, together with a constructor to initialise it
from the associated code object.

At this stage no unwinding information is written to the jitdump, but
the infrastructure for doing so is ready in place.

BUG=v8:4899
LOG=N

Review-Url: https://codereview.chromium.org/1993653003
Cr-Commit-Position: refs/heads/master@{#37296}
2016-06-27 15:10:41 +00:00
ivica.bogosavljevic
e1e50f3fff Implement byte swapping instructions on MIPS32 and MIPS64.
BUG=

Review-Url: https://codereview.chromium.org/2069933003
Cr-Commit-Position: refs/heads/master@{#37295}
2016-06-27 14:36:40 +00:00
mstarzinger
4af80298b6 [turbofan] Fix missing lazy deopt in object literals.
This adds a missing lazy bailout point when defining data properties
with computed property names in object literals. The runtime call to
Runtime::kDefineDataPropertyInLiteral can trigger deopts. The necessary
bailout ID already exists and is now properly used.

R=jarin@chromium.org
TEST=mjsunit/regress/regress-crbug-621816
BUG=chromium:621816

Review-Url: https://codereview.chromium.org/2099133003
Cr-Commit-Position: refs/heads/master@{#37294}
2016-06-27 13:56:00 +00:00
ishell
23332fe829 [stubs] Implementing CodeStubAssembler::GetOwnProperty().
This is a building block for GetPropertyStub. It supports querying fast,
slow and global objects without native accessors and interceptors.

BUG=v8:4911
LOG=Y

Review-Url: https://codereview.chromium.org/2079823002
Cr-Commit-Position: refs/heads/master@{#37291}
2016-06-27 12:27:42 +00:00
franzih
7e4c4cb5c5 Fix toString() behavior on proxy objects.
Proxy objects need special treatment in toString(). Usually, we use the
@@toStringTag, if it is set, otherwise we determine the result of toString()
by checking IsArray() and other internal slots. According to
ES2017 19.1.3.6, IsArray() and the internal slots  must be checked first,
then get(@@toStringTag). The result of IsArray() and internal slots is discarded if
@@toStringTag is set. For proxy
objects, we must obey this order, because get() can have side-effects, i.e.,
revoke the proxy. For all other objects, we can skip the check of the
internal slots, if @@toStringTag is set.

BUG=

CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review-Url: https://codereview.chromium.org/2090773006
Cr-Commit-Position: refs/heads/master@{#37289}
2016-06-27 12:12:46 +00:00
bbudge
5107f1c135 [Turbofan] Allow compiler to elide complex aliasing code.
- Add a const bool kSimpleFPAliasing variable for each platform so it's
easier for the compiler to eliminate dead code.
- Modify RegisterAllocator to use it.

LOG=N
BUG=v8:4124

Review-Url: https://codereview.chromium.org/2101473002
Cr-Commit-Position: refs/heads/master@{#37288}
2016-06-27 11:57:51 +00:00
machenbach
1deca4bafd [gn] Add remaining executables to gn
This adds generate-bytecode-expectations and parser_shell.

BUG=chromium:474921
NOTRY=true

Review-Url: https://codereview.chromium.org/2102483002
Cr-Commit-Position: refs/heads/master@{#37287}
2016-06-27 11:57:50 +00:00
jochen
c34cc7a6ff Optionally invoke an interceptor on failed access checks
This superseeds all-can-read/all-can-write properties

BUG=chromium:618305
R=verwaest@chromium.org

Review-Url: https://codereview.chromium.org/2087823002
Cr-Commit-Position: refs/heads/master@{#37286}
2016-06-27 11:49:09 +00:00
franzih
a2dad04f9c Use JS_ERROR_TYPE to check for error objects.
Replace explicit Object::IsErrorObject() and v8::IsNativeError() with macro generated functions Object::IsJSError() and HeapObject::IsJSError().

BUG=

Committed: https://crrev.com/90e4fd136387ca7271d8ea87f4fc667e4f55063b
Cr-Commit-Position: refs/heads/master@{#37244}
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review-Url: https://codereview.chromium.org/2090333002
Cr-Commit-Position: refs/heads/master@{#37279}
2016-06-27 09:34:44 +00:00
ishell
cd18075df7 [ic] Don't pass receiver and name to LoadGlobalIC.
The global object can be loaded from the native context and the name can be loaded in the type feedback metadata.

BUG=chromium:576312

Review-Url: https://codereview.chromium.org/2096653003
Cr-Commit-Position: refs/heads/master@{#37278}
2016-06-27 08:44:53 +00:00
machenbach
a93f1bdb83 [test] Sync unittests gn build
Fix after:
https://codereview.chromium.org/2060743002/
https://codereview.chromium.org/2086653003/

BUG=v8:5086, v8:5092, v8:4124
TBR=bmeurer@chromium.org, yangguo@chromium.org,  bbudge@chromium.org

NOTRY=true

Review-Url: https://codereview.chromium.org/2095313002
Cr-Commit-Position: refs/heads/master@{#37274}
2016-06-27 08:03:54 +00:00
caitpotter88
4bb1f70e66 [parser] don't report error for CoverInitializedNames in async arrow formals
BUG=v8:4483, v8:5148
R=littledan@chromium.org, adamk@chromium.org, jwolfe@igalia.com, nikolaos@chromium.org

Review-Url: https://codereview.chromium.org/2091313002
Cr-Commit-Position: refs/heads/master@{#37260}
2016-06-25 00:39:11 +00:00
bakkot
b2ce1fa20c add use counters for __defineGetter__ failing
We deviate from spec in that, in our implementation, __defineGetter__ on non-
configurable properties returns false instead of throwing a TypeError. This commit
adds a use counter to track how often we would be throwing an error we currently
avoid, to determine if we can change to align with spec or if the spec is not
implementable.

BUG=v8:5070

Review-Url: https://codereview.chromium.org/2089533002
Cr-Commit-Position: refs/heads/master@{#37259}
2016-06-24 22:05:03 +00:00
bakkot
e32d89ce86 Removes unused lines from the test262 status file after roll.
https://crrev.com/d3a95b8a78eefabf884a60bc3d6aac5830b44eb3
The removed tests are a mix of renamed files and tests which have been
removed after the spec was relaxed.

Also marks one test as a test262 failure rather than our failure.

Review-Url: https://codereview.chromium.org/2098833002
Cr-Commit-Position: refs/heads/master@{#37257}
2016-06-24 18:56:07 +00:00
bbudge
a933b7044a [Turbofan] Add the concept of aliasing to RegisterConfiguration.
- Adds the concept of FP register aliasing to RegisterConfiguration.
- Changes RegisterAllocator to distinguish between FP representations
when allocating.
- Changes LinearScanAllocator to detect interference when FP register
aliasing is combining, as on ARM.
- Changes ARM code generation to allow all registers s0 - s31 to be
accessed.
- Adds unit tests for RegisterConfiguration, mostly to test aliasing
calculations.

LOG=N
BUG=v8:4124

Review-Url: https://codereview.chromium.org/2086653003
Cr-Commit-Position: refs/heads/master@{#37251}
2016-06-24 12:45:05 +00:00
machenbach
f0a03f0b94 Revert of Use instance type in Object::IsErrorObject(). (patchset #9 id:160001 of https://codereview.chromium.org/2090333002/ )
Reason for revert:
[Sheriff] Breaks layout tests:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/7700

Please rebase upstream first if intended.

Original issue's description:
> Use JS_ERROR_TYPE to check for error objects.
>
> Replace explicit Object::IsErrorObject() with macro generated functions Object::IsJSError() and HeapObject::IsJSError().
>
> BUG=
>
> Committed: https://crrev.com/90e4fd136387ca7271d8ea87f4fc667e4f55063b
> Cr-Commit-Position: refs/heads/master@{#37244}

TBR=verwaest@chromium.org,jochen@chromium.org,franzih@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review-Url: https://codereview.chromium.org/2092083002
Cr-Commit-Position: refs/heads/master@{#37250}
2016-06-24 11:52:49 +00:00
franzih
90e4fd1363 Use JS_ERROR_TYPE to check for error objects.
Replace explicit Object::IsErrorObject() with macro generated functions Object::IsJSError() and HeapObject::IsJSError().

BUG=

Review-Url: https://codereview.chromium.org/2090333002
Cr-Commit-Position: refs/heads/master@{#37244}
2016-06-24 09:53:14 +00:00
balazs.kilvady
5cda2db7d3 Fix '[tests] Don't test moves between different reps in test-gap-resolver.cc'
Port fc59eb8a7a

Original commit message:
Moves between operands with different representations shouldn't happen,
so don't test them. This makes it easier to modify canonicalization to
differentiate between floating point types, which is needed to support
floating point register aliasing for ARM and MIPS.

This change also expands tests to include explicit FP moves (both register and stack slot).

LOG=N
BUG=v8:4124
BUG=chromium:622619

Review-Url: https://codereview.chromium.org/2090993002
Cr-Commit-Position: refs/heads/master@{#37241}
2016-06-24 08:26:36 +00:00
machenbach
eeeb365b10 [test] Skip flaky tests.
Skip unicodelctest and friends for some turbo and turbo +
ignition variants.

TBR=Benedikt Meurer, rmcilroy
NOTRY=true
NOTREECHECKS=true

Review-Url: https://codereview.chromium.org/2095873002
Cr-Commit-Position: refs/heads/master@{#37239}
2016-06-24 07:06:17 +00:00
machenbach
3f0ada1d84 Revert of Amends the TypedArray constructor to use the path for primitives for all (patchset #3 id:40001 of https://codereview.chromium.org/2096873002/ )
Reason for revert:
[Sheriff] Breaks layout tests. Please rebase upstream if intended:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/7691

Original issue's description:
> Amends the TypedArray constructor to use the path for primitives for all
> types of primitives, not just undefined, booleans, numbers, and strings.
> (The missing cases were null and Symbol.) This is required by the
> specification, and there are test262 tests which we were failing due to
> this bug.
>
> BUG=v8:5124
>
> Committed: https://crrev.com/f788bd9cce19815cba746e47bb65abfe25c16208
> Cr-Commit-Position: refs/heads/master@{#37234}

TBR=littledan@chromium.org,bakkot@google.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5124

Review-Url: https://codereview.chromium.org/2091693004
Cr-Commit-Position: refs/heads/master@{#37236}
2016-06-24 06:34:26 +00:00
adamk
c7eb436d09 Remove all harmony runtime flags which shipped in M51
Flags removed (all begin with "harmony-"):
  function-name
  instanceof
  iterator-close
  unicode-regexps
  regexp-exec
  regexp-subclass
  species

BUG=v8:3566, v8:3648, v8:3699, v8:4093, v8:4447, v8:4602

Review-Url: https://codereview.chromium.org/2096933002
Cr-Commit-Position: refs/heads/master@{#37235}
2016-06-24 01:13:10 +00:00
bakkot
f788bd9cce Amends the TypedArray constructor to use the path for primitives for all
types of primitives, not just undefined, booleans, numbers, and strings.
(The missing cases were null and Symbol.) This is required by the
specification, and there are test262 tests which we were failing due to
this bug.

BUG=v8:5124

Review-Url: https://codereview.chromium.org/2096873002
Cr-Commit-Position: refs/heads/master@{#37234}
2016-06-24 00:27:04 +00:00
bakkot
9f2a18b729 TypedArray.prototype.set uses internal length property, not real one.
TypedArrays store their true length in an internal slot. This is
normally reflected in the .length property, but that property is
configurable. Algorithms which need the length of a typed array are to
use the internal slot, not the property; TypedArray.prototype.set was
not doing this.

BUG=v8:5133

Review-Url: https://codereview.chromium.org/2091153002
Cr-Commit-Position: refs/heads/master@{#37232}
2016-06-23 23:00:24 +00:00
adamk
f795a79010 Rewrite scopes in computed properties in destructured parameters
While we properly handled scopes of initializers in destructured parameters,
we never did the right thing for computed properties. This patch fixes that
by factoring out PatternRewriter's scope rewriting logic and calls it
for the computed property case.

BUG=chromium:620119

Review-Url: https://codereview.chromium.org/2084103002
Cr-Commit-Position: refs/heads/master@{#37228}
2016-06-23 20:47:18 +00:00
littledan
7fdbd6bf10 Reland of Test262 roll (patchset #1 id:1 of https://codereview.chromium.org/2094613004/ )
Reason for revert:
Reland fixing msan and tsan

Original issue's description:
> Revert of Test262 roll (patchset #15 id:280001 of https://codereview.chromium.org/2068263002/ )
>
> Reason for revert:
> Broke msan and tsan; need to add an extra skip
>
> Original issue's description:
> > Test262 roll
> >
> > This roll does not include a test harness change; infrastructure issues
> > still need to be worked out.
> >
> > Committed: https://crrev.com/d3a95b8a78eefabf884a60bc3d6aac5830b44eb3
> > Cr-Commit-Position: refs/heads/master@{#37225}
>
> TBR=adamk@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
>
> Committed: https://crrev.com/8ea2cbea2e65dc506d50a25a81e610f37bc751ec
> Cr-Commit-Position: refs/heads/master@{#37226}

TBR=adamk@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review-Url: https://codereview.chromium.org/2097573003
Cr-Commit-Position: refs/heads/master@{#37227}
2016-06-23 19:34:46 +00:00
littledan
8ea2cbea2e Revert of Test262 roll (patchset #15 id:280001 of https://codereview.chromium.org/2068263002/ )
Reason for revert:
Broke msan and tsan; need to add an extra skip

Original issue's description:
> Test262 roll
>
> This roll does not include a test harness change; infrastructure issues
> still need to be worked out.
>
> Committed: https://crrev.com/d3a95b8a78eefabf884a60bc3d6aac5830b44eb3
> Cr-Commit-Position: refs/heads/master@{#37225}

TBR=adamk@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review-Url: https://codereview.chromium.org/2094613004
Cr-Commit-Position: refs/heads/master@{#37226}
2016-06-23 19:31:28 +00:00
littledan
d3a95b8a78 Test262 roll
This roll does not include a test harness change; infrastructure issues
still need to be worked out.

Review-Url: https://codereview.chromium.org/2068263002
Cr-Commit-Position: refs/heads/master@{#37225}
2016-06-23 18:41:50 +00:00
adamk
7b011fc9db Array splice should only normalize deleted_elements if it's an array
Also slightly expand regression test to end with a return instead of
an exception.

R=cbruni@chromium.org
BUG=chromium:618788

Review-Url: https://codereview.chromium.org/2090193002
Cr-Commit-Position: refs/heads/master@{#37223}
2016-06-23 17:23:20 +00:00
ishell
4f674da2e9 [ic] Don't compile load interceptor handlers for LoadGlobalIC.
As a result LoadGlobalIC requires different slow stubs for each TypeofMode.

This CL is a prerequisite for not passing variable name to LoadGlobalIC:
the interceptor handler is the only kind of handler that requires a name
and therefore LoadGlobalIC dispatcher does not need a variable name as well.

BUG=chromium:576312

Review-Url: https://codereview.chromium.org/2081143002
Cr-Commit-Position: refs/heads/master@{#37222}
2016-06-23 16:51:14 +00:00
vogelheim
25d59e9d48 Revert of Reland [heap] Avoid the use of cells to point from code to new-space objects. (patchset #3 id:40001 of https://codereview.chromium.org/2091733002/ )
Reason for revert:
This breaks gc-stress bot: https://chromegw.corp.google.com/i/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot

#
# Fatal error in ../../src/heap/mark-compact.cc, line 3715
# Check failed: Page::FromAddress(reinterpret_cast<HeapObject*>(*slot)->address()) ->IsFlagSet(Page::PAGE_NEW_NEW_PROMOTION).
#

I can reproduce locally, and local revert also fixes it -> revert.

Reproduce with:
 out/Debug/d8 --test --random-seed=2140216864 --nohard-abort --nodead-code-elimination --nofold-constants --enable-slow-asserts --debug-code --verify-heap --allow-natives-syntax --harmony-tailcalls test/mjsunit/mjsunit.js  test/mjsunit/es6/tail-call-megatest-shard2.js --gc-interval=500 --stress-compaction --concurrent-recompilation-queue-length=64 --concurrent-recompilation-delay=500 --concurrent-recompilation

(Maybe run in loop; it's flaky when broken; but passes reliably w/ revert.)

Original issue's description:
> Reland [heap] Avoid the use of cells to point from code to new-space objects.
>
> The reason for reverting was: [Sheriff] Breaks arm debug:
> https://build.chromium.org/p/client.v8.ports/builders/V8%20Linux%20-%20arm%20-%20sim%20-%20debug/builds/1038.
>
> The problem was the dereferencing of handles for smi checks. It turned out
> that these smi checks can be removed anyways, both on arm and on mips.
>
> Additionally some rebasing was necessary.
>
> Original issue's description:
>
> Cells were needed originally because there was no typed remembered set to
> record direct pointers from code space to new space. A previous
> CL (https://codereview.chromium.org/2003553002/) already introduced
> the remembered set, this CL uses it.
>
> This CL
> * stores direct pointers in code objects, even if the target is in new space,
> * records the slot of the pointer in typed-old-to-new remembered set,
> * adds a list which stores weak code-to-new-space references,
> * adds a test to test-heap.cc for weak code-to-new-space references,
> * removes prints in tail-call-megatest.js
>
> R=mlippautz@chromium.org
>
> Committed: https://crrev.com/5508e16592522658587da71ba6743c8e832fe4d1
> Cr-Commit-Position: refs/heads/master@{#37217}

TBR=mlippautz@chromium.org,ahaas@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review-Url: https://codereview.chromium.org/2090983002
Cr-Commit-Position: refs/heads/master@{#37221}
2016-06-23 16:05:46 +00:00
franzih
e9a93a9c2b Refactor Object.prototype.toString() to use the instance type instead of class_name().
Now we can turn it into a turbofan stub.

Create new instance types JS_ARGUMENTS_TYPE and JS_ERROR_TYPE.

Review-Url: https://codereview.chromium.org/2080243003
Cr-Commit-Position: refs/heads/master@{#37219}
2016-06-23 14:40:47 +00:00
franzih
bdc78957e5 Fix Object.prototype.toString() when @@toStringTag is not a string.
ES2017 draft 19.1.3.6: If @@toStringTag is not a string, Object.prototype.toString()
returns [object Object], except in the following cases:
 - Array
 - String
 - Arguments
 - Function
 - Error
 - Boolean
 - Number
 - Date
 - RegExp.

For anything else, e.g., Maps, Sets, TypedArrays, or the global object, toString() returns
[object Object] if @@toStringTag is absent or not a string. In order to be able to
easily identify the global object in d8, we set @@toStringTag to "global"
for d8.

CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
BUG=

Review-Url: https://codereview.chromium.org/2071343002
Cr-Commit-Position: refs/heads/master@{#37218}
2016-06-23 13:39:59 +00:00
ahaas
5508e16592 Reland [heap] Avoid the use of cells to point from code to new-space objects.
The reason for reverting was: [Sheriff] Breaks arm debug:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Linux%20-%20arm%20-%20sim%20-%20debug/builds/1038.

The problem was the dereferencing of handles for smi checks. It turned out
that these smi checks can be removed anyways, both on arm and on mips.

Additionally some rebasing was necessary.

Original issue's description:

Cells were needed originally because there was no typed remembered set to
record direct pointers from code space to new space. A previous
CL (https://codereview.chromium.org/2003553002/) already introduced
the remembered set, this CL uses it.

This CL
* stores direct pointers in code objects, even if the target is in new space,
* records the slot of the pointer in typed-old-to-new remembered set,
* adds a list which stores weak code-to-new-space references,
* adds a test to test-heap.cc for weak code-to-new-space references,
* removes prints in tail-call-megatest.js

R=mlippautz@chromium.org

Review-Url: https://codereview.chromium.org/2091733002
Cr-Commit-Position: refs/heads/master@{#37217}
2016-06-23 13:14:17 +00:00
rmcilroy
13670e5073 [Interpreter] Add ValueOf intrinsic.
BUG=v8:4822

Review-Url: https://codereview.chromium.org/2097473002
Cr-Commit-Position: refs/heads/master@{#37215}
2016-06-23 12:36:28 +00:00
verwaest
059f2fa101 Cache Object.create maps on the passed prototype's PrototypeInfo
BUG=chromium:603144

Review-Url: https://codereview.chromium.org/2083353002
Cr-Commit-Position: refs/heads/master@{#37214}
2016-06-23 12:18:48 +00:00
ivica.bogosavljevic
42ac51c82e Fix int64 lowering on big-endian architectures.
Lowering of Int64Load, Int64Store, BitcastInt64ToFloat64 and
BitcastFloat64ToInt64 was using LE word ordering in memory,
causing failures on some tests.

BUG=mjsunit/regress/regress-599719,mjsunit/regress/regress-599717

Review-Url: https://codereview.chromium.org/2080213004
Cr-Commit-Position: refs/heads/master@{#37213}
2016-06-23 11:41:07 +00:00
georgia.kouveli
f5d90fc9f2 [arm64] Fix handling of CMN and ADD/SUB with overflow in VisitBinop.
CMN is a flag-setting add operation, and therefore is commutative.
{Add,Sub}WithOverflow generate ADD/SUB instructions that cannot
support a ROR shift.

BUG=

Review-Url: https://codereview.chromium.org/2087233005
Cr-Commit-Position: refs/heads/master@{#37212}
2016-06-23 11:29:20 +00:00
mlippautz
4244b989ca [heap] Modernize all *Page iterators to be proper C++ iterators
As part of the page type unification also unify page iterators. Iterating
over a space works the same for all spaces now (new, old, lo).

Iterating over pages of a space follows now the regular C++ iterator pattern:
- for (auto it = space->begin(); it != space->end(); ++it) {}
- for (Page* p : *space) {}

GC only: Loop supporting unlinking/freeing of a Page on the fly:
  for (auto it = space->begin(); != space->end();) {
    Page* p = *(it++);
    p->Unlink();
  }

For iteration of a range of new space pages use NewSpacePageRange which
also verifies that the range is actually a proper new space page range.

BUG=chromium:581412
LOG=N

Review-Url: https://codereview.chromium.org/2088223002
Cr-Commit-Position: refs/heads/master@{#37210}
2016-06-23 09:57:06 +00:00
ishell
a81c66546e [mips] Fix using signaling NaN for holes in fixed double arrays.
BUG=chromium:620650

Review-Url: https://codereview.chromium.org/2086343002
Cr-Commit-Position: refs/heads/master@{#37207}
2016-06-23 08:27:54 +00:00
mtrofin
0b98dbcc1e [wasm] Consolidate CompileAndRunWasmModule
Remove second wasm module compilation and instantiation path that
we had in CompileAndRunWasmModule and reuse the same path used
by user code.

BUG=

Review-Url: https://codereview.chromium.org/2091533002
Cr-Commit-Position: refs/heads/master@{#37203}
2016-06-22 21:39:14 +00:00
littledan
2601900dda Reland of write scopes of non-simple default arguments (patchset #1 id:1 of https://codereview.chromium.org/2081323006/ )
Reason for revert:
Infra issue appears to be over

TBR=adamk@chromium.org

Original issue's description:
> Revert of Rewrite scopes of non-simple default arguments (patchset #5 id:80001 of https://codereview.chromium.org/2077283004/ )
>
> Reason for revert:
> Seems to close tree (but it could be an infra issue)
>
> Original issue's description:
> > Rewrite scopes of non-simple default arguments
> >
> > Default parameters have additional declaration block scopes inserted
> > around them when something in the function scope calls eval. This
> > patch sets the parent scope of the expressions introduced due to
> > those defaults to the new block scope.
> >
> > R=adamk
> > BUG=chromium:616386
> >
> > Committed: https://crrev.com/0e14baf712955a1993f742647bb2adc293702b80
> > Cr-Commit-Position: refs/heads/master@{#37198}
>
> TBR=adamk@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=chromium:616386
>
> Committed: https://crrev.com/dd50262933d2ac087da32be887a7c18385fd998e
> Cr-Commit-Position: refs/heads/master@{#37201}

TBR=adamk@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:616386

Review-Url: https://codereview.chromium.org/2086353003
Cr-Commit-Position: refs/heads/master@{#37202}
2016-06-22 21:09:57 +00:00
littledan
dd50262933 Revert of Rewrite scopes of non-simple default arguments (patchset #5 id:80001 of https://codereview.chromium.org/2077283004/ )
Reason for revert:
Seems to close tree (but it could be an infra issue)

Original issue's description:
> Rewrite scopes of non-simple default arguments
>
> Default parameters have additional declaration block scopes inserted
> around them when something in the function scope calls eval. This
> patch sets the parent scope of the expressions introduced due to
> those defaults to the new block scope.
>
> R=adamk
> BUG=chromium:616386
>
> Committed: https://crrev.com/0e14baf712955a1993f742647bb2adc293702b80
> Cr-Commit-Position: refs/heads/master@{#37198}

TBR=adamk@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:616386

Review-Url: https://codereview.chromium.org/2081323006
Cr-Commit-Position: refs/heads/master@{#37201}
2016-06-22 19:58:10 +00:00
littledan
0e14baf712 Rewrite scopes of non-simple default arguments
Default parameters have additional declaration block scopes inserted
around them when something in the function scope calls eval. This
patch sets the parent scope of the expressions introduced due to
those defaults to the new block scope.

R=adamk
BUG=chromium:616386

Review-Url: https://codereview.chromium.org/2077283004
Cr-Commit-Position: refs/heads/master@{#37198}
2016-06-22 18:22:18 +00:00
yangguo
8b67a00223 Only count legacy parser usage if legacy parser had effect.
We would otherwise also count if its just trimming whitespaces.

R=adamk@chromium.org
BUG=chromium:618595

Review-Url: https://codereview.chromium.org/2080183003
Cr-Commit-Position: refs/heads/master@{#37197}
2016-06-22 18:07:47 +00:00
nikolaos
b9f682baaf Fix bug with illegal spread as single arrow parameter
R=adamk@chromium.org
BUG=chromium:621496
LOG=N

Review-Url: https://codereview.chromium.org/2084703005
Cr-Commit-Position: refs/heads/master@{#37196}
2016-06-22 18:07:46 +00:00
lpy
04f710ac20 [Reland] Refactor CpuProfiler.
Currently CpuProfiler is a subclass of CodeEventListener, it listens code events
from Logger, constructs and stores CodeEventsContainer. This patch is part of
the effort to split the logic of CodeEventListener as ProfilerListener out of
the profiling functionality logic in CpuProfiler. A ProfilerListener will listen
to code events, construct code event to CodeEventsContainer and pass it to code
event handler.

The reason we refactor CpuProfiler is that eventually we want to move
CpuProfiler as part of sampler library and code event listener should stay
inside V8.

Main changes:
1. Refactored CpuProfiler into two parts, the CpuProfiler with profling
functionality and the ProfilerListener listening to code events from Logger.
2. Created CodeEventObserver and made CpuProfiler inherit from it.
ProfilerListener will have a list of observers and call CodeEventHandler once a
code event is created.
3. Moved code entry list from CodeEntry to ProfilerListener.

Minor changes:
1. Moved static code entry as part of CodeEntry.
2. Added ProfilerListener to Logger.

BUG=v8:4789

Committed: https://crrev.com/cb59fc1facc9b390e2c7544b4da56a4e0a9b3222
Review-Url: https://codereview.chromium.org/2053523003
Cr-Original-Commit-Position: refs/heads/master@{#37112}
Cr-Commit-Position: refs/heads/master@{#37195}
2016-06-22 16:45:51 +00:00
mvstanton
b52f71d57d Gender neutral comments.
BUG=

Review-Url: https://codereview.chromium.org/2085273002
Cr-Commit-Position: refs/heads/master@{#37191}
2016-06-22 14:54:03 +00:00
rmcilroy
485e77519f [Interpreter] Add intrinsics called as stubs.
Adds support for intrinsics which can be called as stubs. Namely:
 - HasProperty
 - MathPow
 - NewObject
 - NumberToString
 - RegExpConstructResult
 - RegExpExec
 - Substring
 - ToString
 - ToName
 - ToLength
 - ToNumber
 - ToObject

Also adds interface descriptors for stub calls which have arguments
passed on the stack.

BUG=v8:4280
LOG=N

Review-Url: https://codereview.chromium.org/2051573002
Cr-Commit-Position: refs/heads/master@{#37185}
2016-06-22 12:22:47 +00:00
mlippautz
7a88ff3cc0 [heap] Filter out stale left-trimmed handles for scavenges
The missing part from
  https://codereview.chromium.org/2078403002/

R=jochen@chromium.org
BUG=chromium:621869
LOG=N

Review-Url: https://codereview.chromium.org/2077353004
Cr-Commit-Position: refs/heads/master@{#37184}
2016-06-22 12:22:46 +00:00
jochen
c7715c2fbe Add HasOwnProperty with array indexes
This way embedders don't have to manually convert them to strings

BUG=chromium:619166
R=verwaest@chromium.org

Review-Url: https://codereview.chromium.org/2085223002
Cr-Commit-Position: refs/heads/master@{#37179}
2016-06-22 10:20:45 +00:00
mlippautz
21b55c4aa5 [heap] Fix check in AdvancePage
Failing to do the right check in AdvancePage results in a crash in a CHECK later
in EnsureCurrentCapacity.

BUG=chromium:620750,chromium:622115
LOG=N
R=jochen@chromium.org

Review-Url: https://codereview.chromium.org/2090013002
Cr-Commit-Position: refs/heads/master@{#37171}
2016-06-22 09:10:09 +00:00
yangguo
6793728528 Use zig-zag encoding in the source position table.
R=vogelheim@chromium.org

Review-Url: https://codereview.chromium.org/2081703002
Cr-Commit-Position: refs/heads/master@{#37170}
2016-06-22 09:06:53 +00:00
yangguo
5eaf4ac48f [debugger] add test case for scope materialization and rest params.
R=jgruber@chromium.org
BUG=v8:4703

Review-Url: https://codereview.chromium.org/2088703002
Cr-Commit-Position: refs/heads/master@{#37169}
2016-06-22 08:35:28 +00:00
bmeurer
a334354288 [turbofan] Add dedicated test for check constant folding.
This adds a dedicated test to make sure we don't try constant folding on
checks (in this case CheckTaggedPointer), which would generate invalid
code as we removing checks that guard the constant without knowing
whether it's safe to do so.

R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2087153002
Cr-Commit-Position: refs/heads/master@{#37168}
2016-06-22 08:20:50 +00:00
bmeurer
c30b854aa3 [turbofan] Some strength reduction on Smi/HeapObject checks.
Let the SimplifiedOperatorReducer perform some strength reduction for
certain CheckTaggedSigned and CheckTaggedPointer inputs (reusing the
existing logic for ObjectIsSmi).

R=jarin@chromium.org
BUG=v8:5141

Review-Url: https://codereview.chromium.org/2080703006
Cr-Commit-Position: refs/heads/master@{#37167}
2016-06-22 07:52:19 +00:00
bmeurer
f54fa4d426 [ieee754] Slightly improve unittests for exp/log.
BUG=v8:3266, v8:3468, v8:3493, v8:5086, v8:5108
R=rtoy@chromium.org

Review-Url: https://codereview.chromium.org/2086663004
Cr-Commit-Position: refs/heads/master@{#37165}
2016-06-22 05:56:06 +00:00
bmeurer
488d6e5f84 [turbofan] x - y < 0 is not equivalent to x < y.
We cannot change x - y < 0 to x < y, because it would only be safe if
x - y cannot overflow, which we don't know in general.

R=jarin@chromium.org
BUG=v8:5129

Review-Url: https://codereview.chromium.org/2090493002
Cr-Commit-Position: refs/heads/master@{#37164}
2016-06-22 05:38:36 +00:00
ritesht
d0b8e7fb54 [wasm] Support undefined indirect table entries, behind a flag.
Add a flag to gate experimental support for dynamic code loading and JITing (at runtime in a wasm module).

Enhancing functionality of the indirect function table to support JITing and dynamic linking by allowing additional space to be filled with an "undefined" function signature.

BUG=v8:5044
LOG=N
TEST=None
R=mtrofin@chromium.org,bradnelson@chromium.org

Review-Url: https://codereview.chromium.org/2049513003
Cr-Commit-Position: refs/heads/master@{#37159}
2016-06-22 00:53:31 +00:00
jwolfe
d8147eb98c Reland: change most cases of variable redeclaration from TypeError to SyntaxError.
Reland of https://codereview.chromium.org/2048703002/

Code like `let a; eval("var a;");` should throw a SyntaxError, not a TypeError
(this caused a test262 failure.). However, the code `eval("function NaN() {}");`
should actually throw a TypeError. This patch changes most cases of
redeclaration errors from TypeError to SyntaxError. See the test
mjsunit/regress/redeclaration-error-types for a thorough analysis with spec
references.

The relevant sections of the spec are ES#sec-globaldeclarationinstantiation and
ES#sec-evaldeclarationinstantiation

BUG=v8:4955
LOG=y
CQ_INCLUDE_TRYBOTS=tryserver.blink:linux_blink_rel
R=adamk

Review-Url: https://codereview.chromium.org/2086063002
Cr-Commit-Position: refs/heads/master@{#37156}
2016-06-21 20:19:59 +00:00
rossberg
271a7f55cd Refactor module builder
- Use ES6 classes and other goodies.
- Make some names match design/spec.
- Remove obsolete generation of END section.

R=bradnelson@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2081973003
Cr-Commit-Position: refs/heads/master@{#37155}
2016-06-21 19:48:16 +00:00
caitpotter88
e45fba811f [parser] only parse async arrow function when necessary
Previously, an async arrow function would be parsed if any valid
ConditionalExpression began with the identifier "async", and its following token
was on the same line.

So for example, `async.bar foo => 1` was parsed as a valid async arrow function.
This patch corrects this behaviour by asserting that the following token is a
valid arrow parameters start.

BUG=v8:4483
R=littledan@chromium.org, henrique.ferreiro@gmail.com

Review-Url: https://codereview.chromium.org/2089733002
Cr-Commit-Position: refs/heads/master@{#37154}
2016-06-21 19:48:15 +00:00
nikolaos
2cabc866ec Fix classifier related bug
R=adamk@chromium.org
BUG=chromium:621111
LOG=N

Review-Url: https://codereview.chromium.org/2086513002
Cr-Commit-Position: refs/heads/master@{#37150}
2016-06-21 16:41:00 +00:00
caitpotter88
36dd4780f0 [test] add FunctionMirror and PromiseMirror tests for async functions
BUG=v8:4483
R=yangguo@chromium.org, littledan@chromium.org

Review-Url: https://codereview.chromium.org/2082023002
Cr-Commit-Position: refs/heads/master@{#37149}
2016-06-21 16:31:52 +00:00
bmeurer
00889cc29c [turbofan] Address the useless overflow bit materialization.
Add control dependencies to Projection and Int32Add/SubWithOverflow
operators, to prevent the scheduler from moving the Projection nodes
into the wrong place. This way the instruction selection can combine
the Int32Add/SubWithOverflow operations with the DeoptimizeIf and/or
DeoptimizeUnless nodes. This needs new operators CheckedInt32Add and
CheckedInt32Sub so that we can delay the actual lowering until the
effect/control linearizer.

This also makes CheckIf operator obsolete, so we can drop it.

R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2082993002
Cr-Commit-Position: refs/heads/master@{#37148}
2016-06-21 15:46:40 +00:00
rmcilroy
76368d0854 [Interpreter] Add a simple dead-code elimination bytecode optimizer.
Adds back simple dead code elimination to the bytecode pipeline.

BUG=v8:4280,chromium:616064

Review-Url: https://codereview.chromium.org/2038083002
Cr-Commit-Position: refs/heads/master@{#37147}
2016-06-21 15:29:24 +00:00
rmcilroy
6003ed0489 Reland: [Interpreter] Map runtime id's to intrinsic id's in InvokeIntrinsic bytecode.
Make intrinsic ids a contiguous set of ids so that the switch statement can build
a table switch rather than doing a large if/else tree.

BUG=v8:4822
LOG=N

Committed: https://crrev.com/36abd28a8d9932eb55d7c2bf3ad5e7cfe3eb99ea
Review-Url: https://codereview.chromium.org/2084623002
Cr-Original-Commit-Position: refs/heads/master@{#37135}
Cr-Commit-Position: refs/heads/master@{#37145}
2016-06-21 14:39:52 +00:00
rossberg
386c747b8a Upgrade Wasm JS API, step 1
Implements:
- WebAssembly object,
- WebAssembly.Module constructor,
- WebAssembly.Instance constructor,
- WebAssembly.compile async method,
- and Module and Instance instance objects.

Also, changes ErrorThrower to support capturing errors in a promise reject.

Since we cannot yet compile without fixing the Wasm memory, and cannot validate a module without compiling, the Module constructor and compile method don't do anything yet but checking that their argument is a suitable BufferSource. Instead of a compiled module, the hidden state of a Module object currently is just that buffer.

BUG=

Review-Url: https://codereview.chromium.org/2084573002
Cr-Commit-Position: refs/heads/master@{#37143}
2016-06-21 12:54:09 +00:00
neis
7c57ffc1df [generators] Implement %GeneratorGetSourcePosition.
This runtime function now also works for Ignition generators. It returns the
source position of the yield at which a suspended generator got suspended.  This
works by storing the current bytecode offset at suspension and using an existing
mechanism to map it back to a source position.

TBR=littledan@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2079613003
Cr-Commit-Position: refs/heads/master@{#37140}
2016-06-21 12:13:39 +00:00
machenbach
1f12208101 Revert of [heap] Avoid the use of cells to point from code to new-space objects. (patchset #7 id:120001 of https://codereview.chromium.org/2045263002/ )
Reason for revert:
[Sheriff] Breaks arm debug:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Linux%20-%20arm%20-%20sim%20-%20debug/builds/1038

Original issue's description:
> [heap] Avoid the use of cells to point from code to new-space objects.
>
> Cells were needed originally because there was no typed remembered set to
> record direct pointers from code space to new space. A previous
> CL (https://codereview.chromium.org/2003553002/) already introduced
> the remembered set, this CL uses it.
>
> This CL
> * stores direct pointers in code objects, even if the target is in new space,
> * records the slot of the pointer in typed-old-to-new remembered set,
> * adds a list which stores weak code-to-new-space references,
> * adds a test to test-heap.cc for weak code-to-new-space references,
> * removes prints in tail-call-megatest.js
>
> R=ulan@chromium.org
>
> Committed: https://crrev.com/2d2087b79a293a92a6ed34a2775e481ff2173b3c
> Cr-Commit-Position: refs/heads/master@{#37134}

TBR=titzer@chromium.org,ulan@chromium.org,ahaas@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review-Url: https://codereview.chromium.org/2087463004
Cr-Commit-Position: refs/heads/master@{#37139}
2016-06-21 12:10:31 +00:00
machenbach
1f81574911 Revert of [Interpreter] Map runtime id's to intrinsic id's in InvokeIntrinsic bytecode. (patchset #3 id:40001 of https://codereview.chromium.org/2084623002/ )
Reason for revert:
[Sheriff] Breaks gc stress:
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/6304

Original issue's description:
> [Interpreter] Map runtime id's to intrinsic id's in InvokeIntrinsic bytecode.
>
> Make intrinsic ids a contiguous set of ids so that the switch statement can build
> a table switch rather than doing a large if/else tree.
>
> BUG=v8:4822
> LOG=N
>
> Committed: https://crrev.com/36abd28a8d9932eb55d7c2bf3ad5e7cfe3eb99ea
> Cr-Commit-Position: refs/heads/master@{#37135}

TBR=epertoso@chromium.org,oth@chromium.org,rmcilroy@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4822

Review-Url: https://codereview.chromium.org/2085823003
Cr-Commit-Position: refs/heads/master@{#37137}
2016-06-21 11:53:00 +00:00
oth
303d340f66 [interpreter] Minor clean-up of BytecodeSourceInfo.
Add explicit state in BytecodeSourceInfo to simplify checks for
validity and whether a statement or expression position.

Remove BytecodeSourceInfo::Update which inherited rules for updating
source position information during bytecode building.

BUG=v8:4280
LOG=N

Review-Url: https://codereview.chromium.org/2048203002
Cr-Commit-Position: refs/heads/master@{#37136}
2016-06-21 11:12:31 +00:00
rmcilroy
36abd28a8d [Interpreter] Map runtime id's to intrinsic id's in InvokeIntrinsic bytecode.
Make intrinsic ids a contiguous set of ids so that the switch statement can build
a table switch rather than doing a large if/else tree.

BUG=v8:4822
LOG=N

Review-Url: https://codereview.chromium.org/2084623002
Cr-Commit-Position: refs/heads/master@{#37135}
2016-06-21 10:55:11 +00:00
ahaas
2d2087b79a [heap] Avoid the use of cells to point from code to new-space objects.
Cells were needed originally because there was no typed remembered set to
record direct pointers from code space to new space. A previous
CL (https://codereview.chromium.org/2003553002/) already introduced
the remembered set, this CL uses it.

This CL
* stores direct pointers in code objects, even if the target is in new space,
* records the slot of the pointer in typed-old-to-new remembered set,
* adds a list which stores weak code-to-new-space references,
* adds a test to test-heap.cc for weak code-to-new-space references,
* removes prints in tail-call-megatest.js

R=ulan@chromium.org

Review-Url: https://codereview.chromium.org/2045263002
Cr-Commit-Position: refs/heads/master@{#37134}
2016-06-21 10:40:45 +00:00
bmeurer
5e0cd389bf [turbofan] MemoryOptimizer cannot deal with dead nodes in use lists.
We need to trim the graph before we execute the MemoryOptimizer, because
that just walks the effect chain from Start to End and cannot deal with
dead nodes in the use lists.

R=jarin@chromium.org
BUG=chromium:614292

Review-Url: https://codereview.chromium.org/2080703003
Cr-Commit-Position: refs/heads/master@{#37133}
2016-06-21 10:40:44 +00:00
ahaas
b5c69cbf39 [builtins] NonNumberToNumber and StringToNumber now use CallRuntime instead of TailCallRuntime
With the tail call, pointers to the JS heap could be pushed on a
js-to-wasm frame. On the js-to-wasm frame, however, this pointer would
not be updated by the GC.

R=bmeurer@chromium.org, v8-arm-ports@googlegroups.com, v8-mips-ports@googlegroups.com
BUG=617084
TEST=mjsunit/wasm/gc-frame.js:GCInJSToWasmTest()

Review-Url: https://codereview.chromium.org/2079393003
Cr-Commit-Position: refs/heads/master@{#37132}
2016-06-21 09:26:54 +00:00
mlippautz
706b3f2730 [heap] Internalize kExternalAllocationLimit
Base the fast-path in AdjustAmountOfExternalMemory on a value + limit. To
preserve the behavior the limit is just set using kExternalAllocationLimit.

Redo naming of related members.

R=jochen@chromium.org
BUG=chromium:621829
LOG=N

Review-Url: https://codereview.chromium.org/2085893002
Cr-Commit-Position: refs/heads/master@{#37131}
2016-06-21 09:26:53 +00:00
bmeurer
7877ddecdb [builtins] Make sure the Math functions and constants agree.
While the EcmaScript specification doesn't define precise values for the
Math constants or the Math functions, we should at least ensure that the
values of the constants and the functions agree, i.e. Math.E should be
exactly the same value as Math.exp(1).

Also make sure that Math.exp(1) returns the expected value; we should
revisit the fdlibm algorithm and figure out why it's wrong in the last
bit.

CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
BUG=chromium:626111,v8:3266,v8:3468,v8:3493,v8:5086,v8:5108
R=yangguo@chromium.org

Review-Url: https://codereview.chromium.org/2079233005
Cr-Commit-Position: refs/heads/master@{#37128}
2016-06-21 07:02:16 +00:00
mtrofin
30e845384b [wasm] No need for ModuleEnv when building import wrappers.
Yanking out in an effort to reduce dependencies. We probably want to
separate codegen into instance-specific and module-generic purpose -
eventually.

BUG=

Review-Url: https://codereview.chromium.org/2085863003
Cr-Commit-Position: refs/heads/master@{#37126}
2016-06-21 06:13:27 +00:00
yangguo
c5ae5bb16b [snapshot] support including templates in the snapshot.
R=jochen@chromium.org, verwaest@chromium.org
BUG=chromium:617892

Review-Url: https://codereview.chromium.org/2076083002
Cr-Commit-Position: refs/heads/master@{#37122}
2016-06-21 05:10:50 +00:00
zhengxing.li
a0c1289b5d X87: Skip slow test.
BUG=

Review-Url: https://codereview.chromium.org/2080693002
Cr-Commit-Position: refs/heads/master@{#37119}
2016-06-21 02:03:57 +00:00
lpy
d6be0bf68a Revert of Refactor CpuProfiler. (patchset #13 id:240001 of https://codereview.chromium.org/2053523003/ )
Reason for revert:
MIPS compilation error.

Original issue's description:
> Refactor CpuProfiler.
>
> Currently CpuProfiler is a subclass of CodeEventListener, it listens code events
> from Logger, constructs and stores CodeEventsContainer. This patch is part of
> the effort to split the logic of CodeEventListener as ProfilerListener out of
> the profiling functionality logic in CpuProfiler. A ProfilerListener will listen
> to code events, construct code event to CodeEventsContainer and pass it to code
> event handler.
>
> The reason we refactor CpuProfiler is that eventually we want to move
> CpuProfiler as part of sampler library and code event listener should stay
> inside V8.
>
> Main changes:
> 1. Refactored CpuProfiler into two parts, the CpuProfiler with profling
> functionality and the ProfilerListener listening to code events from Logger.
> 2. Created CodeEventObserver and made CpuProfiler inherit from it.
> ProfilerListener will have a list of observers and call CodeEventHandler once a
> code event is created.
> 3. Moved code entry list from CodeEntry to ProfilerListener.
>
> Minor changes:
> 1. Moved static code entry as part of CodeEntry.
> 2. Added ProfilerListener to Logger.
>
> BUG=v8:4789
>
> Committed: https://crrev.com/cb59fc1facc9b390e2c7544b4da56a4e0a9b3222
> Cr-Commit-Position: refs/heads/master@{#37112}

TBR=alph@chromium.org,jochen@chromium.org,yangguo@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4789

Review-Url: https://codereview.chromium.org/2079273003
Cr-Commit-Position: refs/heads/master@{#37113}
2016-06-20 17:56:53 +00:00
lpy
cb59fc1fac Refactor CpuProfiler.
Currently CpuProfiler is a subclass of CodeEventListener, it listens code events
from Logger, constructs and stores CodeEventsContainer. This patch is part of
the effort to split the logic of CodeEventListener as ProfilerListener out of
the profiling functionality logic in CpuProfiler. A ProfilerListener will listen
to code events, construct code event to CodeEventsContainer and pass it to code
event handler.

The reason we refactor CpuProfiler is that eventually we want to move
CpuProfiler as part of sampler library and code event listener should stay
inside V8.

Main changes:
1. Refactored CpuProfiler into two parts, the CpuProfiler with profling
functionality and the ProfilerListener listening to code events from Logger.
2. Created CodeEventObserver and made CpuProfiler inherit from it.
ProfilerListener will have a list of observers and call CodeEventHandler once a
code event is created.
3. Moved code entry list from CodeEntry to ProfilerListener.

Minor changes:
1. Moved static code entry as part of CodeEntry.
2. Added ProfilerListener to Logger.

BUG=v8:4789

Review-Url: https://codereview.chromium.org/2053523003
Cr-Commit-Position: refs/heads/master@{#37112}
2016-06-20 17:26:41 +00:00
jpp
4257fdea1e V8. ASM-2-WASM. Another asm-types.h revision.
BUG=

Review-Url: https://codereview.chromium.org/2078053002
Cr-Commit-Position: refs/heads/master@{#37110}
2016-06-20 16:54:41 +00:00
yangguo
0b177bc06c [snapshot] serialize embedder-provided external references.
R=jochen@chromium.org, vogelheim@chromium.org
BUG=chromium:617892

Review-Url: https://codereview.chromium.org/2066993004
Cr-Commit-Position: refs/heads/master@{#37109}
2016-06-20 15:28:26 +00:00
mlippautz
d800a65967 [heap] Filter out stale left-trimmed handles
BUG=chromium:620553
LOG=N
R=jochen@chromium.org

Review-Url: https://codereview.chromium.org/2078403002
Cr-Commit-Position: refs/heads/master@{#37108}
2016-06-20 14:32:15 +00:00
balazs.kilvady
eff959bb55 MIPS: Followup '[turbofan] Introduce new operators Float32SubPreserveNan and Float64SubPreserveNan'.
Port 481502dad9

Float32SubMinusZero and Float64SubMinusZero tests are failing because MIPS does not preserve NaN payload according to Wasm spec. Implemented macro-assembler methods that check for NaN operands, and return the qNaN value with preserved payload and sign bits.

TEST=cctest/test-run-wasm/Run_WasmFloat32SubMinusZero, cctest/test-run-wasm/Run_WasmFloat64SubMinusZero

BUG=

patch from issue 2019693002 at patchset 140001 (http://crrev.com/2019693002#ps140001)

R=ahaas@chromium.org

Review-Url: https://codereview.chromium.org/2066483008
Cr-Commit-Position: refs/heads/master@{#37105}
2016-06-20 13:28:49 +00:00
mlippautz
7d5969da3d Reland "[heap] Add page evacuation mode for new->new"
Adds an evacuation mode that allows moving pages within new space without
copying objects.

Basic idea:
a) Move page within new space
b) Sweep page to make iterable and process ArrayBuffers
c) Finish sweep till next scavenge

Threshold is currently 70% live bytes, i.e., the same threshold we use
to determine fragmented pages.

This reverts commit 2263ee9bf4.

BUG=chromium:581412
LOG=N
CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel

Review-Url: https://codereview.chromium.org/2078863002
Cr-Commit-Position: refs/heads/master@{#37104}
2016-06-20 13:24:12 +00:00
bmeurer
99eb5686e9 [turbofan] Introduce CheckTaggedSigned and CheckTaggedPointer operators.
These are used to check for Smi or HeapObject, and we use them
appropriately in JSNativeContextSpecialization, so we don't need
to introduce dependencies on concrete control flow and/or concrete
frame states.

They will be optimized by a proper check elimination reducer,
which will be added in a separate CL.

R=jarin@chromium.org
BUG=v8:4470

Review-Url: https://codereview.chromium.org/2082523002
Cr-Commit-Position: refs/heads/master@{#37096}
2016-06-20 10:48:55 +00:00
jarin
50d6837ada [turbofan] Only consider inhabited types for constant folding in typed lowering.
BUG=chromium:621423

Review-Url: https://codereview.chromium.org/2084483002
Cr-Commit-Position: refs/heads/master@{#37092}
2016-06-20 07:56:29 +00:00
machenbach
093df3fafc Revert of Implement WASM big-endian support (patchset #5 id:80001 of https://codereview.chromium.org/2034093002/ )
Reason for revert:
[Sheriff] Speculative revert for crashes on chrubuntu chromebooks:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Arm/builds/320

Original issue's description:
> Implement WASM big-endian support.
>
> Implement WASM support on big-endian platforms. WASM has
> an implicit requirement that it is running on little-endian
> machine. We achieve WASM support on BE by keeping data
> in memory in little-endian order, and changing data
> endianness before storing to memory and after loading from
> memory.
>
> BUG=
>
> Committed: https://crrev.com/d3f3f6c8186b2a53f0c539f7bba0c3708c4d83f9
> Cr-Commit-Position: refs/heads/master@{#37065}

TBR=titzer@chromium.org,akos.palfi@imgtec.com,balazs.kilvady@imgtec.com,jyan@ca.ibm.com,ivica.bogosavljevic@imgtec.com
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=

Review-Url: https://codereview.chromium.org/2080153002
Cr-Commit-Position: refs/heads/master@{#37091}
2016-06-20 07:53:35 +00:00
bmeurer
c87168bc8c [builtins] Introduce proper Float64Tan operator.
Import base::ieee754::tan() from fdlibm and introduce Float64Tan TurboFan
operator based on that, similar to what we do for Float64Cos and Float64Sin.
Rewrite Math.tan() as TurboFan builtin and use those operators to also
inline Math.tan() into optimized TurboFan functions.

Drive-by-fix: Kill the %_ConstructDouble intrinsics, and provide only
the %ConstructDouble runtime entry for writing tests.

BUG=v8:5086,v8:5126
R=yangguo@chromium.org

Review-Url: https://codereview.chromium.org/2083453002
Cr-Commit-Position: refs/heads/master@{#37087}
2016-06-20 05:51:52 +00:00
mtrofin
c1d01aea11 [wasm] Separate compilation from instantiation
Compilation of wasm functions happens before instantiation. Imports are linked afterwards, at instantiation time. Globals and memory are also
allocated and then tied in via relocation at instantiation time.

This paves the way for implementing Wasm.compile, a prerequisite to
offering the compiled code serialization feature.

Currently, the WasmModule::Compile method just returns a fixed array
containing the code objects. More appropriate modeling of the compiled module to come.

Opportunistically centralized the logic on how to update memory
references, size, and globals, since that logic is the exact same on each
architecture, except for the actual storing of values back in the
instruction stream.

BUG=v8:5072

Review-Url: https://codereview.chromium.org/2056633002
Cr-Commit-Position: refs/heads/master@{#37086}
2016-06-20 05:23:37 +00:00
bmeurer
c781e83194 [builtins] Introduce proper Float64Cos and Float64Sin.
Import base::ieee754::cos() and base::ieee754::sin() from fdlibm and
introduce Float64Cos and Float64Sin TurboFan operator based on that,
similar to what we do for Float64Log. Rewrite Math.cos() and Math.sin()
as TurboFan builtins and use those operators to also inline Math.cos()
and Math.sin() into optimized TurboFan functions.

CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
R=mvstanton@chromium.org
BUG=v8:5086,v8:5118

Review-Url: https://codereview.chromium.org/2073123002
Cr-Commit-Position: refs/heads/master@{#37072}
2016-06-17 15:24:15 +00:00
ishell
6955c55321 [turbofan] CodeAssembler is now able to generate calls of JavaScript objects.
... and a drive-by-fix of a comment generation in CodeAssembler.

Review-Url: https://codereview.chromium.org/2076953002
Cr-Commit-Position: refs/heads/master@{#37070}
2016-06-17 13:51:12 +00:00
ishell
b98e3949a3 [test] Move CodeAssembler tests to a separate file.
Review-Url: https://codereview.chromium.org/2072813003
Cr-Commit-Position: refs/heads/master@{#37069}
2016-06-17 13:23:14 +00:00
ishell
e4fba99bbb [test] Reduce number of variants that test/mjsunit/es6/tail-call-megatest.js checks.
Review-Url: https://codereview.chromium.org/2073103002
Cr-Commit-Position: refs/heads/master@{#37068}
2016-06-17 12:29:56 +00:00
ivica.bogosavljevic
d3f3f6c818 Implement WASM big-endian support.
Implement WASM support on big-endian platforms. WASM has
an implicit requirement that it is running on little-endian
machine. We achieve WASM support on BE by keeping data
in memory in little-endian order, and changing data
endianness before storing to memory and after loading from
memory.

BUG=

Review-Url: https://codereview.chromium.org/2034093002
Cr-Commit-Position: refs/heads/master@{#37065}
2016-06-17 11:53:24 +00:00
adamk
43a10a0c4a Disable Array.prototype.values
It still seems to break things in the wild, see attached Chromium
bug for details.

BUG=v8:4247, chromium:615873

Review-Url: https://codereview.chromium.org/2076763003
Cr-Commit-Position: refs/heads/master@{#37064}
2016-06-17 10:40:12 +00:00
mvstanton
42279f16af [Math builtins]: Cleanup in ieee754, restoring MSUN version of log2().
Also added comments for the fdlibm.js port of log10, chosen over the MSUN
version for greater precision.

R=bmeurer@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2071823002
Cr-Commit-Position: refs/heads/master@{#37060}
2016-06-17 10:16:54 +00:00
epertoso
c534bd41a0 [x64] Small fixes in the assembler and disassembler.
Disassembler:
added decoding of a few instructions that were previously unsupported, fixed the decoding of pextr.

Assembler:

pmulld(XMMRegister, Operand) was actually emitting a pmuludq.

punpckldq(XMMRegister, XMMRegister) was implemented a second time as punpackldq.

BUG=

Review-Url: https://codereview.chromium.org/2070863002
Cr-Commit-Position: refs/heads/master@{#37059}
2016-06-17 09:28:47 +00:00
mvstanton
4d4eb61111 [builtins] Unify Atanh, Cbrt and Expm1 as exports from flibm.
BUG=v8:5103

Review-Url: https://codereview.chromium.org/2068743002
Cr-Commit-Position: refs/heads/master@{#37058}
2016-06-17 09:14:38 +00:00
jgruber
198e09de5a [builtins] Use BUILTIN frame in DatePrototype_GetField
Construct a BUILTIN frame before throwing an exception from runtime.

R=bmeurer@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2078443002
Cr-Commit-Position: refs/heads/master@{#37053}
2016-06-17 07:44:42 +00:00
jgruber
f47b9e9810 [builtins] Introduce a proper BUILTIN frame type.
This adds a new BUILTIN frame type, which supports variable number of
arguments for builtins implemented in hand-written native code (we will
extend this mechanism to TurboFan builtins at some point). Convert the
Math.max and Math.min builtins to construct a BUILTIN frame if required.

This does not yet work for C++ builtins, but that'll be the next step.

R=bmeurer@chromium.org, jarin@chromium.org
BUG=v8:4815
LOG=n

Review-Url: https://codereview.chromium.org/2069423002
Cr-Commit-Position: refs/heads/master@{#37051}
2016-06-17 07:41:34 +00:00
dpranke
8756f6e90b Update GN build to use v8_target_cpu instead of v8_target_arch.
R=jochen@chromium.org, machenbach@chromium.org, thakis@chromium.org
BUG=chromium:619503

Review-Url: https://codereview.chromium.org/2074003002
Cr-Commit-Position: refs/heads/master@{#37048}
2016-06-17 07:07:30 +00:00
bmeurer
d5f2ac5e33 [builtins] Introduce proper Float64Exp operator.
Import base::ieee754::exp() from FreeBSD msun and introduce a Float64Exp
TurboFan operator based on that, similar to what we do for Float64Log.
Rewrite Math.exp() as TurboFan builtin and use that operator to also
inline Math.exp() into optimized TurboFan functions.

CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
BUG=v8:3266,v8:3468,v8:3493,v8:5086,v8:5108,chromium:620786
R=mvstanton@chromium.org

Committed: https://crrev.com/93e26314afc9da9b5b8bd998688262444ed73260
Review-Url: https://codereview.chromium.org/2077533002
Cr-Original-Commit-Position: refs/heads/master@{#37037}
Cr-Commit-Position: refs/heads/master@{#37047}
2016-06-17 05:20:59 +00:00
martyn.capewell
d3597aee1f [turbofan] Replace shr of masked bits with zero
If (mask >>> s) == 0, ((x & mask) >> s) == 0, so replace the node with zero in
MachineOperatorReducer.

BUG=

Review-Url: https://codereview.chromium.org/2069973002
Cr-Commit-Position: refs/heads/master@{#37046}
2016-06-17 04:49:32 +00:00
mtrofin
273bb58c33 [wasm] memory size is an uint32_t, not a size_t.
BUG=

Review-Url: https://codereview.chromium.org/2077623002
Cr-Commit-Position: refs/heads/master@{#37044}
2016-06-16 22:23:10 +00:00
mlippautz
2263ee9bf4 Revert of [heap] Add page evacuation mode for new->new (patchset #18 id:440001 of https://codereview.chromium.org/1957323003/ )
Reason for revert:
Fragmentation of LABs could result in increasing memory usage (pages) instead of shrinking.

BUG=chromium:620320
LOG=N

Original issue's description:
> [heap] Add page evacuation mode for new->new
>
> Adds an evacuation mode that allows moving pages within new space without
> copying objects.
>
> Basic idea:
> a) Move page within new space
> b) Sweep page to make iterable and process ArrayBuffers
> c) Finish sweep till next scavenge
>
> Threshold is currently 70% live bytes, i.e., the same threshold we use
> to determine fragmented pages.
>
> BUG=chromium:581412
> LOG=N
> CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel
>
> Committed: https://crrev.com/49b23201671b25092a3c22eb85783f39b95a5f87
> Cr-Commit-Position: refs/heads/master@{#36990}

TBR=ulan@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=chromium:581412

Review-Url: https://codereview.chromium.org/2063013005
Cr-Commit-Position: refs/heads/master@{#37042}
2016-06-16 16:55:46 +00:00
machenbach
789b0ad77a Revert of [builtins] Introduce proper Float64Exp operator. (patchset #5 id:80001 of https://codereview.chromium.org/2077533002/ )
Reason for revert:
[Sheriff] Leads to some different rounding as it seems in some audio layout tests. Please rebase upstream first if intended:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/7508

Original issue's description:
> [builtins] Introduce proper Float64Exp operator.
>
> Import base::ieee754::exp() from FreeBSD msun and introduce a Float64Exp
> TurboFan operator based on that, similar to what we do for Float64Log.
> Rewrite Math.exp() as TurboFan builtin and use that operator to also
> inline Math.exp() into optimized TurboFan functions.
>
> BUG=v8:3266,v8:3468,v8:3493,v8:5086,v8:5108
> R=mvstanton@chromium.org
>
> Committed: https://crrev.com/93e26314afc9da9b5b8bd998688262444ed73260
> Cr-Commit-Position: refs/heads/master@{#37037}

TBR=mvstanton@chromium.org,ahaas@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3266,v8:3468,v8:3493,v8:5086,v8:5108

Review-Url: https://codereview.chromium.org/2070813002
Cr-Commit-Position: refs/heads/master@{#37039}
2016-06-16 12:49:53 +00:00
clemensh
6fa656fde2 [wasm] Check for duplicate export names
Without this check, instantiation of the wasm module would fail on
DefineOwnProperty on the exports object for the duplicate export.
Now we detect this as validation error.

R=rossberg@chromium.org, titzer@chromium.org, ahaas@chromium.org

Review-Url: https://codereview.chromium.org/2065043002
Cr-Commit-Position: refs/heads/master@{#37038}
2016-06-16 12:19:04 +00:00
bmeurer
93e26314af [builtins] Introduce proper Float64Exp operator.
Import base::ieee754::exp() from FreeBSD msun and introduce a Float64Exp
TurboFan operator based on that, similar to what we do for Float64Log.
Rewrite Math.exp() as TurboFan builtin and use that operator to also
inline Math.exp() into optimized TurboFan functions.

BUG=v8:3266,v8:3468,v8:3493,v8:5086,v8:5108
R=mvstanton@chromium.org

Review-Url: https://codereview.chromium.org/2077533002
Cr-Commit-Position: refs/heads/master@{#37037}
2016-06-16 12:10:27 +00:00
clemensh
b16d51efa9 [wasm] Make reported "column number" 1-based
We report the byte offset as column number, but devtools assumes them
to be 1-based and subtracts one unconditionally before further
processing it. It's a bit unfortunate, but because of that we have to
just add 1 to the reported column number on the public StackTrace API.

R=ahaas@chromium.org, titzer@chromium.org
BUG=chromium:613110

Review-Url: https://codereview.chromium.org/2071563002
Cr-Commit-Position: refs/heads/master@{#37036}
2016-06-16 12:07:33 +00:00
mvstanton
d9bf520a22 [builtins] Introduce proper Float64Log2 and Float64Log10 operators.
BUG=v8:5095

Review-Url: https://codereview.chromium.org/2063693002
Cr-Commit-Position: refs/heads/master@{#37035}
2016-06-16 11:25:06 +00:00
mstarzinger
e55384b28e [d8] Make exception reporting more resilient.
This makes sure exception reporting done by the debug shell behaves
gracefully even near the stack limit. When line number determination
fails we just fallback to not printing source information.

R=yangguo@chromium.org
TEST=mjsunit/regress/regress-crbug-620253
BUG=chromium:620253

Review-Url: https://codereview.chromium.org/2069543007
Cr-Commit-Position: refs/heads/master@{#37031}
2016-06-16 10:14:08 +00:00
bmeurer
47fb39e4de Revert of [turbofan] Properly handle dictionary maps in the prototype chain. (patchset #1 id:1 of https://codereview.chromium.org/2067423003/ )
Reason for revert:
As discussed offline with Toon, this is not the correct fix here.

Original issue's description:
> [turbofan] Properly handle dictionary maps in the prototype chain.
>
> Dictionary prototypes don't have stable maps, but still don't matter for
> element access. Generalized the JSNativeContextSpecialization a bit to
> handle everything that Crankshaft can handle in this regard.
>
> R=jarin@chromium.org
> BUG=chromium:616709
>
> Committed: https://crrev.com/1c7bdc7f6f4d9512f4982590bd949f265ee9c8c3
> Cr-Commit-Position: refs/heads/master@{#37019}

TBR=jarin@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:616709

Review-Url: https://codereview.chromium.org/2076493002
Cr-Commit-Position: refs/heads/master@{#37029}
2016-06-16 09:17:35 +00:00
machenbach
acfff97cb7 [gn] Fix targets for x86 v8_target_arch
Those were wrongly translated from gyp with ia32. This should
land before renaming v8_target_arch to v8_target_cpu.

BUG=chromium:620527
NOTRY=true
TBR=vogelheim@chromium.org

Review-Url: https://codereview.chromium.org/2065323004
Cr-Commit-Position: refs/heads/master@{#37027}
2016-06-16 08:06:54 +00:00
jarin
a49c4b0a47 [turbofan] Type feedback for numeric comparisons.
Review-Url: https://codereview.chromium.org/2035383003
Cr-Commit-Position: refs/heads/master@{#37024}
2016-06-16 06:37:31 +00:00
bmeurer
1c7bdc7f6f [turbofan] Properly handle dictionary maps in the prototype chain.
Dictionary prototypes don't have stable maps, but still don't matter for
element access. Generalized the JSNativeContextSpecialization a bit to
handle everything that Crankshaft can handle in this regard.

R=jarin@chromium.org
BUG=chromium:616709

Review-Url: https://codereview.chromium.org/2067423003
Cr-Commit-Position: refs/heads/master@{#37019}
2016-06-16 05:27:20 +00:00
gsathya
3624a5e110 Promises: Add regression test for promise resolution with proxy
BUG=v8:5004

Review-Url: https://codereview.chromium.org/2070213002
Cr-Commit-Position: refs/heads/master@{#37015}
2016-06-16 02:00:26 +00:00
mtrofin
c5e3c9bf56 [wasm] Support for memory size relocation for asm-wasm.
Only Intel needed changes, arm and mips work as expected.

BUG=

Review-Url: https://codereview.chromium.org/2061833003
Cr-Commit-Position: refs/heads/master@{#37011}
2016-06-15 16:43:34 +00:00
yangguo
533453f929 [snapshot] support multiple contexts in the same snapshot.
R=jochen@chromium.org, vogelheim@chromium.org
BUG=chromium:617892

Review-Url: https://codereview.chromium.org/2055203002
Cr-Commit-Position: refs/heads/master@{#37008}
2016-06-15 15:39:06 +00:00
alph
9df23510ea Introduce JIT code events dispatcher for the isolate.
The patch introduces a dedicated dispatching class for JIT code events. It is
set as a helper on the isolate.
This allows classes across v8 to break their dependency on Logger and CpuProfiler.
These two became just regular clients of the dispatcher.

BUG=v8:4789

Review-Url: https://codereview.chromium.org/2061623002
Cr-Commit-Position: refs/heads/master@{#37005}
2016-06-15 13:24:26 +00:00
neis
6073a342f9 [interpreter] Teach register optimizer about SuspendGenerator.
When seeing a SuspendGenerator bytecode, the register optimizer must flush its
state.

R=oth@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2071443002
Cr-Commit-Position: refs/heads/master@{#37004}
2016-06-15 13:10:17 +00:00
bmeurer
2267ccb1bb [turbofan] Introduce a dedicated CheckBounds operator.
This CheckBounds simplified operator is similar to the HBoundsCheck in
Crankshaft, and is hooked up to the new type feedback support in the
SimplifiedLowering. We use it to check the index bounds for keyed
property accesses.

Note to perf sheriffs: This will tank quite a few benchmarks, as the
operator makes some redundant branch elimination ineffective for
certain patterns of keyed accesses. This does require more serious
redundancy elimination, which we will do in a separate CL. So ignore
any regressions from this CL, we know there will be a few.

R=jarin@chromium.org
BUG=v8:4470,v8:5100

Committed: https://crrev.com/85e5567dae66a918500ae94c5568221137a0f5d4
Review-Url: https://codereview.chromium.org/2035893004
Cr-Original-Commit-Position: refs/heads/master@{#36947}
Cr-Commit-Position: refs/heads/master@{#37003}
2016-06-15 13:07:22 +00:00
bmeurer
502dd40c33 [turbofan] Introduce CheckHole and CheckHoleNaN operators.
These simplified operators are used to perform the hole checks when
loading elements from a holey array. Depending on the CheckHoleMode,
they either return the hole as undefined or some NaN, or deoptimize
if the value is the hole or the hole NaN.

R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2066223002
Cr-Commit-Position: refs/heads/master@{#37001}
2016-06-15 12:25:27 +00:00
caitpotter88
fd4d385b6d [liveedit]: fail to patch if target is outside of async function on stack
If an active generator is found on the stack (FUNCTION_BLOCKED_UNDER_GENERATOR),
and the target function is not found on top of that generator, add the error.

Based on test by wingo@igalia.com and littledan@chromium.org
(https://codereview.chromium.org/2035643003/)

LOG=N
BUG=v8:4483
R=yangguo@chromium.org, littledan@chromium.org

Review-Url: https://codereview.chromium.org/2058733002
Cr-Commit-Position: refs/heads/master@{#37000}
2016-06-15 12:25:26 +00:00
jarin
14a1a7edf4 [turbofan] Mark side-effect-free calls to string ops as kEliminatable.
Review-Url: https://codereview.chromium.org/2063373003
Cr-Commit-Position: refs/heads/master@{#36996}
2016-06-15 11:39:40 +00:00
mstarzinger
d21b50ad6a [test] Bump stack size of regression test.
This is to make sure the test in question does not run out of stack
space during bootstrapping on any configuration. Our fuzzers take the
test an run it against a broad spectrum of configuration. The new size
of 100 is used throughout our test suite as "the smallest" stack size.

R=jkummerow@chromium.org
TEST=mjsunit/regress/regress-1132
BUG=chromium:619744

Review-Url: https://codereview.chromium.org/2068993002
Cr-Commit-Position: refs/heads/master@{#36995}
2016-06-15 11:19:43 +00:00
alph
231ae291d3 Remove Isolate::cpu_profiler() usage in api.cc
Driveby: some surrounding code refactoring/cleanup.

BUG=v8:4789

Review-Url: https://codereview.chromium.org/2056253003
Cr-Commit-Position: refs/heads/master@{#36993}
2016-06-15 09:59:36 +00:00
yangguo
fc378ce19e Skip mjsunit/harmony/regexp-property-lu-ui for MSAN.
TBR=machenbach@chromium.org
NOTRY=true

Review-Url: https://codereview.chromium.org/2068083002
Cr-Commit-Position: refs/heads/master@{#36991}
2016-06-15 08:25:21 +00:00
mlippautz
49b2320167 [heap] Add page evacuation mode for new->new
Adds an evacuation mode that allows moving pages within new space without
copying objects.

Basic idea:
a) Move page within new space
b) Sweep page to make iterable and process ArrayBuffers
c) Finish sweep till next scavenge

Threshold is currently 70% live bytes, i.e., the same threshold we use
to determine fragmented pages.

BUG=chromium:581412
LOG=N
CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel

Review-Url: https://codereview.chromium.org/1957323003
Cr-Commit-Position: refs/heads/master@{#36990}
2016-06-15 08:19:43 +00:00
jgruber
ae23436cbf [regexp] Experimental support for regexp named captures
Named capture groups may be specified using the /(?<name>pattern)/u
syntax, with named backreferences specified as /\k<name>/u. They're
hidden behind the --harmony-regexp-named-captures flag, and are only
enabled for unicode regexps.

R=yangguo@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2050343002
Cr-Commit-Position: refs/heads/master@{#36986}
2016-06-15 06:49:55 +00:00
bmeurer
ed0039a72e [turbofan] Unify the PlainPrimitive as Number treatment.
Now that we have the PlainPrimitiveToNumber operator(s), we can unify
all the places where we expect a number, but can also safely handle any
plain-primitive (via ToNumber truncation).

Drive-by-fix: Also handle Math.min consistently with Math.max.

R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2064953004
Cr-Commit-Position: refs/heads/master@{#36984}
2016-06-15 05:45:53 +00:00
zhengxing.li
60df7abc28 Use float and double for test cases in test-run-wasm-asmjs.cc
The last 4 test cases in test/cctest/wasm/test-run-wasm-asmjs.cc added by the CL 36911 (https://codereview.chromium.org/2061583002) use float_t and double_t type for WasmRunner.
  For examples: At line 249: WasmRunner<float_t> r(&module, MachineType::Uint32());

  But float_t and double_t depends on FLT_EVAL_METHOD macro of compiler. FLT_EVAL_METHOD is variant on different platform, if the FLT_EVAL_METHOD is 2,  both float_t and double_t will be long
  double and gcc or clang will met error when compiling   WasmRunner<long double> r(&module,MachineType::Uint32());

  For more details, please refer:
  float_t: http://www.cplusplus.com/reference/cmath/float_t/
  FLT_EVAL_METHOD: https://en.wikipedia.org/wiki/C99 check the IEEE 754 floating point support section directly.

  This CL used float and double to replace float_t and double_t to avoid this issue.

BUG=

Review-Url: https://codereview.chromium.org/2066703003
Cr-Commit-Position: refs/heads/master@{#36982}
2016-06-15 01:39:14 +00:00
jpp
201cd479d6 V8. ASM-2-WASM. Changes the asm-types library.
The modifications were necessary to properly represent asm types:

1) fround is no longer an overloaded function.

2) the constructor for MinMaxTypes now takes a return type.

3) Adds pseudo-types for representing the Load/Store types for fp heap views.
BUG=

Review-Url: https://codereview.chromium.org/2069443002
Cr-Commit-Position: refs/heads/master@{#36980}
2016-06-14 23:04:59 +00:00
oleksandr.chekhovskyi
2f6be682ac Parser: Report use counts once per feature
Reporting use counts by invoking a callback once per occurrence has
a large overhead cost in certain situations, for example when it needs
to be dispatched to a different thread (which is the case for Web Workers).

Parsing large scripts can produce a lot of occurrences (strict/sloppy mode
once per function).

Chromium (the only known user of UseCounters so far) does not actually care
about number of occurrences, but simply whether they happened at least once.
This commit changes behavior to report features at most once, which dramatically
improves performance for impacted use cases, and should not affect the only
known real world usage.

R=littledan@chromium.org
BUG=chromium:614775

Review-Url: https://codereview.chromium.org/2062203002
Cr-Commit-Position: refs/heads/master@{#36979}
2016-06-14 21:41:31 +00:00
mtrofin
2d1f977c93 [wasm] Relocatable Globals.
Support for relocatable globals, to facilitate compilation before
instantiation.

BUG=v8:5072

Review-Url: https://codereview.chromium.org/2062003002
Cr-Commit-Position: refs/heads/master@{#36978}
2016-06-14 21:41:30 +00:00
vogelheim
d20e8183b4 Revert of [turbofan] Introduce a dedicated CheckBounds operator. (patchset #5 id:80001 of https://codereview.chromium.org/2035893004/ )
Reason for revert:
Speculative revert since V8 roll is blocked.

Buildbot: https://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_chromeos_rel_ng/builds/228171

Example log: https://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_chromeos_rel_ng/builds/228171/steps/browser_tests%20%28with%20patch%29%20on%20Ubuntu-12.04/logs/CreateNewFolder_FileManagerBrowserTest.Test_0

Failing assert:
#
# Fatal error in ../../v8/src/compiler/node.cc, line 63
# Node::New() Error: #202:DeoptimizeUnless[1] is nullptr
#

(I take it that's a rather generic assert in TF, hence the revert is somewhat sepculative.)

Original issue's description:
> [turbofan] Introduce a dedicated CheckBounds operator.
>
> This CheckBounds simplified operator is similar to the HBoundsCheck in
> Crankshaft, and is hooked up to the new type feedback support in the
> SimplifiedLowering. We use it to check the index bounds for keyed
> property accesses.
>
> Note to perf sheriffs: This will tank quite a few benchmarks, as the
> operator makes some redundant branch elimination ineffective for
> certain patterns of keyed accesses. This does require more serious
> redundancy elimination, which we will do in a separate CL. So ignore
> any regressions from this CL, we know there will be a few.
>
> R=jarin@chromium.org
> BUG=v8:4470,v8:5100
>
> Committed: https://crrev.com/85e5567dae66a918500ae94c5568221137a0f5d4
> Cr-Commit-Position: refs/heads/master@{#36947}

TBR=jarin@chromium.org,bmeurer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4470,v8:5100

Review-Url: https://codereview.chromium.org/2064163002
Cr-Commit-Position: refs/heads/master@{#36975}
2016-06-14 16:09:41 +00:00
yangguo
a8e88eaab8 [regexp] implement \p{Any}, \p{Ascii}, and \p{Assigned}.
R=littledan@chromium.org, mathias@qiwi.be
BUG=v8:4743

Committed: https://crrev.com/92bfd13457c80f02be01551f4ea9a5badfe0e4c4
Review-Url: https://codereview.chromium.org/2059113002
Cr-Original-Commit-Position: refs/heads/master@{#36969}
Cr-Commit-Position: refs/heads/master@{#36974}
2016-06-14 15:16:56 +00:00
yangguo
3fe12ef8fa Revert of [regexp] implement \p{Any}, \p{Ascii}, and \p{Assigned}. (patchset #3 id:40001 of https://codereview.chromium.org/2059113002/ )
Reason for revert:
compile failure

Original issue's description:
> [regexp] implement \p{Any}, \p{Ascii}, and \p{Assigned}.
>
> R=littledan@chromium.org, mathias@qiwi.be
> BUG=v8:4743
>
> Committed: https://crrev.com/92bfd13457c80f02be01551f4ea9a5badfe0e4c4
> Cr-Commit-Position: refs/heads/master@{#36969}

TBR=littledan@chromium.org,mathias@qiwi.be
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4743

Review-Url: https://codereview.chromium.org/2065083002
Cr-Commit-Position: refs/heads/master@{#36970}
2016-06-14 14:01:58 +00:00
yangguo
92bfd13457 [regexp] implement \p{Any}, \p{Ascii}, and \p{Assigned}.
R=littledan@chromium.org, mathias@qiwi.be
BUG=v8:4743

Review-Url: https://codereview.chromium.org/2059113002
Cr-Commit-Position: refs/heads/master@{#36969}
2016-06-14 13:55:54 +00:00
mlippautz
d6473f5c14 [Heap] Fix comparing against new space top pointer
See bug description.

BUG=chromium:619382
LOG=N
R=ulan@chromium.org

Review-Url: https://codereview.chromium.org/2065063002
Cr-Commit-Position: refs/heads/master@{#36968}
2016-06-14 13:52:01 +00:00
ishell
d9e8764f81 [ic] Split LoadIC into LoadGlobalIC and LoadIC.
The former will handle loads of predeclared global variables (vars and
functions), lets, consts and undeclared variables. The latter will handle
named loads from explicit receiver. In addition, named loads does not
depend of the TypeofMode.

TypeofMode related cleanup will be done in the follow-up CL.

BUG=chromium:576312
LOG=Y
TBR=bmeurer@chromium.org

Review-Url: https://codereview.chromium.org/1912633002
Cr-Commit-Position: refs/heads/master@{#36965}
2016-06-14 13:21:28 +00:00
bbudge
fc59eb8a7a [tests] Don't test moves between different reps in test-gap-resolver.cc
Moves between operands with different representations shouldn't happen,
so don't test them. This makes it easier to modify canonicalization to
differentiate between floating point types, which is needed to support
floating point register aliasing for ARM and MIPS.

This change also expands tests to include explicit FP moves (both register and stack slot).

LOG=N
BUG=v8:4124

Review-Url: https://codereview.chromium.org/2060273003
Cr-Commit-Position: refs/heads/master@{#36963}
2016-06-14 12:27:51 +00:00
cbruni
dc2e3069e7 Reland of place all remaining Oddball checks with new function (patchset #1 id:1 of https://codereview.chromium.org/2060213002/ )
Reason for revert:
Cannot reproduce gc-stress failures locally.

Original issue's description:
> Revert of Replace all remaining Oddball checks with new function (patchset #10 id:180001 of https://codereview.chromium.org/2043183003/ )
>
> Reason for revert:
> failing tests
>
> Original issue's description:
> > Replace all remaining Oddball checks with new function
> >
> > This CL removes the IsUndefined() and Co. methods from Object and HeapObject.
> > The new method all take the isolate as parameter.
> >
> > BUG=
> >
> > Committed: https://crrev.com/ccefb3ae5fe967288d568013fb04e8761eafebc5
> > Cr-Commit-Position: refs/heads/master@{#36921}
>
> TBR=mstarzinger@chromium.org,verwaest@chromium.org,yangguo@chromium.org,ahaas@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=
>
> Committed: https://crrev.com/33b8bc24a12fb062100c0be84456faeb0b9fa5d1
> Cr-Commit-Position: refs/heads/master@{#36923}

TBR=mstarzinger@chromium.org,verwaest@chromium.org,yangguo@chromium.org,ahaas@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2059173002
Cr-Commit-Position: refs/heads/master@{#36957}
2016-06-14 10:09:38 +00:00
machenbach
c1b2499027 [gn] Improve sharing common configuration
This moves common configs used by all v8 targets into
common templates.

This also fixes using v8_optimized_debug correctly in
executables and components.

BUG=chromium:474921
NOTRY=true

Review-Url: https://codereview.chromium.org/2054803003
Cr-Commit-Position: refs/heads/master@{#36956}
2016-06-14 10:09:37 +00:00
adamk
56ea2f9731 Array.prototype.slice should only normalize result if it's an array
R=cbruni@chromium.org
BUG=chromium:618788

Review-Url: https://codereview.chromium.org/2058013002
Cr-Commit-Position: refs/heads/master@{#36955}
2016-06-14 09:39:23 +00:00
jarin
6470ddadf9 [turbofan] Prevent storing signalling NaNs into holey double arrays.
This introduces SilenceNaN operator, which makes sure that we only
store quiet NaNs into holey arrays. We omit the NaN silencing code
at instruction selection time if the input is an operation that
cannot possibly produce signalling NaNs.

BUG=

Review-Url: https://codereview.chromium.org/2060233002
Cr-Commit-Position: refs/heads/master@{#36950}
2016-06-14 08:24:43 +00:00
bmeurer
85e5567dae [turbofan] Introduce a dedicated CheckBounds operator.
This CheckBounds simplified operator is similar to the HBoundsCheck in
Crankshaft, and is hooked up to the new type feedback support in the
SimplifiedLowering. We use it to check the index bounds for keyed
property accesses.

Note to perf sheriffs: This will tank quite a few benchmarks, as the
operator makes some redundant branch elimination ineffective for
certain patterns of keyed accesses. This does require more serious
redundancy elimination, which we will do in a separate CL. So ignore
any regressions from this CL, we know there will be a few.

R=jarin@chromium.org
BUG=v8:4470,v8:5100

Review-Url: https://codereview.chromium.org/2035893004
Cr-Commit-Position: refs/heads/master@{#36947}
2016-06-14 06:12:06 +00:00
jpp
73eacf6b90 V8. ASM-2-WASM. New type system.
This CL introduces the new type system for the ASM
type-checker/validator.

BUG=

Review-Url: https://codereview.chromium.org/2045703007
Cr-Commit-Position: refs/heads/master@{#36942}
2016-06-13 20:44:53 +00:00
littledan
85c2c8d847 Revert of change most cases of variable redeclaration from TypeError to SyntaxError (patchset #8 id:140001 of https://codereview.chromium.org/2048703002/ )
Reason for revert:
This is going to break the LayoutTest inspector-protocol/console/console-let-const-with-api.html as seen in https://build.chromium.org/p/tryserver.v8/builders/v8_linux_blink_rel/builds/2247 . Please run this test manually, using instructions at https://www.chromium.org/developers/testing/webkit-layout-tests , and fix on the Chrome side if needed before resubmitting this patch.

Original issue's description:
> change most cases of variable redeclaration from TypeError to SyntaxError.
>
> Code like `let a; eval("var a;");` should throw a SyntaxError, not a TypeError
> (this caused a test262 failure.). However, the code `eval("function NaN() {}");`
> should actually throw a TypeError. This patch changes most cases of
> redeclaration errors from TypeError to SyntaxError. See the test
> mjsunit/regress/redeclaration-error-types for a thorough analysis with spec
> references.
>
> The relevant sections of the spec are ES#sec-globaldeclarationinstantiation and
> ES#sec-evaldeclarationinstantiation
>
> BUG=v8:4955
> LOG=y
>
> Committed: https://crrev.com/2b787561763d0f7e8dab698652715a742cf78291
> Cr-Commit-Position: refs/heads/master@{#36940}

TBR=adamk@chromium.org,jwolfe@igalia.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4955

Review-Url: https://codereview.chromium.org/2064793002
Cr-Commit-Position: refs/heads/master@{#36941}
2016-06-13 18:23:57 +00:00
jwolfe
2b78756176 change most cases of variable redeclaration from TypeError to SyntaxError.
Code like `let a; eval("var a;");` should throw a SyntaxError, not a TypeError
(this caused a test262 failure.). However, the code `eval("function NaN() {}");`
should actually throw a TypeError. This patch changes most cases of
redeclaration errors from TypeError to SyntaxError. See the test
mjsunit/regress/redeclaration-error-types for a thorough analysis with spec
references.

The relevant sections of the spec are ES#sec-globaldeclarationinstantiation and
ES#sec-evaldeclarationinstantiation

BUG=v8:4955
LOG=y

Review-Url: https://codereview.chromium.org/2048703002
Cr-Commit-Position: refs/heads/master@{#36940}
2016-06-13 18:14:41 +00:00
gsathya
e681eea1f1 Parser: Desugar default derived constructor to spread/rest
This patch declares a new rest parameter for the derived constructor,
and passes it to base constructor after calling PrepareSpreadArguments.

This patch also updates the test262.status to account for
the now passing test.

BUG=v8:4890

Review-Url: https://codereview.chromium.org/2056993004
Cr-Commit-Position: refs/heads/master@{#36939}
2016-06-13 18:10:06 +00:00
caitpotter88
1a30866239 [interpreter] support async functions in Ignition
BUG=v8:4483, v8:4907, 618603
LOG=N
R=neis@chromium.org, yangguo@chromium.org, littledan@chromium.org

Review-Url: https://codereview.chromium.org/2051423003
Cr-Commit-Position: refs/heads/master@{#36938}
2016-06-13 17:21:19 +00:00
nikolaos
cdec5e8d26 Remove erroneous DCHECK related to expression classifiers
It seems that I forgot to remove the DCHECK when refactoring this
function, even though the comment had it right.  It also seems that
this is hard to trigger.  The minimal example I found, after fuzzer's
bug, was:

   eval, x[eval]

R=adamk@chromium.org
BUG=chromium:619476
LOG=N

Review-Url: https://codereview.chromium.org/2058413002
Cr-Commit-Position: refs/heads/master@{#36929}
2016-06-13 12:34:19 +00:00
cbruni
33b8bc24a1 Revert of Replace all remaining Oddball checks with new function (patchset #10 id:180001 of https://codereview.chromium.org/2043183003/ )
Reason for revert:
failing tests

Original issue's description:
> Replace all remaining Oddball checks with new function
>
> This CL removes the IsUndefined() and Co. methods from Object and HeapObject.
> The new method all take the isolate as parameter.
>
> BUG=
>
> Committed: https://crrev.com/ccefb3ae5fe967288d568013fb04e8761eafebc5
> Cr-Commit-Position: refs/heads/master@{#36921}

TBR=mstarzinger@chromium.org,verwaest@chromium.org,yangguo@chromium.org,ahaas@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review-Url: https://codereview.chromium.org/2060213002
Cr-Commit-Position: refs/heads/master@{#36923}
2016-06-13 11:40:35 +00:00
cbruni
ccefb3ae5f Replace all remaining Oddball checks with new function
This CL removes the IsUndefined() and Co. methods from Object and HeapObject.
The new method all take the isolate as parameter.

BUG=

Review-Url: https://codereview.chromium.org/2043183003
Cr-Commit-Position: refs/heads/master@{#36921}
2016-06-13 10:21:02 +00:00
cbruni
8a88fc142f [arrays] Fix %GetArrayKeys for special element kinds
Array.prototype.sort would not work properly on sloppy arguments of size > 2.

BUG=chromium:618613

Review-Url: https://codereview.chromium.org/2051413004
Cr-Commit-Position: refs/heads/master@{#36920}
2016-06-13 10:07:03 +00:00
mstarzinger
e95cfafb67 Fix arguments object stubs for large arrays.
This fixes FastNewStrictArgumentsStub and FastNewRestParameterStub to no
longer assume that the strict arguments object being allocated will fit
into new-space. The case where said object needs to move to large object
space is now handled in the runtime.

R=bmeurer@chromium.org
TEST=mjsunit/regress/regress-crbug-614727
BUG=chromium:614727

Review-Url: https://codereview.chromium.org/2054853002
Cr-Commit-Position: refs/heads/master@{#36917}
2016-06-13 08:25:43 +00:00
bmeurer
89d8c57b9c [builtins] Introduce proper Float64Atan and Float64Atan2 operators.
Import base::ieee754::atan() and base::ieee754::atan2() from fdlibm and
introduce Float64Atan and Float64Atan2 TurboFan operators based on those,
similar to what we already did for Float64Log and Float64Log1p. Rewrite
Math.atan() and Math.atan2() as TurboFan builtin and use the operators
to also inline Math.atan() and Math.atan2() into optimized TurboFan functions.

R=yangguo@chromium.org
BUG=v8:5086,v8:5095

Review-Url: https://codereview.chromium.org/2065503002
Cr-Commit-Position: refs/heads/master@{#36916}
2016-06-13 07:08:17 +00:00
bmeurer
7ceed92ac0 [builtins] Introduce proper Float64Log1p operator.
Import base::ieee754::log1p() from fdlibm and introduce a Float64Log1p
TurboFan operator based on that, similar to what we do for Float64Log.
Rewrite Math.log1p() as TurboFan builtin and use that operator to also
inline Math.log1p() into optimized TurboFan functions.

Also unify the handling of the special IEEE 754 functions somewhat in
the TurboFan backends. At some point we can hopefully express this
completely in the InstructionSelector (once we have an idea what to do
with the ST(0) return issue on IA-32/X87).

Drive-by-fix: Add some more test coverage for the log function.

R=yangguo@chromium.org
BUG=v8:5086,v8:5092

Review-Url: https://codereview.chromium.org/2060743002
Cr-Commit-Position: refs/heads/master@{#36914}
2016-06-13 05:48:02 +00:00
mtrofin
8e1ccba3b0 [turbofan] Retiring Greedy Allocator
We were able to achieve our goals for register allocation independent of
the allocation algorithm. Performance data so far is inconclusive re. the
value of the Greedy algorithm, compared to the particular Linear Scan
implementation we're currently using, and the performance measurement
techniques we currently use are too imprecise to help with this matter.

Retiring the algorithm to lower maintenance and evolution cost (e.g. lower
cost of adding aliasing support). Once we improve benchmarking stability,
and establish a suite sensitive enough for codegen improvement studies,
we may revive the algorithm, should the need arise.

BUG=

Review-Url: https://codereview.chromium.org/2060673002
Cr-Commit-Position: refs/heads/master@{#36912}
2016-06-13 04:24:12 +00:00
mtrofin
8c1ba59aee RelocInfo modes were not propagated when computing
MemoryOperands, on IA32. This needed to be fixed so that we can
compile wasm code before creating instances, since the compiled code
needs to be patched up for memory and globals references.

This surfaces in asm-to-wasm scenarios.

Added testing (rather, enhanced existing tests).
Note patch#1 where we fail on ia32, and patch#2 with the fix.

BUG=v8:5072

Review-Url: https://codereview.chromium.org/2061583002
Cr-Commit-Position: refs/heads/master@{#36911}
2016-06-13 04:21:16 +00:00
peria
7a3150d13d Make String::CanMakeExternal ignore the length of new strings.
It is expected that temporarily used strings die while they are
in new heap.  So we can avoid to pay a heavy cost to externalize
them.  If they are used for times, externalization will happen
when they move to an old heap.

BUG=chrmoium:606093

Review-Url: https://codereview.chromium.org/2046933002
Cr-Commit-Position: refs/heads/master@{#36907}
2016-06-11 05:13:08 +00:00
littledan
5d7b9ece16 Async/await event listener test
This patch adds a test for async/await analogous to a previous Promise test.
It also fixes a typo in promise.js and makes a previous Promise test more
correct by ensuring that all assertions run before completion, fixing the
test expectations for the real result (which seems correct).

BUG=v8:4483
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review-Url: https://codereview.chromium.org/2037653002
Cr-Commit-Position: refs/heads/master@{#36903}
2016-06-10 19:15:35 +00:00
neis
6e700b7f76 [interpreter] Fix debug stepping for generators.
In commit b3bfc0bd58, I corrected the source
position of yield-exceptions by not setting the "return position" on returns
that correspond to yields. It turns out that this caused a bug with debug
stepping. The proper fix is to keep the return position on those returns but
additionally attach the yield's source position to the Throw emitted in
VisitYield.

R=rmcilroy@chromium.org, yangguo@chromium.org
BUG=v8:4907

Review-Url: https://codereview.chromium.org/2051783002
Cr-Commit-Position: refs/heads/master@{#36896}
2016-06-10 13:30:20 +00:00
neis
6899f878ac [generators] Improve a test.
R=mstarzinger@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2056283002
Cr-Commit-Position: refs/heads/master@{#36895}
2016-06-10 13:27:27 +00:00
ulan
29b695ef13 Tune the memory pressure handler to perform a second GC immediately
after the first GC if time allows and there is memory to be freed.

BUG=chromium:618958
LOG=NO

Review-Url: https://codereview.chromium.org/2057103002
Cr-Commit-Position: refs/heads/master@{#36894}
2016-06-10 13:18:47 +00:00
jkummerow
3b87e9aa03 Fix stale IC::receiver_map_ after prototype fastification
BUG=chromium:618845

Review-Url: https://codereview.chromium.org/2058063002
Cr-Commit-Position: refs/heads/master@{#36891}
2016-06-10 11:43:33 +00:00
yangguo
6f6f1f62ea [snapshot] make snapshot sink a non-dynamic member of the serializer.
R=vogelheim@chromium.org

Review-Url: https://codereview.chromium.org/2052433003
Cr-Commit-Position: refs/heads/master@{#36890}
2016-06-10 11:26:54 +00:00
yangguo
75aada429e [snapshot] pass arguments as pointers, not references.
R=vogelheim@chromium.org

Review-Url: https://codereview.chromium.org/2051043003
Cr-Commit-Position: refs/heads/master@{#36887}
2016-06-10 10:59:04 +00:00
oth
85882a6320 [interpreter] Remove OperandScale from front stages of pipeline.
BUG=v8:4280
LOG=N

Review-Url: https://codereview.chromium.org/2041913002
Cr-Commit-Position: refs/heads/master@{#36885}
2016-06-10 10:36:38 +00:00
jarin
2890137bdc [turbofan] Introduce PlainPrimitiveToNumber.
This should solve the problem with missing checkpoints after JSToNumber
(PlainPrimitiveToNumber is marked no-write, so the frame-state
propagation should see through it.)

Unfortunately, this also duplicates the word32- and float64-truncation
magic that we have for JSToNumber in "simplified lowering".

Review-Url: https://codereview.chromium.org/2059653002
Cr-Commit-Position: refs/heads/master@{#36881}
2016-06-10 07:45:23 +00:00
bmeurer
d0c7775d7c [builtins] Introduce proper base::ieee754::log.
This switches Math.log to use an fdlibm based version of log, imported
as base::ieee754::log, and use that consistently everywhere, i.e. change
the Float64Log TurboFan operators on Intel to use the C++ implementation
as well (same for Crankshaft).

R=yangguo@chromium.org
BUG=v8:5065,v8:5086

Review-Url: https://codereview.chromium.org/2053893003
Cr-Commit-Position: refs/heads/master@{#36880}
2016-06-10 05:54:12 +00:00
yangguo
e5760c0808 [snapshot] introduce SnapshotCreator API.
And use it to implement existing the existing snapshot API.

R=jochen@chromium.org, vogelheim@chromium.org
BUG=chromium:617892

Review-Url: https://codereview.chromium.org/2046423002
Cr-Commit-Position: refs/heads/master@{#36879}
2016-06-10 05:47:47 +00:00
oth
af10c45ef2 [interpreter] Compilation fix in bytecode source position tester.
TBR=rmcilroy@chromium.org
BUG=chromium:618757
LOG=N

Review-Url: https://codereview.chromium.org/2052993002
Cr-Commit-Position: refs/heads/master@{#36875}
2016-06-09 19:13:20 +00:00
lpy
2fd55667a6 Move hashmap into src/base.
We ported hashmap.h into libsampler as a workaround before, so the main focus of
this patch is to reduce code duplication. This patch moves the hashmap into
src/base as well as creates DefaultAllocationPolicy using malloc and free.

BUG=v8:5050
LOG=n

Review-Url: https://codereview.chromium.org/2010243003
Cr-Commit-Position: refs/heads/master@{#36873}
2016-06-09 18:00:31 +00:00
ishell
9dc62d2721 [ic] [stubs] Remove InlineCacheState field from the code flags.
There are no ICs left that store their state in this field: vector based
ICs use feedback vector and the rest three (BinaryOpIC, CompareIC and
ToBooleanIC) reconstruct their state from the ExtraICState field.

This CL also removes unused InlineCacheState::DEBUG_STUB which was used
mostly in Code::is_debug_stub(). The latter now checks if the code is one
of the debug builtins instead.

BUG=chromium:618701
LOG=Y

Review-Url: https://codereview.chromium.org/2052763003
Cr-Commit-Position: refs/heads/master@{#36871}
2016-06-09 16:49:01 +00:00
jarin
406146ff5c [stubs] ToNumberStub --> ToNumber builtin.
This makes sure we do not compile ToNumber stub on demand. This makes it
easier to use during concurrent compilation.

Review-Url: https://codereview.chromium.org/2051113002
Cr-Commit-Position: refs/heads/master@{#36870}
2016-06-09 15:38:21 +00:00
titzer
26afd571c5 [wasm] Fix CFI failures due to Wasm threads.
R=ahaas@chromium.org,machenbach@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2055803002
Cr-Commit-Position: refs/heads/master@{#36866}
2016-06-09 14:23:52 +00:00
neis
54b405ce65 [generators] Make runtime functions more robust.
Only look at the --ignition-generators flag when determining whether to use
Ignition (in compiler.cc).  In generator runtime functions, instead of looking
at the flag, determine the generator kind based on whether the generator has a
bytecode array.  This allows compiling some generator function using
full-codegen and others using Ignition, e.g when using --ignition-filter.

R=mstarzinger@chromium.org
BUG=chromium:618657,v8:4907

Review-Url: https://codereview.chromium.org/2052873002
Cr-Commit-Position: refs/heads/master@{#36864}
2016-06-09 14:20:58 +00:00
oth
769d332619 [interpreter] Filter expression positions at source.
With this change the bytecode array builder only emits expression
positions for bytecodes that can throw. This allows more peephole
optimization opportunities and results in smaller code.

BUG=v8:4280,chromium:615979
LOG=N

Review-Url: https://codereview.chromium.org/2038323002
Cr-Commit-Position: refs/heads/master@{#36863}
2016-06-09 13:33:29 +00:00
machenbach
19fca22505 [test] Skip tail-call-megatest for tsan
This test gets slower with tsan when the print() calls
in the tests are deleted. It is also only very slow with
crankshaft not with turbofan, but we have no config atm
to only run it with turbofan.

TBR=ishell@chromium.org, ahaas@chromium.org
NOTRY=true

Review-Url: https://codereview.chromium.org/2049993003
Cr-Commit-Position: refs/heads/master@{#36859}
2016-06-09 12:49:06 +00:00
oth
a9af61d002 [interpreter] Ensure optimizations preserve source positions.
The optimization stages in the bytecode generation pipeline must
preserve source position information. Failure to preserve
source position information could result in single stepping
in the debugger misbehaving or mis-reporting in exception stack traces.

This change adds tests intended to check optimizations do not damage
source position info.

BUG=v8:4280
LOG=N

Review-Url: https://codereview.chromium.org/2042633002
Cr-Commit-Position: refs/heads/master@{#36855}
2016-06-09 12:04:38 +00:00
ahaas
cd98c2c350 [tests] Remove prints in tail-call-megatest.js
R=machenbach@chromium.org

Review-Url: https://codereview.chromium.org/2045253006
Cr-Commit-Position: refs/heads/master@{#36853}
2016-06-09 11:38:37 +00:00
mstarzinger
206cf39851 [runtime] Deprecate RUNTIME_ASSERT from object ops.
This removes explicit uses of the RUNTIME_ASSERT macro from some runtime
methods. The implicit ones in CONVERT_FOO_ARG_CHECKED will be addressed
in a separate CL for all runtime modules at once.

R=bmeurer@chromium.org
BUG=v8:5066

Review-Url: https://codereview.chromium.org/2045193002
Cr-Commit-Position: refs/heads/master@{#36852}
2016-06-09 11:22:19 +00:00
ishell
8b52429224 [stubs] Fixed PrimaryStubCache and SecondaryStubCache tests.
Now they use a proper way of checking if the snapshot is available or not.

Review-Url: https://codereview.chromium.org/2054693002
Cr-Commit-Position: refs/heads/master@{#36844}
2016-06-09 08:07:11 +00:00
bmeurer
eb1c9e2723 [es6] Fix prototype chain walk for instanceof.
When walking up the prototype chain during OrdinaryHasInstance, we first
check if the current prototype equals the expected one, and only
afterwards check the current prototype against null. That's obviously
wrong if we check something like Proxy, whose prototype is null.

R=yangguo@chromium.org
BUG=v8:5085

Review-Url: https://codereview.chromium.org/2041103007
Cr-Commit-Position: refs/heads/master@{#36840}
2016-06-09 06:26:03 +00:00
alph
81c8ce723a Remove dependencies of V8 on cpu-profiler is_profiling.
Move is_profiling to the isolate for now.

BUG=v8:4789

Review-Url: https://codereview.chromium.org/2040683002
Cr-Commit-Position: refs/heads/master@{#36838}
2016-06-09 05:25:09 +00:00
jkummerow
be0494ba5b Keep prototype maps in dictionary mode until ICs see them
Adding properties to prototypes is faster when we don't force their
maps into fast mode yet. Once a prototype shows up in the IC system,
its setup phase is likely over, and it makes sense to transition it
to fast properties.
This patch speeds up the microbenchmark in the bug by 20x.
Octane-Typescript sees a 3% improvement.

BUG=chromium:607010

Review-Url: https://codereview.chromium.org/2036493006
Cr-Commit-Position: refs/heads/master@{#36828}
2016-06-08 14:43:47 +00:00
machenbach
cec0ed0f77 [icu] Support loading data file from default location
This allows using icu data, bundled in the icudtl.dat file,
to be loaded automatically from a default location
side-by-side with the executable.

The v8 stand-alone default is still to use statically
linked ICU data, but this will be switched in a separate
follow-up CL.

BUG=chromium:616033
LOG=y

Review-Url: https://codereview.chromium.org/2042253002
Cr-Commit-Position: refs/heads/master@{#36823}
2016-06-08 12:11:34 +00:00
neis
ea139c5b4a Run more tests with --ignition-generators.
Also, make %GeneratorGetSourcePosition fail if called on a suspended Ignition generator
(rather than return nonsense).  This functionality is currently not implemented.

BUG=v8:4907

Review-Url: https://codereview.chromium.org/2049663002
Cr-Commit-Position: refs/heads/master@{#36822}
2016-06-08 11:59:54 +00:00
yangguo
7c3cad2d14 [crankshaft] do not sign-extend int32 immediate in DoMathMinMax.
R=bmeurer@chromium.org
BUG=chromium:495493

Review-Url: https://codereview.chromium.org/2044353002
Cr-Commit-Position: refs/heads/master@{#36818}
2016-06-08 10:12:16 +00:00
mstarzinger
8e02f47ea1 [runtime] Deprecate RUNTIME_ASSERT from primitive ops.
This removes explicit uses of the RUNTIME_ASSERT macro from some runtime
methods. The implicit ones in CONVERT_FOO_ARG_CHECKED will be addressed
in a separate CL for all runtime modules at once.

R=verwaest@chromium.org
BUG=v8:5066

Review-Url: https://codereview.chromium.org/2041353003
Cr-Commit-Position: refs/heads/master@{#36815}
2016-06-08 09:29:27 +00:00
yangguo
ada6fa1fda Add test case for 85b8c2dc (fix observable array access in messages.js).
R=bmeurer@chromium.org
BUG=chromium:617527

Review-Url: https://codereview.chromium.org/2045153002
Cr-Commit-Position: refs/heads/master@{#36813}
2016-06-08 07:54:26 +00:00
yangguo
31c0c024bb [snapshot] remove metadata field.
The upcoming snapshot creator API will have no way to distinguish default
from custom snapshots.

R=vogelheim@chromium.org
BUG=chromium:617892

Review-Url: https://codereview.chromium.org/2040813005
Cr-Commit-Position: refs/heads/master@{#36812}
2016-06-08 07:51:28 +00:00
gsathya
3c927e07b0 Revert "Revert of [builtins] Properly optimize TypedArray/DataView accessors. (patchset #3 id:40001 of https://codereview.chromium.org/2042013003/ )"
This reverts commit d3a43e47dd.

This patch also adds typed_array_fun and typed_array_protoype to the
native context. These are used in InstallTypedArray to set up the
prototype chain correctly for each typed array sub class. This removes
the need to later monkey patch them prototype chain in typedarray.js.
This mechanism is also used to get hold of the TypedArray in
typedarray.js, removing the need for a global TypedArray.

This patch updates CallRuntime.golden to account for the two extra
native runtime calls. This patch also fixes some formatting issues (by
running git cl format).

BUG=chromium:579905, chromium:593634, v8:4085, v8:5073

Review-Url: https://codereview.chromium.org/2046333002
Cr-Commit-Position: refs/heads/master@{#36811}
2016-06-08 07:40:31 +00:00
bmeurer
c91c396112 [turbofan] Do strength reduction for ObjectIsSmi based on inputs.
Ideally we would have a dedicated MachineRepresentation for Smis during
representation selection and use that to properly optimize ObjectIsSmi
(and other ObjectIs<Type> predicates), but that will take some time to
get that done. So in the meantime we can just do simple (local) strength
reduction on ObjectIsSmi to avoid Smi checks in the simplest cases at
least.

R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2047213002
Cr-Commit-Position: refs/heads/master@{#36809}
2016-06-08 07:13:05 +00:00
hpayer
1e3a38d962 Revert of [heap] Uncommit unused large object page memory. (patchset #13 id:230001 of https://codereview.chromium.org/2032393002/ )
Reason for revert:
Needs fixing of slot set.

Original issue's description:
> [heap] Uncommit unused large object page memory.
>
> As a first step I uncommit the memory on the main thread. Also to measure impact and stability of that optimization. In a follow-up CL, the uncommitting should be moved on the concurrent thread.
>
> BUG=
>
> Committed: https://crrev.com/d61a5c376ba51145dc4684e39d5d3a9ce75bcfa6
> Cr-Commit-Position: refs/heads/master@{#36763}

TBR=ulan@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=

Review-Url: https://codereview.chromium.org/2043263002
Cr-Commit-Position: refs/heads/master@{#36807}
2016-06-08 06:53:26 +00:00
bmeurer
f576e29c47 [crankshaft] Fix invalid number truncation assumption on HAdd inputs.
In Crankshaft we don't know reliably know that an HAdd might not turn
into a string addition later (via deoptimization), so we cannot set the
HValue::kAllowUndefinedAsNaN flag on the HAdd instruction in those
cases. It doesn't seem to affect performance if we just remove the flag
completely from the HAdd instruction, so let's stick to that approach
for now.

R=jarin@chromium.org
BUG=v8:5074

Review-Url: https://codereview.chromium.org/2048643002
Cr-Commit-Position: refs/heads/master@{#36805}
2016-06-08 03:56:22 +00:00
machenbach
67af060318 Revert of [heap] Clear out of live range remembered set slots in large objects. (patchset #2 id:20001 of https://codereview.chromium.org/2043713006/ )
Reason for revert:
Fails arm sim:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Linux%20-%20arm%20-%20sim/builds/1012

Original issue's description:
> [heap] Clear out of live range remembered set slots in large objects.
>
> BUG=chromium:617882
> LOG=n
>
> Committed: https://crrev.com/38ad63ff15d7e379423be4c57ae94ae2c9ffb4af
> Cr-Commit-Position: refs/heads/master@{#36795}

TBR=ulan@chromium.org,hpayer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:617882

Review-Url: https://codereview.chromium.org/2042403002
Cr-Commit-Position: refs/heads/master@{#36799}
2016-06-07 18:32:33 +00:00
mlippautz
839f3fd406 Track based on JSArrayBuffer addresses on pages instead of the attached
backing store.

Details of tracking:
- Scavenge: New space pages are processes in bulk on the main thread
- MC: Unswept pages are processed in bulk in parallel. All other pages
  are processed by the sweeper concurrently.

BUG=chromium:611688
LOG=N
TEST=cctest/test-array-buffer-tracker/*
CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg,v8_linux_gc_stress_dbg,v8_mac_gc_stress_dbg,v8_linux64_tsan_rel,v8_mac64_asan_rel

Review-Url: https://codereview.chromium.org/2036643002
Cr-Commit-Position: refs/heads/master@{#36798}
2016-06-07 17:29:35 +00:00
ishell
ba3703db61 [stubs] Fixed PrimaryStubCache and SecondaryStubCache tests for Ignition.
TBR=verwaest@chromium.org

Review-Url: https://codereview.chromium.org/2043103002
Cr-Commit-Position: refs/heads/master@{#36797}
2016-06-07 17:29:34 +00:00
hpayer
38ad63ff15 [heap] Clear out of live range remembered set slots in large objects.
BUG=chromium:617882
LOG=n

Review-Url: https://codereview.chromium.org/2043713006
Cr-Commit-Position: refs/heads/master@{#36795}
2016-06-07 15:21:37 +00:00
ishell
bcf3da279f [stubs] Fixed tests that prevented LoadICTF stubs from being enabled.
PrimaryStubCache and SecondaryStubCache: resurrected outdated tests (and enabled stub cache counters in the new LoadIC).
TryProbeStubCache: decreased number of code objects created.

Review-Url: https://codereview.chromium.org/2040193002
Cr-Commit-Position: refs/heads/master@{#36794}
2016-06-07 15:04:49 +00:00
ishell
7ba12573e0 [stubs] Fix flaky failures of cctest/test-code-stub-assembler/SeededNumberDictionaryLookup.
Dictionary::Add() must not be called for existing keys.

Review-Url: https://codereview.chromium.org/2044003004
Cr-Commit-Position: refs/heads/master@{#36792}
2016-06-07 14:49:13 +00:00
cbruni
d84fe42108 GetHash and friends: return a raw pointer instead of Handle<Smi>
In most cases we return a Smi and undefined for the other cases. Hence there
is no need to handlify the result unecessary. Additionally pass in the isolate
for the hash-symbol lookup.

BUG=

Review-Url: https://codereview.chromium.org/2044843002
Cr-Commit-Position: refs/heads/master@{#36790}
2016-06-07 13:51:30 +00:00
yangguo
2963b5bd40 [json] check and handle interrupts.
R=jkummerow@chromium.org
BUG=chromium:595626

Review-Url: https://codereview.chromium.org/2037363002
Cr-Commit-Position: refs/heads/master@{#36785}
2016-06-07 11:44:42 +00:00
ishell
3e0be8d7fc [runtime] Don't use ElementsTransitionAndStoreStub for transitions that involve instance rewriting.
BUG=chromium:617524, v8:5009
LOG=Y

Review-Url: https://codereview.chromium.org/2044003003
Cr-Commit-Position: refs/heads/master@{#36780}
2016-06-07 09:50:04 +00:00
titzer
ce291bedd0 [wasm] Dont compute global offsets if the module had errors (e.g. invalid memory type for global).
R=ahaas@chromium.org,bradnelson@chromium.org
BUG=chromium:617884

Review-Url: https://codereview.chromium.org/2044833002
Cr-Commit-Position: refs/heads/master@{#36779}
2016-06-07 09:38:48 +00:00
yangguo
4620e29428 [regexp] disallow regexp property class shorthand syntax for single char.
R=littledan@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2044803003
Cr-Commit-Position: refs/heads/master@{#36778}
2016-06-07 09:14:22 +00:00
yangguo
0b65799534 Remove accidentally added files.
These files somehow got added due to some rebase issues I had locally.

R=machenbach@chromium.org

Review-Url: https://codereview.chromium.org/2042203002
Cr-Commit-Position: refs/heads/master@{#36772}
2016-06-07 07:13:53 +00:00
Yang Guo
7c3748a9c4 [debug] load correct stack slot for frame details.
R=bmeurer@chromium.org
BUG=v8:5071

Review URL: https://codereview.chromium.org/2045863002 .

Cr-Commit-Position: refs/heads/master@{#36769}
2016-06-07 06:25:15 +00:00
hpayer
d61a5c376b [heap] Uncommit unused large object page memory.
As a first step I uncommit the memory on the main thread. Also to measure impact and stability of that optimization. In a follow-up CL, the uncommitting should be moved on the concurrent thread.

BUG=

Review-Url: https://codereview.chromium.org/2032393002
Cr-Commit-Position: refs/heads/master@{#36763}
2016-06-06 17:19:25 +00:00
epertoso
d8c2b8f982 Revert of Provide a tagged allocation top pointer. (patchset #5 id:80001 of https://codereview.chromium.org/2028633002/ )
Reason for revert:
d8 segfaults on some benchmarks on ia32. Investigating.

Original issue's description:
> Provide a tagged allocation top pointer.
>
> Taking over http://crrev.com/1924223002.
>
> BUG=chromium:606711
> LOG=N
>
> Committed: https://crrev.com/f42c9e93c80fdf57e8f92bb87f6ed927d0ae4028
> Committed: https://crrev.com/c99caf307ba3bb1b1cf08bf4172f503754c41341
> Cr-Original-Commit-Position: refs/heads/master@{#36633}
> Cr-Commit-Position: refs/heads/master@{#36742}

TBR=bmeurer@chromium.org,hpayer@chromium.org,machenbach@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:606711

Review-Url: https://codereview.chromium.org/2035413003
Cr-Commit-Position: refs/heads/master@{#36758}
2016-06-06 15:12:35 +00:00
ishell
f1ffe31163 [stubs] Introducing LoadICTFStub and LoadICTrampolineTFStub and a switch to enable them instead of respective platform stubs.
The stubs do not increase respective counters as they are in the snapshot and --native-code-counters is off during snapshot creation anyway.

Review-Url: https://codereview.chromium.org/2031753003
Cr-Commit-Position: refs/heads/master@{#36754}
2016-06-06 14:28:24 +00:00
jochen
37394eb3b0 Add a convenience method to get the debugged context
Since the generic GetCallingContext is deprecated, but there's still the
use case for the debugger to get the currently debugged context while in
the debug context, add a convenience API for it.

Note that EventDetails already exposes this context, but the embedder
might not necessarily have the EventDetails around.

R=verwaest@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2040853003
Cr-Commit-Position: refs/heads/master@{#36751}
2016-06-06 14:12:10 +00:00
titzer
0b91952913 [asmjs] Validator should reject modules with repeated functions.
R=ahaas@chromium.org,aseemgarg@chromium.org,bradnelson@chromium.org
BUG=chromium:617525

Review-Url: https://codereview.chromium.org/2040983002
Cr-Commit-Position: refs/heads/master@{#36748}
2016-06-06 13:40:42 +00:00
titzer
dc98fabf15 [asmjs] Validator should reject assignments to heap variables in functions.
BUG=chromium:617529

Review-Url: https://codereview.chromium.org/2041843002
Cr-Commit-Position: refs/heads/master@{#36747}
2016-06-06 13:30:13 +00:00
cbruni
bc0798ca1a Introduce IsUndefined(Isolate*) and IsTheHole(Isolate*)
Passing in the isolate and pointer compare the instnance against the
corresponding constant is always faster than decoding the instance types.

BUG=

Review-Url: https://codereview.chromium.org/2028983002
Cr-Commit-Position: refs/heads/master@{#36744}
2016-06-06 13:00:49 +00:00
mstarzinger
826627d9fd [turbofan] Make FindFrameStateBefore handle dead paths.
This makes sure {NodeProperties::FindFrameStateBefore} can deal with
effect chains that are marked as dead. This can happen when reducers
looking for frame states run together with other reducers killing some
execution paths within the same reduction phase.

R=bmeurer@chromium.org
TEST=mjsunit/regress/regress-crbug-617567
BUG=chromium:617567,chromium:617224

Review-Url: https://codereview.chromium.org/2041833002
Cr-Commit-Position: refs/heads/master@{#36743}
2016-06-06 12:34:53 +00:00
epertoso
c99caf307b Provide a tagged allocation top pointer.
Taking over http://crrev.com/1924223002.

BUG=chromium:606711
LOG=N

Committed: https://crrev.com/f42c9e93c80fdf57e8f92bb87f6ed927d0ae4028
Review-Url: https://codereview.chromium.org/2028633002
Cr-Original-Commit-Position: refs/heads/master@{#36633}
Cr-Commit-Position: refs/heads/master@{#36742}
2016-06-06 12:31:54 +00:00
titzer
585771f264 [wasm] Move 64-bit call tests into test-run-wasm-64.cc so they also run on 32-bit platforms.
This duplicates some test code (which hopefully can be factored out later), but increases
test coverage.

R=ahaas@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2042773002
Cr-Commit-Position: refs/heads/master@{#36739}
2016-06-06 10:59:04 +00:00
neis
6ddd8314a5 [compiler] Deal with some old TODOs in the typer.
This is mostly about DCHECKs. Enabling some requires a few
changes to tests that were not careful about types.

BUG=

Review-Url: https://codereview.chromium.org/2033703002
Cr-Commit-Position: refs/heads/master@{#36734}
2016-06-06 09:18:30 +00:00
neis
e33b7421f7 [test] Fix result regexp in JSTests.json.
R=machenbach@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2035313003
Cr-Commit-Position: refs/heads/master@{#36732}
2016-06-06 09:07:33 +00:00