The first try failed because I needed to make a better distinction
between clearing ICs according to policy at GC time or unconditional
clearing (say, via %ClearFunctionTypeFeedback).
It was also blocked by an issue in super constructor calls.
This fix (https://codereview.chromium.org/892113002/) needs to land
before checking in this CL.
R=ulan@chromium.org
Review URL: https://codereview.chromium.org/866493003
Cr-Commit-Position: refs/heads/master@{#26420}
This enables adding more language modes in the future.
For maximum flexibility, LanguageMode is a bitmask, so we're not restricted to
use a sequence of language modes which are progressively stricter, but we can
express the language mode as combination of features.
For now, LanguageMode can only be "sloppy" or "strict", and there are
STATIC_ASSERTS in places which need to change when more modes are added.
LanguageMode is a bit like the old LanguageMode when "extended" mode was still
around (see https://codereview.chromium.org/8417035 and
https://codereview.chromium.org/181543002 ) except that it's transmitted through
all the layers (there's no StrictModeFlag).
BUG=
Review URL: https://codereview.chromium.org/894683003
Cr-Commit-Position: refs/heads/master@{#26419}
Applies to API implementation of O.p.toString
- Removes special handling of non-string @@toStringTag values (use builtinTag)
- Removes special handling of @@toStringTags which match [[Class]] names (remove ~ prefix)
- Add tests for non-string @@toStringTag values in test-api.cc
BUG=v8:3502
R=arv@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/892393003
Cr-Commit-Position: refs/heads/master@{#26415}
A new map wich references its keys weakly is added to v8.h. Internally it uses the same storage as JSWeakMap but doesn't depend on the JavaScript part of WeakMap implementation in weak-collection.js, hence it can be instantiated without entering any context.
BUG=chromium:437416
LOG=Y
Review URL: https://codereview.chromium.org/886473005
Cr-Commit-Position: refs/heads/master@{#26401}
For exception in promise we generate v8::Message API object from exception object. And in cases of Syntax or Reference Error we don't have enough information in exception object - we can't restore Error location from top stack frame.
In this patch three aditional private fields introduced for exception object. In case of Syntax Error we store line, column and script on Exception object and receive this information when restoring message.
BUG=443140
LOG=Y
R=yurys@chromium.org
Review URL: https://codereview.chromium.org/885043002
Cr-Commit-Position: refs/heads/master@{#26393}
Contribution of PowerPC port (continuation of 422063005 and 817143002). This patch covers
the key changes needed to the common files needed to support AIX. Subsequent
patches will cover:
- changes to update the ppc directories so they are current with the changes
in the rest of the project.
- remaining AIX changes not resolved by 4.8 compiler
- individual optimizations for PPC
This is based off of the GitHub repository
https://github.com/andrewlow/v8ppcR=danno@chromium.org, svenpanne@chromium.org
BUG=
Review URL: https://codereview.chromium.org/866843003
Cr-Commit-Position: refs/heads/master@{#26343}
Also had to split ParseImportsList and ParseExportClause into separate
methods as they have different rules about reserved words and arguments/eval.
Added lots more test cases, including some export cases that were missed before
due to incorrect checking of reserved words.
BUG=v8:1569
LOG=n
Review URL: https://codereview.chromium.org/887843002
Cr-Commit-Position: refs/heads/master@{#26338}
For example let and class should only be allowed inside function/block/script.
We have to continue to support const in statements in sloppy mode for backwards compatibility.
BUG=3831
LOG=Y
R=dslomov@chromium.org, adamk
Review URL: https://codereview.chromium.org/869293002
Cr-Commit-Position: refs/heads/master@{#26337}
This removes the duplicate property check from object literals.
Instead we repurpose the ObjectLiteralChecker into two cases, implemented
by two subclasses to ObjectLiteralCheckerBase called ObjectLiteralChecker
and ClassLiteralChecker.
The object literal checker now only checks for duplicate __proto__ fields in
object literals.
The class literal checker checks for duplicate constructors, non constructor
fields named constructor as well as static properties named prototype.
BUG=v8:3819
LOG=Y
R=adamk, dslomov@chromium.org
Review URL: https://codereview.chromium.org/873823003
Cr-Commit-Position: refs/heads/master@{#26336}
Reason for revert:
Breaks a regression test on linux isloates, and linux with gcc 4.8.
Original issue's description:
> Use a WeakCell in the CallIC type vector.
>
> This allows us to clear the IC on a more sedate schedule, just
> like Load and Store ICs.
>
> R=ulan@chromium.org
> BUG=
>
> Committed: https://crrev.com/bcc79d33ca6d97d9ecfcfcf110a6ea84a0225389
> Cr-Commit-Position: refs/heads/master@{#26332}
TBR=ulan@chromium.org,mvstanton@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/886663004
Cr-Commit-Position: refs/heads/master@{#26334}
In DevTools we need one more flag for script origin - is debugger script. We already have "is shared origin" flag. The new flag added by analogy with the old but new has accessor in script object.
R=yurys@chromium.org
Review URL: https://codereview.chromium.org/879553002
Cr-Commit-Position: refs/heads/master@{#26324}
The approach taken in this CL is to incrementally move toward the
currently-specced version of modules in ES6. The biggest change in this
patch is separating the parsing of modules from the parsing of scripts,
getting rid of the 'module' keyword and thus disallowing modules-in-scripts
as well as modules-in-modules.
The syntax supported by import/export declarations has not yet been significantly
changed, with the major exception being that import declarations require a string
as the 'from' part.
Most of the existing tests have been disabled, with a first new test added
in cctest/test-parsing.
BUG=v8:1569
LOG=n
Review URL: https://codereview.chromium.org/881623002
Cr-Commit-Position: refs/heads/master@{#26299}
Up until now we used a special Terminate node to artifically connect non
terminating loops to the End node, but this was kind of adhoc and didn't
work for the CFG. So without all kinds of weird hacks, the end block in
the CFG will not be connected to NTLs, which makes it impossible to
compute post dominance / control dependence in the current setting.
So instead of Terminate, we add a special Branch to NTLs, whose
condition is the special Always node, which corresponds to True, except
that it cannot be folded away. This way we don't need any special
machinery in the scheduler, since it's just a regular Branch.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/875263004
Cr-Commit-Position: refs/heads/master@{#26294}
This solves an issue with the custom startup snapshot, in cases where
deserializing the isolate requires more than one page per space.
R=hpayer@chromium.org
Review URL: https://codereview.chromium.org/876613002
Cr-Commit-Position: refs/heads/master@{#26285}
Along the way:
- Thread isolate parameter explicitly through code that used to
rely on getting it from the zone.
- Canonicalize the parameter position of isolate and zone for
affected code
- Change Hydrogen New<> instruction templates to automatically
pass isolate
R=mstarzinger@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/868883002
Cr-Commit-Position: refs/heads/master@{#26252}
Reason for revert:
Breaks test-types/Maybe, i.e.
out/Release/cctest --random-seed=-707413401 test-types/Maybe
started failing afterwards
Original issue's description:
> Steps towards unification of number bitset and range types.
>
> - New invariant on union types: if the union has a range then the number
> bits in the bitset must be cleared.
>
> - Various tweaks in intersection and union to satisfy the invariant.
>
> - Exposed and used representation bits in range types (and the Limits
> helper class).
>
> - Implemented Glb for ranges so that the Is predicate handles
> ranges correctly.
>
> - Change typer weakening so that it does not rely on GetRange.
> However, the code still seems to be a bit fragile.
>
> - Removed the Smi types from the type system core, instead introduced
> Signed31, Unsigned30 and created constructors for Small(Un)Signed
> that point to the right type for the architecture.
>
> - Punched a hole in the config to be able to get to the isolate so
> that it is possible to allocate heap numbers for newly created
> ranges.
>
> Patch by jarin@chromium.prg, original review here:
> https://codereview.chromium.org/795713003/
>
> TBR=jarin@chromium.org
> BUG=
>
> Committed: https://crrev.com/2764fd8d1a266a9136c987c2483492113b0c8d80
> Cr-Commit-Position: refs/heads/master@{#26197}
TBR=jkummerow@chromium.org,rossberg@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/868583002
Cr-Commit-Position: refs/heads/master@{#26207}
- New invariant on union types: if the union has a range then the number
bits in the bitset must be cleared.
- Various tweaks in intersection and union to satisfy the invariant.
- Exposed and used representation bits in range types (and the Limits
helper class).
- Implemented Glb for ranges so that the Is predicate handles
ranges correctly.
- Change typer weakening so that it does not rely on GetRange.
However, the code still seems to be a bit fragile.
- Removed the Smi types from the type system core, instead introduced
Signed31, Unsigned30 and created constructors for Small(Un)Signed
that point to the right type for the architecture.
- Punched a hole in the config to be able to get to the isolate so
that it is possible to allocate heap numbers for newly created
ranges.
Patch by jarin@chromium.prg, original review here:
https://codereview.chromium.org/795713003/TBR=jarin@chromium.org
BUG=
Review URL: https://codereview.chromium.org/837723006
Cr-Commit-Position: refs/heads/master@{#26197}
Use std::numeric_limits<double>::quiet_NaN() and
std::numeric_limits<float>::quiet_NaN() instead.
Review URL: https://codereview.chromium.org/864803002
Cr-Commit-Position: refs/heads/master@{#26195}
This method circumvented JS semantics, and should not be used.
BUG=
Review URL: https://codereview.chromium.org/854493004
Cr-Commit-Position: refs/heads/master@{#26157}
See CompileTopLevel for similar logic which suppresses producing parser cache
when the debugger is active.
BUG=441130
LOG=n
Review URL: https://codereview.chromium.org/845643005
Cr-Commit-Position: refs/heads/master@{#26138}
- Make Node::Inputs and Node::Uses mostly STL compliant.
- Get rid of some pre-C++11 crappiness.
- Start moving unit tests from cctest to unittests.
- TrimInputCount() now tries to reserve inputs slots for
later appending.
- Fix numerous style guide violations.
TEST=cctest,unittests
R=dcarney@chromium.org
Review URL: https://codereview.chromium.org/851263002
Cr-Commit-Position: refs/heads/master@{#26098}
Hopefully we'll catch heap corruption earlier where identifying the
object that holds a stale pointer.
Speaking of staleness, also remove old debugging code.
BUG=chromium:128415
R=ulan@chromium.org,hpayer@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/843013005
Cr-Commit-Position: refs/heads/master@{#26095}
This adds support for computed property names, under the flag
--harmony-computed-property-names, for both object literals and
classes.
This is a revert of the revert, 7d48fd9dc2.
BUG=v8:3754
LOG=Y
R=dslomov@chromium.org
Review URL: https://codereview.chromium.org/798243004
Cr-Commit-Position: refs/heads/master@{#26084}
The MISS handler was being called when the receiver was a Smi, instead,
we should recognize the case and use the heap number map.
BUG=
Review URL: https://codereview.chromium.org/854623002
Cr-Commit-Position: refs/heads/master@{#26076}
Math functions:
Some Math functions require typed arrays for their implementation. The embedded
script may call those Math functions. The serializer needs to deal with this.
Added assertion to make sure no other typed array is created when snapshotting.
Number-string cache:
We assume that the initial snapshot does not expand the number-string cache.
This is no longer true for custom heap snapshots.
Bound functions:
Bound functions store the bound arguments in a COW fixed array, including the
bindee function. COW arrays are serialized into the startup snapshot and
referenced in the partial snapshot via partial snapshot cache. However, the
bindee function is context-dependent and must not be part of the startup
snapshot. There is no need for bound functions to use a COW array though.
R=jochen@chromium.org
Review URL: https://codereview.chromium.org/851073002
Cr-Commit-Position: refs/heads/master@{#26072}
Support for it is slow and difficult to implement, and it's not used in
Blink. An embedder that uses this feature will have to check the
argument types itself.
BUG=none
R=dcarney@chromium.org
LOG=y
Review URL: https://codereview.chromium.org/848173002
Cr-Commit-Position: refs/heads/master@{#26058}
R=jochen@chromium.org
TEST=test-serialize/CustomContext{Des,S}erialization
Also test by
- make ia32.debug embedscript=<full path to mjsunit.js>
- d8 -e "assertDoesNotThrow('print(1)')"
Review URL: https://codereview.chromium.org/846023002
Cr-Commit-Position: refs/heads/master@{#26035}
Since we have a special guard page at the beginning of the code range on
win64, we need to make sure to adjust the size of the free list
accordingly when creating it.
BUG=chromium:447555
R=hpayer@chromium.org
LOG=y
Review URL: https://codereview.chromium.org/843973002
Cr-Commit-Position: refs/heads/master@{#26012}
- Move NodeMarker to its own file, and introduce a non
templatized base class.
- Cleanup the include hell.
- Sanitize the Node construction methods now that we
got rid of that GenericNode/GenericGraph stuff.
- Protect against NodeId overflow in Graph.
- Various minor cleanups.
TEST=cctest,mjsunit,unittests
Review URL: https://codereview.chromium.org/838783002
Cr-Commit-Position: refs/heads/master@{#25977}
Test case LowerAnyToBoolean_tagged_tagged invokes "Linkage::GetStubCallDescriptor(...)"
function but this function is not implemented on turbofan unsupported platform.
BUG=
Review URL: https://codereview.chromium.org/836973002
Cr-Commit-Position: refs/heads/master@{#25960}
Introduce a new AnyToBoolean simplified operator to handle the later
lowering of boolean conversions. Previously we tried to hack that with
the generic JSToBoolean, having its context set to zero, but that lead
to various problems/bugs and did not handle all cases.
TEST=cctest,unittests
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/800833003
Cr-Commit-Position: refs/heads/master@{#25958}
Also slightly refactor the NodeCache and CommonNodeCache classes to
reduce inherent overhead of caching.
TEST=cctest
Review URL: https://codereview.chromium.org/822923002
Cr-Commit-Position: refs/heads/master@{#25937}
This API is used by Blink to inform V8 about HTML frames being disposed.
Using the optional parameter, Blink can tell V8 whether the disposed
frame was a main frame. In that case, we might want to reset GC
parameters
BUG=none
R=hpayer@chromium.org
LOG=y
Review URL: https://codereview.chromium.org/823583003
Cr-Commit-Position: refs/heads/master@{#25926}
There might be a number of clients that would like to
setup an interrupt request on the Isolate.
The patch also deprecates ClearInterrupt API. As long as
the interrupt handler is called outside of locks there's no way
to guarantee that the handler will not be called after
ClearInterrupt was invoked as it might have already started execution.
Review URL: https://codereview.chromium.org/796623003
Cr-Commit-Position: refs/heads/master@{#25910}
Regular ICs in MONOMORPHIC and POLYMORPHIC state now hold onto maps with
WeakCells. Vector-based ICs should do the same.
R=ulan@chromium.org
Review URL: https://codereview.chromium.org/815953002
Cr-Commit-Position: refs/heads/master@{#25907}
This keeps dying maps alive for FLAG_retain_maps_for_n_gc garbage collections to increase chances of them being reused for new objects in future.
BUG=v8:3664
LOG=N
TEST=cctest/test-heap/MapRetaining
Review URL: https://codereview.chromium.org/794583003
Cr-Commit-Position: refs/heads/master@{#25887}
Reason for revert:
[sheriff] Still crashes on win32 (XP):
http://build.chromium.org/p/client.v8/builders/V8%20Win32%20-%201/builds/1380
Original issue's description:
> ES6 computed property names
>
> This adds support for computed property names, under the flag
> --harmony-computed-property-names, for both object literals and
> classes.
>
> This is a revert of the revert, a76419f0f4.
>
> This changes to do an early bailout in
> HOptimizedGraphBuilder::VisitObjectLiteral instead of doing that in the later
> loop.
>
> BUG=v8:3754
> LOG=Y
> TBR=dslomov@chromium.orgTBR=dslomov@chromium.org,arv@chromium.org
NOTREECHECKS=true
NOTRY=true
BUG=v8:3754
Review URL: https://codereview.chromium.org/811593004
Cr-Commit-Position: refs/heads/master@{#25872}
This adds support for computed property names, under the flag
--harmony-computed-property-names, for both object literals and
classes.
This is a revert of the revert, a76419f0f4.
This changes to do an early bailout in
HOptimizedGraphBuilder::VisitObjectLiteral instead of doing that in the later
loop.
BUG=v8:3754
LOG=Y
TBR=dslomov@chromium.org
Review URL: https://codereview.chromium.org/792233008
Cr-Commit-Position: refs/heads/master@{#25868}
Reason for revert:
Crashes Win32. It was not flake.
Original issue's description:
> ES6 computed property names
>
> This adds support for computed property names, under the flag
> --harmony-computed-property-names, for both object literals and
> classes.
>
> This is a revert of the revert, a76419f0f4 with
> no changes. I cannot reproduce the issue on Win8.1 or WinXP. Letting the bots
> try again.
>
> BUG=v8:3754
> LOG=Y
> TBR=dslomov@chromium.orgTBR=dslomov@chromium.org
NOTREECHECKS=true
NOTRY=true
BUG=v8:3754
Review URL: https://codereview.chromium.org/807033003
Cr-Commit-Position: refs/heads/master@{#25853}
This adds support for computed property names, under the flag
--harmony-computed-property-names, for both object literals and
classes.
This is a revert of the revert, a76419f0f4 with
no changes. I cannot reproduce the issue on Win8.1 or WinXP. Letting the bots
try again.
BUG=v8:3754
LOG=Y
TBR=dslomov@chromium.org
Review URL: https://codereview.chromium.org/807173002
Cr-Commit-Position: refs/heads/master@{#25851}
This greatly reduces the number of nodes in the graph (by more than 20x in
some extreme cases) for the Emscripten python interpreter main function.
BUG=v8:3763
LOG=y
TEST=cctest,mjsunit,unittests
R=svenpanne@chromium.org
Review URL: https://codereview.chromium.org/802353003
Cr-Commit-Position: refs/heads/master@{#25840}
This adds support for computed property names, under the flag
--harmony-computed-property-names, for both object literals and
classes.
BUG=v8:3754
LOG=Y
Review URL: https://codereview.chromium.org/795573005
Cr-Commit-Position: refs/heads/master@{#25821}
This functionality is now used by both object visitor and store buffer.
TEST=cctest/test-unboxed-doubles
Review URL: https://codereview.chromium.org/726713003
Cr-Commit-Position: refs/heads/master@{#25816}
Such properties never notified prior to r21558, but the combination of
that change and r23163 led to sending notifications when they were
set via Object.defineProperty (but not when set via other means).
This also allows some cleanup in v8natives.js and objects.cc,
both of which were doing unnecessary contortions to produce the right
change records.
BUG=v8:3745
LOG=n
Review URL: https://codereview.chromium.org/791243002
Cr-Commit-Position: refs/heads/master@{#25806}
To make space in the type bitset, remove Function, RegExp, and Buffer
types for now, since they aren't really relied upon anyway.
R=bmeurer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/795993002
Cr-Commit-Position: refs/heads/master@{#25776}
Reason for revert:
For breaking the waterfall (run-json-stringify test).
Original issue's description:
> Avoid number range holes in bitset types.
>
> BUG=
TBR=rossberg@chromium.org
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/794663002
Cr-Commit-Position: refs/heads/master@{#25756}
Also fix the pushing of JSToBoolean into Phis and generalize it to
also include pushing into Selects.
TEST=cctest,unittests
Review URL: https://codereview.chromium.org/792463003
Cr-Commit-Position: refs/heads/master@{#25718}
This test case ( added by git: 4c7effe56e ).
should has different implementation for Turbofan and crankshaft.
BUG=
Review URL: https://codereview.chromium.org/774163005
Cr-Commit-Position: refs/heads/master@{#25713}
Blink already has code for handling invalid cached data. The attached test
ensures that cached data is gracefully rejected if it cannot be used.
This also unifies parser cache and code cache handling.
R=yangguo@chromium.org
BUG=439889
LOG=N
Review URL: https://codereview.chromium.org/781203003
Cr-Commit-Position: refs/heads/master@{#25708}
When compiling with the macro DCHECK_ALWAYS_ON defined, DCHECKs and
supporting code gets compiled and enabled.
This increases test coverage for chromium release buildbots
BUG=v8:3731
R=jkummerow@chromium.org
LOG=y
Review URL: https://codereview.chromium.org/760213005
Cr-Commit-Position: refs/heads/master@{#25701}
This introduces Hydrogen for %_GetPrototype. The code falls back on
runtime if the object needs access checks or if its prototype is a
hidden prototype.
BUG=None
LOG=Y
R=dslomov@chromium.org
Review URL: https://codereview.chromium.org/756423006
Cr-Commit-Position: refs/heads/master@{#25694}
These methods for used for compressed libraries, where GetSource* functions
contained the compressed sources and [GS]etRawSource* the uncompressed
sources. This is dead code since the API no longer supports compression.
(If you need/want compressed sources, use the external startup data and
compress/uncompress on the Embedder's side.)
BUG=
Review URL: https://codereview.chromium.org/772853003
Cr-Commit-Position: refs/heads/master@{#25666}
Instead, make it possible for indifidual tests to pass "always true flags" which
are not part of the varying flag set.
The downside is that if an experimental flag changes parsing of some of the
unrelated code snippets, it's noticed later (only after the flag is turned on by
default). But this is a reasonable trade off for faster tests.
Additional fix: Some tests (ErrorsFutureStrictReservedWords) were using
always_flags incorrectly (running two different tests with different
always_flags basically iterates over every flag combination anyway - most of
them twice).
BUG=v8:3707
LOG=N
Review URL: https://codereview.chromium.org/772823002
Cr-Commit-Position: refs/heads/master@{#25628}
- Create a first-class Edge type.
- Separate node and edge iterators
- Make iterators only responsible for iteration
- Make it possible to modify the use edge iterator while iterating.
- Add the ability to update inputs to Edges directly.
Review URL: https://codereview.chromium.org/765983002
Cr-Commit-Position: refs/heads/master@{#25616}
This relands macroassembler instructions and weak cell caching and
does not include parts that caused "Linux ASan LSan" test failures.
BUG=v8:3663
LOG=N
Review URL: https://codereview.chromium.org/764003003
Cr-Commit-Position: refs/heads/master@{#25615}
Most of the run time came from testing with all possible flag combinations. None
of the flags passed affect the test, and there are specialized tests for testing
the features behind the flags; no need to slow down the generic test.
With these changes, run time for debug build goes from 186 s to 0.5 s.
In addition, fixed some missing commas between the test cases.
R=svenpanne@chromium.org
BUG=v8:3707
LOG=N
Review URL: https://codereview.chromium.org/766673003
Cr-Commit-Position: refs/heads/master@{#25612}
Groups and implicit references are no longer relevant at this point.
Also add tests that fail if the first or second round of ephemeral
marking is omitted
BUG=none
R=mstarzinger@chromium.org,hpayer@chromium.org
LOG=n
Review URL: https://codereview.chromium.org/761343004
Cr-Commit-Position: refs/heads/master@{#25606}
v8::Object already has GetIdentityHash on it. This change adds its counterpart to v8::Name.
BUG=chromium:437416
LOG=Y
Review URL: https://codereview.chromium.org/753373003
Cr-Commit-Position: refs/heads/master@{#25598}
Running this in x64.release mode on a powerful HP620 takes 4 seconds,
this is at least 2 orders of magnitude too slow and leads to tons of
false positives on our build bots due to timeouts. As it is, the
cost-benefit ratio is far too low.
The whole approach needs to be changed: Instead of trying to exhaust
some search space in unit tests, this should be turned into a fuzzing
test where only a small but random number of things are tested. The
exhaustive approach can be done separately, but definitely not in the
unit tests.
BUG=v8:3707
Review URL: https://codereview.chromium.org/762743002
Cr-Commit-Position: refs/heads/master@{#25510}
cctest/test-threads/ThreadJoinSelf is suppressed for Android, but the
test has since been moved to unittests/Thread.SelfJoin. Move the
suppression to unittests.status.
unittests/ThreadLocalStorageTest.DoTest fails on older Android devices
as it assumes the availability of more TLS slots than many devices
implement. Test a smaller number of slots (32) on Android. Remove old
suppression of test-platform-tls/FastTLS (which no longer exists).
cctest/test-mark-compact/RegressJoinThreadsOnIsolateDeinit can't deal
with shared mappings. Check for 's' instead of '-'.
BUG=v8:3706
LOG=
Review URL: https://codereview.chromium.org/735863003
Cr-Commit-Position: refs/heads/master@{#25492}
If we run out of code range, then GC wouldn't be able to compact code space,
because it wouldn't be able to allocate a new page. This can cause code space
fragmentation and OOM crashes.
BUG=chromium:430118
LOG=Y
Review URL: https://codereview.chromium.org/742733002
Cr-Commit-Position: refs/heads/master@{#25441}
JavaScript shifts perform an implicit '& 0x1F' on their right operand, this
patch removes it when the underlying architecture already does it.
BUG=
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/732103002
Cr-Commit-Position: refs/heads/master@{#25438}
Since checking all possible combinations is taking so long this
reduces the test to test the odd cases (let, yield and static) as
well as a single ordinary case.
BUG=v8:3707
LOG=n
Review URL: https://codereview.chromium.org/724713004
Cr-Commit-Position: refs/heads/master@{#25428}
Skip one hard fail, and two frequent flakes while we investigate.
BUG=
NOTRY=true
Review URL: https://codereview.chromium.org/728653004
Cr-Commit-Position: refs/heads/master@{#25418}
This essentially performs the following transformation
JSToNumber(phi(x1,...,xn,control):primitive)
=> phi(JSToNumber(x1),...,JSToNumber(xn),control):number
which is similar to what we already do for JSToBoolean.
TEST=mjsunit/asm
R=svenpanne@chromium.org
BUG=
Review URL: https://codereview.chromium.org/732463003
Cr-Commit-Position: refs/heads/master@{#25390}
We add a new ScopeType, ScopeType.Script. The scope with
ScopeType.Script is always present in the scope chain (ScopeIterator
fakes it if neededi - i.e. if ScriptContext for a script has not been
allocated since that script has no lexical declarations).
ScriptScope reflects ScriptContextTable.
R=yurys@chromium.org,yangguo@chromium.org
BUG=v8:3690
LOG=N
Review URL: https://codereview.chromium.org/726643002
Cr-Commit-Position: refs/heads/master@{#25383}
Don't use the generic algorithm, but instead start going into the
direction of ControlReducer, using a stack plus a revisit queue to
not miss any more possibilities for reductions anymore.
TEST=cctest,unittests
R=dcarney@chromium.org
Committed: f047507370
Committed: 6e148989a4
Review URL: https://codereview.chromium.org/726513002
Cr-Commit-Position: refs/heads/master@{#25377}
With Int32Add we lose the int/uint distinction, so later, in simplified lowering we can make a wrong decision. E.g., see the attached test case, where we lower NumberAdd -> Int32Add because inputs are Uint32, but during simplified lowering we change the inputs to Int32, so we get a wrong result.
Simplified lowering will lower the NumberAdd operations anyway, so we should lose performance.
BUG=
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/721723004
Cr-Commit-Position: refs/heads/master@{#25368}
Don't use the generic algorithm, but instead start going into the
direction of ControlReducer, using a stack plus a revisit queue to
not miss any more possibilities for reductions anymore.
TEST=cctest,unittests
R=dcarney@chromium.org
Committed: f047507370
Review URL: https://codereview.chromium.org/726513002
Cr-Commit-Position: refs/heads/master@{#25345}
Revert "Fix for an assertion failure in Map::FindTransitionToField(...). Appeared after r25136."
This revert is made in order to revert r25099 which potentially causes renderer hangs.
R=verwaest@chromium.org
Review URL: https://codereview.chromium.org/722873004
Cr-Commit-Position: refs/heads/master@{#25332}
Don't use the generic algorithm, but instead start going into the
direction of ControlReducer, using a stack plus a revisit queue to
not miss any more possibilities for reductions anymore.
TEST=cctest,unittests
R=dcarney@chromium.org
Review URL: https://codereview.chromium.org/726513002
Cr-Commit-Position: refs/heads/master@{#25326}
There's no need to apply the 0x1f mask to right hand sides of shifts if
the input is already in range [0,31].
TEST=cctest,unittests
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/718193003
Cr-Commit-Position: refs/heads/master@{#25313}
Lowering of NumberToUint32 and NumberToInt32 was not correctly accounting for the sign of the input and the sign of the output, emitting the wrong representation changes.
Along the way, I've found cases where MachineOperatorBuilder would break if fed a machine type for loads or stores that was not cached, requiring MachineOperatorBuilder to take zone to allocate operators for these cases.
R=bmeurer@chromium.org, jarin@chromium.org
BUG=
Review URL: https://codereview.chromium.org/714613002
Cr-Commit-Position: refs/heads/master@{#25247}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25247 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This implements correct semantics for "extensible" top level lexical scope.
The entire lexical scope is represented at runtime by GlobalContextTable, reachable from native context and accumulating global contexts from every script loaded into the context.
When the new script starts executing, it does the following validation:
- checks the GlobalContextTable and global object (non-configurable own) properties against the set of declarations it introduces and reports potential conflicts.
- invalidates the conflicting PropertyCells on global object, so that any code depending on them will miss/deopt causing any contextual lookups to be reexecuted under the new bindings
- adds the lexical bindings it introduces to the GlobalContextTable
Loads and stores for contextual lookups are modified so that they check the GlobalContextTable before looking up properties on global object, thus implementing the shadowing of global object properties by lexical declarations.
R=adamk@chromium.org, rossberg@chromium.org
Review URL: https://codereview.chromium.org/705663004
Cr-Commit-Position: refs/heads/master@{#25220}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25220 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
The spec explicitly forbids them. V8 never handled them properly either, just
the Scanner accepted them (it had code to add them literally to the
LiteralBuffer) and later on, Regexp constructor disallowed them.
According to the spec, unicode escapes in regexp flags should be an early error
("It is a Syntax Error if IdentifierPart contains a Unicode escape sequence.").
Note that Scanner is still more relaxed about regexp flags than the
spec. Especially, it accepts any identifier parts (not just a small set of
letters) and doesn't check for duplicates.
R=rossberg@chromium.org
Review URL: https://codereview.chromium.org/700373003
Cr-Commit-Position: refs/heads/master@{#25215}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25215 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
During generation code and relocation info are generated simultaneously.
When code generation is done you each code object has associated "relocation info".
Relocation information lets V8 to mark interesting places in the generated code: the pointers that might need to be relocated (after garbage collection),
correspondences between the machine program counter and source locations for stack walking.
This patch:
1. Add more source positions info in reloc info to make it suitable for source level mapping.
The amount of data should not be increased dramatically because (1) V8 already marks interesting places in the generated code and
(2) V8 does not write redundant information (it writes a pair (pc_offset, pos) only if pos is changed and skips other).
I measured it on Octane benchmark - for unoptimized code the number of source positions may achieve 2x ('lin_solve' from NavierStokes benchmark).
2. When a sample happens, CPU profiler finds a code object by pc, then use its reloc info to match the sample to a source line.
If a source line is found that hit counter is increased by one for this line.
3. Add a new public V8 API to get the hit source lines by CDT CPU profiler.
Note that it's expected a minor patch in Blink to pack the source level info in JSON to be shown.
4.Add a test that checks how the samples are distributed through source lines.
It tests two cases: (1) relocation info created during code generation and (2) relocation info associated with precompiled function's version.
Patch from Denis Pravdin <denis.pravdin@intel.com>;
R=svenpanne@chromium.org, yurys@chromium.org
Review URL: https://codereview.chromium.org/682143003
Patch from Weiliang <weiliang.lin@intel.com>.
Cr-Commit-Position: refs/heads/master@{#25182}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25182 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This contains the following changes squashed together:
- Switch BasicBlock::loop_end to be a basic block instead of an RPO.
- Switch ScheduleLate to use dominator depth instead of RPO.
- Switch ScheduleEarly to use dominator depth instead of RPO.
- Push out absolute RPO ordering everywhere else in the scheduler.
- Keep linked list of blocks in RPO order while scheduling.
- Switch from RPO number to depth for dominator calculation.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/696363002
Cr-Commit-Position: refs/heads/master@{#25138}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25138 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Not clearing can lead to a crash under following conditions:
1. Backing store of a weak map is allocated in large object space.
2. The backing store is marked incrementaly via the weak map.
3. The weak map is updated and gets a new backing store.
4. The store buffer overflows and marks the chunk of the old backing store as
"scan on scavenge."
5. Mark-compact collection kills some elements of the weak map. Note that the
old backing store survives because it was marked incrementally, but its dead
elements are not cleared.
6. Scavenger iterates over the old backing store, tries to move a dead object
and crashes.
BUG=v8:3631
LOG=N
TEST=cctest/test-heap/Regress3631
R=jkummerow@chromium.org
Review URL: https://codereview.chromium.org/686783003
Cr-Commit-Position: refs/heads/master@{#25032}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25032 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This simplifies escape handling and makes it easier to extend escapes for ES6.
PushBack just before detecting ILLEGAL is unnecessary, since we will abort the
scanning / parsing anyway at that point, and it doesn't matter where the cursor
exactly is. The error messages w/ PushBack are not any better or more correct
than without.
In addition: remove a comment about handling invalid escapes gracefully when we
no longer do. (*)
This CL includes a behavioral change: For input "var r = /foobar/g\urrrr;" we
used to report "unexpected_token: ILLEGAL" for "\u", but now we report
malformed_regexp_flags which is a more correct error message. (Note that the
code for reporting invalid_regexp_flags was dead, and invalid_regexp_flags is
not the right error message.)
Note that the V8 is more relaxed about unicode escapes in regexp flags than ES6
(see
http://people.mozilla.org/~jorendorff/es6-draft.html#sec-regular-expressions )
and this CL doesn't change it. (V8 accepts any \uxxxx, ES6 spec says only a
certain value range is acceptable.)
(*) Code archaeology:
Originally, doing PushBack in ScanHexEscape made sense (see e.g., here
https://codereview.chromium.org/5063003/diff/6001/src/prescanner.h ), since we
wouldn't return ILLEGAL but treat an invalid escape sequence "\uxxxx" as
"uxxxx".
(The repo at that point contains another instance of the same function, from the
initial commit. The logic is the same.)
This behavior was changed in a "renaming" commit
https://codereview.chromium.org/7739020.
BUG=
R=rossberg@chromium.org
Review URL: https://codereview.chromium.org/684873002
Cr-Commit-Position: refs/heads/master@{#25031}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25031 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This analysis computes the set of variables that are assigned in each loop. This is useful to avoid creating redundant loop phis when building an SSA graph, which just waste memory and require analysis to get rid of.
This CL implements an AST walk for the analysis and plugs the result into the TurboFan graph builder. I left this analysis under a flag for A/B testing and until sufficient unit tests can be developed.
R=danno@chromium.org, mstarzinger@chromium.org
BUG=
Review URL: https://codereview.chromium.org/656123005
Cr-Commit-Position: refs/heads/master@{#24957}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24957 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
A FeedbackNexus is the combination of a feedback vector, a slot(s) in
the vector, along with methods to query and manipulate that information
in a type-correct way.
A CallIC will have a CallICNexus, a LoadIC a LoadICNexus, etc.,
reflecting the fact that different types of ICs configure their data
in unique ways.
This CL limits itself to introducing and using the nexus type only for
CallICs. A follow-up will use them for Load and KeyedLoadICs for the
case when the --vector-ics flag is turned on.
The notion of a Nexus is also embedded at the lowest level of the IC
class. This makes sense because more ICs should become vector-based
in the future.
R=ishell@chromium.org
Review URL: https://codereview.chromium.org/683933002
Cr-Commit-Position: refs/heads/master@{#24952}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24952 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
A FeedbackNexus is the combination of a feedback vector, a slot(s) in
the vector, along with methods to query and manipulate that information
in a type-correct way.
A CallIC will have a CallICNexus, a LoadIC a LoadICNexus, etc.,
reflecting the fact that different types of ICs configure their data
in unique ways.
This CL limits itself to introducing and using the nexus type only for
CallICs. A follow-up will use them for Load and KeyedLoadICs for the
case when the --vector-ics flag is turned on.
The notion of a Nexus is also embedded at the lowest level of the IC
class. This makes sense because more ICs should become vector-based
in the future.
This CL is based on https://codereview.chromium.org/679073002/ which
should land first.
BUG=
R=ishell@chromium.org
Review URL: https://codereview.chromium.org/680883004
Cr-Commit-Position: refs/heads/master@{#24945}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24945 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
ES6 no longer makes duplicate properties an error. However, we
continue to treat duplicate properties in strict mode object
literals as errors. With this change we allow duplicate properties
in class bodies. We continue to flag duplicate constructors as an
error as required by ES6.
BUG=v8:3570
LOG=Y
R=marja@chromium.org
Review URL: https://codereview.chromium.org/677953004
Cr-Commit-Position: refs/heads/master@{#24933}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24933 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Allow reservation of additional input capacity when creating nodes to prevent switching to deque representation when adding well-known additional inputs.
Also ensure that only a single temporary buffer is used to create temporary input arrays before allocating nodes.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/644083003
Cr-Commit-Position: refs/heads/master@{#24896}
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@24896 ce2b1a6d-e550-0410-aec6-3dcde31c8c00