Commit Graph

7649 Commits

Author SHA1 Message Date
Clemens Hammacher
7d8a3028dd [wasm] Fix code specialization for empty memory buffer
From asm.js code we might get an empty ArrayBuffer as heap memory. In
this case, both the old memory start and the new memory start will be
nullptr. The size however has to be patched from default_size to 0.

This CL changes code specialization to be able to either patch memory
references, or patch memory sizes or both.

R=titzer@chromium.org, ahaas@chromium.org
BUG=chromium:698587

Change-Id: I4d9d811d75cb83842f23df317e8e7fc02aeb5146
Reviewed-on: https://chromium-review.googlesource.com/450257
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43613}
2017-03-06 13:39:54 +00:00
addaleax
de1461b7ef Drop UniqueId from include/v8.h
It's unused since March 2 2017 (https://chromium-review.googlesource.com/448539).
This removes it assuming that leaving it in the header was an oversight.

BUG=v8:5828

Review-Url: https://codereview.chromium.org/2732803002
Cr-Commit-Position: refs/heads/master@{#43605}
2017-03-06 10:58:01 +00:00
bakkot
baa74e89b6 [parser] Correctly handle invalid escapes in adjacent template tokens.
A previous patch lifting the restriction on invalid escape sequences in
tagged templates had a bug when two template tokens appeared immediately
adject to each other. This moves invalid escape information from the
tokenizer state proper into the TokenDesc, preventing the overwriting
which caused this issue.

Previous CL is at
https://codereview.chromium.org/2665513002

BUG=v8:6029,v8:5546

Review-Url: https://codereview.chromium.org/2724003006
Cr-Commit-Position: refs/heads/master@{#43596}
2017-03-03 22:08:57 +00:00
bmeurer
9ef1e35bc6 [turbofan] Drop obsolete unused JSStrictNotEqual operator.
We don't need the JSStrictNotEqual operator in the compiler, because
this is never generated by the BytecodeGraphBuilder, and the code in
the AstGraphBuilder was dead code. Also remove the backing builtin
StrictNotEqual.

R=mstarzinger@chromium.org
BUG=v8:5267

Review-Url: https://codereview.chromium.org/2727003006
Cr-Commit-Position: refs/heads/master@{#43594}
2017-03-03 17:59:21 +00:00
Marja Hölttä
5178fa0e76 [parser] Skipping inner funcs: add tests.
BUG=v8:5516
R=verwaest@chromium.org

Change-Id: Ica04f74788a4812128bce1297aeee23f8c3bec3d
Reviewed-on: https://chromium-review.googlesource.com/449675
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43591}
2017-03-03 15:01:12 +00:00
clemensh
7f68cbbffa [wasm] Prepare WasmCompilationUnit for lazy compilation
In lazy compilation, we only compile one function at a time, and we
might not have the wire bytes of the whole module available.
This CL prepares the WasmCompilationUnit for this setting.
It will also be helpful for streaming compilation.

Also, the ErrorThrower (which might heap-allocate) is not stored in the
WasmCompilationUnit any more. Instead, it is passed to the
FinishCompilation method which is allowed to heap-allocate.

R=titzer@chromium.org, ahaas@chromium.org
BUG=v8:5991

Review-Url: https://codereview.chromium.org/2726553003
Cr-Commit-Position: refs/heads/master@{#43573}
2017-03-03 09:47:39 +00:00
loorongjie
dbac977011 Reland Migrate Object.prototype.valueOf to CSA
Original issue: https://codereview.chromium.org/2724833002/

BUG=v8:6005
CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel
R=bmeurer@chromium.org,yangguo@chromium.org

Review-Url: https://codereview.chromium.org/2725053007
Cr-Commit-Position: refs/heads/master@{#43566}
2017-03-03 06:30:26 +00:00
aseemgarg
8b130a8495 [wasm] Implement simd lowering for F32x4 and I32x4 compare ops
R=bbudge@chromium.org,titzer@chromium.org,gdeepti@chromium.org,bradnelson@chromium.org,mtrofin@chromium.org
BUG=v8:6020

Review-Url: https://codereview.chromium.org/2728823005
Cr-Commit-Position: refs/heads/master@{#43562}
2017-03-03 02:31:44 +00:00
aseemgarg
81ad6b521f [wasm]implement simd lowering for f32x4->i32x4, i32x4 min/max and shift instructions
This fixes and relands https://codereview.chromium.org/2718323003.

R=bbudge@chromium.org,titzer@chromium.org,ahaas@chromium.org,machenbach@chromium.org,bradnelson@chromium.org
BUG=v8:6020

Review-Url: https://codereview.chromium.org/2724973003
Cr-Commit-Position: refs/heads/master@{#43561}
2017-03-03 02:04:07 +00:00
bbudge
386e5a1149 Implement remaining Boolean SIMD operations on ARM.
- Implements Select instructions using a single ARM vbsl instruction.
- Renames boolean machine operators to match renamed S1xN machine types.
- Implements S1xN vector logical ops, AND, OR, XOR, NOT for ARM.
- Implements S1xN AnyTrue, AllTrue ops for ARM.
- Eliminates unused SIMD op categories in opcodes.h.

LOG=N
BUG=v8:6020

Review-Url: https://codereview.chromium.org/2711863002
Cr-Commit-Position: refs/heads/master@{#43556}
2017-03-02 19:50:33 +00:00
ahaas
91cd070769 [arm64][turbofan] Tst instructions can have a shifted operand.
This CL fixes a bug in the implementation of the code generation of
kArm64Tst32, where the shift input operand of kArm64Tst32 was ignored.
Please take a special look at the fix in kArm64Tst. I applied the fix
there as well, but because of differences in the instruction selector
I was not able to write a test for it.

R=v8-arm-ports@googlegroups.com
BUG=v8:6028

Review-Url: https://codereview.chromium.org/2729853003
Cr-Commit-Position: refs/heads/master@{#43555}
2017-03-02 19:46:09 +00:00
Michael Lippautz
78867ad870 Remove object grouping
Enbedders should switch to EmbedderHeapTracer API.

BUG=v8:5828

Change-Id: I82f2bc583d246617865a17f5904e02cd35f92fec
Reviewed-on: https://chromium-review.googlesource.com/448539
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43551}
2017-03-02 17:53:07 +00:00
machenbach
d7cb3cfc91 Revert of Migrate Object.prototype.valueOf to CSA (patchset #4 id:80001 of https://codereview.chromium.org/2724833002/ )
Reason for revert:
Breaks layout tests:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/13900

See also:
https://github.com/v8/v8/wiki/Blink-layout-tests

Original issue's description:
> Migrate Object.prototype.valueOf to CSA
>
> BUG=v8:6005
>
> Review-Url: https://codereview.chromium.org/2724833002
> Cr-Commit-Position: refs/heads/master@{#43539}
> Committed: f93b27e639

TBR=bmeurer@chromium.org,yangguo@chromium.org,loorongjie@gmail.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:6005

Review-Url: https://codereview.chromium.org/2730573004
Cr-Commit-Position: refs/heads/master@{#43547}
2017-03-02 14:26:45 +00:00
loorongjie
f93b27e639 Migrate Object.prototype.valueOf to CSA
BUG=v8:6005

Review-Url: https://codereview.chromium.org/2724833002
Cr-Commit-Position: refs/heads/master@{#43539}
2017-03-02 12:57:21 +00:00
clemensh
fa8dba0e86 [wasm] Several unrelated cleanups
Most are minor performance optimizations that aggregated while implementing
other changes. Those fixes will probably not be visible in perf graphs, but
they bothered me anyway.

R=titzer@chromium.org, ahaas@chromium.org

Review-Url: https://codereview.chromium.org/2714373003
Cr-Commit-Position: refs/heads/master@{#43535}
2017-03-02 10:42:22 +00:00
bbudge
f3d26d3d55 [WASM] Fix failing Wasm SIMD F32x4 tests.
- Perform lane checks using FP compare instead of reinterpret casts. 0 and -0
will be different under I32 compare.
- Some arithmetic operations can generate NaN results, such as adding -Inf
and +Inf. Skip these tests until we have a way to do more sophisticated
FP comparisons in the SIMD tests.
- Eliminate a redundant F32x4 parameter for FP SIMD vector checking. We will only have this one FP type.

LOG=N
BUG=v8:6020

Review-Url: https://codereview.chromium.org/2594043002
Cr-Original-Commit-Position: refs/heads/master@{#42154}
Committed: 5560bbb498
Review-Url: https://codereview.chromium.org/2594043002
Cr-Commit-Position: refs/heads/master@{#43528}
2017-03-01 23:31:47 +00:00
Marja Hölttä
12c2c15310 [parser] Skipping inner funcs: arrow functions now work too.
BUG=v8:5516
R=verwaest@chromium.org

Change-Id: I1bb88e981b81fec85ba6da314e3be927085e6e76
Reviewed-on: https://chromium-review.googlesource.com/447438
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43526}
2017-03-01 20:21:06 +00:00
bmeurer
0b3e554e03 Revert of [wasm] Initial signal handler (patchset #56 id:1090001 of https://codereview.chromium.org/2371833007/ )
Reason for revert:
Breaks tree, i.e. https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20ASAN/builds/18928/steps/Check/logs/grow-memory

Original issue's description:
> [wasm] Initial signal handler
>
> This is basically the minimum viable signal handler for Wasm bounds checks.
> It includes the TLS check and the fine grained instructions checks. These
> two checks provide most of the safety for the signal handler. Future CLs will
> add code range and data range checks for more robustness.
>
> The trap handling code and data structures are all in src/trap-handler, with
> the code that actually runs in the signal handler confined to
> src/trap-handler/signal-handler.cc.
>
> This changes adds a new V8 API that the embedder should call from a signal
> handler that will give V8 the chance to handle the fault first. For hosts that
> do not want to implement their own signal handler, we include the option to
> install a simple one. This simple handler is also used for the tests.
>
> When a Wasm module is instantiated, information about each function is passed
> to the trap handler, which is used to classify faults. These are removed during
> the instance finalizer.
>
> Several future enhancements are planned before turning this on by default.
> Obviously, the additional checks will be added to MaybeHandleFault. We are
> also planning to add a two-level CodeObjectData table that is grouped by
> isolates to make cleanup easier and also reduce potential for contending on
> a single data structure.
>
> BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277
>
> Review-Url: https://codereview.chromium.org/2371833007
> Cr-Commit-Position: refs/heads/master@{#43523}
> Committed: a5af7fe9ee

TBR=ahaas@chromium.org,bradnelson@google.com,hpayer@chromium.org,jochen@chromium.org,mark@chromium.org,mseaborn@chromium.org,titzer@chromium.org,eholk@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277

Review-Url: https://codereview.chromium.org/2723133003
Cr-Commit-Position: refs/heads/master@{#43525}
2017-03-01 19:47:27 +00:00
eholk
a5af7fe9ee [wasm] Initial signal handler
This is basically the minimum viable signal handler for Wasm bounds checks.
It includes the TLS check and the fine grained instructions checks. These
two checks provide most of the safety for the signal handler. Future CLs will
add code range and data range checks for more robustness.

The trap handling code and data structures are all in src/trap-handler, with
the code that actually runs in the signal handler confined to
src/trap-handler/signal-handler.cc.

This changes adds a new V8 API that the embedder should call from a signal
handler that will give V8 the chance to handle the fault first. For hosts that
do not want to implement their own signal handler, we include the option to
install a simple one. This simple handler is also used for the tests.

When a Wasm module is instantiated, information about each function is passed
to the trap handler, which is used to classify faults. These are removed during
the instance finalizer.

Several future enhancements are planned before turning this on by default.
Obviously, the additional checks will be added to MaybeHandleFault. We are
also planning to add a two-level CodeObjectData table that is grouped by
isolates to make cleanup easier and also reduce potential for contending on
a single data structure.

BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277

Review-Url: https://codereview.chromium.org/2371833007
Cr-Commit-Position: refs/heads/master@{#43523}
2017-03-01 18:02:13 +00:00
machenbach
88c240bda5 Revert of [wasm]implement simd lowering for f32x4->i32x4, i32x4 min/max and shift instructions (patchset #2 id:20001 of https://codereview.chromium.org/2718323003/ )
Reason for revert:
breaks nosse4:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20debug/builds/13871

Original issue's description:
> [wasm]implement simd lowering for f32x4->i32x4, i32x4 min/max and shift instructions
>
> BUG=v8:4124
> R=bradnelson@chromium.org,bbudge@chromium.org,gdeepti@chromium.org,mtrofin@chromium.org,titzer@chromium.org
>
> Review-Url: https://codereview.chromium.org/2718323003
> Cr-Commit-Position: refs/heads/master@{#43510}
> Committed: f75748cf4c

TBR=bbudge@chromium.org,bradnelson@chromium.org,gdeepti@chromium.org,mtrofin@chromium.org,titzer@chromium.org,aseemgarg@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4124

Review-Url: https://codereview.chromium.org/2723943003
Cr-Commit-Position: refs/heads/master@{#43512}
2017-03-01 12:39:48 +00:00
aseemgarg
f75748cf4c [wasm]implement simd lowering for f32x4->i32x4, i32x4 min/max and shift instructions
BUG=v8:4124
R=bradnelson@chromium.org,bbudge@chromium.org,gdeepti@chromium.org,mtrofin@chromium.org,titzer@chromium.org

Review-Url: https://codereview.chromium.org/2718323003
Cr-Commit-Position: refs/heads/master@{#43510}
2017-03-01 11:39:10 +00:00
aseemgarg
a727f9e8c0 [wasm]implement simd lowering for simple F32x4 and I32x4 unops
BUG=v8:4124
R=bradnelson@chromium.org,bbudge@chromium.org,gdeepti@chromium.org,mtrofin@chromium.org,titzer@chromium.org

Review-Url: https://codereview.chromium.org/2726453003
Cr-Commit-Position: refs/heads/master@{#43509}
2017-03-01 11:13:00 +00:00
aseemgarg
e6b9f07d43 [wasm]disable F32x4 and I32x4 cross ops test for arm as they break chromebook build
BUG=v8:4124
R=bradnelson@chromium.org,bbudge@chromium.org,gdeepti@chromium.org

Review-Url: https://codereview.chromium.org/2723823002
Cr-Commit-Position: refs/heads/master@{#43504}
2017-02-28 21:53:05 +00:00
Georg Neis
1c578f2477 Fix completion value of class declarations.
BUG=v8:6022

Change-Id: I54205cb3ecc2dd31ed62e55726f0ec5fcd202c30
Reviewed-on: https://chromium-review.googlesource.com/446349
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43500}
2017-02-28 19:36:45 +00:00
Georg Neis
ae66dcbec0 [modules] Make Module::Evaluate return the completion value.
This is more useful than always returning undefined.

BUG=v8:1569,v8:5978

Change-Id: Id10cf87f7865db1a85de412460eaead4e4bf3b62
Reviewed-on: https://chromium-review.googlesource.com/446846
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43498}
2017-02-28 19:02:32 +00:00
Marja Hölttä
14ac291a03 [parser] Skipping inner funcs: simplify rest parameter handling.
With the params (a, b, ...c) the param / variable declaration order used to be
"temp, temp, c, a, b". Now it is "temp, temp, a, b, c" as you'd expect. This
makes it easier for PreParser to match the parameter order of Parser.

R=verwaest@chromium.org
BUG=v8:5516

Change-Id: I79da04ef3f812bf52c032bed6263c009fecb7988
Reviewed-on: https://chromium-review.googlesource.com/447677
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43490}
2017-02-28 15:08:31 +00:00
machenbach
a6b20adbf9 Revert of Add several SIMD opcodes to IA32 (patchset #9 id:160001 of https://codereview.chromium.org/2695613004/ )
Reason for revert:
Fails with nosse4:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20debug/builds/13853

Original issue's description:
> Add several SIMD opcodes to IA32
>
> CreateInt32x4, Int32x4ExtractLane, Int32x4ReplaceLane
> Int32x4Add, Int32x4Sub
>
> Also add paddd and psubd to ia32-assembler
>
> BUG=
>
> Review-Url: https://codereview.chromium.org/2695613004
> Cr-Commit-Position: refs/heads/master@{#43483}
> Committed: 4deb9ffdec

TBR=bbudge@chromium.org,gdeepti@chromium.org,bmeurer@chromium.org,jing.bao@intel.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review-Url: https://codereview.chromium.org/2717423003
Cr-Commit-Position: refs/heads/master@{#43489}
2017-02-28 14:54:28 +00:00
jing.bao
4deb9ffdec Add several SIMD opcodes to IA32
CreateInt32x4, Int32x4ExtractLane, Int32x4ReplaceLane
Int32x4Add, Int32x4Sub

Also add paddd and psubd to ia32-assembler

BUG=

Review-Url: https://codereview.chromium.org/2695613004
Cr-Commit-Position: refs/heads/master@{#43483}
2017-02-28 13:35:22 +00:00
Marja Hölttä
fc8922e448 [iwyu|arm] Pre-work for removing unallowed include macro-assembler.h -> assembler-inl.h
The x64 side is included in https://chromium-review.googlesource.com/c/444226/

BUG=v8:5294

Change-Id: Ie255604c5e38c72e3c2b76e1ca3557a5fde108ee
Reviewed-on: https://chromium-review.googlesource.com/446394
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43481}
2017-02-28 13:31:30 +00:00
aseemgarg
048a0a13e7 Revert "Revert of [Atomics] Implement ldaxr/stlxr instructions in ARM64 simulator (patchset #8 id:140001 of https://codereview.chromium.org/2711473002/ )"
This reverts commit 2362f869a4.

BUG=v8:4614

Review-Url: https://codereview.chromium.org/2720133004
Cr-Commit-Position: refs/heads/master@{#43467}
2017-02-28 03:31:39 +00:00
aseemgarg
7f5701507d [wasm]implement simd lowering for F32x4 and I32x4 binops
BUG=v8:4124
R=bradnelson@chromium.org,bbudge@chromium.org,gdeepti@chromium.org

Review-Url: https://codereview.chromium.org/2713613005
Cr-Commit-Position: refs/heads/master@{#43465}
2017-02-27 23:45:03 +00:00
littledan
2362f869a4 Revert of [Atomics] Implement ldaxr/stlxr instructions in ARM64 simulator (patchset #8 id:140001 of https://codereview.chromium.org/2711473002/ )
Reason for revert:
The tree is closed due to an msan violation (use of uninitialized value) in the arm64 simulator soon after this patch landed; this seems related

https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/builds/13607/steps/Check/logs/simulator_invalidate_..

Original issue's description:
> [Atomics] Implement ldaxr/stlxr instructions in ARM64 simulator
>
> BUG=v8:4614
> R=binji@chromium.org
>
> Review-Url: https://codereview.chromium.org/2711473002
> Cr-Commit-Position: refs/heads/master@{#43461}
> Committed: a2a2c1b9ee

TBR=binji@chromium.org,jarin@chromium.org,jacob.bramley@arm.com,aseemgarg@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4614

Review-Url: https://codereview.chromium.org/2720133003
Cr-Commit-Position: refs/heads/master@{#43463}
2017-02-27 22:47:14 +00:00
binji
5a04f4fd68 This is a speculative chain of reverts to improve a Chrome
perf regression. See crbug.com/695653 for more info.

Revert "[SAB] Move Atomics builtins to C++"

This reverts commit 2b9840d86f.

Revert "[SAB] Remove unreachable Uint8Clamped atomics paths"

This reverts commit d1160fb14f.

Revert "Remove tiny unit test for MinSimple/MaxSimple"

This reverts commit 837760ecb7.

Revert "Remove infrastructure for experimental JS natives"

This reverts commit 8cfe45b6f1.

BUG=695653
TBR=hablich@chromium.org

Review-Url: https://codereview.chromium.org/2715223003
Cr-Commit-Position: refs/heads/master@{#43462}
2017-02-27 22:26:27 +00:00
aseemgarg
a2a2c1b9ee [Atomics] Implement ldaxr/stlxr instructions in ARM64 simulator
BUG=v8:4614
R=binji@chromium.org

Review-Url: https://codereview.chromium.org/2711473002
Cr-Commit-Position: refs/heads/master@{#43461}
2017-02-27 22:12:17 +00:00
Toon Verwaest
0e21a147db [runtime] Feed back normalization to constructors (behind flag)
When an instance of a constructor goes dictionary mode, this changes the initial map
of that constructor to also be in dictionary mode. This avoids spurious hidden class
creation, that also results in IC misses.

BUG=

Change-Id: I0e70f822ac345d0224f2092ec473621a603d4cc5
Reviewed-on: https://chromium-review.googlesource.com/446361
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43452}
2017-02-27 13:56:14 +00:00
caitp
0423341034 [async-iteration] implement Async-from-Sync Iterator
Introduce a new Object to allow GetIterator("async") to function when the
iterable does not have a Symbol.asyncIterator method.

This patch has been split out from https://codereview.chromium.org/2622833002/
and incorporates test cases.

BUG=v8:5855, v8:4483
R=jgruber@chromium.org, rmcilroy@chromium.org, neis@chromium.org
TBR=hpayer@chromium.org, bmeurer@chromium.org

Review-Url: https://codereview.chromium.org/2645313003
Cr-Commit-Position: refs/heads/master@{#43419}
2017-02-24 17:48:49 +00:00
adamk
8cfe45b6f1 Remove infrastructure for experimental JS natives
Now that no harmony-flagged features are implemented in experimental
JS, most of this is simply dead code.

As PostExperimentals() is no longer needed, I also removed the use of
Import() in the debug context, allowing the deletion of PostDebug()
along with PostExperimentals(); cleanup code is moved to the
end of PostNatives.

Also gets rid of some longer-dead code in prologue.js related to
TypedArrays, and some duplicate code for setting up SharedArrayBuffer
builtins.

Review-Url: https://codereview.chromium.org/2705293004
Cr-Commit-Position: refs/heads/master@{#43418}
2017-02-24 17:43:28 +00:00
franzih
0ba513f056 [api] Fix DescriptorInterceptor with access check.
The DescriptorInterceptor should intercept all
Object.getOwnPropertyDescriptor calls. This CL fixes
the interceptor's behavior if the iterator state is
ACCESS_CHECK.

BUG=

Review-Url: https://codereview.chromium.org/2707263002
Cr-Commit-Position: refs/heads/master@{#43417}
2017-02-24 16:34:02 +00:00
Marja Hölttä
6b5ab92315 [parser] Skipping inner funcs: omit uninteresting scopes in the data.
This is also needed so that PreParser doesn't need to gather more data for arrow
function params in order to create the uninteresting varblock scopes matching
the scopes created in Parser::BuildParameterInitializationBlock.

This cancels the changes in https://chromium-review.googlesource.com/c/444747
which make PreParser create uninteresting scopes for the normal (non-arrow)
function "eval in default param" case.

R=vogelheim@chromium.org
BUG=v8:5516

Change-Id: I8957ac0796d8738c63492f7928bca6f00e4b4241
Reviewed-on: https://chromium-review.googlesource.com/446339
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43411}
2017-02-24 12:20:25 +00:00
Marja Hölttä
2a2fc69221 [parser] Skipping inner funcs: enable more strict mode tests.
Non-simple parameters are only disallowed when a function declares itself
strict, but they're otherwise ok in strict mode.

Enabling these tests will expose more problems when scope data for arrow
functions is tested (in a future CL).

BUG=v8:5516
R=vogelheim@chromium.org

Change-Id: I839ad37d46305975a56aff20e8ca70505c16bf1d
Reviewed-on: https://chromium-review.googlesource.com/446497
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43389}
2017-02-23 12:53:32 +00:00
Marja Hölttä
83849da70f [iwyu] Pre-work for removing unallowed include macro-assembler.h -> assembler-inl.h
BUG=v8:5294

Change-Id: If45f25aae8de526027b7851cb4efe0ccf4a7c4b1
Reviewed-on: https://chromium-review.googlesource.com/444226
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43388}
2017-02-23 12:10:21 +00:00
bakkot
18e4c46de5 [parser] Lift template literal invalid escape restriction
This implements the proposal at
https://github.com/tc39/proposal-template-literal-revision
staged behind a flag --harmony-template-escapes. The proposal allows
invalid octal, unicode, and hexadecimal escape sequences to appear in
tagged template literals, instead of being a syntax error. These have
a 'cooked' value of 'undefined', but are still accessible through the
'raw' property.

BUG=v8:5546

Review-Url: https://codereview.chromium.org/2665513002
Cr-Commit-Position: refs/heads/master@{#43384}
2017-02-22 21:20:32 +00:00
Andreas Haas
73d45c9630 [wasm] Use builtins wrappers for traps
With this CL the out-of-line code of TrapIf will call a builtin instead
of doing a direct runtime call, which is cheaper. In the best case, the
out-of-line code now consists of a single call instruction. The builtin
will load the trapID and then call the runtime to throw a trap.

R=titzer@chromium.org, clemensh@chromium.org

Change-Id: I8a75ba09f40236a3d5cbdc17c1317baf0a3c915a
Reviewed-on: https://chromium-review.googlesource.com/445937
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43366}
2017-02-22 12:01:02 +00:00
yangguo
901c29eb1c [inspector] extend protocol for code coverage.
R=jgruber@chromium.org, kozyatinskiy@chromium.org, pfeldman@chromium.org
BUG=v8:5808

Review-Url: https://codereview.chromium.org/2700743002
Cr-Commit-Position: refs/heads/master@{#43363}
2017-02-22 10:21:57 +00:00
Ross McIlroy
e2de1b8696 Add support to IdentityMap for deletion, iteration and AllocationPolicy.
In order to use the IdentityMap in the CompilerDispatcher the following
support is added:
 - Support for deleting entries
 - Support for iterating through the entries.
 - Support for AllocationPolicy to enable non-zone allocation of backing
   stores.
 - Also refactors the code a bit.

BUG=v8:5203

Change-Id: I8b616cba8ae9dc22a7f4d76070fbb318c4edc80d
Reviewed-on: https://chromium-review.googlesource.com/444409
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43362}
2017-02-22 10:20:15 +00:00
dcheng
96eda1f7d1 Fix receiver checks for v8::Function on a remote context receiver.
v8 allows the embedder to specify a global template to use when
creating a new context. However, v8 does not use the supplied
template directly when creating the global proxy: it creates a
unique template for each global proxy. However, this is problematic
for remote contexts: functions cannot use strict receiver checks
with the remote context, as the global template will never match
the global proxy.

To fix this, remote contexts now also include a remote global
object in the prototype chain that is instantiated with the global
template. This mirrors the way the global proxy is configured for a
full v8 context, and allows strict receiver checks to work.

BUG=527190

Review-Url: https://codereview.chromium.org/2677653002
Cr-Commit-Position: refs/heads/master@{#43361}
2017-02-22 10:13:24 +00:00
yangguo
3f303da292 [debugger] remove debugger statement support from FCG/CS.
R=mstarzinger@chromium.org

Review-Url: https://codereview.chromium.org/2650193002
Cr-Original-Commit-Position: refs/heads/master@{#42892}
Committed: eef855a1dc
Review-Url: https://codereview.chromium.org/2650193002
Cr-Commit-Position: refs/heads/master@{#43360}
2017-02-22 08:45:09 +00:00
clemensh
e6819ee286 [wasm] Test argument passing in the interpreter entry
Test the wasm interpreter entry stub by creating two wasm functions A
and B, make A pass arguments to B, then redirect B to be executed in the
interpreter.
Test different number and types or arguments.

BUG=v8:5822
R=titzer@chromium.org

Review-Url: https://codereview.chromium.org/2651793003
Cr-Commit-Position: refs/heads/master@{#43353}
2017-02-21 18:21:31 +00:00
mtrofin
caa1d4b262 [wasm] Managed<T> ensures T's lifetime does not leak past Isolate's
Native resources allocated by v8, as internal implementation detail,
and held by a Foreign object, must be released when the Isolate is
torn down. Example: wasm::WasmModule allocated by wasm compile, and
held throughout the lifetime of the WebAssembly.Module object.

This change:
- Extends Managed<CppType> with a mechanism for doing just that
- Separates the role of Managed<CppType> to be strictly an owner of
the lifetime of the native resource. For cases where that's not
desirable, we can polymorphically use Foregin.
- moves managed.h out of wasm, since it's not wasm-specific.

BUG=680065

Review-Url: https://codereview.chromium.org/2676513008
Cr-Commit-Position: refs/heads/master@{#43350}
2017-02-21 17:23:38 +00:00
bbudge
9fe0b4c708 [V8] Implement SIMD Boolean vector types to allow mask registers.
- Adds new machine types SimdBool4/8/16 for the different boolean vector types.
- Adds a kSimdMaskRegisters flag for each platform. These are all false for now.
- Removes Create, ExtractLane, ReplaceLane, Equal, NotEqual, Swizzle and Shuffle
  opcodes from the Boolean types. These are unlikely to be well supported natively,
  and can be synthesized using Select.
- Changes the signature of Relational opcodes to return boolean vectors.
- Changes the signature of Select opcodes to take boolean vectors.
- Updates the ARM implementation of Relational and Select opcodes.

LOG=N
BUG=v8:4124

Review-Url: https://codereview.chromium.org/2700813002
Cr-Commit-Position: refs/heads/master@{#43348}
2017-02-21 16:45:30 +00:00
Marja Hölttä
7a457c711b [parser] Skipping inner funcs: params part 5
Handle eval in default parameters.

BUG=v8:5516
R=vogelheim@chromium.org

Change-Id: Ib6543a4aef9a3cc9636e65d0337bc269c8a079dc
Reviewed-on: https://chromium-review.googlesource.com/444747
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43328}
2017-02-20 16:37:24 +00:00
yangguo
46290669d1 [serializer] allow duplicate API external references.
Due to link-time optimizations functions with same code
can be folded into one, resulting in duplicate references.

R=jochen@chromium.org, peria@chromium.org
BUG=chromium:617892

Review-Url: https://codereview.chromium.org/2707903002
Cr-Commit-Position: refs/heads/master@{#43317}
2017-02-20 12:52:53 +00:00
Marja Hölttä
6b5f7d23dc [parser] Skipping inner funcs: add tests for strict mode.
BUG=v8:5516
R=vogelheim@chromium.org

Change-Id: I7a39e49cc569b87064e5ac6764f4e3a65b2c6d11
Reviewed-on: https://chromium-review.googlesource.com/444765
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43311}
2017-02-20 10:56:12 +00:00
titzer
df834f3ff2 [wasm] Split the compilation and instantiation API into sync and async methods.
This makes it easier to implement asynchronous compilation by hiding all the implementation details of both synchronous and asynchronous compilation within wasm-module.cc, whereas before the code in wasm-js.cc actually implemented asynchronous compilation in terms of synchronous.

BUG=

Review-Url: https://codereview.chromium.org/2695813005
Cr-Commit-Position: refs/heads/master@{#43310}
2017-02-20 10:41:57 +00:00
danno
1b3c4afcad Revert of [interpreter] Create custom call opcodes for specific argument counts (patchset #13 id:240001 of https://codereview.chromium.org/2684993002/ )
Reason for revert:
Due to arm64 failures

Original issue's description:
> [interpreter] Create custom call opcodes for specific argument counts
>
> Specifically, add bytecodes for Call0, Call1, Call2, CallProperty0, CallProperty1,
> and CallProperty2. Also share the bytecode handler code between between
> equivalent CallX and CallPropertyX handlers.
>
> Review-Url: https://codereview.chromium.org/2684993002
> Cr-Commit-Position: refs/heads/master@{#43290}
> Committed: 00d6f1f80a

TBR=rmcilroy@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.

Review-Url: https://codereview.chromium.org/2709533002
Cr-Commit-Position: refs/heads/master@{#43308}
2017-02-20 09:51:19 +00:00
dcheng
40b74d04da Make CreationContext() not crash when there is no creation context.
Remote objects don't have a creation context.

BUG=527190

Review-Url: https://codereview.chromium.org/2693203003
Cr-Commit-Position: refs/heads/master@{#43306}
2017-02-20 09:47:14 +00:00
danno
00d6f1f80a [interpreter] Create custom call opcodes for specific argument counts
Specifically, add bytecodes for Call0, Call1, Call2, CallProperty0, CallProperty1,
and CallProperty2. Also share the bytecode handler code between between
equivalent CallX and CallPropertyX handlers.

Review-Url: https://codereview.chromium.org/2684993002
Cr-Commit-Position: refs/heads/master@{#43290}
2017-02-17 17:57:22 +00:00
Igor Sheludko
76c65af808 [csa] Rename GotoUnless to GotoIfNot.
BUG=

Change-Id: Ifc441739ef730a0b2278be0b662413c223631a72
Reviewed-on: https://chromium-review.googlesource.com/444190
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43288}
2017-02-17 17:04:18 +00:00
Igor Sheludko
a85f27d8a4 [ic] Introduce StoreOwnIC.
... which is used for initializing properties with non compile time values.

Currently we use StoreOwnIC only for storing properties that already exist
in the boilerplate therefore we can reuse StoreIC dispatcher.
The proper StoreOwnIC dispatcher will be implemented in a separate CL.

BUG=v8:5495, v8:4414

Change-Id: I9c33fdb8499ec5be2c7fce1ecb6ce7aa285e5844
Reviewed-on: https://chromium-review.googlesource.com/443588
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43285}
2017-02-17 15:55:33 +00:00
ulan
9e187ea91b [heap] Remove Heap::TracePath* functions.
The functions do not work correctly with concurrent sweeper and they
do not take weak references into account.

The latter is a fundamental problem for this tracing approach.

BUG=

Review-Url: https://codereview.chromium.org/2707433002
Cr-Commit-Position: refs/heads/master@{#43284}
2017-02-17 15:06:58 +00:00
Michael Lippautz
a84b23399e Remove some unused flags
BUG=

Change-Id: I7542ada0eb557b5b813396f7d250549abb880f91
Reviewed-on: https://chromium-review.googlesource.com/444408
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43283}
2017-02-17 14:46:51 +00:00
Marja Hölttä
3ee21f289b [parser] Skipping inner funcs: params part 4
Add some tests which already pass.

BUG=v8:5516
R=vogelheim@chromium.org

Change-Id: Icf5cf5e40010deb2efb69dea750661854b055566
Reviewed-on: https://chromium-review.googlesource.com/444744
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43278}
2017-02-17 12:19:35 +00:00
Toon Verwaest
0a8de761ff Remove unused Box type
BUG=

Change-Id: Ie7a8327fac62a0608b60cf9f0f072f979ac4fd76
Reviewed-on: https://chromium-review.googlesource.com/443528
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@google.com>
Cr-Commit-Position: refs/heads/master@{#43269}
2017-02-17 10:06:22 +00:00
jwolfe
d1d4b9ce51 Implement new Function.prototype.toString --harmony-function-tostring
For functions declared in source code, the .toString() representation
will be an excerpt of the source code.
* For functions declared with the "function" keyword, the excerpt
  starts at the "function" or "async" keyword and ends at the final "}".
  The previous behavior would start the excerpt at the "(" of the
  parameter list, and prepend a canonical `"function " + name` or
  similar, which would discard comments and formatting surrounding the
  function's name. Anonymous functions declared as function expressions
  no longer get the name "anonymous" in their toString representation.
* For methods, the excerpt starts at the "get", "set", "*" (for
  generator methods), or property name, whichever comes first.
  Previously, the toString representation for methods would use a
  canonical prefix before the "(" of the parameter list. Note that any
  "static" keyword is omitted.
* For arrow functions and class declarations, the excerpt is unchanged.

For functions created with the Function, GeneratorFunction, or
AsyncFunction constructors:
* The string separating the parameter text and body text is now
  "\n) {\n", where previously it was "\n/*``*/) {\n" or ") {\n".
* At one point, newline normalization was required by the spec here,
  but that was removed from the spec, and so this CL does not do it.

Included in this CL is a fix for CreateDynamicFunction parsing. ')'
and '`' characters in the parameter string are no longer disallowed,
and Function("a=function(", "}){") is no longer allowed.

BUG=v8:4958, v8:4230

Review-Url: https://codereview.chromium.org/2156303002
Cr-Commit-Position: refs/heads/master@{#43262}
2017-02-16 20:19:24 +00:00
Marja Hölttä
712800a636 [parser] Skipping inner funcs: params part 3
Produce the same scopes / variables for parameters (part 3).

This CL fixes the ordering + variable types in PreParser when there are
simple parameters + a rest parameter. In that case, Parser declares
unnamed temporaries for the non-rest params, then the rest param, then
the named variables (which are not parameters) for the non-rest params.

BUG=v8:5516
R=vogelheim@chromium.org

Change-Id: I9b006595039c8002b0508d1d2a200aa9a0f3eae0
Reviewed-on: https://chromium-review.googlesource.com/443527
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43241}
2017-02-16 10:24:52 +00:00
Marja Hölttä
d21621cf35 [parser] No need to collect literal counts.
Patch adopted from mvstanton@ ( https://codereview.chromium.org/2657413002/ )

BUG=

Change-Id: I4296b3d5694116e250a6bb88296fbed0f0c444e6
Reviewed-on: https://chromium-review.googlesource.com/443246
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43238}
2017-02-16 09:58:45 +00:00
yangguo
c39123dd53 [debugger] implement inspector-facing API for code coverage.
The inspector uses V8's API handles and should not access
V8 internals. This change makes sure it can use the coverage
data in an encapsulated way.

R=jgruber@chromium.org, kozyatinskiy@chromium.org
BUG=v8:5808

Review-Url: https://codereview.chromium.org/2696163002
Cr-Commit-Position: refs/heads/master@{#43231}
2017-02-16 08:36:12 +00:00
caitp
76ab55e3d3 [async-iteration] add support for for-await-of loops in Async Functions
When --harmony-async-iteration is enabled, it is now possible to
use the for-await-of loop, which uses the Async Iteration protocol
rather than the ordinary ES6 Iteration protocol.

the Async-from-Sync Iterator object is not implemented in this CL,
and so for-await-of loops will abort execution if the iterated object
does not have a Symbol.asyncIterator() method. Async-from-Sync
Iterators are implemented seperately in https://codereview.chromium.org/2645313003/

BUG=v8:5855, v8:4483
R=neis@chromium.org, littledan@chromium.org, adamk@chromium.org

Review-Url: https://codereview.chromium.org/2637403008
Cr-Commit-Position: refs/heads/master@{#43224}
2017-02-15 19:39:06 +00:00
bbudge
717c8f2c76 [HEAP] Remove SIMD 128 bit alignment from heap.
LOG=N
BUG=v8:4124, v8:5948

Review-Url: https://codereview.chromium.org/2694063005
Cr-Commit-Position: refs/heads/master@{#43219}
2017-02-15 15:42:27 +00:00
Michael Starzinger
67d087d577 [turbofan] Handle some arithmetic ops in early lowering.
This handles all arithmetic binary operations except addition during the
early type-hint lowering (i.e. during graph construction). We still use
static type information to potentially further reduce the speculative
operations down to pure operations during the typed lowering phase.

R=bmeurer@chromium.org

Change-Id: I8b93fd7c46ec8e5b81234a49624d503520c3d082
Reviewed-on: https://chromium-review.googlesource.com/443105
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43218}
2017-02-15 15:10:02 +00:00
Igor Sheludko
fdc78d294e [ic] Cleanup vector-based IC clearing.
... and don't clear ICs during GC. The IC clearing used to prevent memory
leaks but it's not necessary anymore because all the handlers that need
to embed objects already use weak cells.

This CL unblocks inlining of IC dispatchers into bytecode handlers.

BUG=v8:5917

Change-Id: I229b9ba8dba44f431dfbe8ac5370d855e3e84dd6
Reviewed-on: https://chromium-review.googlesource.com/442127
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43209}
2017-02-15 13:01:11 +00:00
Michael Starzinger
d0b9062432 [turbofan] Implement early lowering based on type hints.
This allows part of typed lowering that is solely based on type-hints to
run as part of the graph construction. The lowering in question does not
inspect types and hence doesn't require the typer to have run before. We
insert the speculative simplied-level operations in favor of the generic
JavaScript-level variants.

R=bmeurer@chromium.org

Change-Id: I5f0549fc1e4ff607622ee9059e6232a32f77db2e
Reviewed-on: https://chromium-review.googlesource.com/442584
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43208}
2017-02-15 12:18:42 +00:00
ishell@chromium.org
65f0e958f6 [runtime][tests] More *TypeFeedbackVector* -> *FeedbackVector* renamings.
BUG=

Change-Id: I859fef6b18e51cca80343a89e2b6f38eee95d408
Reviewed-on: https://chromium-review.googlesource.com/442428
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43206}
2017-02-15 08:53:51 +00:00
vabr
e3d761d94b ParserBase should accept ESCAPED_STRICT_RESERVED_WORD as an identifier
ParserBase::is_any_identifier currently does not recognise
Token::ESCAPED_STRICT_RESERVED_WORD as an identifier. This seems different
from what ParserBase::ParseIdentifierName does, and also prevents
"l\u0065t", unlike "let", from becoming a label.

This CL extends is_any_identifier to also accept ESCAPED_STRICT_RESERVED_WORD.

BUG=v8:5692

Review-Url: https://codereview.chromium.org/2695973003
Cr-Commit-Position: refs/heads/master@{#43204}
2017-02-15 02:35:12 +00:00
ahaas
2f8ad11f2b [arm64] A shift of 0 is not allowed in ubfx.
R=bmeurer@chromium.org, v8-arm-ports@googlegroups.com
BUG=v8:5951

Review-Url: https://codereview.chromium.org/2685943003
Cr-Original-Commit-Position: refs/heads/master@{#43090}
Committed: c46ccef921
Review-Url: https://codereview.chromium.org/2685943003
Cr-Commit-Position: refs/heads/master@{#43199}
2017-02-14 17:40:51 +00:00
bbudge
deabb19abc Remove SIMD.js from V8.
LOG=Y
BUG=v8:4124,v8:5948
R=bradnelson@chromium.org,bmeurer@chromium.org,jochen@chromium.org,hpayer@chromium.org,danno@chromium.org

Review-Url: https://codereview.chromium.org/2684313003
Cr-Original-Original-Commit-Position: refs/heads/master@{#43162}
Committed: d170c57ab9
Review-Url: https://codereview.chromium.org/2684313003
Cr-Original-Commit-Position: refs/heads/master@{#43169}
Committed: a9b59a11f1
Review-Url: https://codereview.chromium.org/2684313003
Cr-Commit-Position: refs/heads/master@{#43176}
2017-02-14 06:57:25 +00:00
franzih
a386eb4f04 Revert of Remove SIMD.js from V8. (patchset #7 id:120001 of https://codereview.chromium.org/2684313003/ )
Reason for revert:
Breaks Node integration build.

Original issue's description:
> Remove SIMD.js from V8.
>
> LOG=Y
> BUG=v8:4124,v8:5948
> R=bradnelson@chromium.org,bmeurer@chromium.org,jochen@chromium.org,hpayer@chromium.org,danno@chromium.org
>
> Review-Url: https://codereview.chromium.org/2684313003
> Cr-Original-Commit-Position: refs/heads/master@{#43162}
> Committed: d170c57ab9
> Review-Url: https://codereview.chromium.org/2684313003
> Cr-Commit-Position: refs/heads/master@{#43169}
> Committed: a9b59a11f1

TBR=bradnelson@chromium.org,bmeurer@chromium.org,jochen@chromium.org,hpayer@chromium.org,danno@chromium.org,bradnelson@google.com,machenbach@chromium.org,bbudge@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4124,v8:5948

Review-Url: https://codereview.chromium.org/2695653005
Cr-Commit-Position: refs/heads/master@{#43170}
2017-02-13 21:33:46 +00:00
bbudge
a9b59a11f1 Remove SIMD.js from V8.
LOG=Y
BUG=v8:4124,v8:5948
R=bradnelson@chromium.org,bmeurer@chromium.org,jochen@chromium.org,hpayer@chromium.org,danno@chromium.org

Review-Url: https://codereview.chromium.org/2684313003
Cr-Original-Commit-Position: refs/heads/master@{#43162}
Committed: d170c57ab9
Review-Url: https://codereview.chromium.org/2684313003
Cr-Commit-Position: refs/heads/master@{#43169}
2017-02-13 20:43:08 +00:00
bbudge
11f88ef53f [Turbofan] Add more non-arithmetic SIMD operations.
- Renames select, swizzle, and shuffle to be consistent with the S128 and
  existing S32x4 ops, and reflect that these aren't arithmetic.
  e.g. I16x8Swizzle -> S16x8Swizzle.
- Implements S16x8 and S8x16 Select operations and tests.
- Implements S128And, Or, Xor, Not operations and tests.
- Implements Swizzle for 32x4 formats.
- Refactors test macros that generate SIMD code.

TEST=cctest/test-run-wasm-simd/*

LOG=N
BUG=v8:4124

Review-Url: https://codereview.chromium.org/2683713003
Cr-Commit-Position: refs/heads/master@{#43168}
2017-02-13 20:24:43 +00:00
jyan
2dab40ccda s390: use new mul instruction
R=joransiu@ca.ibm.com, bjaideep@ca.ibm.com, danno@chromium.org, bmeurer@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2691893002
Cr-Commit-Position: refs/heads/master@{#43166}
2017-02-13 18:50:35 +00:00
bradnelson
43fc15bb79 Revert of Remove SIMD.js from V8. (patchset #7 id:120001 of https://codereview.chromium.org/2684313003/ )
Reason for revert:
red

Original issue's description:
> Remove SIMD.js from V8.
>
> LOG=Y
> BUG=v8:4124,5948
> R=bradnelson@chromium.org,bmeurer@chromium.org,jochen@chromium.org,hpayer@chromium.org,danno@chromium.org
> (notry since trybots can't patch directory deletes)
> NOTRY=true
>
> Review-Url: https://codereview.chromium.org/2684313003
> Cr-Commit-Position: refs/heads/master@{#43162}
> Committed: d170c57ab9

TBR=bmeurer@chromium.org,jochen@chromium.org,hpayer@chromium.org,danno@chromium.org,bradnelson@google.com,bbudge@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4124,5948

Review-Url: https://codereview.chromium.org/2692933002
Cr-Commit-Position: refs/heads/master@{#43164}
2017-02-13 18:12:14 +00:00
bbudge
d170c57ab9 Remove SIMD.js from V8.
LOG=Y
BUG=v8:4124,5948
R=bradnelson@chromium.org,bmeurer@chromium.org,jochen@chromium.org,hpayer@chromium.org,danno@chromium.org
(notry since trybots can't patch directory deletes)
NOTRY=true

Review-Url: https://codereview.chromium.org/2684313003
Cr-Commit-Position: refs/heads/master@{#43162}
2017-02-13 15:59:22 +00:00
Marja Hölttä
2d9b9faf17 [iwyu, wasm] Remove unallowed includes to objects-inl.h from wasm.
R=mstarzinger@chromium.org
BUG=v8:5294

Change-Id: If2cdb4d38829e69ddd8aecb99c99c3a03050f57c
Reviewed-on: https://chromium-review.googlesource.com/441824
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43158}
2017-02-13 15:05:37 +00:00
Marja Hölttä
8c449e39b5 [parsing/test] Skipping inner funcs: add more (structured tests).
Test both cases where the interesting constructs occur at the
laziness boundary and cases where they occur deeper.

BUG=v8:5501
R=vogelheim@chromium.org

Change-Id: I99e32cb0c829616011bf7d1f389a8d309b54d67e
Reviewed-on: https://chromium-review.googlesource.com/441844
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43157}
2017-02-13 15:04:34 +00:00
Marja Hölttä
d1055c1fbd [iwyu] Remove unallowed include arguments.h -> objects-inl.h
After this, only 2 illegal includes to objects-inl.h remain (some wasm stuff).

R=​mstarzinger@chromium.org
BUG=v8:5294

Change-Id: I18682f42f0d2a7cc29a0a0be76f8e4eea26aafd9
Reviewed-on: https://chromium-review.googlesource.com/441744
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43147}
2017-02-13 10:06:48 +00:00
Leszek Swirski
2bfd8a7cb7 [ignition] Remove handles from bytecode generation
Removes handles from bytecode generation, instead storing
un-internalized AstValues (and other, similar values such as Scopes and
AstRawStrings) in the constant array builder.

This will allow us in the future to generate the bytecode before
internalizing the AST.

BUG=v8:5832

Change-Id: I3b8be8f7329a484eb1e5d12808b001d3475239da
Reviewed-on: https://chromium-review.googlesource.com/439326
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43115}
2017-02-10 17:52:39 +00:00
jarin
36ed494784 Count closures using the feedback vector cell map, specialize if count==1.
This introduces new maps to track whether we have created at most one
closure. If we have created just one closure, Turbofan will
specialize the code to its context.

Review-Url: https://codereview.chromium.org/2680313002
Cr-Commit-Position: refs/heads/master@{#43108}
2017-02-10 15:19:19 +00:00
Marja Hölttä
bfd65a54fa [parser] Skipping inner funcs: produce the same scopes / variables for parameters (part 2).
This CL covers simple ("simple") rest param cases.

BUG=v8:5516
R=vogelheim@chromium.org

Change-Id: I254c2eb81d759eb2ea2a3d5e7c46bcdc2ccef707
Reviewed-on: https://chromium-review.googlesource.com/440984
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43106}
2017-02-10 14:59:59 +00:00
rmcilroy
e8422597a8 Revert of [arm64] A shift of 0 is not allowed in ubfx. (patchset #2 id:20001 of https://codereview.chromium.org/2685943003/ )
Reason for revert:
Reverting due to causing Word64AndWithImmediateWithWord64Sh to fail locally (but not on the bot).

BUG=v8:5956

Original issue's description:
> [arm64] A shift of 0 is not allowed in ubfx.
>
> R=bmeurer@chromium.org, v8-arm-ports@googlegroups.com
> BUG=v8:5951
>
> Review-Url: https://codereview.chromium.org/2685943003
> Cr-Commit-Position: refs/heads/master@{#43090}
> Committed: c46ccef921

TBR=bmeurer@chromium.org,v8-arm-ports@googlegroups.com,martyn.capewell@arm.com,ahaas@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5951

Review-Url: https://codereview.chromium.org/2687373002
Cr-Commit-Position: refs/heads/master@{#43105}
2017-02-10 14:54:25 +00:00
neis
6d1c114c72 [test] Add some more tests for top-level maybe-assigned.
Also make them use the helpers that I introduced recently.

BUG=v8:5636

Review-Url: https://codereview.chromium.org/2684343004
Cr-Commit-Position: refs/heads/master@{#43100}
2017-02-10 13:48:33 +00:00
neis
a450d3aea2 [parsing] Fix maybe-assigned for top-level class declarations.
Move the logic into Scope::DeclareVariable to be more robust.

BUG=v8:5636

Review-Url: https://codereview.chromium.org/2685293003
Cr-Commit-Position: refs/heads/master@{#43098}
2017-02-10 13:24:49 +00:00
ahaas
79570f87a1 [wasm] Do not use setjmp/longjmp in cctests.
The use of setjmp/longjmp makes the cctests in test-run-wasm and
test-run-wasm-64 flaky on Windows, and I think that it is better not
to use it. With this CL I replace it as follows:

Similar to the setjmp/longjmp implementation we still call a C
function when a trap happens. However, instead of calling longjmp in
this C function we just set a flag which indicates that a trap
happened and then return. After we return from the C function we leave
the frame of the current wasm function and return with a RET
instruction. At the end of a test the wasm test runner checks the flag
to see if a trap happened.

Please take a special look at the LeaveFrame function on arm64.

R=titzer@chromium.org, clemensh@chromium.org, v8-arm-ports@googlegroups.com
CC=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2685583003
Cr-Commit-Position: refs/heads/master@{#43095}
2017-02-10 13:11:40 +00:00
ahaas
c46ccef921 [arm64] A shift of 0 is not allowed in ubfx.
R=bmeurer@chromium.org, v8-arm-ports@googlegroups.com
BUG=v8:5951

Review-Url: https://codereview.chromium.org/2685943003
Cr-Commit-Position: refs/heads/master@{#43090}
2017-02-10 10:16:29 +00:00
rmcilroy
1fc93f2e2d [Compiler] Enable use of seperate zones for parsing and compiling.
In order to allow parallel compilation of eager inner functions, we need to
seperate the zone used for parsing (which will be shared between all the
parallel compile jobs) and the zone used for compilation. This CL changes
CompilationInfo to require a zone (which can be different from the zone in
ParseInfo). We then seal the ParseInfo zone after parsing and analysis is done
to prevent any further allocation in that zone, so that it can be shared
(read-only) with the parallel compile jobs.

BUG=v8:5203

Review-Url: https://codereview.chromium.org/2645403002
Cr-Commit-Position: refs/heads/master@{#43089}
2017-02-10 09:55:22 +00:00
Marja Hölttä
82e43bfed8 [parser] Skipping inner funcs: produce the same scopes / variables for parameters (part 1).
This CL covers only the very simple cases.

BUG=v8:5516
R=vogelheim@chromium.org

Change-Id: Ib6ddc90cbcf1c923a7b72493cfd029cfa835462b
Reviewed-on: https://chromium-review.googlesource.com/440246
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43086}
2017-02-10 09:18:40 +00:00
ishell
a4f4c74050 [runtime][ic] Constant field tracking support.
This CL includes runtime and IC parts of the tracking. It is controlled by
compile-time flag FLAG_constant_field_tracking and currently disabled.

Transition from kConst to kMutable still involves map deprecation.

BUG=v8:5495

Review-Url: https://codereview.chromium.org/2598543003
Cr-Commit-Position: refs/heads/master@{#43081}
2017-02-10 08:05:25 +00:00
yukishiino
d014b47fe5 Fixes Object::SetAccessor to return false if the prop is unconfigurable.
http://www.ecma-international.org/ecma-262/7.0/#sec-validateandapplypropertydescriptor
says that [[DefineProperty]] should return false if the property is
already defined and it's unconfigurable (exactly speaking, the condition
in the spec is more complicated, but roughly speaking, it's when the
property is unconfigurable).

BUG=chromium:670651

Review-Url: https://codereview.chromium.org/2680353004
Cr-Commit-Position: refs/heads/master@{#43080}
2017-02-10 05:56:00 +00:00
yangguo
d0d4189dc0 [debugger] implement legacy debug event listeners via debug delegate.
R=jgruber@chromium.org
BUG=v8:5530

Review-Url: https://codereview.chromium.org/2682593003
Cr-Commit-Position: refs/heads/master@{#43059}
2017-02-09 11:31:48 +00:00
Marja Hölttä
e425079b1d [iwyu] Remove include debug.h -> arguments.h
arguments.h is one of the headers including objects-inl.h. Files needing
objects-inl.h used to innocently pull in debug.h, so that needs to be fixed now
too.

BUG=v8:5294
R=mstarzinger@chromium.org

Change-Id: I8ce671c533ed757103ef9a3b0bf0a0509230fdd8
Reviewed-on: https://chromium-review.googlesource.com/439287
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43054}
2017-02-09 09:19:23 +00:00
Marja Hölttä
9b35d8f575 [parsing] Produce same Scopes in Parser and PreParser when the params are not simple.
E.g.,
{ function lazy_inner(b = somevar) { let somevar; } }

If we don't produce the same scopes, PreParser thinks that the unresolved
variable inside the default parameter resolves into the variable declared inside
the function. Thus, it's not correctly recorded as a free variable.

One part is already done by https://codereview.chromium.org/2638333002 . But at
the laziness boundary, we still produced different scopes.

Unlike previously thought, this is also needed for lazy inner function
correctness, not only for "preparser scope analysis" (ie., skipping inner
functions).

BUG=v8:5938

Change-Id: I047cd43ef16478bb0f18d1f114845e7d1ab8c5f2
Reviewed-on: https://chromium-review.googlesource.com/439345
Commit-Queue: Marja Hölttä <marja@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43044}
2017-02-08 17:14:30 +00:00
ahaas
ed6e28d2ad [arm64][turbofan] Fix add+shr for big shift values.
Arm64 compiles "x +_64 (y >> shift)" into a single instruction if
"shift" is a constant. The code generator expects that "shift" is a
32 bit constant. however, TurboFan can also pass in a 64 bit constant,
which caused a crash in the code generator.

With this CL we cast the constant of TurboFan to an int in the
instruction selector and thereby satisfy the assumption of the code
generator. This should be correct since the code generator anyways cast
the "shift" to an int5 or int6 eventually.

R=v8-arm-ports@googlegroups.com
BUG=v8:5923

Review-Url: https://codereview.chromium.org/2669203005
Cr-Commit-Position: refs/heads/master@{#43036}
2017-02-08 11:52:16 +00:00
franzih
0c137304e6 [runtime] Skip vector config for interceptors.
Do not preinitialize the feedback vector slot if
the lookup iterator is an interceptor, because it is not
guaranteed that the iterator has a PropertyCell.

If the HandlerConfiguration has a non-masking
intercepting setter,
the iterator does not have a valid PropertyCell.

BUG=chromium:656648

Review-Url: https://codereview.chromium.org/2674103002
Cr-Commit-Position: refs/heads/master@{#43034}
2017-02-08 11:49:58 +00:00
ishell@chromium.org
0190a00f96 [ic] Rename FeedbackSlotKind values to better reflect reality.
BUG=v8:5917

Change-Id: I9611ace4ba73f18cb90f95f9c81eeb19c74e06f4
Reviewed-on: https://chromium-review.googlesource.com/439327
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43032}
2017-02-08 10:49:58 +00:00
yangguo
c78d7fa1ae Link type feedback vectors to the shared function info.
Previously, both type feedback vector and the shared function info
of a function points to the matching type feedback metadata. This
makes finding the shared function info of a type feedback vector
difficult.

Instead, we now point the type feeback vector to the shared function
info, and find the metadata through the shared function info.

Also remove the obsolete empty type feedback vector.

R=hpayer@chromium.org, mvstanton@chromium.org
BUG=v8:5808

Review-Url: https://codereview.chromium.org/2672363002
Cr-Commit-Position: refs/heads/master@{#43026}
2017-02-08 08:33:33 +00:00
bmeurer
d9c091dd60 [turbofan] Remove for-in support from the AstGraphBuilder.
The AstGraphBuilder is used for asm.js only and for-in is not allowed in
valid asm.js, so we can just disable optimization for asm.js functions
that contain for-in loops. This way we only need to support for-in via
the BytecodeGraphBuilder in TurboFan now, which will make optimizations
way easier.

R=yangguo@chromium.org

Review-Url: https://codereview.chromium.org/2679913004
Cr-Commit-Position: refs/heads/master@{#43024}
2017-02-08 06:41:42 +00:00
raphael.kubo.da.costa
e7b78ac229 Expose more %ArrayPrototype% functions to the public API.
In addition to Array.prototype.values() which is already exposed, Blink
needs access to entries(), forEach() and keys() to properly set the
corresponding functions in value iterators for WebIDL conformance.

Add a few new entries to NATIVE_CONTEXT_IMPORTED_FIELDS and expand
V8_INTRINSICS_LIST, as well as some API tests for all these new exposed
functions.

BUG=chromium:632935
R=caitp@igalia.com,jochen@chromium.org,verwaest@chromium.org,yukishiino@chromium.org

Review-Url: https://codereview.chromium.org/2670833008
Cr-Commit-Position: refs/heads/master@{#43017}
2017-02-07 21:42:06 +00:00
hablich
395dfc073e Reland of land: [Parse] ParseInfo owns the parsing Zone. (patchset #1 id:1 of https://codereview.chromium.org/2683733002/ )
Reason for revert:
False alarm, bot hiccup

Original issue's description:
> Revert of Reland: [Parse] ParseInfo owns the parsing Zone. (patchset #7 id:140001 of https://codereview.chromium.org/2632123006/ )
>
> Reason for revert:
> Speculative revert because of revert needed for https://codereview.chromium.org/2632123006
>
> Original issue's description:
> > Reland: [Parse] ParseInfo owns the parsing Zone.
> >
> > Moves ownership of the parsing Zone to ParseInfo with a shared_ptr. This is
> > in preperation for enabling background compilation jobs for inner functions
> > share the AST in the outer-function's parse zone memory (read-only), with the
> > and zone being released when all compilation jobs have completed.
> >
> > BUG=v8:5203,v8:5215
> >
> > Review-Url: https://codereview.chromium.org/2632123006
> > Cr-Original-Commit-Position: refs/heads/master@{#42993}
> > Committed: 14fb337200
> > Review-Url: https://codereview.chromium.org/2632123006
> > Cr-Commit-Position: refs/heads/master@{#42996}
> > Committed: 9e7d5a6065
>
> TBR=marja@chromium.org,mstarzinger@chromium.org,ahaas@chromium.org,verwaest@chromium.org,rmcilroy@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:5203,v8:5215
>
> Review-Url: https://codereview.chromium.org/2683733002
> Cr-Commit-Position: refs/heads/master@{#43008}
> Committed: 9fe08ec067

TBR=marja@chromium.org,mstarzinger@chromium.org,ahaas@chromium.org,verwaest@chromium.org,rmcilroy@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5203,v8:5215

Review-Url: https://codereview.chromium.org/2679303003
Cr-Commit-Position: refs/heads/master@{#43015}
2017-02-07 20:46:47 +00:00
Michael Hablich
0e129692bd Revert "Revert "[parser/test] Simplify test-preparser/PreParserScopeAnalysis.""
This reverts commit 8ee52241e2.

Reason for revert: False alarm, bot hiccup

Original change's description:
> Revert "[parser/test] Simplify test-preparser/PreParserScopeAnalysis."
> 
> This reverts commit 4d8bde0cd6.
> 
> Reason for revert: needed for this revert: https://codereview.chromium.org/2679263002/
> 
> Original change's description:
> > [parser/test] Simplify test-preparser/PreParserScopeAnalysis.
> > 
> > BUG=v8:5516
> > R=​neis@chromium.org
> > 
> > Change-Id: Iabc8d942ffb8107c5284cc51654792a9e2872d0a
> > Reviewed-on: https://chromium-review.googlesource.com/439325
> > Commit-Queue: Marja Hölttä <marja@chromium.org>
> > Reviewed-by: Georg Neis <neis@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#43001}
> 
> TBR=marja@chromium.org,neis@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:5516
> 
> Change-Id: Ia205be1f43fc447119ccc00b16078a968c7b18d1
> Reviewed-on: https://chromium-review.googlesource.com/439147
> Commit-Queue: Michael Hablich <hablich@chromium.org>
> Reviewed-by: Michael Hablich <hablich@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#43009}

TBR=marja@chromium.org,neis@chromium.org,hablich@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5516

Change-Id: Ie8f9ba2925b6b05a2945a9ce435c4c41205feddd
Reviewed-on: https://chromium-review.googlesource.com/439444
Commit-Queue: Michael Hablich <hablich@chromium.org>
Reviewed-by: Michael Hablich <hablich@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43014}
2017-02-07 20:44:14 +00:00
hablich
5f9c89af70 Reland of [parsing] Fix maybe-assigned for loop variables. (patchset #1 id:1 of https://codereview.chromium.org/2679263002/ )
Reason for revert:
False alarm, bot hiccup

Original issue's description:
> Revert of [parsing] Fix maybe-assigned for loop variables. (patchset #3 id:40001 of https://codereview.chromium.org/2673403003/ )
>
> Reason for revert:
> Speculative revert because of https://codereview.chromium.org/2679163002/.
>
> Original issue's description:
> > [parsing] Fix maybe-assigned for loop variables.
> >
> > Due to hoisting, the value of a 'var'-declared variable may actually change even
> > if the code contains only the "initial" assignment, namely when that assignment
> > occurs inside a loop.  For example:
> >
> >   let i = 10;
> >   do { var x = i } while (i--):
> >
> > As a simple and very conservative approximation of this, we explicitly mark
> > as maybe-assigned any non-lexical variable whose "declaration" does not
> > syntactically occur in the function scope.  (In the example above, it
> > occurs in a block scope.)
> >
> > BUG=v8:5636
> >
> > Review-Url: https://codereview.chromium.org/2673403003
> > Cr-Commit-Position: refs/heads/master@{#42989}
> > Committed: a33fcd663b
>
> TBR=marja@chromium.org,adamk@chromium.org,neis@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:5636
>
> Review-Url: https://codereview.chromium.org/2679263002
> Cr-Commit-Position: refs/heads/master@{#43010}
> Committed: f3ae5ccf57

TBR=marja@chromium.org,adamk@chromium.org,neis@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5636

Review-Url: https://codereview.chromium.org/2686663002
Cr-Commit-Position: refs/heads/master@{#43013}
2017-02-07 20:43:17 +00:00
hablich
96e4f6145b Reland of Thread maybe-assigned through the bytecodes. (patchset #1 id:1 of https://codereview.chromium.org/2680923003/ )
Reason for revert:
False alarm, bot hiccup

Original issue's description:
> Revert of Thread maybe-assigned through the bytecodes. (patchset #5 id:80001 of https://codereview.chromium.org/2655733003/ )
>
> Reason for revert:
> needed for properly reverting f3ae5ccf57
>
> Original issue's description:
> > Thread maybe-assigned through the bytecodes.
> >
> > This introduces LoadImmutableContextSlot and LoadImmutableCurrentContextSlot
> > bytecodes, which are emitted when reading from never-assigned context slot.
> >
> > There is a subtlety here: the slot are not immutable, the meaning is
> > actually undefined-or-hole-or-immutable.
> >
> > Review-Url: https://codereview.chromium.org/2655733003
> > Cr-Commit-Position: refs/heads/master@{#43000}
> > Committed: 17c2dd3886
>
> TBR=rmcilroy@chromium.org,bmeurer@chromium.org,neis@chromium.org,jarin@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
>
> Review-Url: https://codereview.chromium.org/2680923003
> Cr-Commit-Position: refs/heads/master@{#43011}
> Committed: ece4e54a31

TBR=rmcilroy@chromium.org,bmeurer@chromium.org,neis@chromium.org,jarin@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review-Url: https://codereview.chromium.org/2679953003
Cr-Commit-Position: refs/heads/master@{#43012}
2017-02-07 20:42:03 +00:00
hablich
ece4e54a31 Revert of Thread maybe-assigned through the bytecodes. (patchset #5 id:80001 of https://codereview.chromium.org/2655733003/ )
Reason for revert:
needed for properly reverting f3ae5ccf57

Original issue's description:
> Thread maybe-assigned through the bytecodes.
>
> This introduces LoadImmutableContextSlot and LoadImmutableCurrentContextSlot
> bytecodes, which are emitted when reading from never-assigned context slot.
>
> There is a subtlety here: the slot are not immutable, the meaning is
> actually undefined-or-hole-or-immutable.
>
> Review-Url: https://codereview.chromium.org/2655733003
> Cr-Commit-Position: refs/heads/master@{#43000}
> Committed: 17c2dd3886

TBR=rmcilroy@chromium.org,bmeurer@chromium.org,neis@chromium.org,jarin@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review-Url: https://codereview.chromium.org/2680923003
Cr-Commit-Position: refs/heads/master@{#43011}
2017-02-07 20:19:24 +00:00
hablich
f3ae5ccf57 Revert of [parsing] Fix maybe-assigned for loop variables. (patchset #3 id:40001 of https://codereview.chromium.org/2673403003/ )
Reason for revert:
Speculative revert because of https://codereview.chromium.org/2679163002/.

Original issue's description:
> [parsing] Fix maybe-assigned for loop variables.
>
> Due to hoisting, the value of a 'var'-declared variable may actually change even
> if the code contains only the "initial" assignment, namely when that assignment
> occurs inside a loop.  For example:
>
>   let i = 10;
>   do { var x = i } while (i--):
>
> As a simple and very conservative approximation of this, we explicitly mark
> as maybe-assigned any non-lexical variable whose "declaration" does not
> syntactically occur in the function scope.  (In the example above, it
> occurs in a block scope.)
>
> BUG=v8:5636
>
> Review-Url: https://codereview.chromium.org/2673403003
> Cr-Commit-Position: refs/heads/master@{#42989}
> Committed: a33fcd663b

TBR=marja@chromium.org,adamk@chromium.org,neis@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5636

Review-Url: https://codereview.chromium.org/2679263002
Cr-Commit-Position: refs/heads/master@{#43010}
2017-02-07 19:40:24 +00:00
Michael Hablich
8ee52241e2 Revert "[parser/test] Simplify test-preparser/PreParserScopeAnalysis."
This reverts commit 4d8bde0cd6.

Reason for revert: needed for this revert: https://codereview.chromium.org/2679263002/

Original change's description:
> [parser/test] Simplify test-preparser/PreParserScopeAnalysis.
> 
> BUG=v8:5516
> R=​neis@chromium.org
> 
> Change-Id: Iabc8d942ffb8107c5284cc51654792a9e2872d0a
> Reviewed-on: https://chromium-review.googlesource.com/439325
> Commit-Queue: Marja Hölttä <marja@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#43001}

TBR=marja@chromium.org,neis@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5516

Change-Id: Ia205be1f43fc447119ccc00b16078a968c7b18d1
Reviewed-on: https://chromium-review.googlesource.com/439147
Commit-Queue: Michael Hablich <hablich@chromium.org>
Reviewed-by: Michael Hablich <hablich@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43009}
2017-02-07 19:38:56 +00:00
hablich
9fe08ec067 Revert of Reland: [Parse] ParseInfo owns the parsing Zone. (patchset #7 id:140001 of https://codereview.chromium.org/2632123006/ )
Reason for revert:
Speculative revert because of revert needed for https://codereview.chromium.org/2632123006

Original issue's description:
> Reland: [Parse] ParseInfo owns the parsing Zone.
>
> Moves ownership of the parsing Zone to ParseInfo with a shared_ptr. This is
> in preperation for enabling background compilation jobs for inner functions
> share the AST in the outer-function's parse zone memory (read-only), with the
> and zone being released when all compilation jobs have completed.
>
> BUG=v8:5203,v8:5215
>
> Review-Url: https://codereview.chromium.org/2632123006
> Cr-Original-Commit-Position: refs/heads/master@{#42993}
> Committed: 14fb337200
> Review-Url: https://codereview.chromium.org/2632123006
> Cr-Commit-Position: refs/heads/master@{#42996}
> Committed: 9e7d5a6065

TBR=marja@chromium.org,mstarzinger@chromium.org,ahaas@chromium.org,verwaest@chromium.org,rmcilroy@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5203,v8:5215

Review-Url: https://codereview.chromium.org/2683733002
Cr-Commit-Position: refs/heads/master@{#43008}
2017-02-07 19:35:56 +00:00
bbudge
04568c5216 [Turbofan] Add more integer SIMD operations for ARM.
- Adds logical and arithmetic shifts for all integer types.
- Adds min and max for all integer types.
- Adds saturating add and subtract for small integer types.
- Removes lane operations from the MachineOperatorCache.

LOG=N
BUG=v8:4124

Review-Url: https://codereview.chromium.org/2668013003
Cr-Commit-Position: refs/heads/master@{#43005}
2017-02-07 17:33:37 +00:00
ishell@chromium.org
878a3df75e Rename FeedbackVectorSlot[Kind] -> FeedbackSlot[Kind].
BUG=

Change-Id: I31b8da09f4728d55c2da91966edcad49528b554b
Reviewed-on: https://chromium-review.googlesource.com/439146
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43003}
2017-02-07 16:38:47 +00:00
Marja Hölttä
4d8bde0cd6 [parser/test] Simplify test-preparser/PreParserScopeAnalysis.
BUG=v8:5516
R=neis@chromium.org

Change-Id: Iabc8d942ffb8107c5284cc51654792a9e2872d0a
Reviewed-on: https://chromium-review.googlesource.com/439325
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43001}
2017-02-07 15:37:46 +00:00
jarin
17c2dd3886 Thread maybe-assigned through the bytecodes.
This introduces LoadImmutableContextSlot and LoadImmutableCurrentContextSlot
bytecodes, which are emitted when reading from never-assigned context slot.

There is a subtlety here: the slot are not immutable, the meaning is
actually undefined-or-hole-or-immutable.

Review-Url: https://codereview.chromium.org/2655733003
Cr-Commit-Position: refs/heads/master@{#43000}
2017-02-07 14:54:22 +00:00
ishell@chromium.org
32971301ea Rename TypeFeedbackVector to FeedbackVector.
... and TypeFeedbackMetadata to FeedbackMetadata.

BUG=

Change-Id: I2556d1c2a8f37b8cf3d532cc98d973b6dc7e9e6c
Reviewed-on: https://chromium-review.googlesource.com/439244
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#42999}
2017-02-07 14:46:36 +00:00
franzih
3df821c24e [test] Make CHECK_EQ calls in cctest consistent.
Cleanup CHECK_EQ order and simplify CHECK_EQ(true/false).
Cleanup callorder for negative numbers
Cleanup callorder order for capital letter constants.
Cleanup callorder for test.x checks.

BUG=

Review-Url: https://codereview.chromium.org/2677183002
Cr-Commit-Position: refs/heads/master@{#42997}
2017-02-07 14:20:02 +00:00
rmcilroy
9e7d5a6065 Reland: [Parse] ParseInfo owns the parsing Zone.
Moves ownership of the parsing Zone to ParseInfo with a shared_ptr. This is
in preperation for enabling background compilation jobs for inner functions
share the AST in the outer-function's parse zone memory (read-only), with the
and zone being released when all compilation jobs have completed.

BUG=v8:5203,v8:5215

Review-Url: https://codereview.chromium.org/2632123006
Cr-Original-Commit-Position: refs/heads/master@{#42993}
Committed: 14fb337200
Review-Url: https://codereview.chromium.org/2632123006
Cr-Commit-Position: refs/heads/master@{#42996}
2017-02-07 14:04:43 +00:00
jochen
8f4c4233dc Revert of Reland: [Parse] ParseInfo owns the parsing Zone. (patchset #6 id:120001 of https://codereview.chromium.org/2632123006/ )
Reason for revert:
doesn't compile on ToT

Original issue's description:
> Reland: [Parse] ParseInfo owns the parsing Zone.
>
> Moves ownership of the parsing Zone to ParseInfo with a shared_ptr. This is
> in preperation for enabling background compilation jobs for inner functions
> share the AST in the outer-function's parse zone memory (read-only), with the
> and zone being released when all compilation jobs have completed.
>
> BUG=v8:5203,v8:5215
>
> Review-Url: https://codereview.chromium.org/2632123006
> Cr-Commit-Position: refs/heads/master@{#42993}
> Committed: 14fb337200

TBR=marja@chromium.org,mstarzinger@chromium.org,ahaas@chromium.org,verwaest@chromium.org,rmcilroy@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5203,v8:5215

Review-Url: https://codereview.chromium.org/2685543003
Cr-Commit-Position: refs/heads/master@{#42994}
2017-02-07 13:02:48 +00:00
rmcilroy
14fb337200 Reland: [Parse] ParseInfo owns the parsing Zone.
Moves ownership of the parsing Zone to ParseInfo with a shared_ptr. This is
in preperation for enabling background compilation jobs for inner functions
share the AST in the outer-function's parse zone memory (read-only), with the
and zone being released when all compilation jobs have completed.

BUG=v8:5203,v8:5215

Review-Url: https://codereview.chromium.org/2632123006
Cr-Commit-Position: refs/heads/master@{#42993}
2017-02-07 12:34:53 +00:00
neis
a33fcd663b [parsing] Fix maybe-assigned for loop variables.
Due to hoisting, the value of a 'var'-declared variable may actually change even
if the code contains only the "initial" assignment, namely when that assignment
occurs inside a loop.  For example:

  let i = 10;
  do { var x = i } while (i--):

As a simple and very conservative approximation of this, we explicitly mark
as maybe-assigned any non-lexical variable whose "declaration" does not
syntactically occur in the function scope.  (In the example above, it
occurs in a block scope.)

BUG=v8:5636

Review-Url: https://codereview.chromium.org/2673403003
Cr-Commit-Position: refs/heads/master@{#42989}
2017-02-07 11:45:09 +00:00
marja
009e8b11e2 [parser/test] Move cctest/PreParserScopeAnalysis into a new file.
BUG=v8:5516
R=vogelheim@chromium.org

Review-Url: https://codereview.chromium.org/2683573002
Cr-Commit-Position: refs/heads/master@{#42986}
2017-02-07 10:11:01 +00:00
marja
44a381ad99 [parser] Skipping inner funcs: produce the same scopes / variables for this expressions.
BUG=v8:5516
R=vogelheim@chromium.org

Review-Url: https://codereview.chromium.org/2683563002
Cr-Commit-Position: refs/heads/master@{#42983}
2017-02-07 09:14:54 +00:00
ishell
ef4e2ab7bd [ic] Encode LoadGlobalIC's typeof mode in slot kind instead of code object's flags.
BUG=v8:5917

Review-Url: https://codereview.chromium.org/2673383002
Cr-Commit-Position: refs/heads/master@{#42982}
2017-02-07 09:03:16 +00:00
franzih
a495fc92da [test] Cleanup CHECK_EQ order.
Keep the order in CHECK_EQ calls consistent as
(expected, actual).

Simplify CHECK_EQ(true, expected) to CHECK(expected) and
CHECK_EQ(false, expected) to CHECK(!expected).

BUG=

Review-Url: https://codereview.chromium.org/2677133002
Cr-Commit-Position: refs/heads/master@{#42964}
2017-02-06 12:51:53 +00:00
marja
01c2b45560 [parser] Skipping inner funcs: produce the same scopes / variables for loops.
BUG=v8:5516
R=vogelheim@chromium.org

Review-Url: https://codereview.chromium.org/2673313003
Cr-Commit-Position: refs/heads/master@{#42957}
2017-02-06 10:40:00 +00:00
mvstanton
aea3ce3df3 [TypeFeedbackVector] Root feedback vectors at function literal site.
TypeFeedbackVectors are strongly rooted by a closure. However, in modern
JavaScript closures are created and abandoned more freely. An important
closure may not be present in the root-set at time of garbage collection,
even though we've cached optimized code and use it regularly. For
example, consider leaf functions in an event dispatching system. They may
well be "hot," but tragically non-present when we collect the heap.

Until now, we've relied on a weak root to cache the feedback vector in
this case. Since there is no way to signal intent or relative importance,
this weak root is as susceptible to clearing as any other weak root at
garbage collection time.

Meanwhile, the feedback vector has become more important. All of our
ICs store their data there. Literal and regex boilerplates are stored there.
If we lose the vector, then we not only lose optimized code built from
it, we also lose the very feedback which allowed us to create that optimized
code. Therefore it's vital to express that dependency through the root
set.

This CL does this by creating a strong link to a feedback
vector at the instantiation site of the function closure.
This instantiation site is in the code and feedback vector
of the outer closure.

BUG=v8:5456

Review-Url: https://codereview.chromium.org/2674593003
Cr-Commit-Position: refs/heads/master@{#42953}
2017-02-06 10:18:05 +00:00
Michael Achenbach
f3aa32d971 [test] Skip flaky cpu-profiler tests.
BUG=v8:5193
NOTRY=true
TBR=alph@chromium.org,yangguo@chromium.org

Change-Id: I9740f4504c855d9526c7b6b446965996f7c50c0c
Reviewed-on: https://chromium-review.googlesource.com/438344
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Hablich <hablich@chromium.org>
Cr-Commit-Position: refs/heads/master@{#42952}
2017-02-06 10:15:37 +00:00
ishell
52555c86b7 [ic] Encode [Keyed]StoreIC's language mode in slot kind instead of code object's flags.
BUG=v8:5917

Review-Url: https://codereview.chromium.org/2676583002
Cr-Commit-Position: refs/heads/master@{#42949}
2017-02-06 09:31:52 +00:00
kozyatinskiy
7c79736019 Revert of [debugger] remove debugger statement support from FCG/CS. (patchset #5 id:80001 of https://codereview.chromium.org/2650193002/ )
Reason for revert:
Fails on chromium leak bot:
https://uberchromegw.corp.google.com/i/chromium.webkit/builders/WebKit%20Linux%20Trusty%20Leak/builds/2007

Original issue's description:
> [debugger] remove debugger statement support from FCG/CS.
>
>
> R=mstarzinger@chromium.org
>
> Review-Url: https://codereview.chromium.org/2650193002
> Cr-Commit-Position: refs/heads/master@{#42892}
> Committed: eef855a1dc

TBR=mstarzinger@chromium.org,yangguo@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.

Review-Url: https://codereview.chromium.org/2672823007
Cr-Commit-Position: refs/heads/master@{#42942}
2017-02-04 18:11:10 +00:00
franzih
29e8d49f56 [runtime] Fix use of attributes if intercepted.
The property details of a LookupIterator are not accessible,
if the iterator state is interceptor. Instead, use the
property attributes.

Fixes a crash in Node.js tests in Debug mode, see
c2c6ae52ea

BUG=

Review-Url: https://codereview.chromium.org/2675993002
Cr-Commit-Position: refs/heads/master@{#42941}
2017-02-04 16:30:05 +00:00
ahaas
ac187c0323 [wasm] Refactor the non-determinism detection in the interpreter.
Apparently it happens quite easily that different NaNs are produced in
the interpreter than in the execution of the compiled code. This
non-determinism caused problems for the fuzzer which compares the
equality of the results of the interpreter and the compiled code.

I decided therefore to refactor the detection of non-determinism in the
interpreter. Instead of tracking whether potentially non-deterministic
NaNs were produced, I track now whether potentially non-deterministic
NaNs could have been observed. The only way the NaN non-determinism can
be observed is by observing the non-deterministic bit pattern of the
NaN. AFAICT the only way to observe the bit pattern is with a
I(32|64)_REINTERPRET_F(32|64) instruction or with a F(32|64)_STORE
followed by a load. Therefore I flag an execution as potentially
non-deterministic when either a NaN is reinterpreted to an int, or when
a NaN is stored to memory.

R=titzer@chromium.org, eholk@chromium.org
BUG=682180

Review-Url: https://codereview.chromium.org/2671803002
Cr-Commit-Position: refs/heads/master@{#42917}
2017-02-03 09:51:04 +00:00
marja
dec6112752 [parser] Skipping inner funcs: produce the same scopes / variables for sloppy block funcs.
BUG=v8:5516
R=vogelheim@chromium.org

Review-Url: https://codereview.chromium.org/2670633003
Cr-Commit-Position: refs/heads/master@{#42913}
2017-02-03 08:16:07 +00:00
marja
b04d1d0ec6 [parser] Skipping inner funcs: produce the same scopes / variables for (some) loops.
Turns out is_hidden is not the right condition for "scope should be present in
the preparse data". For now, replaced it with "is hidden leaf scope" (i.e.,
doesn't contain any non-hidden scopes). That's probably not the right condition
either; will be fixed once there's more data to decide what the right condition
is.

BUG=v8:5516
R=vogelheim@chromium.org

Review-Url: https://codereview.chromium.org/2669163002
Cr-Commit-Position: refs/heads/master@{#42909}
2017-02-03 07:14:48 +00:00
titzer
a9b8a56758 [wasm] Implement polymorphic checking, matching the reference interpreter.
R=rossberg@chromium.org, bradnelson@chromium.org
BUG=chromium:682659

Review-Url: https://codereview.chromium.org/2670673002
Cr-Commit-Position: refs/heads/master@{#42904}
2017-02-02 23:06:21 +00:00
yangguo
8ae463d736 [debugger] remove mirror cache and v8::Debug::GetMirror.
R=jgruber@chromium.org
BUG=v8:5530

Review-Url: https://codereview.chromium.org/2670823002
Cr-Commit-Position: refs/heads/master@{#42893}
2017-02-02 14:22:15 +00:00
yangguo
eef855a1dc [debugger] remove debugger statement support from FCG/CS.
R=mstarzinger@chromium.org

Review-Url: https://codereview.chromium.org/2650193002
Cr-Commit-Position: refs/heads/master@{#42892}
2017-02-02 14:21:03 +00:00
bmeurer
2baea747de [stubs] Remove obsolete CALL_IC code kind.
We don't need Code::CALL_IC for anything now that the CallICStub is
migrated and no longer hooks into the traditional IC system.

R=yangguo@chromium.org
BUG=v8:5049

Review-Url: https://codereview.chromium.org/2669193002
Cr-Commit-Position: refs/heads/master@{#42890}
2017-02-02 13:33:26 +00:00
yangguo
c126d604c9 Skip crashing test on win64.
R=machenbach@chromium.org
BUG=v8:5920
NOTRY=true

Review-Url: https://codereview.chromium.org/2671713002
Cr-Commit-Position: refs/heads/master@{#42888}
2017-02-02 13:16:24 +00:00
yangguo
318b78d43c Add test to check for initial objects.
R=jgruber@chromium.org

Review-Url: https://codereview.chromium.org/2671703002
Cr-Commit-Position: refs/heads/master@{#42886}
2017-02-02 12:38:51 +00:00
yangguo
d9399cc36b [debugger] account for inlined functions when stepping.
- Remove obsolete BreakLocatorType.
- Perform PrepareStepOnThrow after OnException event, in case stepping
  was scheduled in the exception event.
- Use frame count instead of frame pointer for stepping. Frame pointer
  is not reliable due to possible deopts.
- Consistently check for inlined functions in inlined frames.
- Use SharedFunctionInfo in FloodWithOneshot and EnsureDebugInfo.

R=jgruber@chromium.org
BUG=v8:5901

Review-Url: https://codereview.chromium.org/2664793002
Cr-Commit-Position: refs/heads/master@{#42878}
2017-02-02 07:31:09 +00:00
bbudge
b7df78f363 [ARM] Add Neon saturating add and subtract instructions.
- Adds vqadd.s/u, vqsub.s/u for all integer lane sizes.
- Refactors disassembler and simulator, using switches instead
of long if-else chains.

LOG=N
BUG=v8:4124

Review-Url: https://codereview.chromium.org/2649323012
Cr-Commit-Position: refs/heads/master@{#42865}
2017-02-01 18:56:28 +00:00
ishell
93f181b6b9 [ic] Introduce IsXyzIC() predicates.
This is a step towards encoding all the necessary information in
the feedback slot kind instead of storing it in the IC dispatcher's
code object flags.

BUG=v8:5849, v8:5917

Review-Url: https://codereview.chromium.org/2662113005
Cr-Commit-Position: refs/heads/master@{#42859}
2017-02-01 16:22:03 +00:00
ahaas
3b2301650e [wasm] Do float constant folding if the origin is not wasm
I removed some constant folding optimizations for float instruction in
https://codereview.chromium.org/2647353007 because they were incorrect
if the input was a signalling NaN. Removing these optimizations, however
had an unexpectedly big impact on asm.js performance. With this CL I
restore the optimizations again when the source origin is not wasm. In
JavaScript signalling NaNs are not observable and therefore the
optimizations are correct.

R=titzer@chromium.org
BUG=chromium:686654

Review-Url: https://codereview.chromium.org/2666903002
Cr-Commit-Position: refs/heads/master@{#42850}
2017-02-01 11:51:59 +00:00
jgruber
c67dc7e243 Store correct String.prototype map on the context
The String.prototype was altered after snapshot time (during
experimental natives setup), invalidating the stored map used for
fast-path checks.

BUG=

Review-Url: https://codereview.chromium.org/2663303003
Cr-Commit-Position: refs/heads/master@{#42842}
2017-02-01 09:29:50 +00:00
petermarshall
a7ba61fdb5 [Ignition] Rename New and NewWithSpread bytecodes.
Rename to Construct and ConstructWithSpread, to match the names of
the JSOperators used.

Unfortunately, I can't find a way for auto-formatting to stay happy unless we
change the indentation for the whole BYTECODE_LIST macro.

Review-Url: https://codereview.chromium.org/2663963003
Cr-Commit-Position: refs/heads/master@{#42840}
2017-02-01 09:04:04 +00:00
jgruber
0c3a507b3a [heap] Fix GrowAndShrinkNewSpace heap test
BUG=

Review-Url: https://codereview.chromium.org/2659573002
Cr-Commit-Position: refs/heads/master@{#42837}
2017-02-01 08:20:31 +00:00