Commit Graph

28861 Commits

Author SHA1 Message Date
adamk
65b23ac721 [cleanup] Move ForEach vector feedback slots to ForInStatement
The "each" slot is only actually used by ForIn, so this simply cleans
up a TODO of mine and removes an IsForOfStatement() call.

Review URL: https://codereview.chromium.org/1742013002

Cr-Commit-Position: refs/heads/master@{#34369}
2016-02-29 19:10:09 +00:00
titzer
c5b2f1536b [wasm] Add support and unittests for decoding signed LEB128.
R=bradnelson@chromium.org,ahaas@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1746653002

Cr-Commit-Position: refs/heads/master@{#34368}
2016-02-29 18:42:26 +00:00
shenhan
2b29b63031 OS::ArmUsingHardFloat returns bogus value for clang-built chrome.
This caused a runtime crash for Chrome built with clang on all
ChromeOs
arm32 platforms - ChromeOs chrome is using hardfp while this routine
returns false.

The fix is straightforward.

BUG=chromium:586219
TEST=built arm32 hardfp using clang and passed all tests.
LOG=N

Review URL: https://codereview.chromium.org/1733863002

Cr-Commit-Position: refs/heads/master@{#34367}
2016-02-29 18:30:22 +00:00
neis
a40d5d544d Remove [[Enumerate]] leftovers.
R=littledan@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1746713002

Cr-Commit-Position: refs/heads/master@{#34366}
2016-02-29 17:02:50 +00:00
danno
f1d49ca3f2 [turbofan] Ensure that JS -> WASM calls align the csp on arm64
This is done by ensuring that the Arm64ClaimCSP instruction calls
AlignAndSetCSPForFrame when it's generated when the StackPointer() is set to
jssp.

LOG=N

Review URL: https://codereview.chromium.org/1746053002

Cr-Commit-Position: refs/heads/master@{#34365}
2016-02-29 16:52:36 +00:00
cbruni
b00386f97c [js-perf-test] Adding micro benchmarks for for-in and keys patterns.
In order to track certain critical code-patters we will start adding
micro-benchmarks that reflect common requests on http://jsperf.com.
In this first CL a number of property enumeration methods are added,
in the hope to get a clearer picture on future regressions.

BUG=

Review URL: https://codereview.chromium.org/1702613002

Cr-Commit-Position: refs/heads/master@{#34364}
2016-02-29 14:55:50 +00:00
mtrofin
f8eb4e6952 [turbofan] More "auto" keyword cleanup
BUG=

Review URL: https://codereview.chromium.org/1738973002

Cr-Commit-Position: refs/heads/master@{#34363}
2016-02-29 14:29:43 +00:00
verwaest
dd6f62e6ce [runtime] inline fast-path ToName, ToUint32 (used by ToArrayIndex)
This speeds up hasOwnProperty 5-10%

BUG=

Review URL: https://codereview.chromium.org/1745013002

Cr-Commit-Position: refs/heads/master@{#34362}
2016-02-29 13:20:03 +00:00
bmeurer
d1df58e8d7 [stubs] Introduce a proper ToBooleanStub.
Rename the existing (patching) ToBooleanStub to ToBooleanICStub to match
our naming convention, and add a new TurboFan-powered ToBooleanStub,
which just does the ToBoolean conversion without any runtime call or
code patching, so we can use it for Ignition (and TurboFan).

Drive-by-fix: Add an Oddball::to_boolean field similar to the ones we
already have for to_string and to_number, so we don't need to actually
dispatch on the concrete Oddball at all.

R=epertoso@chromium.org, rmcilroy@chromium.org, yangguo@chromium.org

Review URL: https://codereview.chromium.org/1744163002

Cr-Commit-Position: refs/heads/master@{#34361}
2016-02-29 12:17:26 +00:00
verwaest
4d659edfcd Disable flaky SampleWhenFrameIsNotSetup
BUG=v8:2999, v8:4751
LOG=n

Review URL: https://codereview.chromium.org/1745023002

Cr-Commit-Position: refs/heads/master@{#34360}
2016-02-29 12:14:17 +00:00
verwaest
437616e335 [crankshaft] Check checked_function->ActualValue() in BuildWrapReceiver
Given that an additional map-check is inserted for function, we need to
check the underlying value.

BUG=

Review URL: https://codereview.chromium.org/1747753003

Cr-Commit-Position: refs/heads/master@{#34359}
2016-02-29 11:33:41 +00:00
bmeurer
c268aea4fb [turbofan] Unship try-catch.
R=jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1748613002

Cr-Commit-Position: refs/heads/master@{#34358}
2016-02-29 11:10:43 +00:00
jochen
e8c914f18f [api] Assume that v8/include is in the include path for all public headers
Probably easier to use for embedders.

BUG=
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/1749663002

Cr-Commit-Position: refs/heads/master@{#34357}
2016-02-29 11:03:02 +00:00
verwaest
d5cb0ce4e9 Move hasOwnProperty to builtins.cc
This gets rid of the JavaScript wrapper. That way we can more quickly handle non-JSReceivers and indexed properties; and don't need to optimize the JavaScript wrapper either.

BUG=

Review URL: https://codereview.chromium.org/1742283002

Cr-Commit-Position: refs/heads/master@{#34356}
2016-02-29 10:55:35 +00:00
baptiste.afsa
c7339e6ee4 [arm64] Make sure that memory allocated for assembler tests is executable.
Fix some crashes when tests are run on real hardware.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1748603002

Cr-Commit-Position: refs/heads/master@{#34355}
2016-02-29 10:52:34 +00:00
baptiste.afsa
27a75f7ad0 [arm64] Prevent the compiler to use fmadd/fmsub while compiling cctest.
This ensures that the generated code output will match the reference code output
and fixes some failures when running tests natively.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1744493003

Cr-Commit-Position: refs/heads/master@{#34354}
2016-02-29 09:16:14 +00:00
zhengxing.li
e99ad69147 X87: [crankshaft] [ia32] Remove dynamic frame alignment optimization.
port fcb83f2015afe63449f7ab070558e0c7f2accb47(r34273)

  original commit message:
  This optimization does not give us much (see perf try bot results associated with this CL) but complicates things a lot. The main motivation is to avoid additional complexity in tail call optim

  There are some pieces left in the deoptimizer, but I'll address this in a separate CL.

BUG=

Review URL: https://codereview.chromium.org/1750433002

Cr-Commit-Position: refs/heads/master@{#34353}
2016-02-29 03:36:23 +00:00
zhengxing.li
2aa5341050 X87: [runtime] Unify comparison operator runtime entries.
port 55b4df7357557eb16377ad9227e4e0a4224b7885(r34303)

  original commit message:
  Only use one set of %StrictEquals/%StrictNotEquals and
  %Equals/%NotEquals runtime entries for both the interpreter
  and the old-style CompareICStub. The long-term plan is to
  update the CompareICStub to also return boolean values, and
  even allow some more code sharing with the interpreter there.

BUG=

Review URL: https://codereview.chromium.org/1743123002

Cr-Commit-Position: refs/heads/master@{#34352}
2016-02-29 03:30:23 +00:00
titzer
008888c8cb [wasm] Allocate WasmModule and WasmModuleInstance vectors inline.
R=bradnelson@chromium.org,ahaas@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1745863002

Cr-Commit-Position: refs/heads/master@{#34351}
2016-02-28 19:05:42 +00:00
titzer
91802542d5 [wasm] Rename ExprBoolNot to ExprI32Eqz.
R=bradnelson@chromium.org, binji@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1741393002

Cr-Commit-Position: refs/heads/master@{#34350}
2016-02-28 19:02:24 +00:00
machenbach
9c6f024d38 [release] Wait longer when tagging releases.
This is just a band-aid workaround.

TBR=hablich@chromium.org
NOTRY=true

Review URL: https://codereview.chromium.org/1747723002

Cr-Commit-Position: refs/heads/master@{#34349}
2016-02-28 12:31:56 +00:00
machenbach
6fcf83a1a3 [Swarming] Correctly handle test262 archiving for local checkouts.
BUG=chromium:535160,v8:4792
LOG=n
TBR=tandrii@chromium.org, jkummerow@chromium.org

Review URL: https://codereview.chromium.org/1741383002

Cr-Commit-Position: refs/heads/master@{#34348}
2016-02-28 12:27:26 +00:00
hablich
020dbfe432 [Release] Update V8 version to 5.1
TBR=machenbach@chromium.org
NOTRY=true

Review URL: https://codereview.chromium.org/1744823002

Cr-Commit-Position: refs/heads/master@{#34347}
2016-02-28 00:55:04 +00:00
titzer
06241221a6 [wasm] Add a magic word and a version number to the binary.
R=binji@chromium.org,jfb@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1740373002

Cr-Commit-Position: refs/heads/master@{#34346}
2016-02-28 00:37:29 +00:00
titzer
8344687c76 [wasm] Properly plumb the origin of the WASM module from asm.js translation.
R=bradnelson@chromium.org,aseemgarg@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1742073002

Cr-Commit-Position: refs/heads/master@{#34345}
2016-02-27 20:40:06 +00:00
bmeurer
fb59ea3334 [compiler] Drop the CompareNilIC.
Since both null and undefined are also marked as undetectable now, we
can just test that bit instead of having the CompareNilIC try to collect
feedback to speed up the general case (without the undetectable bit
being used).

Drive-by-fix: Update the type system to match the new handling of
undetectable in the runtime.

R=danno@chromium.org

Committed: https://crrev.com/666aec0348c8793e61c8633dee7ad29a514239ba
Cr-Commit-Position: refs/heads/master@{#34237}

Review URL: https://codereview.chromium.org/1722193002

Cr-Commit-Position: refs/heads/master@{#34344}
2016-02-27 19:13:46 +00:00
v8-autoroll
8401e94892 Update V8 DEPS.
Rolling v8/tools/clang to e67c4fe288f02e1d208961b757ff78d5b3e51782

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review URL: https://codereview.chromium.org/1744783002

Cr-Commit-Position: refs/heads/master@{#34343}
2016-02-27 04:18:38 +00:00
titzer
d035d6172a [wasm] Add an export table.
R=binji@chromium.org,jfb@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1744713003

Cr-Commit-Position: refs/heads/master@{#34342}
2016-02-27 01:54:30 +00:00
mbrandy
c1507e1587 PPC: [turbofan] Don't use the CompareIC in JSGenericLowering.
Port d00da47b61

Original commit message:
    The CompareICStub produces an untagged raw word value, which has to be
    translated to true or false manually in the TurboFan code. But for lazy
    bailout after the CompareIC, we immediately go back to fullcodegen or
    Ignition with the raw value, to a location where both fullcodegen and
    Ignition expect a boolean value, which might crash or in the worst case
    (depending on the exact computation inside the CompareIC) could lead to
    arbitrary memory access.

    Short-term fix is to use the proper runtime functions (unified with the
    interpreter now) for comparisons. Next task is to provide optimized
    versions of these based on the CodeStubAssembler, which can then be used
    via code stubs in TurboFan or directly in handlers in the interpreter.

R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=v8:4788
LOG=n

Review URL: https://codereview.chromium.org/1745643002

Cr-Commit-Position: refs/heads/master@{#34341}
2016-02-26 22:14:58 +00:00
mbrandy
76b6615947 Revert of PPC: [compiler] Drop the CompareNilIC. (patchset #1 id:1 of https://codereview.chromium.org/1733663003/ )
Reason for revert:
Original commit reverted.

Original issue's description:
> PPC: [compiler] Drop the CompareNilIC.
>
> Port 666aec0348
>
> Original commit message:
>     Since both null and undefined are also marked as undetectable now, we
>     can just test that bit instead of having the CompareNilIC try to collect
>     feedback to speed up the general case (without the undetectable bit
>     being used).
>
>     Drive-by-fix: Update the type system to match the new handling of
>     undetectable in the runtime.
>
> R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
> BUG=
>
> Committed: https://crrev.com/546ea6b8393a894f07597ade5ec1c7db02c1e425
> Cr-Commit-Position: refs/heads/master@{#34266}

TBR=bmeurer@chromium.org,joransiu@ca.ibm.com,jyan@ca.ibm.com,michael_dawson@ca.ibm.com
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=

Review URL: https://codereview.chromium.org/1736253003

Cr-Commit-Position: refs/heads/master@{#34340}
2016-02-26 21:46:17 +00:00
littledan
92ed0853b9 Fix strict mode function error message
ES2015 allows strict mode block scoped function declarations; weaken
the error message about misuse to allow this.

BUG=v8:2198
LOG=Y
R=adamk

Review URL: https://codereview.chromium.org/1741903002

Cr-Commit-Position: refs/heads/master@{#34339}
2016-02-26 20:12:53 +00:00
littledan
abe61bdeac Reland of Test262 roll, 2016-2-23 (patchset #1 id:1 of https://codereview.chromium.org/1736223002/ )
Reason for revert:
Intl change relanded https://codereview.chromium.org/1745483002/

Original issue's description:
> Revert of Test262 roll, 2016-2-23 (patchset #2 id:20001 of https://codereview.chromium.org/1738033002/ )
>
> Reason for revert:
> An Intl change that this depends on breaks a bot
>
> Original issue's description:
> > Test262 roll, 2016-2-23
> >
> > R=adamk
> >
> > Committed: https://crrev.com/34492040fbfb04fead21416245c8696b9847e751
> > Cr-Commit-Position: refs/heads/master@{#34312}
>
> TBR=adamk@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
>
> Committed: https://crrev.com/3b829ad80628bf521aa78255c2e5e20040a57b5f
> Cr-Commit-Position: refs/heads/master@{#34313}

TBR=adamk@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1739533006

Cr-Commit-Position: refs/heads/master@{#34338}
2016-02-26 19:43:58 +00:00
littledan
88d7c59c45 Reland of Make Intl install properties more like how other builtins do (patchset #1 id:1 of https://codereview.chromium.org/1733293003/ )
This reland fixes a bug by pulling properties off the utils object, so
that it can be garbage collected in nosnap builds.
Original commit message:

Intl has been somewhat of an oddball for how it integrates with V8.
One aspect is that it largely didn't use utils to install itself
into the snapshot, which led to some missing names, which new
test262 tests check for, and duplicated code. This patch brings
Intl a bit closer to how the rest of the builtins do things, though
not entirely as it is currently structured to do unusual things,
such as creating new constructors from JavaScript rather than C++.
New test262 tests check for some of the names that are added in
this patch.

R=adamk
CC=jshin
BUG=v8:4778
LOG=Y

Review URL: https://codereview.chromium.org/1745483002

Cr-Commit-Position: refs/heads/master@{#34337}
2016-02-26 19:40:58 +00:00
alan.li
f040b7fe3c MIPS64: Fix '[runtime] Optimize and unify rest parameters.'.
Port 3ef573e9f1

Original commit message:

    Replace the somewhat awkward RestParamAccessStub, which would always
    call into the runtime anyway with a proper FastNewRestParameterStub,
    which is basically based on the code that was already there for strict
    arguments object materialization. But for rest parameters we could
    optimize even further (leading to 8-10x improvements for functions with
    rest parameters), by fixing the internal formal parameter count:

    Every SharedFunctionInfo has a formal_parameter_count field, which
    specifies the number of formal parameters, and is used to decide whether
    we need to create an arguments adaptor frame when calling a function
    (i.e. if there's a mismatch between the actual and expected parameters).
    Previously the formal_parameter_count included the rest parameter, which
    was sort of unfortunate, as that meant that calling a function with only
    the non-rest parameters still required an arguments adaptor (plus some
    other oddities). Now with this CL we fix, so that we do no longer
    include the rest parameter in that count. Thereby checking for rest
    parameters is very efficient, as we only need to check whether there is
    an arguments adaptor frame, and if not create an empty array, otherwise
    check whether the arguments adaptor frame has more parameters than
    specified by the formal_parameter_count.

    The FastNewRestParameterStub is written in a way that it can be directly
    used by Ignition as well, and with some tweaks to the TurboFan backends
    and the CodeStubAssembler, we should be able to rewrite it as
    TurboFanCodeStub in the near future.

    Drive-by-fix: Refactor and unify the CreateArgumentsType which was
    different in TurboFan and Ignition; now we have a single enum class
    which is used in both TurboFan and Ignition.

TEST=test/mjsunit/harmony/destructuring, test/mjsunit/harmony/default-parameters,
test/mjsunit/harmony/default-parameters, test/mjsunit/es6/classes-subclass-builtins,
BUG=

Review URL: https://codereview.chromium.org/1734273003

Cr-Commit-Position: refs/heads/master@{#34336}
2016-02-26 19:12:50 +00:00
bmeurer
d00da47b61 [turbofan] Don't use the CompareIC in JSGenericLowering.
The CompareICStub produces an untagged raw word value, which has to be
translated to true or false manually in the TurboFan code. But for lazy
bailout after the CompareIC, we immediately go back to fullcodegen or
Ignition with the raw value, to a location where both fullcodegen and
Ignition expect a boolean value, which might crash or in the worst case
(depending on the exact computation inside the CompareIC) could lead to
arbitrary memory access.

Short-term fix is to use the proper runtime functions (unified with the
interpreter now) for comparisons. Next task is to provide optimized
versions of these based on the CodeStubAssembler, which can then be used
via code stubs in TurboFan or directly in handlers in the interpreter.

R=mstarzinger@chromium.org
BUG=v8:4788
LOG=n

Review URL: https://codereview.chromium.org/1738153002

Cr-Commit-Position: refs/heads/master@{#34335}
2016-02-26 18:41:35 +00:00
rmcilroy
81f12a74f0 [Interpreter]: Update test262.status for Ignition.
Moves skips to explicit fails and groups errors be failure reason. Almost all failures
are due to lack of generator support.

BUG=v8:4680
LOG=N
TBR=oth@chromium.org

Review URL: https://codereview.chromium.org/1740843003

Cr-Commit-Position: refs/heads/master@{#34334}
2016-02-26 18:00:50 +00:00
mstarzinger
239ed8ffa8 Remove strong mode support from materialized literals.
R=bmeurer@chromium.org
BUG=v8:3956
LOG=n

Review URL: https://codereview.chromium.org/1734243004

Cr-Commit-Position: refs/heads/master@{#34333}
2016-02-26 17:45:01 +00:00
fmeawad
567e58390d Reland: Add Scoped Context Info (Isolate) to V8 Traces
This patch adds the newly added support for contexts in V8 Tracing, as well
as use it to mark all the entry points for a V8 Isolate.

Update for reland: The current tracing interface needs to be updated (AddTraceEvent),
but the embedders need to migrate to the new version before removing the old version.
(Reland of: https://codereview.chromium.org/1686233002)

The revert happened because the 2 signatures of the old and new AddTraceEvent where different
so it threw an overload-virtual error on cross arm debug. This issue is temporary, and to solve
it, I added an implementation of the old and new everywhere until the embedder implements the new.

BUG=v8:4565
LOG=N

R=jochen@chromium.org

Review URL: https://codereview.chromium.org/1704253002

Cr-Commit-Position: refs/heads/master@{#34332}
2016-02-26 17:25:30 +00:00
joransiu
23cf65926e S390: Initial impl of S390 asm, masm, code-stubs,...
Initial commit with the bulk of the src/s390/* changes
along with associated changes to the build toolchain for
the new files.

A minor update to V8PRIuPTR definition for Mac OS X
affecting 32-bit S390 sim compilations.

R=danno@chromium.org,jkummerow@chromium.org,jochen@chromium.org,jyan@ca.ibm.com,michael_dawson@ca.ibm.com,mbrandy@us.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1725243004

Cr-Commit-Position: refs/heads/master@{#34331}
2016-02-26 16:25:04 +00:00
alan.li
9945b3dddc MIPS64: Fix '[stubs] Introduce a dedicated FastNewObjectStub.'
Port ba2077aac3

Original commit message:
Move the already existing fast case for %NewObject into a dedicated
FastNewObjectStub that we can utilize in places where we would otherwise
fallback to %NewObject immediately, which is rather expensive.

Also use FastNewObjectStub as the generic implementation of JSCreate,
which should make constructor inlining based on SharedFunctionInfo (w/o
specializing to a concrete closure) viable soon.

BUG=

Review URL: https://codereview.chromium.org/1732333002

Cr-Commit-Position: refs/heads/master@{#34330}
2016-02-26 15:56:49 +00:00
rmcilroy
a0fdb33f1c [Interpreter] Rebaseline ForOf bytecode generator tests.
Rebaselines ForOf bytecodes after shipping iterator finalization in https://codereview.chromium.org/1738463003/.

TBR=adamk@chromium.org
BUG=v8:3566,v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1738143002

Cr-Commit-Position: refs/heads/master@{#34329}
2016-02-26 14:22:28 +00:00
mstarzinger
db8f0504b8 [turbofan] Fix length in LowerJSCreateLiteralObject.
This fixes the length computation in for object literals in generic
lowering. In rare cases (e.g. boilerplate at end of page) this could
lead to out of bounds reads.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1737893003

Cr-Commit-Position: refs/heads/master@{#34328}
2016-02-26 13:25:00 +00:00
jochen
49c1e71123 [api] Don't store the serial number of templates in handles
We know it's a postive integer

BUG=
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1739753004

Cr-Commit-Position: refs/heads/master@{#34327}
2016-02-26 13:21:59 +00:00
jochen
bd39edcdfc [api] Move slow-path work behind fast path in InstantiateObject
BUG=
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1743543002

Cr-Commit-Position: refs/heads/master@{#34326}
2016-02-26 12:54:19 +00:00
jochen
6a7e866134 [api] Speed up template instantiation cache a bit.
The keys are always positive integers, so use an
UnseededNumberDictionary to store them instead of an ObjectHashTable

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1741623003

Cr-Commit-Position: refs/heads/master@{#34325}
2016-02-26 12:23:45 +00:00
ssanfilippo
e039f63a4f [Interpreter] Multiple input files for generate-bytecode-expectations.
When operating in --rebaseline mode, each of the files will be updated.
In --raw-js mode, all the expectations will be written to the same file.
In default mode no more than one input file is accepted.

On POSIX systems, --rebaseline will autodiscover golden files when run
from the project root and no input file is provided.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1737623002

Cr-Commit-Position: refs/heads/master@{#34324}
2016-02-26 12:04:24 +00:00
bmeurer
f48c2970e7 [test] Remove tests from mjsunit.status that no longer exist.
R=mstarzinger@chromium.org
BUG=v8:4768
LOG=n

Review URL: https://codereview.chromium.org/1737273003

Cr-Commit-Position: refs/heads/master@{#34323}
2016-02-26 11:09:27 +00:00
bmeurer
58ab990aa8 [turbofan] Bailout if LoadBuffer typing assumption doesn't hold.
The LoadBuffer operator that is used for asm.js heap access claims to
return only the appropriate typed array type, but out of bounds access
could make it return undefined. So far we tried to "repair" the graph
later if we see that our assumption was wrong, and for various reasons
that worked for some time. But now that wrong type information that is
propagated earlier is picked up appropriately and thus we generate wrong
code, i.e. we in the repro case we feed NaN into ChangeFloat64Uint32 and
thus get 2147483648 instead of 0 (with proper JS truncation).

This was always considered a temporary hack until we have a proper
asm.js pipeline, but since we still run asm.js through the generic
JavaScript pipeline, we have to address this now. Quickfix is to just
bailout from the pipeline when we see that the LoadBuffer type was
wrong, i.e. the result of LoadBuffer is not properly truncated and thus
undefined or NaN would be observable.

R=mstarzinger@chromium.org, jarin@chromium.org
BUG=chromium:589792
LOG=y

Review URL: https://codereview.chromium.org/1740123002

Cr-Commit-Position: refs/heads/master@{#34322}
2016-02-26 11:06:30 +00:00
rmcilroy
cb29f9cdbc [Interpreter] Add support for cpu profiler logging.
Adds support for cpu profiler logging to the interpreter. Modifies the
the API to be passed AbstractCode objects instead of Code objects, and
adds extra functions to AbstractCode which is required by log.cc and
cpu-profiler.cc.

The main change in sampler.cc is to determine if a stack frame is an
interpreter stack frame, and if so, use the bytecode address as the pc
for that frame. This allows sampling of bytecode functions. This
requires adding support to SafeStackIterator to determine if a frame is
interpreted, which we do by checking the PC against pre-stored addresses
for the start and end of interpreter entry builtins.

Also removes CodeDeleteEvents which are dead code and haven't
been reported for some time.

Still to do is tracking source positions which will be done in a
followup CL.

BUG=v8:4766
LOG=N

Review URL: https://codereview.chromium.org/1728593002

Cr-Commit-Position: refs/heads/master@{#34321}
2016-02-26 11:04:55 +00:00
ishell
9f4c3e748e [crankshaft] Remove useless HCallJSFunction instruction.
Everything that HCallJSFunction does can be easily done using more general HInvokeFunction, so there's no need to have this dedicated instruction around.

Review URL: https://codereview.chromium.org/1728423002

Cr-Commit-Position: refs/heads/master@{#34320}
2016-02-26 10:41:21 +00:00