Commit Graph

26451 Commits

Author SHA1 Message Date
rmcilroy
8c32ef6ee8 [Interpreter] Add support for VisitThisFunction.
BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1406253008

Cr-Commit-Position: refs/heads/master@{#31859}
2015-11-06 15:01:03 +00:00
ahaas
39ed694bbd Implemented the Word64Clz TurboFan operator for x64, arm64, and mips64.
R=titzer@chromium.org

Review URL: https://codereview.chromium.org/1413463009

Cr-Commit-Position: refs/heads/master@{#31858}
2015-11-06 14:51:20 +00:00
mstarzinger
aac8ee84af [heap] Fix corner case in optimized code map processing.
This fixes a corner case where optimized code could still be reachable
through the optimized code map, even though unoptimized code for any
inlined function might have long been flushed.

R=ulan@chromium.org
TEST=cctest/test-heap/Regress513496
BUG=chromium:513496
LOG=n

Review URL: https://codereview.chromium.org/1415683011

Cr-Commit-Position: refs/heads/master@{#31857}
2015-11-06 14:29:27 +00:00
bmeurer
925a2006f5 [turbofan] Fix wrong parameter indices in JSFrameSpecialization.
We forgot to add the number of arguments parameter in
JSFrameSpecialization, which was added before the context.

R=jarin@chromium.org
BUG=chromium:552304
LOG=n

Review URL: https://codereview.chromium.org/1429233004

Cr-Commit-Position: refs/heads/master@{#31856}
2015-11-06 13:12:51 +00:00
hablich
17a4e20e0d Revert of [turbofan] Enable general purpose inlining. (patchset #2 id:20001 of https://codereview.chromium.org/1416873007/ )
Reason for revert:
As discussed with Benedikt: Disable --turbo-inlining again because it tanks Jetstream.

Original issue's description:
> [turbofan] Enable general purpose inlining.
>
> R=bmeurer@chromium.org,hablich@chromium.org
> BUG=v8:4493
> LOG=n
>
> Committed: https://crrev.com/161a0462fb0e79f155f3ea085ba774dad99539cb
> Cr-Commit-Position: refs/heads/master@{#31634}

TBR=bmeurer@chromium.org,mstarzinger@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4493

Review URL: https://codereview.chromium.org/1409153008

Cr-Commit-Position: refs/heads/master@{#31855}
2015-11-06 13:09:46 +00:00
rmcilroy
7c160afd49 [Interpreter] Add test for sloppy mode receiver replacement.
Adds a test that the receiver for sloppy mode functions is replaced with
the global proxy when called with an undefined receiever.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1410113008

Cr-Commit-Position: refs/heads/master@{#31854}
2015-11-06 11:13:52 +00:00
ulan
84c961b743 Temporarily revert to non-incremental GC in background tabs to see
if that is responsible for memory regression in UMA.

Related CLs: crrev.com/1420363004, crrev.com/1423453003

TBR=hpayer@chromium.org
BUG=chromium:552305
LOG=NO

Review URL: https://codereview.chromium.org/1420283021

Cr-Commit-Position: refs/heads/master@{#31853}
2015-11-06 11:01:26 +00:00
mstarzinger
cd7c416da4 [serializer] Move clearing of optimized code map out of GC.
This avoids the need to clear optimized code maps within the GC by just
preventing entries being added in the first place, whenever a snapshot
is being constructed. The main goal here is to simplify the logic in the
already complex visitor for our shared function info objects.

R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/1411513005

Cr-Commit-Position: refs/heads/master@{#31852}
2015-11-06 08:56:15 +00:00
hablich
7627775948 Provide a counter for thrown JavaScript errors per context
This will be used as a data source for an
UMA histogram.

LOG=N
BUG=chromium:546603
R=jochen@chromium.org,yangguo@chromium.org

Review URL: https://codereview.chromium.org/1413503007

Cr-Commit-Position: refs/heads/master@{#31851}
2015-11-06 08:08:18 +00:00
ahaas
2c74ec3fec Changed the constructor of BufferedRawMachineAssemblerTester.
This change does not change how the BufferedRawMachineAssemblerTester is
used in tests, but it makes its construction in other constructors (e.g.
in the WasmRunner) cleaner.

R=titzer@chromium.org

Review URL: https://codereview.chromium.org/1414203009

Cr-Commit-Position: refs/heads/master@{#31850}
2015-11-06 07:22:53 +00:00
zhengxing.li
da72ba0b3e X87: Remove receiver conversion from function prologue.
port 4ab1b05d5e (r31826).

  original commit message:
  Depends on https://codereview.chromium.org/1407373007/
  After that CL, all receiver conversion is handled by the call builtin.

BUG=

Review URL: https://codereview.chromium.org/1419563006

Cr-Commit-Position: refs/heads/master@{#31849}
2015-11-06 03:12:37 +00:00
zhengxing.li
018ecfd162 X87: Remove CallFunctionStub, always call through the Call builtin (also from CallIC).
port 44c44521ae (r31823).

  original commit message:
  This fixes receiver conversion since the Call builtin does it correctly.

BUG=

Review URL: https://codereview.chromium.org/1416673009

Cr-Commit-Position: refs/heads/master@{#31848}
2015-11-06 03:11:22 +00:00
paul.lind
1db43a8417 MIPS64: Fix Remove receiver conversion from function prologue.
Use 64-bit load of receiver in 4ab1b05d5e.

BUG=

Review URL: https://codereview.chromium.org/1412693003

Cr-Commit-Position: refs/heads/master@{#31847}
2015-11-05 23:58:40 +00:00
adamk
2fa4732739 Re-ship @@toStringTag
It was originally shipped in https://crrev.com/eef2b9b09723ba1dae3ec0172341e93e9030ada0,
but was reverted due to poor interaction with Blink.

That interaction seems to be fixed thanks to changes to the V8 API
and to @@toStringTag handling on access-checked objects.

BUG=v8:3502
LOG=y
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.v8:v8_linux_nosnap_rel;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1406293011

Cr-Commit-Position: refs/heads/master@{#31846}
2015-11-05 23:47:12 +00:00
akos.palfi
53c46f87da MIPS: Fix unaligned read/write of bytecodes in interpreter.
On MIPS arch, all memory accesses (including halfword)
must be aligned to their native size or an alignment exception occurs.
The kernel will fix this up, but with performance penalty.

TEST=test-bytecode-generator/CallRuntime
BUG=

Review URL: https://codereview.chromium.org/1423373004

Cr-Commit-Position: refs/heads/master@{#31845}
2015-11-05 23:43:00 +00:00
adamk
2a866bc4dd Stage --harmony-destructuring and --harmony-default-parameters
Since enabling destructuring already implies enabling default parameters,
there's not a good way to separate these two. Luckily, they're both
feature-complete (save for destructuring assignment).

This causes us to pass an additional 24 test262 tests.

BUG=v8:811, v8:2160
LOG=y

Review URL: https://codereview.chromium.org/1407393009

Cr-Commit-Position: refs/heads/master@{#31844}
2015-11-05 21:40:12 +00:00
adamk
1447f74344 [cleanup] Make control flow in ParsePrimaryExpression more consistent
The previous code had a mix of breaks, early returns, and switch/case/if
with fallthrough. Now the pattern is to either return for known errors
or break to the bottom of the switch for unhandled tokens.

Also cleaned up random other stuff in the function: removed unnecessary
local vars, shortened position-fetching calls.

Review URL: https://codereview.chromium.org/1412313009

Cr-Commit-Position: refs/heads/master@{#31843}
2015-11-05 21:14:07 +00:00
adamk
e33c4b450f Re-re-land "[es6] Implement destructuring binding in try/catch"
http://crrev.com/80a1e004f4ef619b54a2d87bf2108719a8411860 was reverted
due to a Blink test failure. That test has been marked as failing on
the Blink side in https://chromium.googlesource.com/chromium/src/+/ac11c6df133.

BUG=v8:811
LOG=y
TBR=rossberg@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1409093005

Cr-Commit-Position: refs/heads/master@{#31842}
2015-11-05 20:21:50 +00:00
littledan
7ff114e287 Add strict mode, sloppy mode and strong mode UseCounters
This patch adds UseCounters for the various language modes. This may
be useful for helping us to prioritize future optimization and
language design decisions.

R=adamk
CC=seththompson
BUG=none

Review URL: https://codereview.chromium.org/1429173002

Cr-Commit-Position: refs/heads/master@{#31841}
2015-11-05 19:52:50 +00:00
machenbach
35a60c211e Revert of Revert "Revert of [es6] Implement destructuring binding in try/catch" (patchset #2 id:20001 of https://codereview.chromium.org/1411323008/ )
Reason for revert:
[Sheriff] Breaks a layout test:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/2750

Please request rebase upstream first if intended.

Original issue's description:
> Revert "Revert of [es6] Implement destructuring binding in try/catch"
>
> Reland try/catch destructuring with a fix for the MemorySanitizer failure:
> initialization_pos needs to be initialized in the DeclarationDescriptor.
>
> This is a one line fix to http://crrev.com/a316db995e6e4253664920652ed4e5a38b2caeba
>
> BUG=v8:811
> LOG=y
>
> Committed: https://crrev.com/80a1e004f4ef619b54a2d87bf2108719a8411860
> Cr-Commit-Position: refs/heads/master@{#31834}

TBR=littledan@chromium.org,rossberg@chromium.org,adamk@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:811

Review URL: https://codereview.chromium.org/1421193006

Cr-Commit-Position: refs/heads/master@{#31840}
2015-11-05 19:29:08 +00:00
cbruni
83f60ab5ac [crankshaft] Do not optimize ClassConstructor calls and apply.
LOG=N
BUG=v8:4428

Review URL: https://codereview.chromium.org/1425293007

Cr-Commit-Position: refs/heads/master@{#31839}
2015-11-05 19:21:20 +00:00
yangguo
8f74173812 Use in-object fields instead of private symbols for regexp slots.
R=bmeurer@chromium.org

Committed: https://crrev.com/5a1e42c039ac3379ebe1e7e34fb8163e1ec1493e
Cr-Commit-Position: refs/heads/master@{#31791}

Committed: https://crrev.com/bf5c9af92ac0a5b7f020ac968d3d42ed06aa6144
Cr-Commit-Position: refs/heads/master@{#31805}

Review URL: https://codereview.chromium.org/1428203003

Cr-Commit-Position: refs/heads/master@{#31838}
2015-11-05 19:10:43 +00:00
mstarzinger
7f1fb29faa Revert of [heap] Separate out optimized code map processing. (patchset #2 id:20001 of https://codereview.chromium.org/1421903012/ )
Reason for revert:
Causes GC-Stress failures.

Original issue's description:
> [heap] Separate out optimized code map processing.
>
> This separates the post-processing step for optimized code maps out of
> the CodeFlusher. It uses the complete SharedFunctionInfo::Iterator to
> visit all candidates instead of gathering candidates during marking.
>
> Gathering candidates during marking no longer makes sense, now that the
> majority of SharedFunctionInfo objects will hold such an optimized code
> map. Also it reduces complexity of the implementation. Also conflating
> this mechanism with "code flushing" was confusing.
>
> This reverts commit b6644e8491.
>
> R=ulan@chromium.org
>
> Committed: https://crrev.com/bb7a5eb2d89bae25f2b5ecb9515669f0ac73c111
> Cr-Commit-Position: refs/heads/master@{#31836}

TBR=ulan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1412063012

Cr-Commit-Position: refs/heads/master@{#31837}
2015-11-05 18:50:33 +00:00
mstarzinger
bb7a5eb2d8 [heap] Separate out optimized code map processing.
This separates the post-processing step for optimized code maps out of
the CodeFlusher. It uses the complete SharedFunctionInfo::Iterator to
visit all candidates instead of gathering candidates during marking.

Gathering candidates during marking no longer makes sense, now that the
majority of SharedFunctionInfo objects will hold such an optimized code
map. Also it reduces complexity of the implementation. Also conflating
this mechanism with "code flushing" was confusing.

This reverts commit b6644e8491.

R=ulan@chromium.org

Review URL: https://codereview.chromium.org/1421903012

Cr-Commit-Position: refs/heads/master@{#31836}
2015-11-05 17:30:20 +00:00
pkotwicz
fa4bd0b9ab Add v8_external_startup_data GN rule
The new GN rule will enable removal of code which copies natives_blob.bin and
snapshot_blob.bin in Android GN code (for instance "copy_content_shell_assets").

BUG=547162
LOG=Y

Review URL: https://codereview.chromium.org/1412333005

Cr-Commit-Position: refs/heads/master@{#31835}
2015-11-05 17:29:07 +00:00
adamk
80a1e004f4 Revert "Revert of [es6] Implement destructuring binding in try/catch"
Reland try/catch destructuring with a fix for the MemorySanitizer failure:
initialization_pos needs to be initialized in the DeclarationDescriptor.

This is a one line fix to http://crrev.com/a316db995e6e4253664920652ed4e5a38b2caeba

BUG=v8:811
LOG=y

Review URL: https://codereview.chromium.org/1411323008

Cr-Commit-Position: refs/heads/master@{#31834}
2015-11-05 17:27:57 +00:00
hablich
760eb0a9f4 [Release] Make release scripts aware of packed tags
We are creating a lot of tags. The result is that git 'packs'
some of them. Our parsers in the release script cannot handle
this.

R=machenbach@chromium.org
LONG=N
NOTRY=true

Review URL: https://codereview.chromium.org/1403293009

Cr-Commit-Position: refs/heads/master@{#31833}
2015-11-05 17:27:18 +00:00
hablich
b6644e8491 Revert of [heap] Separate out optimized code map processing. (patchset #3 id:40001 of https://codereview.chromium.org/1426953006/ )
Reason for revert:
Breaks build: https://uberchromegw.corp.google.com/i/client.v8/builders/V8%20Linux%20-%20nosnap%20-%20debug/builds/3565

Original issue's description:
> [heap] Separate out optimized code map processing.
>
> This separates the post-processing step for optimized code maps out of
> the CodeFlusher. It uses the complete SharedFunctionInfo::Iterator to
> visit all candidates instead of gathering candidates during marking.
>
> Gathering candidates during marking no longer makes sense, now that the
> majority of SharedFunctionInfo objects will hold such an optimized code
> map. Also it reduces complexity of the implementation. Also conflating
> this mechanism with "code flushing" was confusing.
>
> R=ulan@chromium.org
>
> Committed: https://crrev.com/8ad6168d197dd167235c9d342ec7ce37b0daa88b
> Cr-Commit-Position: refs/heads/master@{#31830}

TBR=ulan@chromium.org,yangguo@chromium.org,mvstanton@chromium.org,mstarzinger@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1434503003

Cr-Commit-Position: refs/heads/master@{#31832}
2015-11-05 16:29:14 +00:00
mbrandy
6413ef4e63 PPC: [runtime] Fix ES6 9.2.1 [[Call]] when encountering a classConstructor.
Port ab84025977

Also:
- Fix big-endian compiler hints BYTE_OFFSET macro.
- Clean up PPC code access to compiler hints -- which required some new
  SharedFunctionInfo fields to encapsulate kCompilerHintsSmiTagSize.

Original commit message:
    The current implementation of classes throws the TypeError at the wrong
    point, after activating a new context when directly calling a class
    constructor. According to the spec, the TypeError has to be thrown
    in the caller context.

R=bmeurer@chromium.org, cbruni@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, dstence@us.ibm.com
LOG=N
BUG=v8:4428

Review URL: https://codereview.chromium.org/1423713014

Cr-Commit-Position: refs/heads/master@{#31831}
2015-11-05 14:51:51 +00:00
mstarzinger
8ad6168d19 [heap] Separate out optimized code map processing.
This separates the post-processing step for optimized code maps out of
the CodeFlusher. It uses the complete SharedFunctionInfo::Iterator to
visit all candidates instead of gathering candidates during marking.

Gathering candidates during marking no longer makes sense, now that the
majority of SharedFunctionInfo objects will hold such an optimized code
map. Also it reduces complexity of the implementation. Also conflating
this mechanism with "code flushing" was confusing.

R=ulan@chromium.org

Review URL: https://codereview.chromium.org/1426953006

Cr-Commit-Position: refs/heads/master@{#31830}
2015-11-05 14:32:55 +00:00
ishell
e8cab885ed Move both dynamic and static object body visiting logic to BodyDescriptorBase class.
Review URL: https://codereview.chromium.org/1416243009

Cr-Commit-Position: refs/heads/master@{#31829}
2015-11-05 14:02:49 +00:00
bmeurer
9c8f4f91aa [runtime] Remove the unused weird %Likely and %Unlikely intrinsics.
These intrinsics are completely unused and there doesn't seem to an
actual use case for it in the future.

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1418663011

Cr-Commit-Position: refs/heads/master@{#31828}
2015-11-05 13:52:31 +00:00
bmeurer
dc3c84812a [turbofan] Introduce a Function type and optimize based on it.
This inserts a new bit set type Function, which is used to represent
JSFunctions, and uses that type in typed lowering to optimize calls
to use the CallFunction builtin directly. Also allows for better typing
of the typeof operator, which can infern "function" for JSFunctions
properly.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1410343016

Cr-Commit-Position: refs/heads/master@{#31827}
2015-11-05 13:30:56 +00:00
verwaest
4ab1b05d5e Remove receiver conversion from function prologue
Depends on https://codereview.chromium.org/1407373007/
After that CL, all receiver conversion is handled by the call builtin.

BUG=

Review URL: https://codereview.chromium.org/1414883011

Cr-Commit-Position: refs/heads/master@{#31826}
2015-11-05 13:23:51 +00:00
mstarzinger
faf0238b45 [turbofan] Tiny cleanup in RawMachineAssembler constructor.
R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1412243017

Cr-Commit-Position: refs/heads/master@{#31825}
2015-11-05 13:16:02 +00:00
yangguo
2237ba0dba Implement flag and source getters on RegExp.prototype.
R=littledan@chromium.org
BUG=v8:3715, v8:4528
LOG=Y

Committed: https://crrev.com/60e8877e161fe6175e19fafce2d6ed1c3999cdb1
Cr-Commit-Position: refs/heads/master@{#31753}

Committed: https://crrev.com/b5c80a31ad266eb38a0cf2ff756be59c66d34aa5
Cr-Commit-Position: refs/heads/master@{#31773}

Committed: https://crrev.com/85494e90bb63a3a9e19a1bf862cb6bfcb0162ee9
Cr-Commit-Position: refs/heads/master@{#31782}

Committed: https://crrev.com/152163c1646b45f5fc5d31a4ec2eb55d7f4a2ffc
Cr-Commit-Position: refs/heads/master@{#31804}

Review URL: https://codereview.chromium.org/1419823010

Cr-Commit-Position: refs/heads/master@{#31824}
2015-11-05 13:08:55 +00:00
verwaest
44c44521ae Remove CallFunctionStub, always call through the Call builtin (also from CallIC).
This fixes receiver conversion since the Call builtin does it correctly.

BUG=v8:4526
LOG=n

Review URL: https://codereview.chromium.org/1407373007

Cr-Commit-Position: refs/heads/master@{#31823}
2015-11-05 12:46:01 +00:00
bmeurer
de9ebd82d0 [runtime] Remove obsolete %_StringAdd intrinsic.
The %_StringAdd intrinsic is not used anymore, so no need to keep the
code around.

R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/1420283019

Cr-Commit-Position: refs/heads/master@{#31822}
2015-11-05 12:16:59 +00:00
bmeurer
a210c3757e [runtime] Remove the very dangerous %_CallFunction intrinsic.
The %_CallFunction doesn't implement the call sequence properly, it
doesn't do the receiver wrapping, nor does it check for
classConstructor. Also the eager deoptimization for %_CallFunction was
seriously b0rked (we must have been lucky with TurboFan so far).

R=yangguo@chromium.org
BUG=v8:4413
LOG=n

Review URL: https://codereview.chromium.org/1419813010

Cr-Commit-Position: refs/heads/master@{#31821}
2015-11-05 11:48:21 +00:00
bmeurer
8d780560bd [turbofan] Add support for relevant ES6 type conversion intrinsics.
TurboFan didn't fully support the relevant ES6 type conversion
intrinsics like %_ToNumber, %_ToLength, %_ToName, %_ToString and
%_ToInteger until now, we always went to the runtime instead.  These
intrinsics are now well supported in TurboFan, and we are even able to
generate quite decent code in some cases.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1428243003

Cr-Commit-Position: refs/heads/master@{#31820}
2015-11-05 09:51:28 +00:00
ishell
82a54b38e7 Using override keyword in ObjectVisitor class hierarchy.
Review URL: https://codereview.chromium.org/1425013006

Cr-Commit-Position: refs/heads/master@{#31819}
2015-11-05 09:32:38 +00:00
yangguo
ca49355aba Revert of Implement flag and source getters on RegExp.prototype. (patchset #6 id:110001 of https://codereview.chromium.org/1419823010/ )
Reason for revert:
browser_tests failure with --gtest_filter=ExternallyConnectableMessagingTest.EnablingAndDisabling

Original issue's description:
> Implement flag and source getters on RegExp.prototype.
>
> R=littledan@chromium.org
> BUG=v8:3715, v8:4528
> LOG=Y
>
> Committed: https://crrev.com/60e8877e161fe6175e19fafce2d6ed1c3999cdb1
> Cr-Commit-Position: refs/heads/master@{#31753}
>
> Committed: https://crrev.com/b5c80a31ad266eb38a0cf2ff756be59c66d34aa5
> Cr-Commit-Position: refs/heads/master@{#31773}
>
> Committed: https://crrev.com/85494e90bb63a3a9e19a1bf862cb6bfcb0162ee9
> Cr-Commit-Position: refs/heads/master@{#31782}
>
> Committed: https://crrev.com/152163c1646b45f5fc5d31a4ec2eb55d7f4a2ffc
> Cr-Commit-Position: refs/heads/master@{#31804}

TBR=littledan@chromium.org,jochen@chromium.org,ulan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3715, v8:4528

Review URL: https://codereview.chromium.org/1426413002

Cr-Commit-Position: refs/heads/master@{#31818}
2015-11-05 09:08:51 +00:00
yangguo
d9511fa9df Revert of Use in-object fields instead of private symbols for regexp slots. (patchset #4 id:60001 of https://codereview.chromium.org/1428203003/ )
Reason for revert:
browser_tests failure with --gtest_filter=ExternallyConnectableMessagingTest.EnablingAndDisabling

Original issue's description:
> Use in-object fields instead of private symbols for regexp slots.
>
> R=bmeurer@chromium.org
>
> Committed: https://crrev.com/5a1e42c039ac3379ebe1e7e34fb8163e1ec1493e
> Cr-Commit-Position: refs/heads/master@{#31791}
>
> Committed: https://crrev.com/bf5c9af92ac0a5b7f020ac968d3d42ed06aa6144
> Cr-Commit-Position: refs/heads/master@{#31805}

TBR=bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1432453005

Cr-Commit-Position: refs/heads/master@{#31817}
2015-11-05 09:07:39 +00:00
caitpotter88
096125deaa [es6] allow any LeftHandSideExpression in for-of loops
Fix an earlier regression which forbid non-VariableProxy LHS from being
used in for-of loops. Like for-in loops, the spec allows any LHS to be used,
with the sole exception that ObjectLiterals and ArrayLiterals must be valid
AssignmentPatterns.

Also fixes a bug in TurboFan which resulted in incorrectly replacing a variable load with a constant value in some instances, due to the AstLoopAssignmentAnalyzer failing to record the assignment to ForOfStatement's value.

BUG=v8:4418, v8:2720
LOG=N
R=wingo@igalia.com, littledan@chromium.org, adamk@chromium.org, bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1411873004

Cr-Commit-Position: refs/heads/master@{#31816}
2015-11-05 06:47:56 +00:00
zhengxing.li
8c1a433038 X87: [runtime] Fix ES6 9.2.1 [[Call]] when encountering a classConstructor.
port ab84025977 (r31790).

  original commit message:
  The current implementation of classes throws the TypeError at the wrong
  point, after activating a new context when directly calling a class
  constructor. According to the spec, the TypeError has to be thrown
  in the caller context.

BUG=

Review URL: https://codereview.chromium.org/1419793007

Cr-Commit-Position: refs/heads/master@{#31815}
2015-11-05 05:11:57 +00:00
ofrobots
7b704c4f9b [heap] inline allocation steps refactor
Expose the steps for incremental marking and idle scavenge more directly in
NewSpace. Adjust the NewSpace and Heap interfaces to allow callers to be more
clear about how they are interacting with inline allocation steps. This refactor
prepares the ground for more consumers of inline allocation steps (e.g. sampling
heap profiler.)

R=hpayer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1404523002

Cr-Commit-Position: refs/heads/master@{#31814}
2015-11-05 04:45:33 +00:00
v8-autoroll
ac75fe1a9b Update V8 DEPS.
Rolling v8/third_party/icu to 42c58d4e49f2250039f0e98d43e0b76e8f5ca024

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Review URL: https://codereview.chromium.org/1420993008

Cr-Commit-Position: refs/heads/master@{#31813}
2015-11-05 04:19:39 +00:00
chunyang.dai
fd0d9cf2c5 X87: fix a check error for deoptimization.
This CL is a fix for https://codereview.chromium.org/1411223010. (X87: fix
   the deoptimization issue.).

   ArchDeoptimize instruction may contains duplicated x87 double register as input
   parameters. So the scope check is not correct.

BUG=

Review URL: https://codereview.chromium.org/1415023007

Cr-Commit-Position: refs/heads/master@{#31812}
2015-11-05 02:51:53 +00:00
paul.lind
532ee45a2f Fix big-endian after [runtime] Fix ES6 9.2.1 [[Call]] when encountering a classConstructor.
Fix typos in big-endian BYTE_OFFSET macro.

BUG=

Review URL: https://codereview.chromium.org/1433543002

Cr-Commit-Position: refs/heads/master@{#31811}
2015-11-05 02:48:29 +00:00
littledan
5d44bf0263 Ship Harmony ToLength
This patch moves ES2015 ToLength semantics on array operations, etc
to from staging to shipping.

R=adamk
BUG=v8:3087
LOG=Y

Review URL: https://codereview.chromium.org/1433473003

Cr-Commit-Position: refs/heads/master@{#31810}
2015-11-05 00:45:05 +00:00