range's internal structure, we take a range at a time and splinter based on
the blocks it covers. This is no different in scenarios where a UseInterval
covers non-deferred then deferred blocks. However, in scenarios where
a deferred block jumps to another one, and there are no other blocks
covered by the range in between, this CL will treat the two such blocks
together, while the previous one would treat them separately. This matters
in cases such as deoptimization blocks preceded (not necessarily
consecutively) by a single instruction (jump) Merging block.
Review URL: https://codereview.chromium.org/1415833002
Cr-Commit-Position: refs/heads/master@{#31422}
It is not always safe to allocate new heap objects in the JSGraph. We
might have to revisit this later once we do the canonicalization for
HeapConstants.
R=jarin@chromium.org
BUG=chromium:545364
LOG=n
Review URL: https://codereview.chromium.org/1413373002
Cr-Commit-Position: refs/heads/master@{#31421}
This reverts commit 24aca87090.
The API makes these values appear to be per-isolate, when in fact
they are per-context. Installing the results of these on Template
objects instantiated in multiple contexts can result in security
violations and contexts being retained indefinitely.
An alternative mechanism for using these in a sensible way is
provided by https://crrev.com/1409593002
BUG=
LOG=N
R=jochen@chromium.org, adamk@chromium.org
Review URL: https://codereview.chromium.org/1415663002
Cr-Commit-Position: refs/heads/master@{#31417}
The problem is that the gc pattern is different, and the list of debug scripts
may have more or less duplicates than before. The solution is to just turn off
--stress-opt for the test.
R=yangguo@chromium.org
BUG=v8:4502
LOG=N
Review URL: https://codereview.chromium.org/1416883002
Cr-Commit-Position: refs/heads/master@{#31415}
For now, only rewire builtins in v8natives.js to call the new runtime functions.
Review URL: https://codereview.chromium.org/1409613004
Cr-Commit-Position: refs/heads/master@{#31413}
Use the simple inline function version of {Min, Max} where possible to
improve performance
Now uses an forced inline js function instead of a python macro
to avoid expressions be evaluated twice
Follow-up to CR: https://codereview.chromium.org/1331993004
Review URL: https://codereview.chromium.org/1410473002
Cr-Commit-Position: refs/heads/master@{#31411}
This stages the general purpose inlining mechanism in TurboFan and
also disables the remaining tests that still fail. We do this to get
test coverage early and to avoid regressing inlining as we go along.
R=jarin@chromium.org,mstarzinger@chromium.org
BUG=v8:4493
LOG=n
Review URL: https://codereview.chromium.org/1419623002
Cr-Commit-Position: refs/heads/master@{#31406}
This fixes JSNativeContextSpecialization to not lower JSLoadGlobal and
JSStoreGlobal nodes if the global variable has morphed into a context
variable that is currently within a TDZ. Scary variable binding is being
scary!
R=bmeurer@chromium.org
TEST=cctest/test-decls/Regress3941 --turbo-filter="f"
BUG=v8:4470
LOG=n
Review URL: https://codereview.chromium.org/1415733003
Cr-Commit-Position: refs/heads/master@{#31405}
Reason for revert:
Breaks nosnap: http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap%20-%20debug%20-%202/builds/2407/steps/Check/logs/regress-4395
Original issue's description:
> [es6] Fix scoping for default parameters in arrow functions
>
> When eagerly parsing arrow functions, expressions in default
> parameter initializers are parsed in the enclosing scope,
> rather than in the function's scope (since that scope does not
> yet exist). This leads to VariableProxies being added to the
> wrong scope, and scope chains for FunctionLiterals being incorrect.
>
> This patch addresses these problems by adding a subclass of
> AstExpressionVisitor that moves VariableProxies to the proper
> scope and fixes up scope chains of FunctionLiterals.
>
> More work likely still needs to be done to make this work completely,
> but it's very close to correct.
>
> BUG=v8:4395
> LOG=y
>
> Committed: https://crrev.com/cf72aad39e51de9b7074ea039377c1812f4a2c6b
> Cr-Commit-Position: refs/heads/master@{#31402}
TBR=rossberg@chromium.org,caitpotter88@gmail.com,adamk@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4395
Review URL: https://codereview.chromium.org/1417463004
Cr-Commit-Position: refs/heads/master@{#31404}
This patch refactors array methods to have the
InnerArray{Map,Filter} methods convert to a GlobalArray
rather than the callers.
BUG=chromium:544991
R=yangguo,adamk
CC=mstarzinger,jochen
LOG=Y
Review URL: https://codereview.chromium.org/1408213004
Cr-Commit-Position: refs/heads/master@{#31403}
When eagerly parsing arrow functions, expressions in default
parameter initializers are parsed in the enclosing scope,
rather than in the function's scope (since that scope does not
yet exist). This leads to VariableProxies being added to the
wrong scope, and scope chains for FunctionLiterals being incorrect.
This patch addresses these problems by adding a subclass of
AstExpressionVisitor that moves VariableProxies to the proper
scope and fixes up scope chains of FunctionLiterals.
More work likely still needs to be done to make this work completely,
but it's very close to correct.
BUG=v8:4395
LOG=y
Review URL: https://codereview.chromium.org/1405313002
Cr-Commit-Position: refs/heads/master@{#31402}
This fixes the bailout point used by JSCreateScriptContext nodes for
top-level code. The bailout point differs from the Crankshaft one as
parameter slots have not been copied and the context chain was not
extended yet in TurboFan. Hence a new bailout id is required.
R=ishell@chromium.org
TEST=cctest/test-decls/CrossScript --turbo-inlining
Review URL: https://codereview.chromium.org/1413933005
Cr-Commit-Position: refs/heads/master@{#31399}
The boards on the bots do not have FPU, and therefore time out on
this test.
BUG=
NOTRY=true
Review URL: https://codereview.chromium.org/1411313003
Cr-Commit-Position: refs/heads/master@{#31395}
The debugger calls PromiseHasUserDefinedRejectHandler to recursively search the
tree of dependent promises for user-defined reject handlers. If no such reject
handler exists, rejecting the promise is considered an uncaught exception.
Promise.race and Promise.all interupt the link of promise dependency wrt the
search. This change fixes that link.
R=rossberg@chromium.org
BUG=chromium:439585
LOG=N
Review URL: https://codereview.chromium.org/1411083003
Cr-Commit-Position: refs/heads/master@{#31392}
This stages the general purpose inlining mechanism in TurboFan and also
disables the remaining tests that still fail. We do this to get test
coverage early and to avoid regressing inlining as we go along.
R=bmeurer@chromium.org
BUG=v8:4493
LOG=n
Review URL: https://codereview.chromium.org/1412703002
Cr-Commit-Position: refs/heads/master@{#31386}
During eviction of FreeSpace nodes that reside on eviction pages we iterate
throug the list node-by-node, unlinking only those that reside on eviction
pages. We failed to properly update end_ if nodes were evicted are encountering
nodes that that are left as is.
BUG=chromium:539356
LOG=N
R=hpayer@chromium.org
Review URL: https://codereview.chromium.org/1411263002
Cr-Commit-Position: refs/heads/master@{#31383}
Re-land of https://crrev.com/cf13dda1ba25e8293ea143f33c6c5f6233a39c86,
fixing the issue with vector stores.
Class methods always have the class scope on their scope chain in order
to implement strong mode checks. Previously, that scope wasn't attached
to the ClassLiteral for anonymous classes (since the scope contained
no bindings).
This patch simply puts that same scope on the ClassLiteral, anonymous
or not, which simplifies other code that needs to reason about the scope
of a class and its methods.
Review URL: https://codereview.chromium.org/1418433002
Cr-Commit-Position: refs/heads/master@{#31381}
This is exactly what it looks like. A temporary hack that ensures we
can make forward progress with the JSInliner despite other components
have a hard time picking the correct zone. This hack is a hack!
R=bmeurer@chromium.org,jarin@chromium.org
Review URL: https://codereview.chromium.org/1410963003
Cr-Commit-Position: refs/heads/master@{#31380}
Separately collect element keys from property keys to avoid slow
corner-cases. Partly deal with keys generated by Proxies.
BUG=chromium:536790
LOG=N
Review URL: https://codereview.chromium.org/1397063002
Cr-Commit-Position: refs/heads/master@{#31378}
This adds a test case that ensures calling Debug.scripts without any
listener attached fails gracefully. For now we are throwing the string
"illegal access", this might change in the future to be a dedicated
exception.
R=yangguo@chromium.org
TEST=mjsunit/debug-scripts-throw
Review URL: https://codereview.chromium.org/1411193002
Cr-Commit-Position: refs/heads/master@{#31377}
