Commit Graph

23601 Commits

Author SHA1 Message Date
ishell
65ada9fa0b Mark proxy map as unstable during proxy fixing (freezing, sealing or preventing extensions).
BUG=chromium:493568
LOG=N

Review URL: https://codereview.chromium.org/1158023003

Cr-Commit-Position: refs/heads/master@{#28759}
2015-06-02 11:29:27 +00:00
verwaest
abaec424f5 Remove Execution::CharAt
BUG=

Review URL: https://codereview.chromium.org/1143153004

Cr-Commit-Position: refs/heads/master@{#28758}
2015-06-02 11:25:05 +00:00
verwaest
823682ea2c Use LookupIterator for GetElementAttributes and friends
BUG=v8:4137
LOG=n

Review URL: https://codereview.chromium.org/1153583006

Cr-Commit-Position: refs/heads/master@{#28757}
2015-06-02 11:10:58 +00:00
ishell
341e4ac29d Filter out store/slots buffer entries that point into raw data objects.
This is just a workaround till we found the root cause of the issue, there must be no slots for data object recorded.

BUG=chromium:454297
LOG=N

Review URL: https://codereview.chromium.org/1106983004

Cr-Commit-Position: refs/heads/master@{#28756}
2015-06-02 11:00:55 +00:00
martyn.capewell
afd0367f5d [arm64] Use ubfiz in ARM64 instruction selector
Select ubfiz for (x & mask) << imm where mask is contiguous and imm is non-zero.

BUG=

Review URL: https://codereview.chromium.org/1161643003

Cr-Commit-Position: refs/heads/master@{#28755}
2015-06-02 10:57:44 +00:00
verwaest
2fb894fa58 Use GetProperty for getting elements.
This also fixes issues with
- kMaxUint32 being a valid length but not index cornercases
- exotic integer objects masking "exotic indexes" even though its in the prototype chain
- concating of holey sloppy arguments

BUG=v8:4137
LOG=n

Review URL: https://codereview.chromium.org/1159433003

Cr-Commit-Position: refs/heads/master@{#28754}
2015-06-02 10:42:29 +00:00
mstarzinger
d9ee1d6ffb [turbofan] Ship TF for dynamic lookup slots.
R=bmeurer@chromium.org
BUG=v8:4131
LOG=N

Review URL: https://codereview.chromium.org/1152173011

Cr-Commit-Position: refs/heads/master@{#28753}
2015-06-02 10:36:26 +00:00
ishell
1f24c38bde GlobalDictionary now stores PropertyDetails in PropertyCells.
BUG=

Review URL: https://codereview.chromium.org/1156993018

Cr-Commit-Position: refs/heads/master@{#28752}
2015-06-02 10:29:25 +00:00
rossberg
85ff7a0483 Fix redundant map allocation
R=bmeurer@chromium.org
BUG=chromium:492022,v8:3956
LOG=N

Review URL: https://codereview.chromium.org/1159623008

Cr-Commit-Position: refs/heads/master@{#28751}
2015-06-02 10:15:17 +00:00
mstarzinger
440d099c5c [turbofan] Optimized lowering of DYNAMIC_GLOBAL lookup slot loads.
This adds handling of JSLoadDynamicGlobal nodes to JSTypedLowering to
perform extension checks and an inline fast path. The fast path is a
global variable load from the global object.

R=bmeurer@chromium.org
BUG=v8:4131
LOG=N

Review URL: https://codereview.chromium.org/1150723005

Cr-Commit-Position: refs/heads/master@{#28750}
2015-06-02 09:37:59 +00:00
mvstanton
450002f3a1 Build ObjectLiteral constant properties in the numbering phase.
It's necessary to do this in order to know how many type feedback vector slots
we should allocate for the object literal.

BUG=

Review URL: https://codereview.chromium.org/1165463007

Cr-Commit-Position: refs/heads/master@{#28749}
2015-06-02 09:35:28 +00:00
chunyang.dai
388429e97c X87: [turbofan] First step towards sanitizing for-in and making it optimizable.
port e2e47f30be (r28711)

original commit message:

    [turbofan] First step towards sanitizing for-in and making it optimizable.

    In a nutshell: The FILTER_KEY builtin is gone, and was replaced by a
    simple runtime call to ForInFilter, which does everything and is even
    cheaper (because FILTER_KEY used to call into the runtime anyway).
    And ForInFilter returns either the name or undefined, which makes it
    possible to remove the control flow construction from the AstGraphBuilder,
    and thereby make both the initialization and the per-loop code of for-in
    optimizable later (in typed lowering).

BUG=

Review URL: https://codereview.chromium.org/1144143005

Cr-Commit-Position: refs/heads/master@{#28748}
2015-06-02 09:07:27 +00:00
bmeurer
86b30420a8 [turbofan] Enable typed lowering of string addition.
Unfortunately StringAdd is not pure in V8 because we might throw an
exception if the resulting string length is outside the valid bounds, so
there's no point in having a simplified StringAdd operator.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1164743002

Cr-Commit-Position: refs/heads/master@{#28747}
2015-06-02 08:50:53 +00:00
bmeurer
298cb97652 [turbofan] Specify better type for FixedArray::length field.
This avoids redundant smi checks when using the length of a FixedArray,
which is always a positve smi.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1162163003

Cr-Commit-Position: refs/heads/master@{#28746}
2015-06-02 06:18:35 +00:00
v8-autoroll
d0d570615f Update V8 DEPS.
Rolling v8/tools/clang to dc542e2b87607a399e0c107b78990aba11f5af48

TBR=machenbach@chromium.org

Review URL: https://codereview.chromium.org/1143213004

Cr-Commit-Position: refs/heads/master@{#28745}
2015-06-02 04:07:39 +00:00
arv
e13f044d06 [es6] Stage array spread
BUG=v8:3018
LOG=N

Review URL: https://codereview.chromium.org/1165653003

Cr-Commit-Position: refs/heads/master@{#28744}
2015-06-01 23:40:53 +00:00
adamk
dd4cd1fe90 Fix Map/Set creation via the API with nosnap build
The Map and Set maps get overwritten when collection.js executes, so in
a nosnap build we have to wait until it runs before we grab the maps.
To facilitate that, store the functions in the native context as well.

Review URL: https://codereview.chromium.org/1161363002

Cr-Commit-Position: refs/heads/master@{#28743}
2015-06-01 23:16:42 +00:00
erikcorry
4f5337a2b6 Cosmetic changes to tests to make it easier to concatenate them.
When compiling on a laptop I like to concatenate the small test files.
This makes a big difference to compile times. These changes make that
easier.

R=ulan@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1163803002

Cr-Commit-Position: refs/heads/master@{#28742}
2015-06-01 22:47:08 +00:00
conradw
ea2cb139d6 [strong] fix strong object exception messages
A mistake in a recent CL has messed up the error messages for strong object
semantics.

BUG=
LOG=N

Review URL: https://codereview.chromium.org/1166433007

Cr-Commit-Position: refs/heads/master@{#28741}
2015-06-01 22:44:05 +00:00
caitpotter88
904fbc303a Revert of [es6] implement default parameters via desugaring (patchset #19 id:380001 of https://codereview.chromium.org/1127063003/)
Reason for revert:
Broken on arm64

Original issue's description:
> [es6] implement default parameters via desugaring
>
> Stage 1 implementation:
>
> - Parameters can't be referenced before initialized (from left-to-right)
> - SingleNameBindings only, no support for BindingPatterns
>
> Known issues:
>
> - Incorrect scoping (parameter expressions may reference variables declared in function body)
> - Function arity is untouched
> - Hole-checking needs work
> - Rest parameters are broken when mixed with optional arguments
>
> BUG=v8:2160
> LOG=N
> R=arv@chromium.org, rossberg@chromium.org
>
> Committed: https://crrev.com/892c85485881f8be2f17bd83238980f858126576
> Cr-Commit-Position: refs/heads/master@{#28739}

TBR=rossberg@chromium.org,wingo@igalia.com,arv@chromium.org,dslomov@chromium.org,adamk@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:2160

Review URL: https://codereview.chromium.org/1163853002

Cr-Commit-Position: refs/heads/master@{#28740}
2015-06-01 18:35:03 +00:00
caitpotter88
892c854858 [es6] implement default parameters via desugaring
Stage 1 implementation:

- Parameters can't be referenced before initialized (from left-to-right)
- SingleNameBindings only, no support for BindingPatterns

Known issues:

- Incorrect scoping (parameter expressions may reference variables declared in function body)
- Function arity is untouched
- Hole-checking needs work
- Rest parameters are broken when mixed with optional arguments

BUG=v8:2160
LOG=N
R=arv@chromium.org, rossberg@chromium.org

Review URL: https://codereview.chromium.org/1127063003

Cr-Commit-Position: refs/heads/master@{#28739}
2015-06-01 17:10:50 +00:00
ishell
aa470e0af0 Enum DictionaryEntryType removed.
Dictionary customization should be implemented in respective shape class.

Review URL: https://codereview.chromium.org/1160813009

Cr-Commit-Position: refs/heads/master@{#28738}
2015-06-01 17:07:42 +00:00
ishell
144be2c461 Starting using GlobalDictionary for global objects instead of NameDictionary.
Review URL: https://codereview.chromium.org/1165603002

Cr-Commit-Position: refs/heads/master@{#28737}
2015-06-01 16:25:08 +00:00
nodir
db18b77836 /infra-config directory
Added /infra with chrome-infra specific files.
/infra/project-config/cr-buildbucket.cfg defines v8 buckets on cr-buildbucket.appspot.com

R=tandrii@chromium.org, machenbach@chromium.org, sergiyb@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1161143002

Cr-Commit-Position: refs/heads/master@{#28736}
2015-06-01 16:19:49 +00:00
arv
88b1c9170a Revert of [es6] Super call in arrows and eval (patchset #5 id:100001 of https://codereview.chromium.org/1146863007/)
Reason for revert:
Fails

http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap%20-%20debug%20-%201/builds/579/steps/Check/logs/super

Original issue's description:
> [es6] Super call in arrows and eval
>
> This splits the SuperReference AST node into SuperPropertyReference and
> SuperCallReference. The super call reference node consists of three
> unresolved vars to this, new.target and this_function. These gets
> declared when the right function is entered and if it is in use. The
> variables gets assigned in FullCodeGenerator::Generate.
>
> BUG=v8:3768
> LOG=N
> R=wingo@igalia.com, adamk@chromium.org
>
> Committed: https://crrev.com/673c0516ab96f24343bbb26e0afc2846b5a679df
> Cr-Commit-Position: refs/heads/master@{#28731}

TBR=wingo@igalia.com,adamk@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3768

Review URL: https://codereview.chromium.org/1161243005

Cr-Commit-Position: refs/heads/master@{#28735}
2015-06-01 16:10:17 +00:00
mbrandy
710baad489 PPC: [turbofan] First step towards sanitizing for-in and making it optimizable.
Port e2e47f30be

Original commit message:
In a nutshell: The FILTER_KEY builtin is gone, and was replaced by a
simple runtime call to ForInFilter, which does everything and is even
cheaper (because FILTER_KEY used to call into the runtime anyway).
And ForInFilter returns either the name or undefined, which makes it
possible to remove the control flow construction from the AstGraphBuilder,
and thereby make both the initialization and the per-loop code of for-in
optimizable later (in typed lowering).

R=bmeurer@chromium.org, dstence@us.ibm.com, michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1160973004

Cr-Commit-Position: refs/heads/master@{#28734}
2015-06-01 15:59:57 +00:00
titzer
1a23f031e8 [turbofan] Tester improvements; use CSignature and simplify ReturnValueTraits.
R=bmeurer@chromium.org,mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1150083006

Cr-Commit-Position: refs/heads/master@{#28733}
2015-06-01 15:55:04 +00:00
ishell
6c6b425dea Introducing GlobalDictionary, a backing store for global objects.
This updates Dictionary classes hierarchy and introduces GlobalDictionary class but it is not used yet.

Review URL: https://codereview.chromium.org/1163673003

Cr-Commit-Position: refs/heads/master@{#28732}
2015-06-01 15:43:38 +00:00
arv
673c0516ab [es6] Super call in arrows and eval
This splits the SuperReference AST node into SuperPropertyReference and
SuperCallReference. The super call reference node consists of three
unresolved vars to this, new.target and this_function. These gets
declared when the right function is entered and if it is in use. The
variables gets assigned in FullCodeGenerator::Generate.

BUG=v8:3768
LOG=N
R=wingo@igalia.com, adamk@chromium.org

Review URL: https://codereview.chromium.org/1146863007

Cr-Commit-Position: refs/heads/master@{#28731}
2015-06-01 15:02:38 +00:00
erikcorry
f2eb98b900 Tiny fix to grokdump heap stats printer
R=hpayer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1164693002

Cr-Commit-Position: refs/heads/master@{#28730}
2015-06-01 14:54:17 +00:00
jochen
65cd41e394 Reland "Re-enable on-heap typed array allocation"
R=mstarzinger@chromium.org
BUG=v8:3996
LOG=y

Review URL: https://codereview.chromium.org/1144143006

Cr-Commit-Position: refs/heads/master@{#28729}
2015-06-01 14:23:07 +00:00
arv
f91c54fa0b Fix issue with --print-ast and class expressions
Make sure that --print-ast works even when the class expression has no
name.

This also updates the printer to print the properties of the class
literal.

BUG=v8:4138
LOG=N
R=rossberg

Review URL: https://codereview.chromium.org/1165613003

Cr-Commit-Position: refs/heads/master@{#28728}
2015-06-01 14:06:28 +00:00
mstarzinger
d207fcef66 Fix bogus insertion of filler in LO-space by String#replace.
R=hpayer@chromium.org
TEST=mjsunit/regress/regress-crbug-493779
BUG=chromium:493779
LOG=N

Review URL: https://codereview.chromium.org/1163793002

Cr-Commit-Position: refs/heads/master@{#28727}
2015-06-01 13:36:11 +00:00
bmeurer
017faaf451 [turbofan] First steps towards optimizing for-in loops.
This is basically a port of the majority of optimizations that are
applied to for-in in full codegen. But it is not done during graph
building, but instead during typed lowering, which way less adhoc than
what the other compilers do.

Review URL: https://codereview.chromium.org/1155313008

Cr-Commit-Position: refs/heads/master@{#28726}
2015-06-01 11:41:26 +00:00
mstarzinger
7a70987531 [turbofan] Disable optimization of dynamic lookup slots.
Note that this essentially disables optimization of "with" as well.

R=hablich@chromium.org
BUG=chromium:491897,chromium:491018
LOG=N

Review URL: https://codereview.chromium.org/1158343003

Cr-Commit-Position: refs/heads/master@{#28725}
2015-06-01 11:40:16 +00:00
conradw
b14305c161 [strong] Implement per-object restrictions behaviour of delete operator
Implements the strong mode proposal's restrictions on the behaviour of the
delete operator for strong objects.

Setting the strong bit is still wip, so this change will only affect those
objects that have the bit correctly set. The tests reflect this, and will be
expanded as more objects can be marked as strong.

Attempt 2, last version did not work with API.

BUG=v8:3956
LOG=N

Review URL: https://codereview.chromium.org/1156573002

Cr-Commit-Position: refs/heads/master@{#28724}
2015-06-01 11:39:16 +00:00
bmeurer
3be8651fcc Revert of Re-enable on-heap typed array allocation (patchset #1 id:1 of https://codereview.chromium.org/1166433004/)
Reason for revert:
Win32 breakage

Original issue's description:
> Re-enable on-heap typed array allocation
>
> BUG=v8:3996
> R=mstarzinger@chromium.org
> LOG=y
>
> Committed: https://crrev.com/f91df1f25dec4f1982c40af6118da8b699777475
> Cr-Commit-Position: refs/heads/master@{#28722}

TBR=mstarzinger@chromium.org,jochen@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3996

Review URL: https://codereview.chromium.org/1158193004

Cr-Commit-Position: refs/heads/master@{#28723}
2015-06-01 10:59:05 +00:00
jochen
f91df1f25d Re-enable on-heap typed array allocation
BUG=v8:3996
R=mstarzinger@chromium.org
LOG=y

Review URL: https://codereview.chromium.org/1166433004

Cr-Commit-Position: refs/heads/master@{#28722}
2015-06-01 10:07:22 +00:00
dusan.milosavljevic
75744da268 MIPS64: Fix lithium arithmetic operations for integers to sign-extend result.
TEST=mjsunit/asm/double-lo
BUG=

Review URL: https://codereview.chromium.org/1161713003

Cr-Commit-Position: refs/heads/master@{#28721}
2015-06-01 09:47:52 +00:00
chunyang.dai
23621d2c11 X87: Make KeyedStores from a sloppy arguments array use a handler.
port 3a1d7335cf (r28683)

original commit message:

  This finishes up work begun by CL (https://codereview.chromium.org/546683003/) some months ago.

BUG=

Review URL: https://codereview.chromium.org/1163603003

Cr-Commit-Position: refs/heads/master@{#28720}
2015-06-01 09:21:57 +00:00
chunyang.dai
aa31176ab1 X87: [crankshaft] Record inlined shared function infos instead of closures.
port 388e791df9 (r28672).

original commit message:

   The list of inlined functions is used in exactly two places - for live
    edit and to prevent code flushing for inlined functions - and those are
    fine with SharedFunctionInfo and don't require a closure.

    This is one additional step towards inlining based on SharedFunctionInfo
    instead of JSFunction.

BUG=

Review URL: https://codereview.chromium.org/1143003003

Cr-Commit-Position: refs/heads/master@{#28719}
2015-06-01 09:11:43 +00:00
chunyang.dai
f1cc4ed2b2 X87: VectorICs: allocating slots for store ics in ast nodes.
port 5450fc07ba (r18659)

original commit message:

    Also adapt code generation to pass the slot to the
    store/keyed-store ic. AST nodes ObjectLiteral, Assignment,
    ForEach, Call and CountOperation now include one or more
    feedback vector ic slot ids.

BUG=

Review URL: https://codereview.chromium.org/1155383003

Cr-Commit-Position: refs/heads/master@{#28718}
2015-06-01 09:04:53 +00:00
chunyang.dai
b471651e96 X87: [es6] Support super.property in eval and arrow functions
port 44e9810345 (r28644)

original commit message:

    When we enter a method that needs access to the [[HomeObject]]
    we allocate a local variable `.home_object` and assign it the
    value from the [[HomeObject]] private symbol. Something along
    the lines of:

      method() {
        var .home_object = %ThisFunction()[home_object_symbol];
        ...
      }

BUG=

Review URL: https://codereview.chromium.org/1158543004

Cr-Commit-Position: refs/heads/master@{#28717}
2015-06-01 08:55:27 +00:00
chunyang.dai
5211fa0c59 X87: Move hash code from hidden string to a private symbol
port eca5b5d7ab (r28622).

original commit message:

   * Hash code is now just done with a private own symbol instead of the hidden string, which predates symbols.
    * In the long run we should do all hidden properties this way and get rid of the
    hidden magic 0-length string with the zero hash code.  The advantages include
    less complexity and being able to do things from JS in a natural way.
    * Initially, the performance of weak set regressed, because it's a little harder
    to do the lookup in C++.  Instead of heroics in C++ to make things faster I
    moved some functionality into JS and got the performance back. JS is supposed to be good at looking up named properties on objects.
    * This also changes hash codes of Smis so that they are always Smis.

    Performance figures are in the comments to the code review.  Summary: Most of js-perf-test/Collections is neutral.  Set and Map with object keys are 40-50% better.  WeakMap is -5% and WeakSet is +9%.

    In the code review comments is a patch with an example of the heroics we could do in C++ to make lookup faster (I hope we don't have to do this.  Instead of checking for the property, then doing a new

    In a similar vein we could give the magic zero hash code to the hash code
    symbol.  Then when we look up the hash code we would sometimes see the table
    with all the hidden properties.  This dual use of the field for either the hash
    code or the table with all hidden properties and the hash code is rather ugly,
    and this CL gets rid of it.  I'd be loath to bring it back.  On the benchmarks quoted above it's slightly slower than moving the hash code lookup to JS like in this CL.

    One worry is that the benchmark results above are more monomorphic than real
    world code, so may be overstating the performance benefits of moving to JS.  I
    think this is part of a general issue we have with handling polymorphic code in
    JS and any solutions there will benefit this solution, which boils down to
    regular property access. Any improvement there will lift all boats.

BUG=

Review URL: https://codereview.chromium.org/1153963010

Cr-Commit-Position: refs/heads/master@{#28716}
2015-06-01 08:53:19 +00:00
chunyang.dai
6b93438d51 X87: Move work to omit unnecessary ObjectLiteral stores to the numbering pass.
port 32de677805 (r29615)

original commit message:

    The reason is that this information will be needed to compute the number of
    vector ic slots done at numbering time.

BUG=

Review URL: https://codereview.chromium.org/1165693002

Cr-Commit-Position: refs/heads/master@{#28715}
2015-06-01 08:45:34 +00:00
hablich
f62d5ce912 For Micro-benchmarks for 'with'
R=arv@chromium.org, mstarzinger@chromium.org
BUG=v8:4131
LOG=n

Review URL: https://codereview.chromium.org/1153363002

Cr-Commit-Position: refs/heads/master@{#28714}
2015-06-01 07:40:11 +00:00
mstarzinger
861c427420 [turbofan] New operator for loads of DYNAMIC_[GLOBAL,LOCAL].
This introduces two new operators for loads of variables bound to
Variable::LOOKUP locations. Currently they all still lower to runtime
calls, but will allow optimization during typed lowering.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1155103004

Cr-Commit-Position: refs/heads/master@{#28713}
2015-06-01 07:35:11 +00:00
jochen
4b548dd15a Also expose DefineOwnProperty
In contrast to CreateDataProperty, this will always call out to JS

BUG=475206
R=adamk@chromium.org,verwaest@chromium.org
LOG=y

Review URL: https://codereview.chromium.org/1167473002

Cr-Commit-Position: refs/heads/master@{#28712}
2015-06-01 07:26:46 +00:00
bmeurer
e2e47f30be [turbofan] First step towards sanitizing for-in and making it optimizable.
In a nutshell: The FILTER_KEY builtin is gone, and was replaced by a
simple runtime call to ForInFilter, which does everything and is even
cheaper (because FILTER_KEY used to call into the runtime anyway).
And ForInFilter returns either the name or undefined, which makes it
possible to remove the control flow construction from the AstGraphBuilder,
and thereby make both the initialization and the per-loop code of for-in
optimizable later (in typed lowering).

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1160983004

Cr-Commit-Position: refs/heads/master@{#28711}
2015-06-01 07:20:58 +00:00
michael_dawson
212f4537cf Fix compile failure for AIX
Fix another may be uninitialized compile failure on AIX
in src/heap/heap.cc

R=svenpanne@chromium.org, mbrandy@us.ibm.com

BUG=

Review URL: https://codereview.chromium.org/1153233004

Cr-Commit-Position: refs/heads/master@{#28710}
2015-06-01 06:51:51 +00:00