Commit Graph

10033 Commits

Author SHA1 Message Date
ivica.bogosavljevic
ed600e5556 MIPS: Fixing failures in cctest/test-assembler-mips/CVT
Fixing failures in cctest/test-assembler-mips/CVT on Mips32R2 without
FP64 support

BUG=

Review URL: https://codereview.chromium.org/1459763003

Cr-Commit-Position: refs/heads/master@{#32121}
2015-11-19 16:39:58 +00:00
verwaest
469d9bfa8d Introduce a BuiltinsConstructStub that sets up new.target and does a [[call]] per ES6 9.3.2
BUG=

Review URL: https://codereview.chromium.org/1448933002

Cr-Commit-Position: refs/heads/master@{#32120}
2015-11-19 16:11:09 +00:00
mythria
4bb6e7c8c0 [Interpreter] Add support for keyed load / store ICs and named store IC to
bytecode graph builder

Adds implementation and tests for KeyedLoadIC, KeyedStoreIC and StoreIC to
bytecode graph builder.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1448913002

Cr-Commit-Position: refs/heads/master@{#32116}
2015-11-19 14:16:53 +00:00
yangguo
6980f1957d Do not use deprecated API in cctest/test-debug.
R=jochen@chromium.org

Review URL: https://codereview.chromium.org/1459783005

Cr-Commit-Position: refs/heads/master@{#32115}
2015-11-19 13:46:16 +00:00
mstarzinger
0227857d26 [turbofan] Make new.target explicit in JSCallDescriptor.
This adds an explicit parameter to the call descriptor having kind
kJSCallFunction representing the new.target value. Note that for now
this parameter is not yet passed in and hence cannot be used yet. Also
contains some refactoring of how parameter index value are calculated,
establishing Linkage as the central point for such index computations.

This is a preparatory CL to allows us passing new.target in a register
instead of via a side-channel through the construct stub frame.

R=bmeurer@chromium.org
BUG=v8:4544
LOG=n

Review URL: https://codereview.chromium.org/1461973002

Cr-Commit-Position: refs/heads/master@{#32112}
2015-11-19 12:48:25 +00:00
yangguo
eb25b8c54b Correctly parse new regexp flags in v8::RegExp::New.
R=ishell@chromium.org, verwaest@chromium.org

Review URL: https://codereview.chromium.org/1457883003

Cr-Commit-Position: refs/heads/master@{#32106}
2015-11-19 10:33:16 +00:00
mythria
a8e86c49ec [Interpreter] Add support for unary operators to bytecode graph builder.
Adds implementation and tests for LogicalNot, TypeOf and Delete operators
to bytecode graph builder.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1459543003

Cr-Commit-Position: refs/heads/master@{#32104}
2015-11-19 09:39:11 +00:00
jkummerow
6f0850c63d [proxies] Update Object.defineProperty/ies for JSProxies
BUG=v8:1543
LOG=n

Review URL: https://codereview.chromium.org/1456613002

Cr-Commit-Position: refs/heads/master@{#32103}
2015-11-19 09:21:46 +00:00
ahaas
ed570fac44 [turbofan] Implemented the ChangeFloat64ToInt64 TurboFan operator.
The ChangeFloat64ToInt64 operator changes the representation of a
float64 input value to int64 if the input value can be represented
exactly on int64. Otherwise the result is currently undefined.

R=titzer@chromium.org

Review URL: https://codereview.chromium.org/1455983002

Cr-Commit-Position: refs/heads/master@{#32102}
2015-11-19 08:27:27 +00:00
bmeurer
3c9ac974f2 [turbofan] Unstable prototype maps are not supported currently.
We currently assume that all prototype maps are stable, which is
not guaranteed for certain keyed access patterns. So we explicitly
disallow optimizing the element access there for now.

BUG=chromium:557807, v8:4470
R=jarin@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1456973004

Cr-Commit-Position: refs/heads/master@{#32101}
2015-11-19 06:21:06 +00:00
adamk
7d1d978654 Rename destructuring flag to "--harmony-destructuring-bind"
This is in preparation for the addition of --harmony-destructuring-assignment.

BUG=v8:811
LOG=n

Review URL: https://codereview.chromium.org/1450193002

Cr-Commit-Position: refs/heads/master@{#32098}
2015-11-18 23:30:09 +00:00
bradnelson
0acb70baaf Fix multiple return statements in typing-asm, cleanup.
The last change to typing-asm broke non-final return statements.
Fixing this.

Finishing out a partially completed test that landed by mistake.

BUG= https://code.google.com/p/v8/issues/detail?id=4203
TEST=test-asm-validator
R=titzer@chromium.org,aseemgarg@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/1453343003

Cr-Commit-Position: refs/heads/master@{#32096}
2015-11-18 19:48:00 +00:00
balazs.kilvady
c91bcf7192 MIPS: Fix trampoline pool handling in MacroAssembler::BranchShort() for r6.
BUG=chromium:555543
LOG=N

Review URL: https://codereview.chromium.org/1446343002

Cr-Commit-Position: refs/heads/master@{#32094}
2015-11-18 17:43:34 +00:00
ofrobots
0514fa204a [heap] make inline-allocation-observers precise
Now that we no longer require AllocationInfo::limit to be aligned [1], we can do
more accurate inline-allocation-observation. This lets us get notified when the
next allocation that crosses the step-size boundary is allocated.

Fixed the test-cases. They make significantly more sense now given the step
sizes and the number of times we get notifications. For example, with a step
size of 512, an allocation of 16kb results in 32 notifications instead of 30
now.

[1] https://codereview.chromium.org/1444883003

R=hpayer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1448913003

Cr-Commit-Position: refs/heads/master@{#32091}
2015-11-18 15:55:02 +00:00
mstarzinger
8a57c81b3a [turbofan] Fix CFI failures in BytecodeGraphBuilder unit test.
This fixes undefined behavior with the OpParameter helper in some of our
node matchers. There was a constness mismatch of the template parameter.

R=oth@chromium.org,mythria@chromium.org

Review URL: https://codereview.chromium.org/1453973004

Cr-Commit-Position: refs/heads/master@{#32087}
2015-11-18 14:16:10 +00:00
jkummerow
107699483d Fix PropertyDescriptor::ToObject
When adding properties to the result object, that object's prototype chain should be ignored.

Review URL: https://codereview.chromium.org/1458873002

Cr-Commit-Position: refs/heads/master@{#32085}
2015-11-18 13:56:51 +00:00
yangguo
5bcddae76f [crankshaft] only compile string index access with element key.
R=bmeurer@chromium.org
BUG=chromium:554831
LOG=N

Review URL: https://codereview.chromium.org/1455883004

Cr-Commit-Position: refs/heads/master@{#32084}
2015-11-18 13:53:34 +00:00
mstarzinger
279f2aad93 [turbofan] Fix deoptimization from array literal spread.
This fixes the array literal expression stack tracking in the presence
of spread expressions. Deoptimization within a spread expression was
borked.

R=bmeurer@chromium.org
TEST=mjsunit/regress/regress-deopt-in-array-literal-spread

Review URL: https://codereview.chromium.org/1455953002

Cr-Commit-Position: refs/heads/master@{#32079}
2015-11-18 11:45:41 +00:00
mlippautz
6c85c14845 Add lock-based unbounded queue
...based on the 2-lock algorithm by M. Scott and M. Michael (1992).

BUG=chromium:524425
LOG=N

Review URL: https://codereview.chromium.org/1448283004

Cr-Commit-Position: refs/heads/master@{#32078}
2015-11-18 10:54:13 +00:00
jarin
a9fa0498e1 [turbofan] Only infer signedness for Float64->Word32 representation change from the input type.
If the input type does not help us, we are conservative and truncate (rather than guessing signed).

Review URL: https://codereview.chromium.org/1455103002

Cr-Commit-Position: refs/heads/master@{#32075}
2015-11-18 10:02:33 +00:00
jochen
3e882ff1ea Remove deprecated APIs from two more tests
BUG=4134
R=epertoso@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1455603002

Cr-Commit-Position: refs/heads/master@{#32072}
2015-11-18 08:22:30 +00:00
neis
b270813388 [es6] Partially implement Reflect.ownKeys.
Proxies are not properly supported yet.

This is a reland of 1405243006.

TBR=rossberg@chromium.org

Review URL: https://codereview.chromium.org/1460563002

Cr-Commit-Position: refs/heads/master@{#32065}
2015-11-18 00:52:50 +00:00
pan.deng
81fe5b3c45 Support SAB atomics for offset-TypedArray
BUG=497295
LOG=n

Review URL: https://codereview.chromium.org/1422533009

Cr-Commit-Position: refs/heads/master@{#32064}
2015-11-18 00:19:54 +00:00
dusan.m.milosavljevic
74145470dd MIPS: Enable logical shift right and bitwise And matching to Ext, Dext.
TEST=unittests/InstructionSelectorTest/Word32ShrWithWord32AndWithImmediate,
     Word32AndWithImmediateWithWord32Shr, Word64AndWithImmediateWithWord64Shr,
     Word64AndWithImmediateWithWord64Shr
BUG=

Review URL: https://codereview.chromium.org/1457523002

Cr-Commit-Position: refs/heads/master@{#32062}
2015-11-17 23:10:59 +00:00
dusan.m.milosavljevic
5d843f26a9 MIPS64: [turbofan] Combine untagging shifts with Mul, Div and Mod.
TEST=unittests/InstructionSelectorTest.CombineShiftsWithMul,
     InstructionSelectorTest.CombineShiftsWithDivMod
BUG=

Review URL: https://codereview.chromium.org/1444423002

Cr-Commit-Position: refs/heads/master@{#32061}
2015-11-17 22:52:54 +00:00
bradnelson
c1da268e5d Use asm style type names and improve asm typer.
The current typing-asm mishandles the relationship between
unsigned numbers and int. Restructuring and using type shortcuts
that approximate asm types.

BUG= https://code.google.com/p/v8/issues/detail?id=4203
TEST=test-asm-validator
R=titzer@chromium.org,aseemgarg@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/1447133002

Cr-Commit-Position: refs/heads/master@{#32057}
2015-11-17 19:42:30 +00:00
akos.palfi
0403fd860c Fix gcc 4.9.2 signed-compare error.
BUG=

Review URL: https://codereview.chromium.org/1456543003

Cr-Commit-Position: refs/heads/master@{#32053}
2015-11-17 16:07:33 +00:00
caitpotter88
5bf360ef57 [es6] early error when Identifier is an escaped reserved word
Per http://tc39.github.io/ecma262/#sec-identifiers-static-semantics-early-errors (13.2.2),
make it a SyntaxError if an Identifier has the same StringValue as a ReservedWord.

BUG=v8:2222, v8:1972
LOG=N
R=adamk@chromium.org, rossberg@chromium.org, wingo@chromium.org

Review URL: https://codereview.chromium.org/1429983002

Cr-Commit-Position: refs/heads/master@{#32052}
2015-11-17 16:00:11 +00:00
mstarzinger
1321075391 [turbofan] Fix several OSR entries within literals.
With do-expressions any expression used within literals can turn into an
OSR entry-point. This means the literal object being constructed is then
renamed to an OSR value and needs to be reloaded from the environment.

R=rossberg@chromium.org
TEST=mjsunit/regress/regress-osr-in-literal

Review URL: https://codereview.chromium.org/1453733002

Cr-Commit-Position: refs/heads/master@{#32050}
2015-11-17 15:25:30 +00:00
oth
519df935a3 [Interpreter] Add support for global loads / stores / calls to BytecodeGraphBuilder.
Adds support for the LdaGlobal and StaGlobal bytecodes to the
BytecodeGraphBuilder. Also fixes a bug in the context node's parameter
index and start node inputs.

Landed on behalf of rmcilroy.

TBR=bmeuer@chromium.org,mythria@chromium.org
BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1449373002

Cr-Commit-Position: refs/heads/master@{#32049}
2015-11-17 15:07:15 +00:00
mstarzinger
0c1c80b2af [turbofan] Fix several OSR entries within class literals.
With do-expressions any expression used within literals can turn into an
OSR entry-point. This means the literal object being constructed is then
renamed to an OSR value and needs to be reloaded from the environment.

R=rossberg@chromium.org
TEST=mjsunit/regress/regress-osr-in-literal

Review URL: https://codereview.chromium.org/1452193003

Cr-Commit-Position: refs/heads/master@{#32048}
2015-11-17 14:51:35 +00:00
mstarzinger
f8a7236119 [turbofan] Fix several OSR entries within literals.
With do-expressions any expression used within literals can turn into an
OSR entry-point. This means the literal object being constructed is then
renamed to an OSR value and needs to be reloaded from the environment.

R=rossberg@chromium.org
TEST=mjsunit/regress/regress-osr-in-literal

Review URL: https://codereview.chromium.org/1451423002

Cr-Commit-Position: refs/heads/master@{#32047}
2015-11-17 14:25:30 +00:00
caitpotter88
24ff30b740 [es6] refactor Promise resolution
Several changes are included here:

1. Each resolution callback references shared data indicating whether
it has already been resolved or not, as described in 25.4.1.3
http://tc39.github.io/ecma262/#sec-createresolvingfunctions.
Previously this was handled exclusively by the Promise's status,
which does not work correctly with the current chaining behaviour.

2. During fulfillment, When a Promise is resolved with a thenable, the
spec chains the promises together by invoking the thenable's `then`
function with the original Promise's resolve and reject methods (per
section 25.4.2.2, or
http://tc39.github.io/ecma262/#sec-promiseresolvethenablejob, on the
next tick, regardless of whether or not there are pending tasks.

3. Adds a spec compliance fix to ensure that the Promise constructor
is only loaded once when `then()` is called, solving v8:4539 as well.
This involves refactoring PromiseChain to accept a constructor
argument. PromiseChain/PromiseDeferred will hopefully be removed soon,
simplifying the process.

BUG=v8:4162, v8:4539, v8:3237
LOG=N
R=rossberg@chromium.org, littledan@chromium.org, adamk@chromium.org

Review URL: https://codereview.chromium.org/1394463003

Cr-Commit-Position: refs/heads/master@{#32046}
2015-11-17 14:24:09 +00:00
yangguo
906903acb5 Experimental support for RegExp lookbehind.
R=erikcorry@chromium.org, littledan@chromium.org
BUG=v8:4545
LOG=N

Committed: https://crrev.com/37632606bbce1418238b13fd90cb6ef6705871cd
Cr-Commit-Position: refs/heads/master@{#32029}

Review URL: https://codereview.chromium.org/1418963009

Cr-Commit-Position: refs/heads/master@{#32043}
2015-11-17 13:33:34 +00:00
mvstanton
e75e625453 VectorICs: Remove --vector-stores flag.
BUG=

Review URL: https://codereview.chromium.org/1424153003

Cr-Commit-Position: refs/heads/master@{#32040}
2015-11-17 13:15:52 +00:00
jkummerow
9c35e4b23c [proxies] Wire up Object.getOwnPropertyDescriptor
using the new JSReceiver::GetOwnPropertyDescriptor implementation.

BUG=v8:1543
LOG=n
R=cbruni@chromium.org

Review URL: https://codereview.chromium.org/1451703003

Cr-Commit-Position: refs/heads/master@{#32037}
2015-11-17 13:08:51 +00:00
ahaas
914e221451 [tests] Cleanup of the RunRoundUint64ToFloat64 test.
R=titzer@chromium.org

Review URL: https://codereview.chromium.org/1450353002

Cr-Commit-Position: refs/heads/master@{#32036}
2015-11-17 13:07:31 +00:00
jochen
91769a6a96 Remove deprecated functions the smaller half of the remaing tests
BUG=4134
R=epertoso@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1449393002

Cr-Commit-Position: refs/heads/master@{#32035}
2015-11-17 12:42:44 +00:00
oth
e8ae8b34a5 [Interpreter] Add support for Call bytecode to bytecode graph builder.
Adds support for visiting the Call bytecode to the bytecode graph builder.
This change also adds the call type feedback slot to the Call bytecode.
This is not currently used by the interpreter, but is used by the
graph builder.

Also adds a CallWide varient of the Call bytecode, and adds the kCount16
operand type.

Landed on behalf of rmcilroy.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1456453002

Cr-Commit-Position: refs/heads/master@{#32033}
2015-11-17 12:18:53 +00:00
yangguo
5b2ae9d908 Revert of Experimental support for RegExp lookbehind. (patchset #18 id:340001 of https://codereview.chromium.org/1418963009/ )
Reason for revert:
gc stress breaks due to string_start_minus_one not being set correctly.

Original issue's description:
> Experimental support for RegExp lookbehind.
>
> R=erikcorry@chromium.org, littledan@chromium.org
> BUG=v8:4545
> LOG=N
>
> Committed: https://crrev.com/37632606bbce1418238b13fd90cb6ef6705871cd
> Cr-Commit-Position: refs/heads/master@{#32029}

TBR=littledan@chromium.org,erikcorry@chromium.org,erikcorry@google.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4545

Review URL: https://codereview.chromium.org/1451373003

Cr-Commit-Position: refs/heads/master@{#32032}
2015-11-17 11:55:21 +00:00
ahaas
2f7d6b46d0 Implemented the RoundUint64ToFloat32 TurboFan operator for x64, arm64,
and ppc64.

R=titzer@chromium.org

Review URL: https://codereview.chromium.org/1438013003

Cr-Commit-Position: refs/heads/master@{#32031}
2015-11-17 11:52:05 +00:00
yangguo
37632606bb Experimental support for RegExp lookbehind.
R=erikcorry@chromium.org, littledan@chromium.org
BUG=v8:4545
LOG=N

Review URL: https://codereview.chromium.org/1418963009

Cr-Commit-Position: refs/heads/master@{#32029}
2015-11-17 11:15:06 +00:00
mythria
2acc2bc2a1 [Interpreter] Adds implementation of bytecode graph builder for LoadICSloppy/Strict.
Adds implementation and tests for following operators in bytecode graph builder:
-VisitLoadICSloppy
-VisitLoadICStrict
-VisitLoadICSloppyWide
-VisitLoadICStrictWide

The current implementation introduces empty frame states for frame state inputs expected by these operations.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1419373007

Cr-Commit-Position: refs/heads/master@{#32026}
2015-11-17 09:06:17 +00:00
jarin
a77f9179e0 [turbofan] Check for dead node in the common operator reducer.
BUG=chromium:556543
LOG=n

Review URL: https://codereview.chromium.org/1450883003

Cr-Commit-Position: refs/heads/master@{#32025}
2015-11-17 09:03:10 +00:00
bmeurer
e5edd66d07 [turbofan] Move JSCallFunction specialization to JSCallReducer.
This is the first part to refactoring the JSNativeContextSpecialization
class, which has grown way too big recently.

Also don't collect cross context feedback for the CallIC in general.
Neither TurboFan nor Crankshaft can make any use of cross context
JSFunction feedback that is collected by the CallIC, so there's no
point in gathering that feedback at all (it just complicates the
checking that is necessary in the compilers). What we should do
instead at some point (when Crankshaft becomes less important) is
to collect the SharedFunctionInfo as feedback for those cases.

R=yangguo@chromium.org
BUG=v8:4470
LOG=n

Review URL: https://codereview.chromium.org/1451273002

Cr-Commit-Position: refs/heads/master@{#32022}
2015-11-17 07:15:25 +00:00
adamk
20c0986f7b A few cleanups in test262.status
- Removed PASS/FAIL line for arrow/rest params test which should now pass.
- Moved soon-to-be-changed tests about built-in prototypes as plain objects
  to INVALID section (and noted that they'll be fixed with the
  next test262 roll).

R=littledan@chromium.org

Review URL: https://codereview.chromium.org/1450243002

Cr-Commit-Position: refs/heads/master@{#32020}
2015-11-17 05:44:12 +00:00
dusan.m.milosavljevic
9717fff12d MIPS64: Improve UInt32 to Double conversion.
TEST=
BUG=

Review URL: https://codereview.chromium.org/1446363002

Cr-Commit-Position: refs/heads/master@{#32018}
2015-11-16 23:24:19 +00:00
jochen
6ce7f90aba Map v8::Object to v8::internal::JSReceiver
BUG=none
R=verwaest@chromium.org,rossberg@chromium.org,bmeurer@chromium.org,neis@chromium.org
LOG=y

Review URL: https://codereview.chromium.org/1413463006

Cr-Commit-Position: refs/heads/master@{#32014}
2015-11-16 16:48:54 +00:00
jochen
3cf6e040c4 Mark cctests that don't use deprecated APIs as such
BUG=4134
R=epertoso@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1451733002

Cr-Commit-Position: refs/heads/master@{#32011}
2015-11-16 16:45:31 +00:00
yangguo
436103e077 Skip test-heap/TestSizeOfRegExpCode on mips64.
R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/1448803003

Cr-Commit-Position: refs/heads/master@{#32008}
2015-11-16 14:36:32 +00:00
ahaas
dffecf31fc [turbofan] Added the optional Float64RoundTiesEven operator to turbofan.
The TiesEven rounding mode rounds float64 numbers to the nearest
integer. If there are two nearest integers, then the number is rounded
to the even one.  This is the default rounding mode according to
IEEE~754.

I implemented the operator on ia32, x64, arm, arm64, mips, and mips64.

I think there is a bug in the current implementation of the ppc
simulator, which kept me from implementing the operator on ppc.
According to my understanding of the ppc instruction manual, the FRIN
instruction provides the right behavior for Float64RoundTiesEven. In the
simulator, however, FRIN provides a different semantics. If there are
two nearest integers, then the simulator returns the one which is
further away form 0.

Review URL: https://codereview.chromium.org/1440293002

Cr-Commit-Position: refs/heads/master@{#32005}
2015-11-16 11:31:40 +00:00
ahaas
1389b9f53c [turbofan] Added the optional Float64RoundUp operator to turbofan.
I implemented it on x64, ia32, arm, arm64, mips, mips64, and ppc.

Review URL: https://codereview.chromium.org/1444583002

Cr-Commit-Position: refs/heads/master@{#32004}
2015-11-16 10:37:44 +00:00
paul.lind
2058991122 Fix gcc 4.9.2 signed-compare error.
From 60e7ea8a99 / https://codereview.chromium.org/1409993012

BUG=

Review URL: https://codereview.chromium.org/1442143003

Cr-Commit-Position: refs/heads/master@{#31999}
2015-11-15 12:48:19 +00:00
mlippautz
60e7ea8a99 Add {CancelableTaskManager} to handle {Cancelable} concurrent tasks.
This change binds each {Cancelable} task to a so-called {CancelableTaskManager},
which is then used to handle concurrent cancelation as well as synchronizing
shutdown for already running tasks.  Since ownership of tasks is transferred to
the platform executing a task (destructor), handling in the manager uses integer
ids. Note that this also mitigates (modulo integer size) the ABA problem.

All handling of {Cancelable} tasks is now encapsulated into the corresponding
manager, which is instantiated for each isolate.

R=hpayer@chromium.org
BUG=chromium:524425
LOG=N
CQ_EXTRA_TRYBOTS=tryserver.v8:v8_linux_arm64_gc_stress_dbg;tryserver.v8:v8_linux_gc_stress_dbg;tryserver.v8:v8_mac_gc_stress_dbg;tryserver.v8:v8_linux64_msan_rel;tryserver.v8:v8_linux64_tsan_rel;tryserver.v8:v8_mac64_asan_rel

Review URL: https://codereview.chromium.org/1409993012

Cr-Commit-Position: refs/heads/master@{#31997}
2015-11-14 01:20:14 +00:00
adamk
fd3ff03da2 Fix harmony sloppy block scoping dynamic redeclaration check
The previous code did not properly check for harmony const when
doing the dynamic redeclaration check. This was masked in the
test because each eval had an initializer, and the initializer was what
triggered the exception.

This patch tightens the test by removing initializers and fixes the bug in
DeclareLookupSlot.

Also change the test to use assertThrows where possible.

BUG=v8:4550
LOG=n

Review URL: https://codereview.chromium.org/1437003006

Cr-Commit-Position: refs/heads/master@{#31995}
2015-11-13 21:04:15 +00:00
adamk
e971005638 Run the materialized literal reindexer on default parameter initializers
R=rossberg@chromium.org
BUG=chromium:554865
LOG=n

Review URL: https://codereview.chromium.org/1442653004

Cr-Commit-Position: refs/heads/master@{#31989}
2015-11-13 17:11:05 +00:00
danno
ff283f7ded [turbofan] Better and more sane support for tail calls
* Limit triggering of tail calls to explicit use of a new inline runtime
  function %_TailCall. %_TailCall works just like %_Call except for using
  tail-calling mechanics (currently only in TF).
* Remove hack that recognized some specific usages of %_Call and converted them
  into tail calls.
* Support tail calls for all calls where the number of callee stack parameters
  is less than or equal to the number of caller stack parameters.
* Use the gap resolver to swizzle parameters and registers to tail calls.

BUG=v8:4076
LOG=n

Review URL: https://codereview.chromium.org/1439613003

Cr-Commit-Position: refs/heads/master@{#31987}
2015-11-13 16:08:30 +00:00
mstarzinger
c42f188ce2 [turbofan] Fix OSR entry in case label.
With do-expressions any expression used as a case label can turn into an
OSR entry-point. This means the value being switched over is renamed to
an OSR value and needs to be reloaded from the environment at each case.

R=rossberg@chromium.org
TEST=mjsunit/regress/regress-osr-in-case-label

Review URL: https://codereview.chromium.org/1438123007

Cr-Commit-Position: refs/heads/master@{#31986}
2015-11-13 16:05:28 +00:00
mythria
f665c823dd [Interpreter] Adds an optimization to remove redundant Ldar/Star.
Adds an optimization to omit generating Ldar/Star if the same register
is loaded or stored from the accumulator in the earlier instruction.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1435283002

Cr-Commit-Position: refs/heads/master@{#31984}
2015-11-13 14:15:35 +00:00
cbruni
24e058d0ed [runtime] support new Proxy() instead of Proxy.create and install getPrototypeOf trap
LOG=N
BUG=v8:1543

Review URL: https://codereview.chromium.org/1417063011

Cr-Commit-Position: refs/heads/master@{#31983}
2015-11-13 14:14:07 +00:00
mstarzinger
83e9ea1e49 [turbofan] Ensure inlined constructor calls still throw.
This makes sure that inlining a constructor call to a function which
cannot be used as a constructor (e.g. strong mode function) still does
throw correctly when the implicit receiver is created.

R=bmeurer@chromium.org
TEST=mjsunit/regress/regress-inline-strong-as-construct
BUG=v8:4544
LOG=n

Review URL: https://codereview.chromium.org/1447443002

Cr-Commit-Position: refs/heads/master@{#31982}
2015-11-13 14:05:48 +00:00
mstarzinger
83a6ab85cc [turbofan] Rename "original constructor" to "new target".
This aligns the naming of "new target" with the spec text throughout
TurboFan and the stack frame walker. The goal is to avoid unnecessary
confusion for people familiar with the spec.

R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/1442643002

Cr-Commit-Position: refs/heads/master@{#31978}
2015-11-13 11:53:38 +00:00
yangguo
a7e50a5e06 [JSON stringifier] Reintroduce fast path with bail out to slow path.
R=verwaest@chromium.org
BUG=chromium:554946
LOG=N

Review URL: https://codereview.chromium.org/1442963002

Cr-Commit-Position: refs/heads/master@{#31977}
2015-11-13 10:09:47 +00:00
jarin
95cb324adb [turbofan] Move simplified alloc, load and store lowering to change lowering.
This is necessary to allow more optimizations to take place between
the representation inference and change lowering. Perhaps we want
to rename SimplifiedLowering -> RepresentationInference and
ChangeLowering -> SimplifiedLowering.

Review URL: https://codereview.chromium.org/1439473003

Cr-Commit-Position: refs/heads/master@{#31976}
2015-11-13 08:12:14 +00:00
neis
69d218c03f [proxies] Remove "fix" functionality, add (still unused) target property.
BUG=

Review URL: https://codereview.chromium.org/1427743011

Cr-Commit-Position: refs/heads/master@{#31972}
2015-11-12 22:12:06 +00:00
caitpotter88
fa9c39eead [Intl] create new instances when new.target is undefined
BUG=v8:4360
LOG=N
R=littledan@chromium.org

Review URL: https://codereview.chromium.org/1440593003

Cr-Commit-Position: refs/heads/master@{#31971}
2015-11-12 21:46:24 +00:00
ahaas
71348aa2a0 [x64] Fixed a rounding error on x64 for the Uint64ToF64 conversion.
The least significant bit of the input value may affect the result of
the conversion through rounding. We OR the least significant with the
second least significant bit to preserve it over the SHR instruction.

R=titzer@chromium.org

Review URL: https://codereview.chromium.org/1435203003

Cr-Commit-Position: refs/heads/master@{#31969}
2015-11-12 19:36:16 +00:00
yangguo
6df9a1db8c [JSON stringifier] Correctly load array elements.
BUG=chromium:554946
LOG=y
R=jkummerow@chromium.org, jochen@chromium.org

Review URL: https://codereview.chromium.org/1435083003

Cr-Commit-Position: refs/heads/master@{#31968}
2015-11-12 19:30:58 +00:00
mbrandy
f83b8a61cf Skip test-run-machops/RunComputedCodeObject on AIX and PPC64BE.
This test, as written, is invalid on platforms which use function
descriptors.

See https://codereview.chromium.org/1377423002/ for background.

R=mstarzinger@chromium.org, titzer@chromium.org, michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1438803002

Cr-Commit-Position: refs/heads/master@{#31967}
2015-11-12 19:10:32 +00:00
mbrandy
59a0641820 Fix test-heap/LargeObjectSlotRecording.
Remove hard-coded assumption of large object size threshold.

This test fails on PPC in version 4.7 where the threshold is derived
directly from the allocator's pagesize.

R=hpayer@chromium.org, mstarzinger@chromium.org, michael_dawson@ca.ibm.com
BUG=

Review URL: https://codereview.chromium.org/1440723002

Cr-Commit-Position: refs/heads/master@{#31963}
2015-11-12 14:33:19 +00:00
bmeurer
c55161bf16 [turbofan] Add support for %_IsSpecObject intrinsic lowering.
Now JSIntrinsicLowering can also lower %_IsSpecObject intrinsics to a
diamond.

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1436943005

Cr-Commit-Position: refs/heads/master@{#31960}
2015-11-12 14:05:49 +00:00
bmeurer
c4e19c7d8d [turbofan] Lower JSCreate to an inline allocation in JSTypedLowering.
This adds initial support for fast inline allocations of JSObject
instances. It currently has exactly the same limitations as Crankshaft.

R=mstarzinger@chromium.org
BUG=v8:4544
LOG=n

Review URL: https://codereview.chromium.org/1441573004

Cr-Commit-Position: refs/heads/master@{#31957}
2015-11-12 12:57:32 +00:00
yangguo
ee9020ddd9 Serializer: attach alignment to deferred objects.
R=jkummerow@chromium.org
BUG=chromium:523919
LOG=N

Review URL: https://codereview.chromium.org/1440983002

Cr-Commit-Position: refs/heads/master@{#31956}
2015-11-12 11:28:31 +00:00
mstarzinger
bae4492a3e [turbofan] Pass new target to JSCreate nodes.
This passes both, the actual constructor and the original constructor,
to nodes having the {JSCreate} operator. This is required for allocating
properly subclassed implicit receiver objects.

R=verwaest@chromium.org
BUG=v8:4544
LOG=n

Review URL: https://codereview.chromium.org/1434873004

Cr-Commit-Position: refs/heads/master@{#31955}
2015-11-12 09:33:37 +00:00
mstarzinger
11d5d09ce1 [turbofan] Initial support for constructor call inlining.
This implements a first version of support for constructor call inlining
in the inlining machinery. For now we can only inline calls where the
actual constructor and the original constructor coincide (i.e. no super
constructor calls). Note that the target of a super constructor call is
loaded with a runtime call, so there is no way for it to be constant
promoted at the moment.

R=bmeurer@chromium.org
BUG=v8:4544
LOG=n

Review URL: https://codereview.chromium.org/1435873002

Cr-Commit-Position: refs/heads/master@{#31954}
2015-11-12 08:51:28 +00:00
bradnelson
ab1165fb1a Fix ~ operator in asm typer, add more operator tests.
The ~ operator is de-sugared into true^x, which was
being improperly handled.

Adding tests of most bitwise operators and several error cases.

BUG= https://code.google.com/p/v8/issues/detail?id=4203
TEST=test-asm-validator
R=titzer@chromium.org,aseemgarg@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/1432423003

Cr-Commit-Position: refs/heads/master@{#31951}
2015-11-11 22:34:24 +00:00
ofrobots
f583661784 [heap] make inline allocation step size dynamic
Presently the inline allocation step is a static value defined to be the minimum
of the step sizes over all the observers. The step occur every (approx.) step
byte. This is unfair to observers whose steps are not evenly divisible by the
min step size. For example, consider two observers with steps sizes of 512 and
576 bytes. Across 16kb allocated, you would expect the first observer to be hit
approximately 32 times, and the second observer to be hit approximately 28
times.

In reality, the observers get notified 30 and 15 times respectively. The reason
is that each step is 512 bytes, and since 576 is not evenly divisible by 512,
it gets notified much less frequently.

This CL fixes the problem by making the next step size be the minimum (over all
observers) of the remaining bytes to get to the step, making the steps fair.

BUG=
R=hpayer@chromium.org,ulan@chromium.org

Review URL: https://codereview.chromium.org/1427973006

Cr-Commit-Position: refs/heads/master@{#31948}
2015-11-11 20:55:48 +00:00
ahaas
857cd4c1f0 Implemented the RoundUint64ToFloat64 TurboFan operator for x64 and arm64.
I don't see obvious implementations for mips64 and ppc64, so I would need
help for these two platforms.

R=titzer@chromium.org

Review URL: https://codereview.chromium.org/1436943002

Cr-Commit-Position: refs/heads/master@{#31946}
2015-11-11 19:12:37 +00:00
verwaest
2ebd5fc7c9 Fix Array.prototype.slice with arguments object with negative length.
BUG=

Review URL: https://codereview.chromium.org/1436813002

Cr-Commit-Position: refs/heads/master@{#31941}
2015-11-11 11:50:38 +00:00
machenbach
392d1469d3 [Interpreter] Disable another flaky test262 test.
This is for disabling 9.2.2. for release on arm64
(approximating a bit).

BUG=v8:4280
LOG=N
NOTRY=True
TBR=rmcilroy@chromium.org

Review URL: https://codereview.chromium.org/1432183002

Cr-Commit-Position: refs/heads/master@{#31939}
2015-11-11 08:09:59 +00:00
epertoso
56c7a053e9 Revert changes introduced in http://crrev.com/1367953002.
This CL is in preparation for the API change introduced in http://crrev.com/1407313004.

BUG=

Review URL: https://codereview.chromium.org/1434693008

Cr-Commit-Position: refs/heads/master@{#31930}
2015-11-10 21:00:18 +00:00
ahaas
1b535ca075 Implemented the RoundInt64ToFloat32 TurboFan operator for x64, arm64, and mips64.
R=titzer@chromium.org

Review URL: https://codereview.chromium.org/1435603003

Cr-Commit-Position: refs/heads/master@{#31929}
2015-11-10 20:39:57 +00:00
ahaas
01fd8e05dc Implemented the Word64Popcnt TurboFan operator for x64.
Popcnt is implemented as an optional operator, which is only implementd by x64
at the moment.

Review URL: https://codereview.chromium.org/1424173006

Cr-Commit-Position: refs/heads/master@{#31928}
2015-11-10 20:38:40 +00:00
rmcilroy
0609ed27a0 [Interpreter] Disable Arm/Arm64 tests on release as well as debug for ignition.
BUG=v8:4280
LOG=N
NOTRY=True
TBR=machenbach@chromium.org

Review URL: https://codereview.chromium.org/1423803009

Cr-Commit-Position: refs/heads/master@{#31923}
2015-11-10 17:39:48 +00:00
balazs.kilvady
6993cd0de5 MIPS: Fix 'MIPS:r6 compact branch optimization.'
Jic and jialc compact branch ops are fixed as they does not have 'forbidden slot' restriction. Also COP1 branches (CTI instructions) added to IsForbiddenAfterBranchInstr().

TEST=cctest/test-disasm-mips/Type0
BUG=

Review URL: https://codereview.chromium.org/1423493006

Cr-Commit-Position: refs/heads/master@{#31922}
2015-11-10 17:16:09 +00:00
rmcilroy
6e599ce9d8 [Interpreter] Disable mjsunit/array-sort on Arm/Arm64
BUG=v8:4280
LOG=N
NOTRY=true
TBR=machenbach@chromium.org

Review URL: https://codereview.chromium.org/1410883009

Cr-Commit-Position: refs/heads/master@{#31920}
2015-11-10 16:55:50 +00:00
rmcilroy
1820acb9c9 [Interpreter] Skip some more tests on Arm64 for Ignition.
Skips some more tests which started failing after https://codereview.chromium.org/1414183006 landed.

BUG=v8:4280
LOG=N
NOTRY=True

Review URL: https://codereview.chromium.org/1412343009

Cr-Commit-Position: refs/heads/master@{#31919}
2015-11-10 15:21:57 +00:00
mbrandy
40eeb69b94 PPC: Disable gcc generation of fmadd/fmsub in cctests.
Generated code performs distinct floating multiply and add/subtract
operations.  Tests fail when GCC uses fmadd/fmsub to calculate the
expected result since these instructions provide higher accuracy due
to the lack of an intermediate round.

R=machenbach@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1416123007

Cr-Commit-Position: refs/heads/master@{#31918}
2015-11-10 14:31:28 +00:00
sigurds
45787501e5 [turbofan] Pseudo-inline 'instanceof'
This patch extends the typed lowering with a specialized version of 'instanceof' that is used if the "class", i.e. the constructor function, is a known constant.

Unittests check that replacement occurs as intended. Functional correctness is ensured by extensive unit tests covering instanceof already in the testsuite.

TESTS=unittests/JSTypedLoweringTest.{JSInstanceOfSpecializationWithSmiCheck,JSInstanceOfSpecializationWithoutSmiCheck,JSInstanceOfNoSpecialization}

Review URL: https://codereview.chromium.org/1407413014

Cr-Commit-Position: refs/heads/master@{#31916}
2015-11-10 12:20:11 +00:00
ahaas
a594ff73a9 Implemented the ctz Turbo Fan operator for x64.
Ctz is implemented as an optional operator at the moment, which is only
implemented by x64 at the moment.

R=titzer@chromium.org

Review URL: https://codereview.chromium.org/1421163005

Cr-Commit-Position: refs/heads/master@{#31912}
2015-11-10 08:43:00 +00:00
yangguo
9a569ec2c8 [es6] Implement @@split subclassing.
RegExp.prototye[@@split] is not yet implement to spec regarding creating
new RegExp object with the SpeciesConstructor.

R=littledan@chromium.org
BUG=v8:4345
LOG=N

Review URL: https://codereview.chromium.org/1427573005

Cr-Commit-Position: refs/heads/master@{#31911}
2015-11-10 07:00:44 +00:00
yangguo
483d8b9bd8 Unify setting accessor properties in native code.
R=cbruni@chromium.org

Review URL: https://codereview.chromium.org/1416093006

Cr-Commit-Position: refs/heads/master@{#31910}
2015-11-10 06:58:41 +00:00
bradnelson
318bcbee31 Allow constant heap accesses in asm typer.
BUG= https://code.google.com/p/v8/issues/detail?id=4203
TEST=test-asm-validator
R=titzer@chromium.org,aseemgarg@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/1405993009

Cr-Commit-Position: refs/heads/master@{#31908}
2015-11-10 02:00:03 +00:00
neis
ec0f891d1e Revert of "[es6] Partially implement Reflect.ownKeys."
Reason for revert: failed tests on a Windows build.

TBR=rossberg,cbruni,neis
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1426943007

Cr-Commit-Position: refs/heads/master@{#31907}
2015-11-10 00:05:21 +00:00
neis
4194d0ebad [es6] Partially implement Reflect.ownKeys.
Proxies are not properly supported yet.

R=cbruni, rossberg
BUG=

Review URL: https://codereview.chromium.org/1405243006

Cr-Commit-Position: refs/heads/master@{#31906}
2015-11-09 23:30:53 +00:00
rmcilroy
aca03dfca1 [Interpreter] Disable mjsunit/readonly test on ignition due to flakes.
BUG=v8:4280
LOG=N
NOTRY=True
TBR=machenbach@chromium.org

Review URL: https://codereview.chromium.org/1438463002

Cr-Commit-Position: refs/heads/master@{#31900}
2015-11-09 20:46:21 +00:00
fedor
461e5b49d0 binary-operator-reducer: reduce mul+div(shift)
Reduction Input:

    ChangeInt32ToFloat64=>          TruncateFloat64ToInt32
                         Float64Mul=>
    ChangeInt32ToFloat64=>          Float64Div=>TruncateFloat64ToInt32

Output:

         =>  TruncateInt64ToInt32
Int64Mul
         =>  Int64Shr => TruncateInt64ToInt32

Test code:

    function mul(a, b) {
      var l = a & 0x3ffffff;
      var h = b & 0x3ffffff;
      var m = l * h;

      var rl = m & 0x3ffffff;
      var rh = (m / 0x4000000) | 0;

      return rl | rh;
    }

    mul(1, 2);
    var a0 = mul(0x3ffffff, 0x3ffffff);
    mul(0x0, 0x0);
    %OptimizeFunctionOnNextCall(mul);
    var a1 = mul(0x3ffffff, 0x3ffffff);

    print(a0 + ' == ' + a1);

BUG=
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1350223006

Cr-Commit-Position: refs/heads/master@{#31899}
2015-11-09 20:42:39 +00:00
mlippautz
aecd084dd9 [test] Move away from deprecated API for heap-related tests.
Removed deprecated API usage in
 - test-heap.cc
 - test-incremental-marking.cc
 - test-alloc.cc

BUG=v8:4134
LOG=n

Review URL: https://codereview.chromium.org/1406393005

Cr-Commit-Position: refs/heads/master@{#31898}
2015-11-09 19:48:44 +00:00
ahaas
7558e93347 Improved some tests in test-run-machops.
I improved the tests for Word32Clz, Word32Ctz, and Word32Popcnt, and ported
some tests to the BufferedRawMachineAssemblerTester.

R=titzer@chromium.org

Review URL: https://codereview.chromium.org/1437493002

Cr-Commit-Position: refs/heads/master@{#31896}
2015-11-09 17:42:00 +00:00
rmcilroy
8b5a010242 [Interpreter] Skip failing tests on arm.debug in Ignition.
BUG=v8:4280
LOG=N
NOTRY=True
TBR=machenbach@chromium.org

Review URL: https://codereview.chromium.org/1424263004

Cr-Commit-Position: refs/heads/master@{#31894}
2015-11-09 17:13:56 +00:00
rmcilroy
fd6c005982 [Ignition] Skip another failing mjsunittest on ignition.
Skips regress-446389.

BUG=v8:4280
LOG=N
NOTRY=true
TBR=machenbach@chromium.org

Review URL: https://codereview.chromium.org/1412313010

Cr-Commit-Position: refs/heads/master@{#31891}
2015-11-09 16:23:42 +00:00
adamk
9a8c0119ef Properly handle parsing a '%'-prefixed runtime call as a binding pattern
R=rossberg@chromium.org
BUG=chromium:552302
LOG=n

Review URL: https://codereview.chromium.org/1425723004

Cr-Commit-Position: refs/heads/master@{#31890}
2015-11-09 15:32:25 +00:00
rmcilroy
cdc1fe5c3f [Ignition] Fix typo in ignition mjsunit status.
BUG=v8:4280
LOG=N
NOTRY=true

Review URL: https://codereview.chromium.org/1429423002

Cr-Commit-Position: refs/heads/master@{#31889}
2015-11-09 14:56:07 +00:00
rmcilroy
54fb5c0da5 [Ignition] Fix typo in ignition test262 status.
BUG=v8:4280
LOG=N
NOTRY=true

Review URL: https://codereview.chromium.org/1420203009

Cr-Commit-Position: refs/heads/master@{#31887}
2015-11-09 14:38:50 +00:00
rmcilroy
aa858ffbbd [Ignition] Skip some more mjsunit and test262 tests on ignition.
BUG=v8:4280
LOG=N
NOTRY=true

Review URL: https://codereview.chromium.org/1415143009

Cr-Commit-Position: refs/heads/master@{#31886}
2015-11-09 14:16:26 +00:00
caitpotter88
e63248f6d7 [regexp] remove no-op RegExp.multiline accessor and alias
Remove some non-standard code that doesn't do anything anyways.

While FireFox uses this to set the default value for the multiline flag,
it is nonstandard and slated for removal. The matching behaviour has
never been implemented in either JSC or V8, so there is little
web-compat risk.

The only possible risk could be someone depending on the ToBoolean()
behaviour of the flag, but this seems unlikely.

BUG=v8:3870
LOG=N
R=adamk@chromium.org, littledan@chromium.org, yangguo@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1417733012

Cr-Commit-Position: refs/heads/master@{#31882}
2015-11-09 14:03:26 +00:00
yangguo
742ae613ec Do not switch to two-byte string in String.fromCharCode if avoidable.
R=bmeurer@chromium.org
BUG=v8:4536
LOG=N

Review URL: https://codereview.chromium.org/1427743008

Cr-Commit-Position: refs/heads/master@{#31872}
2015-11-09 08:53:42 +00:00
mtrofin
ab1d270a72 [assembler] Introduce proper AssemblerBase::Print() for improved debuggability.
While working on frame elision, I wanted to disassemble codegen in the
debugger, as the code generation is progressing. I discovered we had a
 "Print" member on the x64 assembler, without any implementation. I
pulled it up to AssemblerBase and gave it an implementation that
should work for the other architectures.

Also checked that ia32, x87, arm and arm64 assemblers didn't have
such an implementation - free Print.

Arm64 has a naming conflict with the v8::internal::Disassembler. I
renamed the arm64 type with a more specific name.

Opportunistically fixed a bug in the name converter. This debug-time
printer doesn't provide a Code object, which should be OK with the
name converters, by the looks of other APIs there. All this means is that
when using the Print() API, we just get addresses dumped without any
context (like what this address may be - a stub maybe, etc). This seems
fine for the scenario.

There may be other places that assume a Code object. Since this is
a diagnostics-only scenario, for codegen developers, I feel it is
reasonable to fix such other places as we find them.

Review URL: https://codereview.chromium.org/1431933003

Cr-Commit-Position: refs/heads/master@{#31869}
2015-11-09 05:39:38 +00:00
ishell
37a9be505a Regression test for JSRegExp literals sharing.
JSRegExp's properties backing stores must not be shared.

BUG=chromium:548580
LOG=N

Review URL: https://codereview.chromium.org/1429743006

Cr-Commit-Position: refs/heads/master@{#31867}
2015-11-07 08:19:27 +00:00
martyn.capewell
eb991c66e5 [turbofan] Use cmn on ARM64 for negated rhs cmp
Use compare-negate instruction if the right-hand input to a compare is a
negate operation.

BUG=

Review URL: https://codereview.chromium.org/1410123009

Cr-Commit-Position: refs/heads/master@{#31866}
2015-11-07 07:20:17 +00:00
rmcilroy
fb9ad89fea [Interpreter]: Add ignition blacklist to mjsunit.status and test262.status.
Adds a blacklist of tests which are currently unsupported or broken in Ignition to
the mjsunit and test262 test status.

Also removes --ignition-script-filter flag, and adds a
--ignition_fallback_on_eval_and_catch flag which fallsback to fullcodegen for
functions which call eval or contain a catch block.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1420963009

Cr-Commit-Position: refs/heads/master@{#31864}
2015-11-06 18:52:51 +00:00
adamk
7b556cd24f Split default parameters that require destructuring into their own file
This allows testing the configuration where --harmony-default-parameters
is passed without --harmony-destructuring.

R=rossberg@chromium.org
BUG=v8:2160
LOG=n

Review URL: https://codereview.chromium.org/1410023015

Cr-Commit-Position: refs/heads/master@{#31863}
2015-11-06 15:49:01 +00:00
rmcilroy
e5e1454bad [Interpreter] Add support for new.target
BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1419273008

Cr-Commit-Position: refs/heads/master@{#31862}
2015-11-06 15:46:10 +00:00
rmcilroy
8c32ef6ee8 [Interpreter] Add support for VisitThisFunction.
BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1406253008

Cr-Commit-Position: refs/heads/master@{#31859}
2015-11-06 15:01:03 +00:00
ahaas
39ed694bbd Implemented the Word64Clz TurboFan operator for x64, arm64, and mips64.
R=titzer@chromium.org

Review URL: https://codereview.chromium.org/1413463009

Cr-Commit-Position: refs/heads/master@{#31858}
2015-11-06 14:51:20 +00:00
mstarzinger
aac8ee84af [heap] Fix corner case in optimized code map processing.
This fixes a corner case where optimized code could still be reachable
through the optimized code map, even though unoptimized code for any
inlined function might have long been flushed.

R=ulan@chromium.org
TEST=cctest/test-heap/Regress513496
BUG=chromium:513496
LOG=n

Review URL: https://codereview.chromium.org/1415683011

Cr-Commit-Position: refs/heads/master@{#31857}
2015-11-06 14:29:27 +00:00
bmeurer
925a2006f5 [turbofan] Fix wrong parameter indices in JSFrameSpecialization.
We forgot to add the number of arguments parameter in
JSFrameSpecialization, which was added before the context.

R=jarin@chromium.org
BUG=chromium:552304
LOG=n

Review URL: https://codereview.chromium.org/1429233004

Cr-Commit-Position: refs/heads/master@{#31856}
2015-11-06 13:12:51 +00:00
rmcilroy
7c160afd49 [Interpreter] Add test for sloppy mode receiver replacement.
Adds a test that the receiver for sloppy mode functions is replaced with
the global proxy when called with an undefined receiever.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1410113008

Cr-Commit-Position: refs/heads/master@{#31854}
2015-11-06 11:13:52 +00:00
ahaas
2c74ec3fec Changed the constructor of BufferedRawMachineAssemblerTester.
This change does not change how the BufferedRawMachineAssemblerTester is
used in tests, but it makes its construction in other constructors (e.g.
in the WasmRunner) cleaner.

R=titzer@chromium.org

Review URL: https://codereview.chromium.org/1414203009

Cr-Commit-Position: refs/heads/master@{#31850}
2015-11-06 07:22:53 +00:00
adamk
2fa4732739 Re-ship @@toStringTag
It was originally shipped in https://crrev.com/eef2b9b09723ba1dae3ec0172341e93e9030ada0,
but was reverted due to poor interaction with Blink.

That interaction seems to be fixed thanks to changes to the V8 API
and to @@toStringTag handling on access-checked objects.

BUG=v8:3502
LOG=y
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.v8:v8_linux_nosnap_rel;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1406293011

Cr-Commit-Position: refs/heads/master@{#31846}
2015-11-05 23:47:12 +00:00
akos.palfi
53c46f87da MIPS: Fix unaligned read/write of bytecodes in interpreter.
On MIPS arch, all memory accesses (including halfword)
must be aligned to their native size or an alignment exception occurs.
The kernel will fix this up, but with performance penalty.

TEST=test-bytecode-generator/CallRuntime
BUG=

Review URL: https://codereview.chromium.org/1423373004

Cr-Commit-Position: refs/heads/master@{#31845}
2015-11-05 23:43:00 +00:00
adamk
2a866bc4dd Stage --harmony-destructuring and --harmony-default-parameters
Since enabling destructuring already implies enabling default parameters,
there's not a good way to separate these two. Luckily, they're both
feature-complete (save for destructuring assignment).

This causes us to pass an additional 24 test262 tests.

BUG=v8:811, v8:2160
LOG=y

Review URL: https://codereview.chromium.org/1407393009

Cr-Commit-Position: refs/heads/master@{#31844}
2015-11-05 21:40:12 +00:00
adamk
e33c4b450f Re-re-land "[es6] Implement destructuring binding in try/catch"
http://crrev.com/80a1e004f4ef619b54a2d87bf2108719a8411860 was reverted
due to a Blink test failure. That test has been marked as failing on
the Blink side in https://chromium.googlesource.com/chromium/src/+/ac11c6df133.

BUG=v8:811
LOG=y
TBR=rossberg@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1409093005

Cr-Commit-Position: refs/heads/master@{#31842}
2015-11-05 20:21:50 +00:00
littledan
7ff114e287 Add strict mode, sloppy mode and strong mode UseCounters
This patch adds UseCounters for the various language modes. This may
be useful for helping us to prioritize future optimization and
language design decisions.

R=adamk
CC=seththompson
BUG=none

Review URL: https://codereview.chromium.org/1429173002

Cr-Commit-Position: refs/heads/master@{#31841}
2015-11-05 19:52:50 +00:00
machenbach
35a60c211e Revert of Revert "Revert of [es6] Implement destructuring binding in try/catch" (patchset #2 id:20001 of https://codereview.chromium.org/1411323008/ )
Reason for revert:
[Sheriff] Breaks a layout test:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/2750

Please request rebase upstream first if intended.

Original issue's description:
> Revert "Revert of [es6] Implement destructuring binding in try/catch"
>
> Reland try/catch destructuring with a fix for the MemorySanitizer failure:
> initialization_pos needs to be initialized in the DeclarationDescriptor.
>
> This is a one line fix to http://crrev.com/a316db995e6e4253664920652ed4e5a38b2caeba
>
> BUG=v8:811
> LOG=y
>
> Committed: https://crrev.com/80a1e004f4ef619b54a2d87bf2108719a8411860
> Cr-Commit-Position: refs/heads/master@{#31834}

TBR=littledan@chromium.org,rossberg@chromium.org,adamk@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:811

Review URL: https://codereview.chromium.org/1421193006

Cr-Commit-Position: refs/heads/master@{#31840}
2015-11-05 19:29:08 +00:00
cbruni
83f60ab5ac [crankshaft] Do not optimize ClassConstructor calls and apply.
LOG=N
BUG=v8:4428

Review URL: https://codereview.chromium.org/1425293007

Cr-Commit-Position: refs/heads/master@{#31839}
2015-11-05 19:21:20 +00:00
adamk
80a1e004f4 Revert "Revert of [es6] Implement destructuring binding in try/catch"
Reland try/catch destructuring with a fix for the MemorySanitizer failure:
initialization_pos needs to be initialized in the DeclarationDescriptor.

This is a one line fix to http://crrev.com/a316db995e6e4253664920652ed4e5a38b2caeba

BUG=v8:811
LOG=y

Review URL: https://codereview.chromium.org/1411323008

Cr-Commit-Position: refs/heads/master@{#31834}
2015-11-05 17:27:57 +00:00
bmeurer
9c8f4f91aa [runtime] Remove the unused weird %Likely and %Unlikely intrinsics.
These intrinsics are completely unused and there doesn't seem to an
actual use case for it in the future.

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1418663011

Cr-Commit-Position: refs/heads/master@{#31828}
2015-11-05 13:52:31 +00:00
yangguo
2237ba0dba Implement flag and source getters on RegExp.prototype.
R=littledan@chromium.org
BUG=v8:3715, v8:4528
LOG=Y

Committed: https://crrev.com/60e8877e161fe6175e19fafce2d6ed1c3999cdb1
Cr-Commit-Position: refs/heads/master@{#31753}

Committed: https://crrev.com/b5c80a31ad266eb38a0cf2ff756be59c66d34aa5
Cr-Commit-Position: refs/heads/master@{#31773}

Committed: https://crrev.com/85494e90bb63a3a9e19a1bf862cb6bfcb0162ee9
Cr-Commit-Position: refs/heads/master@{#31782}

Committed: https://crrev.com/152163c1646b45f5fc5d31a4ec2eb55d7f4a2ffc
Cr-Commit-Position: refs/heads/master@{#31804}

Review URL: https://codereview.chromium.org/1419823010

Cr-Commit-Position: refs/heads/master@{#31824}
2015-11-05 13:08:55 +00:00
verwaest
44c44521ae Remove CallFunctionStub, always call through the Call builtin (also from CallIC).
This fixes receiver conversion since the Call builtin does it correctly.

BUG=v8:4526
LOG=n

Review URL: https://codereview.chromium.org/1407373007

Cr-Commit-Position: refs/heads/master@{#31823}
2015-11-05 12:46:01 +00:00
bmeurer
a210c3757e [runtime] Remove the very dangerous %_CallFunction intrinsic.
The %_CallFunction doesn't implement the call sequence properly, it
doesn't do the receiver wrapping, nor does it check for
classConstructor. Also the eager deoptimization for %_CallFunction was
seriously b0rked (we must have been lucky with TurboFan so far).

R=yangguo@chromium.org
BUG=v8:4413
LOG=n

Review URL: https://codereview.chromium.org/1419813010

Cr-Commit-Position: refs/heads/master@{#31821}
2015-11-05 11:48:21 +00:00
bmeurer
8d780560bd [turbofan] Add support for relevant ES6 type conversion intrinsics.
TurboFan didn't fully support the relevant ES6 type conversion
intrinsics like %_ToNumber, %_ToLength, %_ToName, %_ToString and
%_ToInteger until now, we always went to the runtime instead.  These
intrinsics are now well supported in TurboFan, and we are even able to
generate quite decent code in some cases.

R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1428243003

Cr-Commit-Position: refs/heads/master@{#31820}
2015-11-05 09:51:28 +00:00
ishell
82a54b38e7 Using override keyword in ObjectVisitor class hierarchy.
Review URL: https://codereview.chromium.org/1425013006

Cr-Commit-Position: refs/heads/master@{#31819}
2015-11-05 09:32:38 +00:00
yangguo
ca49355aba Revert of Implement flag and source getters on RegExp.prototype. (patchset #6 id:110001 of https://codereview.chromium.org/1419823010/ )
Reason for revert:
browser_tests failure with --gtest_filter=ExternallyConnectableMessagingTest.EnablingAndDisabling

Original issue's description:
> Implement flag and source getters on RegExp.prototype.
>
> R=littledan@chromium.org
> BUG=v8:3715, v8:4528
> LOG=Y
>
> Committed: https://crrev.com/60e8877e161fe6175e19fafce2d6ed1c3999cdb1
> Cr-Commit-Position: refs/heads/master@{#31753}
>
> Committed: https://crrev.com/b5c80a31ad266eb38a0cf2ff756be59c66d34aa5
> Cr-Commit-Position: refs/heads/master@{#31773}
>
> Committed: https://crrev.com/85494e90bb63a3a9e19a1bf862cb6bfcb0162ee9
> Cr-Commit-Position: refs/heads/master@{#31782}
>
> Committed: https://crrev.com/152163c1646b45f5fc5d31a4ec2eb55d7f4a2ffc
> Cr-Commit-Position: refs/heads/master@{#31804}

TBR=littledan@chromium.org,jochen@chromium.org,ulan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3715, v8:4528

Review URL: https://codereview.chromium.org/1426413002

Cr-Commit-Position: refs/heads/master@{#31818}
2015-11-05 09:08:51 +00:00
caitpotter88
096125deaa [es6] allow any LeftHandSideExpression in for-of loops
Fix an earlier regression which forbid non-VariableProxy LHS from being
used in for-of loops. Like for-in loops, the spec allows any LHS to be used,
with the sole exception that ObjectLiterals and ArrayLiterals must be valid
AssignmentPatterns.

Also fixes a bug in TurboFan which resulted in incorrectly replacing a variable load with a constant value in some instances, due to the AstLoopAssignmentAnalyzer failing to record the assignment to ForOfStatement's value.

BUG=v8:4418, v8:2720
LOG=N
R=wingo@igalia.com, littledan@chromium.org, adamk@chromium.org, bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1411873004

Cr-Commit-Position: refs/heads/master@{#31816}
2015-11-05 06:47:56 +00:00
ofrobots
7b704c4f9b [heap] inline allocation steps refactor
Expose the steps for incremental marking and idle scavenge more directly in
NewSpace. Adjust the NewSpace and Heap interfaces to allow callers to be more
clear about how they are interacting with inline allocation steps. This refactor
prepares the ground for more consumers of inline allocation steps (e.g. sampling
heap profiler.)

R=hpayer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1404523002

Cr-Commit-Position: refs/heads/master@{#31814}
2015-11-05 04:45:33 +00:00
littledan
5d44bf0263 Ship Harmony ToLength
This patch moves ES2015 ToLength semantics on array operations, etc
to from staging to shipping.

R=adamk
BUG=v8:3087
LOG=Y

Review URL: https://codereview.chromium.org/1433473003

Cr-Commit-Position: refs/heads/master@{#31810}
2015-11-05 00:45:05 +00:00
chunyang.dai
5736eb0ccb X87: Change the test case for X87 float operations
The CL https://codereview.chromium.org/1409013004 added / changed some test cases.
       Some new test cases use CheckFloatEq(...) and CheckDoubleEq(...) function for result
       check. When GCC compiling the CheckFloatEq() and CheckDoubleEq() function, those inlined
       functions has different behavior comparing with GCC ia32 build and x87 build. The major
       difference is sse float register still has single precision rounding semantic. While X87
       register has no such rounding precsion semantic when directly use register value. The V8
       turbofan JITTed has exactly same result in both X87 and IA32 port.

       So we add the following sentence to do type case to keep the same precision.
          float expect = *i * *j; // *i + *j, etc.

       For test case "RunFloat64MulAndFloat64Add1 / RunFloat64MulAndFloat64Add2 / RunFloat64MulAndFloat64Sub1
       / RunFloat64MulAndFloat64Sub2", the expected result calcaulated by GCC has difference precsion
       when comparing with V8 turbofan result for X87 platform. (Turbofan X87 result is the same as
       IA32 GCC and IA32 Turbofan). So we have to disable those four cases for X87 port.

BUG=

Review URL: https://codereview.chromium.org/1430943002

Cr-Commit-Position: refs/heads/master@{#31808}
2015-11-05 00:15:30 +00:00
dusan.m.milosavljevic
8ae7c9abc3 MIPS: [turbofan] Properly implement Float64/32 Min/Max instructions.
TEST=cctest/test-run-machops/Float(64|32)MaxP, Float(64|32)MinP,
       unittests/InstructionSelectorTest.Float64Min|Max
BUG=v8:4206
LOG=N

Review URL: https://codereview.chromium.org/1419753008

Cr-Commit-Position: refs/heads/master@{#31806}
2015-11-04 21:03:25 +00:00
yangguo
152163c164 Implement flag and source getters on RegExp.prototype.
R=littledan@chromium.org
BUG=v8:3715, v8:4528
LOG=Y

Committed: https://crrev.com/60e8877e161fe6175e19fafce2d6ed1c3999cdb1
Cr-Commit-Position: refs/heads/master@{#31753}

Committed: https://crrev.com/b5c80a31ad266eb38a0cf2ff756be59c66d34aa5
Cr-Commit-Position: refs/heads/master@{#31773}

Committed: https://crrev.com/85494e90bb63a3a9e19a1bf862cb6bfcb0162ee9
Cr-Commit-Position: refs/heads/master@{#31782}

Review URL: https://codereview.chromium.org/1419823010

Cr-Commit-Position: refs/heads/master@{#31804}
2015-11-04 20:42:33 +00:00
rmcilroy
5486eb6b3d [Interpreter] Fix U16() calls in test-bytecode-generator for big endian.
Avoid double incrementing the variable in the U16() macro.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1431803004

Cr-Commit-Position: refs/heads/master@{#31803}
2015-11-04 19:39:28 +00:00
caitpotter88
55e1cfebfd [parser] early error when declaration Pattern missing Initializer
Emit an early error when BindingPatterns are used in a VariableDeclaration
or LexicalBinding without an Initializer.

BUG=v8:4532
LOG=N
R=adamk@chromium.org, rossberg@chromium.org, wingo@igalia.com

Review URL: https://codereview.chromium.org/1416753009

Cr-Commit-Position: refs/heads/master@{#31802}
2015-11-04 19:26:40 +00:00
hablich
a77aa3a2b4 Revert of Implement flag and source getters on RegExp.prototype. (patchset #6 id:110001 of https://codereview.chromium.org/1419823010/ )
Reason for revert:
Breaks Chromium tests and blocks the roll: http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_chromeos_rel_ng/builds/124490

Original issue's description:
> Implement flag and source getters on RegExp.prototype.
>
> R=littledan@chromium.org
> BUG=v8:3715, v8:4528
> LOG=Y
>
> Committed: https://crrev.com/60e8877e161fe6175e19fafce2d6ed1c3999cdb1
> Cr-Commit-Position: refs/heads/master@{#31753}
>
> Committed: https://crrev.com/b5c80a31ad266eb38a0cf2ff756be59c66d34aa5
> Cr-Commit-Position: refs/heads/master@{#31773}
>
> Committed: https://crrev.com/85494e90bb63a3a9e19a1bf862cb6bfcb0162ee9
> Cr-Commit-Position: refs/heads/master@{#31782}

TBR=littledan@chromium.org,jochen@chromium.org,ulan@chromium.org,yangguo@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3715, v8:4528

Review URL: https://codereview.chromium.org/1432683002

Cr-Commit-Position: refs/heads/master@{#31801}
2015-11-04 18:34:27 +00:00
mstarzinger
e3f4047814 [turbofan] Deprecate RawMachineAssembler::CallFunctionStub0.
This deprecates the ability of the raw machine assembler to utilize the
CallFunctionStub in preparation of the stub itself being deprecated. We
only used this to test instruction selection of calls to stubs that can
deoptimize, the test has been adapted.

R=verwaest@chromium.org
TEST=unittests/InstructionSelectorTest

Review URL: https://codereview.chromium.org/1408193006

Cr-Commit-Position: refs/heads/master@{#31799}
2015-11-04 17:17:13 +00:00
adamk
f687c4f4e6 Revert of [es6] Implement destructuring binding in try/catch (patchset #3 id:40001 of https://codereview.chromium.org/1417483014/ )
Reason for revert:
MSAN errors on arm64: http://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/builds/5123/

Original issue's description:
> [es6] Implement destructuring binding in try/catch
>
> The approach is to desugar
>
>   try { ... }
>   catch ({x, y}) { ... }
>
> into
>
>   try { ... }
>   catch (.catch) {
>     let x = .catch.x;
>     let y = .catch.y;
>     ...
>   }
>
> using the PatternRewriter's normal facilities. This has the side benefit
> of throwing the appropriate variable conflict errors for declarations
> made inside the catch block.
>
> No change is made to non-destructured cases, which will hopefully save
> us some work if https://github.com/tc39/ecma262/issues/150 is adopted
> in the spec.
>
> There's one big problem with this patch, which is a lack of PreParser
> support for the redeclaration errors. But it seems we're already lacking
> good PreParser support for such errors, so I'm not sure that should
> block this moving forward.
>
> BUG=v8:811
> LOG=y
>
> Committed: https://crrev.com/a316db995e6e4253664920652ed4e5a38b2caeba
> Cr-Commit-Position: refs/heads/master@{#31797}

TBR=rossberg@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:811

Review URL: https://codereview.chromium.org/1408063013

Cr-Commit-Position: refs/heads/master@{#31798}
2015-11-04 16:39:59 +00:00
adamk
a316db995e [es6] Implement destructuring binding in try/catch
The approach is to desugar

  try { ... }
  catch ({x, y}) { ... }

into

  try { ... }
  catch (.catch) {
    let x = .catch.x;
    let y = .catch.y;
    ...
  }

using the PatternRewriter's normal facilities. This has the side benefit
of throwing the appropriate variable conflict errors for declarations
made inside the catch block.

No change is made to non-destructured cases, which will hopefully save
us some work if https://github.com/tc39/ecma262/issues/150 is adopted
in the spec.

There's one big problem with this patch, which is a lack of PreParser
support for the redeclaration errors. But it seems we're already lacking
good PreParser support for such errors, so I'm not sure that should
block this moving forward.

BUG=v8:811
LOG=y

Review URL: https://codereview.chromium.org/1417483014

Cr-Commit-Position: refs/heads/master@{#31797}
2015-11-04 16:06:38 +00:00
bmeurer
309c36f5a9 [turbofan] Remove use of CallFunctionStub from TurboFan.
Use the Call builtin instead, which does the right thing(TM)
always, especially since the CallFunctionStub is going away.

R=jarin@chromium.org
BUG=v8:4413
LOG=n

Review URL: https://codereview.chromium.org/1410853007

Cr-Commit-Position: refs/heads/master@{#31794}
2015-11-04 15:04:53 +00:00
mstarzinger
7890dc4f69 Remove several JSFunction delegator functions.
This removes several methods from JSFunction that just delegate to
SharedFunctionInfo. These methods are especially dangerous when they
hide the fact that they potentially affect all function instances
deriving from the same underlying SharedFunctionInfo.

R=bmeurer@chromium.org

Review URL: https://codereview.chromium.org/1417213005

Cr-Commit-Position: refs/heads/master@{#31792}
2015-11-04 14:56:37 +00:00
cbruni
ab84025977 [runtime] Fix ES6 9.2.1 [[Call]] when encountering a classConstructor.
The current implementation of classes throws the TypeError at the wrong
point, after activating a new context when directly calling a class
constructor. According to the spec, the TypeError has to be thrown
in the caller context.

LOG=N
BUG=v8:4428

Committed: https://crrev.com/6a06bc0a774933719f62009d81b3f1686d83bb90
Cr-Commit-Position: refs/heads/master@{#31786}

Review URL: https://codereview.chromium.org/1418623007

Cr-Commit-Position: refs/heads/master@{#31790}
2015-11-04 14:30:09 +00:00
bmeurer
30aca03ad1 [turbofan] Implement the call protocol properly for direct calls.
The callees are expected to properly set the number of actual
arguments passed to the callee, which is now represented correctly
in the TurboFan graphs by a new Parameter right before the context
Parameter.  Currently this is only being used for outgoing calls.

Note that this requires disabling two of the TF code stub tests,
because of the JavaScript graphs are not automagically compatible
with abitrary (incoming) code stub interface descriptors.  If we
want to support JS code stubs at all, then we need to find a sane
way to feed in this information.

Drive-by-fix: Don't insert a direct call to a classConstructor.

R=mstarzinger@chromium.org
BUG=v8:4413, v8:4428
LOG=n

Review URL: https://codereview.chromium.org/1410633006

Cr-Commit-Position: refs/heads/master@{#31789}
2015-11-04 14:08:59 +00:00