The previous restrictions were overshooting (didn't allow a class to refer to a
later class under any circumstances); after this CL we're undershooting (allow
referring to any class from inside a method).
Implementing the correct checks (allow referring only if the class declarations
are in a consecutive block and if there's no dependency cycle) will be
implemented as a follow up.
BUG=v8:3956
LOG=N
Review URL: https://codereview.chromium.org/1087543004
Cr-Commit-Position: refs/heads/master@{#27888}
Implements the strong mode proposal's restrictions on the syntax of the
switch statement. Also fixes a minor bug with empty statements in strong
mode and improves StrongUndefinedArrow parser synch tests.
BUG=v8:3956
LOG=N
Review URL: https://codereview.chromium.org/1084983002
Cr-Commit-Position: refs/heads/master@{#27885}
Will be used for calculating changes between versions
BUG=
NOTRY=true
Review URL: https://codereview.chromium.org/1095483002
Cr-Commit-Position: refs/heads/master@{#27882}
DoParseProgram doesn't appear to need to receive toplevel scopes as
arguments; it can properly set the end_position of the scopes to the
scanner's position after parsing is complete.
R=marja@chromium.org
BUG=
LOG=N
Review URL: https://codereview.chromium.org/1091743002
Cr-Commit-Position: refs/heads/master@{#27880}
port 0179ec5797 (r27846).
original commit message:
The cells are stored on prototypes (in their map's PrototypeInfo). When a
prototype object changes its map, then both its own validity cell and those
of all "downsstream" prototypes are invalidated; handlers for a given receiver
embed the currently valid cell for that receiver's prototype during their
compilation and check it on execution.
BUG=
Review URL: https://codereview.chromium.org/1090803002
Cr-Commit-Position: refs/heads/master@{#27877}
port 13459c1ae3 (r27857)
original commit message:
Array() in optimized code can create with wrong ElementsKind in corner cases.
Calling new Array(JSObject::kInitialMaxFastElementArray) in optimized code
makes a stub call that bails out due to the length. Currently, the bailout
code a) doesn't have the allocation site, and b) wouldn't use it if it did
because the length is perceived to be too high.
This CL passes the allocation site to the stub call (rather than undefined),
and alters the bailout code to utilize the feedback.
BUG=
Review URL: https://codereview.chromium.org/1088423002
Cr-Commit-Position: refs/heads/master@{#27875}
This fixes a race where
- mutator changes the fixed array length by trimming it,
- sweeper thread reads the length of the fixed array.
Also rename FROM_GC and FROM_MUTATOR to be more precise.
BUG=chromium:462908
LOG=NO
Review URL: https://codereview.chromium.org/1034163002
Cr-Commit-Position: refs/heads/master@{#27869}
This breaks the (evacuation -> slots buffer overflow -> abort -> new GC -> evacuation) cycle for popular pages.
BUG=
Review URL: https://codereview.chromium.org/1037433002
Cr-Commit-Position: refs/heads/master@{#27868}
Reason for revert:
Seems to cause performance regressions.
Original issue's description:
> [x64] Use xorl to materialize smi zero.
>
> Before we always loaded smi zero via a movabs with a 64-bit immediate,
> which is pretty expensive compared to the xorl.
>
> R=jarin@chromium.org
>
> Committed: https://crrev.com/f236777bfe6e080ff1ead6baf847cc9b6bb4f9cb
> Cr-Commit-Position: refs/heads/master@{#27829}
TBR=jarin@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:477592
LOG=n
Review URL: https://codereview.chromium.org/1059543004
Cr-Commit-Position: refs/heads/master@{#27867}
Split interface and implementation of ControlEquivalence and add a
dedicated trace flag --trace-turbo-ceq to make it reusable outside the
scheduler.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1056093005
Cr-Commit-Position: refs/heads/master@{#27862}
This reverts commit 8c98cc074e
because it causes flaky failures in the dromaeo.jslibeventprototype
benchmark on Linux/Windows and consistent failures on Android.
Also reverts the followup "Remove kForInStatementIsNotFastCase bailout reason"
(commit ba24e67696) to avoid breaking the build.
BUG=chromium:476592
TBR=verwaest@chromium.org
LOG=y
Review URL: https://codereview.chromium.org/1066663005
Cr-Commit-Position: refs/heads/master@{#27859}
Calling new Array(JSObject::kInitialMaxFastElementArray) in optimized code
makes a stub call that bails out due to the length. Currently, the bailout
code a) doesn't have the allocation site, and b) wouldn't use it if it did
because the length is perceived to be too high.
This CL passes the allocation site to the stub call (rather than undefined),
and alters the bailout code to utilize the feedback.
BUG=
Review URL: https://codereview.chromium.org/1086873003
Cr-Commit-Position: refs/heads/master@{#27857}
In ES6 function name and length are configurable. However, the length
and name properties of the poison pill function must not be
configurable.
BUG=v8:4011
LOG=N
R=adamk@chromium.org, rossberg@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1061393002
Cr-Commit-Position: refs/heads/master@{#27855}
enum defaults to signed on win, and kTagged has 1<<31 causing
warning.
Full errors:
d:\src\cr3\src\v8\src\types.cc(1259): error C2220: warning treated as error - no 'object' file generated
d:\src\cr3\src\v8\src\types.cc(1241): note: while compiling class template member function 'void v8::internal::TypeImpl<v8::internal::ZoneTypeConfig>::BitsetType::Print(std::ostream &,v8::internal::TypeImpl<v8::internal::ZoneTypeConfig>::bitset)'
d:\src\cr3\src\v8\src\types.cc(1283): note: see reference to function template instantiation 'void v8::internal::TypeImpl<v8::internal::ZoneTypeConfig>::BitsetType::Print(std::ostream &,v8::internal::TypeImpl<v8::internal::ZoneTypeConfig>::bitset)' being compiled
d:\src\cr3\src\v8\src\types.cc(1355): note: see reference to class template instantiation 'v8::internal::TypeImpl<v8::internal::ZoneTypeConfig>::BitsetType' being compiled
d:\src\cr3\src\v8\src\types.cc(1259): warning C4838: conversion from 'int' to 'const v8::internal::TypeImpl<v8::internal::ZoneTypeConfig>::bitset' requires a narrowing conversion
d:\src\cr3\src\v8\src\types.cc(1259): note: to simplify migration, consider the temporary use of /Wv:18 flag with the version of the compiler with which you used to build without warnings
d:\src\cr3\src\v8\src\types.cc(323): warning C4838: conversion from '' to 'v8::internal::TypeImpl<v8::internal::ZoneTypeConfig>::bitset' requires a narrowing conversion
d:\src\cr3\src\v8\src\types.cc(323): note: to simplify migration, consider the temporary use of /Wv:18 flag with the version of the compiler with which you used to build without warnings
d:\src\cr3\src\v8\src\types.cc(315): note: while compiling class template static data member 'const v8::internal::TypeImpl<v8::internal::ZoneTypeConfig>::BitsetType::Boundary v8::internal::TypeImpl<v8::internal::ZoneTypeConfig>::BitsetType::BoundariesArray[]'
d:\src\cr3\src\v8\src\types.cc(1259): warning C4838: conversion from 'int' to 'const v8::internal::TypeImpl<v8::internal::HeapTypeConfig>::bitset' requires a narrowing conversion
d:\src\cr3\src\v8\src\types.cc(1259): note: to simplify migration, consider the temporary use of /Wv:18 flag with the version of the compiler with which you used to build without warnings
d:\src\cr3\src\v8\src\types.cc(1241): note: while compiling class template member function 'void v8::internal::TypeImpl<v8::internal::HeapTypeConfig>::BitsetType::Print(std::ostream &,v8::internal::TypeImpl<v8::internal::HeapTypeConfig>::bitset)'
d:\src\cr3\src\v8\src\types.cc(1283): note: see reference to function template instantiation 'void v8::internal::TypeImpl<v8::internal::HeapTypeConfig>::BitsetType::Print(std::ostream &,v8::internal::TypeImpl<v8::internal::HeapTypeConfig>::bitset)' being compiled
d:\src\cr3\src\v8\src\types.cc(1359): note: see reference to class template instantiation 'v8::internal::TypeImpl<v8::internal::HeapTypeConfig>::BitsetType' being compiled
d:\src\cr3\src\v8\src\types.cc(323): warning C4838: conversion from '' to 'v8::internal::TypeImpl<v8::internal::HeapTypeConfig>::bitset' requires a narrowing conversion
d:\src\cr3\src\v8\src\types.cc(323): note: to simplify migration, consider the temporary use of /Wv:18 flag with the version of the compiler with which you used to build without warnings
d:\src\cr3\src\v8\src\types.cc(315): note: while compiling class template static data member 'const v8::internal::TypeImpl<v8::internal::HeapTypeConfig>::BitsetType::Boundary v8::internal::TypeImpl<v8::internal::HeapTypeConfig>::BitsetType::BoundariesArray[]'
LOG=N
R=jochen@chromium.org
BUG=440500
Review URL: https://codereview.chromium.org/1055933004
Cr-Commit-Position: refs/heads/master@{#27854}
Port 0179ec5797
Original commit message:
The cells are stored on prototypes (in their map's PrototypeInfo). When a prototype object changes its map, then both its own validity cell and those of all "downstream" prototypes are invalidated; handlers for a given receiver embed the currently valid cell for that receiver's prototype during their compilation and check it on execution.
R=michael_dawson@ca.ibm.com, dstence@us.ibm.com
BUG=
Review URL: https://codereview.chromium.org/1091563002
Cr-Commit-Position: refs/heads/master@{#27849}
AFAICT none of these can actually be triggered currently; but it's still good to harden the code a little.
Review URL: https://codereview.chromium.org/1058533007
Cr-Commit-Position: refs/heads/master@{#27848}
DoParseProgram doesn't appear to need to receive toplevel scopes as
arguments; it can properly set the end_position of the scopes to the
scanner's position after parsing is complete.
R=marja@chromium.org
BUG=
LOG=N
Review URL: https://codereview.chromium.org/1058363003
Cr-Commit-Position: refs/heads/master@{#27847}
This adds a missing bailout id to a ForInStatement for when retrieving
and filtering a property name deoptimizes. This can happen with proxies
that have a getPropertyDescriptor trap.
R=jarin@chromium.org
TEST=mjsunit/for-in-opt
Review URL: https://codereview.chromium.org/1086083002
Cr-Commit-Position: refs/heads/master@{#27846}
The cells are stored on prototypes (in their map's PrototypeInfo). When a prototype object changes its map, then both its own validity cell and those of all "downstream" prototypes are invalidated; handlers for a given receiver embed the currently valid cell for that receiver's prototype during their compilation and check it on execution.
Review URL: https://codereview.chromium.org/908213002
Cr-Commit-Position: refs/heads/master@{#27845}
- make ParallelMove into a ZoneVector, removing an annoying level of indirection
- make MoveOperands hold InstructionOperands instead of pointers, so there's no more operand aliasing for moves
- opens up possibility of storing MachineType in allocated operands
R=bmeurer@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1081373002
Cr-Commit-Position: refs/heads/master@{#27842}
