Commit Graph

21403 Commits

Author SHA1 Message Date
bmeurer
936ae2b814 [turbofan] Avoid generating dead BooleanNot nodes in typed lowering.
Without this shortcut we generate one BooleanNot per JSUnaryNot with
number input, which is quite common in asm.js. These dead nodes then
survive until the late control reducer runs, and may prevent
optimizations in the mean time.

R=dcarney@chromium.org

Review URL: https://codereview.chromium.org/963713002

Cr-Commit-Position: refs/heads/master@{#26911}
2015-02-27 10:25:05 +00:00
bmeurer
b0f52cad08 [turbofan] Properly unlink dead nodes in simplified lowering.
R=jarin@chromium.org

Review URL: https://codereview.chromium.org/964843002

Cr-Commit-Position: refs/heads/master@{#26910}
2015-02-27 09:37:54 +00:00
balazs.kilvady
b9eb8f1fb8 MIPS: Skip the mapcheck on the global object since the global proxy and cell are already checked (or the global object map for contextual global loads).
Port 6af7ca6be4

BUG=

Review URL: https://codereview.chromium.org/957393002

Cr-Commit-Position: refs/heads/master@{#26909}
2015-02-27 09:15:50 +00:00
chunyang.dai
235bf89c87 X87: Skip the mapcheck on the global object since the global proxy and cell are already checked
port 6af7ca6be4 (r26886)

original commit message:

  Skip the mapcheck on the global object since the global proxy and cell are already
  checked (or the global object map for contextual global loads).

BUG=

Review URL: https://codereview.chromium.org/965693002

Cr-Commit-Position: refs/heads/master@{#26908}
2015-02-27 08:09:22 +00:00
bmeurer
643f020cd2 [x64] Make r12 allocatable.
Review URL: https://codereview.chromium.org/926553004

Cr-Commit-Position: refs/heads/master@{#26907}
2015-02-27 08:04:07 +00:00
chunyang.dai
2e2c9b2ac8 Add the corresponding change for turbofan unsupported port.
this is introduced by 88c4f52cb2 (r26783)

BUG=

Review URL: https://codereview.chromium.org/958243004

Cr-Commit-Position: refs/heads/master@{#26906}
2015-02-27 07:39:48 +00:00
cdai2
852792048c X87: Only dynamically perform access checks on the receiver if it's a JSGlobalProxy.
port e9cdcb7174 (r26875)

original commit message:
  Only dynamically perform access checks on the receiver if it's a JSGlobalProxy.
  Proxies up the chain are guaranteed to provide access if we had access to the receiver,
  since otherwise we wouldn't have been able to compile the stub in the first place.
  If the security check would change, the window navigates, changing the map of the JSGlobalProxy.

BUG=
R=weiliang.lin@intel.com

Review URL: https://codereview.chromium.org/964813002

Cr-Commit-Position: refs/heads/master@{#26905}
2015-02-27 07:32:20 +00:00
cdai2
e1030fc97d X87: Move Maps' back pointers from "transitions" to "constructor" field.
port affcfaf428 (r26835).

original commit message:

  Move Maps' back pointers from "transitions" to "constructor" field

BUG=
R=weiliang.lin@intel.com

Review URL: https://codereview.chromium.org/964783002

Cr-Commit-Position: refs/heads/master@{#26904}
2015-02-27 07:03:33 +00:00
cdai2
cd87f25a2e X87: Stop using HeapType in IC and Crankshaft.
port 119cb56617 (r26696).

original commit message:

  Stop using HeapType in IC and Crankshaft

BUG=
R=weiliang.lin@intel.com

Review URL: https://codereview.chromium.org/958283002

Cr-Commit-Position: refs/heads/master@{#26903}
2015-02-27 07:02:36 +00:00
svenpanne
5d4c76eae7 Test StringLengthStub generation via TurboFan.
For now we just use the RawMachineAssembler, this will be changed
later to use the whole TurboFan pipeline.

Review URL: https://codereview.chromium.org/925373002

Cr-Commit-Position: refs/heads/master@{#26902}
2015-02-27 06:56:59 +00:00
chunyang.dai
47913ba79c Add the dummy implementation for turbofan unsupported port.
This is introduced by acd9c46ca7 (r26691).

BUG=

Review URL: https://codereview.chromium.org/965673002

Cr-Commit-Position: refs/heads/master@{#26901}
2015-02-27 05:54:27 +00:00
machenbach
27a3879617 Revert of Also skip when the target is the global object (patchset #1 id:1 of https://codereview.chromium.org/961723002/)
Reason for revert:
Breaks unscopables and fix attempt needed to be reverted too.

Original issue's description:
> Also skip when the target is the global object
>
> BUG=
>
> Committed: https://crrev.com/cc918d30b9d586ce974b71232473f2ae3c5e7847
> Cr-Commit-Position: refs/heads/master@{#26887}

TBR=jkummerow@chromium.org,verwaest@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/960363002

Cr-Commit-Position: refs/heads/master@{#26900}
2015-02-26 21:04:24 +00:00
machenbach
885a88166d Revert of Invalidate the global property cell when converting from data to accessor. (patchset #1 id:1 of https://codereview.chromium.org/961003002/)
Reason for revert:
Breaks gc stress, e.g.: http://build.chromium.org/p/client.v8/builders/V8%20GC%20Stress%20-%201/builds/2322

Original issue's description:
> Invalidate the global property cell when converting from data to accessor.
>
> BUG=
> TBR=jkummerow@chromium.org,
>
> Committed: https://crrev.com/6a12dc240b1faffa500ff269077d832ecc74239d
> Cr-Commit-Position: refs/heads/master@{#26896}

TBR=jkummerow@chromium.org,verwaest@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/958113004

Cr-Commit-Position: refs/heads/master@{#26899}
2015-02-26 21:03:18 +00:00
machenbach
da710f9588 Revert of MIPS: Also skip when the target is the global object. (patchset #1 id:1 of https://codereview.chromium.org/957413002/)
Reason for revert:
Need to revert the ported CL.

Original issue's description:
> MIPS: Also skip when the target is the global object.
>
> Port cc918d30b9
>
> BUG=
>
> Committed: https://crrev.com/b24a0efa447235e11b9ff9d1eeaada06131b2e04
> Cr-Commit-Position: refs/heads/master@{#26897}

TBR=danno@chromium.org,verwaest@chromium.org,paul.lind@imgtec.com,gergely.kis@imgtec.com,akos.palfi@imgtec.com,dusan.milosavljevic@imgtec.com,balazs.kilvady@imgtec.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/963603002

Cr-Commit-Position: refs/heads/master@{#26898}
2015-02-26 21:02:12 +00:00
balazs.kilvady
b24a0efa44 MIPS: Also skip when the target is the global object.
Port cc918d30b9

BUG=

Review URL: https://codereview.chromium.org/957413002

Cr-Commit-Position: refs/heads/master@{#26897}
2015-02-26 19:30:52 +00:00
verwaest
6a12dc240b Invalidate the global property cell when converting from data to accessor.
BUG=
TBR=jkummerow@chromium.org,

Review URL: https://codereview.chromium.org/961003002

Cr-Commit-Position: refs/heads/master@{#26896}
2015-02-26 18:48:59 +00:00
adamk
fa293dd79f Re-introduce ImportDeclaration to the parser
This also adds a new VariableMode, IMPORT, which will be
used to do appropriate binding for Import-declared Variables.

Only named imports are handled for now. "import *" and default
import syntaxes have had their TODOs adjusted to match the new
code structure.

BUG=v8:1569
LOG=n

Review URL: https://codereview.chromium.org/948303004

Cr-Commit-Position: refs/heads/master@{#26895}
2015-02-26 18:41:04 +00:00
balazs.kilvady
d471ceff41 MIPS: Only dynamically perform access checks on the receiver if it's a JSGlobalProxy.
Port e9cdcb7174

Original commit message:
Proxies up the chain are guaranteed to provide access if we had access to the receiver, since otherwise we wouldn't have been able to compile the stub in the first place. If the security check would change, the window navigates, changing the map of the JSGlobalProxy.

BUG=

Review URL: https://codereview.chromium.org/958923002

Cr-Commit-Position: refs/heads/master@{#26894}
2015-02-26 18:39:43 +00:00
ulan
bbf8c0f23d Revert "Revert of Fix memory leak caused by field type in descriptor array."
This reverts commit b57be748b1 and
disables the test/mjsunit/debug-clearbreakpointgroup.js because
BreakLocationIterator::ClearBreakPoint is already broken for unrelated reasons (see v8:3924).

BUG=v8:3877
LOG=N
TEST=cctest/test-heap/Regress3877

Review URL: https://codereview.chromium.org/957373002

Cr-Commit-Position: refs/heads/master@{#26893}
2015-02-26 18:38:34 +00:00
arv
392b591e0c Fix issue with class name TDZ in computed property names
BUG=v8:3923
LOG=N
R=marja,rossberg

Review URL: https://codereview.chromium.org/961823002

Cr-Commit-Position: refs/heads/master@{#26892}
2015-02-26 18:37:19 +00:00
ulan
250dd1ed5a Store weak cell cache for map in the map itself.
BUG=

Review URL: https://codereview.chromium.org/958023002

Cr-Commit-Position: refs/heads/master@{#26891}
2015-02-26 18:36:06 +00:00
titzer
5c7b7b919b Remove RecordTypeFeedback() methods from some AST classes and move into typing.cc.
R=mvstanton@chromium.org
BUG=

Review URL: https://codereview.chromium.org/955243002

Cr-Commit-Position: refs/heads/master@{#26890}
2015-02-26 18:34:46 +00:00
vogelheim
4c80924d2b Fix memory leak in natives-external.
(Discovered when landing crrev.com/959693002)

R=jochen@chromium.org
BUG=

Review URL: https://codereview.chromium.org/960883003

Cr-Commit-Position: refs/heads/master@{#26889}
2015-02-26 18:33:47 +00:00
dusan.milosavljevic
9f37a8af04 MIPS64: Optimize generated code size for deoptimization table entry.
Reuse optimization introduced in 6dee8884.

TEST=
BUG=

Review URL: https://codereview.chromium.org/960963002

Cr-Commit-Position: refs/heads/master@{#26888}
2015-02-26 18:32:39 +00:00
verwaest
cc918d30b9 Also skip when the target is the global object
BUG=

Review URL: https://codereview.chromium.org/961723002

Cr-Commit-Position: refs/heads/master@{#26887}
2015-02-26 15:29:14 +00:00
verwaest
6af7ca6be4 Skip the mapcheck on the global object since the global proxy and cell are already checked (or the global object map for contextual global loads).
BUG=

Review URL: https://codereview.chromium.org/961693002

Cr-Commit-Position: refs/heads/master@{#26886}
2015-02-26 15:12:12 +00:00
vogelheim
8db3ce1dba Revert of Default-enable external startup data for Linux for stand-alone builds. (patchset #1 id:1 of https://codereview.chromium.org/959693002/)
Reason for revert:
Breaks "Simple Leaks Check"

Original issue's description:
> Default-enable external startup data for Linux for stand-alone builds.
>
> Notes:
> - Other platforms to follow later.
> - This follows Chromium practice, that mostly uses this feature these days.
> - The statically linked-in startup data will stay. So whoever prefers
>   the old way just needs to set the flag differently.
>
> BUG=
>
> Committed: https://crrev.com/6d0dcaabe55ca3556bebfd771fbc7fd560fdd4e0
> Cr-Commit-Position: refs/heads/master@{#26884}

TBR=machenbach@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/962593003

Cr-Commit-Position: refs/heads/master@{#26885}
2015-02-26 15:10:20 +00:00
vogelheim
6d0dcaabe5 Default-enable external startup data for Linux for stand-alone builds.
Notes:
- Other platforms to follow later.
- This follows Chromium practice, that mostly uses this feature these days.
- The statically linked-in startup data will stay. So whoever prefers
  the old way just needs to set the flag differently.

BUG=

Review URL: https://codereview.chromium.org/959693002

Cr-Commit-Position: refs/heads/master@{#26884}
2015-02-26 14:55:27 +00:00
marja
b57be748b1 Revert of Fix memory leak caused by field type in descriptor array. (patchset #3 id:40001 of https://codereview.chromium.org/955063002/)
Reason for revert:
Breaks test/mjsunit/debug-clearbreakpointgroup.js on arm64.debug.

Original issue's description:
> Fix memory leak caused by field type in descriptor array.
>
> When a field type is a map, it is wrapped in a weak cell upon storing to the descriptor array.
>
> Map::GetFieldType(i) does the unwrapping.
>
> BUG=v8:3877
> LOG=N
> TEST=cctest/test-heap/Regress3877
>
> Committed: https://crrev.com/77d3ae0e119893ac8d34ea6ca090cddd5bbf987e
> Cr-Commit-Position: refs/heads/master@{#26879}

TBR=verwaest@chromium.org,ulan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3877

Review URL: https://codereview.chromium.org/960103003

Cr-Commit-Position: refs/heads/master@{#26883}
2015-02-26 14:46:07 +00:00
dcarney
6517181c49 Revert of ensure host compiler is always clang when cross compiling from linux (patchset #6 id:100001 of https://codereview.chromium.org/955393002/)
Reason for revert:
broke some things

Original issue's description:
> ensure host compiler is always clang when cross compiling from linux
>
> BUG=
>
> Committed: https://crrev.com/56039af476797accc238dcb24c7ab926899287a0
> Cr-Commit-Position: refs/heads/master@{#26881}

TBR=machenbach@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/964483002

Cr-Commit-Position: refs/heads/master@{#26882}
2015-02-26 14:43:55 +00:00
dcarney
56039af476 ensure host compiler is always clang when cross compiling from linux
BUG=

Review URL: https://codereview.chromium.org/955393002

Cr-Commit-Position: refs/heads/master@{#26881}
2015-02-26 14:40:24 +00:00
marja
1eddcf5b71 [strong] Declaration-after-use errors.
We cannot yet detect use-before-declaration in general, because for that we'd
need to analyze the context when compiling. But we can detect an error case
where we first see a use, then a declaration.

For this, I also added end position tracking (needed for error messages) to
VariableProxy.

Note: the position naming is completely inconsistent: start_position &
end_position, position & end_position, pos & end_pos, beg_pos & end_pos, to name
a few. This doesn't fix all of it, but tries to unify towards start_position &
end_position whenever possible w/ minimal changes.

BUG=

Review URL: https://codereview.chromium.org/943543002

Cr-Commit-Position: refs/heads/master@{#26880}
2015-02-26 13:48:19 +00:00
ulan
77d3ae0e11 Fix memory leak caused by field type in descriptor array.
When a field type is a map, it is wrapped in a weak cell upon storing to the descriptor array.

Map::GetFieldType(i) does the unwrapping.

BUG=v8:3877
LOG=N
TEST=cctest/test-heap/Regress3877

Review URL: https://codereview.chromium.org/955063002

Cr-Commit-Position: refs/heads/master@{#26879}
2015-02-26 13:16:39 +00:00
verwaest
1e0c067d55 Don't perform access checks for internally used properties
BUG=
TBR=dcarney@chromium.org

Review URL: https://codereview.chromium.org/956283003

Cr-Commit-Position: refs/heads/master@{#26878}
2015-02-26 12:56:18 +00:00
machenbach
03cef94a49 Make landmines delete all generated build artifacts.
BUG=chromium:403263
LOG=n

Review URL: https://codereview.chromium.org/963433002

Cr-Commit-Position: refs/heads/master@{#26877}
2015-02-26 12:39:48 +00:00
ishell
0d4ff29a60 Revert of Temporarily disable double fields unboxing. (patchset #1 id:1 of https://codereview.chromium.org/928733003/)
Reason for revert:
Preparing to land a fix.

Original issue's description:
> Temporarily disable double fields unboxing.
>
> Committed: https://crrev.com/209cf09ac9e36c1a24cdfa918bc579a4671c6842
> Cr-Commit-Position: refs/heads/master@{#26727}

TBR=jkummerow@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/960173002

Cr-Commit-Position: refs/heads/master@{#26876}
2015-02-26 12:26:59 +00:00
verwaest
e9cdcb7174 Only dynamically perform access checks on the receiver if it's a JSGlobalProxy. Proxies up the chain are guaranteed to provide access if we had access to the receiver, since otherwise we wouldn't have been able to compile the stub in the first place. If the security check would change, the window navigates, changing the map of the JSGlobalProxy.
BUG=

Review URL: https://codereview.chromium.org/958843002

Cr-Commit-Position: refs/heads/master@{#26875}
2015-02-26 11:06:37 +00:00
verwaest
b5fc4b808c Remove internal use of v8::AccessType, always pass v8::ACCESS_HAS instead.
BUG=

Review URL: https://codereview.chromium.org/942963004

Cr-Commit-Position: refs/heads/master@{#26874}
2015-02-26 10:34:50 +00:00
machenbach
9dac60ad2d Add public version macros.
Side note: tools/v8-info.sh seems to have been broken ever
since the move to git.  At least it's not more broken now.

BUG=v8:3075
LOG=y

TEST=./script_test.py

Review URL: https://codereview.chromium.org/959713003

Cr-Commit-Position: refs/heads/master@{#26873}
2015-02-26 08:59:23 +00:00
jarin
bb13e7f746 Do not touch a binary op IC target in code object marked for lazy deopt.
Bad scenario:

- Enter a binop IC miss handler from optimized code object C from call
  site S,

- From the binop IC, invoke arbitrary javascript that lazy deopts C,
  so all relocation info is nuked and replaced with lazy deopt entries'
  reloc info. In particular, there is no reloc info for S.

- Still from the arbitrary JavaScript, make IC target's code object move.
  Note that the call site S is not updated.

- Return to the miss handler and inspect the IC's target. This will try
  to get the target from S, but that is a potentially invalid pointer.

It is quite possible that we will have to do a similar fix for other ICs,
but we will have to find a reliable repro first. I am not submitting a
repro here because it is quite long running and brittle (it
relies on code compaction happening while in the binop IC).

BUG=v8:3910
LOG=n
R=ishell@chromium.org

Review URL: https://codereview.chromium.org/958473004

Cr-Commit-Position: refs/heads/master@{#26872}
2015-02-26 08:36:54 +00:00
bmeurer
166dcd339f [gyp] Disable warnings generated by third party ICU code.
R=svenpanne@chromium.org

Review URL: https://codereview.chromium.org/962523002

Cr-Commit-Position: refs/heads/master@{#26871}
2015-02-26 08:19:32 +00:00
bmeurer
0f783c676b [turbofan] Fix bogus covering of Word64Equal w/ zero.
Review URL: https://codereview.chromium.org/960783002

Cr-Commit-Position: refs/heads/master@{#26870}
2015-02-26 07:18:42 +00:00
arv
75a2440982 Minor test fix to block binding
The test did not invoke the function

BUG=v8:3921
LOG=N
R=adamk

Review URL: https://codereview.chromium.org/961463002

Cr-Commit-Position: refs/heads/master@{#26869}
2015-02-25 23:27:14 +00:00
adamk
fb6f68b8a8 Rename ParseModule to ParseModuleItemList
TBR=rossberg@chromium.org

Review URL: https://codereview.chromium.org/952343002

Cr-Commit-Position: refs/heads/master@{#26868}
2015-02-25 23:00:32 +00:00
verwaest
6b1bddb454 Remove NativeContext from Literal array, since we always create the literals in the native context of the current closure.
BUG=

Review URL: https://codereview.chromium.org/952303002

Cr-Commit-Position: refs/heads/master@{#26867}
2015-02-25 22:41:48 +00:00
dcarney
24847156de [turbofan] change tracing in scheduler so block_id is id: instead of B and rpo_number is now B
R=mstarzinger@chromium.org

BUG=

Review URL: https://codereview.chromium.org/948263004

Cr-Commit-Position: refs/heads/master@{#26866}
2015-02-25 21:51:25 +00:00
arv
92b4eaddbc No need for special treatment of super in PreParserExpression
It turned out that we didn't need to treat super in a special way
in the pre parser expressions.

BUG=None
LOG=N
R=dslomov@chromium.org

Review URL: https://codereview.chromium.org/952283003

Cr-Commit-Position: refs/heads/master@{#26865}
2015-02-25 21:47:55 +00:00
arv
5c19e4f1cb Remove ValidateSuperCall
We don't need this since this case is now a SyntaxError.

BUG=None
LOG=N
R=dslomov@chromium.org

Review URL: https://codereview.chromium.org/957823002

Cr-Commit-Position: refs/heads/master@{#26864}
2015-02-25 21:46:52 +00:00
adamk
8b33567fd3 Simplify error message logic in ParseImportNames
The new logic ensures that the error messages are the same in the
"import { <reserved word> }" and "import { foo as <reserved ord> }"
cases.

Also prepares ParseImportNames for returning both the import and local
names to ParseImportClause.

BUG=v8:1569
LOG=n

Review URL: https://codereview.chromium.org/952863006

Cr-Commit-Position: refs/heads/master@{#26863}
2015-02-25 19:40:54 +00:00
dcarney
f1e2aa524c emit premonomorphic ics for keyed loads/stores in optimized code
R=verwaest@chromium.org

BUG=

Review URL: https://codereview.chromium.org/945313003

Cr-Commit-Position: refs/heads/master@{#26862}
2015-02-25 19:32:59 +00:00