Commit Graph

38793 Commits

Author SHA1 Message Date
Peter Marshall
a450c18544 [builtins] Copy array contents using JS in ConstructByArrayLike.
The last CL https://chromium-review.googlesource.com/c/456707/ caused
some pretty heavy performance regressions. After experimenting, it
seems the easiest and most straight-forward way to copy the elements
into the new typed array is to do it in JS.

Adds a fast path for typed arrays, where the source typed array has
the same elements kind, in which case we can just copy the backing
store using memcpy.

This CL also removes regression test 319120 which is from a pwn2own
vulnerability. The old code path enforced a maximum byte_length
that was too low, which this change removes. The length property of
the typed array must be a Smi, but the byte_length, which can be up
to 8x larger than length for a Float64Array, can be a heap number.

We can also re-use some of the logic from ConstructByLength when
deciding whether to allocate the buffer on- or off-heap, so that
is factored out into InitializeBasedOnLength. We can also re-use
the DoInitialize helper instead of calling into the runtime,
meaning we can remove InitializeFromArrayLike.

BUG=v8:5977,chromium:705503,chromium:705394

Change-Id: I63372652091d4bdf3a9491acef9b4e3ac793a755
Reviewed-on: https://chromium-review.googlesource.com/459621
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44301}
2017-03-31 10:37:57 +00:00
Andreas Haas
42f285fcbb Reland [wasm] Check the result of Promise::Resolver
The original CL was reverted because regression test used i18n stuff,
which was not available in the no-i18n bot.

The regression test turned out to be flaky, because I cannot even
reproduce the crash now without the fix. I think the reason is that for
the crash to happen a stack check has to fail within the rejection of
a promise. Small changes can cause the stack check to fail somewhere
else. Investigations showed though that the crash should still be
possible. I propose therefore to land the fix now without the
regression test.

Original message:
We check that if we do not get a result, or if we get a negative result,
then there has to be a scheduled exception.

R=clemensh@chromium.org
BUG=chromium:704127

Change-Id: Iaf355249686412a636074a476687413b621aac68
Reviewed-on: https://chromium-review.googlesource.com/464846
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44300}
2017-03-31 09:54:21 +00:00
Franziska Hinkelmann
961add84fd [type-profile] Collect types for parameters.
Add the source position to variables if they are parameters.

Collect type information for parameters and return values. 
Index the types by their corresponding source position. For the
types of return values, use the function end as source position.


Sample output for a function with 2 parameters (at source
position 252 and 258, and function end at 443)
*************
Function: testFunction
252:
Object
number
string
number
258:
undefined
boolean
undefined
undefined
443:
Object
number
string
number
*************



BUG=v8:5933

Change-Id: I3b8749afcac706c1834146abf1b5b4a3fd130fb6
Reviewed-on: https://chromium-review.googlesource.com/461919
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Franziska Hinkelmann <franzih@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44299}
2017-03-31 09:53:16 +00:00
Michael Starzinger
2a7ab87572 [ast] Fix printing of CallRuntime nodes.
This fixes printing of {CallRuntime} nodes that are backed by JavaScript
functions. Issues with the printing that was in place:
 - Crash because it was accessing {context} instead of {native_context}
 - Printout was not comparable, raw heap pointer different between runs

R=bmeurer@chromium.org

Change-Id: I941944b46550bd908ec14a324bc255d6c8f96fbe
Reviewed-on: https://chromium-review.googlesource.com/464766
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44298}
2017-03-31 09:40:36 +00:00
Clemens Hammacher
da7786759e [wasm] Fix grow_memory implementation in interpreter
grow_memory was working from test cases, but not in combination with
compiled code. This CL makes the effect of grow_memory executed either
in the interpreter or compiled code always be reflected in both
execution environments.
It also adds a %RedirectToWasmInterpreter runtime function for testing
this interaction.

R=ahaas@chromium.org
CC=gdeepti@chromium.org
BUG=v8:5822

Change-Id: I3e7c184c42ef655d1c30d2e0dddad7fb783455fc
Reviewed-on: https://chromium-review.googlesource.com/463506
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44297}
2017-03-31 09:29:13 +00:00
Clemens Hammacher
701124db95 [wasm] [interpreter] Add stack overflow checks
Add a limit to the number of nested call frames in the C++ wasm
interpreter.
Both the size of the value stack as well as the size of the block stack
are limited per call frame. Thus, a limit on only the call frame stack
is enough to limit the overall memory consumption of one interpreter
instance.

R=ahaas@chromium.org
BUG=v8:5822

Change-Id: If9f7e547cd1d003bc2ae3c7586ece6b3cf3be587
Reviewed-on: https://chromium-review.googlesource.com/463486
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44296}
2017-03-31 09:22:56 +00:00
jgruber
cec39ad1ad [regexp] Add support for dotAll flag
The dotAll flag changes behavior of the dot '.' character to match every
possible single character instead of excluding certain line terminators.

The implementation is staged behind --harmony-regexp-dotall.

Spec proposal: https://github.com/mathiasbynens/es-regexp-dotall-flag

BUG=v8:6172

Review-Url: https://codereview.chromium.org/2780173002
Cr-Commit-Position: refs/heads/master@{#44295}
2017-03-31 09:20:13 +00:00
clemensh
85ff725cf4 [disasm] Print all pc offsets as hex
The disassembly output recently changed to output pc offsets in hex
(see https://codereview.chromium.org/2757263002).
This CL also changes source positions, safepoints and back edges to use
the same format. This allows easier matching.

R=leszeks@chromium.org, yangguo@chromium.org

Review-Url: https://codereview.chromium.org/2788513004
Cr-Commit-Position: refs/heads/master@{#44294}
2017-03-31 09:00:21 +00:00
Clemens Hammacher
c32113e7eb [wasm] [cleanup] Attach methods to the object they operate on
This CL cleans up a few things:
- It removes two dead declarations: WasmMemoryObject::Grow and
  wasm::GrowInstanceMemory.
- It removes the unneeded wasm::GetInstanceMemory function (use
  instance->memory_buffer() directly).
- It moves wasm::GetInstanceMemorySize to
  WasmInstanceObject::GetMemorySize.
- It moves wasm::GrowInstanceMemory to WasmInstanceObject::GrowMemory.
- It moves wasm::GrowWebAssemblyMemory to WasmMemoryObject::Grow.

R=ahaas@chromium.org
CC=gdeepti@chromium.org

Change-Id: I19781ca9784f1a8e7b60955bef82e341c4f75550
Reviewed-on: https://chromium-review.googlesource.com/463167
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44293}
2017-03-31 08:12:15 +00:00
Franziska Hinkelmann
19f655a814 [testing] Rename documentation file.
README.md is easier to find than message.md.

BUG=

Change-Id: I9b9b8173c322206b931176d480566cdcb62eb31c
Reviewed-on: https://chromium-review.googlesource.com/464706
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Franziska Hinkelmann <franzih@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44292}
2017-03-31 08:05:15 +00:00
Peter Marshall
d45e92bf6d [Tests] Update resources for SixSpeed and JSTest tests.
The resources list is required for android, where these files are
pushed to the device. The android bots have been failing due to these
missing resources, as the files are not available on the devices.

NOTRY=true
Change-Id: Ibef3cfc10e01250cb380128013e3c304927b5459

Change-Id: Ibef3cfc10e01250cb380128013e3c304927b5459
Reviewed-on: https://chromium-review.googlesource.com/463266
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44291}
2017-03-31 07:57:51 +00:00
jgruber
cb812f8e58 [regexp] Extend tests for named captures
Additional tests, mostly for interactions with lookbehind assertions.

BUG=v8:5437

Review-Url: https://codereview.chromium.org/2784813002
Cr-Commit-Position: refs/heads/master@{#44290}
2017-03-31 07:57:15 +00:00
thomasanderson
3b72184d40 Revert of Remove download_binaries.py from DEPS (patchset #2 id:20001 of https://codereview.chromium.org/2774043002/ )
Reason for revert:
https://codereview.chromium.org/2775913002/ needs to be reverted, so reverting all dependent patch sets

Original issue's description:
> Remove download_binaries.py from DEPS
>
> This step is no longer necessary after https://codereview.chromium.org/2775913002/
>
> BUG=chromium:705072
>
> Review-Url: https://codereview.chromium.org/2774043002
> Cr-Commit-Position: refs/heads/master@{#44252}
> Committed: 459b881c23

TBR=machenbach@chromium.org,thomasanderson@google.com
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=chromium:705072

Review-Url: https://codereview.chromium.org/2786173004
Cr-Commit-Position: refs/heads/master@{#44289}
2017-03-31 07:33:57 +00:00
bmeurer
776d89f9ce [es2015] Simplify contract between parser and stub for derived constructors.
Rewrite returns in derived constructors to only replace undefined with
this, and otherwise just return the value, and let the construct stub
builtin throw an exception if the result is a primitive instead of a
JSReceiver.

R=yangguo@chromium.org
TBR=marja@chromium.org
BUG=chromium:706642

Review-Url: https://codereview.chromium.org/2788033002
Cr-Commit-Position: refs/heads/master@{#44288}
2017-03-31 06:01:01 +00:00
domenic
a6e635d692 Add V8 extra utils for promise state
This will allow V8 extra consumers to track promise state without
using a side-table. This is used by streams as of
173f9f67be.

BUG=chromium:658144

Review-Url: https://codereview.chromium.org/2784213002
Cr-Commit-Position: refs/heads/master@{#44287}
2017-03-31 05:58:15 +00:00
v8-autoroll
5f41fbee57 Update V8 DEPS.
Rolling v8/build: a634e44..673a8f4

Rolling v8/third_party/android_tools: https://chromium.googlesource.com/android_tools/+log/b43a6a2..b65c477

Rolling v8/third_party/catapult: d3a9107..b13bd47

Rolling v8/tools/clang: c55112f..5bc7c5e

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Change-Id: I0c0febc9be9fe1d38ffedfb1d92588e6871541fc
Reviewed-on: https://chromium-review.googlesource.com/464446
Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44286}
2017-03-31 04:05:43 +00:00
kozyatinskiy
545f99d02a [inspector] convert V8Console static methods into members
This step is required to implement console as builtin which calls console delegate methods.

BUG=v8:6175
R=dgozman@chromium.org

Review-Url: https://codereview.chromium.org/2783073002
Cr-Original-Commit-Position: refs/heads/master@{#44283}
Committed: fe27dccd87
Review-Url: https://codereview.chromium.org/2783073002
Cr-Commit-Position: refs/heads/master@{#44285}
2017-03-30 23:07:24 +00:00
kozyatinskiy
5b306f7272 Revert of [inspector] convert V8Console static methods into members (patchset #2 id:20001 of https://codereview.chromium.org/2783073002/ )
Reason for revert:
Too many simulatenously landed CLs, this one should be rebased first.

Original issue's description:
> [inspector] convert V8Console static methods into members
>
> This step is required to implement console as builtin which calls console delegate methods.
>
> BUG=v8:6168
> R=dgozman@chromium.org
>
> Review-Url: https://codereview.chromium.org/2783073002
> Cr-Commit-Position: refs/heads/master@{#44283}
> Committed: fe27dccd87

TBR=dgozman@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:6168

Review-Url: https://codereview.chromium.org/2793443002
Cr-Commit-Position: refs/heads/master@{#44284}
2017-03-30 22:33:52 +00:00
kozyatinskiy
fe27dccd87 [inspector] convert V8Console static methods into members
This step is required to implement console as builtin which calls console delegate methods.

BUG=v8:6168
R=dgozman@chromium.org

Review-Url: https://codereview.chromium.org/2783073002
Cr-Commit-Position: refs/heads/master@{#44283}
2017-03-30 22:20:46 +00:00
kozyatinskiy
8adf294cb4 [inspector] don't use v8::Isolate::GetCurrent in V8StackTraceImpl
In inspector code everywhere except V8StackTraceImpl we get pointer to isolate from inspector object or v8::FunctionCallbackInfo. We can avoid usage of v8::Isolate::GetCurrent in V8StackTraceImpl too. It will simplify a little embedder code by removing requirement to have v8::Isolate::Scope before calling to V8InspectorSession::dispatchProtocolMessage.

BUG=v8:5907
R=dgozman@chromium.org

Review-Url: https://codereview.chromium.org/2789593002
Cr-Commit-Position: refs/heads/master@{#44282}
2017-03-30 22:17:26 +00:00
kschimpf
114d6b4b87 Remove fixed TODOs.
BUG=chromium:704922
R=bbudge@chromium.org,bradnelson@chromium.org

Review-Url: https://codereview.chromium.org/2786193002
Cr-Commit-Position: refs/heads/master@{#44281}
2017-03-30 21:19:29 +00:00
Franziska Hinkelmann
42003cb416 [testing] Add initial documentation for test/message.
R=adamk@chromium.org, mstarzinger@chromium.org

BUG=

Change-Id: Ibac495e93b523bd034cc9f2d9e3a43cf38c9ab14
Reviewed-on: https://chromium-review.googlesource.com/463368
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Franziska Hinkelmann <franzih@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44280}
2017-03-30 18:37:07 +00:00
sampsong
de74e1ac84 PPC/S390: Fix inspector/runtime/es6-module.js test failure due to endianness
R=dgozman@chromium.org, kozyatinskiy@chromium.org, bjaideep@ca.ibm.com, jyan@ca.ibm.com, joransiu@ca.ibm.com
BUG=

Review-Url: https://codereview.chromium.org/2787713003
Cr-Commit-Position: refs/heads/master@{#44279}
2017-03-30 18:36:53 +00:00
Caitlin Potter
e89452dd25 [async-iteration] improve Function.prototype.toString() output
Currently, async generators are stringified the same way normal
Generators are. This change prefixes async generator methods with
"async *", and other async generator functions with
"async function* ".

BUG=v8:5855
R=adamk@chromium.org, littledan@chromium.org, jwolfe@igalia.com

Change-Id: Ia809fad64caac4464dbc9f7fa7728584d0f67832
Reviewed-on: https://chromium-review.googlesource.com/463526
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44278}
2017-03-30 17:40:58 +00:00
Andreas Haas
fc0caf6de8 [wasm] All accesses of bytes in memory are aligned.
It makes no sense to check if unaligned accesses of bytes in memory are
allowed, since these accesses are always aligned. There was a problem
on mips that we created an UnalignedLoad(Int8), which was, however, not
implemented in the mips instruction selector.

R=clemensh@chromium.org

Change-Id: I20369e078e3c24942aa90c2bd3333d9881de0072
Reviewed-on: https://chromium-review.googlesource.com/463006
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44277}
2017-03-30 17:39:09 +00:00
Andreas Haas
c066623ed7 [wasm] Fix the regression-680683 test.
The test was out-dated. The wasm bytes still had the version 0xd, and
no END instruction at the end of the function. In addition, the test
used asynchronous compilation but did not wait for the promise to
resolve.

R=clemensh@chromium.org

Change-Id: Ib01f47ac8f668401ed14470af7100e990e5bbd94
Reviewed-on: https://chromium-review.googlesource.com/463286
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44276}
2017-03-30 17:37:29 +00:00
Adam Klein
fa31434127 Stage --harmony-function-tostring
BUG=v8:4958

Change-Id: Id02d36fce76eed54a5a3d348dbac2ea7d43f4ef3
Reviewed-on: https://chromium-review.googlesource.com/462336
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44275}
2017-03-30 16:49:55 +00:00
tebbi
e837594cd8 [builtins] Implement %TypedArray%.prototype.{some,every} in the CSA
R=mvstanton@chromium.org,danno@chromium.org

Review-Url: https://codereview.chromium.org/2775203002
Cr-Commit-Position: refs/heads/master@{#44274}
2017-03-30 16:36:53 +00:00
Michael Starzinger
e803448767 [asm.js] Enable tests that should no longer fail.
R=machenbach@chromium.org
BUG=v8:6127

Change-Id: If029d449aedb6c10ec14aa847a2b68e6ce46ef94
Reviewed-on: https://chromium-review.googlesource.com/463046
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44273}
2017-03-30 16:20:21 +00:00
Michael Achenbach
45768b0f0e [build] Make inspector the default in gyp
Bug: chromium:645890
Change-Id: If34ac1336d0ee3c23e89050aef2cf30b754b67c1
Reviewed-on: https://chromium-review.googlesource.com/461145
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44272}
2017-03-30 15:08:31 +00:00
mvstanton
5bc286e54e Bugfix - a DCHECK could allocate, invalidating a raw pointer.
HasOrigin() can allocate. Make sure to wrap vulnerable raw pointers
in handles.

BUG=

Review-Url: https://codereview.chromium.org/2788663002
Cr-Commit-Position: refs/heads/master@{#44271}
2017-03-30 14:50:41 +00:00
kozyatinskiy
95120a7e06 [inspector] support setTimeout in Debugger.scheduleStepIntoAsync method
BUG=chromium:432469
R=dgozman@chromium.org

Review-Url: https://codereview.chromium.org/2746743002
Cr-Commit-Position: refs/heads/master@{#44270}
2017-03-30 14:42:24 +00:00
Camillo Bruni
5ca9632e51 [tools] Improve grokdump.py
- Add new address markers:
   T: tagged pointer in the minidump
   C: address into a module in the minidump
   S: pointer into the exception stack in the minidump
   *: other address in the minidump
- Show ASCII decoding of address in dd
- Display potential frame markers on the exception stack:
   00000032212fdae8: 0000000300000000   ........ Smi(3) EXIT frame marker
- Display relative addresses, useful to detect stack frames:
   00000032212fdb68: 00000032212fdb98 S ........  [+6]=00000032212fdcb0 S
   00000032212fdb70: 0000010ff5ca0a84   ........
   00000032212fdb78: 000001064c1fa881   ........
   00000032212fdb80: 0000016a8e52fcb1   ........
   00000032212fdb88: 0000010ff5ca0981   ........
   00000032212fdb90: 0000000d00000000   ........ Smi(13) INTERNAL frame marker
   00000032212fdb98: 00000032212fdcb0 S ........  [+35]=00000032212fdd61 S

Change-Id: I56bd7e6723a34bcb668719246dd5ff2898224928
Reviewed-on: https://chromium-review.googlesource.com/461862
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44269}
2017-03-30 13:38:31 +00:00
hpayer
4024e6a1bb [heap] Take page lock when scavenging old to new references in Scavenger.
BUG=v8:5807

Review-Url: https://codereview.chromium.org/2781363002
Cr-Commit-Position: refs/heads/master@{#44268}
2017-03-30 13:14:01 +00:00
jgruber
1200cc2c6d [regexp] Only access result.groups if named captures are enabled
GetProperty(result, groups) needs to be called iff the
harmony-regexp-named-captures flag is enabled.

Also add a couple of DCHECKS.

BUG=v8:5437,chromium:706748

Review-Url: https://codereview.chromium.org/2786933002
Cr-Commit-Position: refs/heads/master@{#44267}
2017-03-30 11:55:11 +00:00
vchigrin
b6912850df Protect SerializedData from copying.
Compiler-generated copy constructor does not generate
correct code for this class, so make it move-only type.

Review-Url: https://codereview.chromium.org/2781993005
Cr-Commit-Position: refs/heads/master@{#44266}
2017-03-30 11:44:14 +00:00
Peter Marshall
d389d473a7 [cleanup] Remove Array ID.
We don't use it anywhere anymore.

BUG=

Change-Id: I9acd9c427c6af7422bbdf58088b61ceafd1ee655
Reviewed-on: https://chromium-review.googlesource.com/462968
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44265}
2017-03-30 11:16:11 +00:00
bmeurer
c019e53cbb [turbofan] Disable inlining of derived class constructors.
The inlining logic doesn't account for the fact that the derived
constructor could return a primitive, thus leaking the implicit
receiver (which is the hole).

R=jarin@chromium.org
BUG=chromium:706642

Review-Url: https://codereview.chromium.org/2788603002
Cr-Commit-Position: refs/heads/master@{#44264}
2017-03-30 10:17:10 +00:00
Andreas Haas
eef2a462ad [gn] Remove the wasm_test_signatures source set.
The source set only contained a header file, which caused problems
when compiling a static library with VS.

R=machenbach@chromium.org
BUG=v8:6158

Change-Id: I3eed4a888e72cf6a2917190e4a1db7b38006cd0c
Reviewed-on: https://chromium-review.googlesource.com/463027
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44263}
2017-03-30 10:00:28 +00:00
Franziska Hinkelmann
3e6dde8769 [interpreter] Split function into Receiver() and Parameter(i).
The parameter indices are shifted by 1 in BytecodeArrayBuilder
because the receiver is variable at index 0 and not -1.

Split BytecodeArrayBuilder::Parameter(index) method into
Receiver() (same as Parameter(-1)) and
Parameter(index).

This way we avoid confusing (index+1) counting in BytecodeGenerator().

BUG=

Change-Id: Id87ec7c708cecfc3108011994f3177f483772bcc
Reviewed-on: https://chromium-review.googlesource.com/461904
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Franziska Hinkelmann <franzih@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44262}
2017-03-30 09:40:08 +00:00
Michael Starzinger
709bc4229c [asm.js] Fix invalid test case.
R=clemensh@chromium.org
BUG=v8:6127

Change-Id: I5e1b0d3efdf7f4aede7da83a35c072b5ac85d5c7
Reviewed-on: https://chromium-review.googlesource.com/463026
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44261}
2017-03-30 09:16:25 +00:00
Michael Starzinger
6748fa7cad [asm.js] Fix assignment with undeclared target.
R=clemensh@chromium.org
BUG=v8:6127

Change-Id: I32d2a36cdc2a65c3e0016e49157524573755d09d
Reviewed-on: https://chromium-review.googlesource.com/461185
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44260}
2017-03-30 08:36:17 +00:00
bmeurer
36d4ba6233 [turbofan] Inline calls to the Boolean constructor.
Recognize the Boolean constructor calls in JSCallReducer and replace
them with simple JSToBoolean nodes.

R=yangguo@chromium.org
BUG=v8:5267,v8:6169

Review-Url: https://codereview.chromium.org/2782143003
Cr-Commit-Position: refs/heads/master@{#44259}
2017-03-30 03:59:18 +00:00
v8-autoroll
8df7b7ce62 Update V8 DEPS.
Rolling v8/build: 133db8f..a634e44

Rolling v8/third_party/catapult: 0c870c7..d3a9107

Rolling v8/tools/clang: e9e483c..c55112f

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Change-Id: I06d2c4aa29c143c1c8198d109679db2341532507
Reviewed-on: https://chromium-review.googlesource.com/462596
Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44258}
2017-03-30 03:33:21 +00:00
bjaideep
f1ad374480 PPC: [Atomics] Make Atomics.exchange a builtin using TF
Implemented l[w|h|b]arx and st[w|h|b]cx instructions which are
needed to perform atomic exchange. Also added synchronization
primitives similar to arm to simulate those instructions.

R=joransiu@ca.ibm.com, jyan@ca.ibm.com, binji@chromium.org, aseemgarg@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2754263004
Cr-Commit-Position: refs/heads/master@{#44257}
2017-03-30 03:05:17 +00:00
kozyatinskiy
872accf9df [inspector] prepared console before moving into builtins
We need to split creating of console and installing memory getter and remove console.assert hack before migration to builtin. We can implement super fast console.assert after migration.

BUG=chromium:588893
R=dgozman@chromium.org
TBR=yangguo@chromium.org

Review-Url: https://codereview.chromium.org/2781883003
Cr-Commit-Position: refs/heads/master@{#44256}
2017-03-29 23:04:49 +00:00
kschimpf
85d731e930 Change Chrome name for histograms to show asm/wasm targets.
Do final change to Chrome flags so that UMA will start collecting
separate statistics, using a "histogram_suffixes" format.

Corresponding changes to chromium are in:

CL https://codereview.chromium.org/2781163002

BUG=chromium:704922
R=bradnelson@chromium.org,bbudge@chromium.org

Review-Url: https://codereview.chromium.org/2781073003
Cr-Commit-Position: refs/heads/master@{#44255}
2017-03-29 22:38:38 +00:00
kozyatinskiy
29dc4898c8 [inspector] fixed crash in InternalPromiseHasUserDefinedRejectHandler
Method should be ready to symbols inside of queue_arr.

BUG=v8:6168
R=gsathya@chromium.org

Review-Url: https://codereview.chromium.org/2782893003
Cr-Commit-Position: refs/heads/master@{#44254}
2017-03-29 22:21:42 +00:00
bjaideep
411efc16a7 PPC/s390: [cleanup] combine 3 ResumeGenerator stubs into one
Port 5615e5b866

Original Commit Message:

    This hopefully shrinks binary size a bit, at the cost of (slightly)
    increasing the complexity of the ResumeGenerator stub. Includes ia32,
    x64, mips, mips64, arm and arm64 ports.

R=caitp@igalia.com, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=v8:5855
LOG=N

Review-Url: https://codereview.chromium.org/2783043002
Cr-Commit-Position: refs/heads/master@{#44253}
2017-03-29 22:18:06 +00:00
thomasanderson
459b881c23 Remove download_binaries.py from DEPS
This step is no longer necessary after https://codereview.chromium.org/2775913002/

BUG=chromium:705072

Review-Url: https://codereview.chromium.org/2774043002
Cr-Commit-Position: refs/heads/master@{#44252}
2017-03-29 22:07:43 +00:00