Commit Graph

3936 Commits

Author SHA1 Message Date
caitpotter88
b09c048f69 [es6] don't throw if argument is non-object (O.freeze, O.seal, O.preventExtensions)
BUG=v8:3965, v8:3966
R=arv@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/1011823003

Cr-Commit-Position: refs/heads/master@{#27985}
2015-04-21 21:45:57 +00:00
machenbach
9283fc8971 Revert of [es6] implement Array.prototype.copyWithin() (patchset #7 id:120001 of https://codereview.chromium.org/376623004/)
Reason for revert:
[Sheriff] This causes test failures on mac gc stress:
http://build.chromium.org/p/client.v8/builders/V8%20Mac%20GC%20Stress/builds/1027

Original issue's description:
> [es6] implement Array.prototype.copyWithin()
>
> https://people.mozilla.org/~jorendorff/es6-draft.html#sec-array.prototype.copywithin
>
> BUG=v8:4039
> R=adamk@chromium.org
> LOG=N

TBR=dslomov@chromium.org,rossberg@chromium.org,adamk@chromium.org,caitpotter88@gmail.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4039

Review URL: https://codereview.chromium.org/1084183004

Cr-Commit-Position: refs/heads/master@{#27984}
2015-04-21 21:11:31 +00:00
caitpotter88
6d00703e5e [es6] implement Array.prototype.copyWithin()
https://people.mozilla.org/~jorendorff/es6-draft.html#sec-array.prototype.copywithin

BUG=v8:4039
R=adamk@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/376623004

Cr-Commit-Position: refs/heads/master@{#27983}
2015-04-21 19:05:37 +00:00
rossberg
580d66bcda [strong] checking of this & super in constructors
R=dslomov@chromium.org, marja@chromium.org
BUG=v8:3956
LOG=N

Enforces for constructors that
- the only use of 'super' is the super constructor call
- the only use of 'this' is a property assignment
- both of these must happen at the top-level of the body
- 'this' may only be assigned after the 'super' call
- 'return' may only be used after the last assignment to 'this'

Not yet working for arrow functions (there might be deeper bugs with those).

Review URL: https://codereview.chromium.org/1024063002

Cr-Commit-Position: refs/heads/master@{#27977}
2015-04-21 16:34:29 +00:00
titzer
1850803d56 [turbofan] Fix reduction of LoadProperty/StoreProperty to LoadNamed/StoreNamed.
R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1095313002

Cr-Commit-Position: refs/heads/master@{#27972}
2015-04-21 15:12:58 +00:00
yangguo
9b2fe70d93 Migrate error messages, part 4 (v8natives.js).
Goal is to reduce native context size.

R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/1099573002

Cr-Commit-Position: refs/heads/master@{#27953}
2015-04-21 09:03:09 +00:00
Daniel Vogelheim
abb23b5284 Disable mjsunit/es7/object-observe on gc-stress, due to flakiness.
TBR=machenbach@chromium.org
CC=adamk@chromium.org
BUG=478788
LOG=N

Review URL: https://codereview.chromium.org/1092323003

Cr-Commit-Position: refs/heads/master@{#27948}
2015-04-20 18:14:40 +00:00
mvstanton
9987221c02 Make sure builtins preserve guarantees about empty element array prototypes.
We have a bottleneck around storing elements in the array and object prototypes,
but the Push() and Unshift() builtins don't respect them.

Fix this exactly to the level of existing support for stores.

BUG=v8:4043
LOG=N
NOTRY=true

Review URL: https://codereview.chromium.org/1066003003

Cr-Commit-Position: refs/heads/master@{#27943}
2015-04-20 15:16:34 +00:00
yangguo
8cf289ca4f Throw when attaching a stack trace to an object fails.
R=jarin@chromium.org
BUG=chromium:478011
LOG=N

Review URL: https://codereview.chromium.org/1077153003

Cr-Commit-Position: refs/heads/master@{#27941}
2015-04-20 14:40:45 +00:00
machenbach
fde66e2a72 Temporarily skip slow test.
TBR=bmeurer@chromium.org
NOTRY=true

Review URL: https://codereview.chromium.org/1093143002

Cr-Commit-Position: refs/heads/master@{#27936}
2015-04-20 12:23:14 +00:00
Benedikt Meurer
7eb7141fc4 [mjsunit] Import test case based on the Massive/SQLite benchmark.
This adds a stripped down version of the SQLite benchmark (running with
--size 1) to the mjsunit suite. We might want to move that to a
dedicated slow/stress/whatever test suite once an appropriate decision
is made.

R=machenbach@chromium.org

Review URL: https://codereview.chromium.org/1094043002

Cr-Commit-Position: refs/heads/master@{#27930}
2015-04-20 07:58:31 +00:00
yangguo
5a9a0b20e7 Migrate error messages, part 3 (runtime.js).
Motivation for this is reducing the size of the native context.

R=mvstanton@chromium.org

Review URL: https://codereview.chromium.org/1089303003

Cr-Commit-Position: refs/heads/master@{#27917}
2015-04-17 13:27:28 +00:00
jkummerow
4204c72739 Don't use normalized map cache for prototype maps
BUG=chromium:477924
LOG=n
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/1090193002

Cr-Commit-Position: refs/heads/master@{#27916}
2015-04-17 12:16:07 +00:00
verwaest
c153a8437e [crankshaft] Fix property access with proxies in prototype chain
BUG=

Review URL: https://codereview.chromium.org/1090813003

Cr-Commit-Position: refs/heads/master@{#27911}
2015-04-17 09:25:13 +00:00
yangguo
ae2057e81a Reland "Migrate error messages, part 2."
Review URL: https://codereview.chromium.org/1083083004

Cr-Commit-Position: refs/heads/master@{#27907}
2015-04-17 08:35:47 +00:00
verwaest
8098253562 Reland "Add basic crankshaft support for slow-mode for-in to avoid disabling optimizations"
BUG=chromium:476592
LOG=n

Review URL: https://codereview.chromium.org/1086333002

Cr-Commit-Position: refs/heads/master@{#27898}
2015-04-16 17:32:00 +00:00
machenbach
d881baaced Revert of Migrate error messages, part 2. (patchset #1 id:1 of https://codereview.chromium.org/1086313003/)
Reason for revert:
[Sheriff]: This changes layout test expectations e.g.
http://build.chromium.org/p/client.v8/builders/V8-Blink%20Win/builds/2964

Original issue's description:
> Migrate error messages, part 2.
>
> Motivation for this is reducing the size of the native context.
>
> Committed: https://crrev.com/d3b788df0a4ccfedbe6e1df5e214cb6ba2792a65
> Cr-Commit-Position: refs/heads/master@{#27878}

TBR=mvstanton@chromium.org,yangguo@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1095573002

Cr-Commit-Position: refs/heads/master@{#27889}
2015-04-16 14:33:26 +00:00
marja
2dc0f2ec01 [strong] Allow mutually recursive classes.
The previous restrictions were overshooting (didn't allow a class to refer to a
later class under any circumstances); after this CL we're undershooting (allow
referring to any class from inside a method).

Implementing the correct checks (allow referring only if the class declarations
are in a consecutive block and if there's no dependency cycle) will be
implemented as a follow up.

BUG=v8:3956
LOG=N

Review URL: https://codereview.chromium.org/1087543004

Cr-Commit-Position: refs/heads/master@{#27888}
2015-04-16 14:12:52 +00:00
conradw
d8bccfe974 [strong] Implement static restrictions on switch statement
Implements the strong mode proposal's restrictions on the syntax of the
switch statement. Also fixes a minor bug with empty statements in strong
mode and improves StrongUndefinedArrow parser synch tests.

BUG=v8:3956
LOG=N

Review URL: https://codereview.chromium.org/1084983002

Cr-Commit-Position: refs/heads/master@{#27885}
2015-04-16 13:29:20 +00:00
mstarzinger
54cb7b6ea3 Disable more failing tests after f3338dd3b0.
TBR=jkummerow@chromium.org
TEST=mjsunit/debug-ignore-breakpoints
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1087673003

Cr-Commit-Position: refs/heads/master@{#27881}
2015-04-16 12:46:28 +00:00
yangguo
d3b788df0a Migrate error messages, part 2.
Motivation for this is reducing the size of the native context.

Review URL: https://codereview.chromium.org/1086313003

Cr-Commit-Position: refs/heads/master@{#27878}
2015-04-16 11:34:47 +00:00
adamk
b054ff4620 Revert "Add basic crankshaft support for slow-mode for-in to avoid disabling optimizations"
This reverts commit 8c98cc074e
because it causes flaky failures in the dromaeo.jslibeventprototype
benchmark on Linux/Windows and consistent failures on Android.

Also reverts the followup "Remove kForInStatementIsNotFastCase bailout reason"
(commit ba24e67696) to avoid breaking the build.

BUG=chromium:476592
TBR=verwaest@chromium.org
LOG=y

Review URL: https://codereview.chromium.org/1066663005

Cr-Commit-Position: refs/heads/master@{#27859}
2015-04-15 21:28:22 +00:00
mvstanton
13459c1ae3 Array() in optimized code can create with wrong ElementsKind in corner cases.
Calling new Array(JSObject::kInitialMaxFastElementArray) in optimized code
makes a stub call that bails out due to the length. Currently, the bailout
code a) doesn't have the allocation site, and b) wouldn't use it if it did
because the length is perceived to be too high.

This CL passes the allocation site to the stub call (rather than undefined),
and alters the bailout code to utilize the feedback.

BUG=

Review URL: https://codereview.chromium.org/1086873003

Cr-Commit-Position: refs/heads/master@{#27857}
2015-04-15 21:02:13 +00:00
arv
79be74364a Fix issues with name and length on poison pill function
In ES6 function name and length are configurable. However, the length
and name properties of the poison pill function must not be
configurable.

BUG=v8:4011
LOG=N
R=adamk@chromium.org, rossberg@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1061393002

Cr-Commit-Position: refs/heads/master@{#27855}
2015-04-15 17:15:26 +00:00
erikcorry
e0be05036f Reduce regexp compiler stack size when not optimizing regexps
R=jkummerow@chromium.org
BUG=chromium:475705
LOG=y

Review URL: https://codereview.chromium.org/1082763002

Cr-Commit-Position: refs/heads/master@{#27851}
2015-04-15 15:15:52 +00:00
mstarzinger
b807d112d7 [turbofan] Fix ForInStatement that deopts during filter.
This adds a missing bailout id to a ForInStatement for when retrieving
and filtering a property name deoptimizes. This can happen with proxies
that have a getPropertyDescriptor trap.

R=jarin@chromium.org
TEST=mjsunit/for-in-opt

Review URL: https://codereview.chromium.org/1086083002

Cr-Commit-Position: refs/heads/master@{#27846}
2015-04-15 13:12:05 +00:00
ulan
68a7773e0f Correctly handle clearing of deprecated field types.
BUG=v8:4027
LOG=NO

Review URL: https://codereview.chromium.org/1086063003

Cr-Commit-Position: refs/heads/master@{#27837}
2015-04-15 09:55:33 +00:00
jkummerow
2ff768b206 Put --noalways-opt flag back into regress-crbug-245480
This is a partial revert of 3eb277f270.

R=machenbach@chromium.org
NOTRY=true

Review URL: https://codereview.chromium.org/1087183002

Cr-Commit-Position: refs/heads/master@{#27835}
2015-04-15 09:31:39 +00:00
jkummerow
3eb277f270 %GetOptimizationStatus(): Unconditionally return a sentinel when --always-opt is present
Review URL: https://codereview.chromium.org/1086923002

Cr-Commit-Position: refs/heads/master@{#27822}
2015-04-14 14:57:48 +00:00
mvstanton
2ebb794b4f VectorICs: recreate feedback vector if scoping changes on recompile.
BUG=476488
LOG=N
R=jarin@chromium.org

Review URL: https://codereview.chromium.org/1080253003

Cr-Commit-Position: refs/heads/master@{#27817}
2015-04-14 12:31:31 +00:00
yangguo
2c01bd34b0 Fix Math.log10 implementation for 1 - Number.EPSILON.
R=svenpanne@chromium.org
BUG=v8:4025
LOG=N

Review URL: https://codereview.chromium.org/1084853002

Cr-Commit-Position: refs/heads/master@{#27815}
2015-04-14 11:56:02 +00:00
dslomov
3c5218f6fa Add a test for subclass maps.
R=arv@chromium.org

Review URL: https://codereview.chromium.org/1052963002

Cr-Commit-Position: refs/heads/master@{#27812}
2015-04-14 09:59:02 +00:00
dslomov
219f4a9eb4 Avoid modifying the real context chain for debug evaluation.
Instead of modifying a context chain and then modifying it back, causing
potential mismatches, we clone the inner context chain and evaluate
the expression in this cloned context. We then copy all local variable
values back if needed.

R=yangguo@chromium.org,yurys@chromium.org

Review URL: https://codereview.chromium.org/1088503003

Cr-Commit-Position: refs/heads/master@{#27809}
2015-04-14 09:07:55 +00:00
arv
186dd69b3a [es6] Fix length property of collection constructors
{Map, Set, WeakMap, WeakSet}.length should be 0.

BUG=v8:4021
LOG=N
R=adamk@chromium.org

Review URL: https://codereview.chromium.org/1073233002

Cr-Commit-Position: refs/heads/master@{#27798}
2015-04-13 18:59:39 +00:00
conradw
c983689d39 [strong] Implement static restrictions on direct eval
Does not entirely disallow the use of 'eval' as an identifier in strong mode,
as originally proposed.

BUG=v8:3956
LOG=N

Review URL: https://codereview.chromium.org/1059273004

Cr-Commit-Position: refs/heads/master@{#27796}
2015-04-13 17:25:15 +00:00
verwaest
434b456b51 Fix indirect push
BUG=chromium:388665
LOG=n

Review URL: https://codereview.chromium.org/1087463003

Cr-Commit-Position: refs/heads/master@{#27795}
2015-04-13 16:25:33 +00:00
titzer
069e6b2f5f [turbofan] Optimize loads of global constants in JSTypedLowering.
R=mstarzinger@chromium.org,verwaest@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1077343002

Cr-Commit-Position: refs/heads/master@{#27792}
2015-04-13 16:22:05 +00:00
arv
0e539d1ca9 Revert "ES6: Number and Boolean prototype should be ordinary objects"
This reverts commit e965a1f84a.

The reason is that it breaks jsfiddle.com

BUG=476437, v8:4001
LOG=N
R=rossberg@chromium.org

Review URL: https://codereview.chromium.org/1086673002

Cr-Commit-Position: refs/heads/master@{#27791}
2015-04-13 16:21:00 +00:00
vegorov
021f738127 Treat HArgumentsObject as a safe use during Uint32 analysis phase.
Deoptimization infrastructure already handles it correctly.

This change fixes repetitive deoptimizations in the code like this:

    var u32 = new Uint32Array(1);
    u32[0] = -1;

    function tr(x) { return x|0; }
    function ld() { return tr(u32[0]); }

    while (true) ld();

Currently inlined tr will contain HArgumentsObject that is considered uint32-unsafe use and prevents u32[0] from becoming uint32 load - instead a speculative int32 load is generated which just deopts.

BUG=

Review URL: https://codereview.chromium.org/1077113002

Cr-Commit-Position: refs/heads/master@{#27781}
2015-04-13 10:47:15 +00:00
ulan
2f327a5cb4 Do not inline store if field map was cleared.
BUG=v8:4023
LOG=NO

Review URL: https://codereview.chromium.org/1081033004

Cr-Commit-Position: refs/heads/master@{#27779}
2015-04-13 09:43:52 +00:00
yangguo
ea5d68a6ef Blacklist more debugger tests (fail with --always-opt).
TBR=mstarzinger@chromium.org
NOTRY=true

Review URL: https://codereview.chromium.org/1079943003

Cr-Commit-Position: refs/heads/master@{#27776}
2015-04-13 09:09:39 +00:00
mstarzinger
10dd9ce8be Make compilers agree on source position of thrown errors.
This makes the compilers agree on the source position of a message
generated by "throw new Error()", it points to the beginning of the
throw directive.

R=titzer@chromium.org
TEST=message/regress/regress-3995
BUG=v8:3995
LOG=N

Review URL: https://codereview.chromium.org/1049703002

Cr-Commit-Position: refs/heads/master@{#27775}
2015-04-13 09:02:48 +00:00
ben
80b7a962b2 Use correct property descriptor in generators test
BUG=

Review URL: https://codereview.chromium.org/1077413002

Cr-Commit-Position: refs/heads/master@{#27771}
2015-04-12 21:18:31 +00:00
mike
0a4881600d Correct property descriptors on GeneratorPrototype
The ES6 specification does not explicitly state the attributes for the
'next' and 'throw' property descriptors, so their values are defined by
Section 17 [1]:

> Every other data property described in clauses 18 through 26 and in
> Annex B.2 has the attributes
> { [[Writable]]: true, [[Enumerable]]: false, [[Configurable]]: true }
> unless otherwise specified.

[1]
https://people.mozilla.org/~jorendorff/es6-draft.html#sec-ecmascript-standard-built-in-objects

BUG=v8:3986
LOG=N
R=wingo,arv

Review URL: https://codereview.chromium.org/1051363003

Cr-Commit-Position: refs/heads/master@{#27770}
2015-04-11 21:14:20 +00:00
conradw
3d5717a71b [strong] Implement static restrictions on binding 'undefined' in arrow functions
Implements the strong mode proposal's static restrictions on the use of the
identifier 'undefined', for arrow functions. Assumes these restrictions are
intended to be identical to the restrictions on the use of 'eval and 'arguments'
in strict mode. In addition, Location variables inconsistantly named (e.g.
dupe_error_loc vs dupe_loc) are now consistently named the shorter way.

Baseline: https://codereview.chromium.org/1070633002

BUG=v8:3956
LOG=N

Review URL: https://codereview.chromium.org/1060883004

Cr-Commit-Position: refs/heads/master@{#27756}
2015-04-10 18:27:05 +00:00
verwaest
8c98cc074e Add basic crankshaft support for slow-mode for-in to avoid disabling optimizations
BUG=

Review URL: https://codereview.chromium.org/1075933003

Cr-Commit-Position: refs/heads/master@{#27748}
2015-04-10 13:15:31 +00:00
titzer
dee044d601 Add more exhaustive tests for Math.min and Math.max.
R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1078073002

Cr-Commit-Position: refs/heads/master@{#27747}
2015-04-10 12:35:16 +00:00
conradw
8ef7159582 [strong] Implement static restrictions on binding/assignment to 'undefined'
identifier. Delete unused (and now incorrect) function IsValidStrictVariable.

Implements the strong mode proposal's static restrictions on the use of the
identifier 'undefined'. Assumes these restrictions are intended to be identical
to the restrictions on the use of 'eval' and 'arguments' in strict mode. The
AllowEvalOrArgumentsAsIdentifier enum has been renamed to
AllowRestrictedIdentifiers as logic involving it is now also used for this case.

BUG=v8:3956

LOG=N

Review URL: https://codereview.chromium.org/1070633002

Cr-Commit-Position: refs/heads/master@{#27744}
2015-04-10 12:04:55 +00:00
bmeurer
35f6c0fdbf [turbofan] Optimize silent hole checks on legacy const context slots.
Currently we always generate a diamond in the graph builder for every
legacy const context slot, which we cannot get rid of until late control
reduction, even if we know after context specialization that the slot is
already initialized.

Now we generate a select instead, which the CommonOperatorReducer
happily removes during typed lowering. This greatly speeds up asm.js
code generated by Emscripten with the new POINTER_MASKING mode.

R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1072353002

Cr-Commit-Position: refs/heads/master@{#27739}
2015-04-10 10:28:12 +00:00
caitpotter88
9836c34dba [es6] do not add caller/arguments to ES6 function definitions
BUG=v8:3946, v8:3982
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
LOG=N
R=arv@chromium.org, rossberg@chromium.org

Review URL: https://codereview.chromium.org/1027283004

Cr-Commit-Position: refs/heads/master@{#27729}
2015-04-09 22:40:28 +00:00
caitpotter88
48eff34c32 [es6] don't "replace" Object.prototype.toString for --harmony-tostring
When ObjectToString is installed on Object.prototype twice (once in v8natives.js, and once in harmony-tostring.js), this pollutes old code spaces on some devices. To prevent this, the function is only installed once, preventing test failures when the --harmony-tostring flag is flipped on by default.

BUG=v8:3502
LOG=N
R=arv@chromium.org

Review URL: https://codereview.chromium.org/1072083002

Cr-Commit-Position: refs/heads/master@{#27720}
2015-04-09 20:53:46 +00:00
mstarzinger
96ef78aa0b [turbofan] Fix FrameInspector when deoptimizer is disabled.
This is a workaround to make the debugger happy about TurboFan frames
when the debugger causes frame inspection. Note that this can happen
because the debugger can be activated while there still are optimized
TurboFan activations on the stack.

R=ishell@chromium.org
BUG=chromium:465298
TEST=mjsunit/regress/regress-crbug-465298
LOG=N

Review URL: https://codereview.chromium.org/1074793003

Cr-Commit-Position: refs/heads/master@{#27717}
2015-04-09 19:40:49 +00:00
arv
635b5fea98 Lexical arguments for arrow functions
Only allocate 'arguments' if the scope is not an arrow scope.

BUG=v8:2700
LOG=N
R=adamk@chromium.org, wingo@igalia.cmo

Review URL: https://codereview.chromium.org/1078483002

Cr-Commit-Position: refs/heads/master@{#27716}
2015-04-09 19:39:38 +00:00
caitpotter88
74c381221c [es6] implement spread calls
BUG=v8:3018
R=
LOG=N

Review URL: https://codereview.chromium.org/938443002

Cr-Commit-Position: refs/heads/master@{#27714}
2015-04-09 19:37:19 +00:00
Adam Klein
9164e0b62c Skip another debug test that fails in always-opt/turbofan
TBR=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/1072143002

Cr-Commit-Position: refs/heads/master@{#27710}
2015-04-09 17:46:14 +00:00
yangguo
fd8d0d1419 Blacklist tests due to optimizing toplevel with --always-opt.
Those two tests fail in gc-stress and custom snapshot (embedding mjsunit.js).
This is likely due to different GC timing with the custom snapshot.

R=mstarzinger@chromium.org
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1078653002

Cr-Commit-Position: refs/heads/master@{#27688}
2015-04-09 08:47:34 +00:00
mstarzinger
dd3067a787 Disable more failing tests after f3338dd3b0.
TBR=machenbach@chromium.org
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1075813002

Cr-Commit-Position: refs/heads/master@{#27687}
2015-04-09 08:21:45 +00:00
arv
e965a1f84a ES6: Number and Boolean prototype should be ordinary objects
BUG=v8:4001
LOG=N
R=adamk@chromium.org, rossberg@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1051373002

Cr-Commit-Position: refs/heads/master@{#27680}
2015-04-08 21:18:40 +00:00
mstarzinger
4b5bf1e33c Disable more failing tests after f3338dd3b0.
TBR=machenbach@chromium.org
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1070843002

Cr-Commit-Position: refs/heads/master@{#27675}
2015-04-08 17:28:58 +00:00
mvstanton
af293729ad Tests that carefully checks opt/deopt status shouldn't --always-opt.
If we optimize a function before gathering feedback it may be
peppered with soft deoptimizations. So it can't help but deoptimize.
A judicious reading of the code isn't enough to determine what the
optimization state should be in the face of such chaotic gyrations.

BUG=
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/1069363003

Cr-Commit-Position: refs/heads/master@{#27671}
2015-04-08 15:56:01 +00:00
mstarzinger
515e483dd0 Disable more failing tests after f3338dd3b0.
TBR=machenbach@chromium.org
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1067413002

Cr-Commit-Position: refs/heads/master@{#27670}
2015-04-08 14:16:58 +00:00
titzer
1b400a14cb Add more systematic tests for comparisons.
Because, well, JavaScript is tricky and compilers like folding.

R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1069673002

Cr-Commit-Position: refs/heads/master@{#27668}
2015-04-08 13:15:41 +00:00
titzer
a511c78999 Fix maybe_string_add for adds that have no type feedback where --always-opt is on.
R=mstarzinger@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1071473003

Cr-Commit-Position: refs/heads/master@{#27667}
2015-04-08 13:14:30 +00:00
yangguo
3a4d073f1d Create result array of %DebugGetLoadedScripts outside the debug context.
R=jarin@chromium.org
BUG=chromium:474297
LOG=N

Review URL: https://codereview.chromium.org/1062143002

Cr-Commit-Position: refs/heads/master@{#27659}
2015-04-08 11:15:02 +00:00
yangguo
5db360dd56 Blacklist failing test on arm64 (issue 4016).
TBR=jkummerow@chromium.org
BUG=v8:4016
LOG=N

Review URL: https://codereview.chromium.org/1071513002

Cr-Commit-Position: refs/heads/master@{#27656}
2015-04-08 11:11:37 +00:00
mstarzinger
ad94e145c3 Disable more failing tests after f3338dd3b0.
TBR=yangguo@chromium.org
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1072433002

Cr-Commit-Position: refs/heads/master@{#27655}
2015-04-08 10:35:16 +00:00
mstarzinger
0716bc3f76 Disable more failing tests after f3338dd3b0.
TBR=yangguo@chromium.org
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1067353002

Cr-Commit-Position: refs/heads/master@{#27652}
2015-04-08 09:51:18 +00:00
mstarzinger
52f1f1458e Disable failing test after f3338dd3b0.
R=yangguo@chromium.org
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1070663002

Cr-Commit-Position: refs/heads/master@{#27651}
2015-04-08 09:25:01 +00:00
adamk
74ef072148 Disable another debug test under turbo always-opt
TBR=mstarzinger@chromium.org
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1064133002

Cr-Commit-Position: refs/heads/master@{#27642}
2015-04-07 20:10:31 +00:00
mstarzinger
77e6efd870 Disabled failing tests after 2d281e71ac.
R=titzer@chromium.org
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/1065983002

Cr-Commit-Position: refs/heads/master@{#27636}
2015-04-07 17:06:22 +00:00
mstarzinger
2d281e71ac Make --always-opt also optimize top-level code.
This enables eager optimization of top-level code with TurboFan and
extends test coverage by triggering it with the --always-opt flag.
Script contexts are now also properly allocated in TurboFan.

R=titzer@chromium.org

Review URL: https://codereview.chromium.org/1053063003

Cr-Commit-Position: refs/heads/master@{#27633}
2015-04-07 15:44:23 +00:00
jkummerow
90cbede588 Move prototype metadata from internal properties to prototype maps
The motivation is that we prefer to avoid creating internal properties, and we have a usable field on maps ("transitions", which is not used for prototype maps).
This CL also ensures the invariant that prototype maps are never shared, even if they are in dictionary mode.

Review URL: https://codereview.chromium.org/1033653002

Cr-Commit-Position: refs/heads/master@{#27617}
2015-04-07 10:42:57 +00:00
yangguo
c67cb287a9 Always update raw pointers when handling interrupts inside RegExp code.
R=mstarzinger@chromium.org
BUG=chromium:469480
LOG=N

Review URL: https://codereview.chromium.org/1034173002

Cr-Commit-Position: refs/heads/master@{#27615}
2015-04-07 09:44:57 +00:00
jkummerow
146598f44a JSEntryTrampoline: check for stack space before pushing arguments
Optimistically pushing a lot of arguments can run into the stack limit of the process, at least on operating systems where this limit is close to the limit that V8 sets for itself.

BUG=chromium:469768
LOG=y

Review URL: https://codereview.chromium.org/1056913003

Cr-Commit-Position: refs/heads/master@{#27614}
2015-04-07 09:13:44 +00:00
mike
3b624a1796 Re-implement %Generator% intrinsic as an object
From ES6 25.2.3 ("Properties of the GeneratorFunction Prototype
Object"):

> The GeneratorFunction prototype object is an ordinary object. It is
> not a function object and does not have an [[ECMAScriptCode]] internal
> slot or any other of the internal slots listed in Table 27 or Table
> 56.

Introduce one assertion for the value's type and additional tests for its
properties. Remove an invalid assertion that fails as a result of this
fix.

BUG=v8:3991
LOG=N

Review URL: https://codereview.chromium.org/1062633002

Cr-Commit-Position: refs/heads/master@{#27603}
2015-04-06 21:04:51 +00:00
arv
18cb17c924 ES6: Error functions should extend Error
The /NativeError/ functions should have Error as their [[Prototype]].

http://people.mozilla.org/~jorendorff/es6-draft.html#sec-properties-of-the-nativeerror-constructors

BUG=v8:3998
LOG=N
R=adamk, dslomov@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1049323003

Cr-Commit-Position: refs/heads/master@{#27572}
2015-04-01 17:29:59 +00:00
erikcorry
5a93a3304c Reland: Fix JSON parser Handle leak (previous CL 1041483004)
R=mstarzinger@chromium.org
BUG=v8:3976
BUG=472504
LOG=y

Review URL: https://codereview.chromium.org/1051833002

Cr-Commit-Position: refs/heads/master@{#27571}
2015-04-01 16:58:47 +00:00
arv
4374941837 [es6] Object.getOwnPropertyDescriptor should wrap primitives
In ES6 Object.getOwnPropertyDescriptor should call ToObject, which
means that primitive values will return descriptors from the wrapper.

BUG=v8:3964
LOG=N
R=adamk, rossberg@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/998163004

Cr-Commit-Position: refs/heads/master@{#27569}
2015-04-01 15:45:08 +00:00
mike
30ea626886 Remove invalid assertion
The removed assertion consistently passes not because the invoked
`close` method internally throws a `TypeError` but because the `close`
method does not exist. The ES6 specification does not define a `close`
method on the GeneratorPrototype, so this test is a tautology.

BUG=None
LOG=N
R=arv

Review URL: https://codereview.chromium.org/1046963002

Cr-Commit-Position: refs/heads/master@{#27567}
2015-04-01 15:22:19 +00:00
mike
3badfdcd50 Re-write duplicated assertions
The modified assertions targeted the property descriptor for the
template object's first "cooked" value. The code immediately preceeding
these statements asserts these values.

Update the assertions to instead target the property descriptor for the
template object's first "raw" value (which are otherwise untested).

BUG=

Review URL: https://codereview.chromium.org/1049523003

Cr-Commit-Position: refs/heads/master@{#27566}
2015-04-01 15:13:21 +00:00
kozyatinskiy
66d5519f7e Revert of Correctly compute line numbers in functions from the function constructor. (patchset #5 id:80001 of https://codereview.chromium.org/701093003/)
Reason for revert:
Locations from New Function are broken in DevTools.

Original issue's description:
> Correctly compute line numbers in functions from the function constructor.
>
> R=aandrey@chromium.org
> BUG=chromium:109362
> LOG=Y
>
> Committed: https://code.google.com/p/v8/source/detail?r=25289

TBR=aandrey@chromium.org,yangguo@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:109362
LOG=Y

Review URL: https://codereview.chromium.org/1053563002

Cr-Commit-Position: refs/heads/master@{#27564}
2015-04-01 10:11:26 +00:00
erikcorry
77dd1f347d Revert of Fix JSON parser Handle leak (patchset #3 id:40001 of https://codereview.chromium.org/1041483004/)
Reason for revert:
Reverting due to JSOn parser failures

Original issue's description:
> Fix JSON parser Handle leak
>
> R=verwaest@chromium.org
> BUG=v8:3976
> LOG=y
>
> Committed: https://crrev.com/1ec850383bb82f6d8bebc7416e5f50b649d1eeaa
> Cr-Commit-Position: refs/heads/master@{#27512}

TBR=verwaest@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3976

Review URL: https://codereview.chromium.org/1052593002

Cr-Commit-Position: refs/heads/master@{#27562}
2015-04-01 09:23:02 +00:00
arv
d4a314f9dc [es6] Object.getPrototypeOf should work with values
This reverts commit 992751d0dc.

The final spec for Object.getPrototypeOf calls ToObject on the
parameter, which means that it should only throw for null and
undefined. For other non object values the prototype of the wrapper
should be used.

Difference from last time: Updated .status and will disable Blink
side tests as needed.

BUG=v8:3964
LOG=N
R=adamk, rossberg@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/1051523003

Cr-Commit-Position: refs/heads/master@{#27558}
2015-04-01 00:22:39 +00:00
arv
bb21979adf ES6: Unscopable should use ToBoolean
The spec settled on ToBoolean instead of only using not undefined.

BUG=v8:3827
LOG=N
R=adamk

Review URL: https://codereview.chromium.org/1045113002

Cr-Commit-Position: refs/heads/master@{#27548}
2015-03-31 15:14:20 +00:00
arv
a373b089e9 Remove --harmony-numeric-literal flag
We have been shipping harmony numeric literals since M41

R=rossberg@chromium.org
LOG=Y

Review URL: https://codereview.chromium.org/1024603002

Cr-Commit-Position: refs/heads/master@{#27545}
2015-03-31 14:24:30 +00:00
ishell
3cb9f132ba Layout descriptor must be trimmed when corresponding descriptors array is trimmed to stay in sync.
BUG=chromium:470804
LOG=Y

Review URL: https://codereview.chromium.org/1033273005

Cr-Commit-Position: refs/heads/master@{#27528}
2015-03-30 17:03:50 +00:00
mstarzinger
6c19c79f59 [turbofan] Fix test of %_MathClz32 intrinsic.
This test will fail once we optimize top-level code, because the
aforementioned intrinsic doesn't perform a NumberToUint32 conversion.

R=titzer@chromium.org
TEST=mjsunit/asm/math-clz32

Review URL: https://codereview.chromium.org/1041173002

Cr-Commit-Position: refs/heads/master@{#27524}
2015-03-30 15:10:39 +00:00
verwaest
87eef73234 Fix speedup of typedarray-length loading in the ICs as well as Crankshaft
BUG=

Review URL: https://codereview.chromium.org/1034393002

Cr-Commit-Position: refs/heads/master@{#27519}
2015-03-30 11:50:23 +00:00
dcarney
97981d9413 fix special index parsing
R=verwaest@chromium.org,dslomov@chromium.org

BUG=

Review URL: https://codereview.chromium.org/1038313004

Cr-Commit-Position: refs/heads/master@{#27518}
2015-03-30 11:41:15 +00:00
erikcorry
1ec850383b Fix JSON parser Handle leak
R=verwaest@chromium.org
BUG=v8:3976
LOG=y

Review URL: https://codereview.chromium.org/1041483004

Cr-Commit-Position: refs/heads/master@{#27512}
2015-03-30 09:55:30 +00:00
mvstanton
7c347c545e Ensure object literal element boilerplates aren't modified.
A bug allows JSObject literals with elements to have the elements in the
boilerplate modified.

BUG=466993
LOG=N

Review URL: https://codereview.chromium.org/1037273002

Cr-Commit-Position: refs/heads/master@{#27511}
2015-03-30 09:20:09 +00:00
dslomov
15ef61d468 Make sure debugger is ready for breakpoins when we process 'debugger' statement.
On 'debugger' statement, if anything in debugger calls 'EnsureDebugInfo'
on a function, EnsureDebugInfo would compile and substitute code without
debug break slots. This causes weird behavior later when stepping fails
to work (see added test as an example).
This fix is to make sure the debugger is prepared for breakpoints in
that case as well.

Also adds extra testing for bug 468661.

R=yangguo@chromium.org,yurys@chromium.orh
BUG=v8:3990,chromium:468661
LOG=N

Review URL: https://codereview.chromium.org/1032353002

Cr-Commit-Position: refs/heads/master@{#27502}
2015-03-27 18:33:17 +00:00
dcarney
d76526032f fix reconfigure of indexed integer exotic objects
R=verwaest@chromium.org
BUG=466084
LOG=N

Review URL: https://codereview.chromium.org/1037213002

Cr-Commit-Position: refs/heads/master@{#27498}
2015-03-27 10:12:55 +00:00
erikcorry
56ac39757b Disable test on deopt fuzzer that uses a little too much memory
R=ulan@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1032373002

Cr-Commit-Position: refs/heads/master@{#27485}
2015-03-26 16:53:52 +00:00
mstarzinger
fced43a686 [debugger] Make Runtime_DebugEvaluate safe for reentry.
Only one FrameInspector can be active at a time on any given stack,
this ensures that it's lifetime is sufficiently scoped.

R=yangguo@chromium.org
TEST=mjsunit/regress/regress-crbug-259300

Review URL: https://codereview.chromium.org/1034743002

Cr-Commit-Position: refs/heads/master@{#27477}
2015-03-26 12:31:02 +00:00
verwaest
accbe2216e Remove CanRetainOtherContext since embedded objects are now weak.
Instead of CanRetainOtherContext, we now manually blacklist all access-checked objects.

BUG=

Review URL: https://codereview.chromium.org/1020803004

Cr-Commit-Position: refs/heads/master@{#27473}
2015-03-26 11:22:07 +00:00
yangguo
69383d6366 Revert of Revert of Debugger: deduplicate shared function info when setting script break points. (patchset #1 id:1 of https://codereview.chromium.org/999273003/)
Reason for revert:
Reland since the failure has been fixed in https://codereview.chromium.org/1035523005/

Original issue's description:
> Revert of Debugger: deduplicate shared function info when setting script break points. (patchset #4 id:60001 of https://codereview.chromium.org/998253005/)
>
> Reason for revert:
> Code caching failures.
>
> Original issue's description:
> > Debugger: deduplicate shared function info when setting script break points.
> >
> > Also fix Debug.showBreakPoints for multiple break points at the same location.
> >
> > BUG=v8:3960
> > LOG=N
> >
> > Committed: https://crrev.com/73b17a71a22564c0b66d9aa7c00948c748f5b290
> > Cr-Commit-Position: refs/heads/master@{#27444}
>
> TBR=mstarzinger@chromium.org
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:3960
>
> Committed: https://crrev.com/9b29d008dfcc00bf56be8040add1d2c5e404673b
> Cr-Commit-Position: refs/heads/master@{#27448}

TBR=mstarzinger@chromium.org
BUG=v8:3960
LOG=N

Review URL: https://codereview.chromium.org/1037013002

Cr-Commit-Position: refs/heads/master@{#27472}
2015-03-26 10:43:51 +00:00
yangguo
ed9191221b Serializer: ensure unique script ids when deserializing.
R=jochen@chromium.org

Review URL: https://codereview.chromium.org/1035523005

Cr-Commit-Position: refs/heads/master@{#27471}
2015-03-26 09:50:51 +00:00
yangguo
46cc8740a9 Debugger: remove unused JS Debugger API.
R=ulan@chromium.org

Review URL: https://codereview.chromium.org/1005053004

Cr-Commit-Position: refs/heads/master@{#27464}
2015-03-26 08:15:45 +00:00
kozyatinskiy
aca928b7ad Reland [V8] Removed SourceLocationRestrict
This method uses in messages.js in GetSourceLine and GetPositionInLine. This methods uses in v8::Message API methods and there is no documentation about it.
Method looks obsolete.
One of the strange side effect is shown by attached issue.

BUG=chromium:468781
TBR=yangguo@chromium.org
LOG=Y

Review URL: https://codereview.chromium.org/1033973002

Cr-Commit-Position: refs/heads/master@{#27458}
2015-03-25 23:11:12 +00:00